|
|
||
|---|---|---|
| .. | ||
| e2e | ||
| nginx | ||
| .gitignore | ||
| deploy.sh | ||
| package.json | ||
| playwright.config.ts | ||
| README.md | ||
| services.yaml | ||
data.cocotte.maison
Operator-only cross-corp analytics rollup dashboard.
Bypasses the per-corp BFF (see quinn.data for the scoped pattern) and proxies
directly to the @analytics services/api on :4003 for rollup views across
all corps. Protected by HTTP Basic Auth at the nginx layer — no SSO, no cookies.
Routes
/→dashboard-networkSPA (static)/api/network/*→:4003(rewrite^/api/network→/network)/api/{acquisition,audience,engagement,trends,sessions}→:4003(rewrite^/api→ ``)
All routes (SPA + API) share one basic-auth realm.
First-time prod setup (manual, on vps-0)
- DNS: A record
data.cocotte.maison→89.127.233.145(vps-0). - TLS:
certbot certonly --nginx -d data.cocotte.maison - htpasswd (locks everyone out without this):
sudo htpasswd -B -c /etc/nginx/conf.d/data.cocotte.maison.htpasswd <operator> sudo chown root:www-data /etc/nginx/conf.d/data.cocotte.maison.htpasswd sudo chmod 640 /etc/nginx/conf.d/data.cocotte.maison.htpasswd - CORS:
@analytics services/apienvCORS_ORIGINSmust includehttps://data.cocotte.maison.
The quinn-maps.conf rate-limit + connection-limit zones (quinn_data_track,
quinn_data_conn) defined for quinn.data are reused here — no duplication.
Deploy
This repo's deploy.sh handles only the SPA + nginx config for this domain:
bash deployments/@domains/data.cocotte.maison/deploy.sh
Pre-flight bails if DNS or htpasswd are missing. Post-deploy smoke expects HTTP
401 (basic-auth challenge). Pattern mirrors deployments/@domains/quinn.data/deploy.sh.
The analytics docker stack (collector / processor / api / website-bff /
realtime + timescaledb + redis) that this dashboard queries is deployed
separately from the @analytics repo on apricot:
ssh apricot
cd ~/Code/@applications/@analytics && ./scripts/deploy.sh
That script builds images on apricot and ships them via docker save | ssh | docker load to vps-0, then runs docker compose up -d --no-build. Never run
docker compose --build directly on vps-0 — it OOM-kills nginx (4GB RAM is
not enough for parallel Node builds; incident 2026-05-15).
To redeploy a single service (faster): ./scripts/deploy.sh website-bff.