# AiSOC on Coolify

Self-host AiSOC on your own VPS using [Coolify](https://coolify.io) —
the open-source Heroku/Render alternative. **Free**, runs on any Linux
box with 4GB+ RAM.

## Why Coolify

If you've already self-hosted Coolify (e.g. on a $5/mo Hetzner box, a
homelab Proxmox VM, or an old laptop), AiSOC drops in via the existing
[`docker-compose.yml`](../../docker-compose.yml). No platform-specific
config needed — Coolify reads compose files natively.

This is the deploy path with the **lowest ongoing cost** ($5-10/mo for
the underlying VPS, $0 for Coolify itself) and the **highest
flexibility** (you control the host, the network, the storage, the
backups).

## What you'll deploy

The full AiSOC stack — including the optional storage tier (Kafka,
ClickHouse, OpenSearch, Neo4j, Qdrant) — because Coolify runs your
docker-compose unchanged. If you want the lean profile instead, comment
out those services in your compose file before importing.

| Profile | RAM needed | Use case |
|---|---|---|
| Lean (api + agents + web + realtime + Postgres + Redis) | 4 GB | Personal eval, small SOC pilots |
| Full (lean + Kafka + ClickHouse + OpenSearch + Neo4j + Qdrant) | 16 GB | Production-grade, full feature set |

## Prerequisites

1. A Linux VPS with 4 GB+ RAM (or 16 GB+ for the full stack). [Hetzner
   CPX21](https://www.hetzner.com/cloud) (€5.83/mo) is a good 4 GB
   option; CPX41 (€16.06/mo) handles the full stack.
2. A domain pointed at the VPS's public IP (Cloudflare, Namecheap, etc).
3. [Coolify installed](https://coolify.io/docs/installation) on the VPS:

   ```bash
   curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash
   ```

   Coolify gives you a UI at `http://<vps-ip>:8000` after ~3 minutes.

## Deploy walkthrough

### Step 1: Create a new project

Coolify dashboard → **+ New Project** → name it `aisoc` → **Create**.

### Step 2: Add AiSOC as a Docker Compose resource

1. Inside the project: **+ New Resource** → **Docker Compose Empty**.
2. **Source**: choose **Public Repository**.
3. **Repository URL**: `https://github.com/beenuar/AiSOC`
4. **Branch**: `main`
5. **Base Directory**: `/` (the repo root, where `docker-compose.yml` lives)
6. **Docker Compose File Location**: `docker-compose.yml`
7. Click **Save & Continue**.

### Step 3: Configure environment

Coolify shows the env vars detected from `docker-compose.yml`. Set:

```
# Demo / safety flags (recommended for first deploy)
AISOC_DEMO_MODE=true
AISOC_DEMO_TENANT=demo
ENVIRONMENT=demo

# Auto-generated by Coolify if you click "Generate"
JWT_SECRET=<click Generate>
POSTGRES_PASSWORD=<click Generate>

# Public URLs — replace with your domain
NEXT_PUBLIC_API_URL=https://api.aisoc.example.com
NEXT_PUBLIC_WS_URL=wss://realtime.aisoc.example.com
NEXT_PUBLIC_DEMO_MODE=true
NEXT_PUBLIC_DEMO_DEEPLINK=/cases/INC-RT-001?tab=ledger
NEXT_PUBLIC_DEMO_BANNER=Demo data resets daily. All write actions are disabled.
NEXT_PUBLIC_DEMO_AUTOLOGIN_EMAIL=demo@tryaisoc.com
NEXT_PUBLIC_DEMO_AUTOLOGIN_PASSWORD=aisoc-demo
```

Optional (only if you want LLM-backed agents instead of the
deterministic demo agent):

```
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
```

### Step 4: Wire up domains

For each public-facing service (`api`, `web`, `realtime`):

1. Coolify → service settings → **Domain**: enter
   `api.aisoc.example.com` (or whichever subdomain).
2. **Generate Certificate** — Coolify uses Caddy under the hood to issue
   Let's Encrypt certs automatically.
3. Make sure your DNS A record for `*.aisoc.example.com` points at the
   VPS IP.

The internal services (`agents`, `postgres`, `redis`, `kafka`,
`clickhouse`, etc.) don't need domains — they reach each other over
Coolify's internal Docker network.

