deploy: switch from Coolify to direct VPS deploy (nginx + systemd)

- nginx.conf: add proxy for /api, /admin, /robots.txt, /sitemap.xml to Fastify:3001
- deploy.sh: one-command rsync + build + restart
- deploy/setup.sh: first-time VPS setup (node, pnpm, nginx, systemd)
- deploy/rebours.service: systemd unit for Fastify server

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

deploy.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VPS="ordinarthur@10.10.0.13"
+APP_DIR="/var/www/html/rebours"
+
+echo "🚀 Deploying rebours..."
+
+# 1. Sync source code
+rsync -avz --delete \
+  --exclude node_modules \
+  --exclude .env \
+  --exclude dist \
+  --exclude .git \
+  ./ "$VPS:$APP_DIR/"
+
+# 2. Install deps, migrate, build, restart
+ssh "$VPS" "cd $APP_DIR && \
+  pnpm install --frozen-lockfile && \
+  pnpm prisma migrate deploy && \
+  pnpm build && \
+  sudo systemctl restart rebours"
+
+echo "✅ Live → https://rebours.studio"

deploy/rebours.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Rebours Fastify Server
+After=network.target
+
+[Service]
+Type=simple
+User=ordinarthur
+WorkingDirectory=/var/www/html/rebours
+EnvironmentFile=/var/www/html/rebours/.env
+Environment=NODE_ENV=production
+Environment=PORT=3001
+ExecStart=/usr/bin/node server.mjs
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

deploy/setup.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# First-time VPS setup for rebours
+# Run: bash deploy/setup.sh
+
+VPS="ordinarthur@10.10.0.13"
+APP_DIR="/var/www/html/rebours"
+
+echo "🔧 Setting up rebours on $VPS..."
+
+# 1. Sync project files
+rsync -avz --delete \
+  --exclude node_modules \
+  --exclude .env \
+  --exclude dist \
+  --exclude .git \
+  ./ "$VPS:$APP_DIR/"
+
+# 2. Setup on server
+ssh "$VPS" << 'REMOTE'
+  set -euo pipefail
+
+  # Node.js 22 + pnpm (skip if already installed)
+  if ! command -v node &>/dev/null; then
+    curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
+    sudo apt-get install -y nodejs
+  fi
+  if ! command -v pnpm &>/dev/null; then
+    sudo corepack enable
+    sudo corepack prepare pnpm@latest --activate
+  fi
+
+  # nginx config
+  sudo cp /var/www/html/rebours/nginx.conf /etc/nginx/sites-available/rebours
+  sudo ln -sf /etc/nginx/sites-available/rebours /etc/nginx/sites-enabled/rebours
+  sudo nginx -t && sudo systemctl reload nginx
+
+  # systemd service
+  sudo cp /var/www/html/rebours/deploy/rebours.service /etc/systemd/system/rebours.service
+  sudo systemctl daemon-reload
+  sudo systemctl enable rebours
+
+  # permissions
+  sudo chown -R ordinarthur:www-data /var/www/html/rebours
+
+  echo "✅ VPS ready"
+REMOTE
+
+echo ""
+echo "📝 Next steps:"
+echo "   1. Create .env on the VPS:"
+echo "      ssh $VPS 'nano $APP_DIR/.env'"
+echo ""
+echo "      DATABASE_URL=postgresql://user:pass@host:5432/rebours"
+echo "      STRIPE_SECRET_KEY=sk_live_..."
+echo "      STRIPE_WEBHOOK_SECRET=whsec_..."
+echo "      DOMAIN=https://rebours.studio"
+echo "      ADMIN_EMAIL=..."
+echo "      ADMIN_PASSWORD=..."
+echo "      COOKIE_SECRET=..."
+echo ""
+echo "   2. Deploy: bash deploy.sh"
+echo ""
+echo "   3. NPM: forward rebours.studio → 10.10.0.13:80"

nginx.conf

@@ -5,33 +5,59 @@ server {
     root /var/www/html/rebours/dist;
     index index.html;
 
-    # HTML : jamais caché
-    location ~* \.html$ {
-        add_header Cache-Control "no-store";
+    # ── API proxy → Fastify ──────────────────────────────────────────────────
+    location /api/ {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    # Fichiers Astro avec hash dans _astro/ : cache long immutable
-    location ~* ^/_astro/ {
+    # ── SEO (dynamique depuis DB) ────────────────────────────────────────────
+    location = /robots.txt {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location = /sitemap.xml {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # ── Admin proxy → Fastify (AdminJS) ──────────────────────────────────────
+    location /admin {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # ── Cache : Astro hashed → immutable ─────────────────────────────────────
+    location /_astro/ {
         add_header Cache-Control "public, max-age=31536000, immutable";
     }
 
-    # CSS / JS sans hash (style.css, main.js) : revalidation à chaque visite
+    # ── Cache : CSS/JS sans hash → revalidation ─────────────────────────────
     location ~* \.(css|js)$ {
         add_header Cache-Control "no-cache";
     }
 
-    # Assets (images, fonts) : cache 7 jours
+    # ── Cache : assets → 7 jours ────────────────────────────────────────────
     location ~* \.(jpg|jpeg|png|gif|webp|svg|woff2|woff|ttf|ico)$ {
         add_header Cache-Control "public, max-age=604800";
     }
 
+    # ── HTML : jamais caché ──────────────────────────────────────────────────
+    location ~* \.html$ {
+        add_header Cache-Control "no-store";
+    }
+
+    # ── SPA fallback ─────────────────────────────────────────────────────────
     location / {
         try_files $uri $uri/ $uri.html /index.html;
     }
-
-    location /api/ {
-        proxy_pass http://127.0.0.1:3000;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
 }