- WIP -
This is somewhat of an audio tool, that extracts certain instruments from a song
Until now it slices the first 5 seconds of a song and runs the result through the extraction process
-
As a customer I want to test the website with reduced functionality before i buy anything, to find out if this is useful for me
-
As customer I do not want to register but login with google facebook or github, because registration is tedious
-
As a entrepreneur I need a simple setup to let my user pay for additional functionality
-
As entrepreneur i want to have a bare bone application that provides
- authn
- payment
- payment2authz
- canceling subscriptions => revoke AuthZ
The idea is to have a modular application.
- behind a reverse proxy "traefik"
- a AuthN traefik middleware
- a potential stripe traefik middleware / or module (currently payment-module)
- a mechanism that assigns or revokes privileges to sso users based on subscription
- stripe products can contain metadata, a field roles/privileges could be added whose content would allow to set roles/privileges
- Note: this does not work for payment intents for subscriptions as metadata is not allowed there atm (mai/23)
- stripe products can contain metadata, a field roles/privileges could be added whose content would allow to set roles/privileges
- encrypt relevant keys
- maybe use mozilla SOPS https://poweruser.blog/how-to-encrypt-secrets-in-config-files-1dbb794f7352
- or "npm senv"
- add the correct .env variables for your provider
- if they where wrong docker-compose will show errors that the middleware does not exist
- get credentials like id and secret
- e.g. for Google and Redirect URIs
-
PROVIDERS_GOOGLE_CLIENT_ID=...
-
PROVIDERS_GOOGLE_CLIENT_SECRET=...
-
- e.g. for Google and Redirect URIs
pnpm i & docker-compose up --build
goto http://localhost after you started the application
click on "uploads" in the naviation
- https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs?hl=de
- Note but that would require setting up a load balancer via google and we as of now don't want that
- compare this stack to
- https://github.com/joysofcode/enterprise-stack
- https://vercel.com/templates/next.js/subscription-starter
- which is easier to deploy to vercel which definitely is a plus
- try to get traefik run with vercel by starting it as npm package & tubo app instead of through
-
https://cloud.google.com/community/tutorials/nginx-reverse-proxy-docker
-
https://letsencrypt.org/getting-started/
sudo apt install snapd sudo snap install core; sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot "stop webserver at port 80 if any" sudo certbot certonly --standalone "follow instructions"
-
https://doc.traefik.io/traefik/user-guides/docker-compose/acme-tls/
- problem: self signed
- solution wrong parameters see
-
register static ip and assign to compute engine
- problem ip currently dynamic > after restart dns record needs to be updated on cloud console
- https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address?hl=de
- update dns record (A)
- traefik-forward-auth seems to have problems with https -.-
- payment container seems broken when started on "compute engine"?
- will slow down host
- isolate container and see what we can find
-
test if we can remove the a record
-
setup remote desktop