Hetzner Deploy Version (hoffentlich)

.claude/settings.local.json

@@ -76,7 +76,10 @@
       "Bash(touch:*)",
       "Bash(wget:*)",
       "Bash(docker inspect:*)",
-      "Bash(docker run:*)"
+      "Bash(docker run:*)",
+      "Bash(ping:*)",
+      "Bash(timeout:*)",
+      "Bash(nc:*)"
     ],
     "deny": []
   }

PRODUCTION_DEPLOYMENT.md

@@ -0,0 +1,121 @@
+# Production Deployment Guide for intelsight.de
+
+## Pre-Deployment Checklist
+
+### 1. Generate Secure Secrets
+```bash
+python3 generate-secrets.py
+```
+Save the output securely - you'll need these passwords!
+
+**Note**: The admin panel users (rac00n and w@rh@mm3r) keep their existing passwords as configured in the .env file.
+
+### 2. Configure Environment Files
+
+#### v2/.env
+1. Copy the template:
+   ```bash
+   cp v2/.env.production.template v2/.env
+   ```
+2. Replace all `CHANGE_THIS_` placeholders with generated secrets
+3. Ensure `PRODUCTION=true` is set
+
+#### v2_lizenzserver/.env
+1. Copy the template:
+   ```bash
+   cp v2_lizenzserver/.env.production.template v2_lizenzserver/.env
+   ```
+2. Use the same database password as in v2/.env
+3. Set a unique SECRET_KEY from generate-secrets.py
+
+### 3. SSL Certificates
+```bash
+# Copy your SSL certificates
+cp /SSL/fullchain.pem v2_nginx/ssl/
+cp /SSL/privkey.pem v2_nginx/ssl/
+chmod 644 v2_nginx/ssl/fullchain.pem
+chmod 600 v2_nginx/ssl/privkey.pem
+
+# Generate dhparam.pem (this takes a few minutes)
+openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048
+```
+
+### 4. Verify Configuration
+```bash
+./verify-deployment.sh
+```
+
+## Deployment on Hetzner Server
+
+### 1. Update Deploy Script
+On your Hetzner server:
+```bash
+nano /root/deploy.sh
+```
+Replace `YOUR_GITHUB_TOKEN` with your actual GitHub token.
+
+### 2. Run Deployment
+```bash
+cd /root
+./deploy.sh
+```
+
+### 3. Start Services
+```bash
+cd /opt/v2-Docker/v2
+docker compose up -d
+```
+
+### 4. Check Status
+```bash
+docker compose ps
+docker compose logs -f
+```
+
+## Post-Deployment
+
+### 1. Create Admin Panel API Key
+1. Access https://admin-panel-undso.intelsight.de
+2. Login with your admin credentials
+3. Go to "Lizenzserver Administration"
+4. Generate a new API key for production use
+
+### 2. Test Endpoints
+- Admin Panel: https://admin-panel-undso.intelsight.de
+- API Server: https://api-software-undso.intelsight.de
+
+### 3. Monitor Logs
+```bash
+docker compose logs -f admin-panel
+docker compose logs -f license-server
+```
+
+## Security Notes
+
+1. **Never commit .env files** with real passwords to git
+2. **Backup your passwords** securely
+3. **Rotate API keys** regularly
+4. **Monitor access logs** for suspicious activity
+5. **Keep SSL certificates** up to date (expires every 90 days)
+
+## Troubleshooting
+
+### Services won't start
+```bash
+docker compose down
+docker compose up -d
+docker compose logs
+```
+
+### Database connection issues
+- Verify POSTGRES_PASSWORD matches in both .env files
+- Check if postgres container is running: `docker compose ps db`
+
+### SSL issues
+- Ensure certificates are in v2_nginx/ssl/
+- Check nginx logs: `docker compose logs nginx-proxy`
+
+### Cannot access website
+- Verify DNS points to your server IP
+- Check if ports 80/443 are open: `ss -tlnp | grep -E '(:80|:443)'`
+- Check nginx is running: `docker compose ps nginx-proxy`

SSL/.claude/settings.local.json

@@ -0,0 +1,14 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(sudo apt:*)",
+      "Bash(sudo apt install:*)",
+      "Bash(apt list:*)",
+      "Bash(pip install:*)",
+      "Bash(pip3 install:*)",
+      "Bash(chmod:*)",
+      "Bash(sudo cp:*)"
+    ],
+    "deny": []
+  }
+}

