letsbe
/
monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
monacousa-portal/deploy/README.md

277 lines
5.6 KiB
Markdown
Raw Normal View History

Add standalone production deployment package - docker-compose.yml: Standalone compose with Traefik, Supabase, portal - init.sql: Combined database schema + all 16 migrations - kong.yml.template: Kong config with API key placeholders - setup.sh: Auto-generates secrets (JWT, passwords, API keys) - .env.example: Comprehensive environment template - README.md: Complete deployment guide No source code cloning required - just copy files and run setup.sh Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-26 11:15:56 +01:00
# Monaco USA Portal - Standalone Production Deployment
This is a standalone deployment package for the Monaco USA Portal. No source code cloning required.
## Prerequisites
- Linux server (Ubuntu 22.04+ recommended)
- Docker Engine 24.0+
- Docker Compose v2.20+
- Domain name with DNS pointing to your server
- Ports 80 and 443 open
## Quick Start
### 1. Download the deployment files
Create a directory and download the deployment files:
```bash
mkdir -p /opt/monacousa
cd /opt/monacousa
# Download files from your deployment source
# Example: scp, git clone, or direct download
```
You need these files:
- `docker-compose.yml`
- `.env.example`
- `init.sql`
- `kong.yml.template`
- `setup.sh`
### 2. Configure environment
```bash
# Copy the example environment file
cp .env.example .env
# Edit with your settings
nano .env
```
At minimum, configure:
- `DOMAIN` - Your domain name (e.g., `portal.monacousa.org`)
- `ACME_EMAIL` - Email for SSL certificates
- SMTP settings (optional but recommended for emails)
### 3. Run setup script
```bash
# Make setup script executable
chmod +x setup.sh
# Run setup - this generates secrets and kong.yml
./setup.sh
```
The setup script will:
- Generate secure random passwords and JWT tokens
- Create `kong.yml` from the template with your API keys
- Validate your configuration
### 4. Start the services
```bash
docker compose up -d
```
### 5. Verify deployment
```bash
# Check all containers are running
docker compose ps
# Check database initialization
docker compose logs db
# Check for any errors
docker compose logs -f
```
### 6. Access the portal
Open `https://your-domain.com` in your browser. On first visit, you'll be redirected to `/setup` to create the initial admin account.
## Architecture
```
Internet
├─► :80/:443 ──► Traefik (SSL/Reverse Proxy)
│ │
│ ├─► portal.domain.com ──► Portal (SvelteKit)
│ ├─► api.domain.com ──► Kong ──► Auth/REST/Storage
│ └─► studio.domain.com ──► Studio (Dashboard)
Internal Network
├─► Kong API Gateway
│ ├─► Auth (GoTrue)
│ ├─► REST (PostgREST)
│ ├─► Storage API
│ └─► Realtime
└─► PostgreSQL Database
```
## Files Description
| File | Purpose |
|------|---------|
| `docker-compose.yml` | All service definitions |
| `.env` | Your configuration (from .env.example) |
| `init.sql` | Database schema and migrations |
| `kong.yml.template` | API gateway config template |
| `kong.yml` | Generated API gateway config (created by setup.sh) |
| `setup.sh` | Setup script for secrets and validation |
## Management Commands
```bash
# Start all services
docker compose up -d
# Stop all services
docker compose down
# View logs
docker compose logs -f
# View specific service logs
docker compose logs -f portal
docker compose logs -f db
# Restart a specific service
docker compose restart portal
# Check resource usage
docker stats
# Enter database shell
docker compose exec db psql -U postgres
```
## Updating
To update the portal to a new version:
```bash
# Pull the latest image
docker compose pull portal
# Restart the portal service
docker compose up -d portal
```
## Backup
### Database backup
```bash
# Create backup
docker compose exec db pg_dump -U postgres postgres > backup_$(date +%Y%m%d).sql
# Restore backup
docker compose exec -T db psql -U postgres postgres < backup_YYYYMMDD.sql
```
### Full backup (including storage)
```bash
# Stop services first for consistent backup
docker compose stop
# Backup volumes
docker run --rm -v monacousa_db-data:/data -v $(pwd):/backup alpine \
tar czf /backup/db-data-backup.tar.gz -C /data .
docker run --rm -v monacousa_storage-data:/data -v $(pwd):/backup alpine \
tar czf /backup/storage-data-backup.tar.gz -C /data .
# Start services
docker compose up -d
```
## Troubleshooting
### Containers not starting
```bash
# Check logs for errors
docker compose logs
# Check if ports are in use
netstat -tlnp | grep -E ':(80|443)'
```
### SSL certificate issues
```bash
# Check Traefik logs
docker compose logs traefik
# Verify DNS is pointing to server
dig +short your-domain.com
```
### Database connection errors
```bash
# Check database is healthy
docker compose ps db
# Check database logs
docker compose logs db
# Verify database is accepting connections
docker compose exec db pg_isready -U postgres
```
### API 401 Unauthorized errors
This usually means the API keys don't match. Run setup again:
```bash
./setup.sh
docker compose restart kong
```
### Portal not loading
```bash
# Check portal logs
docker compose logs portal
# Verify kong is routing correctly
docker compose exec portal wget -qO- http://kong:8000/rest/v1/ || echo "Kong not reachable"
```
## Security Recommendations
1. **Secure your .env file**
```bash
chmod 600 .env
```
2. **Enable dashboard authentication**
```bash
# Generate password hash
htpasswd -nB admin
# Add to .env as STUDIO_AUTH and TRAEFIK_DASHBOARD_AUTH
```
3. **Set up firewall**
```bash
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 22/tcp
ufw enable
```
4. **Regular updates**
- Keep Docker and host OS updated
- Regularly pull latest portal images
5. **Monitor logs**
- Set up log rotation (configured in docker-compose.yml)
- Consider centralized logging (ELK, Loki, etc.)
## Support
For issues and questions:
- Check logs: `docker compose logs -f`
- GitHub issues: [Project Repository]
- Email: support@monacousa.org