Add comprehensive Hetzner Cloud deployment guide #211
Conversation
WalkthroughAdds a new documentation guide Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (4)
docs/hosting/hetzner.md (4)
61-62: Clarify that compose.example.yml should be validated for production use.Line 61 downloads
compose.example.ymlfrom the main branch. This guide should explicitly state that users should review this file to ensure it's production-ready and matches their deployment requirements, or reference a production-specific compose file if one exists.Consider adding a note like:
# Download the Docker Compose configuration curl -o compose.yml https://raw.githubusercontent.com/we-promise/sure/main/compose.example.yml + +# Review the compose file to ensure it matches your production requirements +# nano compose.yml
88-91: Good coverage of security measures, but consider adding SSH key authentication guidance.The guide covers firewall, fail2ban, SSL/TLS, and environment variable security well. Line 432 mentions SSH key authentication as a recommendation, but this could be integrated into Step 1 (server setup) with concrete instructions, as it's a critical first-step security hardening measure.
Consider adding SSH key setup instructions in Step 1, similar to:
# On your local machine, generate an SSH key (if you don't have one) ssh-keygen -t ed25519 -C "[email protected]" # Add your public key to the server ssh-copy-id -i ~/.ssh/id_ed25519.pub root@YOUR_SERVER_IP # Disable password authentication (after verifying key login works) sudo sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config sudo systemctl restart sshdAlso applies to: 313-322
241-247: Health check script assumes SSL is already configured before execution.The health check script (lines 241-247) attempts to check the HTTPS endpoint, which won't work until Step 4 (SSL setup) is complete and the application is running. Consider clarifying the execution order or providing an alternative initial health check.
You might note in Step 8:
+**Note**: The health check script should be added to crontab only after Step 5 is complete and the SSL certificate is successfully obtained.
429-433: Add log rotation guidance for backup and health check logs.The guide creates persistent logs at
/var/log/sure-backup.logand/var/log/sure-health.log(lines 221, 260) but doesn't include guidance on log rotation. Without log rotation, these files could consume excessive disk space over time.Consider adding a note in the Maintenance Commands section:
# Set up log rotation for backup and health check logs cat > /etc/logrotate.d/sure << EOF /var/log/sure-*.log { daily rotate 7 compress delaycompress notifempty create 0640 root root } EOF
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
docs/hosting/hetzner.md(1 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.18.1)
docs/hosting/hetzner.md
220-220: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
259-259: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🔇 Additional comments (2)
docs/hosting/hetzner.md (2)
1-427: Overall documentation structure and completeness.The guide is well-organized, comprehensive, and follows the established format from the docker.md guide. It covers prerequisites, deployment, security, monitoring, backups, troubleshooting, and maintenance — excellent coverage for a production deployment guide. The step-by-step format is user-friendly, and the inclusion of actual commands reduces friction for operators.
Minor refinements requested above (language specifications, path verification, retention policy clarity, and log rotation guidance) would further strengthen this guide, but the core content is solid and production-ready.
199-202: Paths verified as accurate—no issues found.The backup and restore commands correctly reference the application structure:
- Dockerfile WORKDIR:
/rails- Rails.root:
/rails- Storage configuration (
config/storage.yml): Local disk service atRails.root.join("storage")=/rails/storage- Backup command (line 202): Correctly targets
/rails/storage- Restore command (lines 310-311): Correctly restores to
/rails/storagewhen extracting with-C /The documented paths align with the actual Sure application structure and container filesystem.
