IntelSight/Hetzner-Backup
3
0
Fork 0
Code Issues Pull-Requests Actions Pakete Projekte Releases Wiki Aktivität

Lizenzserver (Backend) - Erstellt

Quellcode durchsuchen
Dieser Commit ist enthalten in:
UserIsMH
2025-06-19 21:48:15 +02:00
Ursprung afa2b52494
Commit ae30b74e9c
23 geänderte Dateien mit 3712 neuen und 387 gelöschten Zeilen
Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

286
OPERATIONS_GUIDE.md
Datei anzeigen

@@ -16,40 +16,75 @@
git clone <repository-url>
cd v2-Docker
# Set environment variables
cp .env.example .env
# Edit .env with your configuration
# Environment Variables sind bereits in docker-compose.yaml definiert
# Für Produktion: Erstelle .env Datei mit sensiblen Daten
# Start services
docker-compose up -d
# Run database migrations
docker exec v2_adminpanel python manage.py migrate
# Datenbank wird automatisch initialisiert via init.sql
# Keine manuellen Migrationen erforderlich
```
### Standard-Zugangsdaten
#### Admin Panel
- URL: https://admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com
- User 1: `rac00n` / `1248163264`
- User 2: `w@rh@mm3r` / `Warhammer123!`
#### License Server API
- URL: https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com
- API Key: Muss in Requests mitgesendet werden
### Service Configuration
#### License Server
```yaml
v2_lizenzserver:
license-server:
image: v2_lizenzserver:latest
environment:
- DATABASE_URL=postgresql://user:pass@db:5432/v2
- JWT_SECRET=${JWT_SECRET}
- API_KEY=${API_KEY}
ports:
- "8080:8080"
- DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
- JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
- API_KEY=your-api-key-here
- REDIS_HOST=redis-cache
- RABBITMQ_HOST=rabbitmq
# Kein externer Port - nur über Nginx erreichbar
expose:
- "8443"
networks:
- internal_net
```
#### Admin Panel
#### Admin Panel
```yaml
v2_adminpanel:
admin-panel:
image: v2_adminpanel:latest
environment:
- DATABASE_URL=postgresql://user:pass@db:5432/v2
- SECRET_KEY=${SECRET_KEY}
- DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
- SECRET_KEY=supersecretkey
- JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
- LIZENZSERVER_BASE_URL=http://license-server:8443
- REDIS_HOST=redis-cache
# Kein externer Port - nur über Nginx erreichbar
expose:
- "5000"
networks:
- internal_net
```
#### Nginx Reverse Proxy
```yaml
nginx-proxy:
image: v2_nginx:latest
ports:
- "5000:5000"
- "80:80" # HTTP (wird auf HTTPS umgeleitet)
- "443:443" # HTTPS
networks:
- internal_net
# Routet Requests an interne Services:
# admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com → admin-panel:5000
# api-software-undso.z5m7q9dk3ah2v1plx6ju.com → license-server:8443
```
## Monitoring
@@ -61,11 +96,28 @@ v2_adminpanel:
scrape_configs:
- job_name: 'license-server'
static_configs:
- targets: ['v2_lizenzserver:8080']
- targets: ['license-server:8443']
metrics_path: /metrics
- job_name: 'postgres'
static_configs:
- targets: ['postgres_exporter:9187']
- targets: ['postgres-exporter:9187']
- job_name: 'redis'
static_configs:
- targets: ['redis-exporter:9121']
- job_name: 'nginx'
static_configs:
- targets: ['nginx-exporter:9113']
- job_name: 'node'
static_configs:
- targets: ['node-exporter:9100']
- job_name: 'cadvisor'
static_configs:
- targets: ['cadvisor:8081']
```
#### Alert Rules
@@ -96,9 +148,21 @@ scrape_configs:
### Accessing Monitoring
- Prometheus: http://localhost:9090
- Grafana: http://localhost:3001 (admin/admin)
- Grafana: http://localhost:3001
- Default Login: admin/admin
- Vorkonfigurierte Dashboards:
- System Overview
- License Server Metrics
- Database Performance
- Alertmanager: http://localhost:9093
### Monitoring Stack Services
- PostgreSQL Exporter: Sammelt DB-Metriken
- Redis Exporter: Sammelt Cache-Metriken
- Node Exporter: System-Level Metriken
- Nginx Exporter: Webserver-Metriken
- cAdvisor: Container-Metriken (Port 8081)
## Maintenance
### Database Maintenance
@@ -118,23 +182,53 @@ DROP TABLE IF EXISTS license_heartbeats_2024_01;
```
#### Backup Procedures
##### Manuelles Backup
```bash
# Full database backup
docker exec v2_db pg_dump -U postgres v2 > backup_$(date +%Y%m%d).sql
docker exec db pg_dump -U adminuser meinedatenbank > backup_$(date +%Y%m%d).sql
# Backup specific tables
docker exec v2_db pg_dump -U postgres -t licenses -t license_activations v2 > licenses_backup.sql
docker exec db pg_dump -U adminuser -t licenses -t license_activations meinedatenbank > licenses_backup.sql
# Komprimiertes Backup
docker exec db pg_dump -U adminuser meinedatenbank | gzip > backup_$(date +%Y%m%d).sql.gz
# Restore from backup
docker exec -i v2_db psql -U postgres v2 < backup_20250619.sql
docker exec -i db psql -U adminuser meinedatenbank < backup_20250619.sql
```
##### Integriertes Backup-System
Das Admin Panel bietet ein eingebautes Backup-System:
1. Login ins Admin Panel
2. Navigiere zu "Backups"
3. Klicke "Create Backup"
4. Backups werden verschlüsselt im Verzeichnis `/backups` gespeichert
5. Download oder Restore direkt über die UI
### Log Management
#### Log Locations
- License Server: `/var/log/license-server/`
- Admin Panel: `/var/log/adminpanel/`
- Nginx: `/var/log/nginx/`
##### Container Logs
```bash
# License Server Logs
docker logs license-server
# Admin Panel Logs
docker logs admin-panel
# Nginx Logs
docker logs nginx-proxy
# Database Logs
docker logs db
```
##### Persistent Log Volumes
- Nginx Access/Error Logs: Mapped to local `./v2_nginx/logs/`
- Application Logs: Verfügbar über Docker logging driver
- Audit Logs: In der Datenbank (Tabelle `audit_log`)
#### Log Rotation
```bash
@@ -165,18 +259,42 @@ VACUUM ANALYZE licenses;
```
#### Resource Limits
Alle Services haben konfigurierte Resource Limits:
```yaml
# Docker resource constraints
services:
v2_lizenzserver:
deploy:
resources:
limits:
cpus: '2'
memory: 2G
reservations:
cpus: '1'
memory: 1G
# License Server
license-server:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
# Admin Panel
admin-panel:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
# PostgreSQL
db:
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
reservations:
cpus: '1.0'
memory: 1G
```
## Troubleshooting
@@ -184,16 +302,38 @@ services:
### Common Issues
#### License Server Not Responding
1. Check container status: `docker ps`
2. View logs: `docker logs v2_lizenzserver`
3. Test database connection: `docker exec v2_lizenzserver pg_isready`
4. Verify JWT_SECRET is set
1. Check container status: `docker ps | grep license-server`
2. View logs: `docker logs license-server --tail 100`
3. Test internal connectivity:
```bash
docker exec nginx-proxy curl -k https://license-server:8443/health
```
4. Verify environment variables:
```bash
docker exec license-server env | grep -E "JWT_SECRET|API_KEY|DATABASE_URL"
```
5. Check Nginx routing:
```bash
docker exec nginx-proxy nginx -T | grep api-software
```
#### Database Connection Issues
1. Check PostgreSQL status: `docker exec v2_db pg_isready`
2. Verify credentials in .env
3. Check network connectivity: `docker network ls`
4. Review PostgreSQL logs: `docker logs v2_db`
1. Check PostgreSQL status:
```bash
docker exec db pg_isready -U adminuser -d meinedatenbank
```
2. Test connection from service:
```bash
docker exec admin-panel psql postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank -c "SELECT 1"
```
3. Check network connectivity:
```bash
docker network inspect v2-docker_internal_net
```
4. Review PostgreSQL logs:
```bash
docker logs db --tail 50
```
#### High Memory Usage
1. Check container stats: `docker stats`
@@ -204,18 +344,28 @@ services:
### Health Checks
```bash
# License server health
curl http://localhost:8080/health
# License server health (über Nginx)
curl -k https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com/health
# Admin panel health (über Nginx)
curl -k https://admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com/
# Database health
docker exec v2_db pg_isready
docker exec db pg_isready -U adminuser -d meinedatenbank
# Admin panel health
curl http://localhost:5000/health
# Redis health
docker exec redis-cache redis-cli ping
# RabbitMQ health
docker exec rabbitmq rabbitmqctl status
# Monitoring stack
curl http://localhost:9090/-/healthy # Prometheus
curl http://localhost:3001/api/health # Grafana
curl http://localhost:9093/-/healthy # Alertmanager
# Container health overview
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
```
## Security Considerations
@@ -241,18 +391,42 @@ curl http://localhost:3001/api/health # Grafana
## Scaling Strategies
### Horizontal Scaling
```yaml
# Scale license server
docker-compose up -d --scale v2_lizenzserver=3
# Load balancing with Nginx
#### Scaling License Server
```bash
# Scale license server instances
docker-compose up -d --scale license-server=3
```
#### Nginx Load Balancing Configuration
```nginx
# In nginx.conf
upstream license_servers {
server v2_lizenzserver_1:8080;
server v2_lizenzserver_2:8080;
server v2_lizenzserver_3:8080;
least_conn;
server license-server_1:8443 max_fails=3 fail_timeout=30s;
server license-server_2:8443 max_fails=3 fail_timeout=30s;
server license-server_3:8443 max_fails=3 fail_timeout=30s;
# Health checks
keepalive 32;
}
server {
server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
location / {
proxy_pass https://license_servers;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
```
#### Scaling Considerations
- Redis für Session-Sharing zwischen Instanzen
- RabbitMQ für asynchrone Task-Verteilung
- Sticky Sessions bei Bedarf aktivieren
### Database Scaling
- Read replicas for reporting
- Connection pooling