Add docker file

Author: YuWei-CH

.env.server.example

@@ -0,0 +1,41 @@
+# EasyRelocate — server (Option B: self-hosted backend + Postgres + Caddy)
+#
+# Copy to `.env.server` on your server and fill in values:
+#   cp .env.server.example .env.server
+#
+# Then deploy:
+#   docker compose -f docker-compose.server.yml --env-file .env.server up -d --build
+#
+# Never commit `.env.server` (it contains secrets).
+
+###############################################################################
+# Postgres (Docker)
+###############################################################################
+POSTGRES_DB="easyrelocate"
+POSTGRES_USER="easyrelocate"
+POSTGRES_PASSWORD="CHANGE_ME_STRONG_PASSWORD"
+
+# Backend uses this DSN to connect to the Postgres container.
+DATABASE_URL="postgresql+psycopg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}"
+
+###############################################################################
+# Backend (FastAPI)
+###############################################################################
+# CORS allowlist for your Vercel app and/or custom frontend domain.
+# Example:
+# CORS_ALLOW_ORIGINS="https://easyrelocate.vercel.app,https://easyrelocate.net"
+CORS_ALLOW_ORIGINS="https://YOUR_VERCEL_APP_DOMAIN"
+
+# Enable self-serve tokens (onboarding token issuance)
+ENABLE_PUBLIC_WORKSPACE_ISSUE="1"
+PUBLIC_WORKSPACE_TTL_DAYS="30"
+
+# Optional: Google Maps server-side geocoding
+# GOOGLE_MAPS_API_KEY="YOUR_SERVER_KEY"
+# GEOCODING_PROVIDER="google"
+# ENABLE_GEOCODING="1"
+
+# Optional: OpenRouter LLM extraction for selected posts
+# OPENROUTER_API_KEY="YOUR_OPENROUTER_KEY"
+# OPENROUTER_MODEL="z-ai/glm-4.5-air:free"
+

backend/Dockerfile

@@ -0,0 +1,17 @@
+FROM python:3.11-slim
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1
+
+WORKDIR /app
+
+COPY requirements.txt /app/requirements.txt
+RUN pip install --no-cache-dir -r /app/requirements.txt
+
+COPY app /app/app
+COPY scripts /app/scripts
+
+EXPOSE 8000
+
+CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+

deploy/Caddyfile

@@ -0,0 +1,5 @@
+api.easyrelocate.net {
+  encode gzip
+  reverse_proxy backend:8000
+}
+

deploy/server-deploy.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")/.." && pwd)"
+ENV_FILE="${ENV_FILE:-$ROOT_DIR/.env.server}"
+
+if [[ ! -f "$ENV_FILE" ]]; then
+  echo "Missing env file: $ENV_FILE" >&2
+  echo "Create it first, e.g.: cp .env.server.example .env.server" >&2
+  exit 2
+fi
+
+cd "$ROOT_DIR"
+
+docker compose -f docker-compose.server.yml --env-file "$ENV_FILE" up -d --build
+
+echo "Up. Services:"
+docker compose -f docker-compose.server.yml --env-file "$ENV_FILE" ps
+

docker-compose.server.yml

@@ -0,0 +1,46 @@
+services:
+  postgres:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-easyrelocate}
+      POSTGRES_USER: ${POSTGRES_USER:-easyrelocate}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env.server}
+    volumes:
+      - easyrelocate_postgres:/var/lib/postgresql/data
+    restart: unless-stopped
+
+  backend:
+    build:
+      context: ./backend
+    environment:
+      DATABASE_URL: ${DATABASE_URL:?Set DATABASE_URL in .env.server}
+      CORS_ALLOW_ORIGINS: ${CORS_ALLOW_ORIGINS:?Set CORS_ALLOW_ORIGINS in .env.server}
+      ENABLE_PUBLIC_WORKSPACE_ISSUE: ${ENABLE_PUBLIC_WORKSPACE_ISSUE:-1}
+      PUBLIC_WORKSPACE_TTL_DAYS: ${PUBLIC_WORKSPACE_TTL_DAYS:-30}
+      GOOGLE_MAPS_API_KEY: ${GOOGLE_MAPS_API_KEY:-}
+      GEOCODING_PROVIDER: ${GEOCODING_PROVIDER:-}
+      ENABLE_GEOCODING: ${ENABLE_GEOCODING:-1}
+      OPENROUTER_API_KEY: ${OPENROUTER_API_KEY:-}
+      OPENROUTER_MODEL: ${OPENROUTER_MODEL:-}
+    depends_on:
+      - postgres
+    restart: unless-stopped
+
+  caddy:
+    image: caddy:2-alpine
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./deploy/Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      - backend
+    restart: unless-stopped
+
+volumes:
+  easyrelocate_postgres:
+  caddy_data:
+  caddy_config:
+

docs/DEPLOYMENT.md

@@ -138,49 +138,102 @@ Security note:
 This is the lowest “monthly bill” option if you already have hardware, but you must handle:
 patching, backups, and uptime.
 
-### B1) Run Postgres + backend on the server
+### B0) Your chosen domain + FRP ports
 
-Recommended:
-- Use Docker Compose.
-- Keep Postgres private (not exposed to the internet).
-- Expose only the reverse proxy (80/443).
+You chose:
+- Backend domain: `api.easyrelocate.net`
+- Tunnel: `frp` (you can forward any port)
+- Tokens: self-serve tokens enabled (`ENABLE_PUBLIC_WORKSPACE_ISSUE=1`)
 
-Minimum you need:
-- A public backend URL (e.g. `https://api.example.com`)
-- `DATABASE_URL` pointing at the Postgres container
+For Caddy automatic HTTPS, you should forward:
+- **remote 80 → server 80** (for ACME HTTP-01 challenge)
+- **remote 443 → server 443** (for HTTPS traffic)
 
-Example `DATABASE_URL` (Compose network):
-```text
-postgresql+psycopg://easyrelocate_user:DB_PASSWORD@postgres:5432/easyrelocate
+### B1) Prepare the server (Ubuntu miniPC)
+
+1. Install Docker + Docker Compose plugin on the server.
+2. Clone the repo:
+```bash
+git clone https://github.com/YuWei-CH/EasyRelocate.git
+cd EasyRelocate
 ```
 
-### B2) Reverse proxy + HTTPS
+### B2) Create server env file
 
-Use Caddy or Nginx to terminate HTTPS and proxy to the backend container.
+Create `.env.server` (do not commit it):
+```bash
+cp .env.server.example .env.server
+```
 
-If you use FRP:
-- Prefer mapping FRP to 443 with TLS termination at the server (Caddy/Nginx).
-- If FRP terminates TLS upstream, ensure the backend sees correct headers and set a strict CORS allowlist.
+Edit `.env.server`:
+- Set `POSTGRES_PASSWORD` (strong password)
+- Set `CORS_ALLOW_ORIGINS` to include your Vercel domain(s)
+- Keep `ENABLE_PUBLIC_WORKSPACE_ISSUE=1` if you want onboarding to auto-issue tokens
 
-### B3) Vercel config
+### B3) Start Postgres + backend + HTTPS proxy (Docker Compose)
 
-Set:
-```text
-VITE_API_BASE_URL=https://api.example.com
+On the server:
+```bash
+docker compose -f docker-compose.server.yml --env-file .env.server up -d --build
 ```
 
-And on the backend:
+Or use the helper script:
+```bash
+ENV_FILE=.env.server bash deploy/server-deploy.sh
+```
+
+Check:
+```bash
+docker compose -f docker-compose.server.yml --env-file .env.server ps
+```
+
+### B4) Configure FRP
+
+On your **FRP server** (public machine), ensure ports 80/443 are open.
+
+On your **miniPC**, configure `frpc` to forward:
+- `api.easyrelocate.net:80` → `miniPC:80`
+- `api.easyrelocate.net:443` → `miniPC:443`
+
+Once the DNS for `api.easyrelocate.net` points to your FRP server and the tunnel is active,
+visit:
+- `https://api.easyrelocate.net/api/health`
+
+You should see:
+```json
+{"status":"ok"}
+```
+
+### B5) Deploy frontend to Vercel
+
+Set Vercel env vars:
 ```text
-CORS_ALLOW_ORIGINS=https://your-vercel-domain.vercel.app,https://your-custom-domain.com
+VITE_API_BASE_URL=https://api.easyrelocate.net
+VITE_GOOGLE_MAPS_API_KEY=YOUR_BROWSER_KEY
 ```
 
-### B4) Backups (required)
+After deploy, open the web app and go through onboarding.
+
+### B6) Postgres backups (required)
 
 At minimum:
 - daily `pg_dump`
 - keep 7–30 days of backups
 - periodically test restore
 
+### B7) Security notes
+
+- Do **not** expose Postgres to the public internet (Compose keeps it internal by default).
+- Keep a strict `CORS_ALLOW_ORIGINS` allowlist (your Vercel domain + any custom domain).
+- Treat workspace tokens as passwords.
+
+### Files in this repo (Option B)
+
+- `docker-compose.server.yml` — Postgres + backend + Caddy
+- `deploy/Caddyfile` — HTTPS reverse proxy for `api.easyrelocate.net`
+- `.env.server.example` — server env template
+- `deploy/server-deploy.sh` — helper to start the stack
+
 ## Troubleshooting
 
 ### Frontend loads but API calls hang / abort