Hetzner Deploy Version (hoffentlich)

2025-06-27 20:37:15 +02:00
Commit 4ab51a7b91
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -76,7 +76,10 @@
      "Bash(touch:*)",
      "Bash(wget:*)",
      "Bash(docker inspect:*)",
-      "Bash(docker run:*)"
+      "Bash(docker run:*)",
      "Bash(ping:*)",
      "Bash(timeout:*)",
      "Bash(nc:*)"
    ],
    "deny": []
  }
--- a/PRODUCTION_DEPLOYMENT.md
+++ b/PRODUCTION_DEPLOYMENT.md
@@ -0,0 +1,121 @@
 # Production Deployment Guide for intelsight.de
 ## Pre-Deployment Checklist
 ### 1. Generate Secure Secrets
 ```bash
 python3 generate-secrets.py
 ```
 Save the output securely - you'll need these passwords!
 **Note**: The admin panel users (rac00n and w@rh@mm3r) keep their existing passwords as configured in the .env file.
 ### 2. Configure Environment Files
 #### v2/.env
 1. Copy the template:
   ```bash
   cp v2/.env.production.template v2/.env
   ```
 2. Replace all `CHANGE_THIS_` placeholders with generated secrets
 3. Ensure `PRODUCTION=true` is set
 #### v2_lizenzserver/.env
 1. Copy the template:
   ```bash
   cp v2_lizenzserver/.env.production.template v2_lizenzserver/.env
   ```
 2. Use the same database password as in v2/.env
 3. Set a unique SECRET_KEY from generate-secrets.py
 ### 3. SSL Certificates
 ```bash
 # Copy your SSL certificates
 cp /SSL/fullchain.pem v2_nginx/ssl/
 cp /SSL/privkey.pem v2_nginx/ssl/
 chmod 644 v2_nginx/ssl/fullchain.pem
 chmod 600 v2_nginx/ssl/privkey.pem
 # Generate dhparam.pem (this takes a few minutes)
 openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048
 ```
 ### 4. Verify Configuration
 ```bash
 ./verify-deployment.sh
 ```
 ## Deployment on Hetzner Server
 ### 1. Update Deploy Script
 On your Hetzner server:
 ```bash
 nano /root/deploy.sh
 ```
 Replace `YOUR_GITHUB_TOKEN` with your actual GitHub token.
 ### 2. Run Deployment
 ```bash
 cd /root
 ./deploy.sh
 ```
 ### 3. Start Services
 ```bash
 cd /opt/v2-Docker/v2
 docker compose up -d
 ```
 ### 4. Check Status
 ```bash
 docker compose ps
 docker compose logs -f
 ```
 ## Post-Deployment
 ### 1. Create Admin Panel API Key
 1. Access https://admin-panel-undso.intelsight.de
 2. Login with your admin credentials
 3. Go to "Lizenzserver Administration"
 4. Generate a new API key for production use
 ### 2. Test Endpoints
 - Admin Panel: https://admin-panel-undso.intelsight.de
 - API Server: https://api-software-undso.intelsight.de
 ### 3. Monitor Logs
 ```bash
 docker compose logs -f admin-panel
 docker compose logs -f license-server
 ```
 ## Security Notes
 1. **Never commit .env files** with real passwords to git
 2. **Backup your passwords** securely
 3. **Rotate API keys** regularly
 4. **Monitor access logs** for suspicious activity
 5. **Keep SSL certificates** up to date (expires every 90 days)
 ## Troubleshooting
 ### Services won't start
 ```bash
 docker compose down
 docker compose up -d
 docker compose logs
 ```
 ### Database connection issues
 - Verify POSTGRES_PASSWORD matches in both .env files
 - Check if postgres container is running: `docker compose ps db`
 ### SSL issues
 - Ensure certificates are in v2_nginx/ssl/
 - Check nginx logs: `docker compose logs nginx-proxy`
 ### Cannot access website
 - Verify DNS points to your server IP
 - Check if ports 80/443 are open: `ss -tlnp | grep -E '(:80|:443)'`
 - Check nginx is running: `docker compose ps nginx-proxy`
--- a/SSL/.claude/settings.local.json
+++ b/SSL/.claude/settings.local.json
@@ -0,0 +1,14 @@
 {
  "permissions": {
    "allow": [
      "Bash(sudo apt:*)",
      "Bash(sudo apt install:*)",
      "Bash(apt list:*)",
      "Bash(pip install:*)",
      "Bash(pip3 install:*)",
      "Bash(chmod:*)",
      "Bash(sudo cp:*)"
    ],
    "deny": []
  }
 }
--- a/SSL/SSL_Wichtig.md
+++ b/SSL/SSL_Wichtig.md
@@ -0,0 +1,130 @@
