IntelSight/Hetzner-Backup
3
0
Fork 0
Code Issues Pull-Requests Actions Pakete Projekte Releases Wiki Aktivität
Dateien
ae30b74e9c10e71dea2c1af790f98f608a1e5b97
Hetzner-Backup/OPERATIONS_GUIDE.md

456 Zeilen
10 KiB
Markdown
Originalformat Blame Verlauf

# V2-Docker Operations Guide
## Deployment
### Prerequisites
- Docker and Docker Compose
- PostgreSQL 13+
- Python 3.8+
- Minimum 4GB RAM
- 20GB disk space
### Initial Setup
```bash
# Clone repository
git clone <repository-url>
cd v2-Docker
# Environment Variables sind bereits in docker-compose.yaml definiert
# Für Produktion: Erstelle .env Datei mit sensiblen Daten
# Start services
docker-compose up -d
# Datenbank wird automatisch initialisiert via init.sql
# Keine manuellen Migrationen erforderlich
```
### Standard-Zugangsdaten
#### Admin Panel
- URL: https://admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com
- User 1: `rac00n` / `1248163264`
- User 2: `w@rh@mm3r` / `Warhammer123!`
#### License Server API
- URL: https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com
- API Key: Muss in Requests mitgesendet werden
### Service Configuration
#### License Server
```yaml
license-server:
image: v2_lizenzserver:latest
environment:
- DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
- JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
- API_KEY=your-api-key-here
- REDIS_HOST=redis-cache
- RABBITMQ_HOST=rabbitmq
# Kein externer Port - nur über Nginx erreichbar
expose:
- "8443"
networks:
- internal_net
```
#### Admin Panel
```yaml
admin-panel:
image: v2_adminpanel:latest
environment:
- DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
- SECRET_KEY=supersecretkey
- JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
- LIZENZSERVER_BASE_URL=http://license-server:8443
- REDIS_HOST=redis-cache
# Kein externer Port - nur über Nginx erreichbar
expose:
- "5000"
networks:
- internal_net
```
#### Nginx Reverse Proxy
```yaml
nginx-proxy:
image: v2_nginx:latest
ports:
- "80:80" # HTTP (wird auf HTTPS umgeleitet)
- "443:443" # HTTPS
networks:
- internal_net
# Routet Requests an interne Services:
# admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com → admin-panel:5000
# api-software-undso.z5m7q9dk3ah2v1plx6ju.com → license-server:8443
```
## Monitoring
### Prometheus Configuration
#### Scrape Configs
```yaml
scrape_configs:
- job_name: 'license-server'
static_configs:
- targets: ['license-server:8443']
metrics_path: /metrics
- job_name: 'postgres'
static_configs:
- targets: ['postgres-exporter:9187']
- job_name: 'redis'
static_configs:
- targets: ['redis-exporter:9121']
- job_name: 'nginx'
static_configs:
- targets: ['nginx-exporter:9113']
- job_name: 'node'
static_configs:
- targets: ['node-exporter:9100']
- job_name: 'cadvisor'
static_configs:
- targets: ['cadvisor:8081']
```
#### Alert Rules
- License server down: `up{job="license-server"} == 0`
- High error rate: `rate(http_requests_total{status=~"5.."}[5m]) > 0.05`
- Database connections: `pg_stat_database_numbackends > 100`
### Grafana Dashboards
1. **System Overview Dashboard**
- CPU and memory usage
- Network traffic
- Disk usage
- Container status
2. **License Server Dashboard**
- Active licenses
- Heartbeat frequency
- API response times
- Error rates
3. **Database Performance Dashboard**
- Query performance
- Connection pool status
- Table sizes
- Slow queries
### Accessing Monitoring
- Prometheus: http://localhost:9090
- Grafana: http://localhost:3001
- Default Login: admin/admin
- Vorkonfigurierte Dashboards:
- System Overview
- License Server Metrics
- Database Performance
- Alertmanager: http://localhost:9093
### Monitoring Stack Services
- PostgreSQL Exporter: Sammelt DB-Metriken
- Redis Exporter: Sammelt Cache-Metriken
- Node Exporter: System-Level Metriken
- Nginx Exporter: Webserver-Metriken
- cAdvisor: Container-Metriken (Port 8081)
## Maintenance
### Database Maintenance
#### Partition Management
```sql
-- Check existing partitions
SELECT tablename FROM pg_tables
WHERE tablename LIKE 'license_heartbeats_%'
ORDER BY tablename;
-- Create future partitions manually
CALL create_monthly_partitions('license_heartbeats', 3);
-- Drop old partitions
DROP TABLE IF EXISTS license_heartbeats_2024_01;
```
#### Backup Procedures
##### Manuelles Backup
```bash
# Full database backup
docker exec db pg_dump -U adminuser meinedatenbank > backup_$(date +%Y%m%d).sql
# Backup specific tables
docker exec db pg_dump -U adminuser -t licenses -t license_activations meinedatenbank > licenses_backup.sql
# Komprimiertes Backup
docker exec db pg_dump -U adminuser meinedatenbank | gzip > backup_$(date +%Y%m%d).sql.gz
# Restore from backup
docker exec -i db psql -U adminuser meinedatenbank < backup_20250619.sql
```
##### Integriertes Backup-System
Das Admin Panel bietet ein eingebautes Backup-System:
1. Login ins Admin Panel
2. Navigiere zu "Backups"
3. Klicke "Create Backup"
4. Backups werden verschlüsselt im Verzeichnis `/backups` gespeichert