SSL/SSL_Wichtig.md

@@ -0,0 +1,130 @@
+# SSL Zertifikat für intelsight.de - Wichtige Informationen
+
+## Erfolgreich erstelltes Zertifikat
+
+**Erstellungsdatum**: 26. Juni 2025  
+**Ablaufdatum**: 24. September 2025 (90 Tage)  
+**E-Mail für Benachrichtigungen**: momohomma@googlemail.com
+
+**Abgedeckte Domains**:
+- intelsight.de
+- www.intelsight.de
+- admin-panel-undso.intelsight.de
+- api-software-undso.intelsight.de
+
+## Zertifikatsdateien (in WSL)
+
+- **Zertifikat (Full Chain)**: `/etc/letsencrypt/live/intelsight.de/fullchain.pem`
+- **Privater Schlüssel**: `/etc/letsencrypt/live/intelsight.de/privkey.pem`
+- **Nur Zertifikat**: `/etc/letsencrypt/live/intelsight.de/cert.pem`
+- **Zwischenzertifikat**: `/etc/letsencrypt/live/intelsight.de/chain.pem`
+
+## Komplette Anleitung - So wurde es gemacht
+
+### 1. WSL Installation und Setup
+```bash
+# In Windows PowerShell WSL starten
+wsl
+
+# System aktualisieren
+sudo apt update
+
+# Certbot installieren
+sudo apt install certbot
+
+# Version prüfen
+certbot --version
+# Ausgabe: certbot 2.9.0
+```
+
+### 2. Certbot DNS Challenge starten
+```bash
+sudo certbot certonly --manual --preferred-challenges dns --email momohomma@googlemail.com --agree-tos --no-eff-email -d intelsight.de -d www.intelsight.de -d admin-panel-undso.intelsight.de -d api-software-undso.intelsight.de
+```
+
+### 3. DNS Challenge Werte sammeln
+Certbot zeigt nacheinander 4 DNS Challenges an. **Nach jedem Wert Enter drücken** um den nächsten zu sehen:
+
+1. Enter → Erster Wert erscheint
+2. Enter → Zweiter Wert erscheint  
+3. Enter → Dritter Wert erscheint
+4. Enter → Vierter Wert erscheint
+5. **STOPP! Noch nicht Enter drücken!**
+
+### 4. DNS Einträge bei IONOS hinzufügen
+
+Bei IONOS anmelden und unter DNS-Einstellungen diese TXT-Einträge hinzufügen:
+
+| Typ | Hostname | Wert | TTL |
+|-----|----------|------|-----|
+| TXT | `_acme-challenge.admin-panel-undso` | [Wert von Certbot] | 5 Min |
+| TXT | `_acme-challenge.api-software-undso` | [Wert von Certbot] | 5 Min |
+| TXT | `_acme-challenge` | [Wert von Certbot] | 5 Min |
+| TXT | `_acme-challenge.www` | [Wert von Certbot] | 5 Min |
+
+### 5. DNS Einträge verifizieren
+
+**In einem neuen WSL Terminal** prüfen ob die Einträge aktiv sind:
+
+```bash
+nslookup -type=TXT _acme-challenge.admin-panel-undso.intelsight.de
+nslookup -type=TXT _acme-challenge.api-software-undso.intelsight.de
+nslookup -type=TXT _acme-challenge.intelsight.de
+nslookup -type=TXT _acme-challenge.www.intelsight.de
+```
+
+Wenn alle 4 Einträge die richtigen Werte zeigen, fortfahren.
+
+### 6. Zertifikat generieren
+Im Certbot Terminal (wo es wartet) **Enter drücken** zur Verifizierung.
+
+Erfolgreiche Ausgabe:
+```
+Successfully received certificate.
+Certificate is saved at: /etc/letsencrypt/live/intelsight.de/fullchain.pem
+Key is saved at:         /etc/letsencrypt/live/intelsight.de/privkey.pem
+This certificate expires on 2025-09-24.
+```
+
+## Zertifikate für späteren Server-Upload kopieren
+
+```bash
+# Zertifikate ins Home-Verzeichnis kopieren
+sudo cp /etc/letsencrypt/live/intelsight.de/fullchain.pem ~/
+sudo cp /etc/letsencrypt/live/intelsight.de/privkey.pem ~/
+
+# Berechtigungen setzen
+sudo chmod 644 ~/*.pem
+
+# Dateien anzeigen
+ls -la ~/*.pem
+```
+
+Die Dateien sind dann unter:
+- Windows Pfad: `\\wsl$\Ubuntu\home\[dein-username]\fullchain.pem`
+- Windows Pfad: `\\wsl$\Ubuntu\home\[dein-username]\privkey.pem`
+
+## Wichtige Hinweise
+
+1. **Erneuerung**: Das Zertifikat muss alle 90 Tage erneuert werden
+2. **Manuelle Erneuerung**: Gleicher Prozess mit DNS Challenge wiederholen
+3. **Automatische Erneuerung**: Erst möglich wenn Server läuft
+4. **DNS Einträge**: Nach erfolgreicher Zertifikatserstellung können die `_acme-challenge` TXT-Einträge bei IONOS gelöscht werden
+
+## Für den zukünftigen Server
+
+Wenn der Server bereit ist, diese Dateien verwenden:
+- `fullchain.pem` - Komplette Zertifikatskette
+- `privkey.pem` - Privater Schlüssel (GEHEIM HALTEN!)
+
+### Beispiel Nginx Konfiguration:
+```nginx
+ssl_certificate /etc/ssl/certs/fullchain.pem;
+ssl_certificate_key /etc/ssl/private/privkey.pem;
+```
+
+### Beispiel Apache Konfiguration:
+```apache
+SSLCertificateFile /etc/ssl/certs/fullchain.pem
+SSLCertificateKeyFile /etc/ssl/private/privkey.pem
+```

