[IMPLEMENT] Deploy upaas to mission.solio.tech in separate Docker container #1

New Issue

Open

opened 2026-03-24 13:19:37 +01:00 by sol · 1 comment

sol commented 2026-03-24 13:19:37 +01:00

Owner

Copy Link

Goal

Deploy the upaas µPaaS application to mission.solio.tech running in its own dedicated Docker container.

Specification

Container Setup

• Port: 3457 (internal, 127.0.0.1:3457 only — not public)
• Image: Build from sol/upaas repo (Dockerfile exists at repo root)
• Data: Persist SQLite DB + SSH keys at /root/upaas-data on host → /var/lib/upaas in container
• Docker socket: Mount /var/run/docker.sock so upaas can build/deploy containers
• Restart policy: unless-stopped
• Environment:
  • UPAAS_HOST_DATA_DIR=/root/upaas-data (required — tells upaas where host data lives)
  • UPAAS_LISTEN_ADDR=0.0.0.0:8080 (internal listen, mapped to 3457)
• Compose file: /root/upaas/docker-compose.yml

Nginx Config

• Domain: mission.solio.tech
• SSL: certbot --nginx (Let's Encrypt) — cert does NOT exist yet, create fresh
• Upstream: http://127.0.0.1:3457
• Config location: /etc/nginx/sites-available/mission.solio.tech + symlink to sites-enabled
• WebSocket support: yes (upaas may use SSE/WS for build logs)
• Max body size: 50M (for large image pushes)
• Config template: model after /etc/nginx/sites-available/mattermost-slack.solio.tech (simple proxy, no hooks section)

Build Strategy

Since there's no docker CLI in the sandbox, use Docker socket HTTP API to:

1. Clone/pull the sol/upaas repo to /root/upaas/ on host (via privileged alpine container)
2. Build the Docker image via socket API (POST /build with tar context)
3. Start the container via compose or socket API

DNS

• DNS for mission.solio.tech must resolve to this server's IP before certbot runs
• Check current DNS: dig mission.solio.tech
• If not pointing here, instruct Rooh to add DNS record (A → server IP) and wait before certbot

Verification

• Container running: curl -sf --unix-socket /var/run/docker.sock 'http://localhost/containers/upaas/json'
• HTTP accessible: curl -sf http://127.0.0.1:3457/ → returns 200 or redirect to login
• HTTPS accessible: curl -sf https://mission.solio.tech/ → returns 200

Implementation Phases

Phase 1: Repo clone + Docker image build

• Clone sol/upaas to host at /root/upaas/
• Build Docker image tagged upaas:local

Phase 2: Container setup

• Create /root/upaas/docker-compose.yml
• Create /root/upaas-data/ directory
• Start container via socket API
• Verify container is running and HTTP responds on 3457

Phase 3: Nginx + SSL

• Write nginx config to /etc/nginx/sites-available/mission.solio.tech
• Symlink to sites-enabled
• Check DNS for mission.solio.tech
• Run certbot for SSL (or provide DNS instructions if not yet pointing here)
• Reload nginx

Phase 4: Smoke test + report

• Verify https://mission.solio.tech/ loads
• Report admin setup instructions (upaas requires setting a password on first run via CLI or env var)
• Update PROJECTS_DB.md

Notes

• Port 3457 was previously used by sol/mission-control (shut down 2026-03-15) — confirmed free
• The upaas Dockerfile is multi-stage: lint → build → runtime (alpine). Build takes a few minutes.
• upaas needs Docker socket to function — this is intentional (it builds/deploys user apps)
• UPAAS_HOST_DATA_DIR must match the HOST path of the data volume (not container path)

## Goal Deploy the upaas µPaaS application to `mission.solio.tech` running in its own dedicated Docker container. ## Specification ### Container Setup - **Port:** 3457 (internal, `127.0.0.1:3457` only — not public) - **Image:** Build from `sol/upaas` repo (Dockerfile exists at repo root) - **Data:** Persist SQLite DB + SSH keys at `/root/upaas-data` on host → `/var/lib/upaas` in container - **Docker socket:** Mount `/var/run/docker.sock` so upaas can build/deploy containers - **Restart policy:** `unless-stopped` - **Environment:** - `UPAAS_HOST_DATA_DIR=/root/upaas-data` (required — tells upaas where host data lives) - `UPAAS_LISTEN_ADDR=0.0.0.0:8080` (internal listen, mapped to 3457) - **Compose file:** `/root/upaas/docker-compose.yml` ### Nginx Config - **Domain:** `mission.solio.tech` - **SSL:** certbot --nginx (Let's Encrypt) — cert does NOT exist yet, create fresh - **Upstream:** `http://127.0.0.1:3457` - **Config location:** `/etc/nginx/sites-available/mission.solio.tech` + symlink to sites-enabled - **WebSocket support:** yes (upaas may use SSE/WS for build logs) - **Max body size:** 50M (for large image pushes) - **Config template:** model after `/etc/nginx/sites-available/mattermost-slack.solio.tech` (simple proxy, no hooks section) ### Build Strategy Since there's no `docker` CLI in the sandbox, use Docker socket HTTP API to: 1. Clone/pull the `sol/upaas` repo to `/root/upaas/` on host (via privileged alpine container) 2. Build the Docker image via socket API (`POST /build` with tar context) 3. Start the container via compose or socket API ### DNS - DNS for `mission.solio.tech` must resolve to this server's IP before certbot runs - Check current DNS: `dig mission.solio.tech` - If not pointing here, instruct Rooh to add DNS record (A → server IP) and wait before certbot ### Verification - Container running: `curl -sf --unix-socket /var/run/docker.sock 'http://localhost/containers/upaas/json'` - HTTP accessible: `curl -sf http://127.0.0.1:3457/` → returns 200 or redirect to login - HTTPS accessible: `curl -sf https://mission.solio.tech/` → returns 200 ## Implementation Phases ### Phase 1: Repo clone + Docker image build - Clone `sol/upaas` to host at `/root/upaas/` - Build Docker image tagged `upaas:local` ### Phase 2: Container setup - Create `/root/upaas/docker-compose.yml` - Create `/root/upaas-data/` directory - Start container via socket API - Verify container is running and HTTP responds on 3457 ### Phase 3: Nginx + SSL - Write nginx config to `/etc/nginx/sites-available/mission.solio.tech` - Symlink to sites-enabled - Check DNS for mission.solio.tech - Run certbot for SSL (or provide DNS instructions if not yet pointing here) - Reload nginx ### Phase 4: Smoke test + report - Verify `https://mission.solio.tech/` loads - Report admin setup instructions (upaas requires setting a password on first run via CLI or env var) - Update PROJECTS_DB.md ## Notes - Port 3457 was previously used by sol/mission-control (shut down 2026-03-15) — confirmed free - The upaas Dockerfile is multi-stage: lint → build → runtime (alpine). Build takes a few minutes. - upaas needs Docker socket to function — this is intentional (it builds/deploys user apps) - `UPAAS_HOST_DATA_DIR` must match the HOST path of the data volume (not container path) <!-- xen-spawn-sig:690183f8e4da31309d9757e24a68e3475d05604e0cf183a52734e172bf3c3e7b:1774354777 -->

