Merge pull request #3 from matsjfunke/docker

Author: matsjfunke

.dockerignore

@@ -0,0 +1,89 @@
+# Git
+.git
+.gitignore
+.gitattributes
+
+# Docker
+Dockerfile*
+docker-compose*
+.dockerignore
+
+# Documentation
+*.md
+docs/
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+.conda/
+
+# IDEs
+.cursor/
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Testing
+.tox/
+.nox/
+.coverage
+.pytest_cache/
+htmlcov/
+.cache
+tests/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# Environment variables
+.env*
+env.prod.template
+
+# Logs
+*.log
+logs/
+
+# Temporary files
+*.tmp
+*.temp
+.tmp/
+.temp/

.github/workflows/deploy.yml

@@ -0,0 +1,63 @@
+name: Deploy to VPS
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Deploy to VPS
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.VPS_HOST }}
+          username: ${{ secrets.VPS_USERNAME }}
+          key: ${{ secrets.VPS_SSH_KEY }}
+          passphrase: ${{ secrets.VPS_SSH_KEY_PASSPHRASE }}
+          script: |
+            cd /opt/paperclip-mcp
+            git fetch origin main
+            git reset --hard origin/main
+
+            echo "🔄 Stopping containers..."
+            docker-compose down
+
+            echo "🏗️ Building containers..."
+            docker-compose build --no-cache
+
+            echo "🚀 Starting containers..."
+            docker-compose up -d
+
+            echo "⏳ Waiting for containers to start..."
+            sleep 10
+
+            echo "📊 Container status:"
+            docker-compose ps --format "table {{.Service}}\t{{.Status}}\t{{.Ports}}"
+
+            echo "📋 Recent logs from all services (filtered):"
+            docker-compose logs --tail=30 | grep -E "(ERROR|WARN|INFO|Ready|Starting|Listening)" | head -50
+
+            echo "🧹 Cleaning up..."
+            docker system prune -f
+
+      - name: Show specific service logs on failure
+        if: failure()
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.VPS_HOST }}
+          username: ${{ secrets.VPS_USERNAME }}
+          key: ${{ secrets.VPS_SSH_KEY }}
+          passphrase: ${{ secrets.VPS_SSH_KEY_PASSPHRASE }}
+          script: |
+            cd /opt/paperclip-mcp
+            echo "🔍 Filtered logs for debugging:"
+            echo "--- Traefik status ---"
+            docker-compose logs --tail=50 traefik | grep -E "(ERROR|WARN|Ready|Starting|tls|certificate)" | head -30
+            echo "--- Paperclip MCP status ---"
+            docker-compose logs --tail=50 paperclip-mcp | grep -E "(ERROR|WARN|Ready|Starting|Listening|Build)" | head -30

.github/workflows/ping-server.yml

@@ -0,0 +1,90 @@
+name: Ping MCP Server
+
+on:
+  schedule:
+    # Run once per day at 10:00 UTC
+    - cron: "0 10 * * *"
+  workflow_dispatch:
+
+jobs:
+  ping:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install fastmcp==2.11.0
+
+      - name: Create ping script
+        run: |
+          cat > ping_server.py << 'EOF'
+          import asyncio
+          import sys
+          import os
+          from datetime import datetime
+          from fastmcp.client.client import Client
+
+          async def ping_server():
+              server_url = 'https://paperclip.matsjfunke.com/mcp'
+              
+              print(f"🏓 Pinging MCP server at: {server_url}")
+              print(f"⏰ Timestamp: {datetime.now().isoformat()}")
+              
+              try:
+                  # Create client instance
+                  client = Client(server_url)
+                  
+                  # Connect and ping
+                  async with client:
+                      print("✅ Successfully connected to server")
+                      
+                      # Send ping
+                      ping_result = await client.ping()
+                      
+                      if ping_result:
+                          print("🎯 Ping successful! Server is responsive")
+                          return True
+                      else:
+                          print("❌ Ping failed! Server did not respond properly")
+                          return False
+                          
+              except Exception as e:
+                  print(f"💥 Error connecting to server: {str(e)}")
+                  print(f"🔧 Error type: {type(e).__name__}")
+                  return False
+
+          if __name__ == "__main__":
+              result = asyncio.run(ping_server())
+              if not result:
+                  sys.exit(1)
+          EOF
+
+      - name: Run ping test
+        run: python ping_server.py
+
+      - name: Report ping failure
+        if: failure()
+        run: |
+          echo "🚨 Server ping failed!"
+          echo "⚠️  This could indicate:"
+          echo "   - Server is down or not responding"
+          echo "   - Network connectivity issues"
+          echo "   - Server is overloaded"
+          echo "   - Configuration problems"
+          echo ""
+          echo "🔍 Check the deploy workflow and server logs for more details"
+
+      - name: Report ping success
+        if: success()
+        run: |
+          echo "✅ Server ping successful!"
+          echo "🟢 MCP server is healthy and responsive"

