From 845dda44574fb69cf7af3c2b4df9021451db8b11 Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Tue, 20 Jan 2026 15:39:53 -1000
Subject: Add VPS deployment artifacts and documentation

Include systemd service file, Apache reverse proxy config,
and comprehensive deployment guide for Linux VPS setup.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 deployment/apache.conf            | 45 +++++++++++++++++++++++++++++++++++++++
 deployment/task-dashboard.service | 25 ++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 deployment/apache.conf
 create mode 100644 deployment/task-dashboard.service

(limited to 'deployment')

diff --git a/deployment/apache.conf b/deployment/apache.conf
new file mode 100644
index 0000000..3942bf6
--- /dev/null
+++ b/deployment/apache.conf
@@ -0,0 +1,45 @@
+<VirtualHost *:80>
+    ServerName ${FQDN}
+
+    # Redirect HTTP to HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName ${FQDN}
+
+    # SSL Configuration (adjust paths as needed)
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/${FQDN}/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/${FQDN}/privkey.pem
+
+    # Document root for static files served directly by Apache
+    DocumentRoot /site/${FQDN}/public
+
+    # Serve static files directly via Apache (bypasses Go app)
+    <Directory /site/${FQDN}/public>
+        Options -Indexes +FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        # Cache static assets
+        <FilesMatch "\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$">
+            Header set Cache-Control "max-age=31536000, public"
+        </FilesMatch>
+    </Directory>
+
+    # Static files served by Apache
+    Alias /static /site/${FQDN}/public
+
+    # Proxy all other requests to Go application
+    ProxyPreserveHost On
+    ProxyPass /static !
+    ProxyPass / http://127.0.0.1:8080/
+    ProxyPassReverse / http://127.0.0.1:8080/
+
+    # Logging
+    ErrorLog ${APACHE_LOG_DIR}/${FQDN}-error.log
+    CustomLog ${APACHE_LOG_DIR}/${FQDN}-access.log combined
+</VirtualHost>
diff --git a/deployment/task-dashboard.service b/deployment/task-dashboard.service
new file mode 100644
index 0000000..7afd9d9
--- /dev/null
+++ b/deployment/task-dashboard.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Task Dashboard - Personal task aggregation dashboard
+After=network.target
+
+[Service]
+Type=simple
+User=www-data
+Group=www-data
+WorkingDirectory=/site/%i
+ExecStart=/site/%i/app
+Restart=always
+RestartSec=5
+
+# Environment file for secrets and configuration
+EnvironmentFile=/site/%i/.env
+
+# Security hardening
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/site/%i/data
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3