buildmymcpserver/apps/web/app/docs/self-hosting/page.tsx

import {
  DocsTitle,
  DocsLead,
  DocsH2,
  DocsP,
  DocsList,
  DocsLi,
  DocsCode,
  Mono,
} from '@/components/docs-page';

export const metadata = { title: 'Self-hosting — BuildMyMCPServer docs' };

export default function SelfHosting() {
  return (
    <>
      <DocsTitle kicker="Build">Self-hosting</DocsTitle>
      <DocsLead>
        The control plane and generator are open. Bring your own Postgres, Redis, Docker host and
        Anthropic API key. Production uses Hetzner + Coolify + Traefik; the seams are the same.
      </DocsLead>

      <DocsH2 id="requirements">Requirements</DocsH2>
      <DocsList>
        <DocsLi>Node.js 20+</DocsLi>
        <DocsLi>pnpm 9+</DocsLi>
        <DocsLi>Docker engine reachable from the generator process</DocsLi>
        <DocsLi>Postgres 16+ and Redis 7+ (docker-compose for dev)</DocsLi>
        <DocsLi>Anthropic API key (optional — mock fallback for offline dev)</DocsLi>
      </DocsList>

      <DocsH2 id="dev">Local dev</DocsH2>
      <DocsCode
        label="bash"
        code={`git clone <repo>
cd buildmymcpserver
pnpm install
cp .env.example .env
pnpm dev`}
      />
      <DocsP>
        <Mono>pnpm dev</Mono> loads <Mono>.env</Mono>, brings up Postgres and Redis via
        docker-compose, pushes the Drizzle schema, and starts web (<Mono>:3001</Mono>), api
        (<Mono>:4000</Mono>) and generator concurrently.
      </DocsP>

      <DocsH2 id="env">Environment variables</DocsH2>
      <DocsList>
        <DocsLi><Mono>DATABASE_URL</Mono> — Postgres connection string</DocsLi>
        <DocsLi><Mono>REDIS_URL</Mono> — Redis (BullMQ + pubsub + preview cache)</DocsLi>
        <DocsLi><Mono>ANTHROPIC_API_KEY</Mono> — unset = mock generator</DocsLi>
        <DocsLi><Mono>SECRETS_ENCRYPTION_KEY</Mono> — 32-byte hex, AES-256-GCM key</DocsLi>
        <DocsLi><Mono>CONTROL_PLANE_PUBLIC_URL</Mono> — issuer for OAuth tokens</DocsLi>
        <DocsLi><Mono>OAUTH_KEY_DIR</Mono> — where RS256 keypair lives (auto-generated on boot)</DocsLi>
        <DocsLi><Mono>RUNNER_PORT_RANGE_START/END</Mono> — host port window for generated containers</DocsLi>
      </DocsList>

      <DocsH2 id="prod">Production deployment</DocsH2>
      <DocsP>
        The intended production setup is a Hetzner AX52 running Coolify, Traefik for wildcard SSL
        on <Mono>*.mcp.yourdomain.com</Mono>, and Cloudflare for DNS+DDoS. The runner-deploy
        adapter is the only environment-specific seam — swap the Docker-CLI implementation in
        <Mono>apps/generator/src/lib/deploy.ts</Mono> for the Coolify HTTP API.
      </DocsP>

      <DocsH2 id="sandboxing">Container sandboxing</DocsH2>
      <DocsP>
        Production flags (commented in deploy.ts):
      </DocsP>
      <DocsList>
        <DocsLi><Mono>--read-only</Mono></DocsLi>
        <DocsLi><Mono>--cap-drop=ALL</Mono></DocsLi>
        <DocsLi><Mono>--security-opt=no-new-privileges</Mono></DocsLi>
        <DocsLi><Mono>--cpus=0.5 --memory=512m</Mono></DocsLi>
      </DocsList>
      <DocsP>
        Dev relaxes these for Docker Desktop on Windows compat. Don&apos;t ship dev defaults to
        prod.
      </DocsP>
    </>
  );
}
feat(web): real 3-step wizard, settings, audit, docs, marketing pages Sprint 3.5: close every dead link and replace the single-step wizard with the spec-mandated 3-step flow. Wizard: - Step 1 collects prompt + name + slug, calls /v1/servers/preview. - Step 2 renders parsed tools (name, description, input schema as copyable JSON) + a credential field per requiredSecret Claude actually identified. Self-contained servers see 'No credentials needed' instead of generic Notion placeholders. - Step 3 streams the live build over WebSocket and shows install snippets. New dashboard pages: - /settings — org, plan/usage, members table, API keys + billing stubs (Sprint 4), encryption status. Reads /v1/me/org. - /audit — filterable table over /v1/audit with action pills, resource refs, IP, metadata JSON. Docs site (/docs + 6 sub-pages): - Sticky 240px sidebar, max-w-prose article column, shared DocsTitle/H2/Code primitives. - Quickstart, MCP concepts, OAuth 2.1 flow (full walkthrough with curl), Authoring tools, Self-hosting, API reference, FAQ. Marketing pages: - /changelog with tagged release timeline. - /security with 8 pillars + disclosure. - /privacy with GDPR-aware sections. - /terms (10 clauses). - /pricing full page (nav now points here instead of /#pricing anchor). - /status with live 10s probes against /api/health and /login. Footer 'system status' badge now links to /status. All 20 routes 200 OK in smoke crawl. Typecheck clean across packages. 2026-05-19 18:20:31 +02:00			`import {`
			`DocsTitle,`
			`DocsLead,`
			`DocsH2,`
			`DocsP,`
			`DocsList,`
			`DocsLi,`
			`DocsCode,`
			`Mono,`
			`} from '@/components/docs-page';`

