Production-ready hybrid wedding RSVP website with a guest-facing experience and a direct-link admin dashboard.
Emergency commands: see OPERATIONS.md.
- Guest pages:
index.html(landing + countdown + story + share)rsvp.html(multi-step RSVP flow)details.html(event details)
- Admin page:
dashboard.html(direct URL access; not linked in guest nav)
- Data layer:
- Supabase tables and RLS via ordered SQL in
supabase/migrations/(see Supabase setup below)
- Supabase tables and RLS via ordered SQL in
- Core scripts:
main.js(global interactions and transitions)rsvp.js(submission flow and validations)dashboard.js(auth + list/search/edit/delete + refresh)
cd "/Users/Apple/Desktop/ode-workspace/themugerwas"
python3 -m http.server 8765Open:
http://localhost:8765/(home)http://localhost:8765/rsvphttp://localhost:8765/detailshttp://localhost:8765/dashboard
- Create Supabase project.
- Apply schema (migrations are the single source of truth):
- Recommended: from this folder run
supabase link(once) thensupabase db push, which applies every file insupabase/migrations/in order; or - Manual: in the Supabase SQL editor, run each
supabase/migrations/*.sqlfile in filename order (early timestamps may be no-ops kept for history parity with hosted projects).
- Recommended: from this folder run
- Configure
config.js:supabaseUrlsupabaseAnonKey(publishable/anon only)rsvpDeadlineIsositeBaseUrl(or keepwindow.location.origin)
- RSVP mode (current): open registration — guests use
/rsvpwithout invitation codes. Rows are stored withinvite_codeset toWEBandinvite_idnull.
Optional later: per-guest codes via guest_invites and URL query ?guest=CODE.
RSVP URL (production):
https://the-mugerwas-wedding.online/rsvp
- Droplet OS: Ubuntu 24.04 LTS
- Web server: Nginx
- Static root:
/var/www/themugerwas - Site config:
/etc/nginx/sites-available/themugerwas
Basic deploy flow:
scp -r /Users/Apple/Desktop/ode-workspace/themugerwas/* root@YOUR_IP:/var/www/themugerwas/
ssh root@YOUR_IP "nginx -t && systemctl reload nginx"URLs are extensionless on production (/rsvp, /details, …). Nginx maps them to the matching .html files and redirects old *.html links to the clean path.
Production domain: the-mugerwas-wedding.online (Namecheap). Point it at your DigitalOcean droplet’s public IPv4 (verify in the Droplet dashboard; it was 164.92.131.118 when this site was last deployed—confirm before typing DNS).
-
Namecheap → Domain List → Manage next to
the-mugerwas-wedding.online. -
Open the Advanced DNS tab.
-
Remove any URL Redirect / parking records that conflict with your site.
-
Add:
- A Record · Host
@· Value your droplet IPv4 · TTL Automatic (or 30 min). - A Record · Host
www· Value same IPv4 · TTL Automatic.
(Alternatively, some setups use a CNAME for
wwwpointing tothe-mugerwas-wedding.online.— either works if Namecheap allows it alongside your other records.) - A Record · Host
-
Wait for propagation (often minutes, sometimes up to a few hours). Check with
dig the-mugerwas-wedding.online +shortor an online DNS checker.
Ensure your site’s server_name includes the domain, then obtain certificates:
sudo nano /etc/nginx/sites-available/themugerwas
# Ensure: server_name the-mugerwas-wedding.online www.the-mugerwas-wedding.online;
sudo nginx -t && sudo systemctl reload nginx
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d the-mugerwas-wedding.online -d www.the-mugerwas-wedding.onlineIn Authentication → URL Configuration:
- Site URL:
https://the-mugerwas-wedding.online - Additional redirect URLs: include both
https://www.the-mugerwas-wedding.online
andhttps://the-mugerwas-wedding.online
(and any dev URLs you still use, e.g.http://localhost:8765if you test auth locally).
This repo also keeps [auth].site_url and [auth].additional_redirect_urls in supabase/config.toml; running supabase config push from this folder applies them to the linked hosted project (same effect as manual Dashboard edits when kept in sync).
- Never expose
service_rolekey in frontend code. config.json client should only contain publishable/anon key.- Keep dashboard unlinked from guest navigation.
- Open RSVP links can receive spam or duplicate entries; monitor the dashboard and tighten RLS or add rate limiting / captcha before wide public share if needed.
- Keep server firewall enabled:
ufw allow OpenSSHufw allow 'Nginx Full'
- Use SSH keys (disable password SSH when ready).
- Keep Ubuntu patched regularly:
sudo apt update && sudo apt upgrade -y- Backup strategy:
- Enable Supabase backups (where available by plan)
- Export RSVP CSV periodically from dashboard
- Keep a copy of this repo in GitHub
Current policies allow open inserts on rsvps for anon (see migration). The app previously validated rows in guest_invites; that is disabled for now.
Before a high-traffic public launch, consider stricter RLS, Edge Function validation, or re-enabling invite-only codes.
- Dashboard auto-refresh every 30 seconds.
- RSVP deadline enforcement is client-side via
rsvpDeadlineIso. - Optional confirmation emails via
confirmationEmailEndpointinconfig.js.- Starter function:
send-rsvp-confirmation.example.ts
- Starter function:
- DNS for
the-mugerwas-wedding.online(andwww) points to the droplet IP - HTTPS certificate active (certbot)
- Supabase URL and anon key valid in
config.js - Supabase Auth Site URL / redirect URLs include the production domain (via Dashboard or
supabase config pushfrom[auth]insupabase/config.toml) - Test RSVP submit with link only (accept + maybe + decline)
- Verify dashboard login and row visibility
- Verify edit/delete actions in dashboard
- Test on phone (home, RSVP, details, dashboard)
If site fails after an update:
- Re-upload known-good files to
/var/www/themugerwas. - Test Nginx config:
nginx -t. - Reload Nginx:
systemctl reload nginx. - Verify Supabase project status and keys.
- Re-test from browser and mobile.