joh/project-bifrost-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
project-bifrost-platform/.env.production.example
Arlind 6f656b7121 chore(deploy): align deploy artifacts to the target server's conventions 
Recon of the live box (Ubuntu 24.04 x86_64, nginx 1.24, certbot 2.9)
showed established conventions from the existing fenja / bifrost-customer
services. Match them so the portal looks like a first-class citizen:

- service runs as the existing `fenja` user, journald logging + full
  hardening block (ProtectKernelModules, LockPersonality), ExecStart on
  /usr/bin/node (box upgraded globally to Node 22)
- code in /opt/bifrost-portal, in-dir .env (EnvironmentFile), data under
  the shared /opt/fenja/data/bifrost-portal (ReadWritePaths)
- nginx: 1.24 `listen ... ssl http2` syntax, certbot options-ssl-nginx +
  dhparam includes, server_tokens off, sites-available/bifrost-portal (no
  .conf) symlinked; 12m body size for photo uploads; port 4322 (free)
- deploy.sh / backup.sh point at the new paths
- DEPLOY.md rewritten as a server-specific runbook incl. the global Node 22
  upgrade + retest of the existing apps, and pnpm via corepack

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 13:16:57 +02:00

26 lines
1.1 KiB
Text
Raw Blame History

# Production environment for bifrost-portal.fenja.ai
# Copy to /opt/bifrost-portal/.env on the server and fill in real values.
# Keep it chmod 600, owned by fenja:fenja. NEVER commit the real file.
# (Matches the existing apps' convention of an in-dir .env loaded via
# EnvironmentFile in the systemd unit.)
# Long random string used to sign sessions and invite tokens.
# Generate with: openssl rand -hex 32
BIFROST_SECRET=change-me-openssl-rand-hex-32
# Absolute path to the SQLite database. Lives under the shared /opt/fenja/data
# tree (the only path the service may write to) and OUTSIDE the deploy dir, so
# redeploys never touch it. Honored by src/lib/db.ts and scripts/migrate.js.
BIFROST_DB_PATH=/opt/fenja/data/bifrost-portal/bifrost.db
# Absolute path to the runtime uploads dir (event photos). Honored by
# src/lib/uploads.ts.
BIFROST_UPLOAD_DIR=/opt/fenja/data/bifrost-portal/uploads
# Bind address + port for the Node standalone server. Loopback only — nginx
# is the only thing that should reach it. 4322 is free on this box (3000/3001
# are the existing fenja / bifrost-customer apps).
HOST=127.0.0.1
PORT=4322
NODE_ENV=production
Reference in a new issue View git blame Copy permalink