# Copper Tone Technologies - Deployment Guide

This guide provides comprehensive instructions for deploying the Copper Tone Technologies platform to production.

## Table of Contents
1. [Prerequisites](#prerequisites)
2. [Environment Configuration](#environment-configuration)
3. [Database Setup](#database-setup)
4. [Backend Services Deployment](#backend-services-deployment)
5. [Frontend Deployment](#frontend-deployment)
6. [IPFS Node Setup](#ipfs-node-setup)
7. [SSL/TLS Configuration](#ssltls-configuration)
8. [Monitoring and Logging](#monitoring-and-logging)
9. [Backup and Recovery](#backup-and-recovery)
10. [Scaling Considerations](#scaling-considerations)

## Prerequisites

### Required Software
- **Podman** 4.0+ or **Docker** 24.0+
- **Podman Compose** 1.0+ or **Docker Compose** 2.20+
- **Git** 2.30+
- **Go** 1.25+ (for local development)
- **Node.js** 20.x LTS (for local development)

### Server Requirements (Minimum)
- **CPU**: 4 cores
- **RAM**: 8 GB
- **Disk**: 100 GB SSD
- **Network**: 100 Mbps connection

### Server Requirements (Recommended)
- **CPU**: 8 cores
- **RAM**: 16 GB
- **Disk**: 250 GB NVMe SSD
- **Network**: 1 Gbps connection

## Environment Configuration

### 1. Clone the Repository
```bash
git clone ssh://git@git.coppertone.tech:2222/administrator/CopperTone.Tech.git
cd CopperTone.Tech
```

### 2. Environment Variables

Create a `.env` file in the project root:

```bash
# Database Configuration
DB_USER=coppertone_user
DB_PASSWORD=CHANGE_THIS_SECURE_PASSWORD
DB_NAME=coppertone_db
DB_HOST=db

# JWT Authentication
JWT_SECRET=CHANGE_THIS_TO_A_LONG_RANDOM_STRING_AT_LEAST_32_CHARS

# Stripe Payment Integration
STRIPE_SECRET_KEY=sk_live_YOUR_STRIPE_SECRET_KEY

# IPFS Configuration
IPFS_HOST=ipfs
IPFS_PORT=5001

# Frontend Configuration
VITE_AUTH_API_URL=https://auth.coppertone.tech
VITE_WORK_API_URL=https://work.coppertone.tech
VITE_PAYMENT_API_URL=https://payment.coppertone.tech
VITE_STRIPE_PUBLIC_KEY=pk_live_YOUR_STRIPE_PUBLIC_KEY
```

### 3. Generate Secure Secrets

```bash
# Generate JWT Secret (Linux/macOS)
openssl rand -base64 64

# Generate Database Password
openssl rand -base64 32
```

## Database Setup

### Automatic Setup (Recommended)
The database migrations run automatically via the `db-init` service in podman-compose.yml.

### Manual Setup (Optional)
```bash
# Connect to the database
podman exec -it coppertonetech_db_1 psql -U coppertone_user -d coppertone_db

# Check migrations
SELECT * FROM schema_migrations;

# Exit
\q
```

### Database Backup Configuration
```bash
# Create backup directory
mkdir -p /var/backups/coppertone/db

# Add cron job for daily backups
0 2 * * * /usr/bin/podman exec coppertonetech_db_1 pg_dump -U coppertone_user coppertone_db | gzip > /var/backups/coppertone/db/backup-$(date +\%Y\%m\%d).sql.gz
```

## Backend Services Deployment

### Production podman-compose Configuration

Update `podman-compose.yml` for production:

```yaml
services:
  auth-service:
    environment:
      JWT_SECRET: ${JWT_SECRET}
      DB_HOST: db
      DB_USER: ${DB_USER}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_NAME: ${DB_NAME}
    restart: always
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M
```

### Build and Deploy

```bash
# Build all services
podman-compose build

# Start all services
podman-compose up -d

# Check service status
podman-compose ps

# View logs
podman-compose logs -f auth-service
podman-compose logs -f work-management-service
podman-compose logs -f payment-service
```

