portfolio/PRODUCTION-DEPLOYMENT.md

# Production Deployment Guide for dk0.dev

This guide will help you deploy the portfolio application to production on dk0.dev.

## Prerequisites

1. **Server Requirements:**
   - Ubuntu 20.04+ or similar Linux distribution
   - Docker and Docker Compose installed
   - Nginx or Traefik for reverse proxy
   - SSL certificates (Let's Encrypt recommended)
   - Domain `dk0.dev` pointing to your server

2. **Required Environment Variables:**
   - `MY_EMAIL`: Your contact email
   - `MY_INFO_EMAIL`: Your info email
   - `MY_PASSWORD`: Email password
   - `MY_INFO_PASSWORD`: Info email password
   - `ADMIN_BASIC_AUTH`: Admin credentials (format: `username:password`)

## Quick Deployment

### 1. Clone and Setup

```bash
# Clone the repository
git clone <your-repo-url>
cd portfolio

# Make deployment script executable
chmod +x scripts/production-deploy.sh
```

### 2. Configure Environment

Create a `.env` file with your production settings:

```bash
# Copy the example
cp env.example .env

# Edit with your values
nano .env
```

Required values:
```env
NODE_ENV=production
NEXT_PUBLIC_BASE_URL=https://dk0.dev
MY_EMAIL=contact@dk0.dev
MY_INFO_EMAIL=info@dk0.dev
MY_PASSWORD=your-actual-email-password
MY_INFO_PASSWORD=your-actual-info-password
ADMIN_BASIC_AUTH=admin:your-secure-password
```

### 3. Deploy

```bash
# Run the production deployment script
./scripts/production-deploy.sh
```

### 4. Setup Reverse Proxy

#### Option A: Nginx (Recommended)

1. Install Nginx:
```bash
sudo apt update
sudo apt install nginx
```

2. Copy the production nginx config:
```bash
sudo cp nginx.production.conf /etc/nginx/nginx.conf
```

3. Setup SSL certificates:
```bash
# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Get SSL certificate
sudo certbot --nginx -d dk0.dev -d www.dk0.dev
```

4. Restart Nginx:
```bash
sudo systemctl restart nginx
sudo systemctl enable nginx
```

#### Option B: Traefik

If using Traefik, ensure your Docker Compose file includes Traefik labels:

```yaml
labels:
  - "traefik.enable=true"
  - "traefik.http.routers.portfolio.rule=Host(`dk0.dev`)"
  - "traefik.http.routers.portfolio.tls=true"
  - "traefik.http.routers.portfolio.tls.certresolver=letsencrypt"
```

## Manual Deployment Steps

If you prefer manual deployment:

### 1. Create Proxy Network

```bash
docker network create proxy
```

### 2. Build and Start Services

```bash
# Build the application
docker build -t portfolio-app:latest .

# Start services
docker-compose -f docker-compose.production.yml up -d
```

### 3. Run Database Migrations

```bash
# Wait for services to be healthy
sleep 30

# Run migrations
docker exec portfolio-app npx prisma db push
```

### 4. Verify Deployment

```bash
# Check health
curl http://localhost:3000/api/health

# Check admin panel
curl http://localhost:3000/manage
```

## Security Considerations

### 1. Update Default Passwords

**CRITICAL:** Change these default values:

```env
# Change the admin password
ADMIN_BASIC_AUTH=admin:your-very-secure-password-here

# Use strong email passwords
MY_PASSWORD=your-strong-email-password
MY_INFO_PASSWORD=your-strong-info-password
```

### 2. Firewall Configuration

```bash
# Allow only necessary ports
sudo ufw allow 22    # SSH
sudo ufw allow 80    # HTTP
sudo ufw allow 443   # HTTPS
sudo ufw enable
```

### 3. SSL/TLS Configuration

Ensure you have valid SSL certificates. The nginx configuration expects:
- `/etc/nginx/ssl/cert.pem` (SSL certificate)
- `/etc/nginx/ssl/key.pem` (SSL private key)

## Monitoring and Maintenance

### 1. Health Checks

```bash
# Check application health
curl https://dk0.dev/api/health

# Check container status
docker-compose ps

# View logs
docker-compose logs -f
```

### 2. Backup Database

```bash
# Create backup
docker exec portfolio-postgres pg_dump -U portfolio_user portfolio_db > backup.sql

# Restore backup
docker exec -i portfolio-postgres psql -U portfolio_user portfolio_db < backup.sql
```

### 3. Update Application

```bash
# Pull latest changes
git pull origin main

# Rebuild and restart
docker-compose down
docker build -t portfolio-app:latest .
docker-compose up -d
```

## Troubleshooting

### Common Issues

1. **Port 3000 not accessible:**
   - Check if the container is running: `docker ps`
   - Check logs: `docker-compose logs portfolio`

2. **Database connection issues:**
   - Ensure PostgreSQL is healthy: `docker-compose ps`
   - Check database logs: `docker-compose logs postgres`

3. **SSL certificate issues:**
   - Verify certificate files exist and are readable
   - Check nginx configuration: `nginx -t`

4. **Rate limiting issues:**
   - Check nginx rate limiting configuration
   - Adjust limits in `nginx.production.conf`

### Logs and Debugging

```bash
# Application logs
docker-compose logs -f portfolio

# Database logs
docker-compose logs -f postgres

# Nginx logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
```

## Performance Optimization

### 1. Resource Limits

The production Docker Compose file includes resource limits:
- Portfolio app: 1GB RAM, 1 CPU
- PostgreSQL: 512MB RAM, 0.5 CPU
- Redis: 256MB RAM, 0.25 CPU

### 2. Caching

- Static assets are cached for 1 year
- API responses are cached for 10 minutes
- Admin routes are not cached for security

### 3. Rate Limiting

- API routes: 20 requests/second
- Login routes: 10 requests/minute
- Admin routes: 5 requests/minute

## Support

If you encounter issues:

1. Check the logs first
2. Verify all environment variables are set
3. Ensure all services are healthy
4. Check network connectivity
5. Verify SSL certificates are valid

For additional help, check the application logs and ensure all prerequisites are met.