Files

Alejandro Gutiérrez 59944e9144 Add infrastructure setup artifacts (Feb 1-3)

Session notes covering Gitea-Coolify webhook fixes, NocoDB/Vaultwarden
credentials, Stalwart mail server setup, Snappymail config, WhyRating
databases and email, CloudBeaver deployment, and Turbostarter setup.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-18 15:17:04 +01:00

2.8 KiB

Raw Blame History

Turbostarter (Knosia) Production Deployment

Date: 2026-02-03 22:00 Context: Full production deployment of Turbostarter Next.js monorepo on NUC via Coolify

Deployment Details

Property	Value
URL	`https://alezmad-nuc.tail58f5ad.ts.net`
Service UUID	`v4gogwwc8wkk4888ksscc4k4`
Service Name	Knosia
Architecture	Tailscale Funnel (HTTPS) → Traefik (HTTP:80) → web container
FQDN (internal)	`http://alezmad-nuc.tail58f5ad.ts.net`
Registry Image	`192.168.1.3:3030/alezmad/turbostarter:latest`
Gitea Repo	`alezmad/turbostarter`

Container Stack

Container	Image	Status
`web-v4gogwwc8wkk4888ksscc4k4`	`localhost:3030/alezmad/turbostarter:latest`	running:healthy
`db-v4gogwwc8wkk4888ksscc4k4`	`pgvector/pgvector:pg17`	running:healthy
`minio-v4gogwwc8wkk4888ksscc4k4`	`minio/minio:latest`	running:healthy
`minio-init-v4gogwwc8wkk4888ksscc4k4`	`minio/mc:latest`	exited (expected)

Credentials

Service	Credential
Database	`postgres://turbostarter:turbostarter@db:5432/core`
MinIO	`minioadmin` / `minioadmin`
Better Auth Secret	`WyfMfoRclem2Bc/Ek3/2nWsiIdHkjIOvAhJXevDAx/E=`
Admin User	`me+admin@turbostarter.dev` / `Pa$$w0rd`
Regular User	`me+user@turbostarter.dev` / `Pa$$w0rd`

Database Schemas

11 auth tables (Better Auth)
PostgreSQL schemas: chat, pdf, image (Drizzle pgSchema)
Seeded with 5 users and organization data

Key Configuration Decisions

HTTPS via Tailscale Funnel — not Cloudflare (Spanish ISPs block Cloudflare shared IPs during LaLiga)
FQDN set to HTTP internally — Tailscale terminates TLS, Traefik must not redirect to HTTPS (causes loop)
BETTER_AUTH_TRUSTED_ORIGINS — runtime env var added to server.ts so origins can be configured without rebuilding
NEXT_PUBLIC_URL — build-time ARG in Dockerfile, baked into static output
CSP upgrade-insecure-requests — kept in place (production security), requires valid HTTPS

Build Command

cd /Users/agutierrez/Desktop/turbostarter-export
docker build --platform linux/amd64 \
  --build-arg NEXT_PUBLIC_URL=https://alezmad-nuc.tail58f5ad.ts.net \
  -t 192.168.1.3:3030/alezmad/turbostarter:latest .
docker push 192.168.1.3:3030/alezmad/turbostarter:latest

Code Changes Made

Dockerfile — simplified to single-stage build, added NEXT_PUBLIC_URL build arg
packages/auth/src/server.ts — added BETTER_AUTH_TRUSTED_ORIGINS env var support in trustedOrigins array

Coolify service: http://192.168.1.3:8000 (service ID 29)
Gitea repo: http://192.168.1.3:3030/alezmad/turbostarter
Tailscale Funnel: tailscale funnel status on NUC

2.8 KiB Raw Blame History