### Health Checks

```bash
# Auth Service
curl http://localhost:8082/healthz

# Work Management Service
curl http://localhost:8083/healthz

# Payment Service
curl http://localhost:8084/healthz
```

## Frontend Deployment

### 1. Build Production Assets

```bash
cd frontend
npm ci --production=false
npm run build
```

### 2. Deploy with Nginx Container

```bash
podman-compose up -d frontend
```

### 3. Verify Deployment

```bash
curl http://localhost:8080
```

## IPFS Node Setup

### Initial Configuration

```bash
# Start IPFS node
podman-compose up -d ipfs

# Check IPFS status
podman exec -it coppertonetech_ipfs_1 ipfs id

# View IPFS logs
podman-compose logs -f ipfs
```

### IPFS Pinning Configuration

```bash
# Configure automatic pinning
podman exec -it coppertonetech_ipfs_1 ipfs config --json Datastore.GCPeriod '"1h"'
```

## SSL/TLS Configuration

### Using Caddy (Recommended)

Create `Caddyfile`:

```
auth.coppertone.tech {
    reverse_proxy localhost:8082
}

work.coppertone.tech {
    reverse_proxy localhost:8083
}

payment.coppertone.tech {
    reverse_proxy localhost:8084
}

ipfs.coppertone.tech {
    reverse_proxy localhost:8085
}

coppertone.tech {
    reverse_proxy localhost:8080
}
```

Start Caddy:
```bash
podman run -d --name caddy \
  -p 80:80 -p 443:443 \
  -v ./Caddyfile:/etc/caddy/Caddyfile \
  -v caddy_data:/data \
  -v caddy_config:/config \
  caddy:latest
```

### Using Nginx

Create `/etc/nginx/sites-available/coppertone.tech`:

```nginx
server {
    listen 443 ssl http2;
    server_name coppertone.tech www.coppertone.tech;

    ssl_certificate /etc/ssl/certs/coppertone.tech.crt;
    ssl_certificate_key /etc/ssl/private/coppertone.tech.key;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 443 ssl http2;
    server_name auth.coppertone.tech;

    ssl_certificate /etc/ssl/certs/coppertone.tech.crt;
    ssl_certificate_key /etc/ssl/private/coppertone.tech.key;

    location / {
        proxy_pass http://localhost:8082;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

# Similar blocks for work, payment, and ipfs subdomains
```

## Monitoring and Logging

### Systemd Service (Optional)

Create `/etc/systemd/system/coppertone.service`:

```ini
[Unit]
Description=Copper Tone Technologies Platform
After=network.target

[Service]
Type=forking
User=coppertone
WorkingDirectory=/opt/coppertone
ExecStart=/usr/bin/podman-compose up -d
ExecStop=/usr/bin/podman-compose down
Restart=always

[Install]
WantedBy=multi-user.target
```

Enable and start:
```bash
sudo systemctl enable coppertone
sudo systemctl start coppertone
sudo systemctl status coppertone
```

### Log Management

```bash
# View all logs
podman-compose logs

# Follow specific service
podman-compose logs -f auth-service

# Export logs
podman-compose logs > /var/log/coppertone/app-$(date +%Y%m%d).log
```

### Monitoring with Prometheus (Optional)

Add to `podman-compose.yml`:

```yaml
  prometheus:
    image: prom/prometheus:latest
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus
```

## Backup and Recovery

### Automated Backup Script

Create `/opt/coppertone/scripts/backup.sh`:

```bash
#!/bin/bash
BACKUP_DIR=/var/backups/coppertone
DATE=$(date +%Y%m%d_%H%M%S)

# Database backup
podman exec coppertonetech_db_1 pg_dump -U coppertone_user coppertone_db | \
  gzip > $BACKUP_DIR/db/coppertone_db_$DATE.sql.gz

# IPFS data backup
podman exec coppertonetech_ipfs_1 tar czf - /data/ipfs > \
  $BACKUP_DIR/ipfs/ipfs_data_$DATE.tar.gz

# Remove backups older than 30 days
find $BACKUP_DIR -type f -mtime +30 -delete

echo "Backup completed: $DATE"
```