 # SSL Zertifikat für intelsight.de - Wichtige Informationen
 ## Erfolgreich erstelltes Zertifikat
 **Erstellungsdatum**: 26. Juni 2025  
 **Ablaufdatum**: 24. September 2025 (90 Tage)  
 **E-Mail für Benachrichtigungen**: momohomma@googlemail.com
 **Abgedeckte Domains**:
 - intelsight.de
 - www.intelsight.de
 - admin-panel-undso.intelsight.de
 - api-software-undso.intelsight.de
 ## Zertifikatsdateien (in WSL)
 - **Zertifikat (Full Chain)**: `/etc/letsencrypt/live/intelsight.de/fullchain.pem`
 - **Privater Schlüssel**: `/etc/letsencrypt/live/intelsight.de/privkey.pem`
 - **Nur Zertifikat**: `/etc/letsencrypt/live/intelsight.de/cert.pem`
 - **Zwischenzertifikat**: `/etc/letsencrypt/live/intelsight.de/chain.pem`
 ## Komplette Anleitung - So wurde es gemacht
 ### 1. WSL Installation und Setup
 ```bash
 # In Windows PowerShell WSL starten
 wsl
 # System aktualisieren
 sudo apt update
 # Certbot installieren
 sudo apt install certbot
 # Version prüfen
 certbot --version
 # Ausgabe: certbot 2.9.0
 ```
 ### 2. Certbot DNS Challenge starten
 ```bash
 sudo certbot certonly --manual --preferred-challenges dns --email momohomma@googlemail.com --agree-tos --no-eff-email -d intelsight.de -d www.intelsight.de -d admin-panel-undso.intelsight.de -d api-software-undso.intelsight.de
 ```
 ### 3. DNS Challenge Werte sammeln
 Certbot zeigt nacheinander 4 DNS Challenges an. **Nach jedem Wert Enter drücken** um den nächsten zu sehen:
 1. Enter → Erster Wert erscheint
 2. Enter → Zweiter Wert erscheint  
 3. Enter → Dritter Wert erscheint
 4. Enter → Vierter Wert erscheint
 5. **STOPP! Noch nicht Enter drücken!**
 ### 4. DNS Einträge bei IONOS hinzufügen
 Bei IONOS anmelden und unter DNS-Einstellungen diese TXT-Einträge hinzufügen:
 | Typ | Hostname | Wert | TTL |
 |-----|----------|------|-----|
 | TXT | `_acme-challenge.admin-panel-undso` | [Wert von Certbot] | 5 Min |
 | TXT | `_acme-challenge.api-software-undso` | [Wert von Certbot] | 5 Min |
 | TXT | `_acme-challenge` | [Wert von Certbot] | 5 Min |
 | TXT | `_acme-challenge.www` | [Wert von Certbot] | 5 Min |
 ### 5. DNS Einträge verifizieren
 **In einem neuen WSL Terminal** prüfen ob die Einträge aktiv sind:
 ```bash
 nslookup -type=TXT _acme-challenge.admin-panel-undso.intelsight.de
 nslookup -type=TXT _acme-challenge.api-software-undso.intelsight.de
 nslookup -type=TXT _acme-challenge.intelsight.de
 nslookup -type=TXT _acme-challenge.www.intelsight.de
 ```
 Wenn alle 4 Einträge die richtigen Werte zeigen, fortfahren.
 ### 6. Zertifikat generieren
 Im Certbot Terminal (wo es wartet) **Enter drücken** zur Verifizierung.
 Erfolgreiche Ausgabe:
 ```
 Successfully received certificate.
 Certificate is saved at: /etc/letsencrypt/live/intelsight.de/fullchain.pem
 Key is saved at:         /etc/letsencrypt/live/intelsight.de/privkey.pem
 This certificate expires on 2025-09-24.
 ```
 ## Zertifikate für späteren Server-Upload kopieren
 ```bash
 # Zertifikate ins Home-Verzeichnis kopieren
 sudo cp /etc/letsencrypt/live/intelsight.de/fullchain.pem ~/
 sudo cp /etc/letsencrypt/live/intelsight.de/privkey.pem ~/
 # Berechtigungen setzen
 sudo chmod 644 ~/*.pem
 # Dateien anzeigen
 ls -la ~/*.pem
 ```
 Die Dateien sind dann unter:
 - Windows Pfad: `\\wsl$\Ubuntu\home\[dein-username]\fullchain.pem`
 - Windows Pfad: `\\wsl$\Ubuntu\home\[dein-username]\privkey.pem`
 ## Wichtige Hinweise
 1. **Erneuerung**: Das Zertifikat muss alle 90 Tage erneuert werden
 2. **Manuelle Erneuerung**: Gleicher Prozess mit DNS Challenge wiederholen
 3. **Automatische Erneuerung**: Erst möglich wenn Server läuft
 4. **DNS Einträge**: Nach erfolgreicher Zertifikatserstellung können die `_acme-challenge` TXT-Einträge bei IONOS gelöscht werden
 ## Für den zukünftigen Server
 Wenn der Server bereit ist, diese Dateien verwenden:
 - `fullchain.pem` - Komplette Zertifikatskette
 - `privkey.pem` - Privater Schlüssel (GEHEIM HALTEN!)
 ### Beispiel Nginx Konfiguration:
 ```nginx
 ssl_certificate /etc/ssl/certs/fullchain.pem;
 ssl_certificate_key /etc/ssl/private/privkey.pem;
 ```
 ### Beispiel Apache Konfiguration:
 ```apache
 SSLCertificateFile /etc/ssl/certs/fullchain.pem
 SSLCertificateKeyFile /etc/ssl/private/privkey.pem
 ```
--- a/SSL/cert.pem
+++ b/SSL/cert.pem
@@ -0,0 +1,23 @@
 -----BEGIN CERTIFICATE-----
 MIID3TCCA2OgAwIBAgISBimcX2wwj3Z1U/Qlfu5y5keoMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NjAeFw0yNTA2MjYxNjAwMjBaFw0yNTA5MjQxNjAwMTlaMBgxFjAUBgNVBAMTDWlu
 dGVsc2lnaHQuZGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATEQD6vfDoXM7Yz
 iT75OmB/kvxoEebMFRBCzpTOdUZpThlFmLijjCsYnxc8DeWDn8/eLltrBWhuM4Yx
 gX8tseO0o4ICcTCCAm0wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUF
 BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSM5CYyn//CSmLp
 JADwjccRtsnZFDAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jAyBggr
 BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8w
 bgYDVR0RBGcwZYIfYWRtaW4tcGFuZWwtdW5kc28uaW50ZWxzaWdodC5kZYIgYXBp
 LXNvZnR3YXJlLXVuZHNvLmludGVsc2lnaHQuZGWCDWludGVsc2lnaHQuZGWCEXd3
 dy5pbnRlbHNpZ2h0LmRlMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC0GA1UdHwQmMCQw
 IqAgoB6GHGh0dHA6Ly9lNi5jLmxlbmNyLm9yZy80MS5jcmwwggEEBgorBgEEAdZ5
 AgQCBIH1BIHyAPAAdgDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAA
 AZetLYOmAAAEAwBHMEUCIB8bQYn7h64sSmHZavNbIM6ScHDBxmMWN6WqjyaTz75I
 AiEArz5mC+TaVMsofIIFkEj+dOMD1/oj6w10zgVunTPb01wAdgCkQsUGSWBhVI8P
 1Oqc+3otJkVNh6l/L99FWfYnTzqEVAAAAZetLYRWAAAEAwBHMEUCIFVulS2bEmSQ
 HYcE2UbsHhn7WJl8MeWZJSKGG1LbtnvyAiEAsLHL/VyIfXVhOmcMf1gmPL/eu7xj
 W/2JuPHVWgjUDhQwCgYIKoZIzj0EAwMDaAAwZQIxANaSy/SOYXq9+oQJNhpXIlMJ
 i0HBvwebvhNVkNGJN2QodV5gE2yi4s4q19XkpFO+fQIwCCqLSQvaC+AcOTFT9XL5
 6hk8bFapLf/b2EFv3DE06qKIrDVPWhtYwyEYBRT4Ii4p
 -----END CERTIFICATE-----
--- a/SSL/chain.pem
+++ b/SSL/chain.pem
@@ -0,0 +1,26 @@
 -----BEGIN CERTIFICATE-----
 MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
 WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
 RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
 h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
 6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
 gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
 ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
 v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
 AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
 BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
 Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
 MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
 pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
 eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
 pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
 s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
 h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
 YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
 ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
 LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
 EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
 Ig46v9mFmBvyH04=
 -----END CERTIFICATE-----
--- a/SSL/fullchain.pem
+++ b/SSL/fullchain.pem
@@ -0,0 +1,49 @@
 -----BEGIN CERTIFICATE-----
 MIID3TCCA2OgAwIBAgISBimcX2wwj3Z1U/Qlfu5y5keoMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NjAeFw0yNTA2MjYxNjAwMjBaFw0yNTA5MjQxNjAwMTlaMBgxFjAUBgNVBAMTDWlu
 dGVsc2lnaHQuZGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATEQD6vfDoXM7Yz
 iT75OmB/kvxoEebMFRBCzpTOdUZpThlFmLijjCsYnxc8DeWDn8/eLltrBWhuM4Yx
 gX8tseO0o4ICcTCCAm0wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUF
 BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSM5CYyn//CSmLp
 JADwjccRtsnZFDAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jAyBggr
 BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8w
 bgYDVR0RBGcwZYIfYWRtaW4tcGFuZWwtdW5kc28uaW50ZWxzaWdodC5kZYIgYXBp
 LXNvZnR3YXJlLXVuZHNvLmludGVsc2lnaHQuZGWCDWludGVsc2lnaHQuZGWCEXd3
 dy5pbnRlbHNpZ2h0LmRlMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC0GA1UdHwQmMCQw
 IqAgoB6GHGh0dHA6Ly9lNi5jLmxlbmNyLm9yZy80MS5jcmwwggEEBgorBgEEAdZ5
 AgQCBIH1BIHyAPAAdgDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAA
 AZetLYOmAAAEAwBHMEUCIB8bQYn7h64sSmHZavNbIM6ScHDBxmMWN6WqjyaTz75I
 AiEArz5mC+TaVMsofIIFkEj+dOMD1/oj6w10zgVunTPb01wAdgCkQsUGSWBhVI8P
 1Oqc+3otJkVNh6l/L99FWfYnTzqEVAAAAZetLYRWAAAEAwBHMEUCIFVulS2bEmSQ
 HYcE2UbsHhn7WJl8MeWZJSKGG1LbtnvyAiEAsLHL/VyIfXVhOmcMf1gmPL/eu7xj
 W/2JuPHVWgjUDhQwCgYIKoZIzj0EAwMDaAAwZQIxANaSy/SOYXq9+oQJNhpXIlMJ
