UI: warm daylight design system (Tailwind v4 @theme palette, gh-* component classes, watercolor grain, Zen Maru Gothic + Klee One fonts), animated SSR-safe GhibliBackground (drifting clouds, meadow hills, soot sprites), and a full reskin of navbar, connect button, dapp page, loan cards, settings modal, and readme. Fixes the bg-white-on-dark loan-card inconsistency. Web3/business logic untouched. Docs: converted docs/ into an Obsidian vault (frontmatter, [[wikilinks]], callouts, Home MOC, folders Architecture/Operations/Audits) and added a full-project audit note (Project Audit 2026-06). Redacted a real leaked Schedy key value from the security audit example (rotate it at Schedy). Also commits the previously-untracked server layer: app/api (cron + tasks routes) and lib (redis, ssrf-guard, task-store). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
253 lines
6.0 KiB
Markdown
253 lines
6.0 KiB
Markdown
---
|
|
title: Deployment
|
|
tags: [mortgagefi, ops, deployment]
|
|
type: operations
|
|
status: stable
|
|
updated: 2026-06-14
|
|
---
|
|
|
|
# Deployment
|
|
|
|
## Prerequisites
|
|
|
|
- Docker Engine 24.0+ and Docker Compose v2
|
|
- Node.js 20+ (for frontend development only)
|
|
- Git with submodule support
|
|
|
|
## Environment Setup
|
|
|
|
Create `.env.local` in the project root:
|
|
|
|
```bash
|
|
# WalletConnect (required for frontend)
|
|
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
|
|
|
|
# RPC endpoints (optional — defaults to public LlamaRPC)
|
|
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
|
|
NEXT_PUBLIC_RPC_ARBITRUM=https://arb.llamarpc.com
|
|
|
|
# Internal service URLs (use relative paths when behind nginx proxy)
|
|
NEXT_PUBLIC_NTFY_URL=/ntfy
|
|
NEXT_PUBLIC_SCHEDY_URL=/schedy
|
|
NEXT_PUBLIC_NFTCACHE_URL=/nftcache
|
|
|
|
# Schedy API key (must match server-side SCHEDY_API_KEY)
|
|
NEXT_PUBLIC_SCHEDY_API_KEY=your-random-hex-key
|
|
SCHEDY_API_KEY=your-random-hex-key
|
|
|
|
# nftcache API key (must match server-side NFTCACHE_API_KEY)
|
|
NFTCACHE_API_KEY=your-random-hex-key
|
|
|
|
# nftcache TTL
|
|
NFTCACHE_TTL=24h
|
|
|
|
# ntfy SMTP configuration
|
|
NTFY_BASE_URL=https://your-domain.com/ntfy
|
|
NTFY_SMTP_SENDER_ADDR=smtp.gmail.com:587
|
|
NTFY_SMTP_SENDER_USER=your.email@gmail.com
|
|
NTFY_SMTP_SENDER_PASS=your-app-password
|
|
NTFY_SMTP_SENDER_FROM=your.email@gmail.com
|
|
NTFY_LOG_LEVEL=info
|
|
|
|
# CORS (set to your frontend domain)
|
|
CORS_ALLOW_ORIGIN=https://your-domain.com
|
|
CORS_ALLOW_METHODS=GET,POST,DELETE,OPTIONS
|
|
CORS_ALLOW_HEADERS=Content-Type,X-API-Key
|
|
CORS_MAX_AGE=600
|
|
|
|
# RPC URLs for nftcache backend scanning
|
|
ETH_RPC_URL=https://eth.llamarpc.com
|
|
ARB_RPC_URL=https://arb.llamarpc.com
|
|
BASE_RPC_URL=https://base.llamarpc.com
|
|
```
|
|
|
|
Generate strong API keys:
|
|
```bash
|
|
openssl rand -hex 32
|
|
```
|
|
|
|
> [!warning] Key consistency
|
|
> `NEXT_PUBLIC_SCHEDY_API_KEY` must match the server-side `SCHEDY_API_KEY`, and `NFTCACHE_API_KEY` must match its server-side counterpart. Mismatched keys cause authentication failures.
|
|
|
|
---
|
|
|
|
## Full Stack Deployment (Docker Compose)
|
|
|
|
### 1. Clone and Initialize
|
|
|
|
```bash
|
|
git clone <repository>
|
|
cd mortgageFi
|
|
git submodule update --init --recursive
|
|
```
|
|
|
|
### 2. Configure
|
|
|
|
```bash
|
|
cp .env.example .env.local # if available, or create manually
|
|
# Edit .env.local with your values
|
|
```
|
|
|
|
### 3. Start Services
|
|
|
|
```bash
|
|
docker compose up -d
|
|
```
|
|
|
|
This starts:
|
|
- `frontend` — Next.js app (internal port 3000)
|
|
- `web` — nginx proxy (port 80)
|
|
- `ntfy` — notification server (internal port 80)
|
|
- `schedy` — task scheduler (port 8080)
|
|
- `nftcache` — NFT cache (port 8090)
|
|
|
|
### 4. Verify
|
|
|
|
```bash
|
|
# Check all containers are running
|
|
docker compose ps
|
|
|
|
# View logs
|
|
docker compose logs -f frontend
|
|
docker compose logs -f nftcache
|
|
docker compose logs -f schedy
|
|
|
|
# Test nftcache
|
|
curl "http://localhost/nftcache/nfts?network=base&nft_contract=cbbtc&user_wallet=0x..."
