proxmox/docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md

Sankofa Studio — E2E Flow (studio.sankofa.nexus → 192.168.11.72:8000)

Last Updated: 2026-02-28
Purpose: Execute the full E2E flow for Sankofa Studio (FusionAI Creator) at https://studio.sankofa.nexus.

---

Summary

Step	Action	Where
1	Deploy LXC 7805 + Docker + FusionAI Creator	Proxmox host or via SSH
2	Add NPMplus proxy: studio.sankofa.nexus → 192.168.11.72:8000	NPMplus UI (192.168.11.167)
3	Add Cloudflare DNS (and tunnel if used)	Cloudflare dashboard
4	Verify health and E2E routing	From repo or LAN

---

Step 1: Deploy LXC and app

From the proxmox repo root (or from a host that can SSH to Proxmox):

cd /home/intlc/projects/proxmox
source config/ip-addresses.conf 2>/dev/null || true

# Option A: Deploy with Git clone (set your FusionAI-Creator repo URL)
export REPO_URL="https://gitea.d-bis.org/d-bis/FusionAI-Creator.git"
# Optional: production .env
# export ENV_FILE="/path/to/fusionai-production.env"

# From Proxmox host:
./scripts/deployment/deploy-sankofa-studio-lxc.sh

# Option B: From another machine via SSH to Proxmox
export PROXMOX_HOST=192.168.11.11
./scripts/deployment/deploy-sankofa-studio-lxc.sh

• Use --dry-run to print commands only.
• Use --skip-create if container 7805 already exists (only install/deploy app).

After deploy, confirm the API is up:

curl -s http://192.168.11.72:8000/health

---

Step 2: NPMplus proxy

Automated (from repo root, requires NPM_PASSWORD in .env):

cd /home/intlc/projects/proxmox
bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh

Then request SSL for the host (one of the hosts without a cert):

FIRST_ONLY=1 bash scripts/request-npmplus-certificates.sh
# Or run without FIRST_ONLY to request for all hosts missing certs

Manual: In NPMplus (https://192.168.11.167 or your NPMplus URL):

1. Add Proxy Host
   • Domain names: studio.sankofa.nexus
   • Scheme: HTTP
   • Forward hostname / IP: 192.168.11.72
   • Forward port: 8000
2. SSL: Request certificate (Let's Encrypt or Cloudflare Origin), enable Force SSL.

---

Step 3: Cloudflare DNS and tunnel

Automated (from repo root, requires CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS in .env):

cd /home/intlc/projects/proxmox
bash scripts/cloudflare/add-studio-sankofa-dns.sh

This creates/updates A studio.sankofa.nexus → 76.53.10.36 (or PUBLIC_IP from .env).

Manual DNS (zone sankofa.nexus):

• CNAME studio → <your-tunnel>.cfargotunnel.com (Proxied), or
• A studio → 76.53.10.36 (if using direct port forward to NPMplus).

Tunnel (if using Cloudflare Tunnel):

• In Zero Trust → Networks → Tunnels → your tunnel → Public Hostname:
  • Subdomain: studio (or full hostname studio.sankofa.nexus)
  • URL: https://192.168.11.167:443 (NPMplus); No TLS Verify if backend is HTTP.

---

Step 4: Verify E2E

Health (from LAN or Proxmox):

curl -s http://192.168.11.72:8000/health
curl -s http://192.168.11.72:8000/studio/ -o /dev/null -w "%{http_code}\n"

Full E2E routing (includes studio.sankofa.nexus):

cd /home/intlc/projects/proxmox
bash scripts/verify/verify-end-to-end-routing.sh

• Report: docs/04-configuration/verification-evidence/e2e-verification-<timestamp>/verification_report.md
• Optional: ACCEPT_ANY_DNS=1 if DNS points to Fastly or other edge.

Browser:

• Studio UI: https://studio.sankofa.nexus/studio/
• Marketplace landing: https://studio.sankofa.nexus/marketplace/landing.html

---

One-liner (deploy + next steps)

cd /home/intlc/projects/proxmox && \
  source config/ip-addresses.conf 2>/dev/null || true && \
  REPO_URL="${REPO_URL:-https://gitea.d-bis.org/d-bis/FusionAI-Creator.git}" \
  ./scripts/deployment/run-sankofa-studio-e2e.sh

If REPO_URL is set, the script runs the deploy then prints Step 2–4. If not set, it prints all steps.

---

Reference

• Full runbook: SANKOFA_STUDIO_DEPLOYMENT.md
• VMID 7805, IP 192.168.11.72: ALL_VMIDS_ENDPOINTS.md
• E2E runbook: E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md