Self-Hosted Setup - OneGlanse

Interactive setup (recommended)

Before you run the setup script, make sure you are logged in as a non-root user with sudo access. The script is designed for that flow and will stop if you run it as root. If you’re on Ubuntu 22.04 / 24.04, the setup script handles everything for the app deployment path — dependencies, repo clone, .env config, Docker image pull, nginx, SSL, and firewall — in one session:

# On your VPS (as a non-root user with sudo privileges):
bash <(curl -fsSL https://raw.githubusercontent.com/aryamantodkar/oneglanse/main/scripts/setup-vps.sh)

If your VPS is freshly reinstalled and only has root, create a non-root sudo user first, then reconnect as that user before running the setup script:

# On the VPS as root, once:
adduser deploy
usermod -aG sudo deploy

# Optional: copy your existing root SSH key access to the new user
install -d -m 700 -o deploy -g deploy /home/deploy/.ssh
cp -a /root/.ssh/authorized_keys /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy/.ssh/authorized_keys
chmod 600 /home/deploy/.ssh/authorized_keys

# Then reconnect as the new user:
ssh deploy@YOUR_VPS_IP

When the script prompts for Your domain for the app, enter the hostname you want to serve OneGlanse on, such as app.yourdomain.com. The script configures nginx and requests the TLS certificate for that exact domain. Or clone first and run locally:

git clone https://github.com/aryamantodkar/oneglanse /tmp/oneglanse
bash /tmp/oneglanse/scripts/setup-vps.sh

The script is interactive — it asks for your domain, LLM key, and proxy URL, then does the rest. If you leave the auth upload token blank, it generates one automatically, and it handles first-run Docker group access for the setup user in the same session. Do not use curl ... | bash here. Because the setup flow is interactive, piping the script body into bash steals stdin from the prompts. bash <(...) keeps stdin attached to your terminal, so the prompts work correctly. The VPS flow is intentionally simple:

it pulls the published Docker images
it does not build the app on your server by default
git pull updates the deployment files, and the next bootstrap pulls the latest published app images

Manual setup

This guide deploys OneGlanse on a fresh Ubuntu 22.04 / 24.04 VPS. At the end you’ll have:

OneGlanse running behind nginx with HTTPS
Postgres, ClickHouse, and Redis running in Docker
Provider sessions uploaded from your local machine

This guide intentionally deploys only the app.

The landing site is deployed separately on Vercel
The docs are deployed separately on Mintlify

Important context before you start:

OneGlanse collects responses from real provider UIs, not official model APIs
provider auth is captured locally with pnpm auth
VPS browser traffic needs a residential proxy because datacenter IPs are often blocked by provider websites

1. Provision the VPS

Any provider works (Hetzner, DigitalOcean, Vultr, etc.). Minimum spec:

	Minimum	Recommended
CPU	2 vCPU	4 vCPU
RAM	4 GB	8 GB
Disk	40 GB SSD	80 GB SSD
OS	Ubuntu 22.04	Ubuntu 24.04

Point a DNS A record at your VPS IP before continuing — nginx and certbot need it:

A  app.yourdomain.com  →  YOUR_VPS_IP

If you do not have a real domain yet and only need a temporary launch/test hostname, a wildcard DNS helper such as YOUR_VPS_IP.nip.io or YOUR_VPS_IP.sslip.io also works.

2. Install dependencies

SSH into your VPS as your non-root sudo user and run:

sudo apt-get update

# Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
newgrp docker

# Node.js 20
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt-get install -y nodejs

# git
sudo apt-get install -y git

# nginx + certbot
sudo apt install -y nginx certbot python3-certbot-nginx

3. Clone and configure

git clone https://github.com/aryamantodkar/oneglanse /home/$USER/oneglanse
cd /home/$USER/oneglanse
cp .env.example .env

Edit .env and fill in the required values:

nano .env

Minimum required changes:

# Your public URL
APP_URL=https://app.yourdomain.com
API_BASE_URL=https://app.yourdomain.com

# LLM key for response analysis — pick one:
OPENAI_API_KEY=sk-...
# or:
# ANTHROPIC_API_KEY=sk-ant-...
# ANALYSIS_LLM_PROVIDER=claude

# Residential proxy — required on VPS
THORDATA_PROXY_API_URL=https://your-thordata-endpoint

# Auth upload token — any strong random string
AGENT_AUTH_UPLOAD_TOKEN=replace-with-a-strong-secret

If BETTER_AUTH_SECRET or INTERNAL_CRON_SECRET are still unset or left as replace-me, node scripts/run-compose.mjs bootstrap generates them automatically before Docker starts. Why the proxy is mandatory on VPS:

VPS traffic usually originates from datacenter IP ranges
provider websites frequently challenge or block those IPs
OneGlanse collects from authenticated web UIs, so network reputation matters

The proxy is what makes VPS-based scheduling viable. Without it, direct provider access from the VPS is often unreliable.

