deploy/deploy.sh

#!/bin/bash
# Deploy The Door to VPS
# Run on VPS as root: bash deploy.sh

set -e

echo "=== The Door — Deployment ==="

# 1. Swap
if ! swapon --show | grep -q swap; then
    echo "Adding 2GB swap..."
    fallocate -l 2G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo '/swapfile none swap sw 0 0' >> /etc/fstab
fi

# 2. Install nginx + certbot
echo "Installing nginx and certbot..."
apt-get update -qq
apt-get install -y nginx certbot python3-certbot-nginx

# 3. Copy site files
echo "Deploying static files..."
mkdir -p /var/www/the-door
cp index.html /var/www/the-door/
cp manifest.json /var/www/the-door/
cp sw.js /var/www/the-door/
cp system-prompt.txt /var/www/the-door/
chown -R www-data:www-data /var/www/the-door
chmod -R 755 /var/www/the-door

# 4. nginx config
cp deploy/nginx.conf /etc/nginx/sites-available/the-door

# Add rate limit zone and CORS map to nginx.conf if not present
if ! grep -q "limit_req_zone.*api" /etc/nginx/nginx.conf; then
    sed -i '/http {/a \    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/m;' /etc/nginx/nginx.conf
fi
if ! grep -q "map.*cors_origin" /etc/nginx/nginx.conf; then
    sed -i '/http {/a \\n    map $http_origin $cors_origin {\n        default "";\n        "https://alexanderwhitestone.com" "https://alexanderwhitestone.com";\n        "https://www.alexanderwhitestone.com" "https://www.alexanderwhitestone.com";\n    }\n' /etc/nginx/nginx.conf
fi

ln -sf /etc/nginx/sites-available/the-door /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx

# 5. SSL (requires DNS to be pointed first)
echo ""
echo "=== DNS CHECK ==="
echo "Point alexanderwhitestone.com A record to $(curl -s ifconfig.me)"
echo "Then run: certbot --nginx -d alexanderwhitestone.com -d www.alexanderwhitestone.com"
echo ""

# 6. Firewall
echo "Configuring firewall..."
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

echo ""
echo "=== Deployment complete ==="
echo "Static site: /var/www/the-door/"
echo "nginx config: /etc/nginx/sites-available/the-door"
echo "Next: point DNS, then run certbot"
The Door: crisis front door for broken men Single-file HTML frontend (<25KB), crisis system prompt, nginx config, deployment script. Closes #1 #2 #3 #4 #5 2026-03-30 12:46:11 -04:00			`#!/bin/bash`
			`# Deploy The Door to VPS`
			`# Run on VPS as root: bash deploy.sh`

			`set -e`

			`echo "=== The Door — Deployment ==="`

			`# 1. Swap`
			`if ! swapon --show \| grep -q swap; then`
			`echo "Adding 2GB swap..."`
			`fallocate -l 2G /swapfile`
			`chmod 600 /swapfile`
			`mkswap /swapfile`
			`swapon /swapfile`
			`echo '/swapfile none swap sw 0 0' >> /etc/fstab`
			`fi`

			`# 2. Install nginx + certbot`
			`echo "Installing nginx and certbot..."`
			`apt-get update -qq`
			`apt-get install -y nginx certbot python3-certbot-nginx`

			`# 3. Copy site files`
			`echo "Deploying static files..."`
			`mkdir -p /var/www/the-door`
			`cp index.html /var/www/the-door/`
fix(deploy): copy all static files, add CORS handling, add backend setup docs - deploy.sh now copies manifest.json, sw.js, system-prompt.txt - deploy.sh sets proper ownership/permissions on /var/www/the-door - nginx.conf adds CORS headers for alexanderwhitestone.com origins - nginx.conf handles OPTIONS preflight requests - deploy.sh injects CORS map into nginx.conf - Add BACKEND_SETUP.md with Hermes gateway config instructions Addresses the-door#3 (frontend completeness) and the-door#4 (backend/API wiring) 2026-04-05 14:10:19 +00:00			`cp manifest.json /var/www/the-door/`
			`cp sw.js /var/www/the-door/`
			`cp system-prompt.txt /var/www/the-door/`
			`chown -R www-data:www-data /var/www/the-door`
			`chmod -R 755 /var/www/the-door`
The Door: crisis front door for broken men Single-file HTML frontend (<25KB), crisis system prompt, nginx config, deployment script. Closes #1 #2 #3 #4 #5 2026-03-30 12:46:11 -04:00
			`# 4. nginx config`
			`cp deploy/nginx.conf /etc/nginx/sites-available/the-door`

