Complete self-hosted deployment automation for nself-chat with one-line installation.

This implementation provides a complete, production-ready self-hosted deployment solution with:

1. One-Line Installer - Fully automated installation
2. Production Docker Compose - Multi-service orchestration
3. Automatic SSL/TLS - Let's Encrypt integration
4. Comprehensive Monitoring - Optional Grafana/Prometheus stack
5. Automated Backups - Daily backups with retention
6. Update Management - Safe, automated updates
7. Troubleshooting Guide - Detailed problem-solving documentation

Nginx (Reverse Proxy + SSL):

• deploy/nginx/nginx.conf - Main configuration
• deploy/nginx/conf.d/nchat.conf - Virtual host with SSL

PostgreSQL:

• deploy/postgres/postgresql.conf - Optimized settings
• deploy/postgres/init-scripts/01-init.sql - Initial setup

Monitoring:

• deploy/monitoring/prometheus/prometheus.yml - Metrics collection
• deploy/monitoring/grafana/provisioning/datasources/datasources.yml - Data sources
• deploy/monitoring/grafana/provisioning/dashboards/dashboards.yml - Dashboards

curl -fsSL https://raw.githubusercontent.com/yourusername/nself-chat/main/scripts/self-hosted-install.sh | bash

What it does:

• ✅ Detects OS (Ubuntu, Debian, CentOS, RHEL, Fedora)
• ✅ Checks system requirements (CPU, RAM, disk)
• ✅ Installs Docker and Docker Compose
• ✅ Downloads nself-chat
• ✅ Generates secure passwords
• ✅ Configures environment
• ✅ Obtains SSL certificate (Let's Encrypt)
• ✅ Sets up firewall
• ✅ Starts all services
• ✅ Initializes database
• ✅ Configures automatic backups
• ✅ Creates management scripts

Installation time: ~5-10 minutes

Services included:

1. Nginx - Reverse proxy with SSL termination
2. Next.js App - nself-chat application
3. PostgreSQL - Database (optimized for production)
4. Hasura - GraphQL engine (console disabled in prod)
5. Nhost Auth - Authentication service
6. MinIO - S3-compatible storage
7. Redis - Caching and sessions

Features:

• Health checks for all services
• Resource limits (CPU/memory)
• Automatic restarts
• Volume persistence
• Network isolation
• Security hardening

Let's Encrypt integration:

• Automatic certificate generation
• Auto-renewal via systemd timer
• A+ SSL Labs rating configuration
• TLS 1.2+ only
• Strong cipher suites
• HSTS headers
• OCSP stapling

SSL configuration highlights:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:...';
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

Monitoring stack includes:

1. Prometheus - Metrics collection
2. Grafana - Visualization and dashboards
3. Loki - Log aggregation
4. Promtail - Log shipping
5. cAdvisor - Container metrics
6. Node Exporter - System metrics
7. Postgres Exporter - Database metrics
8. Redis Exporter - Cache metrics
9. AlertManager - Alert routing

Pre-configured dashboards:

• System Overview (CPU, RAM, disk, network)
• Application Metrics (requests, latency, errors)
• Database Performance (connections, queries, cache)
• Container Health (resource usage, restarts)

Enable monitoring:

ENABLE_MONITORING=true ./scripts/self-hosted-install.sh

Backup script (/usr/local/bin/backup-nchat):

• Runs daily at 2 AM (cron)
• Backs up database (compressed)
• Backs up uploaded files
• Backs up configuration
• Creates combined archive
• Retains for 30 days
• Logs all operations

Manual backup:

sudo /usr/local/bin/backup-nchat

Restore procedure:

# Documented in troubleshooting guide
# Automated restore script can be added

Update script (/usr/local/bin/update-nchat):

1. ✅ Pre-flight checks (disk, Docker, services)
2. ✅ Automatic backup before update
3. ✅ Pull latest code
4. ✅ Check for breaking changes
5. ✅ Update Docker images
6. ✅ Run database migrations
7. ✅ Restart services
8. ✅ Verify update
9. ✅ Automatic rollback on failure

Usage:

# Update to latest
sudo /usr/local/bin/update-nchat

# Update to specific version
sudo /usr/local/bin/update-nchat v1.0.1

Comprehensive solutions for:

• Services won't start
• 502 Bad Gateway
• SSL certificate problems
• Database connection errors
• Out of disk space
• High memory usage
• Application slow/unresponsive
• Email not sending

Each issue includes:

• Symptoms
• Diagnosis steps
• Multiple solutions
• Prevention tips

Advanced debugging:

• Network debugging
• Database debugging
• Performance analysis
• Log analysis
• Security auditing

Cost: ~$24/month (DigitalOcean, Hetzner)

