Hetzner-Backup/OPERATIONS_GUIDE.md

V2-Docker Operations Guide

Deployment

Prerequisites

• Docker and Docker Compose
• 4GB RAM, 20GB disk

Initial Setup

cd v2-Docker
docker-compose up -d

Database initializes automatically via init.sql.

Standard-Zugangsdaten

Admin Panel

• URL: http://localhost:80 (oder konfigurierte Domain)
• User 1: rac00n / 1248163264
• User 2: w@rh@mm3r / Warhammer123!

License Server API

• URL: http://localhost:80/api (über Nginx Proxy)
• API Key: Wird im Admin Panel unter "Lizenzserver Administration" verwaltet
• Header: X-API-Key: <api-key>

Service Configuration

License Server

license-server:
  build: ./v2_lizenzserver
  container_name: v2_license_server
  environment:
    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@postgres:5432/meinedatenbank
    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
    - REDIS_HOST=redis
    - RABBITMQ_HOST=rabbitmq
  expose:
    - "8000"
  networks:
    - backend
    - monitoring
  depends_on:
    - postgres
    - redis
    - rabbitmq

Admin Panel

admin-panel:
  build: ./v2_adminpanel
  container_name: v2_admin_panel
  environment:
    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@postgres:5432/meinedatenbank
    - SECRET_KEY=supersecretkey
    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
    - REDIS_HOST=redis
  expose:
    - "5000"
  networks:
    - backend
    - monitoring
  depends_on:
    - postgres
    - redis
  volumes:
    - ./backups:/app/backups

Nginx Reverse Proxy

nginx:
  build: ./v2_nginx
  container_name: v2_nginx
  ports:
    - "80:80"
  networks:
    - backend
  depends_on:
    - admin-panel
    - license-server
  volumes:
    - ./v2_nginx/nginx.conf:/etc/nginx/nginx.conf:ro
  # Routing:
  # / → admin-panel:5000 (Admin Panel)
  # /api → license-server:8000 (API Endpoints)

Monitoring

Prometheus Configuration

Scrape Configs

scrape_configs:
  - job_name: 'license-server'
    static_configs:
      - targets: ['license-server:8000']
    metrics_path: /metrics
  
  - job_name: 'admin-panel'
    static_configs:
      - targets: ['admin-panel:5000']
    metrics_path: /metrics
  
  - job_name: 'postgres'
    static_configs:
      - targets: ['postgres-exporter:9187']
      
  - job_name: 'redis'
    static_configs:
      - targets: ['redis-exporter:9121']
      
  - job_name: 'node'
    static_configs:
      - targets: ['node-exporter:9100']
      
  - job_name: 'cadvisor'
    static_configs:
      - targets: ['cadvisor:8080']

Alert Rules

• License server down: up{job="license-server"} == 0
• High error rate: rate(http_requests_total{status=~"5.."}[5m]) > 0.05
• Database connections: pg_stat_database_numbackends > 100

Grafana Dashboards

1. System Overview Dashboard

   • CPU and memory usage
   • Network traffic
   • Disk usage
   • Container status

2. License Server Dashboard

   • Active licenses
   • Heartbeat frequency
   • API response times
   • Error rates

3. Database Performance Dashboard

   • Query performance
   • Connection pool status
   • Table sizes
   • Slow queries

Accessing Monitoring

• Prometheus: http://localhost:9090
• Grafana: http://localhost:3001
  • Default Login: admin/admin
  • Vorkonfigurierte Dashboards:
    • System Overview
    • License Server Metrics
    • Database Performance
• Alertmanager: http://localhost:9093

Monitoring Stack Services

• PostgreSQL Exporter: Sammelt DB-Metriken (Port 9187)
• Redis Exporter: Sammelt Cache-Metriken (Port 9121)
• Node Exporter: System-Level Metriken (Port 9100)
• cAdvisor: Container-Metriken (Port 8080)
• Prometheus: Metrics Collection (Port 9090)
• Grafana: Visualization (Port 3000)
• Alertmanager: Alert Management (Port 9093)

Features Overview

Lead Management System

• Accessible via "Leads" button on Customers & Licenses page
• Manage potential customers and contacts
• Features:
  • Institution management
  • Contact persons with multiple phones/emails
  • Versioned notes system
  • Full audit trail

Resource Pool Management

• Domain allocation system
• IPv4 address management
• Phone number allocation
• Features:
  • Resource assignment to licenses
  • Quarantine management
  • Resource history tracking
  • Availability monitoring

Batch Operations

• Bulk license creation
• Mass updates
• Accessible from Customers & Licenses page