### Recovery Procedure

```bash
# Stop services
podman-compose down

# Restore database
gunzip < backup.sql.gz | podman exec -i coppertonetech_db_1 psql -U coppertone_user coppertone_db

# Restore IPFS data
podman exec -i coppertonetech_ipfs_1 tar xzf - -C / < ipfs_backup.tar.gz

# Start services
podman-compose up -d
```

## Scaling Considerations

### Horizontal Scaling

For high-traffic scenarios, consider:

1. **Load Balancer**: Use HAProxy or Nginx for load balancing across multiple instances
2. **Database Replication**: Set up PostgreSQL primary-replica replication
3. **IPFS Cluster**: Deploy IPFS cluster for distributed storage
4. **Separate Services**: Deploy each service on dedicated servers

### Vertical Scaling

Update resource limits in `podman-compose.yml`:

```yaml
deploy:
  resources:
    limits:
      cpus: '2.0'
      memory: 2G
```

## Security Checklist

### Implemented in Codebase ✅
- [x] JWT authentication on all API endpoints (auth, work, payment services)
- [x] Password hashing with bcrypt
- [x] Ethereum signature verification
- [x] Role-based access control (RBAC) middleware
- [x] SQL injection protection (parameterized queries)
- [x] CORS properly configured (all services have CORS middleware)
- [x] Environment variable management (.env.example provided)
- [x] Authentication middleware protecting all routes
- [x] Health check endpoints for monitoring

### Must Configure for Production
- [ ] Change all default passwords in podman-compose.yml
- [ ] Generate new JWT secret (minimum 64 characters) - See instructions above
- [ ] Configure production database password
- [ ] Set production Stripe API keys
- [ ] Enable SSL/TLS for all services (Caddy/Nginx configuration provided)
- [ ] Configure firewall rules (only allow 80, 443, 22)
- [ ] Set up fail2ban for SSH protection
- [ ] Enable database connection encryption (sslmode=require)
- [ ] Set secure HTTP headers (via reverse proxy)
- [ ] Implement rate limiting (via reverse proxy)

### Recommended Post-Launch
- [ ] Regularly update container images
- [ ] Configure automatic security updates
- [ ] Set up intrusion detection (e.g., OSSEC)
- [ ] Enable comprehensive audit logging
- [ ] Schedule security audits
- [ ] Configure Web Application Firewall (WAF)
- [ ] Set up DDoS protection

## Post-Deployment Verification

```bash
# Check all services are running
podman-compose ps

# Test authentication
curl -X POST https://auth.coppertone.tech/register \
  -H "Content-Type: application/json" \
  -d '{"email":"test@example.com","password":"securepass","name":"Test User","role":"CLIENT"}'

# Test frontend
curl https://coppertone.tech

# Check database connectivity
podman exec coppertonetech_db_1 pg_isready -U coppertone_user

# Verify IPFS
curl http://ipfs.coppertone.tech/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
```

## Troubleshooting

### Service Won't Start
```bash
# Check logs
podman-compose logs <service-name>

# Verify environment variables
podman-compose config

# Check port conflicts
ss -tulpn | grep <port>
```

### Database Connection Issues
```bash
# Test database connection
podman exec coppertonetech_db_1 psql -U coppertone_user -d coppertone_db -c "SELECT 1;"

# Check database logs
podman-compose logs db
```

### Frontend Not Loading
```bash
# Verify Nginx is running
podman-compose ps frontend

# Check Nginx logs
podman-compose logs frontend

# Verify build output
ls -la frontend/dist/
```

## Support and Maintenance

For issues and support:
- GitHub Issues: https://git.coppertone.tech/administrator/CopperTone.Tech/issues
- Documentation: See CLAUDE.md and PROGRESS.md
- Email: admin@coppertone.tech

---

**Last Updated**: 2025-11-20
**Version**: 1.0.0