michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Fix discovery system critical issues

Browse Source 
Resolved multiple critical discovery system issues:

## Discovery System Fixes
- Fixed console commands not being discovered on first run
- Implemented fallback discovery for empty caches
- Added context-aware caching with separate cache keys
- Fixed object serialization preventing __PHP_Incomplete_Class

## Cache System Improvements
- Smart caching that only caches meaningful results
- Separate caches for different execution contexts (console, web, test)
- Proper array serialization/deserialization for cache compatibility
- Cache hit logging for debugging and monitoring

## Object Serialization Fixes
- Fixed DiscoveredAttribute serialization with proper string conversion
- Sanitized additional data to prevent object reference issues
- Added fallback for corrupted cache entries

## Performance & Reliability
- All 69 console commands properly discovered and cached
- 534 total discovery items successfully cached and restored
- No more __PHP_Incomplete_Class cache corruption
- Improved error handling and graceful fallbacks

## Testing & Quality
- Fixed code style issues across discovery components
- Enhanced logging for better debugging capabilities
- Improved cache validation and error recovery

Ready for production deployment with stable discovery system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Michael Schiemer
2025-08-13 12:04:17 +02:00
parent 66f7efdcfc
commit 9b74ade5b0
494 changed files with 764014 additions and 1127382 deletions
Download Patch File Download Diff File Expand all files Collapse all files

310
deployment/applications/docker-compose.development.yml Normal file
View File

@@ -0,0 +1,310 @@
# Development Environment Overrides
# Custom PHP Framework - Development Tools and Debugging
version: '3.8'
services:
php:
build:
target: development
args:
- ENV=development
- XDEBUG_ENABLE=true
- COMPOSER_INSTALL_FLAGS=--dev --optimize-autoloader
environment:
APP_ENV: development
APP_DEBUG: true
XDEBUG_MODE: ${XDEBUG_MODE:-develop,debug}
XDEBUG_CONFIG: "client_host=host.docker.internal client_port=9003 start_with_request=yes"
XDEBUG_SESSION: 1
PHP_MEMORY_LIMIT: 1G
PHP_MAX_EXECUTION_TIME: 0
PHP_OPCACHE_ENABLE: 0
PHP_OPCACHE_VALIDATE_TIMESTAMPS: 1
PHP_ERROR_REPORTING: E_ALL
PHP_DISPLAY_ERRORS: 1
PHP_LOG_ERRORS: 1
volumes:
# Development bind mounts for live reload
- type: bind
source: ../../
target: /var/www/html
consistency: cached
# Override vendor for faster access
- type: volume
source: composer_cache_dev
target: /root/.composer/cache
# Node modules volume to prevent conflicts
- type: volume
source: node_modules
target: /var/www/html/node_modules
ports:
# Expose Xdebug port
- "9003:9003"
read_only: false
deploy:
resources:
limits:
memory: 2G
cpus: '4.0'
reservations:
memory: 512M
cpus: '1.0'
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
labels: "service=php,environment=development"
nginx:
environment:
APP_ENV: development
NGINX_WORKER_PROCESSES: 1
NGINX_WORKER_CONNECTIONS: 1024
NGINX_ERROR_LOG_LEVEL: debug
NGINX_ACCESS_LOG_FORMAT: combined
volumes:
# Development Nginx config with Vite proxy
- type: bind
source: deployment/applications/configs/nginx/development.conf
target: /etc/nginx/conf.d/default.conf
read_only: true
# Local SSL certificates for development
- type: bind
source: ../../ssl
target: /etc/nginx/ssl
read_only: true
ports:
# Additional ports for development
- "${APP_PORT:-8080}:80"
- "${APP_SSL_PORT:-8443}:443"
- "8081:8081" # Alternative port
read_only: false
deploy:
resources:
limits:
memory: 256M
cpus: '1.0'
reservations:
memory: 64M
cpus: '0.25'
mysql:
environment:
# Development database settings
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-dev_root_password}
MYSQL_PASSWORD: ${DB_PASSWORD:-dev_password}
volumes:
# Development MySQL configuration
- type: bind
source: deployment/applications/configs/mysql/development.cnf
target: /etc/mysql/conf.d/development.cnf
read_only: true
# Development data volume
- type: volume
source: mysql_data_dev
target: /var/lib/mysql
ports:
# Expose MySQL for development tools
- "33060:3306"
read_only: false
command:
- mysqld
- --general-log=1
- --general-log-file=/var/log/mysql/general.log
- --slow-query-log=1
- --slow-query-log-file=/var/log/mysql/slow.log
- --long-query-time=1
deploy:
resources:
limits:
memory: 1G
cpus: '2.0'
reservations:
memory: 256M
cpus: '0.5'
redis:
environment:
REDIS_PASSWORD: ${REDIS_PASSWORD:-dev_redis_password}
REDIS_MAXMEMORY: 128m
REDIS_SAVE: "60 1000" # More frequent saves in development
volumes:
# Development Redis configuration
- type: bind
source: deployment/applications/configs/redis/development.conf
target: /usr/local/etc/redis/redis.conf
read_only: true
- type: volume
source: redis_data_dev
target: /data
ports:
# Expose Redis for development tools
- "63790:6379"
read_only: false
deploy:
resources:
limits:
memory: 256M
cpus: '0.5'
reservations:
memory: 64M
cpus: '0.25'
queue-worker:
environment:
APP_ENV: development
APP_DEBUG: true
WORKER_QUEUE: development
WORKER_TIMEOUT: 60
WORKER_MEMORY_LIMIT: 256
WORKER_SLEEP: 5
WORKER_TRIES: 1
WORKER_DEBUG: true
read_only: false
deploy:
replicas: 1
resources:
limits:
memory: 512M
cpus: '1.0'
reservations:
memory: 128M
cpus: '0.25'
# Development-specific services
vite:
image: node:20-alpine
container_name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_vite
working_dir: /app
command: sh -c "npm install && npm run dev"
volumes:
- type: bind
source: ../../
target: /app
consistency: cached
- type: volume
source: node_modules
target: /app/node_modules
ports:
- "5173:5173"
- "24678:24678" # HMR port
environment:
NODE_ENV: development
VITE_DEV_SERVER_HOST: 0.0.0.0
VITE_DEV_SERVER_PORT: 5173
CHOKIDAR_USEPOLLING: true
networks:
- frontend
user: "node:node"
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
reservations:
memory: 128M
cpus: '0.25'
mailhog:
image: mailhog/mailhog:v1.0.1
container_name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_mailhog
ports:
- "1025:1025" # SMTP
- "8025:8025" # Web interface
environment:
MH_STORAGE: maildir
MH_MAILDIR_PATH: /maildir
volumes:
- type: volume
source: mailhog_data
target: /maildir
networks:
- backend
- frontend
user: "mailhog:mailhog"
read_only: true
tmpfs:
- /tmp:noexec,nosuid,size=100m
security_opt:
- no-new-privileges:true
deploy:
resources:
limits:
memory: 128M
cpus: '0.25'
reservations:
memory: 64M
cpus: '0.1'
phpmyadmin:
image: phpmyadmin:5.2-apache
container_name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_phpmyadmin
environment:
PMA_HOST: mysql
PMA_USER: ${DB_USERNAME:-dev_user}
PMA_PASSWORD: ${DB_PASSWORD:-dev_password}
PMA_ABSOLUTE_URI: http://localhost:8080/phpmyadmin/
UPLOAD_LIMIT: 64M
MEMORY_LIMIT: 512M
MAX_EXECUTION_TIME: 600
ports:
- "8080:80"
networks:
- backend
- frontend
depends_on:
mysql:
condition: service_healthy
read_only: false
deploy:
resources:
limits:
memory: 256M
cpus: '0.5'
reservations:
memory: 128M
cpus: '0.25'
redis-commander:
image: rediscommander/redis-commander:latest
container_name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_redis_commander
environment:
REDIS_HOSTS: local:redis:6379:0:${REDIS_PASSWORD:-dev_redis_password}
HTTP_USER: admin
HTTP_PASSWORD: ${REDIS_COMMANDER_PASSWORD:-dev_admin_password}
ports:
- "8081:8081"
networks:
- cache
- frontend
depends_on:
redis:
condition: service_healthy
user: "node:node"
read_only: true
tmpfs:
- /tmp:noexec,nosuid,size=100m
security_opt:
- no-new-privileges:true
deploy:
resources:
limits:
memory: 128M
cpus: '0.25'
reservations:
memory: 64M
cpus: '0.1'
volumes:
# Development volumes
composer_cache_dev:
name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_composer_cache_dev
node_modules:
name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_node_modules
mysql_data_dev:
name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_mysql_data_dev
redis_data_dev:
name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_redis_data_dev
mailhog_data:
name: ${COMPOSE_PROJECT_NAME:-michaelschiemer}_mailhog_data

211
deployment/applications/docker-compose.production.yml Normal file
View File

@@ -0,0 +1,211 @@
# Production overlay for Custom PHP Framework
# Extends base docker-compose.yml with production optimizations
version: '3.8'
services:
web:
environment:
- APP_ENV=production
- PHP_IDE_CONFIG= # Remove IDE config in production
ports:
# Remove development ports, only expose HTTPS
- "${APP_SSL_PORT:-443}:443/tcp"
- "443:443/udp"
volumes:
# Read-only application code in production
- ./:/var/www/html:ro
- ./ssl:/var/www/ssl:ro
healthcheck:
test: ["CMD", "curl", "-f", "-k", "https://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "service=nginx,environment=production"
deploy:
resources:
limits:
memory: 256M
cpus: '0.5'
reservations:
memory: 128M
cpus: '0.25'
php:
environment:
APP_ENV: production
APP_DEBUG: false
PHP_IDE_CONFIG: "" # Remove IDE config
XDEBUG_MODE: off # Disable Xdebug in production
build:
args:
- ENV=production
- COMPOSER_INSTALL_FLAGS=--no-dev --optimize-autoloader --classmap-authoritative
user: "www-data:www-data" # Use www-data in production
volumes:
# Read-only application code
- ./:/var/www/html:ro
# Writable storage volumes
- storage-data:/var/www/html/storage:rw
- var-data:/var/www/html/var:rw
# Composer cache (but less aggressive caching in prod)
- composer-cache:/var/www/.composer/cache
healthcheck:
test: ["CMD", "php", "/var/www/html/public/health.php"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "service=php,environment=production"
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
reservations:
memory: 256M
cpus: '0.5'
db:
environment:
- MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- MYSQL_DATABASE=${DB_DATABASE}
- MYSQL_USER=${DB_USERNAME}
- MYSQL_PASSWORD=${DB_PASSWORD}
ports: [] # No external ports in production
volumes:
- db_data:/var/lib/mysql
# Production MySQL configuration
- ./docker/mysql/conf.d/security.cnf:/etc/mysql/conf.d/security.cnf:ro
healthcheck:
test: ["CMD", "mariadb-admin", "ping", "-h", "127.0.0.1", "-u", "root", "-p${DB_ROOT_PASSWORD}"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "service=mariadb,environment=production"
deploy:
resources:
limits:
memory: 1G
cpus: '1.0'
reservations:
memory: 512M
cpus: '0.5'
redis:
volumes:
# Use secure Redis configuration in production
- ./docker/redis/redis-secure.conf:/usr/local/etc/redis/redis.conf:ro
- redis_data:/data
command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "service=redis,environment=production"
deploy:
resources:
limits:
memory: 256M
cpus: '0.5'
reservations:
memory: 128M
cpus: '0.25'
queue-worker:
environment:
- APP_ENV=production
- APP_DEBUG=false
- WORKER_DEBUG=false
- WORKER_SLEEP_TIME=${WORKER_SLEEP_TIME:-100000}
- WORKER_MAX_JOBS=${WORKER_MAX_JOBS:-1000}
- WORKER_MEMORY_LIMIT=${WORKER_MEMORY_LIMIT:-384M}
build:
args:
- ENV=production
- COMPOSER_INSTALL_FLAGS=--no-dev --optimize-autoloader
user: "www-data:www-data"
volumes:
# Read-only application code
- ./:/var/www/html:ro
# Writable logs and storage
- ./storage/logs:/var/www/html/storage/logs:rw
- ./src/Framework/CommandBus/storage:/var/www/html/src/Framework/CommandBus/storage:rw
restart: always
stop_grace_period: 60s # Longer grace period for production
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "service=queue-worker,environment=production"
deploy:
resources:
limits:
memory: 512M
cpus: '0.5'
reservations:
memory: 256M
cpus: '0.25'
# Security-focused network configuration
networks:
frontend:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.20.0.0/24
backend:
driver: bridge
internal: true # Backend network is internal-only
ipam:
driver: default
config:
- subnet: 172.21.0.0/24
cache:
driver: bridge
internal: true # Cache network is internal-only
ipam:
driver: default
config:
- subnet: 172.22.0.0/24
volumes:
redis_data:
driver: local
composer-cache:
driver: local
storage-data:
driver: local
var-data:
driver: local
db_data:
driver: local

