iamcoolvivek007/bharath
1
0
Fork 0
mirror of http://forgejo-oa09toasww4dgii9cj3gpzda.187.127.164.61.sslip.io/iamcoolvivek007/bharath.git synced 2026-06-11 08:16:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
bharath/docs/architecture/DEPLOYMENT.md
Vivek 394117dd74 BharathTrucks MVP - 6 sprints complete 
- Govt-app styled freight marketplace
- Role-based auth (driver/shipper/broker/admin)
- Load board with bidding system
- Trip tracking with status flow
- In-app messaging
- Admin panel
- Mobile bottom nav + PWA
- Docker + Coolify ready
2026-05-31 06:21:13 +00:00

286 lines
9.2 KiB
Markdown
Raw Blame History

# BharathTrucks — Deployment & Infrastructure
**Version:** 1.0
**Date:** 2026-05-31
---
## 1. Infrastructure Overview
```
┌─────────────────────────────────────────────────────────────┐
│ bharathtrucks.com │
│ (Cloudflare DNS/CDN) │
│ │
│ DNS: A record → VPS IP │
│ SSL: Cloudflare Full (Strict) │
│ Caching: Static assets (CSS/JS/images) │
└──────────────────────────┬──────────────────────────────────┘
┌──────────────────────────▼──────────────────────────────────┐
│ Hostinger VPS │
│ Ubuntu 22.04 LTS │
│ 4 vCPU / 8GB RAM / 200GB SSD │
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Coolify │ │
│ │ (Self-hosted PaaS) │ │
│ │ │ │
│ │ ┌──────────────────────────────────────────────────┐ │ │
│ │ │ bharathtrucks (Docker Container) │ │ │
│ │ │ │ │ │
│ │ │ Node.js 20 + Express + EJS │ │ │
│ │ │ Port: 3000 (internal) │ │ │
│ │ │ Auto-restart: enabled │ │ │
│ │ │ Health check: /health │ │ │
│ │ └──────────────────────────────────────────────────┘ │ │
│ │ │ │
│ │ Traefik (Reverse Proxy) → :443 → Container :3000 │ │
│ └────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
┌──────────────────────────▼──────────────────────────────────┐
│ Supabase Cloud │
│ │
│ Project: bharathtrucks │
│ Region: Mumbai (ap-south-1) │
│ Plan: Free → Pro (at 1000 users) │
└──────────────────────────────────────────────────────────────┘
```
---
## 2. Domain Setup (bharathtrucks.com)
### Cloudflare Configuration
1. Add domain to Cloudflare (free plan)
2. Update nameservers at registrar to Cloudflare's
3. DNS Records:
| Type | Name | Value | Proxy |
|------|------|-------|-------|
| A | @ | `<VPS_IP>` | Proxied ☁️ |
| A | www | `<VPS_IP>` | Proxied ☁️ |
| CNAME | api | @ | Proxied ☁️ |
4. SSL: Full (Strict) mode
5. Page Rules:
- `*.bharathtrucks.com/public/*` → Cache Everything, Edge TTL 1 month
- `bharathtrucks.com/` → Cache Level: Standard
---
## 3. Dockerfile
```dockerfile
FROM node:20-alpine
WORKDIR /app
COPY webapp/package*.json ./
RUN npm ci --only=production
COPY webapp/src ./src
ENV NODE_ENV=production
ENV PORT=3000
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s \
CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
CMD ["node", "src/server.js"]
```
---
## 4. Docker Compose (Local Development)
```yaml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile
ports:
- "3000:3000"
env_file:
- webapp/.env
volumes:
- ./webapp/src:/app/src
restart: unless-stopped
```
---
## 5. Coolify Deployment Steps
### Initial Setup
1. SSH into Hostinger VPS
2. Install Coolify: `curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash`
3. Access Coolify dashboard at `http://<VPS_IP>:8000`
4. Configure domain in Coolify settings
### App Deployment
1. **Source:** Connect GitHub/GitLab repo (or use Git URL)
2. **Build Pack:** Dockerfile
3. **Port:** 3000
4. **Domain:** bharathtrucks.com
5. **Environment Variables:** Add all from `.env.example`
6. **Health Check:** `/health`
7. **Auto Deploy:** On push to `main` branch
### Environment Variables in Coolify
```
NODE_ENV=production
PORT=3000
SUPABASE_URL=https://xxx.supabase.co
SUPABASE_ANON_KEY=eyJ...
