copper-tone-tech/web-hosts

Fork 0

Files

Derek Williams c7d6786039 Add full web-hosts state

2025-12-26 13:38:04 +01:00

11 KiB

Raw Blame History

Copper Tone Technologies - Deployment Guide

This guide provides comprehensive instructions for deploying the Copper Tone Technologies platform to production.

Prerequisites
Environment Configuration
Database Setup
Backend Services Deployment
Frontend Deployment
IPFS Node Setup
SSL/TLS Configuration
Monitoring and Logging
Backup and Recovery
Scaling Considerations

Prerequisites

Required Software

Podman 4.0+ or Docker 24.0+
Podman Compose 1.0+ or Docker Compose 2.20+
Git 2.30+
Go 1.25+ (for local development)
Node.js 20.x LTS (for local development)

Server Requirements (Minimum)

CPU: 4 cores
RAM: 8 GB
Disk: 100 GB SSD
Network: 100 Mbps connection

Server Requirements (Recommended)

CPU: 8 cores
RAM: 16 GB
Disk: 250 GB NVMe SSD
Network: 1 Gbps connection

Environment Configuration

1. Clone the Repository

git clone ssh://git@git.coppertone.tech:2222/administrator/CopperTone.Tech.git
cd CopperTone.Tech

2. Environment Variables

Create a .env file in the project root:

# Database Configuration
DB_USER=coppertone_user
DB_PASSWORD=CHANGE_THIS_SECURE_PASSWORD
DB_NAME=coppertone_db
DB_HOST=db

# JWT Authentication
JWT_SECRET=CHANGE_THIS_TO_A_LONG_RANDOM_STRING_AT_LEAST_32_CHARS

# Stripe Payment Integration
STRIPE_SECRET_KEY=sk_live_YOUR_STRIPE_SECRET_KEY

# IPFS Configuration
IPFS_HOST=ipfs
IPFS_PORT=5001

# Frontend Configuration
VITE_AUTH_API_URL=https://auth.coppertone.tech
VITE_WORK_API_URL=https://work.coppertone.tech
VITE_PAYMENT_API_URL=https://payment.coppertone.tech
VITE_STRIPE_PUBLIC_KEY=pk_live_YOUR_STRIPE_PUBLIC_KEY

3. Generate Secure Secrets

# Generate JWT Secret (Linux/macOS)
openssl rand -base64 64

# Generate Database Password
openssl rand -base64 32

Database Setup

Automatic Setup (Recommended)

The database migrations run automatically via the db-init service in podman-compose.yml.

Manual Setup (Optional)

# Connect to the database
podman exec -it coppertonetech_db_1 psql -U coppertone_user -d coppertone_db

# Check migrations
SELECT * FROM schema_migrations;

# Exit
\q

Database Backup Configuration

# Create backup directory
mkdir -p /var/backups/coppertone/db

# Add cron job for daily backups
0 2 * * * /usr/bin/podman exec coppertonetech_db_1 pg_dump -U coppertone_user coppertone_db | gzip > /var/backups/coppertone/db/backup-$(date +\%Y\%m\%d).sql.gz

Backend Services Deployment

Production podman-compose Configuration

Update podman-compose.yml for production:

services:
  auth-service:
    environment:
      JWT_SECRET: ${JWT_SECRET}
      DB_HOST: db
      DB_USER: ${DB_USER}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_NAME: ${DB_NAME}
    restart: always
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M

Build and Deploy

# Build all services
podman-compose build

# Start all services
podman-compose up -d

# Check service status
podman-compose ps

# View logs
podman-compose logs -f auth-service
podman-compose logs -f work-management-service
podman-compose logs -f payment-service

Health Checks

# Auth Service
curl http://localhost:8082/healthz

# Work Management Service
curl http://localhost:8083/healthz

# Payment Service
curl http://localhost:8084/healthz

Frontend Deployment

1. Build Production Assets

cd frontend
npm ci --production=false
npm run build

2. Deploy with Nginx Container

podman-compose up -d frontend

3. Verify Deployment

curl http://localhost:8080

IPFS Node Setup

Initial Configuration

# Start IPFS node
podman-compose up -d ipfs

# Check IPFS status
podman exec -it coppertonetech_ipfs_1 ipfs id

# View IPFS logs
podman-compose logs -f ipfs

IPFS Pinning Configuration

# Configure automatic pinning
podman exec -it coppertonetech_ipfs_1 ipfs config --json Datastore.GCPeriod '"1h"'

SSL/TLS Configuration

Using Caddy (Recommended)

Create Caddyfile:

auth.coppertone.tech {
    reverse_proxy localhost:8082
}

work.coppertone.tech {
    reverse_proxy localhost:8083
}

payment.coppertone.tech {
    reverse_proxy localhost:8084
}

ipfs.coppertone.tech {
    reverse_proxy localhost:8085
}

coppertone.tech {
    reverse_proxy localhost:8080
}

Start Caddy:

podman run -d --name caddy \
  -p 80:80 -p 443:443 \
  -v ./Caddyfile:/etc/caddy/Caddyfile \
  -v caddy_data:/data \
  -v caddy_config:/config \
  caddy:latest

