Deployment Guide
Table of Contents
- Prerequisites
- Production Checklist
- Docker Deployment
- Systemd Deployment
- Nginx Reverse Proxy
- SSL Certificate
- Monitoring
- Backup & Recovery
- Scaling
Prerequisites
- Ubuntu 22.04+ or Debian 12+
- 8+ GB RAM
- 50+ GB storage
- Domain name with SSL certificate
- Aegis-DB installed and running
- Ollama installed (optional)
Production Checklist
Security
- Generate strong JWT secret (48+ characters)
- Enable TLS with valid certificate
- Configure firewall (allow only 443, block 8080)
- Set up log rotation
- Enable audit logging
- Configure backup schedule
Performance
- Use NVMe storage for database
- Configure appropriate pool sizes
- Set up monitoring (Prometheus/Grafana)
- Configure CDN for static assets
Compliance (if applicable)
- Enable HIPAA mode
- Configure audit log retention
- Set up encryption keys
- Document data processing activities
Docker Deployment
docker-compose.yml
version: '3.8'
services:
nexusscribe:
image: automatanexus/nexusscribe:latest
ports:
- "8080:8080"
environment:
- DATABASE_URL=aegis://aegis-db:9091/default
- JWT_SECRET=${JWT_SECRET}
- OLLAMA_URL=http://ollama:11434
depends_on:
- aegis-db
- ollama
nexusscribe-web:
image: automatanexus/nexusscribe-web:latest
ports:
- "3000:3000"
environment:
- NEXT_PUBLIC_API_URL=http://nexusscribe:8080
aegis-db:
image: automatanexus/aegis-db:latest
ports:
- "9091:9091"
volumes:
- aegis-data:/data
ollama:
image: ollama/ollama:latest
ports:
- "11434:11434"
volumes:
- ollama-models:/root/.ollama
volumes:
aegis-data:
ollama-models:
Start Services
docker-compose up -d
Systemd Deployment
Backend Service
Create /etc/systemd/system/nexusscribe.service:
[Unit]
Description=NexusScribe Backend
After=network.target aegis-db.service
[Service]
Type=simple
User=nexusscribe
Group=nexusscribe
WorkingDirectory=/opt/NexusScribe
ExecStart=/opt/NexusScribe/target/release/nexus-scribe
Restart=always
RestartSec=5
Environment=RUST_LOG=info
EnvironmentFile=/opt/NexusScribe/.env
[Install]
WantedBy=multi-user.target
Frontend Service
Create /etc/systemd/system/nexusscribe-web.service:
[Unit]
Description=NexusScribe Frontend
After=network.target nexusscribe.service
[Service]
Type=simple
User=nexusscribe
Group=nexusscribe
WorkingDirectory=/opt/NexusScribe/web
ExecStart=/usr/bin/npm start
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
Enable Services
sudo systemctl daemon-reload
sudo systemctl enable nexusscribe nexusscribe-web
sudo systemctl start nexusscribe nexusscribe-web
Nginx Reverse Proxy
Configuration
Create /etc/nginx/sites-available/nexusscribe:
upstream nexusscribe_backend {
server 127.0.0.1:8080;
}
upstream nexusscribe_frontend {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name transcribe.your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name transcribe.your-domain.com;
ssl_certificate /etc/letsencrypt/live/transcribe.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/transcribe.your-domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# API
location /api/ {
proxy_pass http://nexusscribe_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# WebSocket
location /ws/ {
proxy_pass http://nexusscribe_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400;
}
# Frontend
location / {
proxy_pass http://nexusscribe_frontend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Enable Site
sudo ln -s /etc/nginx/sites-available/nexusscribe /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
SSL Certificate
Let’s Encrypt
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d transcribe.your-domain.com
Auto-renewal
sudo certbot renew --dry-run
Monitoring
Health Check
curl https://transcribe.your-domain.com/health
Prometheus Metrics
Metrics available at /metrics endpoint:
nexusscribe_active_meetingsnexusscribe_transcription_latency_msnexusscribe_websocket_connectionsnexusscribe_api_requests_total
Log Management
# View logs
journalctl -u nexusscribe -f
# Rotate logs
sudo logrotate /etc/logrotate.d/nexusscribe
Backup & Recovery
Database Backup
# Backup
~/.local/bin/aegis-client -d nexusscribe export > backup.json
# Restore
~/.local/bin/aegis-client -d nexusscribe import < backup.json
File Backup
# Backup uploads
tar -czf uploads-backup.tar.gz /opt/NexusScribe/data/uploads
# Backup configuration
cp /opt/NexusScribe/.env /backup/.env.backup
Automated Backup Script
#!/bin/bash
DATE=$(date +%Y%m%d)
BACKUP_DIR=/backup/nexusscribe
mkdir -p $BACKUP_DIR
~/.local/bin/aegis-client -d nexusscribe export > $BACKUP_DIR/db-$DATE.json
tar -czf $BACKUP_DIR/uploads-$DATE.tar.gz /opt/NexusScribe/data/uploads
# Keep last 30 days
find $BACKUP_DIR -mtime +30 -delete
Scaling
Horizontal Scaling
For high availability:
- Deploy multiple backend instances
- Use load balancer (nginx, HAProxy)
- Configure sticky sessions for WebSocket
- Use shared storage (S3) for uploads
- Use Redis for session storage
Vertical Scaling
- Add more CPU cores for transcription
- Increase RAM for Ollama models
- Use faster NVMe for database