Morphee Coolify Deployment Testing Guide

Version: 1.0 Date: February 15, 2026 Status: Ready for Testing

---

Overview

This guide covers testing the Morphee Coolify deployment stack locally before pushing to production. The test suite validates:

• ✅ Environment configuration (all required variables present and valid)
• ✅ Docker service startup and health
• ✅ Network connectivity between services
• ✅ Security hardening and best practices
• ✅ API endpoint functionality
• ✅ Deployment robustness (with and without state reset)

---

Quick Start

1. Test with Fresh Environment (Recommended First Run)

# Clean setup, build images, run full test suite
./scripts/test-coolify-deployment.sh fresh

2. Test with Full Reset (Clean Slate)

# Remove all containers and volumes, then test
./scripts/test-coolify-deployment.sh clean-reset

3. Test Robustness (No Reset)

# Run without cleanup to test persistence
./scripts/test-coolify-deployment.sh robust

4. Security Audit

# Comprehensive security check
./scripts/security-audit-coolify.sh

5. Environment Validation (Pre-deployment)

# Validate all required variables for target environment
./scripts/validate-coolify-env.sh --production

---

Detailed Usage

Test Coolify Deployment Script

Usage:

./scripts/test-coolify-deployment.sh [mode] [options]

Modes:

Mode	Purpose	When to Use
fresh	Start with fresh containers	First test run, CI/CD
clean-reset	Full cleanup + fresh start	Deep debugging, verification
robust	Keep existing state	Persistence testing, upgrades

Options:

Option	Purpose
--skip-tests	Skip smoke tests (faster iteration)
--debug	Enable debug logging
--timeout N	Custom health check timeout (seconds)
--help	Show help message

Examples:

# Fresh deployment with debugging
./scripts/test-coolify-deployment.sh fresh --debug

# Custom timeout
./scripts/test-coolify-deployment.sh fresh --timeout 600

# Skip tests for fast iteration
./scripts/test-coolify-deployment.sh fresh --skip-tests

# Test robustness with debugging
./scripts/test-coolify-deployment.sh robust --debug

What It Does:

1. Environment Validation — Checks Docker, Docker Compose, required files
2. Setup Environment Variables — Creates .env.coolify with required vars
3. Security Pre-flight — Validates security hardening settings
4. Docker Cleanup — Handles cleanup based on test mode
5. Start Services — Builds images and starts containers
6. Health Checks — Waits for all services to be healthy
7. Network Diagnostics — Tests connectivity between services
8. Smoke Tests — Validates API endpoints and basic functionality
9. Summary — Reports results and next steps

Output:

════════════════════════════════════════════════════════════
  Morphee Coolify Deployment Test Suite
════════════════════════════════════════════════════════════

[INFO] Test Mode: fresh
[INFO] Log File: .test-logs/coolify-test-20260215_120000.log

════════════════════════════════════════════════════════════
  Environment Validation
════════════════════════════════════════════════════════════

[✓] Docker found: Docker version 24.0.0
[✓] Docker Compose found: Docker Compose version 2.21.0
...

[✓] Coolify deployment test completed successfully!

---

Environment Validation Script

Usage:

./scripts/validate-coolify-env.sh [--production|--staging|--test]

Environments:

Environment	Purpose	Required Variables
--test	Local testing (default)	API URL, WS URL, CORS, Frontend URL, LLM key
--staging	Staging deployment	+ SMTP configuration
--production	Production deployment	+ Email, SSL, all integrations

Examples:

# Validate for local testing
./scripts/validate-coolify-env.sh --test

# Validate for staging
./scripts/validate-coolify-env.sh --staging

# Validate for production
./scripts/validate-coolify-env.sh --production

Checks:

• Required environment variables
• Optional environment variables
• Encryption key format (Fernet)
• URL format validation
• CORS configuration
• API key formats
• SMTP configuration
• Required files present
• Security concerns (placeholder values, test keys)
• Docker installation

---

Security Audit Script

Usage:

./scripts/security-audit-coolify.sh

Checks:

Category	Validations
Docker Security	Privileged mode, capability dropping, read-only filesystem, network isolation
Secrets Management	Hardcoded secrets, environment variable usage, vault references, database/Redis credentials
Network Security	Exposed ports, volume mounts, DNS configuration
Database Security	PostgreSQL version, SSL/TLS, backups, resource limits
Application Security	Security headers, rate limiting, CORS, health checks
SSL/TLS	HTTPS enforcement, TLS version, HSTS
Logging & Monitoring	Centralized logging, monitoring setup, audit logging

Output:

════════════════════════════════════════════════════════════
  Docker Security Configuration
════════════════════════════════════════════════════════════

[✓] Containers not running in privileged mode
[✓] Found cap_drop — capabilities are being restricted
[✓] no-new-privileges is set
...

