59944e9144
Session notes covering Gitea-Coolify webhook fixes, NocoDB/Vaultwarden credentials, Stalwart mail server setup, Snappymail config, WhyRating databases and email, CloudBeaver deployment, and Turbostarter setup. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
70 lines
2.8 KiB
Markdown
70 lines
2.8 KiB
Markdown
# Turbostarter (Knosia) Production Deployment
|
|
|
|
**Date:** 2026-02-03 22:00
|
|
**Context:** Full production deployment of Turbostarter Next.js monorepo on NUC via Coolify
|
|
|
|
## Deployment Details
|
|
|
|
| Property | Value |
|
|
|----------|-------|
|
|
| **URL** | `https://alezmad-nuc.tail58f5ad.ts.net` |
|
|
| **Service UUID** | `v4gogwwc8wkk4888ksscc4k4` |
|
|
| **Service Name** | Knosia |
|
|
| **Architecture** | Tailscale Funnel (HTTPS) → Traefik (HTTP:80) → web container |
|
|
| **FQDN (internal)** | `http://alezmad-nuc.tail58f5ad.ts.net` |
|
|
| **Registry Image** | `192.168.1.3:3030/alezmad/turbostarter:latest` |
|
|
| **Gitea Repo** | `alezmad/turbostarter` |
|
|
|
|
## Container Stack
|
|
|
|
| Container | Image | Status |
|
|
|-----------|-------|--------|
|
|
| `web-v4gogwwc8wkk4888ksscc4k4` | `localhost:3030/alezmad/turbostarter:latest` | running:healthy |
|
|
| `db-v4gogwwc8wkk4888ksscc4k4` | `pgvector/pgvector:pg17` | running:healthy |
|
|
| `minio-v4gogwwc8wkk4888ksscc4k4` | `minio/minio:latest` | running:healthy |
|
|
| `minio-init-v4gogwwc8wkk4888ksscc4k4` | `minio/mc:latest` | exited (expected) |
|
|
|
|
## Credentials
|
|
|
|
| Service | Credential |
|
|
|---------|-----------|
|
|
| **Database** | `postgres://turbostarter:turbostarter@db:5432/core` |
|
|
| **MinIO** | `minioadmin` / `minioadmin` |
|
|
| **Better Auth Secret** | `WyfMfoRclem2Bc/Ek3/2nWsiIdHkjIOvAhJXevDAx/E=` |
|
|
| **Admin User** | `me+admin@turbostarter.dev` / `Pa$$w0rd` |
|
|
| **Regular User** | `me+user@turbostarter.dev` / `Pa$$w0rd` |
|
|
|
|
## Database Schemas
|
|
|
|
- 11 auth tables (Better Auth)
|
|
- PostgreSQL schemas: `chat`, `pdf`, `image` (Drizzle pgSchema)
|
|
- Seeded with 5 users and organization data
|
|
|
|
## Key Configuration Decisions
|
|
|
|
1. **HTTPS via Tailscale Funnel** — not Cloudflare (Spanish ISPs block Cloudflare shared IPs during LaLiga)
|
|
2. **FQDN set to HTTP internally** — Tailscale terminates TLS, Traefik must not redirect to HTTPS (causes loop)
|
|
3. **BETTER_AUTH_TRUSTED_ORIGINS** — runtime env var added to `server.ts` so origins can be configured without rebuilding
|
|
4. **NEXT_PUBLIC_URL** — build-time ARG in Dockerfile, baked into static output
|
|
5. **CSP `upgrade-insecure-requests`** — kept in place (production security), requires valid HTTPS
|
|
|
|
## Build Command
|
|
|
|
```bash
|
|
cd /Users/agutierrez/Desktop/turbostarter-export
|
|
docker build --platform linux/amd64 \
|
|
--build-arg NEXT_PUBLIC_URL=https://alezmad-nuc.tail58f5ad.ts.net \
|
|
-t 192.168.1.3:3030/alezmad/turbostarter:latest .
|
|
docker push 192.168.1.3:3030/alezmad/turbostarter:latest
|
|
```
|
|
|
|
## Code Changes Made
|
|
|
|
1. **Dockerfile** — simplified to single-stage build, added `NEXT_PUBLIC_URL` build arg
|
|
2. **packages/auth/src/server.ts** — added `BETTER_AUTH_TRUSTED_ORIGINS` env var support in trustedOrigins array
|
|
|
|
## Related
|
|
- Coolify service: http://192.168.1.3:8000 (service ID 29)
|
|
- Gitea repo: http://192.168.1.3:3030/alezmad/turbostarter
|
|
- Tailscale Funnel: `tailscale funnel status` on NUC
|