project-bifrost-platform

History

Arlind 6f656b7121 chore(deploy): align deploy artifacts to the target server's conventions Recon of the live box (Ubuntu 24.04 x86_64, nginx 1.24, certbot 2.9) showed established conventions from the existing fenja / bifrost-customer services. Match them so the portal looks like a first-class citizen: - service runs as the existing `fenja` user, journald logging + full hardening block (ProtectKernelModules, LockPersonality), ExecStart on /usr/bin/node (box upgraded globally to Node 22) - code in /opt/bifrost-portal, in-dir .env (EnvironmentFile), data under the shared /opt/fenja/data/bifrost-portal (ReadWritePaths) - nginx: 1.24 `listen ... ssl http2` syntax, certbot options-ssl-nginx + dhparam includes, server_tokens off, sites-available/bifrost-portal (no .conf) symlinked; 12m body size for photo uploads; port 4322 (free) - deploy.sh / backup.sh point at the new paths - DEPLOY.md rewritten as a server-specific runbook incl. the global Node 22 upgrade + retest of the existing apps, and pnpm via corepack Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-17 13:16:57 +02:00
..
nginx	chore(deploy): align deploy artifacts to the target server's conventions	2026-06-17 13:16:57 +02:00
bifrost-portal.service	chore(deploy): align deploy artifacts to the target server's conventions	2026-06-17 13:16:57 +02:00

Arlind 6f656b7121 chore(deploy): align deploy artifacts to the target server's conventions

Recon of the live box (Ubuntu 24.04 x86_64, nginx 1.24, certbot 2.9)
showed established conventions from the existing fenja / bifrost-customer
services. Match them so the portal looks like a first-class citizen:

- service runs as the existing `fenja` user, journald logging + full
  hardening block (ProtectKernelModules, LockPersonality), ExecStart on
  /usr/bin/node (box upgraded globally to Node 22)
- code in /opt/bifrost-portal, in-dir .env (EnvironmentFile), data under
  the shared /opt/fenja/data/bifrost-portal (ReadWritePaths)
- nginx: 1.24 `listen ... ssl http2` syntax, certbot options-ssl-nginx +
  dhparam includes, server_tokens off, sites-available/bifrost-portal (no
  .conf) symlinked; 12m body size for photo uploads; port 4322 (free)
- deploy.sh / backup.sh point at the new paths
- DEPLOY.md rewritten as a server-specific runbook incl. the global Node 22
  upgrade + retest of the existing apps, and pnpm via corepack

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-17 13:16:57 +02:00

nginx

chore(deploy): align deploy artifacts to the target server's conventions

2026-06-17 13:16:57 +02:00

bifrost-portal.service

chore(deploy): align deploy artifacts to the target server's conventions

2026-06-17 13:16:57 +02:00