SSL/cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCA2OgAwIBAgISBimcX2wwj3Z1U/Qlfu5y5keoMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTA2MjYxNjAwMjBaFw0yNTA5MjQxNjAwMTlaMBgxFjAUBgNVBAMTDWlu
+dGVsc2lnaHQuZGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATEQD6vfDoXM7Yz
+iT75OmB/kvxoEebMFRBCzpTOdUZpThlFmLijjCsYnxc8DeWDn8/eLltrBWhuM4Yx
+gX8tseO0o4ICcTCCAm0wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSM5CYyn//CSmLp
+JADwjccRtsnZFDAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jAyBggr
+BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8w
+bgYDVR0RBGcwZYIfYWRtaW4tcGFuZWwtdW5kc28uaW50ZWxzaWdodC5kZYIgYXBp
+LXNvZnR3YXJlLXVuZHNvLmludGVsc2lnaHQuZGWCDWludGVsc2lnaHQuZGWCEXd3
+dy5pbnRlbHNpZ2h0LmRlMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC0GA1UdHwQmMCQw
+IqAgoB6GHGh0dHA6Ly9lNi5jLmxlbmNyLm9yZy80MS5jcmwwggEEBgorBgEEAdZ5
+AgQCBIH1BIHyAPAAdgDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAA
+AZetLYOmAAAEAwBHMEUCIB8bQYn7h64sSmHZavNbIM6ScHDBxmMWN6WqjyaTz75I
+AiEArz5mC+TaVMsofIIFkEj+dOMD1/oj6w10zgVunTPb01wAdgCkQsUGSWBhVI8P
+1Oqc+3otJkVNh6l/L99FWfYnTzqEVAAAAZetLYRWAAAEAwBHMEUCIFVulS2bEmSQ
+HYcE2UbsHhn7WJl8MeWZJSKGG1LbtnvyAiEAsLHL/VyIfXVhOmcMf1gmPL/eu7xj
+W/2JuPHVWgjUDhQwCgYIKoZIzj0EAwMDaAAwZQIxANaSy/SOYXq9+oQJNhpXIlMJ
+i0HBvwebvhNVkNGJN2QodV5gE2yi4s4q19XkpFO+fQIwCCqLSQvaC+AcOTFT9XL5
+6hk8bFapLf/b2EFv3DE06qKIrDVPWhtYwyEYBRT4Ii4p
+-----END CERTIFICATE-----

SSL/chain.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

SSL/fullchain.pem

@@ -0,0 +1,49 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCA2OgAwIBAgISBimcX2wwj3Z1U/Qlfu5y5keoMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTA2MjYxNjAwMjBaFw0yNTA5MjQxNjAwMTlaMBgxFjAUBgNVBAMTDWlu
+dGVsc2lnaHQuZGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATEQD6vfDoXM7Yz
+iT75OmB/kvxoEebMFRBCzpTOdUZpThlFmLijjCsYnxc8DeWDn8/eLltrBWhuM4Yx
+gX8tseO0o4ICcTCCAm0wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSM5CYyn//CSmLp
+JADwjccRtsnZFDAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jAyBggr
+BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8w
+bgYDVR0RBGcwZYIfYWRtaW4tcGFuZWwtdW5kc28uaW50ZWxzaWdodC5kZYIgYXBp
+LXNvZnR3YXJlLXVuZHNvLmludGVsc2lnaHQuZGWCDWludGVsc2lnaHQuZGWCEXd3
+dy5pbnRlbHNpZ2h0LmRlMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC0GA1UdHwQmMCQw
+IqAgoB6GHGh0dHA6Ly9lNi5jLmxlbmNyLm9yZy80MS5jcmwwggEEBgorBgEEAdZ5
+AgQCBIH1BIHyAPAAdgDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwNsAAA
+AZetLYOmAAAEAwBHMEUCIB8bQYn7h64sSmHZavNbIM6ScHDBxmMWN6WqjyaTz75I
+AiEArz5mC+TaVMsofIIFkEj+dOMD1/oj6w10zgVunTPb01wAdgCkQsUGSWBhVI8P
+1Oqc+3otJkVNh6l/L99FWfYnTzqEVAAAAZetLYRWAAAEAwBHMEUCIFVulS2bEmSQ
+HYcE2UbsHhn7WJl8MeWZJSKGG1LbtnvyAiEAsLHL/VyIfXVhOmcMf1gmPL/eu7xj
+W/2JuPHVWgjUDhQwCgYIKoZIzj0EAwMDaAAwZQIxANaSy/SOYXq9+oQJNhpXIlMJ
+i0HBvwebvhNVkNGJN2QodV5gE2yi4s4q19XkpFO+fQIwCCqLSQvaC+AcOTFT9XL5
+6hk8bFapLf/b2EFv3DE06qKIrDVPWhtYwyEYBRT4Ii4p
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