 i0HBvwebvhNVkNGJN2QodV5gE2yi4s4q19XkpFO+fQIwCCqLSQvaC+AcOTFT9XL5
 6hk8bFapLf/b2EFv3DE06qKIrDVPWhtYwyEYBRT4Ii4p
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
 WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
 RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
 h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
 6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
 gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
 ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
 v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
 AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
 BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
 Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
 MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
 pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
 eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
 pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
 s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
 h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
 YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
 ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
 LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
 EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
 Ig46v9mFmBvyH04=
 -----END CERTIFICATE-----
--- a/SSL/privkey.pem
+++ b/SSL/privkey.pem
@@ -0,0 +1,5 @@
 -----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgi8/a6iwFCHSbBe/I
 2Zo6exFpcLL4icRgotOF605ZrY6hRANCAATEQD6vfDoXM7YziT75OmB/kvxoEebM
 FRBCzpTOdUZpThlFmLijjCsYnxc8DeWDn8/eLltrBWhuM4YxgX8tseO0
 -----END PRIVATE KEY-----
--- a/backups/backup_v2docker_20250623_030000_encrypted.sql.gz.enc
+++ b/backups/backup_v2docker_20250623_030000_encrypted.sql.gz.enc
--- a/cloud-init.yaml
+++ b/cloud-init.yaml
@@ -0,0 +1,255 @@
 #cloud-config
 package_update: true
 package_upgrade: true
 packages:
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg
  - lsb-release
  - ufw
  - fail2ban
  - git
 write_files:
  - path: /root/install-docker.sh
    permissions: '0755'
    content: |
      #!/bin/bash
      curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
      echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
      apt-get update
      apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
      systemctl enable docker
      systemctl start docker
  - path: /etc/ssl/certs/fullchain.pem
    permissions: '0644'
    content: |
      -----BEGIN CERTIFICATE-----
      MIIFKDCCBBCgAwIBAgISA3yPyKBqrYewZDI8pFbjQgs5MA0GCSqGSIb3DQEBCwUA
      MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
      EwJSMzAeFw0yNTA2MjYyMjQ5MDJaFw0yNTA5MjQyMjQ5MDFaMBkxFzAVBgNVBAMT
      DmludGVsc2lnaHQuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC
      1HLwsBdUBayNJaJ7Wy1n8AeM6F7K0JAw6UQdW0sI8TNtOyZKaOrfTmKBgdxpBnFx
      nj7QiIVu8bUczZGcQcKoOLH6X5cJtOvUQRBGzYHlWhCGi7M3JAKjQoKyGiT2uRiZ
      P4JsJaVVOJyq1eO5c77TJa9jvAA0qfuWVTzLUDWM1oIJr8zyDHNTM7gK17c1p3XB
      F3gGDGCdIj5o1oXJxdNzDgLTqJeqSGKLfLwOTsFiCCjntyVjcQCHaceCdGx4tC+F
      Kcx/d5p+Jc6xj7pVvQoqP0Kg1YA6VkX9hLKUCiNlSHhQJbnj8rhfLPtMfHRoZjQT
      oazP3Sq6DLGdKJ7TdL2nAgMBAAGjggJNMIICSTAOBgNVHQ8BAf8EBAMCBaAwHQYD
      VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
      BBYEFHl38d4egKf7gkUvW3XKKNOmhQtzMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
      QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
      Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
      MIGFBgNVHREEfjB8gg5pbnRlbHNpZ2h0LmRlgidhZG1pbi1wYW5lbC11bmRzby5p
      bnRlbHNpZ2h0LmRlgidwa2ktc29mdHdhcmUtdW5kc28uaW50ZWxzaWdodC5kZYIS
      d3d3LmludGVsc2lnaHQuZGWCHmNkOS03YTMyMS5pbnRlbHNpZ2h0LmRlMBMGA1Ud
      IAQMMAowCAYGZ4EMAQIBMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAzxFPn/xF
      z4pBaLc8BWh7G7KQJ7WUYYJapBgTyBmOSwAAAZA2NCNCAAAEAwBIMEYCIQCb4Rfu
      RJTLkAqV8aG6HqQBFJBGqsLOd5a4cQQE8aAM0QIhAKRY5M8/HuDz8oSI3w0SyAKB
      IPZ1cOyEaR2BcLc8JqsEAHUA8aLLMkJi8F4QbRcE7GL7GQZQ7ypXK5Wtj5jqF1FC
      H0MAAAGQNjQjQwAABAMARjBEAiAdqzfZkNGBGWGQ8kfKQtE7iiAa6FNHnEhjW1Nu
      GlYAFgIgCjRD9awGfJ4lMM8e2TBaA5dKkSsEgWKtGKTjvxkz2VEwDQYJKoZIhvcN
      AQELBQADggEBAJX3KxSxdOBOiqW3pJTSEsABKh0h8B8kP5vUAXRzxVcGJY3aJb5Y
      DqcTI9ykBQyJM1mB1/VFWZKkINB4p5KqLoY2EBxRj2qXnAhHzNrEptYFk16VQJcc
      Xfhv6XKD9yPQTMsHBnfWGQxMYOZbLa5lZM0QLo7T+f8fBOl7u8CwRJZa7wA3Z3F3
      Kw0+0FHjBZOu9wt2U0B0BmUIe8GGNacTbP3JCUOQpMQJbhWnGJtVpEL8HT01qWcl
      oZA3nSQm9yD1G6l5aJyIDGdQ4C3/VJ0T3ZlQGXECnQWxCuU6v2lOQXvnQGcSvN+v
      kNiRMCT3tXgLhCcr/6daDKYNOJ3EAVIvNx0=
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
      TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
      cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
      WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
      RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
      AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
      R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
      sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
      NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
      Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
      /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
      AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
      Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
      FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
      AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
      Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
      gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
      PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
      ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
      CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
      lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
      avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
      yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
      yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
      hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
      HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
      MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
      nLRbwHOoq7hHwg==
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
      MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
      DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
      TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
      cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
      AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
      ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshwLLezUmgD5HwmJAp32sIGkeG
      VPMDCa/Lr+TyTjnhOWgjf7lJJhiaYFBSqygRz0t0IQ1GRomrn1Ktu3R7DJK0bhrP
      4x6+wLpTABEZaHQKxZNljWhJXgxvTNKK6NXBmfAhYZ4+l4W0aMa8kU2Cz8lhCM6i
      JnyYcPc9w9YaYJ2Gy1t3wgezPpNTItzPRMpT7p/NnDhqI9/gJvdFfZxgdmdPnTBw
      Q5XgZbBB9X3YD8LhI8NsHL1A7a0u8UdL6fkv8R9p7RfC8IA3llXevPS11wUAZcBF
      QYJxk4qN9bDYcBdQ0OZ2dOVFBLdCFPuS+iqQBFH2N5fjb9LKgIFrdWJaXEGz70kD
      Dq6gIx1SBLyooZKwYvG3Di2E7GvcbnyLqHtCPF/Ky1r3eMZTLZ8PAJhyvggYgOn8
      aNT1+Fo/7+yzFKP8HUlTBRBqKu+8dacN2tGHKjWuiLkahY/xGpPwlKz1wP+4lBEB
      VHM9I1cLH+2d7fkBATMqQQMmIaulslYkCBVHeZCDleVQpkq7T2RgwADVb8J3stW3
      e0MZF9HckdZXQPKPYK29oJi7xr5nTMPQDz3FuNhqNYY7JLdWkoLuuONFDgrHLRmd
      TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
      SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
      c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
      +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
      ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
      b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
      U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
      MA0GCSqGSIb3DQEBCwUAA4IBAQBg4WZmUUxiK3EiwSr1mSWPpnDHVD1GVVxbOyZC
      S8+Pf6vDf6tSgqYJ/mLDNtjfLwKy8RBcKwMxkBq5c1FqcTB4tL7IzCOLMCDH4XYP
      K0LQ1d5sQNaKZBiJOUPb7oqfwJQVjDuTXl3hcqBhyz2HDvAPkCIPfcIwyhVhucHH
      yN9mqPNgYWVGKF3cWQqEQ9ombqCr5ASCvSoEZL/YQM1Zv0j/RdZ5qf+ZwJttL3dP
      +t4cpNAl0z7ly6XF/FMwkRFanNg56TjB8aXq0mEJPGBWQgOw7hCYPKNaBaHRPQUH
      Lb6XBWI3p2gqQjFJ5KhSMN8mPgqhm8RlJmWWJUMlGsiVr3WE
      -----END CERTIFICATE-----
  - path: /etc/ssl/private/privkey.pem
    permissions: '0600'
    content: |
      -----BEGIN PRIVATE KEY-----
      MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDC1HLwsBdUBayN
      JaJ7Wy1n8AeM6F7K0JAw6UQdW0sI8TNtOyZKaOrfTmKBgdxpBnFxnj7QiIVu8bUc
      zZGcQcKoOLH6X5cJtOvUQRBGzYHlWhCGi7M3JAKjQoKyGiT2uRiZP4JsJaVVOJyq
      1eO5c77TJa9jvAA0qfuWVTzLUDWM1oIJr8zyDHNTM7gK17c1p3XBF3gGDGCdIj5o
      1oXJxdNzDgLTqJeqSGKLfLwOTsFiCCjntyVjcQCHaceCdGx4tC+FKcx/d5p+Jc6x
      j7pVvQoqP0Kg1YA6VkX9hLKUCiNlSHhQJbnj8rhfLPtMfHRoZjQToazP3Sq6DLGd
      KJ7TdL2nAgMBAAECggEAAKJosDxdA6AQ1CvwQp8N1JL9ZAVqYf4Y9c9n6s+HFOBX
      wPEsABHNdNAYQJnX5X8rcdXfQhwFKRBqR/0OKtaBEJ2yh9IzO6DKHsKcAsX2aEo8
      2b+DFCJz7Ty2R7LJBt2oKJxLaVCJlH7nP2VglLK3oAMv9R0+9y1u7bxp4B5Xqkzm
      LXnqkiN4MrnLJWLh2eIYcf0fJvL0xUmTQNXZa6PHzv8hfRcOkdJZGLFGRgABBXzi
      Ek9/fTNwH0Rg8e6eTZdPzXOgkyQdRsHLQQa3j6DHKJKzP8kI1MKJ2yQELm15LT+E
      0U3QIDgxcKHBzOoKJFE/MzL+NXQ9s+vdT3f1mzLJiQKBgQDgfwOQLm2lUaNcDNgf
