Deployment
Deploy SpyWeb on a Linux VPS for 24/7 monitoring. This guide covers installation, systemd setup, secure remote access, and optional editor configuration.
1. Installation
Section titled “1. Installation”curl -L -o spyweb.tar.gz https://dl.spyweb.app/linux && tar -xf spyweb.tar.gz && rm spyweb.tar.gzcd spyweb && rm spyweb-tray# Set executable permissionschmod +x spywebThe tarball is pre-bundled with ui/ (dashboard) and jobs/starter-kit/.
2. Running as a systemd Service
Section titled “2. Running as a systemd Service”sudo nano /etc/systemd/system/spyweb.service[Unit]Description=SpyWeb Scraper ServiceAfter=network.target
[Service]Type=simpleUser=rootWorkingDirectory=/root/spywebExecStart=/root/spyweb/spyweb startRestart=alwaysRestartSec=5
[Install]WantedBy=multi-user.targetFor better security, create a dedicated spyweb user:
sudo useradd -r -s /bin/false spywebsudo chown -R spyweb:spyweb /root/spywebThen change User=root to User=spyweb in the service file.
Port override example:
ExecStart=/root/spyweb/spyweb start --port 8080Environment=SPYWEB_PORT=8080sudo systemctl daemon-reloadsudo systemctl enable spywebsudo systemctl start spywebsudo systemctl status spywebView logs:
sudo journalctl -u spyweb -f3. Token Validation (Recommended)
Section titled “3. Token Validation (Recommended)”Protect your API endpoints with a secret key. When set, all requests to the built-in API server must include the key in the X-SpyWeb-Key header.
# Set in systemd service fileEnvironment=SPYWEB_API_KEY=your-secret-key-hereOr export directly:
export SPYWEB_API_KEY=your-secret-key-hereTest with curl:
curl -H "X-SpyWeb-Key: your-secret-key-here" http://localhost:7979/api/jobsWithout the correct header, requests return 401 Unauthorized.
4. Remote Editor Setup
Section titled “4. Remote Editor Setup”Helix Editor
Section titled “Helix Editor”Don’t get stuck! Helix is modal:
ifor Insert mode,Escto return to Normal mode.:wsaves,:qquits,:q!force-quits. Remember: w = write, q = quit.
# Ubuntu/Debiansudo apt update && sudo apt install helix
# Arch Linuxsudo pacman -S helix
# Fedorasudo dnf install helixlua-language-server
Section titled “lua-language-server”# Ubuntu/Debiansudo apt install lua-language-server
# Arch Linuxsudo pacman -S lua-language-server
# Fedorasudo dnf install lua-language-serverTaplo (TOML LSP)
Section titled “Taplo (TOML LSP)”wget https://github.com/tamasfe/taplo/releases/latest/download/taplo-full-linux-x86_64.gzgunzip taplo-full-linux-x86_64.gzchmod +x taplo-full-linux-x86_64sudo mv taplo-full-linux-x86_64 /usr/local/bin/taploWhy use this setup? LSP gives you immediate syntax validation and autocompletion for Lua and TOML files, catching errors before you run SpyWeb.
5. Accessing the UI Securely
Section titled “5. Accessing the UI Securely”Option 1: SSH Tunnel (Zero Public Exposure)
Section titled “Option 1: SSH Tunnel (Zero Public Exposure)”The safest method - traffic goes through SSH, the port stays closed to the internet.
ssh -L 7979:localhost:7979 user@your-vps-ipThen open http://localhost:7979 in your local browser.
Option 2: Nginx Reverse Proxy
Section titled “Option 2: Nginx Reverse Proxy”Use this for a custom domain and shared access.
First, set up SPYWEB_API_KEY as your primary auth layer. All API requests will require the X-SpyWeb-Key header.
sudo apt install nginxNginx config:
server { listen 80; server_name your-domain.com;
location / { proxy_pass http://127.0.0.1:7979; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }}Optional: Add Basic Auth for an extra password prompt before reaching the dashboard:
sudo apt install apache2-utilssudo htpasswd -c /etc/nginx/.htpasswd yourusernameAdd auth_basic lines to the location / block:
location / { auth_basic "SpyWeb Admin"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://127.0.0.1:7979; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }Option 3: Caddy (Automatic HTTPS)
Section titled “Option 3: Caddy (Automatic HTTPS)”Zero-config HTTPS via Let’s Encrypt. Caddy automatically provisions and renews certificates.
sudo apt install caddyCaddyfile (/etc/caddy/Caddyfile):
your-domain.com { reverse_proxy localhost:7979}Optional: Add Basic Auth by adding a basicauth directive:
your-domain.com { basicauth { yourusername $2a$14$hash # generate with: caddy hash-password } reverse_proxy localhost:7979}Option 4: UFW Whitelist (Your IP Only)
Section titled “Option 4: UFW Whitelist (Your IP Only)”If you have a static IP, this blocks the entire world while letting you through seamlessly.
sudo ufw allow from YOUR_HOME_IP to any port 7979