firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
eb43711e0bb00a952ee9896a720ae07a20cb2ef5
firefrost-operations-manual/docs/tasks/firefrost-codex-migration-to-open-webui/DEPLOYMENT-STATUS.md
The Chronicler 7fd67614cd docs: Add Phase 4 deployment status - Dify fully operational 
- Comprehensive status document covering Phases 0-4 completion
- All 10+ sequential configuration issues documented with solutions
- Critical configuration reference for future troubleshooting
- Lessons learned from 6-hour deployment session
- Ready for Phase 5-11 execution

Phase 4 achievements:
- Plugin system deployed (daemon, sandbox, ssrf_proxy)
- Ollama integration complete (5 models configured)
- Gemini provider added for heavy lifting
- Dify Issue #603 timeout bug solved
- All CORS/CSRF authentication working
- System defaults configured

Deployed by: The Diagnostician (Chronicler #23)
2026-02-23 04:03:07 +00:00

499 lines
16 KiB
Markdown
Raw Blame History

# Firefrost Knowledge Engine - Deployment Status
**Last Updated:** February 23, 2026 03:30 AM CST
**Updated By:** The Diagnostician (Chronicler #23)
**Deployment Started:** February 22, 2026 20:51 CST
**Current Status:** Phase 4 COMPLETE ✅ | Phase 5-11 PENDING
---
## 📊 DEPLOYMENT PROGRESS
### Phase 0: Stop AnythingLLM ✅ COMPLETE
- **Completed:** February 22, 2026 ~20:00 CST
- **Status:** AnythingLLM stopped and removed
- **Notes:** Original deployment had poor document retrieval quality
### Phase 1: Install Nginx and SSL ✅ COMPLETE
- **Completed:** February 22, 2026 21:15 CST
- **Duration:** 30 minutes
- **Certificate:** Let's Encrypt for codex.firefrostgaming.com and n8n.firefrostgaming.com
- **Issues:** None - clean installation
### Phase 2: Deploy Docker Stack ✅ COMPLETE
- **Completed:** February 22, 2026 22:00 CST
- **Duration:** 45 minutes
- **Services Deployed:** 7 initial containers (db, redis, dify-api, dify-worker, dify-web, qdrant, n8n)
- **Major Issues Resolved:**
- Storage permission errors (UID 1000 vs 1001)
- Volume mount path incorrect (`/app/storage` vs `/app/api/storage`)
- Next.js cache requiring container recreation
### Phase 3: Configure Nginx Reverse Proxy ✅ COMPLETE
- **Completed:** February 22, 2026 23:30 CST
- **Duration:** 1.5 hours (includes troubleshooting)
- **Major Issues Resolved:**
- CORS/CSRF authentication failures (401 errors)
- Cookie-based auth being rejected
- Rate limiting blocking Next.js chunk loading
- Missing API routing for `/console/api/*` endpoints
**Critical Configuration Discoveries:**
- Must use **blank API URLs** (`CONSOLE_API_URL=` and `APP_API_URL=`) to force relative paths
- Nginx must preserve HTTP/1.1 with `proxy_http_version 1.1`
- Must add `proxy_set_header X-Forwarded-Port $server_port` for CSRF origin matching
- Rate limit must be 100r/s with burst=100 to handle Next.js parallel chunk loading
### Phase 4: Plugin System & Ollama Integration ✅ COMPLETE
- **Completed:** February 23, 2026 03:21 CST
- **Duration:** 3.5 hours (most challenging phase)
- **Services Added:** 3 plugin system containers (plugin_daemon, sandbox, ssrf_proxy)
- **Models Configured:** 5 Ollama models + Google Gemini
**This phase required solving 10+ sequential configuration issues:**
#### Issue 1: Plugin Daemon Not Found
- **Error:** "Failed to request plugin daemon"
