copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c7d6786039c731e540106d6b182756e68f237db5
web-hosts/domains/coppertone.tech/DEPLOYMENT.md
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

509 lines
11 KiB
Markdown
Raw Blame History

# Copper Tone Technologies - Deployment Guide
This guide provides comprehensive instructions for deploying the Copper Tone Technologies platform to production.
## Table of Contents
1. [Prerequisites](#prerequisites)
2. [Environment Configuration](#environment-configuration)
3. [Database Setup](#database-setup)
4. [Backend Services Deployment](#backend-services-deployment)
5. [Frontend Deployment](#frontend-deployment)
6. [IPFS Node Setup](#ipfs-node-setup)
7. [SSL/TLS Configuration](#ssltls-configuration)
8. [Monitoring and Logging](#monitoring-and-logging)
9. [Backup and Recovery](#backup-and-recovery)
10. [Scaling Considerations](#scaling-considerations)
## Prerequisites
### Required Software
- **Podman** 4.0+ or **Docker** 24.0+
- **Podman Compose** 1.0+ or **Docker Compose** 2.20+
- **Git** 2.30+
- **Go** 1.25+ (for local development)
- **Node.js** 20.x LTS (for local development)
### Server Requirements (Minimum)
- **CPU**: 4 cores
- **RAM**: 8 GB
- **Disk**: 100 GB SSD
- **Network**: 100 Mbps connection
### Server Requirements (Recommended)
- **CPU**: 8 cores
- **RAM**: 16 GB
- **Disk**: 250 GB NVMe SSD
- **Network**: 1 Gbps connection
## Environment Configuration
### 1. Clone the Repository
```bash
git clone ssh://git@git.coppertone.tech:2222/administrator/CopperTone.Tech.git
cd CopperTone.Tech
```
### 2. Environment Variables
Create a `.env` file in the project root:
```bash
# Database Configuration
DB_USER=coppertone_user
DB_PASSWORD=CHANGE_THIS_SECURE_PASSWORD
DB_NAME=coppertone_db
DB_HOST=db
# JWT Authentication
JWT_SECRET=CHANGE_THIS_TO_A_LONG_RANDOM_STRING_AT_LEAST_32_CHARS
# Stripe Payment Integration
STRIPE_SECRET_KEY=sk_live_YOUR_STRIPE_SECRET_KEY
# IPFS Configuration
IPFS_HOST=ipfs
IPFS_PORT=5001
# Frontend Configuration
VITE_AUTH_API_URL=https://auth.coppertone.tech
VITE_WORK_API_URL=https://work.coppertone.tech
VITE_PAYMENT_API_URL=https://payment.coppertone.tech
VITE_STRIPE_PUBLIC_KEY=pk_live_YOUR_STRIPE_PUBLIC_KEY
```
### 3. Generate Secure Secrets
```bash
# Generate JWT Secret (Linux/macOS)
openssl rand -base64 64
# Generate Database Password
openssl rand -base64 32
```
## Database Setup
### Automatic Setup (Recommended)
The database migrations run automatically via the `db-init` service in podman-compose.yml.
