121 Zeilen
2.8 KiB
Markdown
121 Zeilen
2.8 KiB
Markdown
# Production Deployment Guide for intelsight.de
|
|
|
|
## Pre-Deployment Checklist
|
|
|
|
### 1. Generate Secure Secrets
|
|
```bash
|
|
python3 generate-secrets.py
|
|
```
|
|
Save the output securely - you'll need these passwords!
|
|
|
|
**Note**: The admin panel users (rac00n and w@rh@mm3r) keep their existing passwords as configured in the .env file.
|
|
|
|
### 2. Configure Environment Files
|
|
|
|
#### v2/.env
|
|
1. Copy the template:
|
|
```bash
|
|
cp v2/.env.production.template v2/.env
|
|
```
|
|
2. Replace all `CHANGE_THIS_` placeholders with generated secrets
|
|
3. Ensure `PRODUCTION=true` is set
|
|
|
|
#### v2_lizenzserver/.env
|
|
1. Copy the template:
|
|
```bash
|
|
cp v2_lizenzserver/.env.production.template v2_lizenzserver/.env
|
|
```
|
|
2. Use the same database password as in v2/.env
|
|
3. Set a unique SECRET_KEY from generate-secrets.py
|
|
|
|
### 3. SSL Certificates
|
|
```bash
|
|
# Copy your SSL certificates
|
|
cp /SSL/fullchain.pem v2_nginx/ssl/
|
|
cp /SSL/privkey.pem v2_nginx/ssl/
|
|
chmod 644 v2_nginx/ssl/fullchain.pem
|
|
chmod 600 v2_nginx/ssl/privkey.pem
|
|
|
|
# Generate dhparam.pem (this takes a few minutes)
|
|
openssl dhparam -out v2_nginx/ssl/dhparam.pem 2048
|
|
```
|
|
|
|
### 4. Verify Configuration
|
|
```bash
|
|
./verify-deployment.sh
|
|
```
|
|
|
|
## Deployment on Hetzner Server
|
|
|
|
### 1. Update Deploy Script
|
|
On your Hetzner server:
|
|
```bash
|
|
nano /root/deploy.sh
|
|
```
|
|
Replace `YOUR_GITHUB_TOKEN` with your actual GitHub token.
|
|
|
|
### 2. Run Deployment
|
|
```bash
|
|
cd /root
|
|
./deploy.sh
|
|
```
|
|
|
|
### 3. Start Services
|
|
```bash
|
|
cd /opt/v2-Docker/v2
|
|
docker compose up -d
|
|
```
|
|
|
|
### 4. Check Status
|
|
```bash
|
|
docker compose ps
|
|
docker compose logs -f
|
|
```
|
|
|
|
## Post-Deployment
|
|
|
|
### 1. Create Admin Panel API Key
|
|
1. Access https://admin-panel-undso.intelsight.de
|
|
2. Login with your admin credentials
|
|
3. Go to "Lizenzserver Administration"
|
|
4. Generate a new API key for production use
|
|
|
|
### 2. Test Endpoints
|
|
- Admin Panel: https://admin-panel-undso.intelsight.de
|
|
- API Server: https://api-software-undso.intelsight.de
|
|
|
|
### 3. Monitor Logs
|
|
```bash
|
|
docker compose logs -f admin-panel
|
|
docker compose logs -f license-server
|
|
```
|
|
|
|
## Security Notes
|
|
|
|
1. **Never commit .env files** with real passwords to git
|
|
2. **Backup your passwords** securely
|
|
3. **Rotate API keys** regularly
|
|
4. **Monitor access logs** for suspicious activity
|
|
5. **Keep SSL certificates** up to date (expires every 90 days)
|
|
|
|
## Troubleshooting
|
|
|
|
### Services won't start
|
|
```bash
|
|
docker compose down
|
|
docker compose up -d
|
|
docker compose logs
|
|
```
|
|
|
|
### Database connection issues
|
|
- Verify POSTGRES_PASSWORD matches in both .env files
|
|
- Check if postgres container is running: `docker compose ps db`
|
|
|
|
### SSL issues
|
|
- Ensure certificates are in v2_nginx/ssl/
|
|
- Check nginx logs: `docker compose logs nginx-proxy`
|
|
|
|
### Cannot access website
|
|
- Verify DNS points to your server IP
|
|
- Check if ports 80/443 are open: `ss -tlnp | grep -E '(:80|:443)'`
|
|
- Check nginx is running: `docker compose ps nginx-proxy` |