5. Download oder Restore direkt über die UI
### Log Management
#### Log Locations
##### Container Logs
```bash
# License Server Logs
docker logs license-server
# Admin Panel Logs
docker logs admin-panel
# Nginx Logs
docker logs nginx-proxy
# Database Logs
docker logs db
```
##### Persistent Log Volumes
- Nginx Access/Error Logs: Mapped to local `./v2_nginx/logs/`
- Application Logs: Verfügbar über Docker logging driver
- Audit Logs: In der Datenbank (Tabelle `audit_log`)
#### Log Rotation
```bash
# Configure logrotate
/var/log/license-server/*.log {
daily
rotate 7
compress
delaycompress
notifempty
create 0640 www-data www-data
}
```
### Performance Optimization
#### Database Tuning
```sql
-- Update statistics
ANALYZE;
-- Reindex tables
REINDEX TABLE licenses;
REINDEX TABLE license_activations;
-- Vacuum tables
VACUUM ANALYZE licenses;
```
#### Resource Limits
Alle Services haben konfigurierte Resource Limits:
```yaml
# License Server
license-server:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
# Admin Panel
admin-panel:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
# PostgreSQL
db:
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
reservations:
cpus: '1.0'
memory: 1G
```
## Troubleshooting
### Common Issues
#### License Server Not Responding
1. Check container status: `docker ps | grep license-server`
2. View logs: `docker logs license-server --tail 100`
3. Test internal connectivity:
```bash
docker exec nginx-proxy curl -k https://license-server:8443/health
```
4. Verify environment variables:
```bash
docker exec license-server env | grep -E "JWT_SECRET|API_KEY|DATABASE_URL"
```
5. Check Nginx routing:
```bash
docker exec nginx-proxy nginx -T | grep api-software
```
#### Database Connection Issues
1. Check PostgreSQL status:
```bash
docker exec db pg_isready -U adminuser -d meinedatenbank
```
2. Test connection from service:
```bash
docker exec admin-panel psql postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank -c "SELECT 1"
```
3. Check network connectivity:
```bash
docker network inspect v2-docker_internal_net
```
4. Review PostgreSQL logs:
```bash
docker logs db --tail 50
```
#### High Memory Usage
1. Check container stats: `docker stats`
2. Review memory limits in docker-compose.yml
3. Analyze database queries for optimization
4. Consider scaling horizontally
### Health Checks
```bash
# License server health (über Nginx)
curl -k https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com/health
# Admin panel health (über Nginx)
curl -k https://admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com/
# Database health
docker exec db pg_isready -U adminuser -d meinedatenbank
# Redis health
docker exec redis-cache redis-cli ping
# RabbitMQ health
docker exec rabbitmq rabbitmqctl status
# Monitoring stack
curl http://localhost:9090/-/healthy # Prometheus
curl http://localhost:3001/api/health # Grafana
curl http://localhost:9093/-/healthy # Alertmanager
# Container health overview
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
```
## Security Considerations
### API Security
- Use strong JWT_SECRET (minimum 32 characters)
- Rotate API keys regularly
- Implement rate limiting
- Use HTTPS in production
### Database Security
- Use strong passwords
- Limit database access
- Enable SSL for connections
- Regular security updates
### Container Security
- Use official base images
- Scan images for vulnerabilities
- Don't run containers as root
- Keep Docker updated
## Scaling Strategies
### Horizontal Scaling
#### Scaling License Server
```bash
# Scale license server instances
docker-compose up -d --scale license-server=3
```
#### Nginx Load Balancing Configuration
```nginx
# In nginx.conf
upstream license_servers {
least_conn;
server license-server_1:8443 max_fails=3 fail_timeout=30s;
server license-server_2:8443 max_fails=3 fail_timeout=30s;
server license-server_3:8443 max_fails=3 fail_timeout=30s;
# Health checks
keepalive 32;
}
server {
server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
location / {
proxy_pass https://license_servers;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
```
#### Scaling Considerations
- Redis für Session-Sharing zwischen Instanzen
- RabbitMQ für asynchrone Task-Verteilung
- Sticky Sessions bei Bedarf aktivieren
### Database Scaling
- Read replicas for reporting
- Connection pooling
- Query optimization
- Partitioning for large tables
## Disaster Recovery
### Backup Strategy
- Daily automated backups
- Off-site backup storage
- Test restore procedures
- Document recovery steps
### High Availability
- Database replication
- Service redundancy
- Load balancing
- Automated failover
## Monitoring Best Practices
1. **Set up alerts for critical metrics**
2. **Create runbooks for common issues**
3. **Regular review of dashboards**
4. **Capacity planning based on trends**
5. **Document all custom configurations**
In neuem Issue referenzieren Git Blame ansehen Permalink kopieren