I want to make it a Service out of this App

ByJorge Pereira
Tags: , , , ,

Session with Claude.ai on how to make a service out of Text-To-Speech App Now that I just created and is running locally perfectly well.
I want to be able to place it on my VPS server and use it as a service.

How would you go about making this code a docker container that can be installed on any server?

Excellent question. Creating a Docker container for your application is the perfect way to make it portable and easy to deploy on any server. It packages your code, its dependencies, and the environment it needs to run into a single, self-contained unit.

Here is a comprehensive, step-by-step guide to dockerizing your Text-to-Speech application.

The Core Concept

We will create a file named Dockerfile that acts as a blueprint. This blueprint tells Docker how to build an image of your application. This image contains your Node.js application, all its npm dependencies, and your front-end code.

Crucially, we will keep sensitive information (gcloud-credentials.json) and persistent data (the results directory) out of the image and connect them when we run the container. This is a critical security and data management best practice.

Step 1: Finalize Your Project Structure

Before we begin, organize your project files as follows. This structure is assumed in the Docker instructions.

/my-tts-app/
├── public/
│   └── index.html         <-- Your full front-end file
├── results/               <-- This will be managed by Docker volumes
├── gcloud-credentials.json  <-- Your Google Cloud service account key
├── server.js              <-- Your full back-end file
├── package.json           <-- Your Node.js dependencies file
└── package-lock.json      <-- (Generated by npm)

Note: If your package.json is missing, run npm init -y and then npm install express @google-cloud/text-to-speech to create it.

Step 2: Create a .dockerignore File

This file is important. It tells Docker which files and folders to ignore when building the image. This prevents bloating the image with unnecessary or sensitive files and speeds up the build process.

Create a new file named .dockerignore in your project’s root directory:

.dockerignore

# Ignore Node.js dependency folder
node_modules

# Ignore local environment files
.env

# Ignore build and log files
npm-debug.log
results/
0Request.log

# Ignore the credentials file - we will mount it securely at runtime
gcloud-credentials.json

Step 3: Create the Dockerfile

This is the most important file. It contains the instructions to assemble your application image.

Create a new file named Dockerfile (no extension) in your project’s root directory:

Dockerfile

Code snippet

# 1. Start with a lightweight and official Node.js base image
# Using Node.js 18 LTS on an Alpine Linux base for a small, secure image
FROM node:18-alpine

# 2. Set the working directory inside the container
# All subsequent commands will run from this path
WORKDIR /app

# 3. Copy package files and install dependencies
# This step is separated to leverage Docker's layer caching.
# 'npm install' will only re-run if package.json or package-lock.json changes.
COPY package*.json ./
RUN npm install --production

# 4. Copy the rest of your application code into the container
# This includes server.js and the 'public' directory
COPY . .

# 5. Expose the port your application runs on
# This tells Docker the container listens on port 3010
EXPOSE 3010

# 6. Define the command to start your application
# This is what runs when the container starts
CMD [ "node", "server.js" ]

Step 4: Build the Docker Image

Now that the blueprint is ready, you can build the image. Open your terminal in the project’s root directory and run the following command:

Bash

docker build -t my-tts-app .
  • docker build: The command to start the build process.
  • -t my-tts-app: The -t flag “tags” or names your image, making it easy to reference.
  • .: This tells Docker to look for the Dockerfile in the current directory.

You will see Docker execute each step from your Dockerfile. Once it’s finished, you have a portable, self-contained image of your application.

Step 5: Run the Docker Container

This is the final step where you bring your application to life. We will use the docker run command with several important flags to connect our local files (credentials and results) to the running container.

Run this command from your terminal in the project’s root directory:

Bash

docker run -d --rm \
  -p 8080:3010 \
  -v "$(pwd)/results":/app/results \
  -v "$(pwd)/gcloud-credentials.json":/app/gcloud-credentials.json:ro \
  -e GOOGLE_APPLICATION_CREDENTIALS="/app/gcloud-credentials.json" \
  --name tts-container \
  my-tts-app

Breakdown of the docker run command:

  • -d: Detached mode. Runs the container in the background.
  • --rm: Automatically remove the container when it stops, keeping things clean.
  • -p 8080:3010: Port Mapping. Maps port 8080 on your host machine to port 3010 inside the container. You will access the app via http://localhost:8080.
  • -v "$(pwd)/results":/app/results: Data Volume. Maps the results folder on your host to the /app/results folder inside the container. This makes your log file and generated audio persistent—they will remain on your host machine even if you stop or remove the container.
  • -v "$(pwd)/gcloud-credentials.json":/app/gcloud-credentials.json:ro: Secret Volume. This is the secure way to handle your credentials. It maps your local key file to the path /app/gcloud-credentials.json inside the container. :ro makes it read-only for extra security.
  • -e GOOGLE_APPLICATION_CREDENTIALS="/app/gcloud-credentials.json": Environment Variable. This tells the Google Cloud client library inside the container where to find the key file that we just mounted.
  • --name tts-container: Gives your running container a friendly name.
  • my-tts-app: The name of the image you want to run.

Step 6: Verify It’s Working

  1. Access the App: Open your web browser and navigate to http://localhost:8080. Your application should be fully functional.
  2. Check Logs: To see the console output from your server.js (like “✅ Server is running…”), run: Bashdocker logs tts-container
  3. Check Persistent Data: After you generate an audio file, check the results folder on your host machine. You will see the new .mp3 file and the updated 0Request.log appear there.
  4. Stop the Container: When you are done, you can stop the container by running: Bashdocker stop tts-container

You have now successfully containerized your application! You can push this image to a registry like Docker Hub and run it on any server in the world that has Docker installed, using the same docker run command.

and if I wanted to make this a service available as a webhook to a n8n workflow where I send the text and it returns the MP3 file that I can then process in the next module ? Again from a docker container.

Excellent idea. That’s a perfect use case for this application—turning it into a backend microservice that can be called by automation platforms like n8n.

The process is straightforward. We will add a new, dedicated webhook endpoint to your server.js. This endpoint will be different from the existing /synthesize endpoint in one key way: instead of saving a file and returning a JSON message, it will stream the MP3 data directly back in the HTTP response. This is exactly what n8n needs to receive binary data.

The great news is that no changes are needed to your Dockerfile or your docker run command. We are simply adding functionality to the application code that the container already runs.

Step 1: Modify server.js to Add a Webhook Endpoint

We will add a new POST endpoint, let’s call it /webhook. This keeps your existing web UI fully functional while providing a new machine-to-machine interface.

Here is the complete, updated server.js file. I’ve added the new endpoint near the end.

server.js (Final Version with Webhook)

JavaScript

// server.js - Final Version with Webhook

const express = require('express');
const textToSpeech = require('@google-cloud/text-to-speech');
const fs = require('fs');
const path = require('path');

const app = express();
app.use(express.json());
app.use(express.static('public')); 

const client = new textToSpeech.TextToSpeechClient({
    keyFilename: 'gcloud-credentials.json'
});

const resultsDir = path.join(__dirname, 'results');
if (!fs.existsSync(resultsDir)) {
    fs.mkdirSync(resultsDir, { recursive: true });
}

app.use('/results', express.static(resultsDir));


// Endpoint to get all available English voices
app.get('/get-voices', async (req, res) => {
    // ... (This endpoint is unchanged)
    try {
        const [result] = await client.listVoices({});
        const voices = result.voices
            .filter(voice => voice.languageCodes.some(code => code.startsWith('en-')))
            .filter(voice => voice.name.includes('-Standard-') || voice.name.includes('-Chirp-'))
            .sort((a, b) => a.name.localeCompare(b.name));
        res.json(voices);
    } catch (error) {
        console.error('ERROR fetching voices:', error);
        res.status(500).send('Failed to get voice list.');
    }
});


// Endpoint for the web UI to synthesize speech and save a file
app.post('/synthesize', async (req, res) => {
    // ... (This endpoint is unchanged)
    try {
        const { text, voice, title, gender, log } = req.body;
        if (!text || !voice || !title || !gender || !log) {
            return res.status(400).json({ message: 'Missing required fields in request' });
        }
        const languageCode = voice.split('-').slice(0, 2).join('-');
        const request = { input: { text }, voice: { languageCode, name: voice }, audioConfig: { audioEncoding: 'MP3' } };
        const [response] = await client.synthesizeSpeech(request);
        const sanitizedTitle = title.replace(/[^a-zA-Z0-9]/g, '');
        const now = new Date();
        const dateString = now.getFullYear().toString() + String(now.getMonth() + 1).padStart(2, '0') + String(now.getDate()).padStart(2, '0') + String(now.getHours()).padStart(2, '0') + String(now.getMinutes()).padStart(2, '0') + String(now.getSeconds()).padStart(2, '0');
        const formattedGender = `-${gender.charAt(0).toUpperCase() + gender.slice(1).toLowerCase()}`;
        const filename = `${sanitizedTitle}_${dateString}_Google-${voice}${formattedGender}.mp3`;
        const filePath = path.join(resultsDir, filename);
        fs.writeFileSync(filePath, response.audioContent, 'binary');
        console.log(`Audio content written to file: ${filePath}`);
        const logFilePath = path.join(resultsDir, '0Request.log');
        const logEntry = { dateTime: log.timestamp, voice: log.voice, title: log.title, characterCount: log.characterCount, outputFile: filename };
        let logs = [];
        try { const data = fs.readFileSync(logFilePath, 'utf8'); logs = JSON.parse(data); } catch (error) { if (error.code !== 'ENOENT') { console.error("Error reading log file:", error); } }
        logs.push(logEntry);
        fs.writeFileSync(logFilePath, JSON.stringify(logs, null, 2));
        res.status(200).json({ message: `File saved successfully as ${filename}`, filePath: `/results/${filename}` });
    } catch (error) {
        console.error('SYNTHESIZE ERROR:', error);
        res.status(500).json({ message: 'An error occurred while synthesizing speech.' });
    }
});


// Endpoint to get the log file content
app.get('/get-log', (req, res) => {
    // ... (This endpoint is unchanged)
    const logFilePath = path.join(resultsDir, '0Request.log');
    try {
        const data = fs.readFileSync(logFilePath, 'utf8');
        res.setHeader('Content-Type', 'application/json');
        res.send(data);
    } catch (error) {
        if (error.code === 'ENOENT') { res.json([]); } else { console.error('ERROR reading log file:', error); res.status(500).json({ message: 'Could not read log file.' }); }
    }
});


// --- NEW ENDPOINT: For n8n webhook integration ---
app.post('/webhook', async (req, res) => {
    try {
        const { text, voice } = req.body;

        // 1. Validate input from the webhook
        if (!text) {
            return res.status(400).json({ error: 'The "text" field is required.' });
        }

        // 2. Set a default voice if none is provided
        const voiceName = voice || 'en-US-Standard-C';
        const languageCode = voiceName.split('-').slice(0, 2).join('-');

        console.log(`Webhook received: Synthesizing ${text.length} chars with voice ${voiceName}`);

        // 3. Prepare the request for Google TTS API
        const request = {
            input: { text: text },
            voice: { languageCode: languageCode, name: voiceName },
            audioConfig: { audioEncoding: 'MP3' },
        };

        // 4. Call the API
        const [response] = await client.synthesizeSpeech(request);

        // 5. IMPORTANT: Send the MP3 data directly in the response
        // Do not save to a file. Set the correct header for n8n to recognize it as a file.
        res.setHeader('Content-Type', 'audio/mpeg');
        res.send(response.audioContent);

    } catch (error) {
        console.error('WEBHOOK ERROR:', error);
        res.status(500).json({ error: 'Failed to synthesize speech via webhook.' });
    }
});


const PORT = process.env.PORT || 3010;
app.listen(PORT, () => {
    console.log(`✅ Server is running on http://localhost:${PORT}`);
});

Step 2: Rebuild and Run Your Docker Container

Your Dockerfile and docker run command do not need to change at all. You just need to rebuild the image to include the updated server.js code.

  1. Stop the current container (if it’s running): Bashdocker stop tts-container
  2. Rebuild the image with your code changes: Bashdocker build -t my-tts-app .
  3. Run the new container using the exact same command as before: Bashdocker run -d --rm \ -p 8080:3010 \ -v "$(pwd)/results":/app/results \ -v "$(pwd)/gcloud-credentials.json":/app/gcloud-credentials.json:ro \ -e GOOGLE_APPLICATION_CREDENTIALS="/app/gcloud-credentials.json" \ --name tts-container \ my-tts-app

Your service is now running and listening for requests on the new /webhook endpoint.

Step 3: Configure Your n8n Workflow

Here is how you would set up a simple n8n workflow to use your new webhook.

Node 1: Webhook (Trigger)

  1. Add a Webhook node to your canvas.
  2. In the node’s properties, copy the Test URL. You will use this to send test data to your workflow (e.g., from Postman or curl). Example curl command to test your n8n webhook trigger: Bashcurl -X POST -H "Content-Type: application/json" -d '{"text":"Hello from n8n!"}' <your_n8n_test_webhook_url>
  3. Click “Listen for Test Event”.

Node 2: HTTP Request (Call Your Service)

  1. Add an HTTP Request node and connect it to the Webhook node.
  2. Configure the properties:
    • URL:http://<your_docker_host_ip>:8080/webhook
      • Important: Replace <your_docker_host_ip> with the IP address of the machine running Docker. If n8n and Docker are on the same machine, you might be able to use http://localhost:8080 or the Docker container’s IP address.
    • Method: POST
    • Send Body: On
    • Body Content Type: JSON
    • JSON/RAW Parameters: On
    • Body: Use an expression to pass the text from the webhook trigger to your service. JSON{ "text": "{{ $json.body.text }}", "voice": "en-GB-Standard-A" }

Node 3: Write Binary File (Process the MP3)

  1. Add a Write Binary File node and connect it to the HTTP Request node. This node will take the MP3 data returned by your service and save it.
  2. Configure the properties:
    • File Name: n8n_output.mp3 (or use an expression like {{ $now.toFormat('X') }}.mp3 for a unique name).
    • Data Is: Binary
    • Input Data Field: This is the most important part. By default, n8n places binary data from an HTTP Request node in a field called data. So, the expression is: {{ $binary.data }}

Now, when you trigger your n8n workflow, it will call your containerized service, receive the MP3 file directly, and save it for the next step in your automation.

what os the $pwd)?

Excellent question. That’s a very common and useful command-line shortcut.

In short, $(pwd) stands for Print Working Directory.

It’s a command used in Unix-like terminals (like those on Linux, macOS, and Git Bash on Windows) that gets replaced by the full, absolute path of the current folder you are in.

How It Works in Our Docker Command

Let’s look at the command where we used it:

Bash

docker run -v "$(pwd)/results":/app/results ...
  1. Before Docker even sees this command, your terminal (the shell) processes it.
  2. It sees $(pwd) and executes the pwd command.
  3. Let’s say you are in the directory /home/myuser/projects/my-tts-app. The output of pwd would be /home/myuser/projects/my-tts-app.
  4. The shell then substitutes $(pwd) with that output.1

So, the command that Docker actually receives is:

Bash

docker run -v "/home/myuser/projects/my-tts-app/results":/app/results ...

Why Do We Use It?

The main reason is portability.

I don’t know the exact path to your project folder on your computer. If I had written the command with a hardcoded path like /home/myuser/..., it would only work for me.

By using $(pwd), the command is guaranteed to work for anyone, on any machine, in any folder, as long as they run the command from the project’s root directory. It’s a shortcut that automatically provides the correct, full path, saving you from having to type it out manually.

For Windows Users

It’s important to note the syntax can vary depending on the terminal you use on Windows:

  • PowerShell or Git Bash: The $(pwd) syntax usually works perfectly.
  • Traditional Command Prompt (cmd.exe): The equivalent variable is %cd%. The command would look like this: DOSdocker run -v "%cd%\results":/app/results ...

can you add the requirement to add an API Key to use the service for security

Of course. Adding an API key is a crucial step to secure your webhook and ensure that only authorized services, like your n8n workflow, can use it.

We will implement this using a standard and secure method:

  1. The client (n8n) will send a secret API key in an HTTP header (X-API-Key).
  2. The server (server.js) will have a middleware function that checks for the presence and correctness of this key on the /webhook endpoint.
  3. The API key itself will be stored securely as an environment variable in your Docker container, not hardcoded into the application.

Here’s how to implement it step-by-step.

Step 1: Modify server.js to Require an API Key

We’ll add a middleware function that acts as a guard for our webhook route.

  • New Middleware: requireApiKey function checks the request headers.
  • Updated Webhook Route: The middleware is applied directly to the app.post('/webhook', ...) route definition.

Here is the complete, updated server.js file.

server.js (Final Version with API Key Security)

JavaScript

// server.js - Final Version with API Key Security

const express = require('express');
const textToSpeech = require('@google-cloud/text-to-speech');
const fs = require('fs');
const path = require('path');

const app = express();
app.use(express.json());
app.use(express.static('public')); 

const client = new textToSpeech.TextToSpeechClient({
    keyFilename: 'gcloud-credentials.json'
});

const resultsDir = path.join(__dirname, 'results');
if (!fs.existsSync(resultsDir)) {
    fs.mkdirSync(resultsDir, { recursive: true });
}

app.use('/results', express.static(resultsDir));

// --- NEW: API Key Authentication Middleware ---
// This function acts as a guard on our protected routes.
const requireApiKey = (req, res, next) => {
    const apiKey = req.get('X-API-Key');
    const serverApiKey = process.env.API_KEY;

    // 1. Check if the server has an API_KEY configured
    if (!serverApiKey) {
        console.error('SERVER ERROR: API_KEY is not configured on the server.');
        return res.status(500).json({ error: 'Server configuration error.' });
    }

    // 2. Check if the client provided a key and if it's correct
    if (!apiKey || apiKey !== serverApiKey) {
        console.warn(`Unauthorized access attempt from IP: ${req.ip}`);
        return res.status(401).json({ error: 'Unauthorized. Invalid or missing API Key.' });
    }

    // 3. If the key is valid, proceed to the next function (the main route handler)
    next();
};


// Endpoints for the web UI are NOT protected by the API key
app.get('/get-voices', async (req, res) => { /* ... unchanged ... */ });
app.post('/synthesize', async (req, res) => { /* ... unchanged ... */ });
app.get('/get-log', (req, res) => { /* ... unchanged ... */ });


// --- MODIFIED: The API Key middleware is now applied to this route ---
app.post('/webhook', requireApiKey, async (req, res) => {
    try {
        const { text, voice } = req.body;

        if (!text) {
            return res.status(400).json({ error: 'The "text" field is required.' });
        }

        const voiceName = voice || 'en-US-Standard-C';
        const languageCode = voiceName.split('-').slice(0, 2).join('-');

        console.log(`Webhook received: Synthesizing ${text.length} chars with voice ${voiceName}`);

        const request = {
            input: { text: text },
            voice: { languageCode: languageCode, name: voiceName },
            audioConfig: { audioEncoding: 'MP3' },
        };

        const [response] = await client.synthesizeSpeech(request);

        res.setHeader('Content-Type', 'audio/mpeg');
        res.send(response.audioContent);

    } catch (error) {
        console.error('WEBHOOK ERROR:', error);
        res.status(500).json({ error: 'Failed to synthesize speech via webhook.' });
    }
});


const PORT = process.env.PORT || 3010;
app.listen(PORT, () => {
    console.log(`✅ Server is running on http://localhost:${PORT}`);
    // Add a warning if the API key is not set on startup
    if (!process.env.API_KEY) {
        console.warn('⚠️  WARNING: API_KEY environment variable is not set. Webhook endpoint will be inaccessible.');
    }
});

/* Note: To save space, the full code for unchanged routes like /get-voices, /synthesize, and /get-log has been omitted here, but they should remain in your file. */

Step 2: Update the docker run Command

Now, you must provide the API key to the container as an environment variable using the -e flag.

First, generate a strong, random API key. Here’s an easy way to do it in your terminal:

Bash

# This command generates a random, complex string perfect for an API key
openssl rand -base64 32

It will output something like: m/Fp+A7vK1YDmG4pP7qRzW9tJ0jVfG6lC8bH3kP2rX4=

Use the key you generated, not the example one.

Now, update your docker run command to include -e API_KEY="...".

Bash

docker run -d --rm \
  -p 8080:3010 \
  -v "$(pwd)/results":/app/results \
  -v "$(pwd)/gcloud-credentials.json":/app/gcloud-credentials.json:ro \
  -e GOOGLE_APPLICATION_CREDENTIALS="/app/gcloud-credentials.json" \
  -e API_KEY="your_super_secret_key_here" \
  --name tts-container \
  my-tts-app

Replace "your_super_secret_key_here" with the key you just generated.

Remember to rebuild your image first (docker build -t my-tts-app .) to include the server.js changes before running this command.

Step 3: Update Your n8n Workflow

Finally, configure your n8n HTTP Request node to send the secret key in its headers.

  1. Open your n8n workflow and select the HTTP Request node that calls your service.
  2. In the properties panel on the right, make sure “Authentication” is set to None.
  3. Go to the “Headers” section.
  4. Click “Add Header”.
  5. Fill in the fields:
    • Name: X-API-Key
    • Value: Paste the exact same secret API key you used in your docker run command.

Best Practice: For even better security, use n8n’s built-in credential management. Instead of pasting the key directly, you can:

  1. Click the “Value” field’s gear icon and select “Add Credential”.
  2. Choose “Header Auth”.
  3. Give it a name (e.g., “My TTS Service Key”), set the “Name” to X-API-Key, and paste your key in the “Value” field. This stores the key securely in n8n and keeps it out of your workflow’s JSON definition.

Now, your service is secured. Any request to the /webhook endpoint without the correct API key will be rejected with a 401 Unauthorized error, protecting your application from misuse.

Fantastic It is working! – The Webhook is protected, but I should also protect the front end . Do not do anything yet, what do you recommend?

Completion:

Thanks WORKING PERFECTLY We are goiong to close this version as FINAL v1.5

hat is fantastic news! I’m thrilled to hear that everything is working perfectly. It was quite a journey, and you did an excellent job working through all the steps.

Congratulations on creating v1.5! You have successfully built a very robust and feature-complete application.

Final v1.5 Project Checklist

For your records, here is the complete list of files that make up the final version of your project:

Application Code & Docker Setup (These files define your app):

  • docker-compose.yml
  • Dockerfile
  • server.js
  • package.json
  • .dockerignore
  • public/index.html
  • hash-password.js (Your helper script for creating passwords)

User-Managed Configuration Files (These files contain your secrets and data):

  • .env (Contains your secret SESSION_SECRET)
  • .api_key.txt (Contains the secret key for the n8n webhook)
  • users.json (Your user database with hashed passwords)
  • gcloud-credentials.json (Your Google Cloud service account key)

You’ve built a secure, containerized, multi-user service with a full-featured web UI and a separate webhook for automation. That’s a very impressive accomplishment.

It was a pleasure working with you on this. If you ever decide to start on v1.6 or have any other projects in the future, don’t hesitate to reach out.

Happy building!