sol commented 2026-03-24 13:25:35 +01:00

Author

Owner

Copy Link

[DECOMPOSE -> PENDING_APPROVAL] Implementation plan ready for review.

Discovery Summary

• DNS: mission.solio.tech resolves to 5.189.143.184 (server IP) -- READY
• Port 3457: Free (confirmed)
• Host state: Clean slate -- no existing upaas directories or containers
• Nginx template: mattermost-slack.solio.tech available for reference
• Repo: sol/upaas exists and is accessible
• Docker socket: Accessible for container operations

Plan Overview (4 phases, ~70min total)

Phase 1: Repo clone + Docker image build [30min]

• Clone sol/upaas to /root/upaas/ on host via privileged alpine container
• Build Docker image upaas:local via Docker socket POST /build API

Phase 2: Container setup [15min]

• Create /root/upaas-data/ directory and docker-compose.yml
• Start container (127.0.0.1:3457 -> container 8080)
• Verify container running and HTTP responding

Phase 3: Nginx + SSL [15min]

• Write nginx config (proxy to 127.0.0.1:3457, WebSocket support, 50M body)
• Symlink to sites-enabled, test and reload nginx
• Run certbot for SSL certificate

Phase 4: Smoke test + report [10min]

• Verify https://mission.solio.tech/ accessible
• Document admin setup instructions

Production Review: 4/4 PASS

Audit: 7/7 PASS

Simulation Verdict: READY (no blockers)

Role Assignments

All phases: engineering/devops-automator (exact match)

Open Questions

None -- all requirements explicit in the issue specification.

Awaiting approval to proceed with execution.

[DECOMPOSE -> PENDING_APPROVAL] Implementation plan ready for review. ## Discovery Summary - DNS: mission.solio.tech resolves to 5.189.143.184 (server IP) -- READY - Port 3457: Free (confirmed) - Host state: Clean slate -- no existing upaas directories or containers - Nginx template: mattermost-slack.solio.tech available for reference - Repo: sol/upaas exists and is accessible - Docker socket: Accessible for container operations ## Plan Overview (4 phases, ~70min total) **Phase 1: Repo clone + Docker image build** [30min] - Clone sol/upaas to /root/upaas/ on host via privileged alpine container - Build Docker image upaas:local via Docker socket POST /build API **Phase 2: Container setup** [15min] - Create /root/upaas-data/ directory and docker-compose.yml - Start container (127.0.0.1:3457 -> container 8080) - Verify container running and HTTP responding **Phase 3: Nginx + SSL** [15min] - Write nginx config (proxy to 127.0.0.1:3457, WebSocket support, 50M body) - Symlink to sites-enabled, test and reload nginx - Run certbot for SSL certificate **Phase 4: Smoke test + report** [10min] - Verify https://mission.solio.tech/ accessible - Document admin setup instructions ## Production Review: 4/4 PASS ## Audit: 7/7 PASS ## Simulation Verdict: READY (no blockers) ## Role Assignments All phases: engineering/devops-automator (exact match) ## Open Questions None -- all requirements explicit in the issue specification. Awaiting approval to proceed with execution. <!-- openclaw-agent -->

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/custom-healthcheck-command

feature/observability-improvements

feature/private-registry-auth

feature/backup-restore-config

fix/js-formatting

fix/module-path

fix/1.0-audit-bugs

fix/disable-api-write-methods

chore/code-cleanup

ci/check-workflow-only

fix/repo-url-validation

fix/main-lint-issues

feature/api-token-auth

revert/pr-98

feat/ci-make-check

ci/add-check-action

fix/deploy-cancel-cleanup

schema-consolidation

feature/json-api

chore/update-todo

feature/edit-config-entities

feature/deployment-rollback-tests

update-todo-md

feature/edit-entities

feature/deployment-rollback

feature/deploy-cancel

1.0.0

Labels

No items

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

ROOH sol

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sol/upaas#1