fix(deploy): copy all static files, add CORS handling, add backend setup docs - deploy.sh now copies manifest.json, sw.js, system-prompt.txt - deploy.sh sets proper ownership/permissions on /var/www/the-door - nginx.conf adds CORS headers for alexanderwhitestone.com origins - nginx.conf handles OPTIONS preflight requests - deploy.sh injects CORS map into nginx.conf - Add BACKEND_SETUP.md with Hermes gateway config instructions Addresses the-door#3 (frontend completeness) and the-door#4 (backend/API wiring) 2026-04-05 14:10:19 +00:00			`# Add rate limit zone and CORS map to nginx.conf if not present`
The Door: crisis front door for broken men Single-file HTML frontend (<25KB), crisis system prompt, nginx config, deployment script. Closes #1 #2 #3 #4 #5 2026-03-30 12:46:11 -04:00			`if ! grep -q "limit_req_zone.*api" /etc/nginx/nginx.conf; then`
			`sed -i '/http {/a \ limit_req_zone $binary_remote_addr zone=api:10m rate=10r/m;' /etc/nginx/nginx.conf`
			`fi`
fix(deploy): copy all static files, add CORS handling, add backend setup docs - deploy.sh now copies manifest.json, sw.js, system-prompt.txt - deploy.sh sets proper ownership/permissions on /var/www/the-door - nginx.conf adds CORS headers for alexanderwhitestone.com origins - nginx.conf handles OPTIONS preflight requests - deploy.sh injects CORS map into nginx.conf - Add BACKEND_SETUP.md with Hermes gateway config instructions Addresses the-door#3 (frontend completeness) and the-door#4 (backend/API wiring) 2026-04-05 14:10:19 +00:00			`if ! grep -q "map.*cors_origin" /etc/nginx/nginx.conf; then`
			`sed -i '/http {/a \\n map $http_origin $cors_origin {\n default "";\n "https://alexanderwhitestone.com" "https://alexanderwhitestone.com";\n "https://www.alexanderwhitestone.com" "https://www.alexanderwhitestone.com";\n }\n' /etc/nginx/nginx.conf`
			`fi`
The Door: crisis front door for broken men Single-file HTML frontend (<25KB), crisis system prompt, nginx config, deployment script. Closes #1 #2 #3 #4 #5 2026-03-30 12:46:11 -04:00
			`ln -sf /etc/nginx/sites-available/the-door /etc/nginx/sites-enabled/`
			`rm -f /etc/nginx/sites-enabled/default`
			`nginx -t && systemctl reload nginx`

			`# 5. SSL (requires DNS to be pointed first)`
			`echo ""`
			`echo "=== DNS CHECK ==="`
			`echo "Point alexanderwhitestone.com A record to $(curl -s ifconfig.me)"`
			`echo "Then run: certbot --nginx -d alexanderwhitestone.com -d www.alexanderwhitestone.com"`
			`echo ""`

			`# 6. Firewall`
			`echo "Configuring firewall..."`
			`ufw allow 22/tcp`
			`ufw allow 80/tcp`
			`ufw allow 443/tcp`
			`ufw --force enable`

			`echo ""`
			`echo "=== Deployment complete ==="`
			`echo "Static site: /var/www/the-door/"`
			`echo "nginx config: /etc/nginx/sites-available/the-door"`
			`echo "Next: point DNS, then run certbot"`