denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
production
portfolio/PRODUCTION-DEPLOYMENT.md
denshooter c7bc0ecb1d feat: production deployment configuration for dk0.dev 
- Fixed authentication system (removed HTTP Basic Auth popup)
- Added session-based authentication with proper logout
- Updated rate limiting (20 req/s for login, 5 req/m for admin)
- Created production deployment scripts and configs
- Updated nginx configuration for dk0.dev domain
- Added comprehensive production deployment guide
- Fixed logout button functionality
- Optimized for production with proper resource limits
2025-10-19 21:48:26 +02:00

5.6 KiB
Raw Permalink Blame History

Production Deployment Guide for dk0.dev

This guide will help you deploy the portfolio application to production on dk0.dev.

Prerequisites

  1. Server Requirements:

    • Ubuntu 20.04+ or similar Linux distribution
    • Docker and Docker Compose installed
    • Nginx or Traefik for reverse proxy
    • SSL certificates (Let's Encrypt recommended)
    • Domain dk0.dev pointing to your server

  2. Required Environment Variables:

    • MY_EMAIL: Your contact email
    • MY_INFO_EMAIL: Your info email
    • MY_PASSWORD: Email password
    • MY_INFO_PASSWORD: Info email password
    • ADMIN_BASIC_AUTH: Admin credentials (format: username:password)

Quick Deployment

1. Clone and Setup

# Clone the repository
git clone <your-repo-url>
cd portfolio

# Make deployment script executable
chmod +x scripts/production-deploy.sh

2. Configure Environment

Create a .env file with your production settings:

# Copy the example
cp env.example .env

# Edit with your values
nano .env

Required values:

NODE_ENV=production
NEXT_PUBLIC_BASE_URL=https://dk0.dev
MY_EMAIL=contact@dk0.dev
MY_INFO_EMAIL=info@dk0.dev
MY_PASSWORD=your-actual-email-password
MY_INFO_PASSWORD=your-actual-info-password
ADMIN_BASIC_AUTH=admin:your-secure-password

3. Deploy

# Run the production deployment script
./scripts/production-deploy.sh

4. Setup Reverse Proxy

Option A: Nginx (Recommended)

  1. Install Nginx:
sudo apt update
sudo apt install nginx
  1. Copy the production nginx config:
sudo cp nginx.production.conf /etc/nginx/nginx.conf
  1. Setup SSL certificates:
# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Get SSL certificate
sudo certbot --nginx -d dk0.dev -d www.dk0.dev
  1. Restart Nginx:
sudo systemctl restart nginx
sudo systemctl enable nginx

Option B: Traefik

If using Traefik, ensure your Docker Compose file includes Traefik labels:

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.portfolio.rule=Host(`dk0.dev`)"
  - "traefik.http.routers.portfolio.tls=true"
  - "traefik.http.routers.portfolio.tls.certresolver=letsencrypt"

Manual Deployment Steps

If you prefer manual deployment:

1. Create Proxy Network

docker network create proxy

2. Build and Start Services

# Build the application
docker build -t portfolio-app:latest .

# Start services
docker-compose -f docker-compose.production.yml up -d

3. Run Database Migrations

# Wait for services to be healthy
sleep 30

# Run migrations
docker exec portfolio-app npx prisma db push

4. Verify Deployment

# Check health
curl http://localhost:3000/api/health

# Check admin panel
curl http://localhost:3000/manage

Security Considerations

1. Update Default Passwords

CRITICAL: Change these default values:

# Change the admin password
ADMIN_BASIC_AUTH=admin:your-very-secure-password-here

# Use strong email passwords
MY_PASSWORD=your-strong-email-password
MY_INFO_PASSWORD=your-strong-info-password

2. Firewall Configuration

# Allow only necessary ports
sudo ufw allow 22    # SSH
sudo ufw allow 80    # HTTP
sudo ufw allow 443   # HTTPS
sudo ufw enable

3. SSL/TLS Configuration

Ensure you have valid SSL certificates. The nginx configuration expects:

  • /etc/nginx/ssl/cert.pem (SSL certificate)
  • /etc/nginx/ssl/key.pem (SSL private key)

Monitoring and Maintenance

1. Health Checks

# Check application health
curl https://dk0.dev/api/health

# Check container status
docker-compose ps

# View logs
docker-compose logs -f

2. Backup Database

# Create backup
docker exec portfolio-postgres pg_dump -U portfolio_user portfolio_db > backup.sql

# Restore backup
docker exec -i portfolio-postgres psql -U portfolio_user portfolio_db < backup.sql

3. Update Application

# Pull latest changes
git pull origin main

# Rebuild and restart
docker-compose down
docker build -t portfolio-app:latest .
docker-compose up -d

Troubleshooting

Common Issues

  1. Port 3000 not accessible:

    • Check if the container is running: docker ps
    • Check logs: docker-compose logs portfolio

  2. Database connection issues:

    • Ensure PostgreSQL is healthy: docker-compose ps
    • Check database logs: docker-compose logs postgres

  3. SSL certificate issues:

    • Verify certificate files exist and are readable
    • Check nginx configuration: nginx -t

  4. Rate limiting issues:

    • Check nginx rate limiting configuration
    • Adjust limits in nginx.production.conf

Logs and Debugging

# Application logs
docker-compose logs -f portfolio

# Database logs
docker-compose logs -f postgres

# Nginx logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

Performance Optimization

1. Resource Limits

The production Docker Compose file includes resource limits:

  • Portfolio app: 1GB RAM, 1 CPU
  • PostgreSQL: 512MB RAM, 0.5 CPU
  • Redis: 256MB RAM, 0.25 CPU

2. Caching

  • Static assets are cached for 1 year
  • API responses are cached for 10 minutes
  • Admin routes are not cached for security

3. Rate Limiting

  • API routes: 20 requests/second
  • Login routes: 10 requests/minute
  • Admin routes: 5 requests/minute

Support

If you encounter issues:

  1. Check the logs first
  2. Verify all environment variables are set
  3. Ensure all services are healthy
  4. Check network connectivity
  5. Verify SSL certificates are valid

For additional help, check the application logs and ensure all prerequisites are met.