Updated README with steps to fix current issue

SWAOS
2026-01-29 21:25:48 +00:00
parent bd16f55f2e
commit 1c5300a6f4
1 changed files with 146 additions and 42 deletions
--- a/README.md
+++ b/README.md
@@ -1,43 +1,147 @@
-Here is dummy ai explanation for you my friend
+ ### QUICK EXPLANATION
-## Stack
+In order for the system to properly function with all background workers, the deployment needs to be transferred to docker compose. This file explains the proccess. I do not have access to the VPS so I figured I would create a guide. 
-* Backend: Node + Fastify + Prisma (Postgres)
+
-* Frontend: React + Vite
+- The reason the session is not working currently is because the API runs within docker compose and all the workers can not function (auth for example). 
-* Scheduler: separate worker container (cron tasks)
+ 
-* Reverse proxy (prod)
+ 
-* Default: Nginx (skymoneybudget.com.conf)
+ # Deploy via Docker (Gitea Actions)
-* Alternative: Caddy (Caddyfile.prod)
+
-* API is under /api path
+This document lists the changes needed to switch your deployment to **Docker Compose** so all services (api, web, scheduler, postgres, etc.) start automatically on deploy.
-* Web is static from /var/www/skymoney/dist
+
-* HTTPS + HSTS already configured in the prod config
+---
- ### Required env vars (production)
+
-* DATABASE_URL
+## 1) Replace the deploy workflow steps
-* JWT_SECRET (32+ chars)
+
-* COOKIE_SECRET (32+ chars)
+Update `.gitea/workflows/deploy.yml` so it:
-* CORS_ORIGIN (set to https://skymoneybudget.com)
+
-* Optional: COOKIE_DOMAIN=skymoneybudget.com
+- Pulls the repo on the VPS (or uses the runner workspace)
-* Cookies + Security
+- Builds and starts containers with Docker Compose
-* HttpOnly + Secure in prod
+- Runs migrations inside the running API container
-* CSRF protection required for non‑GET
+- Reloads Nginx (or Caddy)
-### Other Features
+
-* /auth/logout requires CSRF now
+**Recommended deploy.yml (Docker-based):**
-* Mutation endpoints rate‑limited
+
-* Cron jobs
+```yaml
-* rollover worker (6 AM user time)
+name: Deploy
-* auto‑payment worker (9 AM user time)
+
-* Jobs run every 15 minutes and only process users whose local time has reached the threshold
+on:
-* DB / Prisma
+  push:
-* Postgres required
+    branches: [main]
-* Prisma migrations must be applied before running
+
-* The app blocks default secrets in prod
+jobs:
-* Build + deploy
+  deploy:
-* web/ builds to web/dist
+    runs-on: vps-host
-* API runs on port 8080 internally (exposed as 8081 in compose)
+    steps:
-* Nginx proxies /api to 127.0.0.1:8081
+      - uses: actions/checkout@v4
-* Logs
+
-* Prod logs are limited (PII reduced)
+      - name: Deploy with Docker Compose
-* Key logging: job success/failure counts
+        run: |
-* Backups
+          # Adjust to your deployment directory
-* Scripts exist: backup.sh, restore.sh
+          APP_DIR=/opt/skymoney
-* Restore requires admin DB privileges (created DB)
+          mkdir -p $APP_DIR
-* Optional but recommended to test once (tested, backup worked restore failed)
+
          # Sync repo contents to server folder
          rsync -a --delete ./ $APP_DIR/
          cd $APP_DIR
          # Build + start all services
          docker compose up -d --build
          # Run Prisma migrations inside API container
          docker compose exec -T api npx prisma migrate deploy
      - name: Reload Nginx
        run: sudo systemctl reload nginx
 ```
 > If you use Caddy instead of Nginx, replace the reload step accordingly.
 ---
 ## 2) Ensure docker-compose.yml is production-safe
 Double‑check these:
 - The API service exposes the correct port
 - The web service is either served by Nginx (static build) or a container
 - Scheduler/worker services are included
 Example pattern:
 ```yaml
 services:
  api:
    build: ./api
    env_file:
      - ./.env
    ports:
      - "8080:8080"
  scheduler:
    build: ./api
    command: node dist/worker/rollover.js
    env_file:
      - ./.env
  web:
    build: ./web
    # or copy build output to nginx
 ```
 ---
 ## 3) Update Nginx upstream
 Make sure your proxy matches the API port:
 ```
 location /api/ {
  proxy_pass http://127.0.0.1:8080/;
 }
 ```
 ---
 ## 4) Add Docker/Compose to VPS if missing
 ```bash
 sudo apt update
 sudo apt install -y docker.io docker-compose-plugin
 sudo systemctl enable --now docker
 ```
 ---
 ## 5) Update environment files
 Your `.env` should exist at `/opt/skymoney/.env` and contain:
 - DATABASE_URL
 - JWT_SECRET (>=32 chars)
 - COOKIE_SECRET (>=32 chars)
 - CORS_ORIGIN
 - NODE_ENV=production
 ---
 ## 6) Verify after deploy
 ```bash
 docker compose ps
 curl -i http://127.0.0.1:8080/health
 ```
 ---
 ## Optional: logs
 ```bash
 docker compose logs -f api
 docker compose logs -f scheduler
 ```
 ---
 If you want, I can also adapt the deploy workflow to use **docker compose pull** + **docker compose up** without rebuilding every time, or split API/web deploys.