docs(license): self-hosted server runbook + multi-tenancy plan
Adds SETUP-LICENSE-SERVER.md — end-to-end install runbook for the license server on the existing invixiom box (Ubuntu 24.04). Covers DNS, system packages, Postgres + API in Docker, dedicated system user, secrets layout under /srv/datatools-license/secrets (mode 400), nginx config in a separate sites-available/unalogix file, Let's Encrypt cert issuance, smoke tests, backups, monitoring, key rotation, and rollback. Multi-tenancy is explicit at every layer: separate DNS zone (unalogix.com vs invixiom.com), separate nginx file, separate TLS cert, dedicated backend ports (8090 for the API, 5433 for Postgres, both localhost-only), separate docker compose project and volume. No invixiom service is touched. LICENSE-SERVER.md updated: hosting choice moved from "Fly.io / Render" (rejected) to self-hosted (decided). Points at the new runbook for ops specifics. ADMIN.md pointer table updated. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -223,9 +223,11 @@ across any of them — that's the whole point.
|
||||
|
||||
## Open questions
|
||||
|
||||
- **Hosting choice.** A managed Postgres + small Python app is well
|
||||
under $20/mo at the expected volume. Fly.io and Render are the
|
||||
obvious candidates; AWS is overkill at this scale.
|
||||
- **Hosting choice.** *Decided: self-hosted* on the existing
|
||||
`46.225.166.142` box alongside the `*.invixiom.com` services.
|
||||
Runbook in `SETUP-LICENSE-SERVER.md`. Operator owns uptime,
|
||||
backups, TLS renewal, and key custody — see that doc's
|
||||
"Operational concerns" section.
|
||||
- **Per-seat or per-device limits?** v1 says no. Revisit if/when
|
||||
abuse is observable.
|
||||
- **Email delivery.** Postmark or SES — both fine. Pick whichever the
|
||||
|
||||
Reference in New Issue
Block a user