feat: production deployment configuration for dk0.dev
- Fixed authentication system (removed HTTP Basic Auth popup) - Added session-based authentication with proper logout - Updated rate limiting (20 req/s for login, 5 req/m for admin) - Created production deployment scripts and configs - Updated nginx configuration for dk0.dev domain - Added comprehensive production deployment guide - Fixed logout button functionality - Optimized for production with proper resource limits
This commit is contained in:
279
PRODUCTION-DEPLOYMENT.md
Normal file
279
PRODUCTION-DEPLOYMENT.md
Normal file
@@ -0,0 +1,279 @@
|
||||
# Production Deployment Guide for dk0.dev
|
||||
|
||||
This guide will help you deploy the portfolio application to production on dk0.dev.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
1. **Server Requirements:**
|
||||
- Ubuntu 20.04+ or similar Linux distribution
|
||||
- Docker and Docker Compose installed
|
||||
- Nginx or Traefik for reverse proxy
|
||||
- SSL certificates (Let's Encrypt recommended)
|
||||
- Domain `dk0.dev` pointing to your server
|
||||
|
||||
2. **Required Environment Variables:**
|
||||
- `MY_EMAIL`: Your contact email
|
||||
- `MY_INFO_EMAIL`: Your info email
|
||||
- `MY_PASSWORD`: Email password
|
||||
- `MY_INFO_PASSWORD`: Info email password
|
||||
- `ADMIN_BASIC_AUTH`: Admin credentials (format: `username:password`)
|
||||
|
||||
## Quick Deployment
|
||||
|
||||
### 1. Clone and Setup
|
||||
|
||||
```bash
|
||||
# Clone the repository
|
||||
git clone <your-repo-url>
|
||||
cd portfolio
|
||||
|
||||
# Make deployment script executable
|
||||
chmod +x scripts/production-deploy.sh
|
||||
```
|
||||
|
||||
### 2. Configure Environment
|
||||
|
||||
Create a `.env` file with your production settings:
|
||||
|
||||
```bash
|
||||
# Copy the example
|
||||
cp env.example .env
|
||||
|
||||
# Edit with your values
|
||||
nano .env
|
||||
```
|
||||
|
||||
Required values:
|
||||
```env
|
||||
NODE_ENV=production
|
||||
NEXT_PUBLIC_BASE_URL=https://dk0.dev
|
||||
MY_EMAIL=contact@dk0.dev
|
||||
MY_INFO_EMAIL=info@dk0.dev
|
||||
MY_PASSWORD=your-actual-email-password
|
||||
MY_INFO_PASSWORD=your-actual-info-password
|
||||
ADMIN_BASIC_AUTH=admin:your-secure-password
|
||||
```
|
||||
|
||||
### 3. Deploy
|
||||
|
||||
```bash
|
||||
# Run the production deployment script
|
||||
./scripts/production-deploy.sh
|
||||
```
|
||||
|
||||
### 4. Setup Reverse Proxy
|
||||
|
||||
#### Option A: Nginx (Recommended)
|
||||
|
||||
1. Install Nginx:
|
||||
```bash
|
||||
sudo apt update
|
||||
sudo apt install nginx
|
||||
```
|
||||
|
||||
2. Copy the production nginx config:
|
||||
```bash
|
||||
sudo cp nginx.production.conf /etc/nginx/nginx.conf
|
||||
```
|
||||
|
||||
3. Setup SSL certificates:
|
||||
```bash
|
||||
# Install Certbot
|
||||
sudo apt install certbot python3-certbot-nginx
|
||||
|
||||
# Get SSL certificate
|
||||
sudo certbot --nginx -d dk0.dev -d www.dk0.dev
|
||||
```
|
||||
|
||||
4. Restart Nginx:
|
||||
```bash
|
||||
sudo systemctl restart nginx
|
||||
sudo systemctl enable nginx
|
||||
```
|
||||
|
||||
#### Option B: Traefik
|
||||
|
||||
If using Traefik, ensure your Docker Compose file includes Traefik labels:
|
||||
|
||||
```yaml
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.portfolio.rule=Host(`dk0.dev`)"
|
||||
- "traefik.http.routers.portfolio.tls=true"
|
||||
- "traefik.http.routers.portfolio.tls.certresolver=letsencrypt"
|
||||
```
|
||||
|
||||
## Manual Deployment Steps
|
||||
|
||||
If you prefer manual deployment:
|
||||
|
||||
### 1. Create Proxy Network
|
||||
|
||||
```bash
|
||||
docker network create proxy
|
||||
```
|
||||
|
||||
### 2. Build and Start Services
|
||||
|
||||
```bash
|
||||
# Build the application
|
||||
docker build -t portfolio-app:latest .