193
deployment/applications/docker-compose.staging.yml Normal file
View File

@@ -0,0 +1,193 @@
# Staging overlay for Custom PHP Framework
# Extends base docker-compose.yml with staging-specific configurations
version: '3.8'
services:
web:
environment:
- APP_ENV=staging
- PHP_IDE_CONFIG= # Remove IDE config in staging
ports:
# Expose both HTTP and HTTPS for staging testing
- "${APP_PORT:-8000}:80"
- "${APP_SSL_PORT:-443}:443/tcp"
- "443:443/udp"
volumes:
# Semi-readonly application code in staging
- ./:/var/www/html:cached
- ./ssl:/var/www/ssl:ro
healthcheck:
test: ["CMD", "curl", "-f", "-k", "https://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 20s
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
labels: "service=nginx,environment=staging"
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
reservations:
memory: 256M
cpus: '0.5'
php:
environment:
- APP_ENV=staging
- APP_DEBUG=true # Enable debug in staging
- PHP_IDE_CONFIG= # Remove IDE config
- XDEBUG_MODE=debug # Enable Xdebug in staging for debugging
build:
args:
- ENV=staging
- COMPOSER_INSTALL_FLAGS=--optimize-autoloader
user: "1000:1000" # Keep development user for staging
volumes:
# Cached application code for staging
- ./:/var/www/html:cached
- storage-data:/var/www/html/storage:rw
- var-data:/var/www/html/var:rw
- composer-cache:/root/.composer/cache
healthcheck:
test: ["CMD", "php", "/var/www/html/public/health.php"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
labels: "service=php,environment=staging"
deploy:
resources:
limits:
memory: 1G
cpus: '2.0'
reservations:
memory: 512M
cpus: '1.0'
db:
environment:
- MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- MYSQL_DATABASE=${DB_DATABASE}
- MYSQL_USER=${DB_USERNAME}
- MYSQL_PASSWORD=${DB_PASSWORD}
ports:
- "33060:3306" # Keep external port for staging database access
volumes:
- db_data:/var/lib/mysql
healthcheck:
test: ["CMD", "mariadb-admin", "ping", "-h", "127.0.0.1", "-u", "root", "-p${DB_ROOT_PASSWORD}"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
labels: "service=mariadb,environment=staging"
deploy:
resources:
limits:
memory: 1G
cpus: '1.0'
reservations:
memory: 512M
cpus: '0.5'
redis:
volumes:
# Use standard Redis configuration in staging
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
- redis_data:/data
command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 20s
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
labels: "service=redis,environment=staging"
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
reservations:
memory: 256M
cpus: '0.5'
queue-worker:
environment:
- APP_ENV=staging
- APP_DEBUG=true # Enable debug for staging
- WORKER_DEBUG=true
- WORKER_SLEEP_TIME=${WORKER_SLEEP_TIME:-100000}
- WORKER_MAX_JOBS=${WORKER_MAX_JOBS:-500}
- WORKER_MEMORY_LIMIT=${WORKER_MEMORY_LIMIT:-512M}
build:
args:
- ENV=staging
- COMPOSER_INSTALL_FLAGS=--optimize-autoloader
user: "1000:1000"
volumes:
- ./:/var/www/html:cached
- ./storage/logs:/var/www/html/storage/logs:rw
- ./src/Framework/CommandBus/storage:/var/www/html/src/Framework/CommandBus/storage:rw
restart: unless-stopped
stop_grace_period: 45s
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
labels: "service=queue-worker,environment=staging"
deploy:
resources:
limits:
memory: 768M
cpus: '1.0'
reservations:
memory: 384M
cpus: '0.5'
# Staging network configuration - more permissive than production
networks:
frontend:
driver: bridge
backend:
driver: bridge
cache:
driver: bridge
volumes:
redis_data:
driver: local
composer-cache:
driver: local
storage-data:
driver: local
var-data:
driver: local
db_data:
driver: local

149
deployment/applications/environments/README.md Normal file
View File

@@ -0,0 +1,149 @@
# Environment Configuration Guide
This directory contains environment templates for different deployment environments of the Custom PHP Framework.
## Environment Templates
### `.env.production.template`
Production environment template with security-focused configurations:
- APP_DEBUG=false
- Strict session fingerprinting
- Xdebug disabled
- Production logging levels
- Strong password requirements
### `.env.staging.template`
Staging environment template for testing:
- APP_DEBUG=true
- Moderate security settings
- Xdebug enabled for debugging
- Verbose logging
- Test API configurations
## Usage
1. **Copy the appropriate template:**
```bash
cp .env.production.template .env.production
# or
cp .env.staging.template .env.staging
```
2. **Fill in required values:**
- Replace all `*** REQUIRED ***` placeholders with actual values
- Generate strong passwords for database credentials
- Configure API keys and service credentials
- Set proper domain names and SSL certificate paths
3. **Security Considerations:**
- Never commit actual `.env.production` or `.env.staging` files to version control
- Use strong, unique passwords for each environment
- Rotate credentials regularly
- Enable appropriate session fingerprinting for security
## Environment-Specific Settings
### Development → Staging Changes
- Enable Xdebug but remove IDE configurations
- Use staging database and credentials
- Enable detailed logging for debugging
- Use test API endpoints where available
### Staging → Production Changes
- Disable all debug features (APP_DEBUG=false, XDEBUG_MODE=off)
- Enable strict security settings
- Use production database with strong credentials
- Set warning-level logging only
- Configure production SSL certificates
- Use production API keys and webhooks
## Required Values by Environment
### Production Requirements
- **Database:** Strong passwords, production database name
- **APIs:** Production webhook secrets, SMTP credentials
- **SSL:** Valid SSL certificate paths
- **Monitoring:** Production-grade logging configuration
### Staging Requirements
- **Database:** Separate staging database credentials
- **APIs:** Test/staging API keys where available
- **SSL:** Test certificates or self-signed certificates
- **Monitoring:** Verbose logging for debugging
## Environment Variable Categories
### Core Application
- `APP_ENV`, `APP_DEBUG`, `APP_URL`, `APP_DOMAIN`
### Database Configuration
- `DB_HOST`, `DB_DATABASE`, `DB_USERNAME`, `DB_PASSWORD`, `DB_ROOT_PASSWORD`
### Security & Session
- Session fingerprinting settings
- SSL certificate paths
- Authentication configurations
### External Services
- SMTP configuration for emails
- Third-party API credentials
- Webhook secrets
### Performance & Caching
- OPcache settings
- Redis configuration
- Worker process limits
### Monitoring & Logging
- Log levels and channels
- Error reporting settings
- Analytics configuration
## Deployment Integration
These environment files are used by:
- Docker Compose overlays (`docker-compose.production.yml`, `docker-compose.staging.yml`)
- Ansible deployment playbooks
- Application deployment scripts
## Security Best Practices
1. **Credential Management:**
- Use strong, unique passwords for each environment
- Consider using a password manager or secrets management service
- Rotate credentials regularly
2. **Environment Isolation:**
- Keep staging and production completely separate
- Use different database servers and API keys
- Monitor access to production credentials
3. **File Permissions:**
- Set restrictive permissions on environment files (600)
- Ensure only necessary users can read the files
- Never include in version control
4. **SSL/TLS Configuration:**
- Use valid SSL certificates in production
- Enable HTTPS everywhere
- Configure proper cipher suites
## Troubleshooting
### Common Issues
- **Missing required values:** Check for `*** REQUIRED ***` placeholders
- **Database connection failures:** Verify database credentials and host
- **SSL certificate errors:** Check certificate paths and permissions
- **API failures:** Verify API keys and endpoint configurations
### Environment-Specific Debugging
- **Staging:** Enable verbose logging and Xdebug
- **Production:** Check application logs and monitoring systems
- **Both:** Verify environment variable loading in application
## Integration with Deployment
The environment templates integrate with:
1. **Docker Compose overlays** for environment-specific container configuration
2. **Ansible playbooks** for automated environment setup
3. **Application deployment scripts** for environment validation and deployment

