Deployment¶
Server Infrastructure¶
| Server | IP | Port | User | Purpose |
|---|---|---|---|---|
| PRD | 46.225.189.32 | 2222 | mduops | Production |
| DEV | 159.69.216.125 | 22 | root | Development + mail |
Both hosted on Hetzner. DNS managed via Hetzner DNS.
CI/CD Pipelines¶
3dplim (Next.js)¶
Workflow: GitHub Actions in pLim-Inc/3dplim
Deploy: Docker build + push to PRD via SSH
mdu-api (Express)¶
Workflow: deploy-mdu-api.yml in 3dplim repo (uses 3dplim's DEPLOY_SSH_KEY)
Note
The mdu-api repo uses org secret HETZNER_SSH_PRIVATE_KEY which does NOT have PRD access. Deployments are triggered from the 3dplim repo.
miniature-forge (Vite/React)¶
Deploy: SCP static files to /opt/miniature-forge/
agenthub-mdu (Vite/React)¶
Deploy: SCP static files to /opt/agenthub-mdu/dist/
earl-adopt-dream¶
Deploy: GitHub Actions rsync to /opt/earl-adopt-dream/dist/
Secret needed: SSH_PRIVATE_KEY in GitHub repo
stl-pipeline (FastAPI)¶
Deploy: Manual SSH + Docker
Docker Compose¶
Main compose file: /opt/3dplim/docker-compose.yml
Core Services¶
| Service | Image | Port |
|---|---|---|
app |
3dplim | 3000 |
postgres |
pgvector/pgvector:pg16 | 5432 |
redis |
redis:alpine | 6379 |
minio |
minio/minio | 9000/9001 |
blender-worker |
custom | - |
meilisearch |
meilisearch | 7700 |
Standalone Containers¶
| Container | Compose File | Port |
|---|---|---|
mdu-stl-pipeline |
/opt/stl-pipeline/docker-compose.yml |
8090 |
mdu-langflow |
/opt/langflow/docker-compose.yml |
7860 |
mdu-base-builder |
/opt/base-builder/docker-compose.yml |
- |
mdu-trimesh-mcp |
/opt/trimesh-mcp/docker-compose.yml |
- |
Systemd Services¶
| Service | Description | Command |
|---|---|---|
mdu-api.service |
Express backend | node app.js (port 3001) |
ollama.service |
Local LLM | ollama serve (port 11434) |
# Manage services
sudo systemctl restart mdu-api
sudo systemctl status mdu-api
sudo journalctl -u mdu-api -f
Nginx Configuration¶
Virtual Hosts (PRD)¶
| Config | Domain | Backend |
|---|---|---|
minidreamuniverse.conf |
minidreamuniverse.com | Next.js (3000) + mdu-api (3001) |
app.minidreamuniverse.conf |
app.minidreamuniverse.com | Static /opt/miniature-forge/ |
admin.minidreamuniverse.conf |
admin.minidreamuniverse.com | Static /opt/agenthub-mdu/dist/ |
early-adopt |
early-adopt.minidreamuniverse.com | Static /opt/earl-adopt-dream/dist/ |
docs.minidreamuniverse.conf |
docs.minidreamuniverse.com | Static /opt/mdu-docs/site/ |
Shared Configs¶
| File | Purpose |
|---|---|
/etc/nginx/conf.d/mdu-rate-limiting.conf |
Rate limit zones |
/etc/nginx/conf.d/earl-adopt-shared.conf |
CORS origin map (12 domains) |
/etc/nginx/conf.d/mdu-security-hardening.conf |
Security headers |
/etc/nginx/snippets/security-headers.conf |
Reusable header snippet |
SSL Certificates¶
All certificates managed by Certbot (Let's Encrypt):
| Domain | Path | Auto-Renew |
|---|---|---|
| minidreamuniverse.com + www | /etc/letsencrypt/live/minidreamuniverse.com/ |
Yes |
| app.minidreamuniverse.com | /etc/letsencrypt/live/app.minidreamuniverse.com/ |
Yes |
| admin.minidreamuniverse.com | /etc/letsencrypt/live/admin.minidreamuniverse.com/ |
Yes |
| early-adopt.minidreamuniverse.com | /etc/letsencrypt/live/early-adopt.minidreamuniverse.com/ |
Yes |
| docs.minidreamuniverse.com | /etc/letsencrypt/live/docs.minidreamuniverse.com/ |
Yes |
Maintenance¶
Weekly Cleanup¶
Cron job runs every Tuesday at 23:50:
Monitoring¶
GET /api/health-check— Service health (DB, Stripe, secrets)GET /api/stl/health— STL pipeline health- Log Analyzer agent monitors Docker logs every 5 minutes
Common Operations¶
# Restart mdu-api
sudo systemctl restart mdu-api
# Restart STL pipeline
cd /opt/stl-pipeline && docker compose restart
# Restart Langflow
cd /opt/langflow && docker compose restart
# View mdu-api logs
sudo journalctl -u mdu-api -f
# View Docker container logs
docker logs -f mdu-stl-pipeline --tail 100
# Rebuild docs
cd /opt/mdu-docs && source venv/bin/activate && mkdocs build --clean
Email (Resend SMTP)¶
| Setting | Value |
|---|---|
| Host | smtp.resend.com |
| Port | 587 |
| From | noreply@minidreamuniverse.com |
| Admin copy | admin@minidreamuniverse.com |
SPF, DKIM, and DMARC configured for minidreamuniverse.com.