infrastructure
Infrastructure
Overview
| Component | Detail |
|---|---|
| Domain | icarus.eurekaendeavors.com |
| DNS | Configured, pointing to the gateway |
| Server | Same host as GitLab Omnibus (18.9.1-ee) |
| GitLab | git.eurekaendeavors.com |
| Portal process | systemd service, Gunicorn on port 8000 |
| SSL | Caddy (Let's Encrypt, automatic) |
Caddy
Caddy is already deployed on the gateway. Once the portal is live, it will be configured
to serve icarus.eurekaendeavors.com:
icarus.eurekaendeavors.com {
reverse_proxy localhost:8000
}
See Git Clone Proxy for the git.eurekaendeavors.com Caddy config
(git smart HTTP allowlist + redirect to new portal domain).
systemd Service
The portal runs as a systemd service:
[Unit]
Description=Icarus Portal
After=network.target
[Service]
User=portal
WorkingDirectory=/opt/icarus-portal
EnvironmentFile=/opt/icarus-portal/.env
ExecStart=/opt/icarus-portal/venv/bin/gunicorn "portal:create_app()" --bind 127.0.0.1:8000 --workers 4
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
Environment Variables
Stored in .env (never committed):
GITLAB_URL=https://git.eurekaendeavors.com
GITLAB_PAT=<personal access token>
SECRET_KEY=<flask secret key>
DATABASE_URL=sqlite:////opt/icarus-portal/portal.db
GitLab
- Version: 18.9.1-ee (Omnibus)
- Same server as the portal
- All repositories are private (group visibility: private)
- Web UI access restricted via Caddy (see Git Clone Proxy)
GitLab Group: icarus
| ID | Project | Visibility | Purpose |
|---|---|---|---|
| 1 | icarus/pets |
private | Pet editor Flask Blueprint |
| 2 | root/icarus-bug-reports |
private | In-app bug report intake (not in group) |
| 4 | icarus/prospects |
private | Prospect editor Flask Blueprint |
| 5 | icarus/data-catalog |
private | Data extraction scripts + generated JSON |
| 6 | icarus/portal |
private | This portal (gateway) |
| 7 | icarus/core |
private | Shared pip library (UE4 parser/serializer) |