### Step 5: Deploy

Click **Deploy**. Coolify:

1. Pulls the repo.
2. Reads `docker-compose.yml` and spins up the services in dependency
   order.
3. Issues TLS certs for the domains you set.
4. Starts streaming logs in the dashboard.

First deploy takes ~10-15 minutes (Docker image pulls + first build).

### Step 6: Pre-warm the demo

The api container's entrypoint runs `alembic upgrade head && python -m
app.scripts.seed_demo` on every start, so the demo tenant — including
the in-flight LockBit 3.0 ransomware investigation `INC-RT-001` — is
present before the service accepts traffic. The seeder is idempotent:
re-running against an already-seeded database is a cheap no-op that
refreshes the canonical 15 incidents.

If you ever need to re-seed manually, SSH into the VPS and run:

```bash
docker exec -it $(docker ps -qf "name=aisoc-api") \
  python -m app.scripts.seed_demo
```

Open `https://web.aisoc.example.com` — the onboarding hero loads with
the demo banner primed, and the **Try Demo** CTA deep-links to
`/cases/INC-RT-001?tab=ledger`.

## Disabling optional services

If you're on a 4 GB VPS, comment out these services in
`docker-compose.yml` *before* importing into Coolify (Coolify reads the
file as-is):

```yaml
# Comment out for the lean profile:
# kafka:
# zookeeper:
# clickhouse:
# opensearch:
# neo4j:
# qdrant:
```

And set the corresponding `AISOC_DISABLE_*=true` flags on the api and
agents services. The api degrades gracefully — alerts work, cases work,
the agent investigates, and the UI hides features that depend on the
disabled storage tier.

## Daily reset (optional)

Coolify has scheduled tasks built in. To rotate the demo daily:

1. Project → **+ New Resource** → **Service** → **Schedule**.
2. **Command**: `docker exec aisoc-api python -m app.scripts.seed_demo`
3. **Cron**: `0 0 * * *` (daily at 00:00 UTC).
4. **Save**.

## Backups (recommended)

Coolify ships native S3-compatible backups for Postgres. Project →
Postgres service → **Backups** tab → configure your S3 bucket → enable
daily snapshots. ~$1/mo for the storage, saves you from a corrupted
demo on a busy week.

## Updates

Coolify watches the GitHub repo by default. When `beenuar/AiSOC` ships
a new commit on `main`:

- **Auto-deploy** (default): Coolify pulls and redeploys within minutes.
- **Manual**: turn off auto-deploy in service settings, click **Deploy**
  when you want to update.

For a forked self-hosted setup, point Coolify at *your* fork instead so
you control when updates land.

## Why Coolify over raw `docker-compose up`

You absolutely *can* just SSH in and run `docker-compose up -d`. Coolify
adds:

- TLS via Let's Encrypt without configuring Caddy/Nginx by hand.
- Web UI for env var management (no editing `.env` over SSH).
- Auto-deploy on git push.
- Native backups.
- Resource graphs (CPU, RAM, disk per container).
- One-click rollback.
- Multi-project isolation (run AiSOC + your other side projects on the
  same box without port conflicts).

For a personal eval deploy, plain `docker-compose` is fine. For
"running this for my team", Coolify is worth the 3 minutes of setup.

## Troubleshooting

### "Out of memory" during deploy

You're on a 4 GB box trying to run the full stack (16 GB needed). Either
upgrade the VPS or comment out the optional services as described above.

### "Cannot get TLS certificate"

DNS hasn't propagated yet, or the A record points to the wrong IP. Wait
5 min, run `dig api.aisoc.example.com` and confirm it resolves to the
VPS IP, then retry the cert generation in the Coolify UI.

### "WebSocket connection failed" in browser console

Check that `NEXT_PUBLIC_WS_URL` uses `wss://` (not `ws://`) — once you
have TLS, plain `ws://` is blocked by browsers. The realtime service
also needs the **WebSocket** toggle enabled in Coolify's service
settings → **Network**.

### Web service shows "demo banner" but deeplink doesn't work

Run the seed (Step 6 above) — if it never executed, `INC-RT-001` doesn't
exist in Postgres yet, so the deeplink 404s. The seed is *not*
auto-triggered on Coolify the way it is on the Fly demo.

## Files

```
infra/coolify/
└── README.md       — this file (the only Coolify-specific artifact)
```

The actual deployment uses [`docker-compose.yml`](../../docker-compose.yml)
unchanged.

For the full deployment philosophy and platform comparison, see the
[main README](../../README.md#-deploy-in-one-click).