Deployment Guide

Target Environment

Hetzner cax11 ARM64 — 2 vCPU Ampere, 4GB RAM, 40GB SSD, ~€3.29/month.

This is enough to serve the website, docs, demos, and initial platform for hundreds of concurrent users.

What Gets Deployed

/var/www/siliconghetto/
├── site/     # Marketing website (Astro static output)
├── docs/     # Documentation site (Astro static output)
├── demos/    # WASM demo bundles + HTML shells
└── games/    # Future: published game bundles

All outputs are static files. No application server required for the initial deployment.

Build Process

# From repo root
./infra/scripts/build-all.sh

# Outputs to dist/
# dist/site/   → website static files
# dist/docs/   → docs static files
# dist/demos/  → demo WASM bundles with HTML

Deploy Process

# Deploy to production
./infra/deploy/deploy.sh production

# This will:
# 1. Backup current deployment
# 2. rsync new files to server
# 3. Verify HTTP response
# 4. Check COOP/COEP headers

Reverse Proxy

Choose Nginx or Caddy:

Caddy: Simpler config, automatic TLS. Recommended for new setups.
Nginx: More control, wider documentation. Good if already familiar.

Config templates are in infra/reverse-proxy/.

Required Security Headers

Every response must include:

Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

These enable SharedArrayBuffer for future WASM multithreading. Without them, threading won’t work. See ADR-003.

TLS

Use Let’s Encrypt via:

Caddy (automatic, zero config)
Certbot with Nginx (certbot --nginx)

Static Asset Caching

Asset Type	Cache Policy
`.wasm`	`public, max-age=31536000, immutable`
`.js`, `.css`	`public, max-age=31536000, immutable`
`.png`, `.jpg`, `.webp`	`public, max-age=2592000`
`.html`	`no-cache` (always revalidate)

Rollback

Deployments create timestamped backups:

# List backups
ssh siliconghetto@server ls /var/backups/siliconghetto/

# Rollback
ssh siliconghetto@server \
  tar xzf /var/backups/siliconghetto/site-20260314-120000.tar.gz \
  -C /var/www/siliconghetto/

Monitoring

# Nginx access logs
journalctl -u nginx -f

# Disk usage
ssh siliconghetto@server df -h

# Check headers
curl -I https://siliconghetto.com/

Future: Object Storage

When game publishing launches, artifacts will be stored in S3-compatible object storage (e.g., Hetzner Object Storage at ~€0.005/GB/month). Objects must include:

Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Origin: https://siliconghetto.com