joh/project-bifrost-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
project-bifrost-platform/.env.production.example
Arlind 819f8fa91c feat(deploy): nginx reverse-proxy deploy setup for bifrost-portal.fenja.ai 
Run the Astro Node standalone server as a hardened systemd service on
127.0.0.1:4322, behind the existing nginx which terminates TLS and proxies
the bifrost-portal.fenja.ai hostname. Coexists with the other Fenja site;
its config is untouched.

- deploy/bifrost-portal.service: systemd unit (bifrost user, EnvironmentFile,
  ProtectSystem, ReadWritePaths to the data dir only)
- deploy/nginx/bifrost-portal.fenja.ai.conf: HTTP->HTTPS + proxy site block
- .env.production.example: prod env vars (secret, db path, uploads, host/port)
- scripts/deploy.sh: server-side pull -> install (rebuild native dep) ->
  build -> migrate -> restart; persistent data untouched
- scripts/backup.sh: nightly online .backup, 30-day retention
- DEPLOY.md: full runbook (port check, DNS, provision, TLS, backups, rollback)

Persistent data (db, uploads, backups) lives in /var/lib/bifrost-portal,
outside the /opt/bifrost-portal build dir, so redeploys never wipe it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 12:54:35 +02:00

24 lines
1 KiB
Text
Raw Blame History

# Production environment for bifrost-portal.fenja.ai
# Copy to the EnvironmentFile path referenced by the systemd unit
# (default: /etc/bifrost-portal.env) and fill in real values. Keep it
# chmod 600, owned by the service user. NEVER commit the real file.
# Long random string used to sign sessions and invite tokens.
# Generate with: openssl rand -hex 32
BIFROST_SECRET=change-me-openssl-rand-hex-32
# Absolute path to the SQLite database. Lives OUTSIDE the deploy dir so
# redeploys never touch it. Honored by src/lib/db.ts and scripts/migrate.js.
BIFROST_DB_PATH=/var/lib/bifrost-portal/bifrost.db
# Absolute path to the runtime uploads dir (event photos). Also outside the
# deploy dir. Honored by src/lib/uploads.ts.
BIFROST_UPLOAD_DIR=/var/lib/bifrost-portal/uploads
# Bind address + port for the Node standalone server. Loopback only — nginx
# is the only thing that should reach it. 4321 is the dev port; 4322 keeps
# us clear of it. Verify nothing else on the box uses 4322 (see DEPLOY.md).
HOST=127.0.0.1
PORT=4322
NODE_ENV=production
Reference in a new issue View git blame Copy permalink