Local changes before sync

server-backups/server_backup_20250628_203904/backup_info.txt

@@ -0,0 +1,10 @@
+V2-Docker Server Backup
+Created: Sat Jun 28 08:39:06 PM UTC 2025
+Timestamp: 20250628_203904
+Type: Full Server Backup
+Contents:
+- Configuration files (docker-compose, nginx, SSL)
+- PostgreSQL database dump
+- Docker volumes
+- Git status and history
+- Docker container status

server-backups/server_backup_20250628_203904/configs/.env

@@ -0,0 +1,70 @@
+# PostgreSQL-Datenbank
+POSTGRES_DB=meinedatenbank
+POSTGRES_USER=adminuser
+POSTGRES_PASSWORD=supergeheimespasswort
+
+# Admin-Panel Zugangsdaten
+ADMIN1_USERNAME=rac00n
+ADMIN1_PASSWORD=1248163264
+ADMIN2_USERNAME=w@rh@mm3r
+ADMIN2_PASSWORD=Warhammer123!
+
+# Lizenzserver API Key für Authentifizierung
+
+
+# Domains (können von der App ausgewertet werden, z. B. für Links oder CORS)
+API_DOMAIN=api-software-undso.intelsight.de
+ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de
+
+# ===================== OPTIONALE VARIABLEN =====================
+
+# JWT für API-Auth (WICHTIG: Für sichere Token-Verschlüsselung!)
+JWT_SECRET=xY9ZmK2pL7nQ4wF6jH8vB3tG5aZ1dE7fR9hT2kM4nP6qS8uW0xC3yA5bD7eF9gH2jK4
+
+# E-Mail Konfiguration (z. B. bei Ablaufwarnungen)
+# MAIL_SERVER=smtp.meinedomain.de
+# MAIL_PORT=587
+# MAIL_USERNAME=deinemail
+# MAIL_PASSWORD=geheim
+# MAIL_FROM=no-reply@meinedomain.de
+
+# Logging
+# LOG_LEVEL=info
+
+# Erlaubte CORS-Domains (für Web-Frontend)
+# ALLOWED_ORIGINS=https://admin.meinedomain.de
+
+# ===================== VERSION =====================
+
+# Serverseitig gepflegte aktuelle Software-Version
+# Diese wird vom Lizenzserver genutzt, um die Kundenversion zu vergleichen
+LATEST_CLIENT_VERSION=1.0.0
+
+# ===================== BACKUP KONFIGURATION =====================
+
+# E-Mail für Backup-Benachrichtigungen
+EMAIL_ENABLED=false
+
+# Backup-Verschlüsselung (optional, wird automatisch generiert wenn leer)
+# BACKUP_ENCRYPTION_KEY=
+
+# ===================== CAPTCHA KONFIGURATION =====================
+
+# Google reCAPTCHA v2 Keys (https://www.google.com/recaptcha/admin)
+# Für PoC-Phase auskommentiert - CAPTCHA wird übersprungen wenn Keys fehlen
+# RECAPTCHA_SITE_KEY=your-site-key-here
+# RECAPTCHA_SECRET_KEY=your-secret-key-here
+
+# ===================== MONITORING KONFIGURATION =====================
+
+# Grafana Admin Credentials
+GRAFANA_USER=admin
+GRAFANA_PASSWORD=admin
+
+# SMTP Settings for Alertmanager (optional)
+# SMTP_USERNAME=your-email@gmail.com
+# SMTP_PASSWORD=your-app-password
+
+# Webhook URLs for critical alerts (optional)
+# WEBHOOK_CRITICAL=https://your-webhook-url/critical
+# WEBHOOK_SECURITY=https://your-webhook-url/security