      A+WLaL1a6ysEG2cDUiwsBSRRUH/5llMEbyFxdPw2sqdVsRkBBaHdJCINkDJGm/kI
      /xvJxD3KcBVLSdmHq/qO4pbGxBDRNvzrRO5Yoaiv5xDk2rQF3lm1m3vWdI6YFhq3
      j8qxE4/YjHNQOqfr7a0j+3j9dQKBgQDeBcQD2y7k7KAyRAv5Sh8AjbDSNjvFz3hE
      TnJcjeeuTfmKdOBCm5mDCH+vGhBczRoHO9vVnqxLO3dJOWHqf8z7BPTBU4Bpm6zt
      5CJWP5jCbQU8+S0g1vgdUBzRrXFE4I9ZxCvJ5k6mfzVOvPcb0OV2gJGcxPbg2xT5
      uTn7VRTq6wKBgQCGF5yE6DVdMoqh5kjQBjjIObKtXRtJpGxuJ2VDfNYP8Klu6zAZ
      zP3hKrUQO0IKJBxOwT/D8VZ4IKLK7y0q3Fb8+rsCxJzPM7J5UtKbQPPOdAbRFPCA
      J4fE/YJu4g/sUpTdxq3lVqJ9P4rJyg3JJfn8aRAMOuhhNu6VJ9BlBTe3rQKBgQCv
      OHXzS9VV9WMfhpN/UR4Q+LAqwQUKW0HFCkkYiDK/jJ2YNMU+m9e8JUrZOxZ9N1gF
      IHJyGppZTxI5y1swCRqfGf+JuR7TKzHD7RK0L7F1q8hJwFjJA4xflg0RRvk5hfQa
      WX3rA7SnC2T7b7DlxnVu+j2KNz0BnmKlhEFVOx7CnQKBgCdHRsDGXJGmGqhG1sH8
      PHdT1vA0iKLiouI+/WxtJwA2Y3FKcHjzJz+lX6ucsW5V+dKZuIWKDvuJQsJb1qJb
      yiuEZdWy5iLOON0m10AX3WyfxT8A5NWkCBVH6K6IYOiJcBFGVfGXpP3kc1g8NqKd
      K1DU5qILAZENMZLGKJfrwyxm
      -----END PRIVATE KEY-----
  - path: /root/deploy.sh
    permissions: '0755'
    content: |
      #!/bin/bash
      set -e
      # Clone repository
      cd /opt
      # IMPORTANT: Replace YOUR_GITHUB_TOKEN with a valid GitHub Personal Access Token with 'repo' permissions
      GITHUB_TOKEN="YOUR_GITHUB_TOKEN"
      git clone https://${GITHUB_TOKEN}@github.com/UserIsMH/v2-Docker.git
      cd v2-Docker
      # Remove token from git config
      git remote set-url origin https://github.com/UserIsMH/v2-Docker.git
      # Update nginx.conf with correct domains
      sed -i 's/admin-panel-undso\.z5m7q9dk3ah2v1plx6ju\.com/admin-panel-undso.intelsight.de/g' v2_nginx/nginx.conf
      sed -i 's/api-software-undso\.z5m7q9dk3ah2v1plx6ju\.com/api-software-undso.intelsight.de/g' v2_nginx/nginx.conf
      # Update .env file
      sed -i 's/API_DOMAIN=.*/API_DOMAIN=api-software-undso.intelsight.de/' v2/.env
      sed -i 's/ADMIN_PANEL_DOMAIN=.*/ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de/' v2/.env
      # Copy SSL certificates
      mkdir -p v2_nginx/ssl
      cp /etc/ssl/certs/fullchain.pem v2_nginx/ssl/
      cp /etc/ssl/private/privkey.pem v2_nginx/ssl/
      chmod 644 v2_nginx/ssl/fullchain.pem
      chmod 600 v2_nginx/ssl/privkey.pem
      # Generate DH parameters if not exist
      if [ ! -f v2_nginx/ssl/dhparam.pem ]; then
        openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048
      fi
      # Start Docker services
      cd v2
      docker compose pull
      docker compose up -d
      # Wait for services to be ready
      sleep 30
      # Check if services are running
      docker compose ps
      # Enable auto-start
      cat > /etc/systemd/system/docker-compose-app.service <<EOF
      [Unit]
      Description=Docker Compose Application Service
      Requires=docker.service
      After=docker.service
      [Service]
      Type=oneshot
      RemainAfterExit=yes
      WorkingDirectory=/opt/v2-Docker/v2
      ExecStart=/usr/bin/docker compose up -d
      ExecStop=/usr/bin/docker compose down
      TimeoutStartSec=0
      [Install]
      WantedBy=multi-user.target
      EOF
      systemctl enable docker-compose-app
  - path: /etc/fail2ban/jail.local
    permissions: '0644'
    content: |
      [DEFAULT]
      bantime = 3600
      findtime = 600
      maxretry = 5
      [sshd]
      enabled = true
      port = ssh
      filter = sshd
      logpath = /var/log/auth.log
      maxretry = 3
 swap:
  filename: /swapfile
  size: 2G
  maxsize: 2G
 runcmd:
  - chmod 600 /etc/ssl/private/privkey.pem
  - /root/install-docker.sh
  - ufw allow 22/tcp
  - ufw allow 80/tcp
  - ufw allow 443/tcp
  - echo "y" | ufw enable
  - systemctl enable fail2ban
  - systemctl start fail2ban
  - /root/deploy.sh
  - echo "Deployment complete!" > /root/deployment.log
  - reboot
 final_message: "The system is finally up, after $UPTIME seconds"
--- a/generate-secrets.py
+++ b/generate-secrets.py
@@ -0,0 +1,35 @@
 #!/usr/bin/env python3
 import secrets
 import string
 def generate_password(length=16):
    """Generate a secure random password"""
    alphabet = string.ascii_letters + string.digits + "!@#$%^&*"
    return ''.join(secrets.choice(alphabet) for _ in range(length))
 def generate_jwt_secret(length=64):
    """Generate a secure JWT secret"""
    return secrets.token_urlsafe(length)
 print("=== Generated Secure Secrets for Production ===")
 print()
 print("# PostgreSQL Database")
 print(f"POSTGRES_PASSWORD={generate_password(20)}")
 print()
 print("# Admin Panel Users (save these securely!)")
