Initial commit

2025-07-05 17:51:16 +02:00
Commit 0d7d888502
--- a/OPERATIONS_GUIDE.md
+++ b/OPERATIONS_GUIDE.md
@ -0,0 +1,376 @@
+# V2-Docker Operations Guide
+
+## WICHTIGER HINWEIS
+
+**NICHT VERWENDEN (für <100 Kunden nicht benötigt):**
+- ❌ Redis - System verwendet direkte DB-Verbindungen
+- ❌ RabbitMQ - System verwendet synchrone Verarbeitung
+- ❌ Prometheus/Grafana/Alertmanager - Integrierte Überwachung ist ausreichend
+- ❌ Externe Monitoring-Tools - Admin Panel hat alle benötigten Metriken
+
+**NUR DIESE SERVICES VERWENDEN:**
+- ✅ PostgreSQL (db)
+- ✅ License Server (license-server)
+- ✅ Admin Panel (admin-panel)
+- ✅ Nginx Proxy (nginx-proxy)
+
+## Deployment
+
+### Prerequisites
+- Docker and Docker Compose
+- 4GB RAM, 20GB disk
+
+### Initial Setup
+```bash
+cd v2-Docker
+docker-compose up -d
+```
+Database initializes automatically via init.sql.
+
+### Standard-Zugangsdaten
+
+#### Admin Panel
+- URL: https://admin-panel-undso.z5m7q9dk3ah2v1plx6ju.com/
+- User 1: `rac00n` / `1248163264`
+- User 2: `w@rh@mm3r` / `Warhammer123!`
+
+#### License Server API
+- URL: https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com/
+- API Key: Wird im Admin Panel unter "Lizenzserver Administration" verwaltet
+- Header: `X-API-Key: <api-key>`
+
+### Service Configuration
+
+#### License Server
+```yaml
+license-server:
+  build: ./v2_lizenzserver
+  container_name: license-server
+  environment:
+    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
+    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
+    # NICHT VERWENDEN:
+    # - REDIS_HOST=redis  # NICHT BENÖTIGT
+    # - RABBITMQ_HOST=rabbitmq  # NICHT BENÖTIGT
+  expose:
+    - "8443"
+  networks:
+    - backend
+  depends_on:
+    - db  # Nur PostgreSQL wird benötigt
+```
+
+#### Admin Panel  
+```yaml
+admin-panel:
+  build: ./v2_adminpanel
+  container_name: admin-panel
+  environment:
+    - DATABASE_URL=postgresql://adminuser:supergeheimespasswort@db:5432/meinedatenbank
+    - SECRET_KEY=supersecretkey
+    - JWT_SECRET=your-secret-jwt-key-here-minimum-32-chars
+    # NICHT VERWENDEN:
+    # - REDIS_HOST=redis  # NICHT BENÖTIGT
+  expose:
+    - "5000"
+  networks:
+    - backend
+  depends_on:
+    - db  # Nur PostgreSQL wird benötigt
+  volumes:
+    - ./backups:/app/backups
+```
+
+#### Nginx Reverse Proxy
+```yaml
+nginx:
+  build: ./v2_nginx
+  container_name: nginx-proxy
+  ports:
+    - "80:80"
+  networks:
+    - backend
+  depends_on:
+    - admin-panel
+    - license-server
+  volumes:
+    - ./v2_nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+  # Routing:
+  # / → admin-panel:5000 (Admin Panel)
+  # /api → license-server:8000 (API Endpoints)
+```
+
+## Monitoring
+
+**WICHTIG**: Externe Monitoring-Tools werden NICHT verwendet! Die folgenden Konfigurationen sind VERALTET und sollten IGNORIERT werden.
+
+### Integrierte Überwachung (Admin Panel)
+
+**HINWEIS**: Externe Monitoring-Tools (Grafana, Prometheus, etc.) werden NICHT verwendet!
+
+Das Admin Panel bietet alle benötigten Überwachungsfunktionen:
+
+1. **Dashboard** (Startseite)
+   - Aktive Lizenzen
+   - Aktive Sessions
+   - Heartbeat-Statistiken
+   - System-Metriken
+
+2. **Log-Seite**
+   - Vollständiges Audit-Log aller Aktionen
+   - Filterbar nach Benutzer, Aktion, Entität
+   - Export in Excel/CSV
+
+3. **Lizenz-Übersicht**
+   - Aktive/Inaktive Lizenzen
+   - Session-Status in Echtzeit
+   - Letzte Heartbeats
+
+4. **Metriken-Endpoint**
+   - `/metrics` im License Server für basic monitoring
+   - Zeigt aktuelle Anfragen, Fehler, etc.
