Hetzner-Backup/OPERATIONS_GUIDE.md

# V2-Docker Operations Guide

## Deployment

### Prerequisites
- Docker and Docker Compose
- 4GB RAM, 20GB disk

### Initial Setup
```bash
cd v2-Docker
docker-compose up -d
```
Database initializes automatically via init.sql.

### Standard-Zugangsdaten

#### Admin Panel
- URL: http://localhost:80 (oder konfigurierte Domain)
- User 1: `rac00n` / `1248163264`
- User 2: `w@rh@mm3r` / `Warhammer123!`

#### License Server API
- URL: http://localhost:80/api (über Nginx Proxy)
- API Key: Wird im Admin Panel unter "Lizenzserver Administration" verwaltet
- Header: `X-API-Key: <api-key>`

### Service Configuration

#### License Server
```yaml
license-server:
  build: ./v2_lizenzserver
  container_name: v2_license_server
  environment:
    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@postgres:5432/meinedatenbank
    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
    - REDIS_HOST=redis
    - RABBITMQ_HOST=rabbitmq
  expose:
    - "8000"
  networks:
    - backend
    - monitoring
  depends_on:
    - postgres
    - redis
    - rabbitmq
```

#### Admin Panel  
```yaml
admin-panel:
  build: ./v2_adminpanel
  container_name: v2_admin_panel
  environment:
    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@postgres:5432/meinedatenbank
    - SECRET_KEY=supersecretkey
    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
    - REDIS_HOST=redis
  expose:
    - "5000"
  networks:
    - backend
    - monitoring
  depends_on:
    - postgres
    - redis
  volumes:
    - ./backups:/app/backups
```

#### Nginx Reverse Proxy
```yaml
nginx:
  build: ./v2_nginx
  container_name: v2_nginx
  ports:
    - "80:80"
  networks:
    - backend
  depends_on:
    - admin-panel
    - license-server
  volumes:
    - ./v2_nginx/nginx.conf:/etc/nginx/nginx.conf:ro
  # Routing:
  # / → admin-panel:5000 (Admin Panel)
  # /api → license-server:8000 (API Endpoints)
```

## Monitoring

### Prometheus Configuration

#### Scrape Configs
```yaml
scrape_configs:
  - job_name: 'license-server'
    static_configs:
      - targets: ['license-server:8000']
    metrics_path: /metrics
  
  - job_name: 'admin-panel'
    static_configs:
      - targets: ['admin-panel:5000']
    metrics_path: /metrics
  
  - job_name: 'postgres'
    static_configs:
      - targets: ['postgres-exporter:9187']
      
  - job_name: 'redis'
    static_configs:
      - targets: ['redis-exporter:9121']
      
  - job_name: 'node'
    static_configs:
      - targets: ['node-exporter:9100']
      
  - job_name: 'cadvisor'
    static_configs:
      - targets: ['cadvisor:8080']
```

#### Alert Rules
- License server down: `up{job="license-server"} == 0`
- High error rate: `rate(http_requests_total{status=~"5.."}[5m]) > 0.05`
- Database connections: `pg_stat_database_numbackends > 100`

### Grafana Dashboards

1. **System Overview Dashboard**
   - CPU and memory usage
   - Network traffic
   - Disk usage
   - Container status

2. **License Server Dashboard**
   - Active licenses
   - Heartbeat frequency
   - API response times
   - Error rates

3. **Database Performance Dashboard**
   - Query performance
   - Connection pool status
   - Table sizes
   - Slow queries

### Accessing Monitoring

- Prometheus: http://localhost:9090
- Grafana: http://localhost:3001
  - Default Login: admin/admin
  - Vorkonfigurierte Dashboards:
    - System Overview
    - License Server Metrics  
    - Database Performance
- Alertmanager: http://localhost:9093

### Monitoring Stack Services
- PostgreSQL Exporter: Sammelt DB-Metriken (Port 9187)
- Redis Exporter: Sammelt Cache-Metriken (Port 9121)
- Node Exporter: System-Level Metriken (Port 9100)
- cAdvisor: Container-Metriken (Port 8080)
- Prometheus: Metrics Collection (Port 9090)
- Grafana: Visualization (Port 3000)
- Alertmanager: Alert Management (Port 9093)

## Features Overview

### Lead Management System
- Accessible via "Leads" button on Customers & Licenses page
- Manage potential customers and contacts
- Features:
  - Institution management
  - Contact persons with multiple phones/emails
  - Versioned notes system
  - Full audit trail

### Resource Pool Management
- Domain allocation system
- IPv4 address management
- Phone number allocation
- Features:
  - Resource assignment to licenses
  - Quarantine management
  - Resource history tracking
  - Availability monitoring

### Batch Operations
- Bulk license creation
- Mass updates
- Accessible from Customers & Licenses page

### Monitoring Integration
- Unified monitoring dashboard at `/monitoring`
- Live analytics and metrics
- Alert management interface
- Integrated with Prometheus/Grafana stack