════════════════════════════════════════════════════════════
  Security Audit Summary
════════════════════════════════════════════════════════════

Critical: 0
High: 2
Medium: 3
Low: 5
────────────────────────
Total: 10

[✓] Security audit passed with 3 medium and 5 low issues

---

Test Scenarios

Scenario 1: Fresh Local Deployment (Recommended First)

Purpose: Verify the Coolify stack works from scratch Time: ~5-10 minutes

./scripts/test-coolify-deployment.sh fresh

Expected Results:

• ✅ All containers start successfully
• ✅ All health checks pass
• ✅ Services communicate (backend ↔ DB, Redis, Auth)
• ✅ Frontend loads at http://localhost
• ✅ Backend API responds at http://localhost:8000/health

If it fails:

1. Check logs: cat .test-logs/coolify-test-*.log
2. View container logs: docker-compose -f docker-compose.coolify.yml logs [service]
3. Verify environment: ./scripts/validate-coolify-env.sh --test

---

Scenario 2: Full Reset Testing

Purpose: Verify deployment works from completely clean state Time: ~10-15 minutes

./scripts/test-coolify-deployment.sh clean-reset

What Gets Removed:

• All containers (running or stopped)
• All volumes (database, Redis, etc.)
• Orphaned networks
• Dangling images

Use When:

• You need to guarantee a clean slate
• Debugging persistent issues
• Verifying migrations work from scratch
• Before production deployment

---

Scenario 3: Robustness Testing

Purpose: Verify deployment persists and survives restarts Time: ~5-10 minutes per iteration

# First run
./scripts/test-coolify-deployment.sh robust

# Write some test data to backend/database...

# Run again to verify persistence
./scripts/test-coolify-deployment.sh robust

What It Tests:

• Containers restart without issues
• Data persists across restarts
• Services reconnect properly
• No orphaned resources accumulate

---

Scenario 4: Security Pre-flight

Purpose: Identify security issues before production Time: ~1 minute

./scripts/security-audit-coolify.sh

Expected: No CRITICAL or HIGH findings

Typical Issues to Fix:

• ⚠️ CORS too permissive
• ⚠️ SMTP not configured (if email needed)
• ⚠️ Database SSL disabled
• ℹ️ Read-only filesystem not enabled (optimization)
• ℹ️ Non-root user not specified (security best practice)

---

Environment Variables Reference

Required for All Environments

# API and Frontend URLs
VITE_API_URL=http://localhost:8000        # Backend API URL
VITE_WS_URL=ws://localhost:8000           # WebSocket URL
CORS_ORIGINS=http://localhost:5173        # CORS allowed origins
FRONTEND_URL=http://localhost:5173        # Frontend base URL

# Encryption (generate once, keep forever)
ENCRYPTION_KEY=<fernet-key>               # Run: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"

# LLM (at least one required)
ANTHROPIC_API_KEY=sk-ant-...              # Anthropic API key (recommended)
# OR
OPENAI_API_KEY=sk-...                     # OpenAI API key (alternative)

Required for Production

# SMTP (for email confirmation and notifications)
SMTP_HOST=smtp.resend.com
SMTP_PORT=587
SMTP_USER=resend
SMTP_PASS=<api-key>
SMTP_FROM=noreply@morphee.app

Optional

# Google OAuth (for Calendar/Gmail integrations)
GOOGLE_CLIENT_ID=<client-id>.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=<client-secret>
GOOGLE_REDIRECT_URI=http://localhost:8000/api/oauth/google/callback

# Push Notifications
APNS_KEY_ID=<apple-key-id>
APNS_TEAM_ID=<apple-team-id>
FCM_PROJECT_ID=<firebase-project-id>

# Application settings
LOG_LEVEL=DEBUG                            # DEBUG, INFO, WARNING, ERROR
NODE_ENV=test                              # test, staging, production

Auto-Generated by Coolify (Don't Set Manually)

These are created automatically by Coolify and persisted:

SERVICE_PASSWORD_POSTGRES          # PostgreSQL password
SERVICE_PASSWORD_REDIS             # Redis authentication password
SERVICE_REALBASE64_64_JWT          # Internal JWT signing secret
SERVICE_REALBASE64_64_GOTRUE-JWT   # Shared GoTrue JWT secret

---

Troubleshooting

Issue: "Docker is not installed"

Solution:

# macOS with Homebrew
brew install docker

# Or download from https://www.docker.com/products/docker-desktop

Issue: "Docker daemon is not running"

Solution:

# Start Docker Desktop (macOS/Windows) or daemon

# Linux
sudo systemctl start docker

Issue: "Health check failed for supabase-db"