164
deployment/applications/environments/production.env.template Normal file
View File

@@ -0,0 +1,164 @@
# Production Environment Configuration Template
# Copy to .env.production and update with real values
# Project Configuration
COMPOSE_PROJECT_NAME=michaelschiemer
DOMAIN_NAME=michaelschiemer.de
# Environment
APP_ENV=production
APP_DEBUG=false
APP_TIMEZONE=Europe/Berlin
APP_LOCALE=de
# SSL/HTTPS Configuration
APP_SSL_ENABLED=true
SSL_CERT_PATH=/etc/letsencrypt/live/michaelschiemer.de
FORCE_HTTPS=true
# Database Configuration (Production)
DB_DRIVER=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=*** REQUIRED ***
DB_USERNAME=*** REQUIRED ***
DB_PASSWORD=*** REQUIRED ***
DB_ROOT_PASSWORD=*** REQUIRED ***
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci
# Redis Configuration
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=*** REQUIRED ***
REDIS_DATABASE=0
REDIS_PREFIX=michaelschiemer_prod_
# Session Configuration (Production Security)
SESSION_DRIVER=redis
SESSION_LIFETIME=120
SESSION_ENCRYPT=true
SESSION_SECURE_COOKIE=true
SESSION_HTTP_ONLY=true
SESSION_SAME_SITE=strict
# Session Fingerprinting (Production Security)
SESSION_FINGERPRINT_STRICT=true
SESSION_FINGERPRINT_USER_AGENT=true
SESSION_FINGERPRINT_ACCEPT_LANGUAGE=true
SESSION_FINGERPRINT_IP_PREFIX=true
SESSION_FINGERPRINT_THRESHOLD=0.8
# Cache Configuration
CACHE_DRIVER=redis
CACHE_TTL=3600
CACHE_PREFIX=michaelschiemer_cache_prod_
# Queue Configuration
QUEUE_DRIVER=redis
QUEUE_CONNECTION=redis
QUEUE_PREFIX=michaelschiemer_queue_prod_
WORKER_QUEUE=production
WORKER_TIMEOUT=300
WORKER_MEMORY_LIMIT=512
WORKER_SLEEP=1
WORKER_TRIES=5
WORKER_BATCH_SIZE=10
# Mail Configuration (Production)
MAIL_DRIVER=*** REQUIRED ***
MAIL_HOST=*** REQUIRED ***
MAIL_PORT=*** REQUIRED ***
MAIL_USERNAME=*** REQUIRED ***
MAIL_PASSWORD=*** REQUIRED ***
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=kontakt@michaelschiemer.de
MAIL_FROM_NAME="Michael Schiemer"
# Logging Configuration (Production)
LOG_CHANNEL=stack
LOG_LEVEL=warning
LOG_STACK_CHANNELS=single,syslog
LOG_ROTATE_DAYS=30
LOG_MAX_FILES=10
# External APIs (Production)
SHOPIFY_WEBHOOK_SECRET=*** REQUIRED ***
RAPIDMAIL_USERNAME=*** REQUIRED ***
RAPIDMAIL_PASSWORD=*** REQUIRED ***
RAPIDMAIL_TEST_MODE=false
# Analytics Configuration (Production)
ANALYTICS_ENABLED=true
ANALYTICS_TRACK_PAGE_VIEWS=true
ANALYTICS_TRACK_API_CALLS=true
ANALYTICS_TRACK_USER_ACTIONS=true
ANALYTICS_TRACK_ERRORS=true
ANALYTICS_TRACK_PERFORMANCE=true
# Monitoring & Health Checks
PROMETHEUS_ENABLED=true
PROMETHEUS_PORT=9090
GRAFANA_ADMIN_PASSWORD=*** REQUIRED ***
# Security Configuration
APP_KEY=*** REQUIRED - Generate with: openssl rand -base64 32 ***
CSRF_TOKEN_LIFETIME=7200
RATE_LIMIT_PER_MINUTE=60
MAX_LOGIN_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=900
# Performance Configuration (Production)
PHP_MEMORY_LIMIT=512M
PHP_MAX_EXECUTION_TIME=30
PHP_OPCACHE_ENABLE=1
PHP_OPCACHE_MEMORY_CONSUMPTION=256
PHP_OPCACHE_MAX_ACCELERATED_FILES=20000
PHP_OPCACHE_REVALIDATE_FREQ=0
PHP_OPCACHE_VALIDATE_TIMESTAMPS=0
PHP_REALPATH_CACHE_SIZE=4M
PHP_REALPATH_CACHE_TTL=3600
# Nginx Configuration (Production)
NGINX_WORKER_PROCESSES=4
NGINX_WORKER_CONNECTIONS=2048
NGINX_KEEPALIVE_TIMEOUT=65
NGINX_CLIENT_MAX_BODY_SIZE=50m
# Database Performance (Production)
MYSQL_INNODB_BUFFER_POOL_SIZE=1G
MYSQL_INNODB_LOG_FILE_SIZE=256M
MYSQL_MAX_CONNECTIONS=100
MYSQL_QUERY_CACHE_SIZE=0
# Backup Configuration
BACKUP_ENABLED=true
BACKUP_SCHEDULE=0 2 * * *
BACKUP_RETENTION_DAYS=30
BACKUP_S3_BUCKET=*** REQUIRED IF USING S3 ***
BACKUP_S3_ACCESS_KEY=*** REQUIRED IF USING S3 ***
BACKUP_S3_SECRET_KEY=*** REQUIRED IF USING S3 ***
# SSL/TLS Configuration
SSL_PROTOCOLS=TLSv1.2 TLSv1.3
SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSL_PREFER_SERVER_CIPHERS=off
SSL_SESSION_CACHE_SIZE=10m
SSL_SESSION_TIMEOUT=10m
# Container User IDs (Production)
UID=33
GID=33
# Restart Policy
RESTART_POLICY=always
# Resource Limits (Production)
PHP_MEMORY_LIMIT_DOCKER=2G
PHP_CPU_LIMIT=2.0
NGINX_MEMORY_LIMIT_DOCKER=256M
NGINX_CPU_LIMIT=0.5
DB_MEMORY_LIMIT_DOCKER=2G
DB_CPU_LIMIT=2.0
REDIS_MEMORY_LIMIT_DOCKER=1G
REDIS_CPU_LIMIT=0.5

165
deployment/applications/environments/staging.env.template Normal file
View File

