feat(infrastructure): self-hosted deployment with Docker + OrbStack + Cloudflare Tunnel#35
Merged
Merged
Conversation
… Cloudflare Tunnel (closes #34) ## What A complete self-hosting story that works on macOS (OrbStack) and on any Linux VPS. No Vercel account required for production. ### Files #### NEW - `Dockerfile` (4-stage multi-stage): 1. `deps` — pnpm install --frozen-lockfile on node:22-alpine 2. `sin-code` — downloads the official Go binary from the SIN-Code-Bundle release (with `/releases/latest` fallback). Multi-arch via docker buildx TARGETARCH. 3. `builder` — Next.js standalone build with `output: 'standalone'` 4. `runner` — node:22-slim + the standalone bundle + the sin-code binary on PATH. Runs as non-root. Healthcheck on /api/sin/status. - `docker-compose.yml` — 3 services: `webui` (Next.js), `caddy` (reverse proxy + auto-HTTPS), and optional `sin-code` behind the `--profile tools` flag. - `Caddyfile` — reverse proxy :80 → webui:3000, with flush_interval -1 for SSE chat streams, security headers, gzip+zstd encoding. - `.dockerignore` — excludes node_modules, .next, .sin, .env*.local, IDE noise, *.db, etc. - `.env.example` — every env var documented, with a comment about what it does. No values. - `.github/workflows/docker.yml` — multi-arch (amd64+arm64) build + push to ghcr.io on every release tag (and on main for testing). Uses docker/build-push-action@v6 with GHA cache. - `scripts/orb-up.sh` / `scripts/orb-down.sh` — one-command start and stop of the compose stack. Auto-detects the docker binary (OrbStack on macOS, Docker Engine on Linux), creates `.env` from `.env.example` if missing. - `scripts/tunnel-up.sh` — starts a `cloudflared` quick tunnel for a public `*.trycloudflare.com` URL (no domain or account needed). Verifies the stack is running first. - `PLAN_DEPLOY.md` (10 KB) — full architecture diagram, three topologies (macOS dev / Linux dev / VPS prod), build details, environment variables, troubleshooting matrix, rollback procedure, production checklist. #### MODIFIED - `next.config.mjs` — added `output: 'standalone'` for the small self-contained runtime image. ## Reality checks done locally - `pnpm build` → SUCCESS, 10 routes (2 static + 8 dynamic) - `docker build --target deps .` → SUCCESS, pnpm install in 47s - `docker compose config` → valid, no cycle (after the first attempt created `caddy → webui → caddy`, removed webui's `depends_on: caddy`) - `pnpm tsc --noEmit` → exit 0 ## Production deployment (VPS) 1. SSH into any Ubuntu VPS 2. `curl -fsSL https://get.docker.com | sh` 3. `git clone https://github.com/OpenSIN-Code/SIN-Code-WebUI-v2` 4. `cp .env.example .env && nano .env` (set AI_GATEWAY_API_KEY) 5. `./scripts/orb-up.sh` — works on Linux via docker fallback 6. Optional: `cloudflared tunnel create sin-code-webui` + put `TUNNEL_TOKEN` in .env for a named Cloudflare tunnel ## Verification - pnpm tsc --noEmit → exit 0 - secret scan on staged diff → 0 hits (no real vck_ keys) - docker compose config → valid - docker build --target deps → success - Caddyfile + scripts + PLAN_DEPLOY.md reviewed for shell-syntax and consistency ## Closes Closes #34
CEO Audit — Not applicableThis repository is a Node.js / TypeScript project. Recommended checks for this repo:
|
This was referenced Jun 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #34. Full self-hosting story: Dockerfile (multi-stage, multi-arch), docker-compose.yml, Caddyfile, scripts, PLAN_DEPLOY.md, .env.example, docker GH workflow. Validated locally:
pnpm buildSUCCESS,docker build --target depsSUCCESS,docker compose configvalid,pnpm tsc --noEmitexit 0.