← メール履歴一覧

Re: [CSplus/BukkenAiSearch-Next] 本番運用手順書(docs/deployment.md)を追加: VPS + Neon (PR #77)

受信Gmail同期2026/07/11 15:03
編集

未紐付けのメールです

連絡先を選択して紐付けると、連絡先・会社のメール履歴に表示されます

相手(連絡先)
-
会社
-
From(Gmail)
notifications@github.com
To / Cc(Gmail)
bukkenaisearch-next@noreply.github.com, koshiba@csplus.jp, author@noreply.github.com
作成日時
2026/07/12 11:08
更新日時
2026/07/12 11:08

本文

@chatgpt-codex-connector[bot] commented on this pull request. ### 💡 Codex Review Here are some automated review suggestions for this pull request. **Reviewed commit:** `0677d7fc0d` <details> <summary>ℹ️ About Codex in GitHub</summary> <br/> [Your team has set up Codex to review pull requests in this repo](https://chatgpt.com/codex/cloud/settings/general). Reviews are triggered when you - Open a pull request for review - Mark a draft as ready - Comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". </details> > +nano .env.production + +# DBマイグレーション適用(本番用・DIRECT_URL を使用) +npx prisma migrate deploy **<sub><sub>![P1 Badge](https://img.shields.io/badge/P1-orange?style=flat)</sub></sub> Load production env before running Prisma commands** With the documented flow, only `.env.production` is created before `npx prisma migrate deploy`, but these commands are not run through Next.js. Prisma needs `DATABASE_URL`/`DIRECT_URL` in the process environment or a Prisma-loaded `.env`, and `scripts/seed-initial-admin.mjs` explicitly loads only `.env` and `.env.local`; on a clean VPS this sequence will fail at migrate/seed with missing database env vars. Either create/export an env file those commands load or source `.env.production` before running them. Useful? React with 👍 / 👎. > +```bash +sudo systemctl restart ssh +``` +> ⚠️ 反映前に「別のターミナルで鍵ログインできること」を必ず確認してから既存セッションを閉じる。 + +--- + +## 6. Firewall(UFW)設定 + +SSH と HTTP/HTTPS のみ許可し、アプリの 3000 番は外部公開しません(Nginx 経由でのみアクセス)。 + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +sudo ufw allow OpenSSH # 22 +sudo ufw allow 'Nginx Full' # 80, 443 **<sub><sub>![P2 Badge](https://img.shields.io/badge/P2-yellow?style=flat)</sub></sub> Open HTTP/HTTPS without the absent Nginx profile** In the fresh-server order shown here, Nginx is not installed until Section 13, so the `Nginx Full` UFW application profile is not available when this command runs. UFW will reject the rule while the block still proceeds to `ufw enable`, leaving ports 80/443 closed; Certbot's HTTP challenge and normal browser access will then fail until the firewall is fixed. Install Nginx before this step or allow `80/tcp` and `443/tcp` directly. Useful? React with 👍 / 👎. -- Reply to this email directly or view it on GitHub: https://github.com/CSplus/BukkenAiSearch-Next/pull/77#pullrequestreview-4676749058 You are receiving this because you authored the thread. Message ID: <CSplus/BukkenAiSearch-Next/pull/77/review/4676749058@github.com>