@@ -0,0 +1,165 @@
# Staging Environment Configuration Template
# Copy to .env.staging and update with real values
# Project Configuration
COMPOSE_PROJECT_NAME=michaelschiemer-staging
DOMAIN_NAME=staging.michaelschiemer.de
# Environment
APP_ENV=staging
APP_DEBUG=false
APP_TIMEZONE=Europe/Berlin
APP_LOCALE=de
# SSL/HTTPS Configuration (Staging with Let's Encrypt Staging CA)
APP_SSL_ENABLED=true
SSL_CERT_PATH=/etc/letsencrypt/live/staging.michaelschiemer.de
FORCE_HTTPS=true
# Database Configuration (Staging)
DB_DRIVER=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=*** REQUIRED ***
DB_USERNAME=*** REQUIRED ***
DB_PASSWORD=*** REQUIRED ***
DB_ROOT_PASSWORD=*** REQUIRED ***
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci
# Redis Configuration
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=*** REQUIRED ***
REDIS_DATABASE=1
REDIS_PREFIX=michaelschiemer_staging_
# Session Configuration (Staging)
SESSION_DRIVER=redis
SESSION_LIFETIME=240
SESSION_ENCRYPT=true
SESSION_SECURE_COOKIE=true
SESSION_HTTP_ONLY=true
SESSION_SAME_SITE=strict
# Session Fingerprinting (Staging - Less Strict)
SESSION_FINGERPRINT_STRICT=false
SESSION_FINGERPRINT_USER_AGENT=true
SESSION_FINGERPRINT_ACCEPT_LANGUAGE=true
SESSION_FINGERPRINT_IP_PREFIX=false
SESSION_FINGERPRINT_THRESHOLD=0.7
# Cache Configuration
CACHE_DRIVER=redis
CACHE_TTL=1800
CACHE_PREFIX=michaelschiemer_cache_staging_
# Queue Configuration
QUEUE_DRIVER=redis
QUEUE_CONNECTION=redis
QUEUE_PREFIX=michaelschiemer_queue_staging_
WORKER_QUEUE=staging
WORKER_TIMEOUT=120
WORKER_MEMORY_LIMIT=384
WORKER_SLEEP=3
WORKER_TRIES=3
WORKER_BATCH_SIZE=5
# Mail Configuration (Staging - Development SMTP or Mailtrap)
MAIL_DRIVER=smtp
MAIL_HOST=*** REQUIRED - Use Mailtrap or similar ***
MAIL_PORT=2525
MAIL_USERNAME=*** REQUIRED ***
MAIL_PASSWORD=*** REQUIRED ***
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=staging@michaelschiemer.de
MAIL_FROM_NAME="Michael Schiemer (Staging)"
# Logging Configuration (Staging - More Verbose)
LOG_CHANNEL=stack
LOG_LEVEL=info
LOG_STACK_CHANNELS=single,daily
LOG_ROTATE_DAYS=7
LOG_MAX_FILES=5
# External APIs (Staging - Test Mode)
SHOPIFY_WEBHOOK_SECRET=staging-webhook-secret
RAPIDMAIL_USERNAME=*** REQUIRED ***
RAPIDMAIL_PASSWORD=*** REQUIRED ***
RAPIDMAIL_TEST_MODE=true
# Analytics Configuration (Staging)
ANALYTICS_ENABLED=true
ANALYTICS_TRACK_PAGE_VIEWS=true
ANALYTICS_TRACK_API_CALLS=true
ANALYTICS_TRACK_USER_ACTIONS=true
ANALYTICS_TRACK_ERRORS=true
ANALYTICS_TRACK_PERFORMANCE=true
# Monitoring & Health Checks (Staging)
PROMETHEUS_ENABLED=true
PROMETHEUS_PORT=9091
GRAFANA_ADMIN_PASSWORD=*** REQUIRED ***
# Security Configuration (Staging - Slightly Relaxed)
APP_KEY=*** REQUIRED - Generate with: openssl rand -base64 32 ***
CSRF_TOKEN_LIFETIME=7200
RATE_LIMIT_PER_MINUTE=120
MAX_LOGIN_ATTEMPTS=10
LOGIN_LOCKOUT_DURATION=300
# Performance Configuration (Staging)
PHP_MEMORY_LIMIT=512M
PHP_MAX_EXECUTION_TIME=60
PHP_OPCACHE_ENABLE=1
PHP_OPCACHE_MEMORY_CONSUMPTION=128
PHP_OPCACHE_MAX_ACCELERATED_FILES=10000
PHP_OPCACHE_REVALIDATE_FREQ=2
PHP_OPCACHE_VALIDATE_TIMESTAMPS=1
PHP_ERROR_REPORTING=E_ALL
PHP_DISPLAY_ERRORS=0
PHP_LOG_ERRORS=1
# Nginx Configuration (Staging)
NGINX_WORKER_PROCESSES=2
NGINX_WORKER_CONNECTIONS=1536
NGINX_KEEPALIVE_TIMEOUT=60
NGINX_CLIENT_MAX_BODY_SIZE=25m
# Database Performance (Staging)
MYSQL_INNODB_BUFFER_POOL_SIZE=512M
MYSQL_INNODB_LOG_FILE_SIZE=128M
MYSQL_MAX_CONNECTIONS=50
# Testing & Load Testing Configuration
K6_ENABLED=true
JAEGER_ENABLED=true
JAEGER_HOST=jaeger
JAEGER_PORT=14268
# Backup Configuration (Staging - Reduced)
BACKUP_ENABLED=true
BACKUP_SCHEDULE=0 3 * * 0
BACKUP_RETENTION_DAYS=7
# SSL/TLS Configuration (Staging)
SSL_PROTOCOLS=TLSv1.2 TLSv1.3
SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSL_PREFER_SERVER_CIPHERS=off
# Container User IDs (Staging)
UID=33
GID=33
# Restart Policy (Staging)
RESTART_POLICY=unless-stopped
# Resource Limits (Staging - Reduced)
PHP_MEMORY_LIMIT_DOCKER=768M
PHP_CPU_LIMIT=1.5
NGINX_MEMORY_LIMIT_DOCKER=192M
NGINX_CPU_LIMIT=0.4
DB_MEMORY_LIMIT_DOCKER=1G
DB_CPU_LIMIT=1.0
REDIS_MEMORY_LIMIT_DOCKER=640M
REDIS_CPU_LIMIT=0.4