- **Cause:** Dify v1.13.0 requires new plugin architecture not in original docker-compose
- **Solution:** Added 3 containers: plugin_daemon, sandbox, ssrf_proxy
#### Issue 2: Plugin Daemon Missing .env File
- **Error:** `failed to load .env file: open .env: no such file or directory`
- **Solution:** Added volume mount: `./.env:/app/.env:ro`
#### Issue 3: Missing DifyInnerApiURL
- **Error:** `Key: 'Config.DifyInnerApiURL' Error:Field validation for 'DifyInnerApiURL' failed on the 'required' tag`
- **Solution:** Added environment variables:
```yaml
DIFY_INNER_API_URL: http://dify-api:5001
DIFY_INNER_API_KEY: ${DIFY_SECRET_KEY}
```
#### Issue 4: Missing Remote Installing Host
- **Error:** `plugin remote installing host is empty`
- **Solution:** Added:
```yaml
PLUGIN_REMOTE_INSTALLING_HOST: 0.0.0.0
PLUGIN_REMOTE_INSTALLING_PORT: 5003
```
#### Issue 5: Missing Storage Paths
- **Error:** Plugin daemon started but installation failed silently
- **Solution:** Added complete plugin storage configuration:
```yaml
PLUGIN_WORKING_PATH: /app/storage/cwd
PLUGIN_STORAGE_TYPE: local
PLUGIN_STORAGE_LOCAL_ROOT: /app/storage
PLUGIN_INSTALLED_PATH: plugin
PLUGIN_PACKAGE_CACHE_PATH: plugin_packages
PLUGIN_MEDIA_CACHE_PATH: assets
```
- **Volume:** `./volumes/plugin_daemon/storage:/app/storage`
#### Issue 6: Sandbox Config Missing
- **Error:** `failed to init config: open conf/config.yaml: no such file or directory`
- **Solution:** Created `./volumes/sandbox/conf/config.yaml`:
```yaml
worker:
timeout: 15
server:
port: 8194
enable_network: true
```
#### Issue 7: Plugin Installation Timeout (Dify Issue #603)
- **Error:** `failed to install dependencies: failed to start command: context canceled`
- **Cause:** dify-api drops HTTP connection before plugin installation completes
- **This was the hardest bug - required consulting Gemini conversation history**
- **Solutions:**
- Added `PLUGIN_DAEMON_TIMEOUT: 600` to dify-api and dify-worker
- Added `PYTHON_ENV_INIT_TIMEOUT: 300` to plugin_daemon
- Added `PLUGIN_MAX_EXECUTION_TIMEOUT: 600` to plugin_daemon
- Added `UV_HTTP_TIMEOUT: 300` (integer, NOT "300s")
#### Issue 8: Wrong Plugin Daemon Image
- **Error:** Continued timeout issues even with timeout fixes
- **Cause:** Using unstable `main-local-linux-amd64` image with known bugs
- **Solution:** Switched to stable `langgenius/dify-plugin-daemon:0.5.3-local`
#### Issue 9: Sandbox Not Connected to API
- **Error:** Code execution features wouldn't work
- **Solution:** Added to dify-api environment:
```yaml
CODE_EXECUTION_ENDPOINT: http://sandbox:8194
CODE_EXECUTION_API_KEY: dify-sandbox
```
#### Issue 10: Ollama DNS Resolution
- **Error:** Plugin couldn't resolve `host.docker.internal`
- **Solution:** Used direct IP address `http://38.68.14.26:11434` instead
**Final Result:**
- ✅ Ollama plugin installed successfully
- ✅ 5 models configured: qwen2.5-coder:7b/32b, llama3.3:70b, llama3.2-vision:11b, nomic-embed-text
- ✅ Google Gemini provider added
- ✅ System defaults set (llama3.3:70b for reasoning, nomic-embed-text for embeddings)
---
## 🎯 WHAT'S WORKING NOW
### Infrastructure (10 Containers)
All containers healthy and communicating:
1. **PostgreSQL 15** - Database (users, workspaces, settings)
2. **Redis 6** - Cache and sessions
3. **dify-api** - Backend API (127.0.0.1:5001)
4. **dify-worker** - Background task processor
