fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...
Some checks failed
Deploy Application / deploy (push) Has been cancelled
Some checks failed
Deploy Application / deploy (push) Has been cancelled
This commit is contained in:
113
deployment/DEPLOYMENT_STATUS.md
Normal file
113
deployment/DEPLOYMENT_STATUS.md
Normal file
@@ -0,0 +1,113 @@
|
||||
# Deployment Status
|
||||
|
||||
**Datum:** 2025-11-24
|
||||
**Status:** Lokale Vorbereitung abgeschlossen, bereit für Server-Deployment
|
||||
|
||||
## ✅ Abgeschlossen
|
||||
|
||||
### Legacy-Dateien organisiert
|
||||
- `NEW_ARCHITECTURE.md` → `deployment/legacy/`
|
||||
- Alle Legacy-Stacks bereits in `deployment/legacy/stacks/`
|
||||
|
||||
### Secrets erstellt
|
||||
- ✅ Infrastructure Secrets:
|
||||
- `deployment/infrastructure/traefik/secrets/acme_email.txt`
|
||||
- `deployment/infrastructure/gitea/secrets/postgres_password.txt`
|
||||
- `deployment/infrastructure/gitea/secrets/redis_password.txt`
|
||||
- `deployment/infrastructure/postgresql/secrets/postgres_password.txt`
|
||||
|
||||
- ✅ Application Secrets:
|
||||
- `deployment/secrets/staging/db_password.txt`
|
||||
- `deployment/secrets/staging/redis_password.txt`
|
||||
- `deployment/secrets/staging/app_key.txt`
|
||||
- `deployment/secrets/production/db_password.txt`
|
||||
- `deployment/secrets/production/redis_password.txt`
|
||||
- `deployment/secrets/production/app_key.txt`
|
||||
|
||||
### Infrastructure Stacks (lokal)
|
||||
- ✅ Gitea Stack: Läuft erfolgreich
|
||||
- ✅ PostgreSQL Stack: Läuft erfolgreich
|
||||
- ⚠️ Traefik Stack: Port 443 bereits belegt (lokale Entwicklung)
|
||||
|
||||
### Application (lokal)
|
||||
- ✅ PHP: Läuft
|
||||
- ✅ Nginx (Web): Läuft
|
||||
- ✅ Redis: Läuft
|
||||
- ✅ Queue Worker: Läuft
|
||||
- ✅ MinIO: Läuft
|
||||
|
||||
## 📋 Nächste Schritte für Production-Deployment
|
||||
|
||||
### 1. Secrets auf Server kopieren
|
||||
|
||||
```bash
|
||||
# Auf dem Server: Secrets-Verzeichnisse erstellen
|
||||
ssh production "mkdir -p /home/deploy/infrastructure/{traefik,gitea,postgresql}/secrets"
|
||||
ssh production "mkdir -p /home/deploy/michaelschiemer/current/deployment/secrets/{staging,production}"
|
||||
|
||||
# Secrets kopieren (von lokalem Rechner)
|
||||
scp deployment/infrastructure/traefik/secrets/acme_email.txt production:/home/deploy/infrastructure/traefik/secrets/
|
||||
scp deployment/infrastructure/gitea/secrets/*.txt production:/home/deploy/infrastructure/gitea/secrets/
|
||||
scp deployment/infrastructure/postgresql/secrets/*.txt production:/home/deploy/infrastructure/postgresql/secrets/
|
||||
scp deployment/secrets/staging/*.txt production:/home/deploy/michaelschiemer/current/deployment/secrets/staging/
|
||||
scp deployment/secrets/production/*.txt production:/home/deploy/michaelschiemer/current/deployment/secrets/production/
|
||||
|
||||
# Berechtigungen setzen
|
||||
ssh production "chmod 600 /home/deploy/infrastructure/*/secrets/*.txt"
|
||||
ssh production "chmod 600 /home/deploy/michaelschiemer/current/deployment/secrets/*/*.txt"
|
||||
```
|
||||
|
||||
### 2. Infrastructure auf Server deployen
|
||||
|
||||
```bash
|
||||
# Code auf Server kopieren
|
||||
rsync -avz --exclude 'node_modules' --exclude 'vendor' --exclude '.git' \
|
||||
deployment/infrastructure/ production:/home/deploy/infrastructure/
|
||||
|
||||
# Infrastructure deployen
|
||||
ssh production "cd /home/deploy/infrastructure && ./deploy.sh all"
|
||||
```
|
||||
|
||||
### 3. Application auf Server deployen
|
||||
|
||||
```bash
|
||||
# Code auf Server kopieren
|
||||
rsync -avz --exclude 'node_modules' --exclude 'vendor' --exclude '.git' \
|
||||
. production:/home/deploy/michaelschiemer/current/
|
||||
|
||||
# Application deployen
|
||||
ssh production "cd /home/deploy/michaelschiemer/current && ./deployment/scripts/deploy.sh staging"
|
||||
```
|
||||
|
||||
## ⚠️ Wichtige Hinweise
|
||||
|
||||
1. **Passwörter synchronisieren**: Die PostgreSQL-Passwörter in `deployment/infrastructure/postgresql/secrets/` müssen mit denen in `deployment/secrets/production/db_password.txt` übereinstimmen, oder die Datenbank-Benutzer müssen entsprechend konfiguriert werden.
|
||||
|
||||
2. **Traefik Ports**: Auf dem Server sollten Ports 80 und 443 frei sein. Falls nicht, alte Container stoppen.
|
||||
|
||||
3. **Networks**: Die Networks `traefik-public`, `app-internal` und `infrastructure` werden automatisch erstellt, falls sie nicht existieren.
|
||||
|
||||
4. **Daten-Migration**: Falls Daten vom alten System migriert werden müssen, siehe `MIGRATION.md`.
|
||||
|
||||
## 🔍 Verifikation
|
||||
|
||||
Nach dem Deployment auf dem Server:
|
||||
|
||||
```bash
|
||||
# Infrastructure prüfen
|
||||
ssh production "docker ps --filter 'name=traefik\|gitea\|postgres'"
|
||||
|
||||
# Application prüfen
|
||||
ssh production "cd /home/deploy/michaelschiemer/current && docker compose -f docker-compose.base.yml -f docker-compose.prod.yml ps"
|
||||
|
||||
# Health Checks
|
||||
curl https://michaelschiemer.de/health
|
||||
curl https://git.michaelschiemer.de
|
||||
```
|
||||
|
||||
## 📚 Dokumentation
|
||||
|
||||
- [Infrastructure README](infrastructure/README.md)
|
||||
- [Migration Guide](MIGRATION.md)
|
||||
- [Secrets Management](infrastructure/SECRETS.md)
|
||||
|
||||
Reference in New Issue
Block a user