- Add missing language identifiers to fenced code blocks (bash) - Fix inconsistent backup retention policy (standardize to 7 days) - Address CodeRabbit review feedback for PR we-promise#211
|
Reading this makes me want to cry/go back to this way of deploying stuff. Recently went through the effort to put |
|
Won't be able to reproduce step-by-step but I skimmed it and it all checks out ... merging since it's a documentation change anyway that we can improve over time. Thanks @pcamarajr! |
|
I got this step-by-step from Claude, and when I ran it till the end with zero issues and it worked, booom! 🤯 |
commit 192a3b6 Author: soky srm <[email protected]> Date: Wed Oct 22 17:03:00 2025 +0200 Implement a filter for category (we-promise#215) - Also implement an is empty/is null condition. commit 8cd109a Author: soky srm <[email protected]> Date: Wed Oct 22 16:02:50 2025 +0200 Implement support for generic OpenAI api (we-promise#213) * Implement support for generic OpenAI api - Implements support to route requests to any openAI capable provider ( Deepsek, Qwen, VLLM, LM Studio, Ollama ). - Keeps support for pure OpenAI and uses the new better responses api - Uses the /chat/completions api for the generic providers - If uri_base is not set, uses default implementation. * Fix json handling and indentation * Fix linter error indent * Fix tests to set env vars * Fix updating settings * Change to prefix checking for OAI models * FIX check model if custom uri is set * Change chat to sync calls Some local models don't support streaming. Revert to sync calls for generic OAI api * Fix tests * Fix tests * Fix for gpt5 message extraction - Finds the message output by filtering for "type" == "message" instead of assuming it's at index 0 - Safely extracts the text using safe navigation operators (&.) - Raises a clear error if no message content is found - Parses the JSON as before * Add more langfuse logging - Add Langfuse to auto categorizer and merchant detector - Fix monitoring on streaming chat responses - Add Langfuse traces also for model errors now * Update app/models/provider/openai.rb Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Signed-off-by: soky srm <[email protected]> * handle nil function results explicitly * Exposing some config vars. * Linter and nitpick comments * Drop back to `gpt-4.1` as default for now * Linter * Fix for strict tool schema in Gemini - This fixes tool calling in Gemini OpenAI api - Fix for getTransactions function, page size is not used. --------- Signed-off-by: soky srm <[email protected]> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Juan José Mata <[email protected]> commit ea7ce13 Author: Michael Studman <[email protected]> Date: Wed Oct 22 03:22:24 2025 +1100 Increasing trades.price decimal scale (we-promise#89) * Changing trades.price to have a larger scale - a scale of 4 causes destructive rounding when calculating transaction cost; changes to the UI to allow for inputting and showing increased scale trade prices; test case commit 3aea151 Author: Pedro Camara Junior <[email protected]> Date: Tue Oct 21 15:34:44 2025 +0200 Add comprehensive Hetzner Cloud deployment guide (we-promise#211) * Add comprehensive Hetzner Cloud deployment guide * Fix markdown linting issues and backup retention policy - Add missing language identifiers to fenced code blocks (bash) - Fix inconsistent backup retention policy (standardize to 7 days) - Address CodeRabbit review feedback for PR we-promise#211 commit eaa17fe Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Oct 21 15:02:57 2025 +0200 Bump rack from 3.1.16 to 3.1.18 (we-promise#198) Bumps [rack](https://github.com/rack/rack) from 3.1.16 to 3.1.18. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v3.1.16...v3.1.18) --- updated-dependencies: - dependency-name: rack dependency-version: 3.1.18 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add comprehensive Hetzner Cloud deployment guide * Fix markdown linting issues and backup retention policy - Add missing language identifiers to fenced code blocks (bash) - Fix inconsistent backup retention policy (standardize to 7 days) - Address CodeRabbit review feedback for PR we-promise#211
Overview
This PR adds a comprehensive deployment guide for running Sure on Hetzner Cloud servers with production-ready security, monitoring, and backup capabilities.
What's Added
Documentation Structure
The guide follows the same format as the existing
docker.mddocumentation and includes:Benefits
This documentation enables users to:
Testing
Related
This addresses the need for comprehensive Hetzner Cloud deployment documentation, complementing the existing Docker self-hosting guide.
Summary by CodeRabbit