fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00
parent 85c369e846
commit 36ef2a1e2c
1366 changed files with 104925 additions and 28719 deletions
--- a/scripts/deployment/setup-production-secrets.sh
+++ b/scripts/deployment/setup-production-secrets.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+# ==============================================================================
+# Production Secrets Setup Script
+# ==============================================================================
+# This script creates Docker Secrets on the production server from .env values
+# Run this ONCE during initial setup on the production server.
+# ==============================================================================
+
+set -e
+
+echo "🔐 Docker Secrets Setup for Production"
+echo "======================================"
+echo ""
+
+# Check if running on production server
+if [ ! -f /home/deploy/framework/.env ]; then
+    echo "❌ ERROR: /home/deploy/framework/.env not found"
+    echo "   Please ensure .env file exists on production server"
+    exit 1
+fi
+
+# Check if Docker Swarm is initialized
+if ! docker info | grep -q "Swarm: active"; then
+    echo "❌ ERROR: Docker Swarm is not initialized"
+    echo "   Run: docker swarm init"
+    exit 1
+fi
+
+echo "📋 Reading secrets from .env file..."
+cd /home/deploy/framework
+
+# Function to create secret from .env
+create_secret() {
+    local secret_name=$1
+    local env_key=$2
+
+    # Extract value from .env
+    local value=$(grep "^${env_key}=" .env | cut -d'=' -f2- | sed 's/^"\(.*\)"$/\1/')
+
+    if [ -z "$value" ]; then
+        echo "⚠️  WARNING: ${env_key} not found in .env, skipping ${secret_name}"
+        return
+    fi
+
+    # Check if secret already exists
+    if docker secret ls --format "{{.Name}}" | grep -q "^${secret_name}$"; then
+        echo "ℹ️  Secret '${secret_name}' already exists, skipping..."
+        return
+    fi
+
+    # Create secret
+    echo "$value" | docker secret create "$secret_name" - 2>/dev/null
+
+    if [ $? -eq 0 ]; then
+        echo "✅ Created secret: ${secret_name}"
+    else
+        echo "❌ Failed to create secret: ${secret_name}"
+    fi
+}
+
+echo ""
+echo "🔑 Creating Docker Secrets..."
+echo ""
+
+# Create all required secrets
+create_secret "db_password" "DB_PASSWORD"
+create_secret "app_key" "APP_KEY"
+create_secret "vault_encryption_key" "VAULT_ENCRYPTION_KEY"
+create_secret "shopify_webhook_secret" "SHOPIFY_WEBHOOK_SECRET"
+create_secret "rapidmail_password" "RAPIDMAIL_PASSWORD"
+
+echo ""
+echo "📊 Verifying Secrets..."
+echo ""
+
+docker secret ls
+
+echo ""
+echo "✅ Secrets setup completed!"
+echo ""
+echo "Next steps:"
+echo "  1. Deploy the stack: docker stack deploy -c docker-compose.prod.yml framework"
+echo "  2. Monitor deployment: watch docker stack ps framework"
+echo "  3. Check logs: docker service logs framework_web"
+echo ""