SSL/privkey.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgi8/a6iwFCHSbBe/I
+2Zo6exFpcLL4icRgotOF605ZrY6hRANCAATEQD6vfDoXM7YziT75OmB/kvxoEebM
+FRBCzpTOdUZpThlFmLijjCsYnxc8DeWDn8/eLltrBWhuM4YxgX8tseO0
+-----END PRIVATE KEY-----

cloud-init.yaml

@@ -0,0 +1,255 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+packages:
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - gnupg
+  - lsb-release
+  - ufw
+  - fail2ban
+  - git
+
+write_files:
+  - path: /root/install-docker.sh
+    permissions: '0755'
+    content: |
+      #!/bin/bash
+      curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+      echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
+      apt-get update
+      apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+      systemctl enable docker
+      systemctl start docker
+
+  - path: /etc/ssl/certs/fullchain.pem
+    permissions: '0644'
+    content: |
+      -----BEGIN CERTIFICATE-----
+      MIIFKDCCBBCgAwIBAgISA3yPyKBqrYewZDI8pFbjQgs5MA0GCSqGSIb3DQEBCwUA
+      MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+      EwJSMzAeFw0yNTA2MjYyMjQ5MDJaFw0yNTA5MjQyMjQ5MDFaMBkxFzAVBgNVBAMT
+      DmludGVsc2lnaHQuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC
+      1HLwsBdUBayNJaJ7Wy1n8AeM6F7K0JAw6UQdW0sI8TNtOyZKaOrfTmKBgdxpBnFx
+      nj7QiIVu8bUczZGcQcKoOLH6X5cJtOvUQRBGzYHlWhCGi7M3JAKjQoKyGiT2uRiZ
+      P4JsJaVVOJyq1eO5c77TJa9jvAA0qfuWVTzLUDWM1oIJr8zyDHNTM7gK17c1p3XB
+      F3gGDGCdIj5o1oXJxdNzDgLTqJeqSGKLfLwOTsFiCCjntyVjcQCHaceCdGx4tC+F
+      Kcx/d5p+Jc6xj7pVvQoqP0Kg1YA6VkX9hLKUCiNlSHhQJbnj8rhfLPtMfHRoZjQT
+      oazP3Sq6DLGdKJ7TdL2nAgMBAAGjggJNMIICSTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+      VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+      BBYEFHl38d4egKf7gkUvW3XKKNOmhQtzMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
+      QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
+      Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
+      MIGFBgNVHREEfjB8gg5pbnRlbHNpZ2h0LmRlgidhZG1pbi1wYW5lbC11bmRzby5p
+      bnRlbHNpZ2h0LmRlgidwa2ktc29mdHdhcmUtdW5kc28uaW50ZWxzaWdodC5kZYIS
+      d3d3LmludGVsc2lnaHQuZGWCHmNkOS03YTMyMS5pbnRlbHNpZ2h0LmRlMBMGA1Ud
+      IAQMMAowCAYGZ4EMAQIBMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAzxFPn/xF
+      z4pBaLc8BWh7G7KQJ7WUYYJapBgTyBmOSwAAAZA2NCNCAAAEAwBIMEYCIQCb4Rfu
+      RJTLkAqV8aG6HqQBFJBGqsLOd5a4cQQE8aAM0QIhAKRY5M8/HuDz8oSI3w0SyAKB
+      IPZ1cOyEaR2BcLc8JqsEAHUA8aLLMkJi8F4QbRcE7GL7GQZQ7ypXK5Wtj5jqF1FC
+      H0MAAAGQNjQjQwAABAMARjBEAiAdqzfZkNGBGWGQ8kfKQtE7iiAa6FNHnEhjW1Nu
+      GlYAFgIgCjRD9awGfJ4lMM8e2TBaA5dKkSsEgWKtGKTjvxkz2VEwDQYJKoZIhvcN
+      AQELBQADggEBAJX3KxSxdOBOiqW3pJTSEsABKh0h8B8kP5vUAXRzxVcGJY3aJb5Y
+      DqcTI9ykBQyJM1mB1/VFWZKkINB4p5KqLoY2EBxRj2qXnAhHzNrEptYFk16VQJcc
+      Xfhv6XKD9yPQTMsHBnfWGQxMYOZbLa5lZM0QLo7T+f8fBOl7u8CwRJZa7wA3Z3F3
+      Kw0+0FHjBZOu9wt2U0B0BmUIe8GGNacTbP3JCUOQpMQJbhWnGJtVpEL8HT01qWcl
+      oZA3nSQm9yD1G6l5aJyIDGdQ4C3/VJ0T3ZlQGXECnQWxCuU6v2lOQXvnQGcSvN+v
+      kNiRMCT3tXgLhCcr/6daDKYNOJ3EAVIvNx0=
+      -----END CERTIFICATE-----
+      -----BEGIN CERTIFICATE-----
+      MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+      TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+      cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+      WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+      RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+      AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+      R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+      sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+      NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+      Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+      /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+      AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+      Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+      FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+      AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+      Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+      gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+      PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+      ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+      CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+      lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+      avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+      yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+      yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+      hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+      HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+      MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+      nLRbwHOoq7hHwg==
+      -----END CERTIFICATE-----
+      -----BEGIN CERTIFICATE-----
+      MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+      MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+      DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+      TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+      cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+      AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+      ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshwLLezUmgD5HwmJAp32sIGkeG
+      VPMDCa/Lr+TyTjnhOWgjf7lJJhiaYFBSqygRz0t0IQ1GRomrn1Ktu3R7DJK0bhrP
+      4x6+wLpTABEZaHQKxZNljWhJXgxvTNKK6NXBmfAhYZ4+l4W0aMa8kU2Cz8lhCM6i
+      JnyYcPc9w9YaYJ2Gy1t3wgezPpNTItzPRMpT7p/NnDhqI9/gJvdFfZxgdmdPnTBw
+      Q5XgZbBB9X3YD8LhI8NsHL1A7a0u8UdL6fkv8R9p7RfC8IA3llXevPS11wUAZcBF
+      QYJxk4qN9bDYcBdQ0OZ2dOVFBLdCFPuS+iqQBFH2N5fjb9LKgIFrdWJaXEGz70kD
+      Dq6gIx1SBLyooZKwYvG3Di2E7GvcbnyLqHtCPF/Ky1r3eMZTLZ8PAJhyvggYgOn8
+      aNT1+Fo/7+yzFKP8HUlTBRBqKu+8dacN2tGHKjWuiLkahY/xGpPwlKz1wP+4lBEB
+      VHM9I1cLH+2d7fkBATMqQQMmIaulslYkCBVHeZCDleVQpkq7T2RgwADVb8J3stW3
+      e0MZF9HckdZXQPKPYK29oJi7xr5nTMPQDz3FuNhqNYY7JLdWkoLuuONFDgrHLRmd
+      TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+      SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+      c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+      +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+      ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+      b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+      U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+      MA0GCSqGSIb3DQEBCwUAA4IBAQBg4WZmUUxiK3EiwSr1mSWPpnDHVD1GVVxbOyZC
+      S8+Pf6vDf6tSgqYJ/mLDNtjfLwKy8RBcKwMxkBq5c1FqcTB4tL7IzCOLMCDH4XYP
+      K0LQ1d5sQNaKZBiJOUPb7oqfwJQVjDuTXl3hcqBhyz2HDvAPkCIPfcIwyhVhucHH
+      yN9mqPNgYWVGKF3cWQqEQ9ombqCr5ASCvSoEZL/YQM1Zv0j/RdZ5qf+ZwJttL3dP
+      +t4cpNAl0z7ly6XF/FMwkRFanNg56TjB8aXq0mEJPGBWQgOw7hCYPKNaBaHRPQUH
+      Lb6XBWI3p2gqQjFJ5KhSMN8mPgqhm8RlJmWWJUMlGsiVr3WE
+      -----END CERTIFICATE-----
+
+  - path: /etc/ssl/private/privkey.pem
+    permissions: '0600'
+    content: |
+      -----BEGIN PRIVATE KEY-----
+      MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDC1HLwsBdUBayN
+      JaJ7Wy1n8AeM6F7K0JAw6UQdW0sI8TNtOyZKaOrfTmKBgdxpBnFxnj7QiIVu8bUc
+      zZGcQcKoOLH6X5cJtOvUQRBGzYHlWhCGi7M3JAKjQoKyGiT2uRiZP4JsJaVVOJyq
+      1eO5c77TJa9jvAA0qfuWVTzLUDWM1oIJr8zyDHNTM7gK17c1p3XBF3gGDGCdIj5o
+      1oXJxdNzDgLTqJeqSGKLfLwOTsFiCCjntyVjcQCHaceCdGx4tC+FKcx/d5p+Jc6x
+      j7pVvQoqP0Kg1YA6VkX9hLKUCiNlSHhQJbnj8rhfLPtMfHRoZjQToazP3Sq6DLGd
+      KJ7TdL2nAgMBAAECggEAAKJosDxdA6AQ1CvwQp8N1JL9ZAVqYf4Y9c9n6s+HFOBX
+      wPEsABHNdNAYQJnX5X8rcdXfQhwFKRBqR/0OKtaBEJ2yh9IzO6DKHsKcAsX2aEo8
+      2b+DFCJz7Ty2R7LJBt2oKJxLaVCJlH7nP2VglLK3oAMv9R0+9y1u7bxp4B5Xqkzm
+      LXnqkiN4MrnLJWLh2eIYcf0fJvL0xUmTQNXZa6PHzv8hfRcOkdJZGLFGRgABBXzi
+      Ek9/fTNwH0Rg8e6eTZdPzXOgkyQdRsHLQQa3j6DHKJKzP8kI1MKJ2yQELm15LT+E
+      0U3QIDgxcKHBzOoKJFE/MzL+NXQ9s+vdT3f1mzLJiQKBgQDgfwOQLm2lUaNcDNgf
+      A+WLaL1a6ysEG2cDUiwsBSRRUH/5llMEbyFxdPw2sqdVsRkBBaHdJCINkDJGm/kI
+      /xvJxD3KcBVLSdmHq/qO4pbGxBDRNvzrRO5Yoaiv5xDk2rQF3lm1m3vWdI6YFhq3
+      j8qxE4/YjHNQOqfr7a0j+3j9dQKBgQDeBcQD2y7k7KAyRAv5Sh8AjbDSNjvFz3hE
+      TnJcjeeuTfmKdOBCm5mDCH+vGhBczRoHO9vVnqxLO3dJOWHqf8z7BPTBU4Bpm6zt
+      5CJWP5jCbQU8+S0g1vgdUBzRrXFE4I9ZxCvJ5k6mfzVOvPcb0OV2gJGcxPbg2xT5
+      uTn7VRTq6wKBgQCGF5yE6DVdMoqh5kjQBjjIObKtXRtJpGxuJ2VDfNYP8Klu6zAZ
+      zP3hKrUQO0IKJBxOwT/D8VZ4IKLK7y0q3Fb8+rsCxJzPM7J5UtKbQPPOdAbRFPCA
+      J4fE/YJu4g/sUpTdxq3lVqJ9P4rJyg3JJfn8aRAMOuhhNu6VJ9BlBTe3rQKBgQCv
+      OHXzS9VV9WMfhpN/UR4Q+LAqwQUKW0HFCkkYiDK/jJ2YNMU+m9e8JUrZOxZ9N1gF
+      IHJyGppZTxI5y1swCRqfGf+JuR7TKzHD7RK0L7F1q8hJwFjJA4xflg0RRvk5hfQa
+      WX3rA7SnC2T7b7DlxnVu+j2KNz0BnmKlhEFVOx7CnQKBgCdHRsDGXJGmGqhG1sH8
+      PHdT1vA0iKLiouI+/WxtJwA2Y3FKcHjzJz+lX6ucsW5V+dKZuIWKDvuJQsJb1qJb
+      yiuEZdWy5iLOON0m10AX3WyfxT8A5NWkCBVH6K6IYOiJcBFGVfGXpP3kc1g8NqKd
+      K1DU5qILAZENMZLGKJfrwyxm
+      -----END PRIVATE KEY-----
+
+  - path: /root/deploy.sh
+    permissions: '0755'
+    content: |
+      #!/bin/bash
+      set -e
+      
+      # Clone repository
+      cd /opt
+      # IMPORTANT: Replace YOUR_GITHUB_TOKEN with a valid GitHub Personal Access Token with 'repo' permissions
+      GITHUB_TOKEN="YOUR_GITHUB_TOKEN"
+      git clone https://${GITHUB_TOKEN}@github.com/UserIsMH/v2-Docker.git
+      cd v2-Docker
+      
+      # Remove token from git config
+      git remote set-url origin https://github.com/UserIsMH/v2-Docker.git
+      
+      # Update nginx.conf with correct domains
+      sed -i 's/admin-panel-undso\.z5m7q9dk3ah2v1plx6ju\.com/admin-panel-undso.intelsight.de/g' v2_nginx/nginx.conf
+      sed -i 's/api-software-undso\.z5m7q9dk3ah2v1plx6ju\.com/api-software-undso.intelsight.de/g' v2_nginx/nginx.conf
+      
+      # Update .env file
+      sed -i 's/API_DOMAIN=.*/API_DOMAIN=api-software-undso.intelsight.de/' v2/.env
+      sed -i 's/ADMIN_PANEL_DOMAIN=.*/ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de/' v2/.env
+      
+      # Copy SSL certificates
+      mkdir -p v2_nginx/ssl
+      cp /etc/ssl/certs/fullchain.pem v2_nginx/ssl/
+      cp /etc/ssl/private/privkey.pem v2_nginx/ssl/
+      chmod 644 v2_nginx/ssl/fullchain.pem
+      chmod 600 v2_nginx/ssl/privkey.pem
+      
+      # Generate DH parameters if not exist
+      if [ ! -f v2_nginx/ssl/dhparam.pem ]; then
+        openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048
+      fi
+      
+      # Start Docker services
+      cd v2
+      docker compose pull
+      docker compose up -d
+      
+      # Wait for services to be ready
+      sleep 30
+      
+      # Check if services are running
+      docker compose ps
+      
+      # Enable auto-start
+      cat > /etc/systemd/system/docker-compose-app.service <<EOF
+      [Unit]
+      Description=Docker Compose Application Service
+      Requires=docker.service
+      After=docker.service
+      
+      [Service]
+      Type=oneshot
+      RemainAfterExit=yes
+      WorkingDirectory=/opt/v2-Docker/v2
+      ExecStart=/usr/bin/docker compose up -d
+      ExecStop=/usr/bin/docker compose down
+      TimeoutStartSec=0
+      
+      [Install]
+      WantedBy=multi-user.target
+      EOF
+      
+      systemctl enable docker-compose-app
+
+  - path: /etc/fail2ban/jail.local
+    permissions: '0644'
+    content: |
+      [DEFAULT]
+      bantime = 3600
+      findtime = 600
+      maxretry = 5
+      
+      [sshd]
+      enabled = true
+      port = ssh
+      filter = sshd
+      logpath = /var/log/auth.log
+      maxretry = 3
+
+swap:
+  filename: /swapfile
+  size: 2G
+  maxsize: 2G
+
+runcmd:
+  - chmod 600 /etc/ssl/private/privkey.pem
+  - /root/install-docker.sh
+  - ufw allow 22/tcp
+  - ufw allow 80/tcp
+  - ufw allow 443/tcp
+  - echo "y" | ufw enable
+  - systemctl enable fail2ban
+  - systemctl start fail2ban
+  - /root/deploy.sh
+  - echo "Deployment complete!" > /root/deployment.log
+  - reboot
+
+final_message: "The system is finally up, after $UPTIME seconds"