4. Start the stack

node scripts/run-compose.mjs bootstrap

On a fresh server, this can take several minutes because Docker has to pull the published images. This pulls the published Docker images and starts:

Web app on 127.0.0.1:3000 (loopback only, for nginx)
Agent worker (internal)
Postgres on port 5432 (internal)
ClickHouse on port 8123 (internal)
Redis on port 6379 (internal)

Verify everything is up:

docker ps

You should see containers for web, agent-worker, postgres, clickhouse, and redis.

5. Configure nginx

Create the nginx site config:

sudo nano /etc/nginx/sites-available/oneglanse

Paste this — replace app.yourdomain.com with your domain:

server {
    listen 80;
    server_name app.yourdomain.com;

    location / {
        proxy_pass         http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection 'upgrade';
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        proxy_read_timeout 120s;
    }
}

Enable the site and reload:

sudo ln -s /etc/nginx/sites-available/oneglanse /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx

6. Enable HTTPS with Let’s Encrypt

sudo certbot --nginx -d app.yourdomain.com

Certbot will:

Obtain a certificate
Automatically update the nginx config to redirect HTTP → HTTPS
Set up auto-renewal via a systemd timer

Verify auto-renewal works:

sudo certbot renew --dry-run

7. Upload provider auth sessions

Provider auth must be captured on your local machine (it needs a real browser). Once captured, upload the sessions to the VPS. OneGlanse uses Camoufox, an anti-fingerprint Firefox-based browser, for this flow. That is intentional: plain Chrome / Chromium automation is more likely to trigger login loops, verification challenges, or unstable sessions on provider websites. Camoufox is a better fit for authenticated scraping against anti-bot-protected chat interfaces. On your local machine — set these in your local .env:

ONEGLANSE_VPS_IP=YOUR_VPS_IP
AGENT_AUTH_UPLOAD_TOKEN=replace-with-a-strong-secret   # same as on VPS

Then open the provider auth flow and sign in to each provider:

pnpm auth

At the end of the sign-in flow, pnpm auth will ask whether to upload to the VPS — answer y. Sessions are transferred and the VPS agent picks them up immediately. When a session expires later and you want to re-upload without going through the sign-in flow again:

pnpm upload:vps

8. Open the app

Navigate to https://app.yourdomain.com, create your account, and start adding prompts. Before you run prompts from the VPS, make sure THORDATA_PROXY_API_URL in /home/$USER/oneglanse/.env points to your real residential proxy endpoint. If you deployed with a placeholder or later changed the proxy configuration, update that value and rerun:

cd /home/$USER/oneglanse
node scripts/run-compose.mjs bootstrap

Without the correct proxy endpoint, VPS prompt runs are likely to be blocked, challenged, or less accurate.

Updates

Pull and redeploy without downtime:

cd /home/$USER/oneglanse
git pull
node scripts/run-compose.mjs bootstrap

Firewall

Allow only the ports nginx needs. For auth uploads, port 3333 is needed only for the agent upload API:

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable

If your local machine has a stable public IP, prefer allowing 3333/tcp only from that source:

sudo ufw allow from YOUR_LOCAL_PUBLIC_IP to any port 3333 proto tcp

If your local IP changes often, you can allow 3333/tcp broadly instead and rely on AGENT_AUTH_UPLOAD_TOKEN for authentication:

sudo ufw allow 3333/tcp

The app ports (3000, 5432, 8123, 6379) stay internal. Port 3333 is only for pnpm upload:vps, which sends provider sessions to http://YOUR_VPS_IP:3333/auth/sessions. On self-hosted deployments, the web app’s provider management endpoints stay behind app authentication, while the upload API on 3333 is protected by the bearer token in AGENT_AUTH_UPLOAD_TOKEN.

Troubleshooting

502 Bad Gateway — the web container isn’t running yet. Check:

docker logs oneglanse-web --tail 50

SSL certificate failed — DNS hasn’t propagated yet. Wait a few minutes and retry:

sudo certbot --nginx -d app.yourdomain.com

Providers disconnected after reboot — sessions survive restarts (they’re in the volume at /opt/oneglanse/storage). If they expire, re-run pnpm upload:vps from your local machine. VPS ran out of disk — ClickHouse data grows over time. Check usage:

df -h
docker system df

​Interactive setup (recommended)

​Manual setup

​1. Provision the VPS

​2. Install dependencies

​3. Clone and configure

​4. Start the stack

​5. Configure nginx

​6. Enable HTTPS with Let’s Encrypt

​7. Upload provider auth sessions

​8. Open the app

​Updates

​Firewall

​Troubleshooting