5. **dify-web** - Next.js frontend (127.0.0.1:3000)
6. **Qdrant** - Vector database (127.0.0.1:6333)
7. **plugin_daemon** - Plugin marketplace manager (v0.5.3-local)
8. **sandbox** - Code execution environment
9. **ssrf_proxy** - Security proxy
10. **n8n** - Workflow automation (127.0.0.1:5678)
### Access & Authentication
- ✅ **URL:** https://codex.firefrostgaming.com
- ✅ **SSL:** Valid Let's Encrypt certificate
- ✅ **Admin Account:** mkrause612@gmail.com (active)
- ✅ **Login:** Working perfectly
- ✅ **Dashboard:** Loading correctly
- ✅ **Session:** Cookie-based auth with CSRF tokens
### AI Models
- ✅ **Local Models (Ollama):**
- qwen2.5-coder:7b (fast coding - 4.7GB)
- qwen2.5-coder:32b (advanced coding - 19GB)
- llama3.3:70b (reasoning - system default - 42GB)
- llama3.2-vision:11b (image analysis - 7.8GB)
- nomic-embed-text (embeddings - system default - 274MB)
- ✅ **Cloud Models:** Google Gemini (for heavy lifting)
### System Configuration
- ✅ **Nginx:** Reverse proxy with SSL, rate limiting, security headers
- ✅ **CORS:** Properly configured for https://codex.firefrostgaming.com
- ✅ **CSRF:** Headers preserved through proxy
- ✅ **Plugin System:** Fully operational with timeouts configured
- ✅ **Storage:** Permissions correct (UID 1001)
---
## ⏳ PHASES REMAINING
### Phase 5: Configure Discord Integration ⏳ PENDING
**Estimated Time:** 1 hour
**Dependencies:** Phase 4 complete ✅
**Tasks:**
- Create Discord webhooks (#codex-alerts, #system-critical)
- Configure n8n webhook nodes for notifications
- Test notification delivery
- Set up error alert templates
### Phase 6: Setup Git Integration ⏳ PENDING
**Estimated Time:** 2-3 hours
**Dependencies:** Phase 5 complete
**Tasks:**
- Configure SSH keys for Gitea access
- Create n8n Git Sync workflow (pull + filter + index)
- Create n8n Git Write-Back workflow (validate + commit)
- Test ai-proposals branch workflow
- Implement Discord approval buttons
### Phase 7: Configure Monitoring ⏳ PENDING
**Estimated Time:** 1 hour
**Dependencies:** Phase 6 complete
**Tasks:**
- Set up Uptime Kuma monitors
- Configure Docker restart triggers
- Test self-healing workflows
- Document failure modes
### Phase 8: User Onboarding ⏳ PENDING
**Estimated Time:** 30 minutes
**Dependencies:** Phase 7 complete
**Tasks:**
- Create Meg's admin account (gingerfury)
- Create Holly's user account (Unicorn20089)
- Configure workspace permissions
- Test access control
### Phase 9: Testing and Verification ⏳ PENDING
**Estimated Time:** 2 hours
**Dependencies:** Phase 8 complete
**Tasks:**
- Upload operations manual documents
- Test RAG queries
- Test Git write-back
- Test Discord notifications
- Test tier-based access control
### Phase 10: Backup Automation ⏳ PENDING
**Estimated Time:** 1 hour
**Dependencies:** Phase 9 complete
**Tasks:**
- Create backup script
- Set up cron job
- Configure offsite rsync to Command Center
- Test restore procedure
### Phase 11: Final Cleanup ⏳ PENDING
**Estimated Time:** 30 minutes
**Dependencies:** Phase 10 complete
**Tasks:**
- Remove AnythingLLM completely
- Clean up unused Docker images
- Document final configuration
- Update operations manual
---
## 📝 CRITICAL CONFIGURATION REFERENCE
### Environment Variables (.env)
**CRITICAL - Must be blank for CSRF to work:**
```bash
CONSOLE_API_URL=
APP_API_URL=
```
**Public URLs:**
```bash