generate-secrets.py

@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+import secrets
+import string
+
+def generate_password(length=16):
+    """Generate a secure random password"""
+    alphabet = string.ascii_letters + string.digits + "!@#$%^&*"
+    return ''.join(secrets.choice(alphabet) for _ in range(length))
+
+def generate_jwt_secret(length=64):
+    """Generate a secure JWT secret"""
+    return secrets.token_urlsafe(length)
+
+print("=== Generated Secure Secrets for Production ===")
+print()
+print("# PostgreSQL Database")
+print(f"POSTGRES_PASSWORD={generate_password(20)}")
+print()
+print("# Admin Panel Users (save these securely!)")
+print(f"ADMIN1_PASSWORD={generate_password(16)}")
+print(f"ADMIN2_PASSWORD={generate_password(16)}")
+print()
+print("# JWT Secret")
+print(f"JWT_SECRET={generate_jwt_secret()}")
+print()
+print("# Grafana")
+print(f"GRAFANA_PASSWORD={generate_password(16)}")
+print()
+print("# For v2_lizenzserver/.env")
+print(f"SECRET_KEY={secrets.token_hex(32)}")
+print()
+print("=== IMPORTANT ===")
+print("1. Save these passwords securely")
+print("2. Update both .env files with these values")
+print("3. Never commit these to git")

v2/.env

@@ -13,8 +13,8 @@ ADMIN2_PASSWORD=Warhammer123!
 