Monitoring Integration

• Unified monitoring dashboard at /monitoring
• Live analytics and metrics
• Alert management interface
• Integrated with Prometheus/Grafana stack

API Key Management

• Single system-wide API key
• Managed in "Lizenzserver Administration"
• Used for all API authentication

Session Management

• Single-session enforcement per license
• 30-second heartbeat system
• Automatic session cleanup after 60 seconds
• Session history tracking

Maintenance

Database Maintenance

Partition Management

-- Check existing partitions
SELECT tablename FROM pg_tables 
WHERE tablename LIKE 'license_heartbeats_%' 
ORDER BY tablename;

-- Create future partitions manually
CALL create_monthly_partitions('license_heartbeats', 3);

-- Drop old partitions
DROP TABLE IF EXISTS license_heartbeats_2024_01;

Backup Procedures

# Backup
docker exec v2_postgres pg_dump -U adminuser meinedatenbank | gzip > backup_$(date +%Y%m%d).sql.gz

# Restore
gunzip -c backup_20250619.sql.gz | docker exec -i v2_postgres psql -U adminuser meinedatenbank

Integriertes Backup-System

Das Admin Panel bietet ein eingebautes Backup-System:

1. Login ins Admin Panel
2. Navigiere zu "Backups"
3. Klicke "Create Backup"
4. Backups werden verschlüsselt im Verzeichnis /backups gespeichert
5. Download oder Restore direkt über die UI

Log Management

Log Locations

Logs

• Container logs: docker logs <container_name>
• Nginx logs: ./v2_nginx/logs/
• Audit logs: Database table audit_log

Log Rotation

# Configure logrotate
/var/log/license-server/*.log {
    daily
    rotate 7
    compress
    delaycompress
    notifempty
    create 0640 www-data www-data
}

Performance Optimization

Database Tuning

• Run ANALYZE periodically
• VACUUM ANALYZE on large tables
• Maintain partitions: CALL create_monthly_partitions('license_heartbeats', 3)

Resource Limits

Alle Services haben konfigurierte Resource Limits:

# License Server
license-server:
  deploy:
    resources:
      limits:
        cpus: '1.0'
        memory: 1G
      reservations:
        cpus: '0.5'
        memory: 512M

# Admin Panel
admin-panel:
  deploy:
    resources:
      limits:
        cpus: '1.0'
        memory: 1G
      reservations:
        cpus: '0.5'
        memory: 512M

# PostgreSQL
db:
  deploy:
    resources:
      limits:
        cpus: '2.0'
        memory: 2G
      reservations:
        cpus: '1.0'
        memory: 1G

Troubleshooting

Common Issues

License Server Not Responding

• Check status: docker ps | grep license
• View logs: docker logs v2_license_server --tail 100
• Test health: docker exec v2_nginx curl http://license-server:8000/health

Database Connection Issues

• Check status: docker exec v2_postgres pg_isready
• Test connection: Use psql from admin panel container
• Check logs: docker logs v2_postgres --tail 50

High Memory Usage

1. Check container stats: docker stats
2. Review memory limits in docker-compose.yml
3. Analyze database queries for optimization
4. Consider scaling horizontally

Health Checks

Quick health check script:

# All services
docker ps --format "table {{.Names}}\t{{.Status}}"

# Key endpoints
curl -s http://localhost/api/health
curl -s http://localhost:9090/-/healthy

Security Considerations

• Strong JWT_SECRET (32+ chars)
• Rotate API keys regularly
• Rate limiting enabled
• Use HTTPS in production
• Strong database passwords
• Keep Docker and images updated

Scaling Strategies

Horizontal Scaling

Scaling License Server

# Scale license server instances
docker-compose -f v2/docker-compose.yaml up -d --scale license-server=3

Nginx Load Balancing Configuration

# In nginx.conf
upstream license_servers {
    least_conn;
    server license-server_1:8443 max_fails=3 fail_timeout=30s;
    server license-server_2:8443 max_fails=3 fail_timeout=30s;
    server license-server_3:8443 max_fails=3 fail_timeout=30s;
    
    # Health checks
    keepalive 32;
}

server {
    server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
    
    location / {
        proxy_pass https://license_servers;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

Scaling Considerations

• Redis für Session-Sharing zwischen Instanzen
• RabbitMQ für asynchrone Task-Verteilung
• Sticky Sessions bei Bedarf aktivieren

Database Scaling

• Read replicas for reporting
• Connection pooling
• Query optimization
• Partitioning for large tables

Disaster Recovery

• Daily automated backups via Admin Panel
• Test restore procedures regularly
• Consider database replication for HA

Monitoring Best Practices

• Configure alerts in Alertmanager
• Review Grafana dashboards regularly
• Monitor resource trends for capacity planning