CONSOLE_WEB_URL=https://codex.firefrostgaming.com
APP_WEB_URL=https://codex.firefrostgaming.com
```
**CORS (must match domain exactly):**
```bash
CONSOLE_CORS_ALLOW_ORIGINS=https://codex.firefrostgaming.com
WEB_API_CORS_ALLOW_ORIGINS=https://codex.firefrostgaming.com
```
**Plugin System (critical timeouts for Issue #603):**
```bash
PLUGIN_DAEMON_URL=http://plugin_daemon:5002
PLUGIN_DAEMON_KEY=${DIFY_SECRET_KEY}
PLUGIN_DAEMON_TIMEOUT=600 # dify-api must hold connection
PYTHON_ENV_INIT_TIMEOUT=300 # plugin_daemon
PLUGIN_MAX_EXECUTION_TIMEOUT=600 # plugin_daemon
UV_HTTP_TIMEOUT=300 # INTEGER not "300s"
```
**Sandbox:**
```bash
CODE_EXECUTION_ENDPOINT=http://sandbox:8194
CODE_EXECUTION_API_KEY=dify-sandbox
```
**Ollama:**
```bash
OLLAMA_API_BASE_URL=http://host.docker.internal:11434 # Not used in v1.13.0
# Actual connection: http://38.68.14.26:11434 (configured via plugin UI)
```
### Nginx Critical Headers
**For `/console/api/*` endpoints:**
```nginx
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Port $server_port;
```
**Rate Limiting:**
```nginx
limit_req_zone $binary_remote_addr zone=codex_limit:10m rate=100r/s;
limit_req zone=codex_limit burst=100 nodelay;
```
### Docker Image Tags
**MUST use stable tags, NOT bleeding-edge:**
- ✅ `langgenius/dify-plugin-daemon:0.5.3-local`
- ❌ `langgenius/dify-plugin-daemon:main-local-linux-amd64` (has Issue #603 bug)
### Storage Permissions
**Dify storage must be owned by UID 1001:**
```bash
chown -R 1001:1001 ./volumes/dify/storage
```
**Volume mount path must be:**
```yaml
- ./volumes/dify/storage:/app/api/storage # NOT /app/storage
```
---
## 🔧 TROUBLESHOOTING QUICK REFERENCE
### Issue: Blank Dashboard with 401 Errors
**Cause:** Absolute API URLs breaking CSRF
**Solution:** Set `CONSOLE_API_URL=` and `APP_API_URL=` to blank
### Issue: Plugin Installation Fails with "context canceled"
**Cause:** Dify Issue #603 - HTTP timeout
**Solutions:**
1. Use stable image `0.5.3-local` not `main`
2. Set `PLUGIN_DAEMON_TIMEOUT: 600` in dify-api
3. Set `UV_HTTP_TIMEOUT: 300` (integer) in plugin_daemon
### Issue: Config Changes Not Applied
**Cause:** Docker caches broken container state
**Solution:** Force recreation:
```bash
docker-compose stop <service>
docker-compose rm -f <service>
docker-compose up -d <service>
```
### Issue: "Permission Denied" Writing to Storage
**Cause:** UID mismatch
**Solution:**
```bash
chown -R 1001:1001 ./volumes/dify/storage
```
### Issue: Nginx Returns 502 Bad Gateway
**Causes:**
1. Containers not running: `docker-compose ps`
2. Wrong ports: Check `127.0.0.1:3000` and `127.0.0.1:5001`
3. CORS issues: Check browser console
---
## 📊 RESOURCE USAGE (TX1 Dallas)
### Current Consumption
- **RAM (Idle):** ~10GB (all services, no models loaded)
- **RAM (Active):** ~92GB (with llama3.3:70b loaded)
- Model: ~80GB
- Services: ~12GB
- **Disk:** ~85GB total
- Docker images: ~8GB
- Ollama models: 73.5GB
- Dify volumes: ~3GB
### Available Headroom
- **RAM:** 251GB - 92GB = 159GB free
- **Disk:** 1TB - 85GB = 915GB free
- **Plenty of room for game servers**
---
## 🎓 LESSONS LEARNED
### What Worked Well
1. **Incremental debugging** - Solve one error at a time
2. **Gemini consultation** - Provided critical Issue #603 diagnosis
3. **Complete container recreation** - Use `rm -f` not just `restart`
