# Central SaaS Phase 4 Review: Deployment to app.aiinvention.tech **Date:** 2026-05-19 **Status:** COMPLETE **VPS:** root@187.77.140.128 **Project root:** /opt/devxura --- ## What Was Deployed The central SaaS is now deployed as its own proper Docker service at **https://app.aiinvention.tech**, fully connected to Postgres, auth, and Stripe billing. ### Deployment Details | Component | Detail | |-----------|--------| | Domain | app.aiinvention.tech | | DNS | A record → 187.77.140.128 | | SSL | Let's Encrypt via Traefik (verified: SSL verify result 0) | | Docker image | devxura/central-app:0.2.0 | | Container name | compose-central-app-1 | | Internal port | 4100 | | Network | compose_default (shared with Postgres) | | Restart policy | unless-stopped | ### Reverse Proxy (Traefik) - Route: `app.aiinvention.tech` → central-app:4100 - Entrypoint: websecure (HTTPS) - TLS: Let's Encrypt certificate resolver - Provider: Docker labels (auto-discovered) --- ## Files Changed | File | Change | |------|--------| | `infra/docker/Dockerfile.central-app` | UPDATED — simplified for standalone build (copies all src files, installs pg) | | `infra/compose/docker-compose.central.yml` | NEW — standalone compose for central-app with Traefik labels | | DNS: app.aiinvention.tech | NEW — A record added pointing to 187.77.140.128 | --- ## Env / Config Used From `/opt/devxura/infra/env/.env.runtime`: ```bash DATABASE_URL=postgres://devxura:**@postgres:5432/devxura STRIPE_SECRET_KEY=sk_test_... STRIPE_WEBHOOK_SECRET=whsec_... PORT=4100 ``` All env vars loaded via `env_file` directive in docker-compose. --- ## Routes Verified | Route | Method | Result | |-------|--------|--------| | `/health` | GET | 200 — status ok, postgres connected, stripe configured | | `/plans` | GET | 200 — 3 plans with Stripe price IDs | | `/signup` | POST | 201 — developer + license created | | `/auth/register` | POST | 201 — developer + session token | | `/stripe/webhook` | POST | 400 (no sig) / 200 (valid sig) — signature verification works | --- ## HTTPS Verification - `curl https://app.aiinvention.tech/health` → HTTP 200, SSL_VERIFY_RESULT=0 - Valid Let's Encrypt certificate issued by Traefik's ACME resolver - No certificate warnings --- ## What Is Still Pending For Phase 5 - Runtime switchover (point runtime nodes to real central SaaS instead of mock) - Mock removal (remove mock-central service and references) - Full end-to-end validation (register → trial → checkout → activate → runtime usage) - Production deployment hardening (health checks, resource limits, logging) - Database backup integration for central SaaS data --- ## Blockers Found **None.** Phase 4 is complete. The central SaaS is live and reachable.