Table of Contents
π₯οΈ New VM / App Deployment Workflow (Fixed IP β DNS β NPM β Cloudflare)
This guide documents the standard TorresVault workflow for bringing up any new Ubuntu VM or new selfβhosted app β including assigning a fixed IP in UniFi, adding DNS, and routing through NPM and Cloudflare.
Use this as your repeatable checklist every time you deploy something new.
β
1οΈβ£ Create the VM in Proxmox
Steps:
* Create an Ubuntu Server VM (use your preferred template) * Assign CPU/RAM/disk according to app needs * Boot and complete Ubuntu installation * Run updates:
sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y
β
2οΈβ£ Assign a Fixed IP Address in UniFi
Why: Ensures stable networking for DNS + proxy routing.
Steps:
* Open UniFi Controller β Clients * Find your VM (usually shows up as DHCP) * Click Client β Settings β Network * Enable Use Fixed IP * Assign your desired IP (e.g., `192.168.1.x`) * Save β VM may need a reboot
Verify inside VM:
ip a
β
3οΈβ£ Add DNS Entry in Pi-hole (Internal DNS)
Goal: Let LAN devices access the internal service using a hostname.
Steps:
* Pi-hole Admin β Local DNS β DNS Records * Add:
- Domain: `<app>.in.torresvault.com`
- IP: `<VM Fixed IP>`
* Save
Test:
ping <app>.in.torresvault.com
β
4οΈβ£ Add Reverse Proxy Entry in Nginx Proxy Manager (NPM)
Purpose: Public HTTPS access to the service.
Steps:
* NPM β Proxy Hosts β Add Proxy Host * Domain Names: `<app>.torresvault.com` * Forward Hostname/IP: `<VM Fixed IP>` * Forward Port: `APP_PORT` * Enable:
- Block Common Exploits
- Websockets Support (if needed)
- HTTP/2 Support
SSL Tab:
* Request a new certificate * Enable Force SSL * Use DNS Challenge (Cloudflare)
Save.
β
5οΈβ£ Cloudflare DNS Setup
If using Cloudflare DNS challenge (recommended):
* Cloudflare β DNS * Add an A record:
- Name: `<app>`
- IP: Public IP of the UCG Max
- Proxy: Proxied (orange cloud)
If NPM is handling the service through Cloudflare's DNS challenge, NPM renews certs automatically.
β
6οΈβ£ Deploy the App Using Docker Compose
Create app structure:
mkdir -p ~/apps/<app>/config mkdir -p ~/apps/<app>/data cd ~/apps/<app>
Create your `docker-compose.yml`:
version: "3.9" services: app: image: <image> container_name: <app_name> restart: unless-stopped ports: - "PORT:PORT" volumes: - ./config:/config - ./data:/data environment: - TZ=America/New_York
Bring it up:
docker compose up -d
β
7οΈβ£ Validate Everything
Internal URL:
* http:<app>.in.torresvault.com External URL: * https:<app>.torresvault.com
Check container logs:
docker logs -f <app_name>
Check NPM logs if needed:
* NPM β Logs β Proxy Host Logs
β
8οΈβ£ Final Checklist
β VM updated & rebooted
β Fixed IP assigned in UniFi
β Internal DNS added in Pi-hole (`app.in.torresvault.com`)
β Reverse proxy entry added in NPM
β Cloudflare DNS record created
β SSL cert obtained via DNS challenge
β App deployed via Docker Compose
β Both internal & external URLs tested
β