Files
mortgagefi-helper/docs/Operations/Deployment.md
Siavash Sameni 6ae581ab2e feat(ui): Ghibli/Miyazaki reskin + Obsidian docs vault + project audit
UI: warm daylight design system (Tailwind v4 @theme palette, gh-* component
classes, watercolor grain, Zen Maru Gothic + Klee One fonts), animated SSR-safe
GhibliBackground (drifting clouds, meadow hills, soot sprites), and a full reskin
of navbar, connect button, dapp page, loan cards, settings modal, and readme.
Fixes the bg-white-on-dark loan-card inconsistency. Web3/business logic untouched.

Docs: converted docs/ into an Obsidian vault (frontmatter, [[wikilinks]],
callouts, Home MOC, folders Architecture/Operations/Audits) and added a
full-project audit note (Project Audit 2026-06). Redacted a real leaked Schedy
key value from the security audit example (rotate it at Schedy).

Also commits the previously-untracked server layer: app/api (cron + tasks routes)
and lib (redis, ssrf-guard, task-store).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-14 08:13:53 +04:00

253 lines
6.0 KiB
Markdown

---
title: Deployment
tags: [mortgagefi, ops, deployment]
type: operations
status: stable
updated: 2026-06-14
---
# Deployment
## Prerequisites
- Docker Engine 24.0+ and Docker Compose v2
- Node.js 20+ (for frontend development only)
- Git with submodule support
## Environment Setup
Create `.env.local` in the project root:
```bash
# WalletConnect (required for frontend)
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
# RPC endpoints (optional — defaults to public LlamaRPC)
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
NEXT_PUBLIC_RPC_ARBITRUM=https://arb.llamarpc.com
# Internal service URLs (use relative paths when behind nginx proxy)
NEXT_PUBLIC_NTFY_URL=/ntfy
NEXT_PUBLIC_SCHEDY_URL=/schedy
NEXT_PUBLIC_NFTCACHE_URL=/nftcache
# Schedy API key (must match server-side SCHEDY_API_KEY)
NEXT_PUBLIC_SCHEDY_API_KEY=your-random-hex-key
SCHEDY_API_KEY=your-random-hex-key
# nftcache API key (must match server-side NFTCACHE_API_KEY)
NFTCACHE_API_KEY=your-random-hex-key
# nftcache TTL
NFTCACHE_TTL=24h
# ntfy SMTP configuration
NTFY_BASE_URL=https://your-domain.com/ntfy
NTFY_SMTP_SENDER_ADDR=smtp.gmail.com:587
NTFY_SMTP_SENDER_USER=your.email@gmail.com
NTFY_SMTP_SENDER_PASS=your-app-password
NTFY_SMTP_SENDER_FROM=your.email@gmail.com
NTFY_LOG_LEVEL=info
# CORS (set to your frontend domain)
CORS_ALLOW_ORIGIN=https://your-domain.com
CORS_ALLOW_METHODS=GET,POST,DELETE,OPTIONS
CORS_ALLOW_HEADERS=Content-Type,X-API-Key
CORS_MAX_AGE=600
# RPC URLs for nftcache backend scanning
ETH_RPC_URL=https://eth.llamarpc.com
ARB_RPC_URL=https://arb.llamarpc.com
BASE_RPC_URL=https://base.llamarpc.com
```
Generate strong API keys:
```bash
openssl rand -hex 32
```
> [!warning] Key consistency
> `NEXT_PUBLIC_SCHEDY_API_KEY` must match the server-side `SCHEDY_API_KEY`, and `NFTCACHE_API_KEY` must match its server-side counterpart. Mismatched keys cause authentication failures.
---
## Full Stack Deployment (Docker Compose)
### 1. Clone and Initialize
```bash
git clone <repository>
cd mortgageFi
git submodule update --init --recursive
```
### 2. Configure
```bash
cp .env.example .env.local # if available, or create manually
# Edit .env.local with your values
```
### 3. Start Services
```bash
docker compose up -d
```
This starts:
- `frontend` — Next.js app (internal port 3000)
- `web` — nginx proxy (port 80)
- `ntfy` — notification server (internal port 80)
- `schedy` — task scheduler (port 8080)
- `nftcache` — NFT cache (port 8090)
### 4. Verify
```bash