428
deployment/applications/scripts/deploy-app.sh Executable file
View File

@@ -0,0 +1,428 @@
#!/bin/bash
# Application Deployment Script for Custom PHP Framework
# Integrates Docker Compose with Ansible infrastructure deployment
# Usage: ./deploy-app.sh [staging|production] [options]
set -euo pipefail
# Script directory and project root
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../../../" && pwd)"
DEPLOYMENT_DIR="${PROJECT_ROOT}/deployment"
APPLICATIONS_DIR="${DEPLOYMENT_DIR}/applications"
# Default configuration
DEFAULT_ENV="staging"
DRY_RUN=false
SKIP_TESTS=false
SKIP_BACKUP=false
FORCE_DEPLOY=false
VERBOSE=false
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging functions
log() {
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] INFO: $1${NC}"
}
warn() {
echo -e "${YELLOW}[$(date +'%Y-%m-%d %H:%M:%S')] WARN: $1${NC}"
}
error() {
echo -e "${RED}[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $1${NC}"
}
debug() {
if [ "$VERBOSE" = true ]; then
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')] DEBUG: $1${NC}"
fi
}
# Usage information
show_usage() {
cat << EOF
Usage: $0 [environment] [options]
Environment:
staging Deploy to staging environment (default)
production Deploy to production environment
Options:
--dry-run Show what would be done without making changes
--skip-tests Skip running tests before deployment
--skip-backup Skip database backup (not recommended for production)
--force Force deployment even if validation fails
--verbose Enable verbose output
-h, --help Show this help message
Examples:
$0 staging # Deploy to staging
$0 production --skip-tests # Deploy to production without tests
$0 staging --dry-run --verbose # Dry run with detailed output
EOF
}
# Parse command line arguments
parse_arguments() {
local environment=""
while [[ $# -gt 0 ]]; do
case $1 in
staging|production)
environment="$1"
shift
;;
--dry-run)
DRY_RUN=true
shift
;;
--skip-tests)
SKIP_TESTS=true
shift
;;
--skip-backup)
SKIP_BACKUP=true
shift
;;
--force)
FORCE_DEPLOY=true
shift
;;
--verbose)
VERBOSE=true
shift
;;
-h|--help)
show_usage
exit 0
;;
*)
error "Unknown argument: $1"
show_usage
exit 1
;;
esac
done
# Set environment, defaulting to staging
DEPLOY_ENV="${environment:-$DEFAULT_ENV}"
}
# Validate environment and prerequisites
validate_environment() {
log "Validating deployment environment: $DEPLOY_ENV"
# Check if we're in the project root
if [[ ! -f "${PROJECT_ROOT}/docker-compose.yml" ]]; then
error "Project root not found. Please run from the correct directory."
exit 1
fi
# Validate environment-specific files exist
local compose_file="${APPLICATIONS_DIR}/docker-compose.${DEPLOY_ENV}.yml"
local env_file="${APPLICATIONS_DIR}/environments/.env.${DEPLOY_ENV}"
if [[ ! -f "$compose_file" ]]; then
error "Docker Compose overlay not found: $compose_file"
exit 1
fi
if [[ ! -f "$env_file" ]]; then
error "Environment file not found: $env_file"
error "Copy from template: cp ${env_file}.template $env_file"
exit 1
fi
# Check for required tools
local required_tools=("docker" "docker-compose" "ansible-playbook")
for tool in "${required_tools[@]}"; do
if ! command -v "$tool" &> /dev/null; then
error "Required tool not found: $tool"
exit 1
fi
done
debug "Environment validation completed"
}
# Validate environment configuration
validate_configuration() {
log "Validating environment configuration"
local env_file="${APPLICATIONS_DIR}/environments/.env.${DEPLOY_ENV}"
# Check for required placeholder values
local required_placeholders=(
"*** REQUIRED"
)
for placeholder in "${required_placeholders[@]}"; do
if grep -q "$placeholder" "$env_file"; then
error "Environment file contains unfilled templates:"
grep "$placeholder" "$env_file" || true
if [ "$FORCE_DEPLOY" != true ]; then
error "Fix configuration or use --force to proceed"
exit 1
else
warn "Proceeding with incomplete configuration due to --force flag"
fi
fi
done
debug "Configuration validation completed"
}
# Run pre-deployment tests
run_tests() {
if [ "$SKIP_TESTS" = true ]; then
warn "Skipping tests as requested"
return 0
fi
log "Running pre-deployment tests"
cd "$PROJECT_ROOT"
# PHP tests
if [[ -f "vendor/bin/pest" ]]; then
log "Running PHP tests with Pest"
./vendor/bin/pest --bail
elif [[ -f "vendor/bin/phpunit" ]]; then
log "Running PHP tests with PHPUnit"
./vendor/bin/phpunit --stop-on-failure
else
warn "No PHP test framework found"
fi
# JavaScript tests
if [[ -f "package.json" ]] && command -v npm &> /dev/null; then
log "Running JavaScript tests"
npm test
fi
# Code quality checks
if [[ -f "composer.json" ]]; then
log "Running code style checks"
composer cs || {
error "Code style checks failed"
if [ "$FORCE_DEPLOY" != true ]; then
exit 1
else
warn "Proceeding despite code style issues due to --force flag"
fi
}
fi
debug "Tests completed successfully"
}
# Create database backup
create_backup() {
if [ "$SKIP_BACKUP" = true ]; then
warn "Skipping database backup as requested"
return 0
fi
log "Creating database backup for $DEPLOY_ENV"
local backup_dir="${PROJECT_ROOT}/storage/backups"
local timestamp=$(date +%Y%m%d_%H%M%S)
local backup_file="${backup_dir}/db_backup_${DEPLOY_ENV}_${timestamp}.sql"
mkdir -p "$backup_dir"
# Load environment variables
set -a
source "${APPLICATIONS_DIR}/environments/.env.${DEPLOY_ENV}"
set +a
if [ "$DRY_RUN" != true ]; then
# Create backup using the running database container
docker-compose -f "${PROJECT_ROOT}/docker-compose.yml" \
-f "${APPLICATIONS_DIR}/docker-compose.${DEPLOY_ENV}.yml" \
exec -T db \
mariadb-dump -u root -p"${DB_ROOT_PASSWORD}" --all-databases > "$backup_file"
log "Database backup created: $backup_file"
else
debug "DRY RUN: Would create backup at $backup_file"
fi
}
# Build application assets
build_assets() {
log "Building application assets"
cd "$PROJECT_ROOT"
if [[ -f "package.json" ]] && command -v npm &> /dev/null; then
log "Installing Node.js dependencies"
if [ "$DRY_RUN" != true ]; then
npm ci
else
debug "DRY RUN: Would run npm ci"
fi
log "Building production assets"
if [ "$DRY_RUN" != true ]; then
npm run build
else
debug "DRY RUN: Would run npm run build"
fi
else
warn "No package.json found, skipping asset build"
fi
debug "Asset building completed"
}
# Deploy infrastructure using Ansible
deploy_infrastructure() {
log "Deploying infrastructure with Ansible"
local ansible_dir="${DEPLOYMENT_DIR}/infrastructure"
local inventory="${ansible_dir}/inventories/${DEPLOY_ENV}/hosts.yml"
local site_playbook="${ansible_dir}/site.yml"
if [[ ! -f "$inventory" ]]; then
warn "Ansible inventory not found: $inventory"
warn "Skipping infrastructure deployment"
return 0
fi
cd "$ansible_dir"
# First run the main site playbook for infrastructure setup
local ansible_cmd="ansible-playbook -i $inventory $site_playbook"
if [ "$DRY_RUN" = true ]; then
ansible_cmd="$ansible_cmd --check"
fi
if [ "$VERBOSE" = true ]; then
ansible_cmd="$ansible_cmd -v"
fi
debug "Running infrastructure setup: $ansible_cmd"
if [ "$DRY_RUN" != true ]; then
$ansible_cmd
log "Infrastructure setup completed"
else
debug "DRY RUN: Would run Ansible infrastructure setup"
fi
}
# Deploy application using Ansible
deploy_application() {
log "Deploying application with Ansible"
local ansible_dir="${DEPLOYMENT_DIR}/infrastructure"
local inventory="${ansible_dir}/inventories/${DEPLOY_ENV}/hosts.yml"
local app_playbook="${ansible_dir}/playbooks/deploy-application.yml"
if [[ ! -f "$inventory" ]]; then
warn "Ansible inventory not found: $inventory"
warn "Skipping application deployment"
return 0
fi
if [[ ! -f "$app_playbook" ]]; then
error "Application deployment playbook not found: $app_playbook"
exit 1
fi
cd "$ansible_dir"
# Run the application deployment playbook with proper environment variable
local ansible_cmd="ansible-playbook -i $inventory $app_playbook -e environment=$DEPLOY_ENV"
if [ "$DRY_RUN" = true ]; then
ansible_cmd="$ansible_cmd --check"
fi
if [ "$VERBOSE" = true ]; then
ansible_cmd="$ansible_cmd -v"
fi
debug "Running application deployment: $ansible_cmd"
if [ "$DRY_RUN" != true ]; then
$ansible_cmd
log "Application deployment completed"
else
debug "DRY RUN: Would run Ansible application deployment"
fi
}
# Run post-deployment tasks
post_deployment() {
log "Running post-deployment tasks"
cd "$PROJECT_ROOT"
local compose_files="-f docker-compose.yml -f ${APPLICATIONS_DIR}/docker-compose.${DEPLOY_ENV}.yml"
local env_file="--env-file ${APPLICATIONS_DIR}/environments/.env.${DEPLOY_ENV}"
if [ "$DRY_RUN" != true ]; then
# Run database migrations
log "Running database migrations"
docker-compose $compose_files $env_file exec -T php php console.php db:migrate
# Clear application cache
log "Clearing application cache"
docker-compose $compose_files $env_file exec -T php php console.php cache:clear || true
# Warm up application
log "Warming up application"
sleep 5
# Run health checks
"${SCRIPT_DIR}/health-check.sh" "$DEPLOY_ENV"
else
debug "DRY RUN: Would run post-deployment tasks"
fi
debug "Post-deployment tasks completed"
}
# Main deployment function
main() {
log "Starting deployment to $DEPLOY_ENV environment"
if [ "$DRY_RUN" = true ]; then
log "DRY RUN MODE - No actual changes will be made"
fi
# Deployment steps
validate_environment
validate_configuration
run_tests
create_backup
build_assets
deploy_infrastructure
deploy_application
post_deployment
log "Deployment to $DEPLOY_ENV completed successfully!"
if [ "$DEPLOY_ENV" = "production" ]; then
log "Production deployment complete. Monitor application health and performance."
else
log "Staging deployment complete. Ready for testing."
fi
}
# Parse arguments and run main function
parse_arguments "$@"
main

