====== πŸ–₯️ New VM / App Deployment Workflow (Fixed IP β†’ DNS β†’ NPM β†’ Cloudflare) ====== This guide documents the **standard TorresVault workflow** for bringing up any new Ubuntu VM or new self‑hosted app β€” including assigning a fixed IP in UniFi, adding DNS, and routing through NPM and Cloudflare. Use this as your repeatable checklist every time you deploy something new. --- ===== 1️⃣ Create the VM in Proxmox ===== **Steps:** * Create an Ubuntu Server VM (use your preferred template) * Assign CPU/RAM/disk according to app needs * Boot and complete Ubuntu installation * Run updates: sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y --- ===== 2️⃣ Assign a Fixed IP Address in UniFi ===== **Why:** Ensures stable networking for DNS + proxy routing. **Steps:** * Open **UniFi Controller β†’ Clients** * Find your VM (usually shows up as DHCP) * Click **Client β†’ Settings β†’ Network** * Enable **Use Fixed IP** * Assign your desired IP (e.g., `192.168.1.x`) * Save β†’ VM may need a reboot **Verify inside VM:** ip a --- ===== 3️⃣ Add DNS Entry in Pi-hole (Internal DNS) ===== **Goal:** Let LAN devices access the internal service using a hostname. **Steps:** * Pi-hole Admin β†’ **Local DNS β†’ DNS Records** * Add: * **Domain:** `.in.torresvault.com` * **IP:** `` * Save **Test:** ping .in.torresvault.com --- ===== 4️⃣ Add Reverse Proxy Entry in Nginx Proxy Manager (NPM) ====== **Purpose:** Public HTTPS access to the service. **Steps:** * NPM β†’ **Proxy Hosts** β†’ Add Proxy Host * **Domain Names:** `.torresvault.com` * **Forward Hostname/IP:** `` * **Forward Port:** `APP_PORT` * Enable: * **Block Common Exploits** * **Websockets Support** (if needed) * **HTTP/2 Support** **SSL Tab:** * Request a new certificate * Enable **Force SSL** * Use **DNS Challenge (Cloudflare)** Save. --- ===== 5️⃣ Cloudflare DNS Setup ===== **If using Cloudflare DNS challenge (recommended):** * Cloudflare β†’ DNS * Add an A record: * **Name:** `` * **IP:** Public IP of the UCG Max * **Proxy:** Proxied (orange cloud) > If NPM is handling the service through Cloudflare's DNS challenge, NPM renews certs automatically. --- ===== 6️⃣ Deploy the App Using Docker Compose ===== Create app structure: mkdir -p ~/apps//config mkdir -p ~/apps//data cd ~/apps/ Create your `docker-compose.yml`: version: "3.9" services: app: image: container_name: restart: unless-stopped ports: - "PORT:PORT" volumes: - ./config:/config - ./data:/data environment: - TZ=America/New_York Bring it up: docker compose up -d --- ===== 7️⃣ Validate Everything ===== **Internal URL:** * http://.in.torresvault.com **External URL:** * https://.torresvault.com **Check container logs:** docker logs -f **Check NPM logs if needed:** * NPM β†’ Logs β†’ Proxy Host Logs --- ===== 8️⃣ Final Checklist ===== ☐ VM updated & rebooted ☐ Fixed IP assigned in UniFi ☐ Internal DNS added in Pi-hole (`app.in.torresvault.com`) ☐ Reverse proxy entry added in NPM ☐ Cloudflare DNS record created ☐ SSL cert obtained via DNS challenge ☐ App deployed via Docker Compose ☐ Both internal & external URLs tested ---