Deployment Overview of ComfyUI on Server¶

Prerequisites and Basic Requirements¶

Operating System: Debian-based Linux distribution.
Privileges: Root access is required to install system packages, modify hosts, and manage systemd services.
Ports: The application listens internally on port 8188. External access is routed via port 443 through a reverse proxy.
Domain: The deployment utilizes the hostkey.in domain zone.

The final accessible address for the ComfyUI panel is: comfyuiServer ID.hostkey.in:443

Note: Replace Server ID with the specific identifier assigned to the host instance.

The following directory structure is established during the deployment:

Path	Description
`/root/ComfyUI`	Main application directory cloned from the repository.
`/root/ComfyUI/user/default/workflows`	Storage location for workflow JSON files.
`/root/ComfyUI/user/default/comfy.settings.json`	Application configuration file.
`/root/nginx`	Directory containing Docker Compose configurations for the proxy.
`/root/nginx/compose.yml`	Docker Compose definition for Nginx and Certbot.
`/data/nginx/nginx-certbot.env`	Environment file for the proxy configuration.
`/data/nginx/user_conf.d`	Directory for custom Nginx user configurations.
`/etc/letsencrypt`	Volume mount for SSL certificates managed by Certbot.
`/etc/systemd/system/comfyui.service`	Systemd unit file for the ComfyUI service.

The installation process involves the following steps:

System Update: APT packages are updated and upgraded.
Repository Clone: The ComfyUI source code is cloned to /root/ComfyUI from https://github.com/comfyanonymous/ComfyUI.git.
Dependency Installation:
- Python pip (python3-pip) is installed via APT.
- PyTorch is installed using pip with the CUDA 12.6 index URL:
```
/usr/bin/pip install torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cu126
```
- Application requirements are installed from the local requirements.txt:
```
/usr/bin/pip install -r requirements.txt
```
Hosts Configuration: The IP address 5.180.174.199 is added to /etc/hosts as an alias for huggingface.co to optimize model downloads.
Model Deployment:
- A check is performed for the existence of the Flux model at /root/ComfyUI/models/checkpoints/flux1-dev-fp8.safetensors.
- If missing or incomplete, the model is downloaded from https://huggingface.co/Comfy-Org/flux1-dev/resolve/main/flux1-dev-fp8.safetensors with resume capability.
Workflow Setup:
- The directory /root/ComfyUI/user/default/workflows is created with permissions 0755.
- A workflow configuration file flux1-dev-fp8.json is deployed to this directory.
Configuration: The file /root/ComfyUI/user/default/comfy.settings.json is configured.
Service Creation: The systemd service unit comfyui.service is created in /etc/systemd/system/.
Service Activation: The service is enabled and started immediately.

Firewall: External traffic is handled by the Nginx container which manages port 443. Direct access to port 8188 is restricted to internal use unless explicitly configured otherwise.
Users: The ComfyUI service runs with root privileges as defined in the systemd unit file.
Restrictions: Access to the Hugging Face repository is routed through a modified /etc/hosts entry to ensure reliable connectivity for model downloads.

The deployment utilizes Docker for the reverse proxy and SSL management.

Docker Installation: The Docker engine is installed and configured on the host.
Proxy Configuration:
- A directory /root/nginx is created with root ownership.
- A compose.yml file is generated in /root/nginx/.
Container Launch: The docker compose up -d command is executed in the /root/nginx directory to start the services.

The compose.yml defines the following service:

Service Name: nginx
Image: jonasal/nginx-certbot:latest
Restart Policy: unless-stopped
Network Mode: host
Environment:
- CERTBOT_EMAIL: Set to [email protected]
Volumes:
- nginx_secrets mounted to /etc/letsencrypt (SSL certificates).
- /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d (Nginx configs).
Dependencies: Relies on the docker-managed-install and docker-certbot-proxy roles for environment setup.

A reverse proxy is configured using the jonasal/nginx-certbot Docker image to handle HTTPS traffic and SSL certificate management.

Nginx: Acts as the reverse proxy, routing external requests from port 443 to the internal ComfyUI port 8188.
Certbot: Integrated within the Docker container to automatically obtain and renew SSL certificates via Let's Encrypt.
SSL Certificates: Stored in the external volume nginx_secrets mounted at /etc/letsencrypt.
Configuration: Custom Nginx configurations are stored in /data/nginx/user_conf.d and loaded by the container.

The following permissions are set on the deployed files and directories:

File or Directory	Permissions	Owner
`/root/ComfyUI/user/default/workflows`	`0755`	`root`
`/root/ComfyUI/user/default/workflows/flux1-dev-fp8.json`	`0644`	`root`
`/root/ComfyUI/user/default/comfy.settings.json`	`0644`	`root`
`/etc/systemd/system/comfyui.service`	`0644`	`root`
`/root/nginx`	`0644`	`root`
`/root/nginx/compose.yml`	`0644`	`root`

The deployment exposes the following ports:

Port	Protocol	Description
`443`	HTTPS	External access point via Nginx reverse proxy.
`8188`	TCP	Internal port used by ComfyUI; accessible via the proxy.

The ComfyUI application is managed as a systemd service. Use the following commands:

For the Nginx proxy container, management is handled via Docker Compose within the /root/nginx directory: