BCOrderHaus — Full-Stack Order Management System
Replaced spreadsheet chaos with a full-stack order management system — complete with customer portal, CI/CD pipeline, and production security audit.
The Problem
Beam Creative is a laser engraving and 3D printing business handling dozens of custom orders every week. Before BCOrderHaus, the workflow looked like this: a customer emails a request, someone copies the details into a spreadsheet, pricing gets calculated in a separate document, quotes go back via email, and order status lives in everyone's heads.
The result? Lost orders, pricing mistakes, customers asking "where's my order?" with no good answer, and hours spent every week just managing the chaos instead of doing actual work.
The Approach
The goal was a single system that manages the entire order lifecycle — from first inquiry to final delivery. But rather than buying off-the-shelf software (which never quite fits a custom products business), we built exactly what the workflow needed.
Key design decisions:
- Two-app architecture: An internal admin system for staff and a separate customer-facing portal for quote approvals and order tracking. Same database, different interfaces, different security models.
- Docker everywhere: PostgreSQL in Docker for development, multi-stage Docker builds for production images (only 156MB each), Docker Compose for orchestration.
- Drizzle ORM: Type-safe database access with full TypeScript inference. The schema IS the documentation.
The Tech
The internal app is a Next.js application with a PostgreSQL database, deployed as a Docker container on a Proxmox LXC container on the local network. The customer portal runs on a hardened Hostinger VPS with Caddy for automatic HTTPS.
The CI/CD pipeline runs on self-hosted Gitea Actions. On every push to main: lint → build → test → deploy. Docker images are built on the development machine (which has more resources), then shipped to production via docker save | ssh | load — no container registry needed.
The deployment scripts back up the database before every deploy, poll health checks for 60 seconds after restart, and dump container logs on failure. The health check endpoint doesn't just return 200 — it actually queries the database (SELECT 1). An app that can't reach its database is not healthy.
The Security Story
After the initial build, we ran a comprehensive security audit and found 25 vulnerabilities across critical, high, medium, and low severity. Among the findings:
- Input validation gaps that could allow injection attacks
- Session management issues in the customer portal
- Missing rate limiting on authentication endpoints
- Overly permissive CORS configuration
Every issue was fixed and documented. The production VPS was hardened with a 10-step protocol: deploy user with scoped sudo, SSH key-only auth on a non-standard port, UFW firewall (default deny), Fail2ban for brute force protection, AIDE for file integrity monitoring, and Caddy for automatic TLS.
The Outcome
BCOrderHaus now handles the complete order lifecycle. Staff create orders, track production status, manage quotes, and coordinate with customers — all in one place. The customer portal lets clients approve quotes and check order status without sending a single email.
The system has been running in production with zero unplanned downtime. Automated database backups run nightly with 14-day retention. The CI/CD pipeline means updates ship in minutes, not hours.
Eliminated spreadsheet-based order tracking
Built customer-facing quote approval portal
Fixed 25 security vulnerabilities in production audit
Automated deployment with CI/CD pipeline and health checks
Hardened production VPS with 10-step security protocol
Want Something Like This?
Every project starts with a conversation about what's not working.
Let's Talk