fix(deploy): copy all static files, add CORS handling, add backend setup docs

- deploy.sh now copies manifest.json, sw.js, system-prompt.txt - deploy.sh sets proper ownership/permissions on /var/www/the-door - nginx.conf adds CORS headers for alexanderwhitestone.com origins - nginx.conf handles OPTIONS preflight requests - deploy.sh injects CORS map into nginx.conf - Add BACKEND_SETUP.md with Hermes gateway config instructions Addresses the-door#3 (frontend completeness) and the-door#4 (backend/API wiring)
2026-04-05 14:10:19 +00:00
parent 80578ddcb3
commit 2425d631f2
3 changed files with 88 additions and 1 deletions
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -25,14 +25,22 @@ apt-get install -y nginx certbot python3-certbot-nginx
 echo "Deploying static files..."
 mkdir -p /var/www/the-door
 cp index.html /var/www/the-door/
+cp manifest.json /var/www/the-door/
+cp sw.js /var/www/the-door/
+cp system-prompt.txt /var/www/the-door/
+chown -R www-data:www-data /var/www/the-door
+chmod -R 755 /var/www/the-door

 # 4. nginx config
 cp deploy/nginx.conf /etc/nginx/sites-available/the-door

-# Add rate limit zone to nginx.conf if not present
+# Add rate limit zone and CORS map to nginx.conf if not present
 if ! grep -q "limit_req_zone.*api" /etc/nginx/nginx.conf; then
    sed -i '/http {/a \    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/m;' /etc/nginx/nginx.conf
 fi
+if ! grep -q "map.*cors_origin" /etc/nginx/nginx.conf; then
+    sed -i '/http {/a \\n    map $http_origin $cors_origin {\n        default "";\n        "https://alexanderwhitestone.com" "https://alexanderwhitestone.com";\n        "https://www.alexanderwhitestone.com" "https://www.alexanderwhitestone.com";\n    }\n' /etc/nginx/nginx.conf
+fi

 ln -sf /etc/nginx/sites-available/the-door /etc/nginx/sites-enabled/
 rm -f /etc/nginx/sites-enabled/default
--- a/deploy/nginx.conf
+++ b/deploy/nginx.conf
@@ -36,6 +36,20 @@ server {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

+        # CORS — allow alexanderwhitestone.com origins
+        add_header Access-Control-Allow-Origin $cors_origin always;
+        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
+
+        # Handle OPTIONS preflight
+        if ($request_method = OPTIONS) {
+            add_header Access-Control-Allow-Origin $cors_origin always;
+            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
+            add_header Access-Control-Max-Age 86400 always;
+            return 204;
+        }
+
        # SSE streaming support
        proxy_set_header Connection '';
        proxy_buffering off;