diff --git a/.env.prod.example b/.env.prod.example index 2634303..64f492c 100644 --- a/.env.prod.example +++ b/.env.prod.example @@ -1,24 +1,33 @@ +# ===================================================== +# PRODUCTION ENVIRONMENT - BMC Hub +# ===================================================== +# Kopier denne fil til .env på production serveren +# OG ÆNDR ALLE PASSWORDS OG SECRETS! + +# ===================================================== +# RELEASE VERSION +# ===================================================== +# Tag fra Gitea (f.eks. v1.0.0, v1.2.3) +RELEASE_VERSION=v1.0.0 + +# ===================================================== +# GITEA AUTHENTICATION +# ===================================================== +# Personal Access Token fra https://g.bmcnetworks.dk/user/settings/applications +GITHUB_TOKEN=your_gitea_token_here +GITHUB_REPO=ct/bmc_hub + # ===================================================== # POSTGRESQL DATABASE - Production # ===================================================== -DATABASE_URL=postgresql://bmc_hub:CHANGEME_STRONG_PASSWORD@postgres:5432/bmc_hub +DATABASE_URL=postgresql://bmc_hub_prod:CHANGE_THIS_PASSWORD@postgres:5432/bmc_hub_prod -# Database credentials (bruges af docker-compose) -POSTGRES_USER=bmc_hub -POSTGRES_PASSWORD=CHANGEME_STRONG_PASSWORD -POSTGRES_DB=bmc_hub +# Database credentials (bruges af docker-compose/podman-compose) +POSTGRES_USER=bmc_hub_prod +POSTGRES_PASSWORD=CHANGE_THIS_PASSWORD_TO_STRONG_PASSWORD +POSTGRES_DB=bmc_hub_prod POSTGRES_PORT=5432 -# ===================================================== -# GITHUB DEPLOYMENT - Production Version Control -# ===================================================== -# Git tag eller branch at deploye (f.eks. "v1.0.0", "v1.2.3") -# VIGTIGT: Brug ALTID tags til production (ikke "latest" eller "main") -RELEASE_VERSION=v1.0.0 - -# GitHub repository (format: owner/repo eller path på Gitea) -GITHUB_REPO=ct/bmc_hub - # GitHub/Gitea Personal Access Token (skal have læseadgang til repo) # Opret token på: https://g.bmcnetworks.dk/user/settings/applications GITHUB_TOKEN=your_gitea_token_here diff --git a/DEPLOYMENT_CHECKLIST.md b/DEPLOYMENT_CHECKLIST.md new file mode 100644 index 0000000..b32ba5b --- /dev/null +++ b/DEPLOYMENT_CHECKLIST.md @@ -0,0 +1,418 @@ +# 🚀 BMC Hub - Production Deployment Checklist + +## ✅ Pre-Deployment (På din Mac) + +### 1. Test Lokalt +- [ ] Alle ændringer committed til Git +- [ ] Lokale tests kørt og består +- [ ] `docker-compose up` virker lokalt +- [ ] Health endpoint returnerer OK: `curl http://localhost:8001/health` + +### 2. Opret Gitea Release + +```bash +cd /Users/christianthomas/DEV/bmc_hub_dev + +# Se nuværende tags +git tag -l + +# Commit alle ændringer +git add . +git status +git commit -m "Release v1.0.0: Initial production release" + +# Push til Gitea +git push origin main + +# Tag release (semantic versioning: major.minor.patch) +git tag v1.0.0 +git push origin v1.0.0 + +# Verificer på Gitea +open https://g.bmcnetworks.dk/ct/bmc_hub/releases +``` + +### 3. Verificer Release på Gitea +- [ ] Tag synligt på https://g.bmcnetworks.dk/ct/bmc_hub/tags +- [ ] Kan downloade archive: https://g.bmcnetworks.dk/ct/bmc_hub/archive/v1.0.0.tar.gz +- [ ] Raw files tilgængelige via API + +## 🔧 Production Server Setup (Første Gang) + +### 1. Forbered Server + +```bash +# SSH til server +ssh