SUPABASE_SERVICE_KEY=eyJ...
APP_URL=https://bharathtrucks.com
SESSION_SECRET=<generate-random-64-char>
RATE_LIMIT_BIDS_PER_DAY=5
```
---
## 6. Supabase Setup
### Project Configuration
1. Create project at supabase.com (region: Mumbai)
2. Note: Project URL + anon key + service role key
3. Enable Phone Auth (OTP provider)
4. Configure SMS provider (Twilio or MSG91)
### Auth Settings
- Phone OTP enabled
- OTP expiry: 5 minutes
- Rate limit: 5 OTP requests per hour per number
- Disable email confirmation (phone-first)
### Database Setup
- Run schema SQL from `docs/architecture/DATABASE_SCHEMA.md`
- Enable RLS on all tables
- Create indexes as specified
### Storage Buckets
| Bucket | Purpose | Public |
|--------|---------|--------|
| `avatars` | Profile photos | Yes |
| `documents` | License, RC uploads | No |
| `load-images` | Load/material photos | Yes |
---
## 7. CI/CD Pipeline
### GitHub Actions (Optional)
```yaml
name: Deploy
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Trigger Coolify Webhook
run: |
curl -X POST "${{ secrets.COOLIFY_WEBHOOK_URL }}"
```
### Simpler: Coolify Auto-Deploy
Coolify watches the repo and auto-deploys on push to `main`. No CI/CD config needed.
---
## 8. Monitoring & Logging
| Tool | Purpose | Cost |
|------|---------|------|
| Coolify Dashboard | Container status, resource usage | Free |
| Cloudflare Analytics | Traffic, cache hit rate | Free |
| Supabase Dashboard | DB metrics, auth logs | Free |
| UptimeRobot | Uptime monitoring, alerts | Free (50 monitors) |
### Health Check Endpoint
```javascript
app.get('/health', (req, res) => {
res.status(200).json({ status: 'ok', timestamp: Date.now() });
});
```
### Log Strategy
- Application logs: stdout (Docker captures)
- Access logs: Morgan middleware (combined format)
- Error logs: Structured JSON to stdout
- View in Coolify dashboard → Container logs
---
## 9. Backup Strategy
| What | How | Frequency |
|------|-----|-----------|
| Database | Supabase automatic backups | Daily (Pro plan) |
| Code | Git repository | Every push |
| Environment | Documented in `.env.example` | Manual |
| Uploads | Supabase Storage (managed) | Automatic |
---
## 10. Security Hardening
### VPS Level
- UFW firewall: allow 22, 80, 443 only
- Fail2ban for SSH brute-force protection
- SSH key-only auth (disable password)
- Automatic security updates
### Application Level
- Helmet.js security headers
- CORS restricted to bharathtrucks.com
- Rate limiting (express-rate-limit)
- Input sanitization
- httpOnly cookies for sessions
- CSP headers (Content Security Policy)
### Cloudflare Level
- DDoS protection (automatic)
- Bot management (free tier)
- WAF rules (basic)
- SSL enforcement
---
## 11. Scaling Triggers
| Metric | Threshold | Action |
|--------|-----------|--------|
| CPU | >80% sustained | Upgrade VPS |
| RAM | >85% | Upgrade VPS |
| Response time | >2s average | Add caching/optimize |
| Users | >5000 | Supabase Pro + Redis |
| Traffic | >10K req/min | Multiple containers |
---
## 12. Cost Estimate (Phase 1)
| Service | Plan | Monthly Cost |
|---------|------|-------------|
| Hostinger VPS | KVM 2 (4vCPU/8GB) | ~₹800/month |
| Supabase | Free tier | ₹0 |
| Cloudflare | Free plan | ₹0 |
| Domain | bharathtrucks.com | ~₹800/year |
| UptimeRobot | Free | ₹0 |
| **Total** | | **~₹900/month** |
---
*Infrastructure designed for minimal cost during growth phase, with clear upgrade paths as user base scales.*
Reference in a new issue View git blame Copy permalink