Possible Causes:

• PostgreSQL initialization taking too long
• Port 5432 already in use
• Insufficient disk space

Solutions:

# Check if another PostgreSQL is running
lsof -i :5432

# Increase timeout
./scripts/test-coolify-deployment.sh fresh --timeout 600

# Check disk space
df -h

# Full reset
./scripts/test-coolify-deployment.sh clean-reset

Issue: "Backend can't connect to database"

Check:

# Verify backend logs
docker-compose -f docker-compose.coolify.yml logs backend

# Test database connectivity
docker-compose -f docker-compose.coolify.yml exec supabase-db pg_isready -U postgres

# Verify DATABASE_URL
docker-compose -f docker-compose.coolify.yml exec backend env | grep DATABASE_URL

Issue: "Frontend shows blank page"

Check:

# Check browser console for errors
# Verify build variables were applied
curl http://localhost | grep -i api_url

# Check frontend logs
docker-compose -f docker-compose.coolify.yml logs frontend

# Verify Vite proxy is working
curl -I http://localhost:8000/health

Issue: "CORS errors in browser"

Solution:

# Verify CORS_ORIGINS environment variable
echo $CORS_ORIGINS

# Should include your frontend URL
# http://localhost:5173,http://127.0.0.1:5173

# Update if needed
export CORS_ORIGINS="http://localhost:5173,http://localhost"
./scripts/test-coolify-deployment.sh fresh --skip-tests

Issue: "Encryption key validation failed"

Solution:

# Generate new encryption key
python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"

# Set it and retry
export ENCRYPTION_KEY="<generated-key>"
./scripts/test-coolify-deployment.sh fresh

---

Pre-Production Checklist

Before deploying to production, verify:

✅ Environment

• Environment validation passes: ./scripts/validate-coolify-env.sh --production
• Security audit passes: ./scripts/security-audit-coolify.sh
• Fresh deployment test passes: ./scripts/test-coolify-deployment.sh fresh
• Robust deployment test passes: ./scripts/test-coolify-deployment.sh robust

✅ Configuration

• ENCRYPTION_KEY is set and persisted
• ANTHROPIC_API_KEY is valid and active
• SMTP_* variables configured (if using email)
• CORS_ORIGINS restricted to production domains
• DATABASE_URL points to production database
• REDIS_URL points to production Redis

✅ Security

• No hardcoded secrets in code
• All environment variables use vault/secrets manager
• SSL/TLS certificates configured in Coolify
• Security headers configured (HSTS, CSP, etc.)
• Rate limiting enabled
• Database backups automated
• Monitoring/alerting configured

✅ Testing

• All smoke tests pass
• Manual sign-up and login works
• At least one integration configured (Calendar/Gmail)
• Chat with AI responds
• Tools (tasks, spaces) work
• Memory system works
• All critical paths tested

✅ Operations

• Backup procedure documented
• Incident response plan ready
• Log aggregation configured
• Monitoring dashboards set up
• Team access to Coolify UI configured
• Deployment runbook written

---

Performance Baseline

Typical deployment times:

Phase	Time
Environment setup	1-2 min
Docker build	3-5 min
Container startup	1-2 min
Health checks	2-3 min
Smoke tests	1-2 min
Total	8-15 min

If significantly slower, check:

• Disk I/O (migrations, logs)
• Network bandwidth (image pulls)
• System resources (CPU, RAM)

---

Integration with CI/CD

To integrate into GitHub Actions:

name: Test Coolify Deployment

on: [pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Validate environment
        run: ./scripts/validate-coolify-env.sh --test

      - name: Security audit
        run: ./scripts/security-audit-coolify.sh

      - name: Deploy and test
        run: ./scripts/test-coolify-deployment.sh fresh --timeout 600

---

Next Steps

1. Run Fresh Test: ./scripts/test-coolify-deployment.sh fresh
2. Review Logs: cat .test-logs/coolify-test-*.log
3. Run Security Audit: ./scripts/security-audit-coolify.sh
4. Fix Any Issues: Address findings from audit and tests
5. Test Robustness: ./scripts/test-coolify-deployment.sh robust
6. Document Results: Save logs and checklist
7. Deploy to Production: Follow COOLIFY_DEPLOYMENT.md

---

Support

Issues or questions?

1. Check logs: .test-logs/coolify-test-*.log
2. Review this guide: Implementation guides section
3. Check Coolify docs: https://coolify.io/docs
4. Open issue: GitHub repository

Key contacts:

• Deployment: deployment.md
• Architecture: architecture.md
• Troubleshooting: troubleshooting.md

---

Last Updated: February 15, 2026 Author: Claude Code Status: Ready for Production Testing