server-backups/server_backup_20250628_203904/configs/docker-compose.yaml

@@ -0,0 +1,164 @@
+services:
+  postgres:
+    build:
+      context: ../v2_postgres
+    container_name: db
+    restart: always
+    env_file: .env
+    environment:
+      POSTGRES_HOST: postgres
+      POSTGRES_INITDB_ARGS: '--encoding=UTF8 --locale=de_DE.UTF-8'
+      POSTGRES_COLLATE: 'de_DE.UTF-8'
+      POSTGRES_CTYPE: 'de_DE.UTF-8'
+      TZ: Europe/Berlin
+      PGTZ: Europe/Berlin
+    volumes:
+      # Persistente Speicherung der Datenbank auf dem Windows-Host
+      - postgres_data:/var/lib/postgresql/data
+      # Init-Skript für Tabellen
+      - ../v2_adminpanel/init.sql:/docker-entrypoint-initdb.d/init.sql
+    networks:
+      - internal_net
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4g
+
+  license-server:
+    build:
+      context: ../v2_lizenzserver
+    container_name: license-server
+    restart: always
+    # Port-Mapping entfernt - nur noch über Nginx erreichbar
+    env_file: .env
+    environment:
+      TZ: Europe/Berlin
+    depends_on:
+      - postgres
+    networks:
+      - internal_net
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4g
+
+  # auth-service:
+  #   build:
+  #     context: ../lizenzserver/services/auth
+  #   container_name: auth-service
+  #   restart: always
+  #   # Port 5001 - nur intern erreichbar
+  #   env_file: .env
+  #   environment:
+  #     TZ: Europe/Berlin
+  #     DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/v2_adminpanel
+  #     REDIS_URL: redis://redis:6379/1
+  #     JWT_SECRET: ${JWT_SECRET}
+  #     FLASK_ENV: production
+  #   depends_on:
+  #     - postgres
+  #     - redis
+  #   networks:
+  #     - internal_net
+  #   deploy:
+  #     resources:
+  #       limits:
+  #         cpus: '1'
+  #         memory: 1g
+
+  # analytics-service:
+  #   build:
+  #     context: ../lizenzserver/services/analytics
+  #   container_name: analytics-service
+  #   restart: always
+  #   # Port 5003 - nur intern erreichbar
+  #   env_file: .env
+  #   environment:
+  #     TZ: Europe/Berlin
+  #     DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/v2_adminpanel
+  #     REDIS_URL: redis://redis:6379/2
+  #     JWT_SECRET: ${JWT_SECRET}
+  #     FLASK_ENV: production
+  #   depends_on:
+  #     - postgres
+  #     - redis
+  #     - rabbitmq
+  #   networks:
+  #     - internal_net
+  #   deploy:
+  #     resources:
+  #       limits:
+  #         cpus: '1'
+  #         memory: 2g
+
+  # admin-api-service:
+  #   build:
+  #     context: ../lizenzserver/services/admin_api
+  #   container_name: admin-api-service
+  #   restart: always
+  #   # Port 5004 - nur intern erreichbar
+  #   env_file: .env
+  #   environment:
+  #     TZ: Europe/Berlin
+  #     DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/v2_adminpanel
+  #     REDIS_URL: redis://redis:6379/3
+  #     JWT_SECRET: ${JWT_SECRET}
+  #     FLASK_ENV: production
+  #   depends_on:
+  #     - postgres
+  #     - redis
+  #     - rabbitmq
+  #   networks:
+  #     - internal_net
+  #   deploy:
+  #     resources:
+  #       limits:
+  #         cpus: '1'
+  #         memory: 2g
+
+  admin-panel:
+    build:
+      context: ../v2_adminpanel
+    container_name: admin-panel
+    restart: always
+    # Port-Mapping entfernt - nur über nginx erreichbar
+    env_file: .env
+    environment:
+      TZ: Europe/Berlin
+    depends_on:
+      - postgres
+    networks:
+      - internal_net
+    volumes:
+      # Backup-Verzeichnis
+      - ../backups:/app/backups
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4g
+
+  nginx:
+    build:
+      context: ../v2_nginx
+    container_name: nginx-proxy
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      TZ: Europe/Berlin
+    depends_on:
+      - admin-panel
+      - license-server
+    networks:
+      - internal_net
+
+networks:
+  internal_net:
+    driver: bridge
+
+volumes:
+  postgres_data:

server-backups/server_backup_20250628_203904/configs/nginx.conf

@@ -0,0 +1,122 @@
+events {
+    worker_connections 1024;
+}
+
+http {
+    # Enable nginx status page for monitoring
+    server {
+        listen 8080;
+        server_name localhost;
+        
+        location /nginx_status {
+            stub_status on;
+            access_log off;
+            allow 127.0.0.1;
+            allow 172.16.0.0/12;  # Docker networks
+            deny all;
+        }
+    }
+    # Moderne SSL-Einstellungen für maximale Sicherheit
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+    ssl_prefer_server_ciphers off;
+    
+    # SSL Session Einstellungen
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    
+    # OCSP Stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+    
+    # DH parameters für Perfect Forward Secrecy
+    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+
+    # Admin Panel
+    server {
+        listen 80;
+        server_name admin-panel-undso.intelsight.de;
+        
+        # Redirect HTTP to HTTPS
+        return 301 https://$server_name$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name admin-panel-undso.intelsight.de;
+
+        # SSL-Zertifikate (echte Zertifikate)
+        ssl_certificate /etc/nginx/ssl/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+        # Security Headers
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+        # Proxy-Einstellungen
+        location / {
+            proxy_pass http://admin-panel:5000;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            
+            # WebSocket support (falls benötigt)
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+        
+        # Auth Service API (internal only) - temporarily disabled
+        # location /api/v1/auth/ {
+        #     proxy_pass http://auth-service:5001/api/v1/auth/;
+        #     proxy_set_header Host $host;
+        #     proxy_set_header X-Real-IP $remote_addr;
+        #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #     proxy_set_header X-Forwarded-Proto $scheme;
+        #     proxy_set_header Authorization $http_authorization;
+        # }
+    }
+
+    # API Server (für später)
+    server {
+        listen 80;
+        server_name api-software-undso.intelsight.de;
+        
+        return 301 https://$server_name$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name api-software-undso.intelsight.de;
+
+        ssl_certificate /etc/nginx/ssl/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+        # Security Headers
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+        location / {
+            proxy_pass http://license-server:8443;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            
+            # WebSocket support (falls benötigt)
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+    }
+}

server-backups/server_backup_20250628_203904/configs/ssl/dhparam.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA3UNy/iKdzjC78mqJ39+w9uotmnI9yglBXI7N/+t42KSX19TCsE5I
+Dw+bToiUJHAqu+BG2ZNZhvB4+NStFVkPAnEm1I4UOXR9skWgOqwhqotPUpHduOLC
+wooKpMUe26dGszM/tQduYoupzfwbVU8ENamLKXOqrzz/CBmo8r1uvPNAM0AljVSO
+mOCMIu8C0KBm5u6I1USjp2xNi8xTeasBsLc1iRbxKLKNLNQW4dL9fO7NQIDPghOi
+5YTMiNoO14TsCrzzPIF4AFWnBW2XTGwYlx5CuAR/ZUmbzdEVD7ACka2MP6PSnjLK
+SIjlM7dTQQHASm81JazbNFqYBBk69/GuZwIBAg==
+-----END DH PARAMETERS-----

server-backups/server_backup_20250628_203904/docker_compose_status.txt

@@ -0,0 +1 @@
+./create_full_backup.sh: line 51: docker-compose: command not found

server-backups/server_backup_20250628_203904/docker_containers.txt

@@ -0,0 +1,5 @@
+CONTAINER ID   IMAGE               COMMAND                  CREATED        STATUS             PORTS                                                                          NAMES
+2e19a609cc5c   v2-nginx            "/docker-entrypoint.…"   25 hours ago   Up About an hour   0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:443->443/tcp, [::]:443->443/tcp   nginx-proxy
+60acd5642854   v2-admin-panel      "python app.py"          25 hours ago   Up About an hour   5000/tcp                                                                       admin-panel
+d2aa58e670bc   v2-license-server   "uvicorn app.main:ap…"   25 hours ago   Up About an hour   8443/tcp                                                                       license-server
+6f40b240e975   v2-postgres         "docker-entrypoint.s…"   25 hours ago   Up About an hour   5432/tcp                                                                       db