463
deployment/applications/scripts/health-check.sh Executable file
View File

@@ -0,0 +1,463 @@
#!/bin/bash
# Health Check Script for Custom PHP Framework
# Verifies application health after deployment
# Usage: ./health-check.sh [environment] [options]
set -euo pipefail
# Script configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../../../" && pwd)"
DEPLOYMENT_DIR="${PROJECT_ROOT}/deployment"
APPLICATIONS_DIR="${DEPLOYMENT_DIR}/applications"
# Default settings
DEFAULT_ENV="staging"
VERBOSE=false
MAX_RETRIES=10
RETRY_INTERVAL=30
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging functions
log() {
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] INFO: $1${NC}"
}
warn() {
echo -e "${YELLOW}[$(date +'%Y-%m-%d %H:%M:%S')] WARN: $1${NC}"
}
error() {
echo -e "${RED}[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $1${NC}"
}
debug() {
if [ "$VERBOSE" = true ]; then
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')] DEBUG: $1${NC}"
fi
}
success() {
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] SUCCESS: $1${NC}"
}
# Usage information
show_usage() {
cat << EOF
Usage: $0 [environment] [options]
Environment:
staging Check staging environment (default)
production Check production environment
Options:
--verbose Enable verbose output
--max-retries N Maximum number of health check retries (default: 10)
--retry-interval N Seconds between retries (default: 30)
-h, --help Show this help message
Examples:
$0 staging # Check staging environment
$0 production --verbose # Check production with detailed output
$0 staging --max-retries 5 # Check with custom retry limit
EOF
}
# Parse command line arguments
parse_arguments() {
local environment=""
while [[ $# -gt 0 ]]; do
case $1 in
staging|production)
environment="$1"
shift
;;
--verbose)
VERBOSE=true
shift
;;
--max-retries)
MAX_RETRIES="$2"
shift 2
;;
--retry-interval)
RETRY_INTERVAL="$2"
shift 2
;;
-h|--help)
show_usage
exit 0
;;
*)
error "Unknown argument: $1"
show_usage
exit 1
;;
esac
done
# Set environment, defaulting to staging
CHECK_ENV="${environment:-$DEFAULT_ENV}"
}
# Load environment configuration
load_environment() {
local env_file="${APPLICATIONS_DIR}/environments/.env.${CHECK_ENV}"
if [[ ! -f "$env_file" ]]; then
error "Environment file not found: $env_file"
exit 1
fi
debug "Loading environment from: $env_file"
set -a
source "$env_file"
set +a
}
# Check Docker container health
check_container_health() {
log "Checking Docker container health"
local compose_files="-f ${PROJECT_ROOT}/docker-compose.yml -f ${APPLICATIONS_DIR}/docker-compose.${CHECK_ENV}.yml"
local env_file="--env-file ${APPLICATIONS_DIR}/environments/.env.${CHECK_ENV}"
cd "$PROJECT_ROOT"
# Get container status
local containers
containers=$(docker-compose $compose_files $env_file ps --services)
local all_healthy=true
while IFS= read -r service; do
if [[ -n "$service" ]]; then
local container_status
container_status=$(docker-compose $compose_files $env_file ps "$service" | tail -n +3 | awk '{print $4}')
case "$container_status" in
"Up"|"Up (healthy)")
success "Container $service: $container_status"
;;
*)
error "Container $service: $container_status"
all_healthy=false
;;
esac
fi
done <<< "$containers"
if [ "$all_healthy" = false ]; then
return 1
fi
debug "All containers are healthy"
return 0
}
# Check HTTP endpoints
check_http_endpoints() {
log "Checking HTTP endpoints"
# Determine base URL based on environment
local base_url
if [ "$CHECK_ENV" = "production" ]; then
base_url="https://michaelschiemer.de"
else
base_url="https://localhost:${APP_SSL_PORT:-443}"
fi
# Test endpoints
local endpoints=(
"/"
"/health"
"/api/health"
)
local all_ok=true
for endpoint in "${endpoints[@]}"; do
local url="${base_url}${endpoint}"
debug "Testing endpoint: $url"
local http_code
http_code=$(curl -s -o /dev/null -w "%{http_code}" -k \
-H "User-Agent: Mozilla/5.0 (HealthCheck)" \
--max-time 30 \
"$url" || echo "000")
case "$http_code" in
200|301|302)
success "Endpoint $endpoint: HTTP $http_code"
;;
000)
error "Endpoint $endpoint: Connection failed"
all_ok=false
;;
*)
error "Endpoint $endpoint: HTTP $http_code"
all_ok=false
;;
esac
done
if [ "$all_ok" = false ]; then
return 1
fi
debug "All HTTP endpoints are responding correctly"
return 0
}
# Check database connectivity
check_database() {
log "Checking database connectivity"
local compose_files="-f ${PROJECT_ROOT}/docker-compose.yml -f ${APPLICATIONS_DIR}/docker-compose.${CHECK_ENV}.yml"
local env_file="--env-file ${APPLICATIONS_DIR}/environments/.env.${CHECK_ENV}"
cd "$PROJECT_ROOT"
# Test database connection through application
local db_check
if db_check=$(docker-compose $compose_files $env_file exec -T php \
php console.php db:ping 2>&1); then
success "Database connection: OK"
debug "Database response: $db_check"
return 0
else
error "Database connection: FAILED"
error "Database error: $db_check"
return 1
fi
}
# Check Redis connectivity
check_redis() {
log "Checking Redis connectivity"
local compose_files="-f ${PROJECT_ROOT}/docker-compose.yml -f ${APPLICATIONS_DIR}/docker-compose.${CHECK_ENV}.yml"
