Skip to content

ops4life/wise-synth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
code
code
 
 
kuma
kuma
 
 
monitoring
monitoring
 
 
n8n
n8n
 
 
openclaw
openclaw
 
 
portainer
portainer
 
 
scripts
scripts
 
 
traefik
traefik
 
 
vault
vault
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
start.sh
start.sh
 
 
stop.sh
stop.sh
 
 

Repository files navigation

wise-synth

Self-hosted Docker Compose stack with Traefik reverse proxy and automatic TLS via Let's Encrypt. Each service is routed automatically under your domain — no manual certificate management needed.

Services

  • traefik/ — Reverse proxy, TLS termination, HTTP→HTTPS redirect, root-domain landing page
  • kuma/ — Uptime Kuma
  • monitoring/ — Monitoring Stack
  • n8n/ — n8n
  • portainer/ — Portainer
  • vault/ — HashiCorp Vault
  • openclaw/ — OpenClaw
  • code/ — Code Server

Prerequisites

The target server must have:

  • git — used by the deploy workflow to clone/pull the repo
  • docker + Docker Compose plugin — container runtime and orchestration
  • Traefik running with the traefik-net external Docker network

First-time setup

  1. Clone this repo onto your server and cd into it.
  2. Copy and edit the environment file for each service before starting:
for svc in traefik kuma monitoring n8n portainer vault openclaw code; do
  cp "$svc/.env.example" "$svc/.env"
done
# Edit each $svc/.env with your domain, passwords, API keys, etc.

Tip: If you skip this step, start.sh will auto-copy .env.example.env on first run and start the service immediately. Edit the generated files and re-run start.sh to apply your values.

  1. Point DNS for your domain to the server's IP address.
  2. Run:
./start.sh

Services start and provisioning runs automatically (Kuma monitors, n8n workflows, etc. where applicable). Services are available at https://<service>.<your-domain> once DNS propagates.

Note: .env files and data/ directories are gitignored — never committed to the repo.

Usage

Start all services:

./start.sh

Stop all services:

./stop.sh

start.sh creates the traefik-net Docker network if it doesn't exist, then starts each service in order.

CI/CD

.github/workflows/deploy.yml deploys to your server on every push to main.

Required repository secrets (Settings → Secrets and variables → Actions):

Secret Description
SERVER_SSH_PRIVATE_KEY Private SSH key for the runner to reach the server
SERVER_IP Server IP address
SERVER_DOMAIN Your domain, e.g. myapp.com — enables Traefik + TLS (omit for local mode)

The workflow also accepts a ssh_user dispatch input (default: root). Set it to ubuntu when deploying to EC2 Ubuntu 24.04 instances.

Two deployment modes:

  • Local — run ./start.sh without setting SERVER_DOMAIN. Services start on localhost ports with no TLS.
  • Production via CI — add SERVER_DOMAIN as a secret. The workflow injects it as TRAEFIK_HOST when running start.sh on the server, enabling Traefik routing and automatic TLS.

Getting your private key

EC2 / AWS key pair — paste the .pem file contents as SERVER_SSH_PRIVATE_KEY:

cat ~/your-key.pem   # paste the output into the secret

New deploy key — generate a dedicated key pair, add the public key to the server, then paste the private key as SERVER_SSH_PRIVATE_KEY:

ssh-keygen -t ed25519 -f ~/.ssh/deploy -N ""
ssh-copy-id -i ~/.ssh/deploy.pub <ssh_user>@<SERVER_IP>
cat ~/.ssh/deploy   # paste the output into the secret

To stop all services via CI: Actions → Deploy → Run workflow → action: stop.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages