How-to & procedures
Step-by-step procedures for operating the SPX trading system, server, and website. Click any section to expand it.
Key facts & addresses▸
- VPS IP: 165.227.84.78 (DigitalOcean droplet "spx-server", Ubuntu 24.04)
- SSH user: victor
- Trading server path: /home/victor/spx-server/
- Trading service: spx-server.service (port 5005)
- Dashboard service: spx-dashboard.service (port 5006)
- Journal file: /home/victor/spx-server/journal/trades_journal_2026.csv
- URLs: hub = victorngoma.com · dashboard = dashboard.victorngoma.com · webhook = webhook.victorngoma.com · strategies = pine.victorngoma.com · runbook = runbook.victorngoma.com
- Cloudflare account: vngoma78@gmail.com
- Secrets location: your password manager (SSH passphrase, dashboard password, webhook secret)
SSH into the VPS▸
Run this on your Mac (Terminal app), not on the server:
ssh victor@165.227.84.78
Enter your SSH passphrase when prompted (it's in your password manager). You'll land at a prompt that reads victor@spx-server:~$ — that confirms you're on the VPS.
If the prompt still says victorngoma@Victors-MacBook-Pro, you're still on your Mac — the SSH didn't connect. Re-run the command.
Download the full journal CSV to your Mac▸
Run this on your Mac (NOT on the VPS — open a fresh Mac terminal, do not SSH in first):
scp victor@165.227.84.78:/home/victor/spx-server/journal/trades_journal_2026.csv ~/Downloads/
Enter your SSH passphrase. The file lands in your Mac's ~/Downloads/ folder.
Check if the trading server is running▸
sudo systemctl status spx-server
Look for Active: active (running) in green. Press q to exit the view.
Restart the trading server▸
sudo systemctl restart spx-server
Then confirm it came back up:
sudo systemctl status spx-server
View the trading server log (live)▸
Tail the log to watch incoming webhooks in real time:
sudo tail -f /var/log/spx-server.log
Press Ctrl + C to stop watching.
To see just the last 50 lines:
sudo tail -50 /var/log/spx-server.log
Check / restart the dashboard▸
sudo systemctl status spx-dashboard
Restart if needed:
sudo systemctl restart spx-dashboard
Add a new user to a locked tool▸
- Go to Cloudflare dashboard → Zero Trust
- Access controls → Policies
- Click the policy for the tool (e.g. pine-allowed-users) — pick the one with Used by applications = 1
- Click Configure
- Under Include → Value, type the new email and add it
- Click Save policy
The new person can now log in to that tool via email PIN code. Each tool has its own policy/allowlist — add someone to one tool without affecting others.
To remove someone: same steps, click the × on their email chip, then Save.
Update a hub or subdomain page▸
- Edit the index.html file in the matching Mac folder (e.g. victorngoma-hub, victorngoma-pine)
- Cloudflare dashboard → Workers & Pages → click the project (e.g. victorngoma-pine)
- Create deployment (or drag-and-drop the updated folder)
- Upload the new index.html → Deploy
Keep the filename index.html — Cloudflare serves that as the page automatically. Keep each project's files in its own folder.
Add a brand-new locked subdomain▸
Part 1 — deploy the page:
- Make a new Mac folder with an index.html inside
- Cloudflare → Workers & Pages → Create application → Pages → "Get started" next to "Drag and drop your files"
- Project name (e.g. victorngoma-docs) → Create project → upload folder → Deploy
- Custom domains tab → Set up a custom domain → enter the subdomain (e.g. docs.victorngoma.com) → Activate
Part 2 — lock it:
- Zero Trust → Access controls → Applications → Add an application
- Self-hosted and private → Public DNS → Continue
- Destinations: Subdomain = the subdomain, Domain = victorngoma.com, Path = empty
- Access policies → Create new policy → name it, Action = Allow, Include → Selector = Emails → add emails → Save policy
- Authentication: "Accept all available identity providers" = ON
- Details: Name it, Session Duration 24h → Create
Test in a fresh Incognito window (or phone) — you should hit the Cloudflare Access email login. If it loads straight through, the lock isn't active.
Verify a locked page is actually protected▸
- Open a fresh Incognito window, or use your phone
- Visit the subdomain
- You should see the Cloudflare Access email login page
- An email NOT on the allowlist should be denied; an allowed email gets a PIN code by email
If the page loads with no login prompt, the lock isn't working — check the Application exists and its DNS record is orange-clouded (proxied).