Files
mortgagefi-helper/docs/Operations/Deployment.md
Siavash Sameni 6ae581ab2e feat(ui): Ghibli/Miyazaki reskin + Obsidian docs vault + project audit
UI: warm daylight design system (Tailwind v4 @theme palette, gh-* component
classes, watercolor grain, Zen Maru Gothic + Klee One fonts), animated SSR-safe
GhibliBackground (drifting clouds, meadow hills, soot sprites), and a full reskin
of navbar, connect button, dapp page, loan cards, settings modal, and readme.
Fixes the bg-white-on-dark loan-card inconsistency. Web3/business logic untouched.

Docs: converted docs/ into an Obsidian vault (frontmatter, [[wikilinks]],
callouts, Home MOC, folders Architecture/Operations/Audits) and added a
full-project audit note (Project Audit 2026-06). Redacted a real leaked Schedy
key value from the security audit example (rotate it at Schedy).

Also commits the previously-untracked server layer: app/api (cron + tasks routes)
and lib (redis, ssrf-guard, task-store).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-14 08:13:53 +04:00

6.0 KiB

title, tags, type, status, updated
title tags type status updated
Deployment
mortgagefi
ops
deployment
operations stable 2026-06-14

Deployment

Prerequisites

  • Docker Engine 24.0+ and Docker Compose v2
  • Node.js 20+ (for frontend development only)
  • Git with submodule support

Environment Setup

Create .env.local in the project root:

# WalletConnect (required for frontend)
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id

# RPC endpoints (optional — defaults to public LlamaRPC)
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
NEXT_PUBLIC_RPC_ARBITRUM=https://arb.llamarpc.com

# Internal service URLs (use relative paths when behind nginx proxy)
NEXT_PUBLIC_NTFY_URL=/ntfy
NEXT_PUBLIC_SCHEDY_URL=/schedy
NEXT_PUBLIC_NFTCACHE_URL=/nftcache

# Schedy API key (must match server-side SCHEDY_API_KEY)
NEXT_PUBLIC_SCHEDY_API_KEY=your-random-hex-key
SCHEDY_API_KEY=your-random-hex-key

# nftcache API key (must match server-side NFTCACHE_API_KEY)
NFTCACHE_API_KEY=your-random-hex-key

# nftcache TTL
NFTCACHE_TTL=24h

# ntfy SMTP configuration
NTFY_BASE_URL=https://your-domain.com/ntfy
NTFY_SMTP_SENDER_ADDR=smtp.gmail.com:587
NTFY_SMTP_SENDER_USER=your.email@gmail.com
NTFY_SMTP_SENDER_PASS=your-app-password
NTFY_SMTP_SENDER_FROM=your.email@gmail.com
NTFY_LOG_LEVEL=info

# CORS (set to your frontend domain)
CORS_ALLOW_ORIGIN=https://your-domain.com
CORS_ALLOW_METHODS=GET,POST,DELETE,OPTIONS
CORS_ALLOW_HEADERS=Content-Type,X-API-Key
CORS_MAX_AGE=600

# RPC URLs for nftcache backend scanning
ETH_RPC_URL=https://eth.llamarpc.com
ARB_RPC_URL=https://arb.llamarpc.com
BASE_RPC_URL=https://base.llamarpc.com

Generate strong API keys:

openssl rand -hex 32

[!warning] Key consistency NEXT_PUBLIC_SCHEDY_API_KEY must match the server-side SCHEDY_API_KEY, and NFTCACHE_API_KEY must match its server-side counterpart. Mismatched keys cause authentication failures.


