# BrowserUse VPS Deployment This project deploys to `BrowserUse-vps@lambda.coredump.ru` with a Gitea/Forgejo Actions runner installed on the VPS. The server already has a root-owned `/opt/lambdalab` stack with Caddy on ports `80/443`. Keep this browser service as a separate app under the deploy user home directory, then attach the public-facing containers to the existing `lambdalab_frontend` Docker network through `docker-compose.vps.yml`. ## SSH Access Add the public SSH key to the VPS user: ```sh ssh BrowserUse-vps@lambda.coredump.ru mkdir -p ~/.ssh chmod 700 ~/.ssh printf '%s\n' '' >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys ``` The fingerprint `SHA256:/XC5ifPX8j+uRyp0Yw2zAl5nteWc3YcHeVHfCG+rhP4` is not enough by itself. `authorized_keys` needs the full public key line that starts with `ssh-ed25519`. ## Initial Server Checkout Run once on the VPS: ```sh mkdir -p ~/apps cd ~/apps git clone -b feature/api-for-subagent https://git.lambda.coredump.ru/APEX/BrowserUse_and_ComputerUse_skills.git cd BrowserUse_and_ComputerUse_skills ``` Create a server-local `.env` file in the checkout. It is intentionally not committed: ```sh OPENAI_API_KEY=... OPENAI_BASE_URL=... MODEL_DEFAULT=qwen3.5-122b BROWSER_VIEW_BASE_URL=https://browser-view.lambda.coredump.ru BROWSER_API_PUBLISH=127.0.0.1:8088:8088 BROWSER_VIEW_PROXY_PUBLISH=127.0.0.1:6081:8080 BROWSER_NOVNC_PUBLISH=127.0.0.1:6080:6080 BROWSER_CDP_PUBLISH=127.0.0.1:9222:9222 ``` Then run the first deploy manually: ```sh bash scripts/deploy_vps.sh curl -fsS http://127.0.0.1:8088/health ``` The deploy script uses both Compose files by default: ```sh docker-compose.yml:docker-compose.vps.yml ``` `docker-compose.vps.yml` connects `browser-api` and `browser-view-proxy` to the existing external `lambdalab_frontend` network so Caddy can reach them by Docker DNS. ## Domain Binding The active Caddy config is root-owned at: ```sh /opt/lambdalab/caddy/Caddyfile ``` Add these vhosts to that file from an admin/root account: ```caddyfile browser-api.lambda.coredump.ru { reverse_proxy browser-use-api:8088 } browser-view.lambda.coredump.ru { reverse_proxy browser-use-view-proxy:8080 } ``` Then reload the existing Caddy container from `/opt/lambdalab`: ```sh cd /opt/lambdalab docker compose exec caddy caddy reload --config /etc/caddy/Caddyfile ``` DNS must point both subdomains to the VPS public IP `155.212.185.120`. At inspection time, `lambda.coredump.ru` resolved to that IP, while `browser-api.lambda.coredump.ru` and `browser-view.lambda.coredump.ru` did not resolve yet. ## Gitea/Forgejo Runner Install `act_runner` as the `BrowserUse-vps` user and register it with the repository, organization, or instance runner token: ```sh mkdir -p ~/act_runner cd ~/act_runner ./act_runner generate-config > config.yaml ./act_runner --config config.yaml register \ --no-interactive \ --instance https://git.lambda.coredump.ru \ --token '' \ --name BrowserUse-vps \ --labels deploy-vps:host ``` Start it under the same user: ```sh cd ~/act_runner nohup ./act_runner daemon --config config.yaml > act_runner.log 2>&1 & ``` Because this account has `sudo: no`, a system-wide service cannot be installed from this user. If an admin enables a user-level systemd service for this account, run the same daemon command from that service instead of `nohup`. ## CI/CD Behavior The workflow lives at `.gitea/workflows/deploy.yml`. It runs on: - push to `feature/api-for-subagent` - manual `workflow_dispatch` The job expects a runner label named `deploy-vps`, registered as `deploy-vps:host`. It enters: ```sh /home/BrowserUse-vps/apps/BrowserUse_and_ComputerUse_skills ``` Then it fetches `origin/feature/api-for-subagent`, resets the tracked checkout to that commit, runs Docker Compose, and verifies: ```sh curl -fsS http://127.0.0.1:8088/health ```