 
 # Domains (können von der App ausgewertet werden, z. B. für Links oder CORS)
-API_DOMAIN=api-software-undso.z5m7q9dk3ah2v1plx6ju.com
-ADMIN_PANEL_DOMAIN=admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com
+API_DOMAIN=api-software-undso.intelsight.de
+ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de
 
 # ===================== OPTIONALE VARIABLEN =====================
 

v2/.env.production.template

@@ -0,0 +1,56 @@
+# PostgreSQL-Datenbank
+POSTGRES_DB=meinedatenbank
+POSTGRES_USER=adminuser
+# IMPORTANT: Generate a strong password using generate-secrets.py
+POSTGRES_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
+
+# Admin-Panel Zugangsdaten
+ADMIN1_USERNAME=rac00n
+ADMIN1_PASSWORD=1248163264
+ADMIN2_USERNAME=w@rh@mm3r
+ADMIN2_PASSWORD=Warhammer123!
+
+# Domains
+API_DOMAIN=api-software-undso.intelsight.de
+ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de
+
+# JWT für API-Auth (WICHTIG: Für sichere Token-Verschlüsselung!)
+# IMPORTANT: Generate using generate-secrets.py
+JWT_SECRET=CHANGE_THIS_GENERATE_SECURE_SECRET
+
+# E-Mail Konfiguration (optional)
+# MAIL_SERVER=smtp.meinedomain.de
+# MAIL_PORT=587
+# MAIL_USERNAME=deinemail
+# MAIL_PASSWORD=geheim
+# MAIL_FROM=no-reply@intelsight.de
+
+# Logging
+LOG_LEVEL=info
+
+# Erlaubte CORS-Domains (für Web-Frontend)
+ALLOWED_ORIGINS=https://admin-panel-undso.intelsight.de
+
+# VERSION
+LATEST_CLIENT_VERSION=1.0.0
+
+# BACKUP KONFIGURATION
+EMAIL_ENABLED=false
+
+# CAPTCHA KONFIGURATION (optional für PoC)
+# RECAPTCHA_SITE_KEY=your-site-key-here
+# RECAPTCHA_SECRET_KEY=your-secret-key-here
+
+# MONITORING KONFIGURATION
+GRAFANA_USER=admin
+# IMPORTANT: Generate a strong password using generate-secrets.py
+GRAFANA_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
+
+# SMTP Settings for Alertmanager (optional)
+# SMTP_USERNAME=your-email@gmail.com
+# SMTP_PASSWORD=your-app-password
+
+# Webhook URLs for critical alerts (optional)
+# WEBHOOK_CRITICAL=https://your-webhook-url/critical
+# WEBHOOK_SECURITY=https://your-webhook-url/security
+

v2_adminpanel/config.py

@@ -12,7 +12,7 @@ JSON_AS_ASCII = False
 JSONIFY_MIMETYPE = 'application/json; charset=utf-8'
 PERMANENT_SESSION_LIFETIME = timedelta(minutes=5)
 SESSION_COOKIE_HTTPONLY = True
-SESSION_COOKIE_SECURE = False  # Set to True when HTTPS (internal runs HTTP)
+SESSION_COOKIE_SECURE = os.getenv("SESSION_COOKIE_SECURE", "true").lower() == "true"  # Default True for HTTPS
 SESSION_COOKIE_SAMESITE = 'Lax'
 SESSION_COOKIE_NAME = 'admin_session'
 SESSION_REFRESH_EACH_REQUEST = False

v2_lizenzserver/.env.production.template

@@ -0,0 +1,8 @@
+# IMPORTANT: Generate a secure secret key using generate-secrets.py
+SECRET_KEY=CHANGE_THIS_GENERATE_SECURE_SECRET
+
+# Database connection (password should match v2/.env)
+DATABASE_URL=postgresql://adminuser:CHANGE_THIS_STRONG_PASSWORD@db:5432/meinedatenbank
+
+# Production mode
+DEBUG=False

v2_nginx/nginx.conf

@@ -38,7 +38,7 @@ http {
     # Admin Panel
     server {
         listen 80;
-        server_name admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name admin-panel-undso.intelsight.de;
         
         # Redirect HTTP to HTTPS
         return 301 https://$server_name$request_uri;
@@ -46,7 +46,7 @@ http {
 
     server {
         listen 443 ssl;
-        server_name admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name admin-panel-undso.intelsight.de;
 