Dockerfile

@@ -0,0 +1,20 @@
+FROM python:3.12-slim-bullseye
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Update sources list and install packages (assuming these are needed for your app)
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends \
+    libgl1-mesa-glx \
+    libglib2.0-0 \
+    && apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN pip install --upgrade pip
+COPY ./src .
+
+EXPOSE 8000

docker-compose.prod.yml

@@ -0,0 +1,72 @@
+version: "3.8"
+
+services:
+  traefik:
+    image: traefik:v3.0
+    container_name: traefik
+    command:
+      - "--api.insecure=false" # Disable insecure API dashboard for production security
+      - "--providers.docker=true" # Auto-discover services via Docker labels
+      # Only expose services that explicitly set traefik.enable=true (security best practice)
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80" # HTTP entrypoint redirects to HTTPS
+      - "--entrypoints.websecure.address=:443" # HTTPS entrypoint
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true" # Automatic SSL certificate generation via Let's Encrypt TLS challenge
+      - "--certificatesresolvers.myresolver.acme.email=mats.funke@gmail.com" # Email required for Let's Encrypt certificate notifications and recovery
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" # SSL certificates persist across container restarts
+      # Force HTTP to HTTPS redirect for security (all traffic must be encrypted)
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik_letsencrypt:/letsencrypt # SSL certificates persist across container restarts
+    networks:
+      - web
+    restart: unless-stopped
+
+  paperclip-mcp:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: paperclip-mcp
+    command: python server.py
+    labels:
+      - "traefik.enable=true"
+
+      # Define service first to avoid Traefik auto-generating conflicting services
+      - "traefik.http.services.paperclip-mcp.loadbalancer.server.port=8000"
+
+      # MCP server route - accessible via HTTPS
+      - "traefik.http.routers.paperclip-mcp.rule=Host(`paperclip.matsjfunke.com`)"
+      - "traefik.http.routers.paperclip-mcp.entrypoints=websecure"
+      - "traefik.http.routers.paperclip-mcp.tls.certresolver=myresolver"
+      - "traefik.http.routers.paperclip-mcp.service=paperclip-mcp"
+
+      # CORS headers required for MCP protocol compatibility with AI clients
+      - "traefik.http.middlewares.mcp-cors.headers.accesscontrolallowmethods=GET,POST,OPTIONS,PUT,DELETE"
+      - "traefik.http.middlewares.mcp-cors.headers.accesscontrolallowheaders=Content-Type,Authorization,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,mcp-session-id"
+      - "traefik.http.middlewares.mcp-cors.headers.accesscontrolalloworiginlist=*"
+      - "traefik.http.middlewares.mcp-cors.headers.accesscontrolmaxage=86400"
+
+      # Apply CORS middleware to the router
+      - "traefik.http.routers.paperclip-mcp.middlewares=mcp-cors"
+
+    networks:
+      - web
+    restart: unless-stopped
+    depends_on:
+      - traefik
+    environment:
+      - PYTHONPATH=/app
+
+volumes:
+  # Named volume for Let's Encrypt certificates persistence across container restarts
+  traefik_letsencrypt:
+
+networks:
+  # Internal network for container communication (external=false for security)
+  web:
+    external: false

docker-compose.yml

@@ -0,0 +1,13 @@
+version: "3.8"
+
+services:
+  paperclip:
+    build:
+      context: .
+    image: paperclip-image
+    container_name: paperclip
+    ports:
+      - 8000:8000
+    volumes:
+      - ./:/app # mount local backend dir to /app in container to enable live reloading of code changes
+    command: watchmedo auto-restart --patterns="*.py" --recursive -- python src/server.py --transport http --host 0.0.0.0 --port 8000