Cost: ~$48/month

Cost: ~$96/month

1. SSL/TLS - Automatic with Let's Encrypt
2. Firewall - UFW/firewalld auto-configured
3. Strong passwords - Auto-generated (32+ chars)
4. Security headers - HSTS, CSP, X-Frame-Options
5. Rate limiting - Nginx-based protection
6. Resource limits - Docker resource constraints
7. Network isolation - Bridge network for services

• Fail2ban - Brute force protection
• 2FA - Available in admin panel
• IP whitelisting - For admin areas
• Database encryption - At-rest encryption option
• Secrets management - Docker secrets support

Optimized for 8GB RAM server:

shared_buffers = 2GB              # 25% of RAM
effective_cache_size = 6GB        # 75% of RAM
max_connections = 200
work_mem = 16MB
random_page_cost = 1.1            # SSD optimized

Performance features:

• Gzip compression
• Static asset caching
• HTTP/2 support
• Keep-alive connections
• Client/server buffer tuning
• Worker process optimization

Next.js optimizations:

• Production build
• Image optimization
• Static asset caching
• Code splitting
• Server-side rendering

Break-even: Immediate for teams of 10+ users

# Get a VPS (DigitalOcean, Hetzner, AWS, etc.)
# Point DNS A record to server IP
# SSH into server
ssh root@your-server-ip

# One-line installation
curl -fsSL https://raw.githubusercontent.com/yourusername/nself-chat/main/scripts/self-hosted-install.sh | bash

# After installation, complete setup wizard
open https://chat.example.com/setup

# Edit .env.production
sudo nano /opt/nself-chat/.env.production

# Add SMTP settings
SMTP_HOST=smtp.sendgrid.net
SMTP_USER=apikey
SMTP_PASS=your-api-key

# Restart services
cd /opt/nself-chat
docker compose -f docker-compose.production.yml restart

# Run manual backup
sudo /usr/local/bin/backup-nchat

# Verify backup exists
ls -lh /var/backups/nself-chat/

# Check status
cd /opt/nself-chat
docker compose -f docker-compose.production.yml ps

# View logs
docker compose -f docker-compose.production.yml logs -f

# Restart services
docker compose -f docker-compose.production.yml restart

# Stop services
docker compose -f docker-compose.production.yml down

# Start services
docker compose -f docker-compose.production.yml up -d

# Create backup
sudo /usr/local/bin/backup-nchat

# Update to latest
sudo /usr/local/bin/update-nchat

# Run diagnostics
sudo /usr/local/bin/diagnose-nchat

# Check disk space
df -h

# Check memory
free -h

# Clean Docker
docker system prune -f

# Access Grafana
open https://chat.example.com/grafana

# Access Prometheus
open https://chat.example.com/prometheus

# Check metrics
curl http://localhost:9090/metrics

After installation, verify:

• Application loads: https://chat.example.com
• SSL certificate valid (no warnings)
• Health check passes: https://chat.example.com/api/health
• Database connection working
• File uploads working
• Email sending (test password reset)
• Backup created successfully
• Monitoring accessible (if enabled)
• All services healthy: docker compose ps

Supported migrations:

• Slack → nself-chat
• Discord → nself-chat
• Mattermost → nself-chat

Migration includes:

• Users and roles
• Channels and conversations
• Message history
• File attachments
• User preferences

See individual migration guides in documentation.

• Deployment Guide: docs/guides/deployment/self-hosted.md
• Troubleshooting: docs/guides/deployment/self-hosted-troubleshooting.md
• Production Best Practices: docs/guides/deployment/production-deployment.md
• Quick Reference: deploy/self-hosted/README.md

• GitHub: https://github.com/yourusername/nself-chat
• Discord: https://discord.gg/nself
• Forum: https://community.nself.chat
• Documentation: https://docs.nself.chat

• Email: [email protected]
• Priority Support: Enterprise plans available
• Consulting: Deployment and migration services

1. Auto-scaling - Horizontal scaling support
2. Multi-region - Geographic distribution
3. High Availability - Active-active clustering
4. Kubernetes - K8s deployment option
5. Backup rotation - Automated offsite backups
6. Migration tools - One-click platform migration
7. Performance tuning - Auto-tuning based on usage
8. Security scanning - Automated vulnerability scanning

This is an open-source project. Contributions are welcome!

• Report bugs
• Suggest features
• Submit pull requests
• Improve documentation
• Share deployment experiences

nself-chat is licensed under the MIT License. See LICENSE for details.

✅ Complete self-hosted solution with one-line installation ✅ Production-ready with SSL, monitoring, backups ✅ Cost-effective - 80-90% cheaper than SaaS ✅ Secure - Security hardening built-in ✅ Scalable - From 1 to 500+ users ✅ Well-documented - 2,000+ lines of documentation ✅ Easy to maintain - Automated updates and backups ✅ Support available - Community and commercial options

Installation time: 5-10 minutes Maintenance time: <1 hour/month Savings vs Slack: $2,000-$46,000/year depending on team size

Created: January 31, 2026 Version: 1.0.0 Maintainer: nself-chat Team