### Manual Setup (Optional)
```bash
# Connect to the database
podman exec -it coppertonetech_db_1 psql -U coppertone_user -d coppertone_db
# Check migrations
SELECT * FROM schema_migrations;
# Exit
\q
```
### Database Backup Configuration
```bash
# Create backup directory
mkdir -p /var/backups/coppertone/db
# Add cron job for daily backups
0 2 * * * /usr/bin/podman exec coppertonetech_db_1 pg_dump -U coppertone_user coppertone_db | gzip > /var/backups/coppertone/db/backup-$(date +\%Y\%m\%d).sql.gz
```
## Backend Services Deployment
### Production podman-compose Configuration
Update `podman-compose.yml` for production:
```yaml
services:
auth-service:
environment:
JWT_SECRET: ${JWT_SECRET}
DB_HOST: db
DB_USER: ${DB_USER}
DB_PASSWORD: ${DB_PASSWORD}
DB_NAME: ${DB_NAME}
restart: always
deploy:
resources:
limits:
cpus: '1.0'
memory: 512M
reservations:
cpus: '0.5'
memory: 256M
```
### Build and Deploy
```bash
# Build all services
podman-compose build
# Start all services
podman-compose up -d
# Check service status
podman-compose ps
# View logs
podman-compose logs -f auth-service
podman-compose logs -f work-management-service
podman-compose logs -f payment-service
```
### Health Checks
```bash
# Auth Service
curl http://localhost:8082/healthz
# Work Management Service
curl http://localhost:8083/healthz
# Payment Service
curl http://localhost:8084/healthz
```
## Frontend Deployment
### 1. Build Production Assets
```bash
cd frontend
npm ci --production=false
npm run build
```
### 2. Deploy with Nginx Container
```bash
podman-compose up -d frontend
```
### 3. Verify Deployment
```bash
curl http://localhost:8080
```
## IPFS Node Setup
### Initial Configuration
```bash
# Start IPFS node
podman-compose up -d ipfs
# Check IPFS status
podman exec -it coppertonetech_ipfs_1 ipfs id
# View IPFS logs
podman-compose logs -f ipfs
```
### IPFS Pinning Configuration
```bash
# Configure automatic pinning
podman exec -it coppertonetech_ipfs_1 ipfs config --json Datastore.GCPeriod '"1h"'
```
## SSL/TLS Configuration
### Using Caddy (Recommended)
Create `Caddyfile`:
```
auth.coppertone.tech {
reverse_proxy localhost:8082
}
work.coppertone.tech {
reverse_proxy localhost:8083
}
payment.coppertone.tech {
reverse_proxy localhost:8084
}
ipfs.coppertone.tech {
reverse_proxy localhost:8085
}
coppertone.tech {
reverse_proxy localhost:8080
}
```
Start Caddy:
```bash
podman run -d --name caddy \
-p 80:80 -p 443:443 \
-v ./Caddyfile:/etc/caddy/Caddyfile \
-v caddy_data:/data \
-v caddy_config:/config \
caddy:latest
```
### Using Nginx
Create `/etc/nginx/sites-available/coppertone.tech`:
```nginx
server {
listen 443 ssl http2;
server_name coppertone.tech www.coppertone.tech;
ssl_certificate /etc/ssl/certs/coppertone.tech.crt;
ssl_certificate_key /etc/ssl/private/coppertone.tech.key;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl http2;
server_name auth.coppertone.tech;
ssl_certificate /etc/ssl/certs/coppertone.tech.crt;
ssl_certificate_key /etc/ssl/private/coppertone.tech.key;
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
# Similar blocks for work, payment, and ipfs subdomains
```
## Monitoring and Logging
### Systemd Service (Optional)
Create `/etc/systemd/system/coppertone.service`:
```ini
[Unit]
Description=Copper Tone Technologies Platform
After=network.target
[Service]
Type=forking
User=coppertone
WorkingDirectory=/opt/coppertone
ExecStart=/usr/bin/podman-compose up -d
ExecStop=/usr/bin/podman-compose down
Restart=always
[Install]
WantedBy=multi-user.target
```
Enable and start:
```bash
sudo systemctl enable coppertone
sudo systemctl start coppertone
sudo systemctl status coppertone
```
### Log Management
```bash
# View all logs
podman-compose logs
# Follow specific service
podman-compose logs -f auth-service
# Export logs
podman-compose logs > /var/log/coppertone/app-$(date +%Y%m%d).log
```
### Monitoring with Prometheus (Optional)
Add to `podman-compose.yml`:
```yaml
prometheus:
image: prom/prometheus:latest
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- prometheus_data:/prometheus
```
## Backup and Recovery
### Automated Backup Script
Create `/opt/coppertone/scripts/backup.sh`:
```bash
#!/bin/bash
BACKUP_DIR=/var/backups/coppertone
DATE=$(date +%Y%m%d_%H%M%S)
# Database backup
podman exec coppertonetech_db_1 pg_dump -U coppertone_user coppertone_db | \
gzip > $BACKUP_DIR/db/coppertone_db_$DATE.sql.gz
# IPFS data backup
podman exec coppertonetech_ipfs_1 tar czf - /data/ipfs > \
$BACKUP_DIR/ipfs/ipfs_data_$DATE.tar.gz
# Remove backups older than 30 days
find $BACKUP_DIR -type f -mtime +30 -delete
echo "Backup completed: $DATE"
```
### Recovery Procedure
```bash
# Stop services
podman-compose down
# Restore database
gunzip < backup.sql.gz | podman exec -i coppertonetech_db_1 psql -U coppertone_user coppertone_db
# Restore IPFS data
podman exec -i coppertonetech_ipfs_1 tar xzf - -C / < ipfs_backup.tar.gz
# Start services
podman-compose up -d
```
## Scaling Considerations
### Horizontal Scaling
For high-traffic scenarios, consider:
1. **Load Balancer**: Use HAProxy or Nginx for load balancing across multiple instances
2. **Database Replication**: Set up PostgreSQL primary-replica replication
3. **IPFS Cluster**: Deploy IPFS cluster for distributed storage
4. **Separate Services**: Deploy each service on dedicated servers
### Vertical Scaling
Update resource limits in `podman-compose.yml`:
```yaml
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
```
## Security Checklist
### Implemented in Codebase ✅
- [x] JWT authentication on all API endpoints (auth, work, payment services)
- [x] Password hashing with bcrypt
- [x] Ethereum signature verification
- [x] Role-based access control (RBAC) middleware
- [x] SQL injection protection (parameterized queries)
- [x] CORS properly configured (all services have CORS middleware)
- [x] Environment variable management (.env.example provided)
- [x] Authentication middleware protecting all routes
- [x] Health check endpoints for monitoring
### Must Configure for Production
- [ ] Change all default passwords in podman-compose.yml
- [ ] Generate new JWT secret (minimum 64 characters) - See instructions above
- [ ] Configure production database password
- [ ] Set production Stripe API keys
- [ ] Enable SSL/TLS for all services (Caddy/Nginx configuration provided)
- [ ] Configure firewall rules (only allow 80, 443, 22)
- [ ] Set up fail2ban for SSH protection
- [ ] Enable database connection encryption (sslmode=require)
- [ ] Set secure HTTP headers (via reverse proxy)
- [ ] Implement rate limiting (via reverse proxy)
### Recommended Post-Launch
- [ ] Regularly update container images
- [ ] Configure automatic security updates
- [ ] Set up intrusion detection (e.g., OSSEC)
- [ ] Enable comprehensive audit logging
- [ ] Schedule security audits
- [ ] Configure Web Application Firewall (WAF)
- [ ] Set up DDoS protection
## Post-Deployment Verification
```bash
# Check all services are running
podman-compose ps
# Test authentication
curl -X POST https://auth.coppertone.tech/register \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"securepass","name":"Test User","role":"CLIENT"}'
# Test frontend
curl https://coppertone.tech
# Check database connectivity
podman exec coppertonetech_db_1 pg_isready -U coppertone_user
# Verify IPFS
curl http://ipfs.coppertone.tech/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
```
## Troubleshooting
### Service Won't Start
```bash
# Check logs
podman-compose logs <service-name>
# Verify environment variables
podman-compose config
# Check port conflicts
ss -tulpn | grep <port>
```
### Database Connection Issues
```bash
# Test database connection
podman exec coppertonetech_db_1 psql -U coppertone_user -d coppertone_db -c "SELECT 1;"
# Check database logs
podman-compose logs db
```
### Frontend Not Loading
```bash
# Verify Nginx is running
podman-compose ps frontend
# Check Nginx logs
podman-compose logs frontend
# Verify build output
ls -la frontend/dist/
```
## Support and Maintenance
For issues and support:
- GitHub Issues: https://git.coppertone.tech/administrator/CopperTone.Tech/issues
- Documentation: See CLAUDE.md and PROGRESS.md
- Email: admin@coppertone.tech
---
**Last Updated**: 2025-11-20
**Version**: 1.0.0
Reference in New Issue View Git Blame Copy Permalink