Hetzner-Backup/OPERATIONS_GUIDE.md

V2-Docker Operations Guide

Deployment

Prerequisites

• Docker and Docker Compose
• PostgreSQL 13+
• Python 3.8+
• Minimum 4GB RAM
• 20GB disk space

Initial Setup

# Clone repository
git clone <repository-url>
cd v2-Docker

# Environment Variables sind bereits in docker-compose.yaml definiert
# Für Produktion: Erstelle .env Datei mit sensiblen Daten

# Start services
docker-compose up -d

# Datenbank wird automatisch initialisiert via init.sql
# Keine manuellen Migrationen erforderlich

Standard-Zugangsdaten

Admin Panel

• URL: https://admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com
• User 1: rac00n / 1248163264
• User 2: w@rh@mm3r / Warhammer123!

License Server API

• URL: https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com
• API Key: Muss in Requests mitgesendet werden

Service Configuration

License Server

license-server:
  image: v2_lizenzserver:latest
  environment:
    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
    - API_KEY=your-api-key-here
    - REDIS_HOST=redis-cache
    - RABBITMQ_HOST=rabbitmq
  # Kein externer Port - nur über Nginx erreichbar
  expose:
    - "8443"
  networks:
    - internal_net

Admin Panel

admin-panel:
  image: v2_adminpanel:latest
  environment:
    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
    - SECRET_KEY=supersecretkey
    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
    - LIZENZSERVER_BASE_URL=http://license-server:8443
    - REDIS_HOST=redis-cache
  # Kein externer Port - nur über Nginx erreichbar
  expose:
    - "5000"
  networks:
    - internal_net

Nginx Reverse Proxy

nginx-proxy:
  image: v2_nginx:latest
  ports:
    - "80:80"    # HTTP (wird auf HTTPS umgeleitet)
    - "443:443"  # HTTPS
  networks:
    - internal_net
  # Routet Requests an interne Services:
  # admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com → admin-panel:5000
  # api-software-undso.z5m7q9dk3ah2v1plx6ju.com → license-server:8443

Monitoring

Prometheus Configuration

Scrape Configs

scrape_configs:
  - job_name: 'license-server'
    static_configs:
      - targets: ['license-server:8443']
    metrics_path: /metrics
  
  - job_name: 'postgres'
    static_configs:
      - targets: ['postgres-exporter:9187']
      
  - job_name: 'redis'
    static_configs:
      - targets: ['redis-exporter:9121']
      
  - job_name: 'nginx'
    static_configs:
      - targets: ['nginx-exporter:9113']
      
  - job_name: 'node'
    static_configs:
      - targets: ['node-exporter:9100']
      
  - job_name: 'cadvisor'
    static_configs:
      - targets: ['cadvisor:8081']

Alert Rules

• License server down: up{job="license-server"} == 0
• High error rate: rate(http_requests_total{status=~"5.."}[5m]) > 0.05
• Database connections: pg_stat_database_numbackends > 100

Grafana Dashboards

1. System Overview Dashboard

   • CPU and memory usage
   • Network traffic
   • Disk usage
   • Container status

2. License Server Dashboard

   • Active licenses
   • Heartbeat frequency
   • API response times
   • Error rates

3. Database Performance Dashboard

   • Query performance
   • Connection pool status
   • Table sizes
   • Slow queries

Accessing Monitoring

• Prometheus: http://localhost:9090
• Grafana: http://localhost:3001
  • Default Login: admin/admin
  • Vorkonfigurierte Dashboards:
    • System Overview
    • License Server Metrics
    • Database Performance
• Alertmanager: http://localhost:9093

Monitoring Stack Services

• PostgreSQL Exporter: Sammelt DB-Metriken
• Redis Exporter: Sammelt Cache-Metriken
• Node Exporter: System-Level Metriken
• Nginx Exporter: Webserver-Metriken
• cAdvisor: Container-Metriken (Port 8081)

Maintenance

Database Maintenance

Partition Management

-- Check existing partitions
SELECT tablename FROM pg_tables 
WHERE tablename LIKE 'license_heartbeats_%' 
ORDER BY tablename;

-- Create future partitions manually
CALL create_monthly_partitions('license_heartbeats', 3);

-- Drop old partitions
DROP TABLE IF EXISTS license_heartbeats_2024_01;

Backup Procedures

Manuelles Backup

# Full database backup
docker exec db pg_dump -U adminuser meinedatenbank > backup_$(date +%Y%m%d).sql

# Backup specific tables
docker exec db pg_dump -U adminuser -t licenses -t license_activations meinedatenbank > licenses_backup.sql

# Komprimiertes Backup
docker exec db pg_dump -U adminuser meinedatenbank | gzip > backup_$(date +%Y%m%d).sql.gz

# Restore from backup
docker exec -i db psql -U adminuser meinedatenbank < backup_20250619.sql

Integriertes Backup-System

Das Admin Panel bietet ein eingebautes Backup-System:

1. Login ins Admin Panel
2. Navigiere zu "Backups"
3. Klicke "Create Backup"
4. Backups werden verschlüsselt im Verzeichnis /backups gespeichert
5. Download oder Restore direkt über die UI

Log Management

Log Locations

Container Logs

# License Server Logs
docker logs license-server

# Admin Panel Logs  
docker logs admin-panel

# Nginx Logs
docker logs nginx-proxy

# Database Logs
docker logs db

Persistent Log Volumes

• Nginx Access/Error Logs: Mapped to local ./v2_nginx/logs/
• Application Logs: Verfügbar über Docker logging driver
• Audit Logs: In der Datenbank (Tabelle audit_log)

Log Rotation

# Configure logrotate
/var/log/license-server/*.log {
    daily
    rotate 7
    compress
    delaycompress
    notifempty
    create 0640 www-data www-data
}

Performance Optimization

Database Tuning

-- Update statistics
ANALYZE;

-- Reindex tables
REINDEX TABLE licenses;
REINDEX TABLE license_activations;

-- Vacuum tables
VACUUM ANALYZE licenses;

Resource Limits

Alle Services haben konfigurierte Resource Limits:

# License Server
license-server:
  deploy:
    resources:
      limits:
        cpus: '1.0'
        memory: 1G
      reservations:
        cpus: '0.5'
        memory: 512M

# Admin Panel
admin-panel:
  deploy:
    resources:
      limits:
        cpus: '1.0'
        memory: 1G
      reservations:
        cpus: '0.5'
        memory: 512M

# PostgreSQL
db:
  deploy:
    resources:
      limits:
        cpus: '2.0'
        memory: 2G
      reservations:
        cpus: '1.0'
        memory: 1G

Troubleshooting

Common Issues

License Server Not Responding

1. Check container status: docker ps | grep license-server
2. View logs: docker logs license-server --tail 100
3. Test internal connectivity:

   docker exec nginx-proxy curl -k https://license-server:8443/health
   

4. Verify environment variables:

   docker exec license-server env | grep -E "JWT_SECRET|API_KEY|DATABASE_URL"
   

5. Check Nginx routing:

   docker exec nginx-proxy nginx -T | grep api-software
   

Database Connection Issues

1. Check PostgreSQL status:

   docker exec db pg_isready -U adminuser -d meinedatenbank
   

2. Test connection from service:

   docker exec admin-panel psql postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank -c "SELECT 1"
   

3. Check network connectivity:

   docker network inspect v2-docker_internal_net
   

4. Review PostgreSQL logs:

   docker logs db --tail 50
   

High Memory Usage

1. Check container stats: docker stats
2. Review memory limits in docker-compose.yml
3. Analyze database queries for optimization
4. Consider scaling horizontally

Health Checks

# License server health (über Nginx)
curl -k https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com/health

# Admin panel health (über Nginx)
curl -k https://admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com/

# Database health
docker exec db pg_isready -U adminuser -d meinedatenbank

# Redis health
docker exec redis-cache redis-cli ping

# RabbitMQ health
docker exec rabbitmq rabbitmqctl status

# Monitoring stack
curl http://localhost:9090/-/healthy  # Prometheus
curl http://localhost:3001/api/health  # Grafana
curl http://localhost:9093/-/healthy  # Alertmanager

# Container health overview
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"

Security Considerations

API Security

• Use strong JWT_SECRET (minimum 32 characters)
• Rotate API keys regularly
• Implement rate limiting
• Use HTTPS in production

Database Security

• Use strong passwords
• Limit database access
• Enable SSL for connections
• Regular security updates

Container Security

• Use official base images
• Scan images for vulnerabilities
• Don't run containers as root
• Keep Docker updated

Scaling Strategies

Horizontal Scaling

Scaling License Server

# Scale license server instances
docker-compose up -d --scale license-server=3

Nginx Load Balancing Configuration

# In nginx.conf
upstream license_servers {
    least_conn;
    server license-server_1:8443 max_fails=3 fail_timeout=30s;
    server license-server_2:8443 max_fails=3 fail_timeout=30s;
    server license-server_3:8443 max_fails=3 fail_timeout=30s;
    
    # Health checks
    keepalive 32;
}

server {
    server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
    
    location / {
        proxy_pass https://license_servers;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

Scaling Considerations

• Redis für Session-Sharing zwischen Instanzen
• RabbitMQ für asynchrone Task-Verteilung
• Sticky Sessions bei Bedarf aktivieren

Database Scaling

• Read replicas for reporting
• Connection pooling
• Query optimization
• Partitioning for large tables

Disaster Recovery

Backup Strategy

• Daily automated backups
• Off-site backup storage
• Test restore procedures
• Document recovery steps

High Availability

• Database replication
• Service redundancy
• Load balancing
• Automated failover

Monitoring Best Practices

1. Set up alerts for critical metrics
2. Create runbooks for common issues
3. Regular review of dashboards
4. Capacity planning based on trends
5. Document all custom configurations