Sanitized mirror from private repository - 2026-04-18 11:19:59 UTC

2026-04-18 11:19:59 +00:00
commit fb00a325d1
1418 changed files with 359990 additions and 0 deletions
--- a/docs/services/fluxer-deployment.md
+++ b/docs/services/fluxer-deployment.md
@@ -0,0 +1,159 @@
+# Fluxer Chat Server Deployment
+
+## Overview
+Fluxer is an open-source, independent instant messaging and VoIP platform deployed on st.vish.gg, replacing the previous Stoat Chat installation.
+
+## Deployment Details
+
+### Domain Configuration
+- **Primary Domain**: st.vish.gg
+- **DNS Provider**: Cloudflare (DNS-only, A record to Seattle VM YOUR_WAN_IP)
+- **SSL/TLS**: Wildcard Let's Encrypt certificate (`*.st.vish.gg` + `st.vish.gg`)
+- **Reverse Proxy**: nginx on the host, proxying to Docker containers
+
+### Architecture
+Fluxer uses a unified server architecture (`fluxer-server`) that bundles all backend services into a single deployable container.
+
+#### Core Services (bundled in fluxer_server)
+- **app**: Frontend web application
+- **api**: REST API backend
+- **gateway**: WebSocket gateway for real-time communication
+- **admin**: Administrative panel
+- **media_proxy**: Media processing and proxying
+- **s3**: Built-in S3-compatible object storage
+
+#### Supporting Services
+- **valkey**: Cache and session storage (Redis-compatible)
+- **meilisearch**: Full-text search engine (optional, `search` profile)
+- **elasticsearch**: Alternative search backend (optional, `search` profile)
+- **livekit**: Voice and video calling infrastructure (optional, `voice` profile)
+- **nats-core**: Message broker
+- **nats-jetstream**: Persistent message streaming
+
+### Docker Compose Configuration
+The deployment uses two compose files:
+- **`/root/fluxer/compose.yaml`**: Base service definitions
+- **`/root/fluxer/compose.override.yaml`**: Local overrides (build from source, port binding to 127.0.0.1:8088)
+
+### Nginx Configuration
+The nginx reverse proxy is configured at `/etc/nginx/sites-available/fluxer` (symlinked to sites-enabled) and routes:
+
+| Domain | Upstream |
+|--------|----------|
+| `st.vish.gg` | `http://127.0.0.1:8088` (main app + all routes) |
+| `api.st.vish.gg` | `http://127.0.0.1:8088/api/` |
+| `events.st.vish.gg` | `http://127.0.0.1:8088/gateway/` (WebSocket) |
+| `files.st.vish.gg` | `http://127.0.0.1:8088/media/` |
+| `proxy.st.vish.gg` | `http://127.0.0.1:8088/s3/` |
+| `voice.st.vish.gg` | `http://127.0.0.1:8088/livekit/` |
+
+SSL certificates are at `/etc/nginx/ssl/st.vish.gg.{crt,key}`.
+
+### Current Status
+
+**DEPLOYED AND RUNNING** on st.vish.gg (Seattle VM)
+
+#### Service Health (as of April 2026)
+```
+CONTAINER         STATUS            PORT
+fluxer_server     Up (healthy)      127.0.0.1:8088->8080/tcp
+valkey            Up (healthy)      6379/tcp (internal)
+livekit           Up (healthy)      7880-7881/tcp, 50000-50100/udp
+nats-core         Up                4222/tcp (internal)
+nats-jetstream    Up                4223/tcp (internal)
+meilisearch       Up (healthy)      7700/tcp
+elasticsearch     Up (healthy)      9200/tcp
+```
+
+#### Health Check
+```bash
+# Internal health check
+curl -fsS http://127.0.0.1:8088/_health
+
+# Returns JSON with status of: kv, s3, jetstream, mediaProxy, admin, api, app
+```
+
+## Maintenance
+
+### Container Management
+```bash
+cd /root/fluxer
+
+# View logs
+MEILI_MASTER_KEY=<key> docker compose logs -f fluxer_server
+
+# Restart services
+MEILI_MASTER_KEY=<key> docker compose restart fluxer_server
+
+# Rebuild from source and redeploy
+MEILI_MASTER_KEY=<key> docker compose build --no-cache fluxer_server
+MEILI_MASTER_KEY=<key> docker compose up -d fluxer_server
+```
+
+Note: `MEILI_MASTER_KEY` must be set (or use a `.env` file) because `compose.yaml` requires it, even if the meilisearch service is not started.
+
+### Updating
+```bash
+cd /root/fluxer
+git fetch --all
+git pull origin refactor   # Currently tracking the 'refactor' branch
+
+# Rebuild and redeploy
+MEILI_MASTER_KEY=<key> docker compose build --no-cache fluxer_server
+MEILI_MASTER_KEY=<key> docker compose up -d fluxer_server
+```
+
+### Nginx Management
+```bash
+# Test configuration
+nginx -t
+
+# Reload after config changes
+systemctl reload nginx
+
+# View active sites
+ls -la /etc/nginx/sites-enabled/
+```
+
+### SSL Certificate Renewal
+The wildcard cert covers all `*.st.vish.gg` subdomains. Renew with:
+```bash
+sudo certbot certonly \
+  --dns-cloudflare \
+  --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
+  -d st.vish.gg \
+  -d "*.st.vish.gg"
+```
+
+Current certificate expires: May 16, 2026.
+
+## Configuration
+
+### Fluxer Config
+- **Application config**: `/root/fluxer/config/config.json`
+- **Environment overrides**: `/root/fluxer/dev/.env`
+- **Base domain**: `st.vish.gg`
+- **Database**: SQLite at `/usr/src/app/data/db/fluxer.db` (inside container volume `fluxer_data`)
+- **Cache**: Valkey (Redis-compatible) at `redis://valkey:6379/0`
+
+### Repository
+- **Source**: https://github.com/fluxerapp/fluxer
+- **Branch**: `refactor` (85 commits ahead of `main` as of April 2026)
+- **Local clone**: `/root/fluxer`
+
+## Security Notes
+- All services run in isolated Docker containers
+- nginx handles SSL termination on the host
+- fluxer_server binds only to `127.0.0.1:8088` (not exposed publicly)
+- Internal services (valkey, nats) are not exposed to the host network
+
+## Changelog
+
+- **April 7, 2026**: Removed stale nextcloud nginx config that was interfering with routing. Rebuilt fluxer_server from latest source on `refactor` branch.
+- **March 21, 2026**: Migrated from dev multi-container architecture to unified `fluxer-server:stable` image with compose.override.yaml for local builds.
+- **February 15, 2026**: Initial deployment, replacing Stoat Chat.
+
+---
+
+**Last Updated**: April 7, 2026
+**Status**: Production Running