Update docs

.github/copilot-instructions.md

@@ -74,6 +74,13 @@
 - Use clear cross-references between related documentation files
 - Update the main architecture document when workflow structure changes
 
+### Database Schema Documentation
+- **Keep it current**: When adding or modifying Sequelize models, update `mie-opensource-landing/docs/developers/database-schema.md`
+- **Update the ER diagram**: Add new entities and relationships to the Mermaid diagram
+- **Document all fields**: Include field names, types, constraints, and purpose
+- **Document relationships**: Specify all foreign keys and associations (hasMany, belongsTo, etc.)
+- **Explain patterns**: If using special patterns (STI, polymorphism, etc.), document the reasoning
+
 ## Working with GitHub Actions Workflows
 
 ### Development Philosophy

.github/workflows/docker-build-push.yml

@@ -0,0 +1,60 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: mieweb/opensource-server
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract branch name
+        id: branch
+        run: echo "name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            OPENSOURCE_SERVER_BRANCH=${{ steps.branch.outputs.name }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Makefile

@@ -1,4 +1,4 @@
-.PHONY: install install-create-container install-pull-config help
+.PHONY: install install-create-container install-pull-config install-docs help
 
 help:
 	@echo "opensource-server installation"
@@ -7,17 +7,26 @@ help:
 	@echo "  make install                - Install all components"
 	@echo "  make install-create-container - Install create-a-container web application"
 	@echo "  make install-pull-config    - Install pull-config system"
+	@echo "  make install-docs           - Install documentation server"
 	@echo ""
 
-install: install-create-container install-pull-config
+install: install-create-container install-pull-config install-docs
 
 install-create-container:
 	cd create-a-container && npm install --production
 	cd create-a-container && npm run db:migrate
-	install -m644 -oroot -groot create-a-container/container-creator.service /etc/systemd/system/container-creator.service
+	install -m644 -oroot -groot create-a-container/systemd/container-creator.service /etc/systemd/system/container-creator.service
 	systemctl daemon-reload || true
 	systemctl enable container-creator.service
 	systemctl start container-creator.service || true
 
 install-pull-config:
 	cd pull-config && bash install.sh
+
+install-docs:
+	cd mie-opensource-landing && npm install --production
+	cd mie-opensource-landing && npm run build
+	install -m644 -oroot -groot mie-opensource-landing/systemd/opensource-docs.service /etc/systemd/system/opensource-docs.service
+	systemctl daemon-reload || true
+	systemctl enable opensource-docs.service
+	systemctl start opensource-docs.service || true

create-a-container/views/nginx-conf.ejs

@@ -201,6 +201,69 @@ http {
     # Return 404 for all requests
     return 404;
   }
+
+  # Bare domain <%= domain.name %> - proxies to docs site
+  server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    listen 443 quic;
+    listen [::]:443 quic;
+    http2 on;
+    http3 on;
+
+    server_name <%= domain.name %>;
+
+    # SSL certificates from lego
+    ssl_certificate /opt/opensource-server/create-a-container/certs/certificates/<%= domain.name %>.crt;
+    ssl_certificate_key /opt/opensource-server/create-a-container/certs/certificates/<%= domain.name %>.key;
+
+    # Modern TLS configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+    ssl_prefer_server_ciphers off;
+
+    # SSL session optimization
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_session_tickets off;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Alt-Svc 'h3=":443"; ma=86400' always;
+
+    # Proxy to documentation site
+    location / {
+      proxy_pass http://localhost:2998;
+      proxy_http_version 1.1;
+
+      # Proxy headers
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Host $host;
+      proxy_set_header X-Forwarded-Port $server_port;
+
+      # WebSocket support
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+
+      # Timeouts
+      proxy_connect_timeout 60s;
+      proxy_send_timeout 60s;
+      proxy_read_timeout 60s;
+
+      # Buffering (disable for SSE/streaming)
+      proxy_buffering off;
+      proxy_request_buffering off;
+
+      # Allow large uploads
+      client_max_body_size 100M;
+    }
+  }
   <%_ }) _%>
 }
 

mie-opensource-landing/.env.example

@@ -0,0 +1,7 @@
+# Proxmox Web GUI URL
+# Example: https://your-proxmox-server:8006
+PROXMOX_URL=https://opensource.mieweb.org:8006
+
+# Container Creation Web GUI URL
+# Example: https://create-container.your-domain.com
+CONTAINER_CREATION_URL=https://create-a-container.opensource.mieweb.org

mie-opensource-landing/.gitignore

@@ -10,6 +10,7 @@
 
 # Misc
 .DS_Store
+.env
 .env.local
 .env.development.local
 .env.test.local

mie-opensource-landing/README.md

@@ -1,3 +1,27 @@
 # MIE Open Source Landing Page
 
-A modern, responsive landing page showcasing MIE's open source initiatives, built with [Docusaurus](https://docusaurus.io/). Features container management tools, Proxmox Launchpad CI/CD integration, and comprehensive documentation.
+A modern, responsive landing page showcasing MIE's open source initiatives, built with [Docusaurus](https://docusaurus.io/). Features container management tools, Proxmox Launchpad CI/CD integration, and comprehensive documentation.
+
+## Configuration for Self-Hosted Deployments
+
+This documentation site is designed to work for both MIE's hosted deployment and self-hosted instances. URLs for Proxmox and container creation services are parameterized.
+
+### Environment Variables
+
+Copy `.env.example` to `.env` and update the URLs for your deployment:
+
+```bash
+cp .env.example .env
+```
+
+Then edit `.env` with your instance URLs:
+
+```env
+# Your Proxmox Web GUI URL
+PROXMOX_URL=https://your-proxmox-server:8006
+
+# Your Container Creation Web GUI URL
+CONTAINER_CREATION_URL=https://your-container-creation-url.com
+```
+
+These URLs will be used throughout the documentation and site interface automatically.

mie-opensource-landing/docs/admins/_category_.json

@@ -0,0 +1,5 @@
+{
+  "label": "Admins",
+  "position": 3,
+  "collapsed": false
+}

mie-opensource-landing/docs/admins/concepts.md

@@ -0,0 +1,51 @@
+---
+sidebar_position: 2
+---
+
+# Core Concepts
+
+Understanding the data model and organizational structure is essential for effectively administering the MIE Opensource Proxmox Cluster. This section covers the key concepts you'll work with daily.
+
+## Organizational Hierarchy
+
+The cluster management system is organized hierarchically:
+
+**Sites** → **Nodes** → **Containers**
+
+Each level serves a specific purpose in managing your infrastructure.
+
+## Key Concepts
+
+### [Users & Groups →](users-and-groups)
+
+User accounts and group-based permissions for access control and LDAP authentication.
+
+### [Sites →](sites)
+
+Top-level organization units that define network configuration and house nodes and containers.
+
+### [External Domains →](external-domains)
+
+Domain configuration for exposing HTTP services with automatic SSL/TLS certificate management.
+
+### [Nodes →](nodes)
+
+Individual Proxmox VE servers within a site that host containers.
+
+### [Containers →](containers)
+
+Linux containers (LXC) running on nodes - see the [User Documentation](/docs/users/creating-containers/web-gui) for creation guides.
+
+---
+
+## Getting Started
+
+New administrators should configure these elements in order:
+
+1. **Users & Groups**: Set up your team's accounts and permissions
+2. **Sites**: Create your first site with network configuration
+3. **External Domains**: Configure domains for service exposure (optional)
+4. **Nodes**: Import or add your Proxmox nodes
+5. **Containers**: Begin deploying containers for your users
+
+Each concept page includes detailed explanations and step-by-step guides for using the web interface.