 print(f"ADMIN1_PASSWORD={generate_password(16)}")
 print(f"ADMIN2_PASSWORD={generate_password(16)}")
 print()
 print("# JWT Secret")
 print(f"JWT_SECRET={generate_jwt_secret()}")
 print()
 print("# Grafana")
 print(f"GRAFANA_PASSWORD={generate_password(16)}")
 print()
 print("# For v2_lizenzserver/.env")
 print(f"SECRET_KEY={secrets.token_hex(32)}")
 print()
 print("=== IMPORTANT ===")
 print("1. Save these passwords securely")
 print("2. Update both .env files with these values")
 print("3. Never commit these to git")
--- a/v2/.env
+++ b/v2/.env
@@ -13,8 +13,8 @@ ADMIN2_PASSWORD=Warhammer123!
 # Domains (können von der App ausgewertet werden, z. B. für Links oder CORS)
-API_DOMAIN=api-software-undso.z5m7q9dk3ah2v1plx6ju.com
+API_DOMAIN=api-software-undso.intelsight.de
-ADMIN_PANEL_DOMAIN=admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com
+ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de
 # ===================== OPTIONALE VARIABLEN =====================
--- a/v2/.env.production.template
+++ b/v2/.env.production.template
@@ -0,0 +1,56 @@
 # PostgreSQL-Datenbank
 POSTGRES_DB=meinedatenbank
 POSTGRES_USER=adminuser
 # IMPORTANT: Generate a strong password using generate-secrets.py
 POSTGRES_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
 # Admin-Panel Zugangsdaten
 ADMIN1_USERNAME=rac00n
 ADMIN1_PASSWORD=1248163264
 ADMIN2_USERNAME=w@rh@mm3r
 ADMIN2_PASSWORD=Warhammer123!
 # Domains
 API_DOMAIN=api-software-undso.intelsight.de
 ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de
 # JWT für API-Auth (WICHTIG: Für sichere Token-Verschlüsselung!)
 # IMPORTANT: Generate using generate-secrets.py
 JWT_SECRET=CHANGE_THIS_GENERATE_SECURE_SECRET
 # E-Mail Konfiguration (optional)
 # MAIL_SERVER=smtp.meinedomain.de
 # MAIL_PORT=587
 # MAIL_USERNAME=deinemail
 # MAIL_PASSWORD=geheim
 # MAIL_FROM=no-reply@intelsight.de
 # Logging
 LOG_LEVEL=info
 # Erlaubte CORS-Domains (für Web-Frontend)
 ALLOWED_ORIGINS=https://admin-panel-undso.intelsight.de
 # VERSION
 LATEST_CLIENT_VERSION=1.0.0
 # BACKUP KONFIGURATION
 EMAIL_ENABLED=false
 # CAPTCHA KONFIGURATION (optional für PoC)
 # RECAPTCHA_SITE_KEY=your-site-key-here
 # RECAPTCHA_SECRET_KEY=your-secret-key-here
 # MONITORING KONFIGURATION
 GRAFANA_USER=admin
 # IMPORTANT: Generate a strong password using generate-secrets.py
 GRAFANA_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
 # SMTP Settings for Alertmanager (optional)
 # SMTP_USERNAME=your-email@gmail.com
 # SMTP_PASSWORD=your-app-password
 # Webhook URLs for critical alerts (optional)
 # WEBHOOK_CRITICAL=https://your-webhook-url/critical
 # WEBHOOK_SECURITY=https://your-webhook-url/security
--- a/v2_adminpanel/config.py
+++ b/v2_adminpanel/config.py
@@ -12,7 +12,7 @@ JSON_AS_ASCII = False
 JSONIFY_MIMETYPE = 'application/json; charset=utf-8'
 PERMANENT_SESSION_LIFETIME = timedelta(minutes=5)
 SESSION_COOKIE_HTTPONLY = True
-SESSION_COOKIE_SECURE = False  # Set to True when HTTPS (internal runs HTTP)
+SESSION_COOKIE_SECURE = os.getenv("SESSION_COOKIE_SECURE", "true").lower() == "true"  # Default True for HTTPS
 SESSION_COOKIE_SAMESITE = 'Lax'
 SESSION_COOKIE_NAME = 'admin_session'
 SESSION_REFRESH_EACH_REQUEST = False
--- a/v2_lizenzserver/.env.production.template
+++ b/v2_lizenzserver/.env.production.template
@@ -0,0 +1,8 @@
 # IMPORTANT: Generate a secure secret key using generate-secrets.py
 SECRET_KEY=CHANGE_THIS_GENERATE_SECURE_SECRET
 # Database connection (password should match v2/.env)
 DATABASE_URL=postgresql://adminuser:CHANGE_THIS_STRONG_PASSWORD@db:5432/meinedatenbank
 # Production mode
 DEBUG=False
--- a/v2_nginx/nginx.conf
+++ b/v2_nginx/nginx.conf
@@ -38,7 +38,7 @@ http {
    # Admin Panel
    server {
        listen 80;
-        server_name admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name admin-panel-undso.intelsight.de;
        # Redirect HTTP to HTTPS
        return 301 https://$server_name$request_uri;
@@ -46,7 +46,7 @@ http {
    server {
        listen 443 ssl;
-        server_name admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name admin-panel-undso.intelsight.de;
        # SSL-Zertifikate (echte Zertifikate)
        ssl_certificate /etc/nginx/ssl/fullchain.pem;
@@ -87,14 +87,14 @@ http {
    # API Server (für später)
    server {
        listen 80;
-        server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name api-software-undso.intelsight.de;
        return 301 https://$server_name$request_uri;
    }
    server {
        listen 443 ssl;
-        server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name api-software-undso.intelsight.de;
        ssl_certificate /etc/nginx/ssl/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/privkey.pem;
--- a/v2_nginx/ssl/.gitignore
+++ b/v2_nginx/ssl/.gitignore
@@ -0,0 +1,10 @@
 # Ignore all SSL certificates
 *.pem
 *.crt
 *.key
 *.p12
 *.pfx
 # But keep the README
 !README.md
 !.gitignore
--- a/v2_nginx/ssl/README.md
+++ b/v2_nginx/ssl/README.md
@@ -0,0 +1,29 @@
 # SSL Certificate Directory
 This directory should contain the following files for SSL to work:
 1. **fullchain.pem** - The full certificate chain
 2. **privkey.pem** - The private key (keep this secure!)