user@your-server.com + +# Installer Podman (hvis ikke installeret) +sudo apt update +sudo apt install -y podman podman-compose + +# Eller på RHEL/CentOS +sudo dnf install -y podman podman-compose + +# Verificer installation +podman --version +podman-compose --version +``` + +### 2. Opret Gitea Personal Access Token + +- [ ] Gå til https://g.bmcnetworks.dk/user/settings/applications +- [ ] Klik "Generate New Token" +- [ ] Token navn: `BMC Hub Production` +- [ ] Scopes: ✅ `repo` (read) +- [ ] Gem token sikkert (vises kun én gang!) + +### 3. Download Deployment Files + +```bash +# Opret deployment directory +sudo mkdir -p /opt/bmc_hub +sudo chown $USER:$USER /opt/bmc_hub +cd /opt/bmc_hub + +# Download deployment script +curl -H "Authorization: token YOUR_GITEA_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/scripts/deploy_production.sh?ref=v1.0.0 \ + -o setup.sh +chmod +x setup.sh + +# Download .env template +curl -H "Authorization: token YOUR_GITEA_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/.env.prod.example?ref=v1.0.0 \ + -o .env.example +``` + +### 4. Konfigurer Environment + +```bash +# Kopier template +cp .env.example .env + +# Rediger .env +nano .env +``` + +**KRITISKE ÆNDRINGER:** + +```bash +# 1. Version +RELEASE_VERSION=v1.0.0 + +# 2. Gitea Token +GITHUB_TOKEN=glpat-xxxxxxxxxxxxxxxxxxxx # Din token fra trin 2 + +# 3. Database Passwords (generer stærke passwords) +POSTGRES_PASSWORD=$(openssl rand -base64 32) +DATABASE_URL=postgresql://bmc_hub_prod:${POSTGRES_PASSWORD}@postgres:5432/bmc_hub_prod + +# 4. Secret Key (generer random) +SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(32))") + +# 5. CORS Origins (production domain) +CORS_ORIGINS=https://hub.bmcnetworks.dk + +# 6. e-conomic Credentials (hvis relevant) +ECONOMIC_APP_SECRET_TOKEN=xxxxx +ECONOMIC_AGREEMENT_GRANT_TOKEN=xxxxx + +# 7. vTiger Credentials (hvis relevant) +VTIGER_API_KEY=xxxxx + +# 8. BEHOLD SAFETY SWITCHES! +ECONOMIC_READ_ONLY=true +ECONOMIC_DRY_RUN=true +TIMETRACKING_VTIGER_READ_ONLY=true +TIMETRACKING_ECONOMIC_READ_ONLY=true +``` + +### 5. Kør Deployment + +```bash +# Download alle filer fra Gitea +./setup.sh + +# Verificer downloaded files +ls -la +# Skal se: docker-compose.yml, Dockerfile, requirements.txt, migrations/ + +# Build og start +podman-compose up -d --build + +# Følg logs +podman-compose logs -f +``` + +### 6. Verificer Deployment + +```bash +# Check container status +podman ps + +# Expected output: +# CONTAINER ID IMAGE STATUS PORTS +# xxxxxxxxxxxx bmc-hub:v1.0.0 Up 2 minutes 0.0.0.0:8000->8000/tcp +# xxxxxxxxxxxx postgres:16-alpine Up 2 minutes 0.0.0.0:5432->5432/tcp + +# Test health endpoint +curl http://localhost:8000/health + +# Expected: +# {"status":"healthy","database":"connected","version":"v1.0.0"} + +# Test API +curl http://localhost:8000/api/v1/system/health + +# Check database +podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod + +# Liste tabeller +\dt + +# Check sample data +SELECT * FROM customers LIMIT 5; +\q +``` + +### 7. Setup Reverse Proxy (SSL/HTTPS) + +**Med Nginx:** + +```nginx +server { + listen 443 ssl http2; + server_name hub.bmcnetworks.dk; + + ssl_certificate /etc/ssl/certs/bmcnetworks.crt; + ssl_certificate_key /etc/ssl/private/bmcnetworks.key; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +``` + +**Med Traefik** (labels i docker-compose.yml): + +```yaml +labels: + - "traefik.enable=true" + - "traefik.http.routers.bmc-hub.rule=Host(`hub.bmcnetworks.dk`)" + - "traefik.http.routers.bmc-hub.entrypoints=websecure" + - "traefik.http.routers.bmc-hub.tls.certresolver=letsencrypt" +``` + +### 8. Setup Backups + +```bash +# Opret backup script +sudo nano /opt/bmc_hub/backup.sh +``` + +```bash +#!