Hostaway MCP Server

# Production Deployment - COMPLETED ✅ **Date**: October 16, 2025 **Server**: Hostinger VPS (72.60.233.157) **Status**: OPERATIONAL ## Deployment Summary ### ✅ Successfully Deployed 1. **Docker Container** - Image: hostaway-mcp-hostaway-mcp - Container: hostaway-mcp-server - Port: 8080 - Status: Running and healthy 2. **Secure Credential Management** - Environment file location: `/etc/hostaway-mcp/production.env` - Permissions: 600 (root-only access) - **NOT** stored in application directory - **NOT** in git repository - Protected from unauthorized access 3. **Database** - Supabase Production: khodniyhethjyomscyjw.supabase.co - Table `api_keys` created successfully - Initial API key inserted and verified - Row Level Security (RLS) enabled 4. **API Authentication** - API Key: mcp_OttaEJ0I2IxNzmtXzq8fGHJ923qPX0cZ - Hash: 603056d3f247194b36e533c06d2cc7c81b5fa288e9bc9bfa29f45c0d5b01ad46 - Authentication: WORKING ✅ - Integration with Hostaway API: WORKING ✅ ## Security Improvements Implemented ### Before (INSECURE) - Credentials stored in application directory (`/opt/hostaway-mcp/.env`) - Readable by application user - Risk of accidental exposure ### After (SECURE) - Credentials stored in system directory (`/etc/hostaway-mcp/production.env`) - Permissions: 600 (root-only) - Separate from application code - Cannot be accidentally committed to git ## Configuration Files ### Local Development - `.env` - Local development credentials (git-ignored) - `production.env` - Template for production (git-ignored) ### Production Server - `/etc/hostaway-mcp/production.env` - Actual production credentials - `/opt/hostaway-mcp/docker-compose.prod.yml` - Points to secure location ## Testing Results ```bash # Health Check curl http://72.60.233.157:8080/health # Response: {"status":"healthy", ...} # API Authentication Test curl -H "X-API-Key: mcp_OttaEJ0I2IxNzmtXzq8fGHJ923qPX0cZ" \ http://72.60.233.157:8080/api/listings?limit=2 # Response: {"listings": [... 2 listings ...]} ``` ## Environment Variables ### Production Values ```env SUPABASE_URL=https://khodniyhethjyomscyjw.supabase.co HOSTAWAY_ACCOUNT_ID=161051 HOSTAWAY_API_BASE_URL=https://api.hostaway.com/v1 MCP_API_KEY=mcp_OttaEJ0I2IxNzmtXzq8fGHJ923qPX0cZ RATE_LIMIT_IP=15 RATE_LIMIT_ACCOUNT=20 MAX_CONCURRENT_REQUESTS=50 LOG_LEVEL=INFO ENVIRONMENT=production ``` ### SSH Access ```env SSH_HOST=72.60.233.157 SSH_USER=root SSH_PASSWORD=Z5wcq)?DqmLd,.fIXv(d SSH_KEY=damorgs85 ``` ## Important Notes 1. **Credentials Security** - Never commit production credentials to git - Production.env is git-ignored locally - Server credentials are in `/etc/hostaway-mcp/` (outside app directory) 2. **SSH Access** - Use SSH key: damorgs85 - Password: Z5wcq)?DqmLd,.fIXv(d - Server: root@72.60.233.157 3. **Restarting the Service** ```bash cd /opt/hostaway-mcp docker compose -f docker-compose.prod.yml restart ``` 4. **Viewing Logs** ```bash docker logs hostaway-mcp-server --tail=100 ``` 5. **Updating Environment Variables** ```bash # Edit the secure file sudo nano /etc/hostaway-mcp/production.env # Restart container to apply changes cd /opt/hostaway-mcp docker compose -f docker-compose.prod.yml down docker compose -f docker-compose.prod.yml up -d ``` ## Next Steps 1. **Monitor Performance** - Check logs regularly - Monitor API response times - Track rate limiting metrics 2. **Regular Maintenance** - Keep Docker images updated - Review and rotate API keys periodically - Monitor Supabase usage 3. **Scaling (if needed)** - Current MAX_CONCURRENT_REQUESTS: 50 - Can increase Docker resources if needed - Consider load balancing for high traffic ## Support - **Production Server**: http://72.60.233.157:8080 - **Health Endpoint**: http://72.60.233.157:8080/health - **API Documentation**: /api/docs (when accessed from server) --- **Deployment completed successfully on October 16, 2025**