local env_file="--env-file ${APPLICATIONS_DIR}/environments/.env.${CHECK_ENV}"
cd "$PROJECT_ROOT"
# Test Redis connection
local redis_check
if redis_check=$(docker-compose $compose_files $env_file exec -T redis \
redis-cli ping 2>&1); then
if [[ "$redis_check" == *"PONG"* ]]; then
success "Redis connection: OK"
debug "Redis response: $redis_check"
return 0
else
error "Redis connection: Unexpected response - $redis_check"
return 1
fi
else
error "Redis connection: FAILED"
error "Redis error: $redis_check"
return 1
fi
}
# Check queue worker status
check_queue_worker() {
log "Checking queue worker status"
local compose_files="-f ${PROJECT_ROOT}/docker-compose.yml -f ${APPLICATIONS_DIR}/docker-compose.${CHECK_ENV}.yml"
local env_file="--env-file ${APPLICATIONS_DIR}/environments/.env.${CHECK_ENV}"
cd "$PROJECT_ROOT"
# Check if worker container is running
local worker_status
worker_status=$(docker-compose $compose_files $env_file ps queue-worker | tail -n +3 | awk '{print $4}')
case "$worker_status" in
"Up")
success "Queue worker: Running"
# Check worker process inside container
local worker_process
if worker_process=$(docker-compose $compose_files $env_file exec -T queue-worker \
ps aux | grep -v grep | grep worker 2>&1); then
debug "Worker process found: $worker_process"
return 0
else
warn "Queue worker container running but no worker process found"
return 1
fi
;;
*)
error "Queue worker: $worker_status"
return 1
;;
esac
}
# Check application performance
check_performance() {
log "Checking application performance"
local base_url
if [ "$CHECK_ENV" = "production" ]; then
base_url="https://michaelschiemer.de"
else
base_url="https://localhost:${APP_SSL_PORT:-443}"
fi
# Test response times
local response_time
response_time=$(curl -s -o /dev/null -w "%{time_total}" -k \
-H "User-Agent: Mozilla/5.0 (HealthCheck)" \
--max-time 30 \
"${base_url}/" || echo "timeout")
if [[ "$response_time" == "timeout" ]]; then
error "Performance check: Request timed out"
return 1
fi
local response_ms
response_ms=$(echo "$response_time * 1000" | bc -l | cut -d. -f1)
# Performance thresholds (milliseconds)
local warning_threshold=2000
local error_threshold=5000
if [ "$response_ms" -lt "$warning_threshold" ]; then
success "Performance: ${response_ms}ms (Good)"
return 0
elif [ "$response_ms" -lt "$error_threshold" ]; then
warn "Performance: ${response_ms}ms (Slow)"
return 0
else
error "Performance: ${response_ms}ms (Too slow)"
return 1
fi
}
# Check SSL certificate
check_ssl() {
if [ "$CHECK_ENV" != "production" ]; then
debug "Skipping SSL check for non-production environment"
return 0
fi
log "Checking SSL certificate"
local domain="michaelschiemer.de"
local ssl_info
if ssl_info=$(echo | openssl s_client -connect "${domain}:443" -servername "$domain" 2>/dev/null | \
openssl x509 -noout -dates 2>/dev/null); then
local expiry_date
expiry_date=$(echo "$ssl_info" | grep "notAfter" | cut -d= -f2)
local expiry_timestamp
expiry_timestamp=$(date -d "$expiry_date" +%s 2>/dev/null || echo "0")
local current_timestamp
current_timestamp=$(date +%s)
local days_until_expiry
days_until_expiry=$(( (expiry_timestamp - current_timestamp) / 86400 ))
if [ "$days_until_expiry" -gt 30 ]; then
success "SSL certificate: Valid (expires in $days_until_expiry days)"
return 0
elif [ "$days_until_expiry" -gt 7 ]; then
warn "SSL certificate: Expires soon (in $days_until_expiry days)"
return 0
else
error "SSL certificate: Critical expiry (in $days_until_expiry days)"
return 1
fi
else
error "SSL certificate: Could not retrieve certificate information"
return 1
fi
}
# Comprehensive health check with retries
run_health_checks() {
log "Starting comprehensive health check for $CHECK_ENV environment"
local checks=(
"check_container_health"
"check_database"
"check_redis"
"check_queue_worker"
"check_http_endpoints"
"check_performance"
"check_ssl"
)
local attempt=1
local all_passed=false
while [ $attempt -le $MAX_RETRIES ] && [ "$all_passed" = false ]; do
log "Health check attempt $attempt of $MAX_RETRIES"
local failed_checks=()
for check in "${checks[@]}"; do
debug "Running check: $check"
if ! $check; then
failed_checks+=("$check")
fi
done
if [ ${#failed_checks[@]} -eq 0 ]; then
all_passed=true
success "All health checks passed!"
else
warn "Failed checks: ${failed_checks[*]}"
if [ $attempt -lt $MAX_RETRIES ]; then
log "Waiting $RETRY_INTERVAL seconds before retry..."
sleep $RETRY_INTERVAL
fi
fi
((attempt++))
done
if [ "$all_passed" = false ]; then
error "Health checks failed after $MAX_RETRIES attempts"
return 1
fi
return 0
}
# Main function
main() {
log "Starting health check for $CHECK_ENV environment"
load_environment
if run_health_checks; then
success "Health check completed successfully for $CHECK_ENV environment"
log "Application is healthy and ready to serve traffic"
return 0
else
error "Health check failed for $CHECK_ENV environment"
error "Please review the application status and fix any issues"
return 1
fi
}
# Parse arguments and run main function
parse_arguments "$@"
main