michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e30753ba0e9e8ed6d3c26566b0824ca7c7496ea7
michaelschiemer/deployment/PRODUCTION_SETUP.md
Michael Schiemer 9b74ade5b0 feat: Fix discovery system critical issues 
Resolved multiple critical discovery system issues:

## Discovery System Fixes
- Fixed console commands not being discovered on first run
- Implemented fallback discovery for empty caches
- Added context-aware caching with separate cache keys
- Fixed object serialization preventing __PHP_Incomplete_Class

## Cache System Improvements
- Smart caching that only caches meaningful results
- Separate caches for different execution contexts (console, web, test)
- Proper array serialization/deserialization for cache compatibility
- Cache hit logging for debugging and monitoring

## Object Serialization Fixes
- Fixed DiscoveredAttribute serialization with proper string conversion
- Sanitized additional data to prevent object reference issues
- Added fallback for corrupted cache entries

## Performance & Reliability
- All 69 console commands properly discovered and cached
- 534 total discovery items successfully cached and restored
- No more __PHP_Incomplete_Class cache corruption
- Improved error handling and graceful fallbacks

## Testing & Quality
- Fixed code style issues across discovery components
- Enhanced logging for better debugging capabilities
- Improved cache validation and error recovery

Ready for production deployment with stable discovery system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-13 12:04:17 +02:00

313 lines
5.9 KiB
Markdown
Raw Blame History

# Production Deployment Setup
Guide for deploying the Custom PHP Framework to production on Netcup VPS.
## Server Details
- **IP Address**: 94.16.110.151
- **Domain**: michaelschiemer.de
- **Email**: kontakt@michaelschiemer.de
- **SSH Key**: /home/michael/.ssh/production
- **OS**: Fresh Ubuntu 22.04 or Debian 12
## Initial Server Setup
### 1. First-time Server Configuration
Run the initial server setup (only once on fresh server):
```bash
cd deployment/infrastructure
# Run initial setup as root user
ansible-playbook -i inventories/production/hosts.yml setup-fresh-server.yml
```
This will:
- Create the `deploy` user with sudo privileges
- Configure SSH key authentication
- Harden SSH security
- Set up firewall (UFW)
- Configure fail2ban
- Install essential packages
- Create directory structure
### 2. Update Inventory Configuration
After initial setup, update `inventories/production/hosts.yml`:
```yaml
# Change from:
ansible_user: root
fresh_server_setup: true
# To:
ansible_user: deploy
fresh_server_setup: false
```
### 3. Full Infrastructure Deployment
Deploy the complete infrastructure:
```bash
# Deploy infrastructure only
ansible-playbook -i inventories/production/hosts.yml site.yml
# Or use the orchestration script
./deploy.sh production --infrastructure-only
```
## Environment Configuration
### 1. Configure Production Environment
Edit the production environment file:
```bash
nano applications/environments/.env.production
```
Update these required values:
```env
# Database passwords (generate strong passwords)
DB_PASSWORD=*** SET_STRONG_PASSWORD ***
DB_ROOT_PASSWORD=*** SET_STRONG_ROOT_PASSWORD ***
# Redis password
REDIS_PASSWORD=*** SET_STRONG_PASSWORD ***
# Application security key (generate: openssl rand -base64 32)
APP_KEY=*** GENERATE_KEY ***
# Mail configuration (configure with your SMTP provider)
MAIL_HOST=*** YOUR_SMTP_HOST ***
MAIL_USERNAME=*** YOUR_SMTP_USERNAME ***
MAIL_PASSWORD=*** YOUR_SMTP_PASSWORD ***
# External API keys
SHOPIFY_WEBHOOK_SECRET=*** YOUR_WEBHOOK_SECRET ***
RAPIDMAIL_USERNAME=*** IF_USING_RAPIDMAIL ***
RAPIDMAIL_PASSWORD=*** IF_USING_RAPIDMAIL ***
# Monitoring
GRAFANA_ADMIN_PASSWORD=*** SET_STRONG_PASSWORD ***
```
### 2. Generate Required Keys
```bash
# Generate application key
openssl rand -base64 32
# Generate secure passwords
openssl rand -base64 24
```
## Deployment Process
### Full Deployment
Deploy both infrastructure and application:
```bash
./deploy.sh production
```
### Infrastructure Only
Deploy only the infrastructure (server setup, Nginx, Docker, etc.):
```bash
./deploy.sh production --infrastructure-only
```
### Application Only
Deploy only the application code:
```bash
./deploy.sh production --application-only
```
### Dry Run
Test deployment without making changes:
```bash
./deploy.sh production --dry-run
```
## Security Considerations
### SSH Access
- Root login disabled after initial setup
- Only `deploy` user has access
- SSH key authentication required
- Password authentication disabled
### Firewall Rules
- Only ports 22 (SSH), 80 (HTTP), 443 (HTTPS) open
- UFW configured with default deny
- Fail2ban protecting SSH
### SSL/TLS
- Let's Encrypt SSL certificates
- HTTPS enforced
- Modern TLS configuration (TLS 1.2/1.3)
- HSTS headers
## Post-Deployment
### 1. Verify Deployment
Check services are running:
```bash
# SSH into the server
ssh deploy@94.16.110.151
# Check Docker containers
docker ps
# Check Nginx
sudo systemctl status nginx
# Check firewall
sudo ufw status
# Check fail2ban
sudo fail2ban-client status
```
### 2. Test Application
- Visit https://michaelschiemer.de
- Check health endpoint: https://michaelschiemer.de/health.php
- Verify SSL certificate
### 3. DNS Configuration
Make sure your DNS points to the server:
```bash
# Check DNS resolution
dig michaelschiemer.de
nslookup michaelschiemer.de
```
## Monitoring and Maintenance
### Log Locations
- Application logs: `/var/log/custom-php-framework/`
- Nginx logs: `/var/log/nginx/`
- Docker logs: `docker logs <container_name>`
### Health Checks
- Health endpoint: `/health.php`
- Prometheus metrics: `:9090/metrics` (if enabled)
### Backups
- Database backups run daily at 2 AM
- Backups retained for 30 days
- Location: `/var/www/backups/`
## Troubleshooting
### Common Issues
1. **Permission denied**: Check SSH key permissions
2. **Connection refused**: Verify firewall rules
3. **SSL certificate issues**: Check Let's Encrypt logs
4. **Docker issues**: Check Docker service status
### Debug Mode
Run deployment with verbose output:
```bash
./deploy.sh production --verbose
```
### Manual Commands
```bash
# SSH into server
ssh -i /home/michael/.ssh/production deploy@94.16.110.151
# Check system status
sudo systemctl status nginx docker fail2ban
# View Docker containers
docker ps -a
# Check logs
sudo tail -f /var/log/nginx/error.log
docker logs php-container
```
## Security Updates
### Regular Maintenance
1. Update system packages monthly
2. Review fail2ban logs for suspicious activity
3. Monitor SSL certificate expiration
4. Check for security updates
### Update Commands
```bash
# Update system packages
sudo apt update && sudo apt upgrade -y
# Update Docker containers
cd /var/www/html
docker-compose pull
docker-compose up -d
# Renew SSL certificates (automatic with certbot)
sudo certbot renew
```
## Recovery Procedures
### Rollback Deployment
If issues occur:
```bash
# Stop application
docker-compose down
# Restore from backup
sudo rsync -av /var/www/backups/latest/ /var/www/html/
# Restart application
docker-compose up -d
```
### Emergency Access
If SSH key issues occur:
1. Access via Netcup VPS console
2. Re-enable password authentication temporarily
3. Fix SSH key configuration
4. Disable password authentication again
## Support and Documentation
- Framework documentation: `/docs/`
- Deployment logs: Check Ansible output
- System logs: `journalctl -xe`
- Application logs: Docker container logs
For issues, check the troubleshooting guide in `deployment/docs/TROUBLESHOOTING.md`.
Reference in New Issue View Git Blame Copy Permalink