alezmad/nuc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1aa7ebcde3f66b9ee83234775c55bec7628d8ad4
nuc/.artifacts/2026-02-03_22-00_turbostarter-deployment.md
Alejandro Gutiérrez 59944e9144 Add infrastructure setup artifacts (Feb 1-3) 
Session notes covering Gitea-Coolify webhook fixes, NocoDB/Vaultwarden
credentials, Stalwart mail server setup, Snappymail config, WhyRating
databases and email, CloudBeaver deployment, and Turbostarter setup.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 15:17:04 +01:00

70 lines
2.8 KiB
Markdown
Raw Blame History

# Turbostarter (Knosia) Production Deployment
**Date:** 2026-02-03 22:00
**Context:** Full production deployment of Turbostarter Next.js monorepo on NUC via Coolify
## Deployment Details
| Property | Value |
|----------|-------|
| **URL** | `https://alezmad-nuc.tail58f5ad.ts.net` |
| **Service UUID** | `v4gogwwc8wkk4888ksscc4k4` |
| **Service Name** | Knosia |
| **Architecture** | Tailscale Funnel (HTTPS) → Traefik (HTTP:80) → web container |
| **FQDN (internal)** | `http://alezmad-nuc.tail58f5ad.ts.net` |
| **Registry Image** | `192.168.1.3:3030/alezmad/turbostarter:latest` |
| **Gitea Repo** | `alezmad/turbostarter` |
## Container Stack
| Container | Image | Status |
|-----------|-------|--------|
| `web-v4gogwwc8wkk4888ksscc4k4` | `localhost:3030/alezmad/turbostarter:latest` | running:healthy |
| `db-v4gogwwc8wkk4888ksscc4k4` | `pgvector/pgvector:pg17` | running:healthy |
| `minio-v4gogwwc8wkk4888ksscc4k4` | `minio/minio:latest` | running:healthy |
| `minio-init-v4gogwwc8wkk4888ksscc4k4` | `minio/mc:latest` | exited (expected) |
## Credentials
| Service | Credential |
|---------|-----------|
| **Database** | `postgres://turbostarter:turbostarter@db:5432/core` |
| **MinIO** | `minioadmin` / `minioadmin` |
| **Better Auth Secret** | `WyfMfoRclem2Bc/Ek3/2nWsiIdHkjIOvAhJXevDAx/E=` |
| **Admin User** | `me+admin@turbostarter.dev` / `Pa$$w0rd` |
| **Regular User** | `me+user@turbostarter.dev` / `Pa$$w0rd` |
## Database Schemas
- 11 auth tables (Better Auth)
- PostgreSQL schemas: `chat`, `pdf`, `image` (Drizzle pgSchema)
- Seeded with 5 users and organization data
## Key Configuration Decisions
1. **HTTPS via Tailscale Funnel** — not Cloudflare (Spanish ISPs block Cloudflare shared IPs during LaLiga)
2. **FQDN set to HTTP internally** — Tailscale terminates TLS, Traefik must not redirect to HTTPS (causes loop)
3. **BETTER_AUTH_TRUSTED_ORIGINS** — runtime env var added to `server.ts` so origins can be configured without rebuilding
4. **NEXT_PUBLIC_URL** — build-time ARG in Dockerfile, baked into static output
5. **CSP `upgrade-insecure-requests`** — kept in place (production security), requires valid HTTPS
## Build Command
```bash
cd /Users/agutierrez/Desktop/turbostarter-export
docker build --platform linux/amd64 \
--build-arg NEXT_PUBLIC_URL=https://alezmad-nuc.tail58f5ad.ts.net \
-t 192.168.1.3:3030/alezmad/turbostarter:latest .
docker push 192.168.1.3:3030/alezmad/turbostarter:latest
```
## Code Changes Made
1. **Dockerfile** — simplified to single-stage build, added `NEXT_PUBLIC_URL` build arg
2. **packages/auth/src/server.ts** — added `BETTER_AUTH_TRUSTED_ORIGINS` env var support in trustedOrigins array
## Related
- Coolify service: http://192.168.1.3:8000 (service ID 29)
- Gitea repo: http://192.168.1.3:3030/alezmad/turbostarter
- Tailscale Funnel: `tailscale funnel status` on NUC
Reference in New Issue View Git Blame Copy Permalink