         # SSL-Zertifikate (echte Zertifikate)
         ssl_certificate /etc/nginx/ssl/fullchain.pem;
@@ -87,14 +87,14 @@ http {
     # API Server (für später)
     server {
         listen 80;
-        server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name api-software-undso.intelsight.de;
         
         return 301 https://$server_name$request_uri;
     }
 
     server {
         listen 443 ssl;
-        server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
+        server_name api-software-undso.intelsight.de;
 
         ssl_certificate /etc/nginx/ssl/fullchain.pem;
         ssl_certificate_key /etc/nginx/ssl/privkey.pem;

v2_nginx/ssl/.gitignore

@@ -0,0 +1,10 @@
+# Ignore all SSL certificates
+*.pem
+*.crt
+*.key
+*.p12
+*.pfx
+
+# But keep the README
+!README.md
+!.gitignore

v2_nginx/ssl/README.md

@@ -0,0 +1,29 @@
+# SSL Certificate Directory
+
+This directory should contain the following files for SSL to work:
+
+1. **fullchain.pem** - The full certificate chain
+2. **privkey.pem** - The private key (keep this secure!)
+3. **dhparam.pem** - Diffie-Hellman parameters for enhanced security
+
+## For intelsight.de deployment:
+
+Copy your SSL certificates here:
+```bash
+cp /path/to/fullchain.pem ./
+cp /path/to/privkey.pem ./
+```
+
+Generate dhparam.pem if not exists:
+```bash
+openssl dhparam -out dhparam.pem 2048
+```
+
+## File Permissions:
+```bash
+chmod 644 fullchain.pem
+chmod 600 privkey.pem
+chmod 644 dhparam.pem
+```
+
+**IMPORTANT**: Never commit actual SSL certificates to the repository!

verify-deployment.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+
+echo "=== V2-Docker Deployment Verification Script ==="
+echo
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Check function
+check() {
+    if [ $1 -eq 0 ]; then
+        echo -e "${GREEN}✓${NC} $2"
+    else
+        echo -e "${RED}✗${NC} $2"
+        return 1
+    fi
+}
+
+# Warning function
+warn() {
+    echo -e "${YELLOW}⚠${NC} $1"
+}
+
+echo "1. Checking Docker installation..."
+docker --version > /dev/null 2>&1
+check $? "Docker installed"
+
+docker compose version > /dev/null 2>&1
+check $? "Docker Compose installed"
+
+echo
+echo "2. Checking SSL certificates..."
+if [ -f "v2_nginx/ssl/fullchain.pem" ]; then
+    check 0 "fullchain.pem exists"
+else
+    check 1 "fullchain.pem missing - copy from /SSL/ or your certificate location"
+fi
+
+if [ -f "v2_nginx/ssl/privkey.pem" ]; then
+    check 0 "privkey.pem exists"
+else
+    check 1 "privkey.pem missing - copy from /SSL/ or your certificate location"
+fi
+
+if [ -f "v2_nginx/ssl/dhparam.pem" ]; then
+    check 0 "dhparam.pem exists"
+else
+    warn "dhparam.pem missing - will be generated (this takes a few minutes)"
+fi
+
+echo
+echo "3. Checking configuration files..."
+if grep -q "intelsight.de" v2_nginx/nginx.conf; then
+    check 0 "nginx.conf has correct domain (intelsight.de)"
+else
+    check 1 "nginx.conf still has test domain"
+fi
+
+if grep -q "intelsight.de" v2/.env; then
+    check 0 ".env has correct domain (intelsight.de)"
+else
+    check 1 ".env still has test domain"
+fi
+
+echo
+echo "4. Checking Docker services..."
+cd v2 2>/dev/null
+if [ $? -eq 0 ]; then
+    if docker compose ps 2>/dev/null | grep -q "running"; then
+        check 0 "Docker services are running"
+        docker compose ps
+    else
+        warn "Docker services not running yet"
+    fi
+    cd ..
+else
+    warn "v2 directory not found"
+fi
+
+echo
+echo "5. Checking network connectivity..."
+if command -v ss &> /dev/null; then
+    if ss -tlnp 2>/dev/null | grep -q ":80"; then
+        check 0 "Port 80 is listening"
+    else
+        warn "Port 80 not listening yet"
+    fi
+    
+    if ss -tlnp 2>/dev/null | grep -q ":443"; then
+        check 0 "Port 443 is listening"
+    else
+        warn "Port 443 not listening yet"
+    fi
+else
+    warn "ss command not found, skipping port check"
+fi
+
+echo
+echo "=== Quick Start Commands ==="
+echo
+echo "1. If SSL certificates are missing:"
+echo "   cp /SSL/fullchain.pem v2_nginx/ssl/"
+echo "   cp /SSL/privkey.pem v2_nginx/ssl/"
+echo "   chmod 644 v2_nginx/ssl/fullchain.pem"
+echo "   chmod 600 v2_nginx/ssl/privkey.pem"
+echo
+echo "2. Generate dhparam.pem if missing:"
+echo "   openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048"
+echo
+echo "3. Start Docker services:"
+echo "   cd v2"
+echo "   docker compose up -d"
+echo
+echo "4. Check logs:"
+echo "   docker compose logs -f"
+echo
+echo "=== URLs after deployment ==="
+echo "Admin Panel: https://admin-panel-undso.intelsight.de"
+echo "API Server: https://api-software-undso.intelsight.de"
+echo