Initial commit
Dieser Commit ist enthalten in:
Claude Project Manager
121
PRODUCTION_DEPLOYMENT.md
Normale Datei
121
PRODUCTION_DEPLOYMENT.md
Normale Datei
@ -0,0 +1,121 @@
|
||||
# Production Deployment Guide for intelsight.de
|
||||
|
||||
## Pre-Deployment Checklist
|
||||
|
||||
### 1. Generate Secure Secrets
|
||||
```bash
|
||||
python3 generate-secrets.py
|
||||
```
|
||||
Save the output securely - you'll need these passwords!
|
||||
|
||||
**Note**: The admin panel users (rac00n and w@rh@mm3r) keep their existing passwords as configured in the .env file.
|
||||
|
||||
### 2. Configure Environment Files
|
||||
|
||||
#### v2/.env
|
||||
1. Copy the template:
|
||||
```bash
|
||||
cp v2/.env.production.template v2/.env
|
||||
```
|
||||
2. Replace all `CHANGE_THIS_` placeholders with generated secrets
|
||||
3. Ensure `PRODUCTION=true` is set
|
||||
|
||||
#### v2_lizenzserver/.env
|
||||
1. Copy the template:
|
||||
```bash
|
||||
cp v2_lizenzserver/.env.production.template v2_lizenzserver/.env
|
||||
```
|
||||
2. Use the same database password as in v2/.env
|
||||
3. Set a unique SECRET_KEY from generate-secrets.py
|
||||
|
||||
### 3. SSL Certificates
|
||||
```bash
|
||||
# Copy your SSL certificates
|
||||
cp /SSL/fullchain.pem v2_nginx/ssl/
|
||||
cp /SSL/privkey.pem v2_nginx/ssl/
|
||||
chmod 644 v2_nginx/ssl/fullchain.pem
|
||||
chmod 600 v2_nginx/ssl/privkey.pem
|
||||
|
||||
# Generate dhparam.pem (this takes a few minutes)
|
||||
openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048
|
||||
```
|
||||
|
||||
### 4. Verify Configuration
|
||||
```bash
|
||||
./verify-deployment.sh
|
||||
```
|
||||
|
||||
## Deployment on Hetzner Server
|
||||
|
||||
### 1. Update Deploy Script
|
||||
On your Hetzner server:
|
||||
```bash
|
||||
nano /root/deploy.sh
|
||||
```
|
||||
Replace `YOUR_GITHUB_TOKEN` with your actual GitHub token.
|
||||
|
||||
### 2. Run Deployment
|
||||
```bash
|
||||
cd /root
|
||||
./deploy.sh
|
||||
```
|
||||
|
||||
### 3. Start Services
|
||||
```bash
|
||||
cd /opt/v2-Docker/v2
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
### 4. Check Status
|
||||
```bash
|
||||
docker compose ps
|
||||
docker compose logs -f
|
||||
```
|
||||
|
||||
## Post-Deployment
|
||||
|
||||
### 1. Create Admin Panel API Key
|
||||
1. Access https://admin-panel-undso.intelsight.de
|
||||
2. Login with your admin credentials
|
||||
3. Go to "Lizenzserver Administration"
|
||||
4. Generate a new API key for production use
|
||||
|
||||
### 2. Test Endpoints
|
||||
- Admin Panel: https://admin-panel-undso.intelsight.de
|
||||
- API Server: https://api-software-undso.intelsight.de
|
||||
|
||||
### 3. Monitor Logs
|
||||
```bash
|
||||
docker compose logs -f admin-panel
|
||||
docker compose logs -f license-server
|
||||
```
|
||||
|
||||
## Security Notes
|
||||
|
||||
1. **Never commit .env files** with real passwords to git
|
||||
2. **Backup your passwords** securely
|
||||
3. **Rotate API keys** regularly
|
||||
4. **Monitor access logs** for suspicious activity
|
||||
5. **Keep SSL certificates** up to date (expires every 90 days)
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Services won't start
|
||||
```bash
|
||||
docker compose down
|
||||
docker compose up -d
|
||||
docker compose logs
|
||||
```
|
||||
|
||||
### Database connection issues
|
||||
- Verify POSTGRES_PASSWORD matches in both .env files
|
||||
- Check if postgres container is running: `docker compose ps db`
|
||||
|
||||
### SSL issues
|
||||
- Ensure certificates are in v2_nginx/ssl/
|
||||
- Check nginx logs: `docker compose logs nginx-proxy`
|
||||
|
||||
### Cannot access website
|
||||
- Verify DNS points to your server IP
|
||||
- Check if ports 80/443 are open: `ss -tlnp | grep -E '(:80|:443)'`
|
||||
- Check nginx is running: `docker compose ps nginx-proxy`
|
||||
In neuem Issue referenzieren
Einen Benutzer sperren