server-backups/server_backup_20250628_203904/git_recent_commits.txt

@@ -0,0 +1,50 @@
+553c376 Test backup
+98bee9c Backup vor Admin Panel Backup-System Erweiterung
+bad7324 Backup nach Import von Lizenzen und Ressourcen (77 Lizenzen, 31 Ressourcen)
+b28b60e nur backups
+f105039 Backup nach Wiederherstellung der Kundendaten aus altem Backup
+a77c34c Backup nach User-Migration zu Datenbank
+85c7499 Add full server backup with Git LFS
+8aa79c6 Merge branch 'main' of https://github.com/UserIsMH/v2-Docker
+4ab51a7 Hetzner Deploy Version (hoffentlich)
+35fd8fd Aktualisieren von SYSTEM_DOCUMENTATION.md
+5b71a1d Namenskonsistenz + Ablauf der Lizenzen
+cdf81e2 Dashboard angepasst
+4a13946 Lead Management Usability Upgrade
+45e236f Lead Management - Zwischenstand
+8cb483a Documentation gerade gezogen
+4b093fa log Benutzer Fix
+b9b943e Export Button geht jetzt
+74391e6 Lizenzübersicjht DB Data Problem Fix
+9982f14 Lizenzübersicht fix
+ce03b90 Lizenzübersicht besser
+1146406 BUG fix - API
+4ed8889 API-Key - Fix - Nicht mehr mehrere
+889a7b4 Documentation Update
+1b5b7d0 API Key Config ist fertig
+b420452 lizenzserver API gedöns
+6d1577c Create TODO_LIZENZSERVER_CONFIG.md
+20be02d CLAUDE.md als Richtlinie
+75c2f0d Monitoring fix
+0a994fa Error handling
+08e4e93 Die UNterscheidung von Test und Echt Lizenzen ist strikter
+fdf74c1 Monitoring Anpassung
+3d02c7a Service Status im Dashboard
+e2b5247 System Status - License Server fix
+1e6012a Unnötige Reddis und Rabbit MQ entfernt
+e6799c6 Garfana und sowas aufgeräumt
+3d899b1 Test zu Fake geändert, weil Namensproblem
+fec588b Löschen Lizenz Schutz
+1451a23 Alle Lkzenzen in der Navbar
+627c6c3 Dashboard zeigt Realdaten
+fff82f4 Session zu Aktive Nutzung im Dashboard
+ae30b74 Lizenzserver (Backend) - Erstellt
+afa2b52 Kunden & Lizenzen Fix
+b822504 Kontakte - Telefonnummern und E-Mail-Adressen Bearbeiten ist drin
+9e5843a Übersicht der Kontakte
+0e79e5e Alle .md einmal aufgeräumt
+f73c64a Notizen kann man bearbeiten
+72e328a Leads sind integriert
+c349469 Stand geupdatet
+f82131b Vorläufig fertiger server
+c30d974 Zwischenstand - ohne Prometheus

server-backups/server_backup_20250628_203904/git_status.txt

@@ -0,0 +1,39 @@
+On branch main
+Changes not staged for commit:
+  (use "git add/rm <file>..." to update what will be committed)
+  (use "git restore <file>..." to discard changes in working directory)
+	deleted:    server-backups/server_backup_20250628_145911.tar.gz
+	deleted:    server-backups/server_backup_20250628_153152.tar.gz
+	deleted:    server-backups/server_backup_20250628_160032.tar.gz
+	deleted:    server-backups/server_backup_20250628_165902.tar.gz
+	deleted:    server-backups/server_backup_20250628_171741.tar.gz
+	deleted:    server-backups/server_backup_20250628_190433.tar.gz
+
+Untracked files:
+  (use "git add <file>..." to include in what will be committed)
+	.gitattributes
+	API_REFERENCE.md
+	JOURNAL.md
+	SSL/
+	backup_before_cleanup.sh
+	backups/
+	cloud-init.yaml
+	create_full_backup.sh
+	generate-secrets.py
+	lizenzserver/
+	migrations/
+	restore_full_backup.sh
+	scripts/
+	server-backups/server_backup_20250628_171705/
+	server-backups/server_backup_20250628_203904/
+	setup_backup_cron.sh
+	v2/
+	v2_adminpanel/
+	v2_lizenzserver/
+	v2_nginx/
+	v2_postgreSQL/
+	v2_postgres/
+	v2_testing/
+	verify-deployment.sh
+
+no changes added to commit (use "git add" and/or "git commit -a")