Full Stack Deployment (Docker Compose)

1. Clone and Initialize

git clone <repository>
cd mortgageFi
git submodule update --init --recursive

2. Configure

cp .env.example .env.local  # if available, or create manually
# Edit .env.local with your values

3. Start Services

docker compose up -d

This starts:

  • frontend — Next.js app (internal port 3000)
  • web — nginx proxy (port 80)
  • ntfy — notification server (internal port 80)
  • schedy — task scheduler (port 8080)
  • nftcache — NFT cache (port 8090)

4. Verify

# Check all containers are running
docker compose ps

# View logs
docker compose logs -f frontend
docker compose logs -f nftcache
docker compose logs -f schedy

# Test nftcache
curl "http://localhost/nftcache/nfts?network=base&nft_contract=cbbtc&user_wallet=0x..."

# Test Schedy
curl -X POST http://localhost/schedy/tasks \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $SCHEDY_API_KEY" \
  -d '{"url":"https://httpbin.org/post","execute_at":"2026-12-31T23:59:59Z","payload":"test"}'

# Test ntfy
curl -X POST http://localhost/ntfy/test \
  -H "Content-Type: text/plain" \
  -d "Hello from MortgageFi"

5. Access Application

Open http://localhost in your browser.


Frontend-Only Deployment (Vercel)

For deploying just the Next.js frontend to Vercel:

1. Project Settings

  • Framework Preset: Next.js
  • Root Directory: mortgagefi-frontend/
  • Build Command: next build --turbopack
  • Output Directory: .next

2. Environment Variables

Add these in the Vercel dashboard:

NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
NEXT_PUBLIC_NTFY_URL=https://your-ntfy-server.com
NEXT_PUBLIC_SCHEDY_URL=https://your-schedy-server.com
NEXT_PUBLIC_SCHEDY_API_KEY=your-key
NEXT_PUBLIC_NFTCACHE_URL=https://your-nftcache-server.com

3. Backend Services

You must deploy the backend services separately and point the frontend to them:

  • nftcache: Deploy as a Docker container or Go binary
  • schedy: Deploy as a Docker container or Go binary
  • ntfy: Use ntfy.sh cloud or self-host

4. Gitea Integration

[!note] Gitea is not natively supported by Vercel Vercel does not natively support Gitea. Options:

  • Mirror the repository to GitHub/GitLab/Bitbucket
  • Or use the Vercel CLI for manual deploys:
cd mortgagefi-frontend
npm install -g vercel
vercel --prod

nftcache Standalone Deployment

Docker

cd nftcache
docker build -t nftcache .
docker run -d \
  -p 8090:8090 \
  -v $(pwd)/data:/data \
  -v $(pwd)/config:/config:ro \
  -e NFTCACHE_API_KEY=your-key \
  -e NFTCACHE_TTL=24h \
  -e BASE_RPC_URL=https://base.llamarpc.com \
  -e NFTCACHE_CONFIG=/config/contracts.yaml \
  nftcache

Binary

cd nftcache
go build -o nftcache ./cmd/nftcache
./nftcache

Schedy Standalone Deployment

Docker

cd mortgagefi-frontend/submodules/schedy
docker build -t schedy .
docker run -d \
  -p 8080:8080 \
  -v $(pwd)/data:/data \
  -e SCHEDY_API_KEY=your-key \
  schedy

Binary

cd mortgagefi-frontend/submodules/schedy
go build -o schedy ./cmd/schedy
./schedy -port 8080

Production Checklist

  • Change all default API keys to cryptographically random values
  • Configure HTTPS (use a reverse proxy like Traefik or Cloudflare)
  • Set CORS_ALLOW_ORIGIN to your exact frontend domain (not *)
  • Enable mainnet only if explicitly required (NEXT_PUBLIC_ENABLE_MAINNET=true)
  • Configure reliable RPC endpoints (avoid public endpoints for high traffic)
  • Set up log aggregation and monitoring
  • Back up BadgerDB data directories (data/nftcache, data/schedy, data/ntfy)
  • Configure ntfy SMTP with a proper transactional email service
  • Test end-to-end notification flow before going live

[!warning] Before going to production Never ship with default API keys or a wildcard (*) CORS origin, and confirm the end-to-end notification flow works before going live.

Home, Architecture, Development, Migration Notes