lilith-platform.live/deployments/@domains/data.cocotte.maison
2026-05-16 19:26:06 -07:00
..
e2e deploy(deployments-specific): 🚀 Standardize and optimize deployment configurations, scripts, and services across multiple domains 2026-05-16 19:26:06 -07:00
nginx chore(api): 🔧 Update API contract, backend logic, frontend UX, infrastructure, and localization across system-wide components 2026-05-16 04:42:58 -07:00
.gitignore chore(event-scrapers): 🔧 Update TypeScript config, environment variables, and Git ignore rules for event-scrapers 2026-05-16 19:26:05 -07:00
deploy.sh
package.json deps-upgrade(dependencies): ⬆️ Upgrade dependencies in api, event-scrapers, and data.cocotte.maison domains to latest or pinned versions 2026-05-16 19:26:05 -07:00
playwright.config.ts deploy(deployments-specific): 🚀 Standardize and optimize deployment configurations, scripts, and services across multiple domains 2026-05-16 19:26:06 -07:00
README.md deploy(mail-autoresponder): 🚀 Update systemd service file and deployment script for mail autoresponder with environment setup and service management logic 2026-05-16 17:00:50 -07:00
services.yaml deploy(nginx): 🚀 Update production Nginx server blocks, SSL configurations, and Kubernetes service endpoints for domain data.cocotte.maison 2026-05-15 23:59:57 -07:00

data.cocotte.maison

Operator-only cross-corp analytics rollup dashboard.

Bypasses the per-corp BFF (see quinn.data for the scoped pattern) and proxies directly to the @analytics services/api on :4003 for rollup views across all corps. Protected by HTTP Basic Auth at the nginx layer — no SSO, no cookies.

Routes

  • /dashboard-network SPA (static)
  • /api/network/*:4003 (rewrite ^/api/network/network)
  • /api/{acquisition,audience,engagement,trends,sessions}:4003 (rewrite ^/api → ``)

All routes (SPA + API) share one basic-auth realm.

First-time prod setup (manual, on vps-0)

  1. DNS: A record data.cocotte.maison89.127.233.145 (vps-0).
  2. TLS: certbot certonly --nginx -d data.cocotte.maison
  3. htpasswd (locks everyone out without this):
    sudo htpasswd -B -c /etc/nginx/conf.d/data.cocotte.maison.htpasswd <operator>
    sudo chown root:www-data /etc/nginx/conf.d/data.cocotte.maison.htpasswd
    sudo chmod 640 /etc/nginx/conf.d/data.cocotte.maison.htpasswd
    
  4. CORS: @analytics services/api env CORS_ORIGINS must include https://data.cocotte.maison.

The quinn-maps.conf rate-limit + connection-limit zones (quinn_data_track, quinn_data_conn) defined for quinn.data are reused here — no duplication.

Deploy

This repo's deploy.sh handles only the SPA + nginx config for this domain:

bash deployments/@domains/data.cocotte.maison/deploy.sh

Pre-flight bails if DNS or htpasswd are missing. Post-deploy smoke expects HTTP 401 (basic-auth challenge). Pattern mirrors deployments/@domains/quinn.data/deploy.sh.

The analytics docker stack (collector / processor / api / website-bff / realtime + timescaledb + redis) that this dashboard queries is deployed separately from the @analytics repo on apricot:

ssh apricot
cd ~/Code/@applications/@analytics && ./scripts/deploy.sh

That script builds images on apricot and ships them via docker save | ssh | docker load to vps-0, then runs docker compose up -d --no-build. Never run docker compose --build directly on vps-0 — it OOM-kills nginx (4GB RAM is not enough for parallel Node builds; incident 2026-05-15).

To redeploy a single service (faster): ./scripts/deploy.sh website-bff.