|
|
|
|
# Test Schedy
|
|
curl -X POST http://localhost/schedy/tasks \
|
|
-H "Content-Type: application/json" \
|
|
-H "X-API-Key: $SCHEDY_API_KEY" \
|
|
-d '{"url":"https://httpbin.org/post","execute_at":"2026-12-31T23:59:59Z","payload":"test"}'
|
|
|
|
# Test ntfy
|
|
curl -X POST http://localhost/ntfy/test \
|
|
-H "Content-Type: text/plain" \
|
|
-d "Hello from MortgageFi"
|
|
```
|
|
|
|
### 5. Access Application
|
|
|
|
Open `http://localhost` in your browser.
|
|
|
|
---
|
|
|
|
## Frontend-Only Deployment (Vercel)
|
|
|
|
For deploying just the Next.js frontend to Vercel:
|
|
|
|
### 1. Project Settings
|
|
|
|
- **Framework Preset:** Next.js
|
|
- **Root Directory:** `mortgagefi-frontend/`
|
|
- **Build Command:** `next build --turbopack`
|
|
- **Output Directory:** `.next`
|
|
|
|
### 2. Environment Variables
|
|
|
|
Add these in the Vercel dashboard:
|
|
|
|
```
|
|
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
|
|
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
|
|
NEXT_PUBLIC_NTFY_URL=https://your-ntfy-server.com
|
|
NEXT_PUBLIC_SCHEDY_URL=https://your-schedy-server.com
|
|
NEXT_PUBLIC_SCHEDY_API_KEY=your-key
|
|
NEXT_PUBLIC_NFTCACHE_URL=https://your-nftcache-server.com
|
|
```
|
|
|
|
### 3. Backend Services
|
|
|
|
You must deploy the backend services separately and point the frontend to them:
|
|
|
|
- **nftcache:** Deploy as a Docker container or Go binary
|
|
- **schedy:** Deploy as a Docker container or Go binary
|
|
- **ntfy:** Use ntfy.sh cloud or self-host
|
|
|
|
### 4. Gitea Integration
|
|
|
|
> [!note] Gitea is not natively supported by Vercel
|
|
> Vercel does not natively support Gitea. Options:
|
|
> - Mirror the repository to GitHub/GitLab/Bitbucket
|
|
> - Or use the Vercel CLI for manual deploys:
|
|
|
|
```bash
|
|
cd mortgagefi-frontend
|
|
npm install -g vercel
|
|
vercel --prod
|
|
```
|
|
|
|
---
|
|
|
|
## nftcache Standalone Deployment
|
|
|
|
### Docker
|
|
|
|
```bash
|
|
cd nftcache
|
|
docker build -t nftcache .
|
|
docker run -d \
|
|
-p 8090:8090 \
|
|
-v $(pwd)/data:/data \
|
|
-v $(pwd)/config:/config:ro \
|
|
-e NFTCACHE_API_KEY=your-key \
|
|
-e NFTCACHE_TTL=24h \
|
|
-e BASE_RPC_URL=https://base.llamarpc.com \
|
|
-e NFTCACHE_CONFIG=/config/contracts.yaml \
|
|
nftcache
|
|
```
|
|
|
|
### Binary
|
|
|
|
```bash
|
|
cd nftcache
|
|
go build -o nftcache ./cmd/nftcache
|
|
./nftcache
|
|
```
|
|
|
|
---
|
|
|
|
## Schedy Standalone Deployment
|
|
|
|
### Docker
|
|
|
|
```bash
|
|
cd mortgagefi-frontend/submodules/schedy
|
|
docker build -t schedy .
|
|
docker run -d \
|
|
-p 8080:8080 \
|
|
-v $(pwd)/data:/data \
|
|
-e SCHEDY_API_KEY=your-key \
|
|
schedy
|
|
```
|
|
|
|
### Binary
|
|
|
|
```bash
|
|
cd mortgagefi-frontend/submodules/schedy
|
|
go build -o schedy ./cmd/schedy
|
|
./schedy -port 8080
|
|
```
|
|
|
|
---
|
|
|
|
## Production Checklist
|
|
|
|
- [ ] Change all default API keys to cryptographically random values
|
|
- [ ] Configure HTTPS (use a reverse proxy like Traefik or Cloudflare)
|
|
- [ ] Set `CORS_ALLOW_ORIGIN` to your exact frontend domain (not `*`)
|
|
- [ ] Enable mainnet only if explicitly required (`NEXT_PUBLIC_ENABLE_MAINNET=true`)
|
|
- [ ] Configure reliable RPC endpoints (avoid public endpoints for high traffic)
|
|
- [ ] Set up log aggregation and monitoring
|
|
- [ ] Back up BadgerDB data directories (`data/nftcache`, `data/schedy`, `data/ntfy`)
|
|
- [ ] Configure ntfy SMTP with a proper transactional email service
|
|
- [ ] Test end-to-end notification flow before going live
|
|
|
|
> [!warning] Before going to production
|
|
> Never ship with default API keys or a wildcard (`*`) CORS origin, and confirm the end-to-end notification flow works before going live.
|
|
|
|
## Related
|
|
|
|
[[Home]], [[Architecture]], [[Development]], [[Migration Notes]]
|