+
+## Features Overview
+
+### Lead Management System
+- **UPDATE 22.06.2025**: Jetzt direkt über Navbar "Lead Management" erreichbar
+- Lead Management Dashboard unter `/leads/management`
+- Gemeinsame Kontaktdatenbank zwischen rac00n und w@rh@mm3r
+- Features:
+  - Dashboard mit Statistiken und Aktivitätsfeed
+  - Institution management
+  - Contact persons with multiple phones/emails
+  - Versioned notes system
+  - Full audit trail
+  - Benutzer-Attribution (wer hat was hinzugefügt)
+
+### Resource Pool Management
+- Domain allocation system
+- IPv4 address management
+- Phone number allocation
+- Features:
+  - Resource assignment to licenses
+  - Quarantine management
+  - Resource history tracking
+  - Availability monitoring
+
+### Batch Operations
+- Bulk license creation
+- Mass updates
+- Accessible from Customers & Licenses page
+
+### Monitoring Integration
+- Unified monitoring dashboard at `/monitoring`
+- Live analytics and metrics
+- Alert management interface
+- Integrated with Prometheus/Grafana stack
+
+### API Key Management
+- Single system-wide API key
+- Managed in "Lizenzserver Administration"
+- Used for all API authentication
+
+### Session Management
+- Single-session enforcement per license
+- 30-second heartbeat system
+- Automatic session cleanup after 60 seconds
+- Session history tracking
+
+## Maintenance
+
+### Database Maintenance
+
+#### Partition Management
+```sql
+-- Check existing partitions
+SELECT tablename FROM pg_tables 
+WHERE tablename LIKE 'license_heartbeats_%' 
+ORDER BY tablename;
+
+-- Create future partitions manually
+CALL create_monthly_partitions('license_heartbeats', 3);
+
+-- Drop old partitions
+DROP TABLE IF EXISTS license_heartbeats_2024_01;
+```
+
+#### Backup Procedures
+```bash
+# Backup
+docker exec db pg_dump -U adminuser meinedatenbank | gzip > backup_$(date +%Y%m%d).sql.gz
+
+# Restore
+gunzip -c backup_20250619.sql.gz | docker exec -i db psql -U adminuser meinedatenbank
+```
+
+##### Integriertes Backup-System
+Das Admin Panel bietet ein eingebautes Backup-System:
+1. Login ins Admin Panel
+2. Navigiere zu "Backups"
+3. Klicke "Create Backup"
+4. Backups werden verschlüsselt im Verzeichnis `/backups` gespeichert
+5. Download oder Restore direkt über die UI
+
+### Log Management
+
+#### Log Locations
+
+##### Logs
+- Container logs: `docker logs <container_name>`
+- Nginx logs: `./v2_nginx/logs/`
+- Audit logs: Database table `audit_log`
+
+#### Log Rotation
+```bash
+# Configure logrotate
+/var/log/license-server/*.log {
+    daily
+    rotate 7
+    compress
+    delaycompress
+    notifempty
+    create 0640 www-data www-data
+}
+```
+
+### Performance Optimization
+
+#### Database Tuning
+- Run `ANALYZE` periodically
+- `VACUUM ANALYZE` on large tables
+- Maintain partitions: `CALL create_monthly_partitions('license_heartbeats', 3)`
+
+#### Resource Limits
+
+Alle Services haben konfigurierte Resource Limits:
+
+```yaml
+# License Server
+license-server:
+  deploy:
+    resources:
+      limits:
+        cpus: '1.0'
+        memory: 1G
+      reservations:
+        cpus: '0.5'
+        memory: 512M
+
+# Admin Panel
+admin-panel:
+  deploy:
+    resources:
+      limits:
+        cpus: '1.0'
+        memory: 1G
+      reservations:
+        cpus: '0.5'
+        memory: 512M
+
+# PostgreSQL
+db:
+  deploy:
+    resources:
+      limits:
+        cpus: '2.0'
+        memory: 2G
+      reservations:
+        cpus: '1.0'
+        memory: 1G
+```
+
+## Troubleshooting
+
+### Common Issues
+
+#### License Server Not Responding
+- Check status: `docker ps | grep license`
+- View logs: `docker logs license-server --tail 100`
+- Test health: `docker exec nginx-proxy curl http://license-server:8443/health`
+
+#### Database Connection Issues
+- Check status: `docker exec db pg_isready`
+- Test connection: Use psql from admin panel container
+- Check logs: `docker logs db --tail 50`
+
+#### High Memory Usage
+1. Check container stats: `docker stats`
+2. Review memory limits in docker-compose.yml
+3. Analyze database queries for optimization
+4. Consider scaling horizontally
+
+### Health Checks
+
+Quick health check script:
+```bash
+# All services
+docker ps --format "table {{.Names}}\t{{.Status}}"
+
+# Key endpoints
+curl -s https://api-software-undso.z5m7q9dk3ah2v1plx6ju.com/health
+curl -s http://localhost:9090/-/healthy
+```
+
+## Security Considerations
+- Strong JWT_SECRET (32+ chars)
+- Rotate API keys regularly
+- Rate limiting enabled
+- Use HTTPS in production
+- Strong database passwords
+- Keep Docker and images updated
+
+## Scaling Strategies
+
+### Horizontal Scaling
+
+#### Scaling License Server
+```bash
+# Scale license server instances
+docker-compose -f v2/docker-compose.yaml up -d --scale license-server=3
+```
+
+#### Nginx Load Balancing Configuration
+```nginx
+# In nginx.conf
+upstream license_servers {
+    least_conn;
+    server license-server_1:8443 max_fails=3 fail_timeout=30s;
+    server license-server_2:8443 max_fails=3 fail_timeout=30s;
+    server license-server_3:8443 max_fails=3 fail_timeout=30s;
+    
+    # Health checks
+    keepalive 32;
+}
+
+server {
+    server_name api-software-undso.z5m7q9dk3ah2v1plx6ju.com;
+    
+    location / {
+        proxy_pass http://license_servers;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+    }
+}
+```
+
+#### Scaling Considerations (für >100 Kunden)
+**HINWEIS**: Für <100 Kunden ist keine Skalierung notwendig!
+- Direkter DB-Zugriff ist ausreichend (kein Redis benötigt)
+- Synchrone Verarbeitung ist schnell genug (kein RabbitMQ benötigt)
+- Single Instance ist völlig ausreichend
+
+### Database Scaling
+- Read replicas for reporting
+- Connection pooling
+- Query optimization
+- Partitioning for large tables
+
+## Disaster Recovery
+- Daily automated backups via Admin Panel
+- Test restore procedures regularly
+- Consider database replication for HA
+
+## Monitoring Best Practices
+- Configure alerts in Alertmanager
+- Review Grafana dashboards regularly
+- Monitor resource trends for capacity planning