Skip to content

Deployment

This page takes you from a fresh machine to the app running on Cloudflare. It assumes no prior experience with Node, the command line, or Cloudflare. Do every step in order; don't skip any.

Where you see a code block, type (or paste) exactly that line into your terminal and press Enter.

1. Install the tools you need

  1. Install Node.js. Go to https://nodejs.org, download the LTS version (22 or newer), run the installer, and click through with the defaults.
  2. Open a terminal.
    • Windows: press the Start button, type PowerShell, and click Windows PowerShell.
    • macOS: press Cmd+Space, type Terminal, press Enter.
  3. Confirm Node is installed. Type:

    node -v
    

    You should see a version like v22.x.x. If you get an error, restart the computer and try again.

2. Open the project folder in the terminal

The project lives in a folder on your computer (for example C:\LocalDev\Nable Cove Reports). Move the terminal into it with cd ("change directory"):

cd "C:\LocalDev\Nable Cove Reports"

Tip

Everything below must be run from inside this folder. If you close the terminal, re-run the cd line above before continuing.

3. Install the app's dependencies

This downloads the libraries the app is built from. It can take a minute.

npm install

When it finishes you'll see a summary and your prompt returns. Warnings are normal; a red error is not.

4. Log in to Cloudflare from the terminal

The app deploys to your Cloudflare account. You must log the command-line tool (wrangler) into that account first — this is a required step.

npx wrangler login

Your web browser opens and asks you to log in to Cloudflare and click Allow. After you approve, return to the terminal — it will say you're logged in. To double-check which account you're in:

npx wrangler whoami

Note

If you don't have a Cloudflare account yet, create a free one at https://dash.cloudflare.com/sign-up first, then run npx wrangler login.

5. Create the database (D1) and cache (KV)

The app needs a database and a small cache. Create them with these two commands. Each one prints an ID you must copy.

npm run db:create
npx wrangler r2 bucket create cove-audit-archive

The R2 bucket stores each report so it can be re-downloaded or re-sent from History. Then look in the db:create output for a block like:

[[d1_databases]]
binding = "DB"
database_name = "cove_audit"
database_id = "abc123-...-def"

Copy the long database_id value. Then:

npx wrangler kv namespace create KV

This prints something like id = "0f2ac...". Copy that id value too.

6. Paste the IDs into wrangler.toml

  1. In the project folder, open the file named wrangler.toml in a text editor (Notepad works).
  2. Find the line database_id = "REPLACE_AFTER_wrangler_d1_create" and replace the text in quotes with the database_id you copied.
  3. Find the line id = "REPLACE_AFTER_kv_namespace_create" and replace it with the KV id you copied.
  4. Save the file.

7. Create the schema in the database

This creates the tables the app uses, in your live Cloudflare database:

npm run db:migrate:remote

If it asks you to confirm, type y and press Enter.

8. Set the secrets

Secrets are sensitive values that must never be saved in the code. You set them one at a time. Each command below will prompt you to paste a value — paste it and press Enter. (Nothing appears as you paste; that's normal.)

First create the encryption key. Run this to generate a random one and copy the output:

node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"

Now set each secret:

npx wrangler secret put TOKEN_ENC_KEY
→ paste the random key you just generated.

npx wrangler secret put COVE_API_USER
npx wrangler secret put COVE_API_PASSWORD
→ paste your Cove API username, then password (see Cove API setup).

npx wrangler secret put CF_ACCESS_TEAM_DOMAIN
npx wrangler secret put CF_ACCESS_AUD
→ paste your Cloudflare Access team domain and AUD tag (see Access & configuration).

Note

There is no Microsoft Graph client secret — M365 uses the in-app Connect button instead. See Microsoft 365 connection.

9. Edit the config file

Open server/config/app.config.ts in a text editor and fill in your real values for adminEmails, m365.senderUpn, m365.tenantId, and m365.clientId (from Microsoft 365 connection), and cove.partnerName (your Cove company name, from Cove API setup). Save the file.

10. Deploy

npm run deploy

This builds the app and publishes it. When it finishes it prints the URL it deployed to (a *.workers.dev address).

11. Connect your custom domain

  1. Go to https://dash.cloudflare.com and select your account.
  2. In the left menu, open Workers & Pages and click the cove-audit-reporter worker.
  3. Open the Settings tab → Domains & RoutesAddCustom Domain.
  4. Enter your domain (for example backup-audit.totlcom.com) and Add domain. Cloudflare sets up the DNS automatically if the domain is on your account.

12. Confirm it's alive

In a browser, visit https://<your-domain>/health. You should see:

{ "status": "ok" }

If you do, the app is deployed. Now finish the three integrations, in this order: Cove API, Access & SSO, and Microsoft 365.

Warning

Until Cloudflare Access is set up (next), the app has no login in front of it. Don't share the URL until Access & configuration is complete.

Re-deploying later

After any change to the code or server/config/app.config.ts, re-run:

npm run deploy

If you changed the database schema (a new file in migrations/), also run npm run db:migrate:remote first.