|
||||
|
||||
# Start services
|
||||
docker-compose -f docker-compose.production.yml up -d
|
||||
```
|
||||
|
||||
### 3. Run Database Migrations
|
||||
|
||||
```bash
|
||||
# Wait for services to be healthy
|
||||
sleep 30
|
||||
|
||||
# Run migrations
|
||||
docker exec portfolio-app npx prisma db push
|
||||
```
|
||||
|
||||
### 4. Verify Deployment
|
||||
|
||||
```bash
|
||||
# Check health
|
||||
curl http://localhost:3000/api/health
|
||||
|
||||
# Check admin panel
|
||||
curl http://localhost:3000/manage
|
||||
```
|
||||
|
||||
## Security Considerations
|
||||
|
||||
### 1. Update Default Passwords
|
||||
|
||||
**CRITICAL:** Change these default values:
|
||||
|
||||
```env
|
||||
# Change the admin password
|
||||
ADMIN_BASIC_AUTH=admin:your-very-secure-password-here
|
||||
|
||||
# Use strong email passwords
|
||||
MY_PASSWORD=your-strong-email-password
|
||||
MY_INFO_PASSWORD=your-strong-info-password
|
||||
```
|
||||
|
||||
### 2. Firewall Configuration
|
||||
|
||||
```bash
|
||||
# Allow only necessary ports
|
||||
sudo ufw allow 22 # SSH
|
||||
sudo ufw allow 80 # HTTP
|
||||
sudo ufw allow 443 # HTTPS
|
||||
sudo ufw enable
|
||||
```
|
||||
|
||||
### 3. SSL/TLS Configuration
|
||||
|
||||
Ensure you have valid SSL certificates. The nginx configuration expects:
|
||||
- `/etc/nginx/ssl/cert.pem` (SSL certificate)
|
||||
- `/etc/nginx/ssl/key.pem` (SSL private key)
|
||||
|
||||
## Monitoring and Maintenance
|
||||
|
||||
### 1. Health Checks
|
||||
|
||||
```bash
|
||||
# Check application health
|
||||
curl https://dk0.dev/api/health
|
||||
|
||||
# Check container status
|
||||
docker-compose ps
|
||||
|
||||
# View logs
|
||||
docker-compose logs -f
|
||||
```
|
||||
|
||||
### 2. Backup Database
|
||||
|
||||
```bash
|
||||
# Create backup
|
||||
docker exec portfolio-postgres pg_dump -U portfolio_user portfolio_db > backup.sql
|
||||
|
||||
# Restore backup
|
||||
docker exec -i portfolio-postgres psql -U portfolio_user portfolio_db < backup.sql
|
||||
```
|
||||
|
||||
### 3. Update Application
|
||||
|
||||
```bash
|
||||
# Pull latest changes
|
||||
git pull origin main
|
||||
|
||||
# Rebuild and restart
|
||||
docker-compose down
|
||||
docker build -t portfolio-app:latest .
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Common Issues
|
||||
|
||||
1. **Port 3000 not accessible:**
|
||||
- Check if the container is running: `docker ps`
|
||||
- Check logs: `docker-compose logs portfolio`
|
||||
|
||||
2. **Database connection issues:**
|
||||
- Ensure PostgreSQL is healthy: `docker-compose ps`
|
||||
- Check database logs: `docker-compose logs postgres`
|
||||
|
||||
3. **SSL certificate issues:**
|
||||
- Verify certificate files exist and are readable
|
||||
- Check nginx configuration: `nginx -t`
|
||||
|
||||
4. **Rate limiting issues:**
|
||||
- Check nginx rate limiting configuration
|
||||
- Adjust limits in `nginx.production.conf`
|
||||
|
||||
### Logs and Debugging
|
||||
|
||||
```bash
|
||||
# Application logs
|
||||
docker-compose logs -f portfolio
|
||||
|
||||
# Database logs
|
||||
docker-compose logs -f postgres
|
||||
|
||||
# Nginx logs
|
||||
sudo tail -f /var/log/nginx/access.log
|
||||
sudo tail -f /var/log/nginx/error.log
|
||||
```
|
||||
|
||||
## Performance Optimization
|
||||
|
||||
### 1. Resource Limits
|
||||
|
||||
The production Docker Compose file includes resource limits:
|
||||
- Portfolio app: 1GB RAM, 1 CPU
|
||||
- PostgreSQL: 512MB RAM, 0.5 CPU
|
||||
- Redis: 256MB RAM, 0.25 CPU
|
||||
|
||||
### 2. Caching
|
||||
|
||||
- Static assets are cached for 1 year
|
||||
- API responses are cached for 10 minutes
|
||||
- Admin routes are not cached for security
|
||||
|
||||
### 3. Rate Limiting
|
||||
|
||||
- API routes: 20 requests/second
|
||||
- Login routes: 10 requests/minute
|
||||
- Admin routes: 5 requests/minute
|
||||
|
||||
## Support
|
||||
|
||||
If you encounter issues:
|
||||
|
||||
1. Check the logs first
|
||||
2. Verify all environment variables are set
|
||||
3. Ensure all services are healthy
|
||||
4. Check network connectivity
|
||||
5. Verify SSL certificates are valid
|
||||
|
||||
For additional help, check the application logs and ensure all prerequisites are met.
|
||||
Reference in New Issue
Block a user