VPS Deploy

Deploy any application to any VPS — from bare server to production with SSL — in one session.

When to Use

• - User has a VPS (Ubuntu/Debian) and wants to deploy an application
• User says "deploy to VPS", "set up my server", "go to production"
• User has a running app locally and wants it live on a server
• User needs SSL, Nginx, Docker setup on a VPS

When NOT to Use

• - Deploying to Vercel, Netlify, or other managed platforms (use their CLIs)
• Deploying to Kubernetes (use /k8s-deploy if it exists)
• The user just wants to push code (use git push)

Prerequisites

• - SSH access to a VPS (IP address + root or sudo credentials)
• A domain pointed to the VPS IP (for SSL — can skip SSL if no domain)
• The app must have a Dockerfile or be deployable via Docker

Execution Flow

Phase 1: Gather Information

Ask the user for (skip what you can detect):

1. 1. VPS IP address and SSH credentials (root password or key path)
2. Domain name (optional — needed for SSL)
3. Application type — detect from the current directory if possible:

1. 4. Port the app runs on (detect from Dockerfile EXPOSE, or ask)
2. Environment variables needed (check .env.local, .env.example)
3. Database requirements (Postgres, MySQL, Redis, MongoDB — detect from dependencies)

Phase 2: Server Setup (SSH into VPS)

Run these via ssh root@<IP> commands. Chain with && for safety.

2a. System Update

2b. Create Deploy User

2c. SSH Hardening

CRITICAL: Before disabling root login, verify the deploy user can SSH in. Test in a separate connection. If the user doesn't have SSH keys set up, help them first.

2d. Firewall (UFW)

2e. Install Docker

2f. Install Docker Compose (v2)

Phase 3: Application Deployment

3a. Generate Dockerfile (if none exists)

Detect the stack and generate an appropriate multi-stage Dockerfile:

Node.js / Next.js:
CODEBLOCK6

Python (FastAPI/Flask):
CODEBLOCK7

Adapt based on what you detect in the project.

3b. Generate docker-compose.yml

Generate a production-grade compose file. Include:

CODEBLOCK8

Key rules:

• - Always bind app port to 127.0.0.1 (Nginx handles external traffic)
• Always include health checks
• Always include resource limits
• Always include logging limits
• Always use INLINECODE12
• Never expose database ports to the host

3c. Transfer Files to VPS

CODEBLOCK9

3d. Build and Start

CODEBLOCK10

Phase 4: Nginx Reverse Proxy

CODEBLOCK11

Phase 5: SSL Certificate (Let's Encrypt)

Skip if no domain provided.

CODEBLOCK12

Phase 6: Verification

Run these checks and report results:

CODEBLOCK13

Report to the user:

• - Container status (running/healthy)
• HTTP response code
• SSL expiry date
• URL to visit

Safety Rules

• - NEVER disable the firewall without asking
• NEVER expose database ports to the internet
• ALWAYS verify SSH access with the deploy user BEFORE disabling root login
• ALWAYS back up existing Nginx configs before overwriting
• ALWAYS run nginx -t before reloading Nginx
• ALWAYS ask before running destructive commands (rm, drop, etc.)
• If anything fails, stop and tell the user what went wrong. Don't chain workarounds.

Troubleshooting

• - Port already in use: lsof -i :<port> to find what's using it
• Docker build fails: Check Dockerfile, show build logs
• SSL fails: Verify domain DNS points to VPS IP (dig <domain>)
• App crashes: docker compose logs -f to show logs
• Can't SSH as deploy user: Don't disable root login yet, fix keys first

Post-Deploy Checklist

Tell the user to:

1. 1. Set up monitoring (suggest Uptime Kuma)
2. Configure automated backups for database volumes
3. Set up log rotation (already configured in compose)
4. Consider a CI/CD pipeline (suggest /ci-gen skill)
5. Add the domain to their DNS if not done