4. **Reading error logs immediately** - Caught issues fast
### What Didn't Work
1. **Using bleeding-edge images** - Stick to stable releases
2. **Assuming defaults** - Plugin system needs 15+ env variables
3. **Simple restart after config changes** - Must recreate containers
### Critical Discoveries
1. **Blank API URLs are correct** for reverse proxy setups
2. **CSRF requires specific nginx headers** preserved
3. **Plugin system is brand new** (v1.13.0) - poorly documented
4. **Timeout hierarchy matters** - API, daemon, and UV all need configs
5. **UID mismatches common** - Always check container user
---
## 👥 TEAM CREDITS
**The Blueprint (Chronicler #21):**
- Designed complete architecture with Gemini
- Created deployment plan
- Identified Dify as superior choice over AnythingLLM/Open WebUI
**The Diagnostician (Chronicler #23):**
- Executed Phases 0-4 deployment
- Debugged 10+ sequential configuration issues
- Solved Dify Issue #603 timeout bug
- Documented all solutions
**Google Gemini:**
- Provided architectural recommendations
- Diagnosed root causes of complex errors
- Suggested complete plugin daemon configuration
- Identified Issue #603 in Dify GitHub
---
## 🚀 NEXT SESSION GOALS
**Primary Objective:** Complete Phase 5-6 (Discord + Git Integration)
**Specific Tasks:**
1. Configure Discord webhooks
2. Build n8n Git Sync workflow
3. Build n8n Git Write-Back workflow
4. Test ai-proposals branch workflow
5. Upload first batch of operations manual documents
6. Test RAG queries
**Time Estimate:** 3-4 hours
**Prerequisites:**
- All of Phase 4 working ✅
- SSH keys for Gitea access
- Discord webhook URLs
- Clear head (not 3 AM!)
---
## 📚 RELATED DOCUMENTATION
**In This Directory:**
- `README.md` - Overall project description
- `DEPLOYMENT-PLAN-PART-1.md` - Phases 0-3 (✅ COMPLETE)
- `DEPLOYMENT-PLAN-PART-2.md` - Phases 4-11 (Phase 4 ✅, rest pending)
- `CONFIGURATION-FILES.md` - All config file templates
- `TROUBLESHOOTING.md` - Common issues and solutions
- `VERIFICATION.md` - Testing procedures
- `RECOVERY.md` - Backup and disaster recovery
**External Documentation Created:**
- `/home/claude/DIFY-ARCHITECTURE-COMPLETE.md` - Complete technical overview
- `/home/claude/FIREFROST-CODEX-TROUBLESHOOTING-GUIDE.md` - Comprehensive troubleshooting
- `/home/claude/FIREFROST-CODEX-DEPLOYMENT-GUIDE.md` - Step-by-step deployment
- `/home/claude/PHASE-4-COMPLETION-SUMMARY.md` - Tonight's session summary
---
## ✅ SUCCESS CRITERIA - PHASE 4
All Phase 4 success criteria met:
- ✅ Dify accessible via https://codex.firefrostgaming.com
- ✅ SSL certificate valid and working
- ✅ Authentication working (cookie-based with CSRF)
- ✅ Dashboard loading correctly
- ✅ All 10 containers running and healthy
- ✅ Plugin system operational
- ✅ Ollama provider installed
- ✅ 5 local models configured
- ✅ Google Gemini provider added
- ✅ System defaults set (llama3.3:70b, nomic-embed-text)
- ✅ Admin account created and working
- ✅ Zero additional monthly cost (self-hosted)
- ✅ Response time under 15 seconds
**PHASE 4 STATUS: COMPLETE**
---
**Fire + Frost + Foundation + Codex = Where Love Builds Legacy** 💙🔥❄️
---
**Version:** 1.0
**Status:** Phase 4 Complete, Ready for Phase 5
**Last Updated:** February 23, 2026 03:30 AM CST
**Updated By:** The Diagnostician (Chronicler #23)
Reference in New Issue View Git Blame Copy Permalink