/bin/bash +BACKUP_DIR="/opt/backups/bmc_hub" +DATE=$(date +%Y%m%d_%H%M%S) + +mkdir -p $BACKUP_DIR + +# Backup database +podman exec bmc-hub-postgres-prod pg_dump -U bmc_hub_prod bmc_hub_prod | \ + gzip > $BACKUP_DIR/database_$DATE.sql.gz + +# Backup uploads og data +tar -czf $BACKUP_DIR/files_$DATE.tar.gz /opt/bmc_hub/uploads /opt/bmc_hub/data + +# Behold kun 30 dages backups +find $BACKUP_DIR -type f -mtime +30 -delete + +echo "Backup completed: $DATE" +``` + +```bash +chmod +x /opt/bmc_hub/backup.sh + +# Tilføj til crontab (daglig backup kl 02:00) +crontab -e +# Add: 0 2 * * * /opt/bmc_hub/backup.sh >> /opt/bmc_hub/logs/backup.log 2>&1 +``` + +### 9. Setup Monitoring (Optional) + +**Uptime Kuma:** +- Add monitor for: `https://hub.bmcnetworks.dk/health` +- Interval: 60 sekunder +- Expected keyword: `"healthy"` + +**Prometheus/Grafana:** +- Se `docs/MONITORING.md` (hvis eksisterer) + +## 🔄 Opdatering til Ny Version + +### På din Mac: + +```bash +cd /Users/christianthomas/DEV/bmc_hub_dev + +# Lav ændringer... +git add . +git commit -m "Feature: Add new functionality" +git push origin main + +# Tag ny version +git tag v1.1.0 +git push origin v1.1.0 +``` + +### På Production Server: + +```bash +cd /opt/bmc_hub + +# Backup først! +./backup.sh + +# Opdater RELEASE_VERSION i .env +nano .env +# Ændr: RELEASE_VERSION=v1.1.0 + +# Download nye filer +./setup.sh + +# Rebuild +podman-compose down +podman-compose up -d --build + +# Verificer +podman-compose logs -f api +curl http://localhost:8000/health +``` + +## 🆘 Troubleshooting + +### Container Starter Ikke + +```bash +# Check logs detaljeret +podman logs bmc-hub-api-prod --tail 100 + +# Check build logs +podman-compose build --no-cache + +# Verificer .env +cat .env | grep -v "PASSWORD\|TOKEN\|SECRET" +``` + +### Database Connection Fejl + +```bash +# Test database connection +podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod + +# Check database logs +podman logs bmc-hub-postgres-prod + +# Restart database +podman-compose restart postgres +``` + +### Gitea Download Fejl + +```bash +# Test token manuelt +curl -H "Authorization: token YOUR_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/tags + +# Verificer release eksisterer +curl https://g.bmcnetworks.dk/ct/bmc_hub/releases + +# Check network +ping g.bmcnetworks.dk +``` + +### Port Allerede I Brug + +```bash +# Find hvad der bruger porten +sudo lsof -i :8000 + +# Ændr port i .env +nano .env +# API_PORT=8001 + +# Rebuild +podman-compose down +podman-compose up -d +``` + +## 🔙 Rollback Procedure + +```bash +cd /opt/bmc_hub + +# Stop services +podman-compose down + +# Restore database backup +gunzip < /opt/backups/bmc_hub/database_YYYYMMDD_HHMMSS.sql.gz | \ + podman exec -i bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod + +# Ændr til gammel version i .env +nano .env +# RELEASE_VERSION=v1.0.0 + +# Rebuild +podman-compose up -d --build + +# Verificer +curl http://localhost:8000/health +``` + +## 📊 Post-Deployment Checks + +- [ ] Health endpoint OK: `curl https://hub.bmcnetworks.dk/health` +- [ ] API responding: `curl https://hub.bmcnetworks.dk/api/v1/system/health` +- [ ] Database accessible og data intact +- [ ] Logs ser normale ud (ingen ERROR/CRITICAL) +- [ ] SSL certificate valid +- [ ] Backups kører automatisk +- [ ] Monitoring alerts konfigureret +- [ ] Safety switches aktiveret (READ_ONLY=true) +- [ ] DNS pointing til ny server (hvis relevant) +- [ ] Firewall rules konfigureret + +## 🎯 Security Checklist + +- [ ] Alle passwords ændret fra defaults +- [ ] SECRET_KEY er random og unik +- [ ] CORS_ORIGINS sat til production domain +- [ ] SSL/HTTPS aktiveret +- [ ] Firewall kun åbner 80/443 (ikke 8000 direkte) +- [ ] Database port IKKE exposed eksternt (kun internt network) +- [ ] .env fil har korrekte permissions (600) +- [ ] Gitea token har minimal scope (kun read) +- [ ] Safety switches aktiveret i .env +- [ ] Backups krypteret (hvis sensitive data) + +## 📝 Dokumentation + +- [ ] [PRODUCTION_DEPLOYMENT.md](PRODUCTION_DEPLOYMENT.md) - Detaljeret guide +- [ ] [PRODUCTION_QUICK_START.md](PRODUCTION_QUICK_START.md) - Hurtig reference +- [ ] [README.md](README.md) - Project overview + +## 📞 Support + +Ved problemer: +- Email: ct@bmcnetworks.dk +- Gitea Issues: https://g.bmcnetworks.dk/ct/bmc_hub/issues + +--- + +**Version:** 1.0 +**Sidst opdateret:** 2025-12-17 diff --git a/PRODUCTION_DEPLOYMENT.md b/PRODUCTION_DEPLOYMENT.md new file mode 100644 index 0000000..27b0b5b --- /dev/null +++ b/PRODUCTION_DEPLOYMENT.md @@ -0,0 +1,317 @@ +# BMC Hub - Production Deployment Guide + +## 📋 Forudsætninger + +- Linux server med **Podman** eller **Docker** installeret +- Adgang til Gitea repository: `https://g.bmcnetworks.dk/ct/bmc_hub` +- Gitea Personal Access Token med læseadgang + +## 🚀 Deployment Trin-for-Trin + +### 1. Opret Gitea Personal Access Token + +1. Gå til https://g.bmcnetworks.dk/user/settings/applications +2. Klik "Generate New Token" +3. Giv tokenet et navn: "BMC Hub Production" +4. Vælg scopes: `repo` (read) +5. Gem tokenet sikkert - det vises kun én gang + +### 2. Tag en Release i Gitea + +Fra din lokale udviklings-mac: + +```bash +cd /Users/christianthomas/DEV/bmc_hub_dev + +# Commit alle ændringer +git add . +git commit -m "Prepare for production v1.0.0" + +# Tag release +git tag v1.0.0 +git push origin main +git push origin v1.0.0 +``` + +### 3. Forbered Production Server + +```bash +# SSH til production server +ssh user@your-production-server.com + +# Opret deployment directory +mkdir -p /opt/bmc_hub +cd /opt/bmc_hub + +# Download kun nødvendige filer fra Gitea +curl -H "Authorization: token YOUR_GITEA_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/docker-compose.prod.yml?ref=v1.0.0 \ + -o docker-compose.yml + +curl -H "Authorization: token YOUR_GITEA_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/Dockerfile?ref=v1.0.0 \ + -o Dockerfile + +curl -H "Authorization: token YOUR_GITEA_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/.env.prod.example?ref=v1.0.0 \ + -o .env.example + +# Opret migrations directory +mkdir -p migrations + +# Download alle migrations (init.sql og andre) +curl -H "Authorization: token YOUR_GITEA_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/migrations/init.sql?ref=v1.0.0 \ + -o migrations/init.sql + +# Download requirements.txt (til Dockerfile) +curl -H "Authorization: token YOUR_GITEA_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/requirements.txt?ref=v1.0.0 \ + -o requirements.txt +``` + +### 4. Konfigurer Environment Variables + +```bash +# Kopier template +cp .env.example .env + +# Rediger .env med production værdier +nano .env +``` + +**VIGTIGE ÆNDRINGER I .env:** + +```bash +# Release version (matcher git tag) +RELEASE_VERSION=v1.0.0 + +# Gitea token +GITHUB_TOKEN=din_gitea_personal_access_token + +# SKIFT ALLE PASSWORDS! +POSTGRES_PASSWORD=et_meget_stærkt_password_her +SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(32))") + +# Production settings +LOG_LEVEL=WARNING +CORS_ORIGINS=https://yourdomain.com + +# BEHOLD SAFETY SWITCHES PÅ! +ECONOMIC_READ_ONLY=true +ECONOMIC_DRY_RUN=true +``` + +### 5. Opret Nødvendige Directories + +```bash +cd /opt/bmc_hub + +# Opret data directories +mkdir -p logs uploads data/invoice_templates + +# Sæt permissions (hvis nødvendigt) +chmod 755 logs uploads data +``` + +### 6. Start Services med Podman Compose + +```bash +# Pull og build images +podman-compose -f docker-compose.yml build --no-cache + +# Start services +podman-compose -f docker-compose.yml up -d + +# Følg logs +podman-compose -f docker-compose.yml logs -f +``` + +### 7. Verificer Deployment + +```bash +# Check container status +podman ps + +# Test health endpoint +curl http://localhost:8000/health + +# Check database +podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod -c "\dt" +``` + +Expected output: +```json +{ + "status": "healthy", + "database": "connected", + "version": "v1.0.0" +} +``` + +## 🔄 Opdatering til Ny Version + +```bash +# På din Mac - tag ny release +cd /Users/christianthomas/DEV/bmc_hub_dev +git tag v1.1.0 +git push origin v1.1.0 + +# På production server +cd /opt/bmc_hub + +# Opdater RELEASE_VERSION i .env +nano .env # Ændr til v1.1.0 + +# Rebuild og genstart +podman-compose down +podman-compose build --no-cache +podman-compose up -d + +# Verificer +podman-compose logs -f api +``` + +## 🗄️ Database Migrations + +Når der tilføjes nye migrations: + +```bash +# Download nye migration filer til /opt/bmc_hub/migrations/ +curl -H "Authorization: token YOUR_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/raw/migrations/XXX_new_migration.sql?ref=v1.1.0 \ + -o migrations/XXX_new_migration.sql + +# Kør migration manuelt +podman exec -i bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod < migrations/XXX_new_migration.sql +``` + +**VIGTIGT:** init.sql kører KUN ved første database initialization. Nye migrations skal køres manuelt. + +## 🔒 Sikkerhed Best Practices + +1. **Passwords**: Brug minimum 32 tegn, tilfældige passwords +2. **Secret Key**: Generer med `secrets.token_urlsafe(32)` +3. **Gitea Token**: Begræns til read-only scope for production +4. **Firewall**: Åbn kun nødvendige porte (8000, 5432 hvis remote access) +5. **HTTPS**: Brug reverse proxy (nginx/traefik) med SSL i production +6. **Backups**: Sæt automatisk backup op for PostgreSQL data volume + +## 📊 Monitoring + +```bash +# Container status +podman-compose ps + +# Resource usage +podman stats + +# Application logs +podman-compose logs -f api + +# Database logs +podman-compose logs -f postgres + +# Health check +curl http://localhost:8000/health +curl http://localhost:8000/api/v1/system/health +``` + +## 🆘 Troubleshooting + +### Database Connection Issues + +```bash +# Check postgres logs +podman-compose logs postgres + +# Test connection +podman exec -it bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod + +# Check network +podman network inspect bmc-hub-network_bmc-hub-network +``` + +### API Won't Start + +```bash +# Check detailed logs +podman logs bmc-hub-api-prod + +# Verify environment variables +podman exec bmc-hub-api-prod env | grep -E "DATABASE|RELEASE" + +# Check if database is ready +podman exec bmc-hub-postgres-prod pg_isready +``` + +### Gitea Download Fails + +```bash +# Test token manually +curl -H "Authorization: token YOUR_TOKEN" \ + https://g.bmcnetworks.dk/api/v1/repos/ct/bmc_hub/tags + +# Verify release exists +curl https://g.bmcnetworks.dk/ct/bmc_hub/releases +``` + +## 🔄 Rollback Procedure + +```bash +# Ændr RELEASE_VERSION til tidligere version +nano .env # v1.1.0 → v1.0.0 + +# Rebuild med gammel version +podman-compose down +podman-compose build --no-cache +podman-compose up -d +``` + +## 📦 Backup & Restore + +### Backup Database + +```bash +# Automated backup script +podman exec bmc-hub-postgres-prod pg_dump -U bmc_hub_prod bmc_hub_prod > backup_$(date +%Y%m%d).sql + +# Eller med podman-compose +podman-compose exec postgres pg_dump -U bmc_hub_prod bmc_hub_prod > backup.sql +``` + +### Restore Database + +```bash +# Stop API først +podman-compose stop api + +# Restore +podman exec -i bmc-hub-postgres-prod psql -U bmc_hub_prod -d bmc_hub_prod < backup.sql + +# Start API +podman-compose start api +``` + +## 🎯 Production Checklist + +- [ ] Gitea token oprettet med read-only scope +- [ ] Release tagged i Git (f.eks. v1.0.0) +- [ ] `.env` fil udfyldt med production værdier +- [ ] Alle passwords ændret fra defaults +- [ ] SECRET_KEY genereret tilfældigt +- [ ] CORS_ORIGINS sat til production domain +- [ ] Safety switches aktiveret (READ_ONLY=true, DRY_RUN=true) +- [ ] Directories oprettet (logs, uploads, data) +- [ ] Migrations downloaded til `migrations/` directory +- [ ] Database initialiseret med init.sql +- [ ] Containers startet og healthy +- [ ] Health endpoints verificeret +- [ ] Backup strategi implementeret +- [ ] Firewall konfigureret +- [ ] SSL certifikat installeret (reverse proxy) +- [ ] Monitoring setup (optional: Uptime Kuma) + +## 📞 Support + +Ved problemer, kontakt: ct@bmcnetworks.dk diff --git a/PRODUCTION_QUICK_START.md b/PRODUCTION_QUICK_START.md new file mode 100644 index 0000000..40a90e9 --- /dev/null +++ b/PRODUCTION_QUICK_START.md @@ -0,0 +1,111 @@ +# BMC Hub - Quick Production Setup + +## 🚀 Hurtig Start (TL;DR) + +```bash +# 1. På din Mac - tag en release +cd /Users/christianthomas/DEV/bmc_hub_dev +git tag v1.0.0 && git push origin v1.0.0 + +# 2. På production server +mkdir /opt/bmc_hub && cd /opt/bmc_hub + +# 3. Download setup script +curl https://raw.githubusercontent.com/ct/bmc_hub/v1.0.0/scripts/deploy_production.sh -o setup.sh +chmod +x setup.sh + +# 4. Opret .env (brug template nedenfor) +nano .env + +# 5. Kør deployment +./setup.sh + +# 6. Start services +podman-compose up -d --build + +# 7. Verificer +curl http://localhost:8000/health +``` + +## 📋 Minimal .env Template + +```bash +# Version +RELEASE_VERSION=v1.0.0 + +# Gitea (opret token på https://g.bmcnetworks.dk/user/settings/applications) +GITHUB_TOKEN=glpat-xxxxxxxxxxxxx +GITHUB_REPO=ct/bmc_hub + +# Database (SKIFT PASSWORD!) +POSTGRES_USER=bmc_hub_prod +POSTGRES_PASSWORD=din_stærke_password_her +POSTGRES_DB=bmc_hub_prod +DATABASE_URL=postgresql://bmc_hub_prod:din_stærke_password_her@postgres:5432/bmc_hub_prod + +# Security (generer med: python3 -c "import secrets; print(secrets.token_urlsafe(32))") +SECRET_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + +# API +API_PORT=8000 +CORS_ORIGINS=https://yourdomain.com + +# Safety (BEHOLD true!) +ECONOMIC_READ_ONLY=true +ECONOMIC_DRY_RUN=true +``` + +## 🔄 Opdater til Ny Version + +```bash +cd /opt/bmc_hub + +# Ændr version i .env +nano .env # RELEASE_VERSION=v1.1.0 + +# Rebuild +podman-compose down +podman-compose up -d --build + +# Check +podman-compose logs -f api +``` + +## 📖 Fuld Dokumentation + +Se [PRODUCTION_DEPLOYMENT.md](PRODUCTION_DEPLOYMENT.md) for detaljeret guide. + +## 🆘 Problemer? + +```bash +# Check logs +podman-compose logs -f + +# Check containers +podman ps -a + +# Restart +podman-compose restart + +# Start forfra +podman-compose down -v +podman-compose up -d --build +``` + +## 📁 Struktur på Production Server + +``` +/opt/bmc_hub/ +├── .env # Din konfiguration (opret selv) +├── docker-compose.yml # Downloaded fra Gitea +├── Dockerfile # Downloaded fra Gitea +├── requirements.txt # Downloaded fra Gitea +├── migrations/ # SQL migrations +│ └── init.sql +├── logs/ # Application logs +├── uploads/ # Uploaded files +└── data/ # Application data + └── invoice_templates/ +``` + +**VIGTIGT:** Kun disse filer downloades til serveren. Al application kode hentes automatisk af Docker/Podman fra Gitea release når containeren bygges. diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 6915728..783fb04 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -1,7 +1,7 @@ version: '3.8' services: - # PostgreSQL Database + # PostgreSQL Database - Production postgres: image: postgres:16-alpine container_name: bmc-hub-postgres-prod @@ -11,7 +11,8 @@ services: POSTGRES_DB: ${POSTGRES_DB} volumes: - postgres_data:/var/lib/postgresql/data - - ./migrations/init.sql:/docker-entrypoint-initdb.d/init.sql:ro + # Mount all migration files for initialization + - ./migrations:/docker-entrypoint-initdb.d:ro ports: - "${POSTGRES_PORT:-5432}:5432" restart: always @@ -23,7 +24,7 @@ services: networks: - bmc-hub-network - # FastAPI Application - Production with GitHub Release Version + # FastAPI Application - Production with Gitea Release api: build: context: . @@ -40,10 +41,10 @@ services: ports: - "${API_PORT:-8000}:8000" volumes: + # Data persistence (NO source code in production) - ./logs:/app/logs - ./uploads:/app/uploads - ./data:/app/data - # NOTE: No source code mount in production - code comes from GitHub release env_file: - .env environment: @@ -62,6 +63,7 @@ services: labels: - "com.bmcnetworks.app=bmc-hub" - "com.bmcnetworks.version=${RELEASE_VERSION:-latest}" + - "com.bmcnetworks.environment=production" networks: bmc-hub-network: diff --git a/scripts/deploy_production.sh b/scripts/deploy_production.sh new file mode 100644 index 0000000..db64451 --- /dev/null +++ b/scripts/deploy_production.sh @@ -0,0 +1,128 @@ +#!