buildmymcpserver

marco/buildmymcpserver

Fork 0

Commit Graph

Author	SHA1	Message	Date
Marco Sadjadi	c016bf237b	feat(deploy): nginx vhost serves :443 with a self-signed origin cert All checks were successful Deploy to Production / deploy (push) Successful in 49s Details Lets Cloudflare run in Full mode (encrypted Cloudflare<->origin) instead of Flexible (plaintext origin hop). Full (strict) is a later swap to a Cloudflare Origin Certificate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-21 18:10:22 +02:00
Marco Sadjadi	c7e6537c64	fix(deploy): rework prod artifacts to match the actual Hetzner box Server recon (read-only SSH) showed the box already runs ~8 apps behind a host-level nginx, with Gitea + an Actions runner. The host-networking design collided with contentra on port 3001. - docker-compose.prod.yml: bridge networking + per-app network, house style; api/web/postgres/redis publish to 127.0.0.1 on verified-free ports (4000/4001/5440/6390); only the generator keeps host networking (no listening port, needs the host namespace for runner-port probing). - Drop the Traefik config; the box uses a host nginx. Add a ready nginx vhost in infra/nginx/buildmymcpserver.conf (listen 80, Cloudflare TLS). - Add .gitea/workflows/deploy.yml mirroring the buildmydiscord pipeline. - Narrow the generated-MCP port range to 4400-4900 (clear of screencraft on 4321). - .env.production.example + DEPLOY.md rewritten for buildmymcpserver.com and the real topology. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-21 17:48:57 +02:00

Author

SHA1

Message

Date

Marco Sadjadi

c016bf237b

feat(deploy): nginx vhost serves :443 with a self-signed origin cert

Deploy to Production / deploy (push) Successful in 49s

Details

Lets Cloudflare run in Full mode (encrypted Cloudflare<->origin) instead
of Flexible (plaintext origin hop). Full (strict) is a later swap to a
Cloudflare Origin Certificate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-21 18:10:22 +02:00

Marco Sadjadi

c7e6537c64

fix(deploy): rework prod artifacts to match the actual Hetzner box

Server recon (read-only SSH) showed the box already runs ~8 apps behind a
host-level nginx, with Gitea + an Actions runner. The host-networking
design collided with contentra on port 3001.

- docker-compose.prod.yml: bridge networking + per-app network, house
  style; api/web/postgres/redis publish to 127.0.0.1 on verified-free
  ports (4000/4001/5440/6390); only the generator keeps host networking
  (no listening port, needs the host namespace for runner-port probing).
- Drop the Traefik config; the box uses a host nginx. Add a ready nginx
  vhost in infra/nginx/buildmymcpserver.conf (listen 80, Cloudflare TLS).
- Add .gitea/workflows/deploy.yml mirroring the buildmydiscord pipeline.
- Narrow the generated-MCP port range to 4400-4900 (clear of screencraft
  on 4321).
- .env.production.example + DEPLOY.md rewritten for buildmymcpserver.com
  and the real topology.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-21 17:48:57 +02:00

2 Commits