From 1c5300a6f46eeb07cddacdad9eb3712da3fc89b0 Mon Sep 17 00:00:00 2001 From: Joders Date: Thu, 29 Jan 2026 21:25:48 +0000 Subject: [PATCH] Updated README with steps to fix current issue SWAOS --- README.md | 188 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 146 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index e817ba1..dc2e020 100644 --- a/README.md +++ b/README.md @@ -1,43 +1,147 @@ -Here is dummy ai explanation for you my friend + ### QUICK EXPLANATION -## Stack -* Backend: Node + Fastify + Prisma (Postgres) -* Frontend: React + Vite -* Scheduler: separate worker container (cron tasks) -* Reverse proxy (prod) -* Default: Nginx (skymoneybudget.com.conf) -* Alternative: Caddy (Caddyfile.prod) -* API is under /api path -* Web is static from /var/www/skymoney/dist -* HTTPS + HSTS already configured in the prod config - ### Required env vars (production) -* DATABASE_URL -* JWT_SECRET (32+ chars) -* COOKIE_SECRET (32+ chars) -* CORS_ORIGIN (set to https://skymoneybudget.com) -* Optional: COOKIE_DOMAIN=skymoneybudget.com -* Cookies + Security -* HttpOnly + Secure in prod -* CSRF protection required for non‑GET -### Other Features -* /auth/logout requires CSRF now -* Mutation endpoints rate‑limited -* Cron jobs -* rollover worker (6 AM user time) -* auto‑payment worker (9 AM user time) -* Jobs run every 15 minutes and only process users whose local time has reached the threshold -* DB / Prisma -* Postgres required -* Prisma migrations must be applied before running -* The app blocks default secrets in prod -* Build + deploy -* web/ builds to web/dist -* API runs on port 8080 internally (exposed as 8081 in compose) -* Nginx proxies /api to 127.0.0.1:8081 -* Logs -* Prod logs are limited (PII reduced) -* Key logging: job success/failure counts -* Backups -* Scripts exist: backup.sh, restore.sh -* Restore requires admin DB privileges (created DB) -* Optional but recommended to test once (tested, backup worked restore failed) +In order for the system to properly function with all background workers, the deployment needs to be transferred to docker compose. This file explains the proccess. I do not have access to the VPS so I figured I would create a guide. + +- The reason the session is not working currently is because the API runs within docker compose and all the workers can not function (auth for example). + + + # Deploy via Docker (Gitea Actions) + +This document lists the changes needed to switch your deployment to **Docker Compose** so all services (api, web, scheduler, postgres, etc.) start automatically on deploy. + +--- + +## 1) Replace the deploy workflow steps + +Update `.gitea/workflows/deploy.yml` so it: + +- Pulls the repo on the VPS (or uses the runner workspace) +- Builds and starts containers with Docker Compose +- Runs migrations inside the running API container +- Reloads Nginx (or Caddy) + +**Recommended deploy.yml (Docker-based):** + +```yaml +name: Deploy + +on: + push: + branches: [main] + +jobs: + deploy: + runs-on: vps-host + steps: + - uses: actions/checkout@v4 + + - name: Deploy with Docker Compose + run: | + # Adjust to your deployment directory + APP_DIR=/opt/skymoney + mkdir -p $APP_DIR + + # Sync repo contents to server folder + rsync -a --delete ./ $APP_DIR/ + + cd $APP_DIR + + # Build + start all services + docker compose up -d --build + + # Run Prisma migrations inside API container + docker compose exec -T api npx prisma migrate deploy + + - name: Reload Nginx + run: sudo systemctl reload nginx +``` + +> If you use Caddy instead of Nginx, replace the reload step accordingly. + +--- + +## 2) Ensure docker-compose.yml is production-safe + +Double‑check these: + +- The API service exposes the correct port +- The web service is either served by Nginx (static build) or a container +- Scheduler/worker services are included + +Example pattern: + +```yaml +services: + api: + build: ./api + env_file: + - ./.env + ports: + - "8080:8080" + + scheduler: + build: ./api + command: node dist/worker/rollover.js + env_file: + - ./.env + + web: + build: ./web + # or copy build output to nginx +``` + +--- + +## 3) Update Nginx upstream + +Make sure your proxy matches the API port: + +``` +location /api/ { + proxy_pass http://127.0.0.1:8080/; +} +``` + +--- + +## 4) Add Docker/Compose to VPS if missing + +```bash +sudo apt update +sudo apt install -y docker.io docker-compose-plugin +sudo systemctl enable --now docker +``` + +--- + +## 5) Update environment files + +Your `.env` should exist at `/opt/skymoney/.env` and contain: + +- DATABASE_URL +- JWT_SECRET (>=32 chars) +- COOKIE_SECRET (>=32 chars) +- CORS_ORIGIN +- NODE_ENV=production + +--- + +## 6) Verify after deploy + +```bash +docker compose ps +curl -i http://127.0.0.1:8080/health +``` + +--- + +## Optional: logs + +```bash +docker compose logs -f api +docker compose logs -f scheduler +``` + +--- + +If you want, I can also adapt the deploy workflow to use **docker compose pull** + **docker compose up** without rebuilding every time, or split API/web deploys.