# Production Deployment Guide for intelsight.de

## Pre-Deployment Checklist

### 1. Generate Secure Secrets
```bash
python3 generate-secrets.py
```
Save the output securely - you'll need these passwords!

**Note**: The admin panel users (rac00n and w@rh@mm3r) keep their existing passwords as configured in the .env file.

### 2. Configure Environment Files

#### v2/.env
1. Copy the template:
   ```bash
   cp v2/.env.production.template v2/.env
   ```
2. Replace all `CHANGE_THIS_` placeholders with generated secrets
3. Ensure `PRODUCTION=true` is set

#### v2_lizenzserver/.env
1. Copy the template:
   ```bash
   cp v2_lizenzserver/.env.production.template v2_lizenzserver/.env
   ```
2. Use the same database password as in v2/.env
3. Set a unique SECRET_KEY from generate-secrets.py

### 3. SSL Certificates
```bash
# Copy your SSL certificates
cp /SSL/fullchain.pem v2_nginx/ssl/
cp /SSL/privkey.pem v2_nginx/ssl/
chmod 644 v2_nginx/ssl/fullchain.pem
chmod 600 v2_nginx/ssl/privkey.pem

# Generate dhparam.pem (this takes a few minutes)
openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048
```

### 4. Verify Configuration
```bash
./verify-deployment.sh
```

## Deployment on Hetzner Server

### 1. Update Deploy Script
On your Hetzner server:
```bash
nano /root/deploy.sh
```
Replace `YOUR_GITHUB_TOKEN` with your actual GitHub token.

### 2. Run Deployment
```bash
cd /root
./deploy.sh
```

### 3. Start Services
```bash
cd /opt/v2-Docker/v2
docker compose up -d
```

### 4. Check Status
```bash
docker compose ps
docker compose logs -f
```

## Post-Deployment

### 1. Create Admin Panel API Key
1. Access https://admin-panel-undso.intelsight.de
2. Login with your admin credentials
3. Go to "Lizenzserver Administration"
4. Generate a new API key for production use

### 2. Test Endpoints
- Admin Panel: https://admin-panel-undso.intelsight.de
- API Server: https://api-software-undso.intelsight.de

### 3. Monitor Logs
```bash
docker compose logs -f admin-panel
docker compose logs -f license-server
```

## Security Notes

1. **Never commit .env files** with real passwords to git
2. **Backup your passwords** securely
3. **Rotate API keys** regularly
4. **Monitor access logs** for suspicious activity
5. **Keep SSL certificates** up to date (expires every 90 days)

## Troubleshooting

### Services won't start
```bash
docker compose down
docker compose up -d
docker compose logs
```

### Database connection issues
- Verify POSTGRES_PASSWORD matches in both .env files
- Check if postgres container is running: `docker compose ps db`

### SSL issues
- Ensure certificates are in v2_nginx/ssl/
- Check nginx logs: `docker compose logs nginx-proxy`

### Cannot access website
- Verify DNS points to your server IP
- Check if ports 80/443 are open: `ss -tlnp | grep -E '(:80|:443)'`
- Check nginx is running: `docker compose ps nginx-proxy`