			`export const metadata = { title: 'Self-hosting — BuildMyMCPServer docs' };`

			`export default function SelfHosting() {`
			`return (`
			`<>`
			`<DocsTitle kicker="Build">Self-hosting</DocsTitle>`
			`<DocsLead>`
			`The control plane and generator are open. Bring your own Postgres, Redis, Docker host and`
			`Anthropic API key. Production uses Hetzner + Coolify + Traefik; the seams are the same.`
			`</DocsLead>`

			`<DocsH2 id="requirements">Requirements</DocsH2>`
			`<DocsList>`
			`<DocsLi>Node.js 20+</DocsLi>`
			`<DocsLi>pnpm 9+</DocsLi>`
			`<DocsLi>Docker engine reachable from the generator process</DocsLi>`
			`<DocsLi>Postgres 16+ and Redis 7+ (docker-compose for dev)</DocsLi>`
			`<DocsLi>Anthropic API key (optional — mock fallback for offline dev)</DocsLi>`
			`</DocsList>`

			`<DocsH2 id="dev">Local dev</DocsH2>`
			`<DocsCode`
			`label="bash"`
			code={`git clone <repo>
			`cd buildmymcpserver`
			`pnpm install`
			`cp .env.example .env`
			pnpm dev`}
			`/>`
			`<DocsP>`
			`<Mono>pnpm dev</Mono> loads <Mono>.env</Mono>, brings up Postgres and Redis via`
			`docker-compose, pushes the Drizzle schema, and starts web (<Mono>:3001</Mono>), api`
			`(<Mono>:4000</Mono>) and generator concurrently.`
			`</DocsP>`

			`<DocsH2 id="env">Environment variables</DocsH2>`
			`<DocsList>`
			`<DocsLi><Mono>DATABASE_URL</Mono> — Postgres connection string</DocsLi>`
			`<DocsLi><Mono>REDIS_URL</Mono> — Redis (BullMQ + pubsub + preview cache)</DocsLi>`
			`<DocsLi><Mono>ANTHROPIC_API_KEY</Mono> — unset = mock generator</DocsLi>`
			`<DocsLi><Mono>SECRETS_ENCRYPTION_KEY</Mono> — 32-byte hex, AES-256-GCM key</DocsLi>`
			`<DocsLi><Mono>CONTROL_PLANE_PUBLIC_URL</Mono> — issuer for OAuth tokens</DocsLi>`
			`<DocsLi><Mono>OAUTH_KEY_DIR</Mono> — where RS256 keypair lives (auto-generated on boot)</DocsLi>`
			`<DocsLi><Mono>RUNNER_PORT_RANGE_START/END</Mono> — host port window for generated containers</DocsLi>`
			`</DocsList>`

			`<DocsH2 id="prod">Production deployment</DocsH2>`
			`<DocsP>`
			`The intended production setup is a Hetzner AX52 running Coolify, Traefik for wildcard SSL`
			`on <Mono>*.mcp.yourdomain.com</Mono>, and Cloudflare for DNS+DDoS. The runner-deploy`
			`adapter is the only environment-specific seam — swap the Docker-CLI implementation in`
			`<Mono>apps/generator/src/lib/deploy.ts</Mono> for the Coolify HTTP API.`
			`</DocsP>`

			`<DocsH2 id="sandboxing">Container sandboxing</DocsH2>`
			`<DocsP>`
			`Production flags (commented in deploy.ts):`
			`</DocsP>`
			`<DocsList>`
			`<DocsLi><Mono>--read-only</Mono></DocsLi>`
			`<DocsLi><Mono>--cap-drop=ALL</Mono></DocsLi>`
			`<DocsLi><Mono>--security-opt=no-new-privileges</Mono></DocsLi>`
			`<DocsLi><Mono>--cpus=0.5 --memory=512m</Mono></DocsLi>`
			`</DocsList>`
			`<DocsP>`
			`Dev relaxes these for Docker Desktop on Windows compat. Don't ship dev defaults to`
			`prod.`
			`</DocsP>`
			`</>`
			`);`
			`}`