# Check all containers are running
docker compose ps
# View logs
docker compose logs -f frontend
docker compose logs -f nftcache
docker compose logs -f schedy
# Test nftcache
curl "http://localhost/nftcache/nfts?network=base&nft_contract=cbbtc&user_wallet=0x..."
# Test Schedy
curl -X POST http://localhost/schedy/tasks \
-H "Content-Type: application/json" \
-H "X-API-Key: $SCHEDY_API_KEY" \
-d '{"url":"https://httpbin.org/post","execute_at":"2026-12-31T23:59:59Z","payload":"test"}'
# Test ntfy
curl -X POST http://localhost/ntfy/test \
-H "Content-Type: text/plain" \
-d "Hello from MortgageFi"
```
### 5. Access Application
Open `http://localhost` in your browser.
---
## Frontend-Only Deployment (Vercel)
For deploying just the Next.js frontend to Vercel:
### 1. Project Settings
- **Framework Preset:** Next.js
- **Root Directory:** `mortgagefi-frontend/`
- **Build Command:** `next build --turbopack`
- **Output Directory:** `.next`
### 2. Environment Variables
Add these in the Vercel dashboard:
```
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your-project-id
NEXT_PUBLIC_RPC_BASE=https://base.llamarpc.com
NEXT_PUBLIC_NTFY_URL=https://your-ntfy-server.com
NEXT_PUBLIC_SCHEDY_URL=https://your-schedy-server.com
NEXT_PUBLIC_SCHEDY_API_KEY=your-key
NEXT_PUBLIC_NFTCACHE_URL=https://your-nftcache-server.com
```
### 3. Backend Services
You must deploy the backend services separately and point the frontend to them:
- **nftcache:** Deploy as a Docker container or Go binary
- **schedy:** Deploy as a Docker container or Go binary
- **ntfy:** Use ntfy.sh cloud or self-host
### 4. Gitea Integration
> [!note] Gitea is not natively supported by Vercel
> Vercel does not natively support Gitea. Options:
> - Mirror the repository to GitHub/GitLab/Bitbucket
> - Or use the Vercel CLI for manual deploys:
```bash
cd mortgagefi-frontend
npm install -g vercel
vercel --prod
```
---
## nftcache Standalone Deployment
### Docker
```bash
cd nftcache
docker build -t nftcache .
docker run -d \
-p 8090:8090 \
-v $(pwd)/data:/data \
-v $(pwd)/config:/config:ro \
-e NFTCACHE_API_KEY=your-key \
-e NFTCACHE_TTL=24h \
-e BASE_RPC_URL=https://base.llamarpc.com \
-e NFTCACHE_CONFIG=/config/contracts.yaml \
nftcache
```
### Binary
```bash
cd nftcache
go build -o nftcache ./cmd/nftcache
./nftcache
```
---
## Schedy Standalone Deployment
### Docker
```bash
cd mortgagefi-frontend/submodules/schedy
docker build -t schedy .
docker run -d \
-p 8080:8080 \
-v $(pwd)/data:/data \
-e SCHEDY_API_KEY=your-key \
schedy
```
### Binary
```bash
cd mortgagefi-frontend/submodules/schedy
go build -o schedy ./cmd/schedy
./schedy -port 8080
```
---
## Production Checklist
- [ ] Change all default API keys to cryptographically random values
- [ ] Configure HTTPS (use a reverse proxy like Traefik or Cloudflare)
- [ ] Set `CORS_ALLOW_ORIGIN` to your exact frontend domain (not `*`)
- [ ] Enable mainnet only if explicitly required (`NEXT_PUBLIC_ENABLE_MAINNET=true`)
- [ ] Configure reliable RPC endpoints (avoid public endpoints for high traffic)
- [ ] Set up log aggregation and monitoring
- [ ] Back up BadgerDB data directories (`data/nftcache`, `data/schedy`, `data/ntfy`)
- [ ] Configure ntfy SMTP with a proper transactional email service
- [ ] Test end-to-end notification flow before going live
> [!warning] Before going to production
> Never ship with default API keys or a wildcard (`*`) CORS origin, and confirm the end-to-end notification flow works before going live.
## Related
[[Home]], [[Architecture]], [[Development]], [[Migration Notes]]