Using Nginx

Create /etc/nginx/sites-available/coppertone.tech:

server {
    listen 443 ssl http2;
    server_name coppertone.tech www.coppertone.tech;

    ssl_certificate /etc/ssl/certs/coppertone.tech.crt;
    ssl_certificate_key /etc/ssl/private/coppertone.tech.key;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 443 ssl http2;
    server_name auth.coppertone.tech;

    ssl_certificate /etc/ssl/certs/coppertone.tech.crt;
    ssl_certificate_key /etc/ssl/private/coppertone.tech.key;

    location / {
        proxy_pass http://localhost:8082;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

# Similar blocks for work, payment, and ipfs subdomains

Monitoring and Logging

Systemd Service (Optional)

Create /etc/systemd/system/coppertone.service:

[Unit]
Description=Copper Tone Technologies Platform
After=network.target

[Service]
Type=forking
User=coppertone
WorkingDirectory=/opt/coppertone
ExecStart=/usr/bin/podman-compose up -d
ExecStop=/usr/bin/podman-compose down
Restart=always

[Install]
WantedBy=multi-user.target

Enable and start:

sudo systemctl enable coppertone
sudo systemctl start coppertone
sudo systemctl status coppertone

Log Management

# View all logs
podman-compose logs

# Follow specific service
podman-compose logs -f auth-service

# Export logs
podman-compose logs > /var/log/coppertone/app-$(date +%Y%m%d).log

Monitoring with Prometheus (Optional)

Add to podman-compose.yml:

  prometheus:
    image: prom/prometheus:latest
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus

Backup and Recovery

Automated Backup Script

Create /opt/coppertone/scripts/backup.sh:

#!/bin/bash
BACKUP_DIR=/var/backups/coppertone
DATE=$(date +%Y%m%d_%H%M%S)

# Database backup
podman exec coppertonetech_db_1 pg_dump -U coppertone_user coppertone_db | \
  gzip > $BACKUP_DIR/db/coppertone_db_$DATE.sql.gz

# IPFS data backup
podman exec coppertonetech_ipfs_1 tar czf - /data/ipfs > \
  $BACKUP_DIR/ipfs/ipfs_data_$DATE.tar.gz

# Remove backups older than 30 days
find $BACKUP_DIR -type f -mtime +30 -delete

echo "Backup completed: $DATE"

Recovery Procedure

# Stop services
podman-compose down

# Restore database
gunzip < backup.sql.gz | podman exec -i coppertonetech_db_1 psql -U coppertone_user coppertone_db

# Restore IPFS data
podman exec -i coppertonetech_ipfs_1 tar xzf - -C / < ipfs_backup.tar.gz

# Start services
podman-compose up -d

Scaling Considerations

Horizontal Scaling

For high-traffic scenarios, consider:

Load Balancer: Use HAProxy or Nginx for load balancing across multiple instances
Database Replication: Set up PostgreSQL primary-replica replication
IPFS Cluster: Deploy IPFS cluster for distributed storage
Separate Services: Deploy each service on dedicated servers

Vertical Scaling

Update resource limits in podman-compose.yml:

deploy:
  resources:
    limits:
      cpus: '2.0'
      memory: 2G

Security Checklist

Implemented in Codebase ✅

JWT authentication on all API endpoints (auth, work, payment services)
Password hashing with bcrypt
Ethereum signature verification
Role-based access control (RBAC) middleware
SQL injection protection (parameterized queries)
CORS properly configured (all services have CORS middleware)
Environment variable management (.env.example provided)
Authentication middleware protecting all routes
Health check endpoints for monitoring

Must Configure for Production

Change all default passwords in podman-compose.yml
Generate new JWT secret (minimum 64 characters) - See instructions above
Configure production database password
Set production Stripe API keys
Enable SSL/TLS for all services (Caddy/Nginx configuration provided)
Configure firewall rules (only allow 80, 443, 22)
Set up fail2ban for SSH protection
Enable database connection encryption (sslmode=require)
Set secure HTTP headers (via reverse proxy)
Implement rate limiting (via reverse proxy)

Post-Deployment Verification

# Check all services are running
podman-compose ps

# Test authentication
curl -X POST https://auth.coppertone.tech/register \
  -H "Content-Type: application/json" \
  -d '{"email":"test@example.com","password":"securepass","name":"Test User","role":"CLIENT"}'

# Test frontend
curl https://coppertone.tech

# Check database connectivity
podman exec coppertonetech_db_1 pg_isready -U coppertone_user

# Verify IPFS
curl http://ipfs.coppertone.tech/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme

Troubleshooting

Service Won't Start

# Check logs
podman-compose logs <service-name>

# Verify environment variables
podman-compose config

# Check port conflicts
ss -tulpn | grep <port>

Database Connection Issues

# Test database connection
podman exec coppertonetech_db_1 psql -U coppertone_user -d coppertone_db -c "SELECT 1;"

# Check database logs
podman-compose logs db

Frontend Not Loading

# Verify Nginx is running
podman-compose ps frontend

# Check Nginx logs
podman-compose logs frontend

# Verify build output
ls -la frontend/dist/

Support and Maintenance

For issues and support:

GitHub Issues: https://git.coppertone.tech/administrator/CopperTone.Tech/issues
Documentation: See CLAUDE.md and PROGRESS.md
Email: admin@coppertone.tech

Last Updated: 2025-11-20 Version: 1.0.0

11 KiB Raw Blame History