### API Key Management
- Single system-wide API key
- Managed in "Lizenzserver Administration"
- Used for all API authentication

### Session Management
- Single-session enforcement per license
- 30-second heartbeat system
- Automatic session cleanup after 60 seconds
- Session history tracking

## Maintenance

### Database Maintenance

#### Partition Management
```sql
-- Check existing partitions
SELECT tablename FROM pg_tables 
WHERE tablename LIKE 'license_heartbeats_%' 
ORDER BY tablename;

-- Create future partitions manually
CALL create_monthly_partitions('license_heartbeats', 3);

-- Drop old partitions
DROP TABLE IF EXISTS license_heartbeats_2024_01;
```

#### Backup Procedures
```bash
# Backup
docker exec v2_postgres pg_dump -U adminuser meinedatenbank | gzip > backup_$(date +%Y%m%d).sql.gz

# Restore
gunzip -c backup_20250619.sql.gz | docker exec -i v2_postgres psql -U adminuser meinedatenbank
```

##### Integriertes Backup-System
Das Admin Panel bietet ein eingebautes Backup-System:
1. Login ins Admin Panel
2. Navigiere zu "Backups"
3. Klicke "Create Backup"
4. Backups werden verschlüsselt im Verzeichnis `/backups` gespeichert
5. Download oder Restore direkt über die UI

### Log Management

#### Log Locations

##### Logs
- Container logs: `docker logs <container_name>`
- Nginx logs: `./v2_nginx/logs/`
- Audit logs: Database table `audit_log`

#### Log Rotation
```bash
# Configure logrotate
/var/log/license-server/*.log {
    daily
    rotate 7
    compress
    delaycompress
    notifempty
    create 0640 www-data www-data
}
```

### Performance Optimization

#### Database Tuning
- Run `ANALYZE` periodically
- `VACUUM ANALYZE` on large tables
- Maintain partitions: `CALL create_monthly_partitions('license_heartbeats', 3)`

#### Resource Limits

Alle Services haben konfigurierte Resource Limits:

```yaml
# License Server
license-server:
  deploy:
    resources:
      limits:
        cpus: '1.0'
        memory: 1G
      reservations:
        cpus: '0.5'
        memory: 512M

# Admin Panel
admin-panel:
  deploy:
    resources:
      limits:
        cpus: '1.0'
        memory: 1G
      reservations:
        cpus: '0.5'
        memory: 512M

# PostgreSQL
db:
  deploy:
    resources:
      limits:
        cpus: '2.0'
        memory: 2G
      reservations:
        cpus: '1.0'
        memory: 1G
```

## Troubleshooting

### Common Issues

#### License Server Not Responding
- Check status: `docker ps | grep license`
- View logs: `docker logs v2_license_server --tail 100`
- Test health: `docker exec v2_nginx curl http://license-server:8000/health`

#### Database Connection Issues
- Check status: `docker exec v2_postgres pg_isready`
- Test connection: Use psql from admin panel container
- Check logs: `docker logs v2_postgres --tail 50`

#### High Memory Usage
1. Check container stats: `docker stats`
2. Review memory limits in docker-compose.yml
3. Analyze database queries for optimization
4. Consider scaling horizontally

### Health Checks

Quick health check script:
```bash
# All services
docker ps --format "table {{.Names}}\t{{.Status}}"

# Key endpoints
curl -s http://localhost/api/health
curl -s http://localhost:9090/-/healthy
```

## Security Considerations
- Strong JWT_SECRET (32+ chars)
- Rotate API keys regularly
- Rate limiting enabled
- Use HTTPS in production
- Strong database passwords
- Keep Docker and images updated

## Scaling Strategies

### Horizontal Scaling

#### Scaling License Server
```bash
# Scale license server instances
docker-compose -f v2/docker-compose.yaml up -d --scale license-server=3
```

#### Nginx Load Balancing Configuration
```nginx
# In nginx.conf
upstream license_servers {
    least_conn;
    server license-server_1:8443 max_fails=3 fail_timeout=30s;
    server license-server_2:8443 max_fails=3 fail_timeout=30s;
    server license-server_3:8443 max_fails=3 fail_timeout=30s;
    
    # Health checks
    keepalive 32;
}

server {
    server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
    
    location / {
        proxy_pass https://license_servers;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}
```

#### Scaling Considerations
- Redis für Session-Sharing zwischen Instanzen
- RabbitMQ für asynchrone Task-Verteilung
- Sticky Sessions bei Bedarf aktivieren

### Database Scaling
- Read replicas for reporting
- Connection pooling
- Query optimization
- Partitioning for large tables

## Disaster Recovery
- Daily automated backups via Admin Panel
- Test restore procedures regularly
- Consider database replication for HA

## Monitoring Best Practices
- Configure alerts in Alertmanager
- Review Grafana dashboards regularly
- Monitor resource trends for capacity planning