/bin/bash +# BMC Hub - Production Deployment Script +# Dette script automatiserer download af nødvendige filer fra Gitea + +set -e # Exit on error + +# Farver til output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +# Check om .env eksisterer +if [ ! -f .env ]; then + echo -e "${RED}❌ Fejl: .env fil ikke fundet${NC}" + echo "Kopier .env.example til .env og udfyld med dine værdier:" + echo " cp .env.example .env" + echo " nano .env" + exit 1 +fi + +# Load environment variables +source .env + +# Verificer påkrævede variables +if [ -z "$GITHUB_TOKEN" ] || [ "$GITHUB_TOKEN" == "your_gitea_token_here" ]; then + echo -e "${RED}❌ Fejl: GITHUB_TOKEN ikke sat i .env${NC}" + echo "Opret en Personal Access Token på:" + echo " https://g.bmcnetworks.dk/user/settings/applications" + exit 1 +fi + +if [ -z "$RELEASE_VERSION" ]; then + echo -e "${RED}❌ Fejl: RELEASE_VERSION ikke sat i .env${NC}" + exit 1 +fi + +GITEA_BASE="https://g.bmcnetworks.dk" +REPO="${GITHUB_REPO:-ct/bmc_hub}" +VERSION="${RELEASE_VERSION}" + +echo -e "${GREEN}🚀 BMC Hub Production Deployment${NC}" +echo -e "Repository: ${REPO}" +echo -e "Version: ${VERSION}" +echo "" + +# Download function +download_file() { + local file=$1 + local output=${2:-$file} + + echo -e "${YELLOW}⬇️ Downloader: ${file}${NC}" + + if curl -f -H "Authorization: token ${GITHUB_TOKEN}" \ + "${GITEA_BASE}/api/v1/repos/${REPO}/raw/${file}?ref=${VERSION}" \ + -o "${output}" 2>/dev/null; then + echo -e "${GREEN}✅ Success: ${output}${NC}" + return 0 + else + echo -e "${RED}❌ Fejl ved download af ${file}${NC}" + return 1 + fi +} + +# Opret directories +echo -e "${YELLOW}📁 Opretter directories...${NC}" +mkdir -p migrations logs uploads data/invoice_templates + +# Download core files +echo -e "\n${YELLOW}📥 Downloader core filer...${NC}" +download_file "docker-compose.prod.yml" "docker-compose.yml" +download_file "Dockerfile" +download_file "requirements.txt" + +# Download migrations +echo -e "\n${YELLOW}📥 Downloader migrations...${NC}" + +# Liste over alle migrations (i rækkefølge) +MIGRATIONS=( + "init.sql" + "002_auth_system.sql" + "003_extend_customers.sql" + "004_contacts_relationships.sql" + "005_vendors.sql" + "006_settings.sql" + "007_dev_portal.sql" + "008_credit_notes.sql" + "008_supplier_invoices.sql" + "009_document_extraction.sql" + "010_supplier_invoice_templates.sql" + "011_extraction_lines_context.sql" + "011_quick_analysis.sql" + "012_own_invoice_filter.sql" + "012_template_default_category.sql" + "013_email_system.sql" + "013_timetracking_module.sql" + "014_add_contact_user_company.sql" + "014_economic_customer_number.sql" + "014_email_workflows.sql" + "015_bmc_office_subscriptions.sql" + "023_subscriptions_lock.sql" + "024_backup_system.sql" + "025_ticket_module.sql" + "026_ticket_enhancements.sql" + "026_ticket_permissions.sql" + "027_customer_notes.sql" + "027_tag_system.sql" + "028_auto_link_tmodule_customers.sql" + "029_ticket_contacts.sql" + "030_ticket_contacts_flexible_roles.sql" + "050_email_activity_log.sql" +) + +for migration in "${MIGRATIONS[@]}"; do + download_file "migrations/${migration}" "migrations/${migration}" || echo -e "${YELLOW}⚠️ Kunne ikke downloade ${migration} (måske findes den ikke i denne version)${NC}" +done + +echo -e "\n${GREEN}✅ Download komplet!${NC}" +echo "" +echo -e "${YELLOW}Næste trin:${NC}" +echo "1. Verificer .env filen er korrekt udfyldt" +echo "2. Start services:" +echo -e " ${GREEN}podman-compose up -d --build${NC}" +echo "3. Check logs:" +echo -e " ${GREEN}podman-compose logs -f${NC}" +echo "4. Test health endpoint:" +echo -e " ${GREEN}curl http://localhost:8000/health${NC}" +echo ""