# Deploy Luxe Aimé Internal Tools (Private, Always-On, Best-in-Class) **Goal:** `quote.luxeaime.com` (or `luxeaime.pages.dev`) accessible only by you + team, 24/7, even when your Mac is off. **Stack:** Cloudflare Pages + Cloudflare Access (both free) --- ## What you'll need - A **GitHub** account (free, 2 min to create if you don't have one) → github.com - A **Cloudflare** account (free) → dash.cloudflare.com --- ## Step 1 — Push files to GitHub (5 min) ### 1a. Create a GitHub account (skip if you have one) - Go to github.com → Sign up - Use your Luxe Aimé email ### 1b. Create a private repo - Click **+** top-right → **New repository** - Name: `luxe-aime-tools` - Visibility: **Private** (important) - **Do not** initialize with README - Click **Create repository** ### 1c. Push local files GitHub will show a "push existing repository" block. Copy the two lines that start with `git remote add origin` and `git push -u origin main`. From your terminal in `/Users/ryanyoon/Emails`: ```bash git remote add origin git push -u origin main ``` If prompted for password, use a **Personal Access Token** (not your GitHub password): - GitHub.com → Settings → Developer Settings → Personal Access Tokens → Fine-grained tokens → Generate new → scope to your `luxe-aime-tools` repo with "Contents: Read and write" permission → copy the token → paste as password. --- ## Step 2 — Deploy to Cloudflare Pages (10 min) ### 2a. Create Cloudflare account - Go to dash.cloudflare.com → Sign up ### 2b. Create Pages project - Left sidebar → **Workers & Pages** - **Create** → **Pages** tab → **Connect to Git** - Connect your GitHub account (authorize Cloudflare) - Pick the `luxe-aime-tools` repo - **Project name:** `luxe-aime` (URL will be `luxe-aime.pages.dev`) - **Production branch:** `main` - **Build command:** leave empty - **Build output directory:** `/` - Click **Save and Deploy** Cloudflare will deploy in ~30 seconds. You'll get a URL like `luxe-aime.pages.dev`. --- ## Step 3 — Lock it down with Cloudflare Access (10 min) This is the private-auth step. Without this, anyone with the URL can view it. ### 3a. Go to Zero Trust - Cloudflare dashboard → Left sidebar → **Zero Trust** - First time only: it'll ask you to pick a team name (e.g., `luxe-aime`) and a plan (pick **Free** — up to 50 users). ### 3b. Create an Access Application - Zero Trust → **Access** → **Applications** → **Add an application** - Type: **Self-hosted** - Application name: `Luxe Aimé Quote Builder` - Session Duration: 24 hours - Application domain: `luxe-aime.pages.dev` - Click **Next** ### 3c. Create an Access Policy - Policy name: `Team Allow` - Action: **Allow** - Include: **Emails** → enter your team's email addresses (comma-separated) - Example: `you@luxeaime.com, teammate@luxeaime.com` - Click **Next** ### 3d. Finish - Keep defaults on remaining screens - Click **Add application** **That's it.** Now when anyone visits `luxe-aime.pages.dev`, they'll see a login page. They enter their email, Cloudflare sends a 6-digit code, they enter it, they're in. --- ## Step 4 — (Optional) Custom domain `quote.luxeaime.com` If you want a branded URL instead of `luxe-aime.pages.dev`: ### 4a. Add subdomain in Namecheap Your `luxeaime.com` is on Namecheap. Log in there → Advanced DNS. - Add a new `CNAME Record`: - Host: `quote` - Value: `luxe-aime.pages.dev` - TTL: Automatic - Save ### 4b. Add custom domain in Cloudflare Pages - Cloudflare dashboard → your Pages project → **Custom domains** → **Set up a custom domain** - Enter: `quote.luxeaime.com` - Cloudflare will verify and issue SSL automatically (takes ~5 min) ### 4c. Update Access application domain - Zero Trust → Access → Applications → edit your app - Change "Application domain" from `luxe-aime.pages.dev` to `quote.luxeaime.com` - Save Now team members visit `quote.luxeaime.com`, auth via email, use the calculator. --- ## Updating the site later Whenever we change the calculator or pricing rules: ```bash cd /Users/ryanyoon/Emails git add . git commit -m "Updated pricing rules" git push ``` Cloudflare auto-rebuilds and deploys in ~30 seconds. Team sees the new version on next refresh. --- ## Troubleshooting - **"Your connection is not private" / SSL error** — wait 5 min after custom domain setup for SSL to issue - **Access login loop** — clear cookies for `luxeaime.com`, try again - **Deploy stuck** — check Cloudflare Pages build logs; usually a file path issue - **Want to add a team member** — Zero Trust → Access → Applications → your app → edit the policy → add their email --- ## Security notes - Everything served is over HTTPS (Cloudflare handles SSL) - Repo is private on GitHub (only you see it) - Cloudflare Access = real authentication, not a password guess - You control the allowed email list - You can revoke any team member instantly - Cloudflare logs every access attempt (viewable in Zero Trust dashboard)