michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e30753ba0e9e8ed6d3c26566b0824ca7c7496ea7
michaelschiemer/deployment/PRODUCTION_SETUP.md
Michael Schiemer 9b74ade5b0 feat: Fix discovery system critical issues 
Resolved multiple critical discovery system issues:

## Discovery System Fixes
- Fixed console commands not being discovered on first run
- Implemented fallback discovery for empty caches
- Added context-aware caching with separate cache keys
- Fixed object serialization preventing __PHP_Incomplete_Class

## Cache System Improvements
- Smart caching that only caches meaningful results
- Separate caches for different execution contexts (console, web, test)
- Proper array serialization/deserialization for cache compatibility
- Cache hit logging for debugging and monitoring

## Object Serialization Fixes
- Fixed DiscoveredAttribute serialization with proper string conversion
- Sanitized additional data to prevent object reference issues
- Added fallback for corrupted cache entries

## Performance & Reliability
- All 69 console commands properly discovered and cached
- 534 total discovery items successfully cached and restored
- No more __PHP_Incomplete_Class cache corruption
- Improved error handling and graceful fallbacks

## Testing & Quality
- Fixed code style issues across discovery components
- Enhanced logging for better debugging capabilities
- Improved cache validation and error recovery

Ready for production deployment with stable discovery system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-13 12:04:17 +02:00

5.9 KiB
Raw Blame History

Production Deployment Setup

Guide for deploying the Custom PHP Framework to production on Netcup VPS.

Server Details

  • IP Address: 94.16.110.151
  • Domain: michaelschiemer.de
  • Email: kontakt@michaelschiemer.de
  • SSH Key: /home/michael/.ssh/production
  • OS: Fresh Ubuntu 22.04 or Debian 12

Initial Server Setup

1. First-time Server Configuration

Run the initial server setup (only once on fresh server):

cd deployment/infrastructure

# Run initial setup as root user
ansible-playbook -i inventories/production/hosts.yml setup-fresh-server.yml

This will:

  • Create the deploy user with sudo privileges
  • Configure SSH key authentication
  • Harden SSH security
  • Set up firewall (UFW)
  • Configure fail2ban
  • Install essential packages
  • Create directory structure

2. Update Inventory Configuration

After initial setup, update inventories/production/hosts.yml:

# Change from:
ansible_user: root
fresh_server_setup: true

# To:
ansible_user: deploy
fresh_server_setup: false

3. Full Infrastructure Deployment

Deploy the complete infrastructure:

# Deploy infrastructure only
ansible-playbook -i inventories/production/hosts.yml site.yml

# Or use the orchestration script
./deploy.sh production --infrastructure-only

Environment Configuration

1. Configure Production Environment

Edit the production environment file:

nano applications/environments/.env.production

Update these required values:

# Database passwords (generate strong passwords)
DB_PASSWORD=*** SET_STRONG_PASSWORD ***
DB_ROOT_PASSWORD=*** SET_STRONG_ROOT_PASSWORD ***

# Redis password
REDIS_PASSWORD=*** SET_STRONG_PASSWORD ***

# Application security key (generate: openssl rand -base64 32)
APP_KEY=*** GENERATE_KEY ***

# Mail configuration (configure with your SMTP provider)
MAIL_HOST=*** YOUR_SMTP_HOST ***
MAIL_USERNAME=*** YOUR_SMTP_USERNAME ***
MAIL_PASSWORD=*** YOUR_SMTP_PASSWORD ***

# External API keys
SHOPIFY_WEBHOOK_SECRET=*** YOUR_WEBHOOK_SECRET ***
RAPIDMAIL_USERNAME=*** IF_USING_RAPIDMAIL ***
RAPIDMAIL_PASSWORD=*** IF_USING_RAPIDMAIL ***

# Monitoring
GRAFANA_ADMIN_PASSWORD=*** SET_STRONG_PASSWORD ***

2. Generate Required Keys

# Generate application key
openssl rand -base64 32

# Generate secure passwords
openssl rand -base64 24

Deployment Process

Full Deployment

Deploy both infrastructure and application:

./deploy.sh production

Infrastructure Only

Deploy only the infrastructure (server setup, Nginx, Docker, etc.):

./deploy.sh production --infrastructure-only

Application Only

Deploy only the application code:

./deploy.sh production --application-only

Dry Run

Test deployment without making changes:

./deploy.sh production --dry-run

Security Considerations

SSH Access

  • Root login disabled after initial setup
  • Only deploy user has access
  • SSH key authentication required
  • Password authentication disabled

Firewall Rules

  • Only ports 22 (SSH), 80 (HTTP), 443 (HTTPS) open
  • UFW configured with default deny
  • Fail2ban protecting SSH

SSL/TLS

  • Let's Encrypt SSL certificates
  • HTTPS enforced
  • Modern TLS configuration (TLS 1.2/1.3)
  • HSTS headers

Post-Deployment

1. Verify Deployment

Check services are running:

# SSH into the server
ssh deploy@94.16.110.151

# Check Docker containers
docker ps

# Check Nginx
sudo systemctl status nginx

# Check firewall
sudo ufw status

# Check fail2ban
sudo fail2ban-client status

2. Test Application

3. DNS Configuration

Make sure your DNS points to the server:

# Check DNS resolution
dig michaelschiemer.de
nslookup michaelschiemer.de

Monitoring and Maintenance

Log Locations

  • Application logs: /var/log/custom-php-framework/
  • Nginx logs: /var/log/nginx/
  • Docker logs: docker logs <container_name>

Health Checks

  • Health endpoint: /health.php
  • Prometheus metrics: :9090/metrics (if enabled)

Backups

  • Database backups run daily at 2 AM
  • Backups retained for 30 days
  • Location: /var/www/backups/

Troubleshooting

Common Issues

  1. Permission denied: Check SSH key permissions
  2. Connection refused: Verify firewall rules
  3. SSL certificate issues: Check Let's Encrypt logs
  4. Docker issues: Check Docker service status

Debug Mode

Run deployment with verbose output:

./deploy.sh production --verbose

Manual Commands

# SSH into server
ssh -i /home/michael/.ssh/production deploy@94.16.110.151

# Check system status
sudo systemctl status nginx docker fail2ban

# View Docker containers
docker ps -a

# Check logs
sudo tail -f /var/log/nginx/error.log
docker logs php-container

Security Updates

Regular Maintenance

  1. Update system packages monthly
  2. Review fail2ban logs for suspicious activity
  3. Monitor SSL certificate expiration
  4. Check for security updates

Update Commands

# Update system packages
sudo apt update && sudo apt upgrade -y

# Update Docker containers
cd /var/www/html
docker-compose pull
docker-compose up -d

# Renew SSL certificates (automatic with certbot)
sudo certbot renew

Recovery Procedures

Rollback Deployment

If issues occur:

# Stop application
docker-compose down

# Restore from backup
sudo rsync -av /var/www/backups/latest/ /var/www/html/

# Restart application
docker-compose up -d

Emergency Access

If SSH key issues occur:

  1. Access via Netcup VPS console
  2. Re-enable password authentication temporarily
  3. Fix SSH key configuration
  4. Disable password authentication again

Support and Documentation

  • Framework documentation: /docs/
  • Deployment logs: Check Ansible output
  • System logs: journalctl -xe
  • Application logs: Docker container logs

For issues, check the troubleshooting guide in deployment/docs/TROUBLESHOOTING.md.

Reference in New Issue View Git Blame Copy Permalink