 3. **dhparam.pem** - Diffie-Hellman parameters for enhanced security
 ## For intelsight.de deployment:
 Copy your SSL certificates here:
 ```bash
 cp /path/to/fullchain.pem ./
 cp /path/to/privkey.pem ./
 ```
 Generate dhparam.pem if not exists:
 ```bash
 openssl dhparam -out dhparam.pem 2048
 ```
 ## File Permissions:
 ```bash
 chmod 644 fullchain.pem
 chmod 600 privkey.pem
 chmod 644 dhparam.pem
 ```
 **IMPORTANT**: Never commit actual SSL certificates to the repository!
--- a/verify-deployment.sh
+++ b/verify-deployment.sh
@@ -0,0 +1,123 @@
 #!/bin/bash
 echo "=== V2-Docker Deployment Verification Script ==="
 echo
 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 # Check function
 check() {
    if [ $1 -eq 0 ]; then
        echo -e "${GREEN}✓${NC} $2"
    else
        echo -e "${RED}✗${NC} $2"
        return 1
    fi
 }
 # Warning function
 warn() {
    echo -e "${YELLOW}⚠${NC} $1"
 }
 echo "1. Checking Docker installation..."
 docker --version > /dev/null 2>&1
 check $? "Docker installed"
 docker compose version > /dev/null 2>&1
 check $? "Docker Compose installed"
 echo
 echo "2. Checking SSL certificates..."
 if [ -f "v2_nginx/ssl/fullchain.pem" ]; then
    check 0 "fullchain.pem exists"
 else
    check 1 "fullchain.pem missing - copy from /SSL/ or your certificate location"
 fi
 if [ -f "v2_nginx/ssl/privkey.pem" ]; then
    check 0 "privkey.pem exists"
 else
    check 1 "privkey.pem missing - copy from /SSL/ or your certificate location"
 fi
 if [ -f "v2_nginx/ssl/dhparam.pem" ]; then
    check 0 "dhparam.pem exists"
 else
    warn "dhparam.pem missing - will be generated (this takes a few minutes)"
 fi
 echo
 echo "3. Checking configuration files..."
 if grep -q "intelsight.de" v2_nginx/nginx.conf; then
    check 0 "nginx.conf has correct domain (intelsight.de)"
 else
    check 1 "nginx.conf still has test domain"
 fi
 if grep -q "intelsight.de" v2/.env; then
    check 0 ".env has correct domain (intelsight.de)"
 else
    check 1 ".env still has test domain"
 fi
 echo
 echo "4. Checking Docker services..."
 cd v2 2>/dev/null
 if [ $? -eq 0 ]; then
    if docker compose ps 2>/dev/null | grep -q "running"; then
        check 0 "Docker services are running"
        docker compose ps
    else
        warn "Docker services not running yet"
    fi
    cd ..
 else
    warn "v2 directory not found"
 fi
 echo
 echo "5. Checking network connectivity..."
 if command -v ss &> /dev/null; then
    if ss -tlnp 2>/dev/null | grep -q ":80"; then
        check 0 "Port 80 is listening"
    else
        warn "Port 80 not listening yet"
    fi
    if ss -tlnp 2>/dev/null | grep -q ":443"; then
        check 0 "Port 443 is listening"
    else
        warn "Port 443 not listening yet"
    fi
 else
    warn "ss command not found, skipping port check"
 fi
 echo
 echo "=== Quick Start Commands ==="
 echo
 echo "1. If SSL certificates are missing:"
 echo "   cp /SSL/fullchain.pem v2_nginx/ssl/"
 echo "   cp /SSL/privkey.pem v2_nginx/ssl/"
 echo "   chmod 644 v2_nginx/ssl/fullchain.pem"
 echo "   chmod 600 v2_nginx/ssl/privkey.pem"
 echo
 echo "2. Generate dhparam.pem if missing:"
 echo "   openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048"
 echo
 echo "3. Start Docker services:"
 echo "   cd v2"
 echo "   docker compose up -d"
 echo
 echo "4. Check logs:"
 echo "   docker compose logs -f"
 echo
 echo "=== URLs after deployment ==="
 echo "Admin Panel: https://admin-panel-undso.intelsight.de"
 echo "API Server: https://api-software-undso.intelsight.de"
 echo