# Stiftung Deployment on IONOS Server (217.154.84.225)

## Server Details
- **IP Address**: 217.154.84.225
- **Operating System**: Ubuntu 22.04 LTS
- **Provider**: IONOS
- **Resources**: TBD (recommended 4 vCPU, 8GB RAM, 100GB SSD)

## Migration Overview
This deployment migrates the Stiftung application from Synology NAS to a dedicated IONOS Ubuntu server, incorporating all new features and lessons learned from the original deployment.

## New Features Since Synology Deployment
- **HelpBox System**: Editable info boxes with Markdown support on all "New" creation pages
- **Central HelpBox Management**: Admin interface at `/help-box/admin/`
- **Enhanced Förderung Search**: Improved search functionality
- **Template Cleanup System**: Handles orphaned recurring payment templates
- **PDF Export Improvements**: Better report generation
- **Bootstrap Layout Fixes**: Resolved grid alignment issues

## Pre-Migration Requirements

### 1. Backup Current Synology Data
```bash
# On Synology NAS
cd /volume1/docker/stiftung/deploy-synology

# Create Django data export
sudo docker-compose exec web python manage.py dumpdata \
  --format=json --indent=2 > full_backup_$(date +%Y%m%d).json

# Create PostgreSQL backup
sudo docker-compose exec db pg_dump -U stiftung_user -d stiftung \
  > db_backup_$(date +%Y%m%d).sql

# Backup media files
tar -czf media_backup_$(date +%Y%m%d).tar.gz ./data/uploads/
```

### 2. Upload Files to Local Machine
Download the backup files from Synology and prepare for upload to IONOS server.

## IONOS Server Deployment Steps

### Step 1: Server Setup
```bash
# Connect to IONOS server
ssh root@217.154.84.225

# Upload and run server setup script
wget https://raw.githubusercontent.com/yourusername/stiftung-starter/main/deploy-production/server-setup.sh
chmod +x server-setup.sh
./server-setup.sh
```

**server-setup.sh installs:**
- Docker and Docker Compose
- Nginx web server
- Certbot for SSL certificates
- UFW firewall
- Additional monitoring tools
- Creates `stiftung` user with Docker permissions

### Step 2: Application Deployment
```bash
# Switch to application user
su - stiftung

# Clone repository
cd /opt/stiftung
git clone https://github.com/yourusername/stiftung-starter.git .

# Copy production configuration
cp deploy-production/docker-compose.prod.yml docker-compose.yml
cp deploy-production/.env.production .env

# Configure environment variables
nano .env
```

**Required .env Configuration:**
```bash
# Core Django Settings
DEBUG=False
SECRET_KEY=your-new-production-secret-key-here
ALLOWED_HOSTS=217.154.84.225,your-domain.com,localhost
CSRF_TRUSTED_ORIGINS=https://your-domain.com,http://217.154.84.225

# Database Configuration
POSTGRES_DB=stiftung_prod
POSTGRES_USER=stiftung_user
POSTGRES_PASSWORD=secure-production-database-password

# Email Configuration
EMAIL_HOST=smtp.ionos.com
EMAIL_PORT=587
EMAIL_HOST_USER=admin@your-domain.com
EMAIL_HOST_PASSWORD=your-email-password
EMAIL_USE_TLS=True

# HelpBox System (New Feature)
HELPBOX_ENABLED=True
MARKDOWN_EXTENSIONS=nl2br,fenced_code,tables

# Backup Configuration
BACKUP_RETENTION_DAYS=30
```

### Step 3: Initial Deployment
```bash
# Make scripts executable
chmod +x deploy-production/deploy.sh
chmod +x deploy-production/migrate-data.sh

# Run initial deployment
./deploy-production/deploy.sh
```

**This script will:**
- Validate environment configuration
- Build Docker images with resource limits
- Start services in correct order
- Run database migrations
- Set up HelpBox system with default content
- Perform health checks

### Step 4: Data Migration
```bash
# Upload backup files to server
scp full_backup_*.json root@217.154.84.225:/opt/stiftung/migration-data/
scp db_backup_*.sql root@217.154.84.225:/opt/stiftung/migration-data/
scp media_backup_*.tar.gz root@217.154.84.225:/opt/stiftung/migration-data/

# Run migration script
su - stiftung
cd /opt/stiftung
./deploy-production/migrate-data.sh
```

**Migration script provides:**
- Interactive migration wizard
- Multiple restoration options (Django JSON or PostgreSQL dump)
- Media files restoration
- User account creation guidance
- Post-migration verification

### Step 5: Web Server Configuration
```bash
# Configure Nginx (as root)
sudo cp /opt/stiftung/deploy-production/nginx.conf /etc/nginx/sites-available/stiftung
sudo ln -s /etc/nginx/sites-available/stiftung /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default

# Test and restart Nginx
sudo nginx -t
sudo systemctl restart nginx
```

### Step 6: SSL Certificate Setup
```bash
# Install SSL certificate with Let's Encrypt
sudo certbot --nginx -d your-domain.com

# Test auto-renewal
sudo certbot renew --dry-run
```

## Production Configuration Details

### Docker Compose Resource Limits
```yaml
services:
  web:
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '1.0'
  
  db:
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '1.0'
  
  worker:
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '0.5'
```

### Security Configuration
- **Firewall**: UFW with ports 22, 80, 443 open
- **Fail2ban**: Protection against brute force attacks
- **Security Headers**: X-Frame-Options, CSP, etc.
- **Rate Limiting**: 10 requests per minute per IP

### Monitoring Setup
- **Health Endpoint**: `/health/` for application monitoring
- **Container Stats**: `docker stats` for resource monitoring
- **Log Management**: Centralized logging with rotation

## New Features Verification

### HelpBox System Testing
1. **Creation Pages**: Test help boxes on all "New" entity pages:
   - http://217.154.84.225/destinataere/new/
   - http://217.154.84.225/foerderungen/new/
   - http://217.154.84.225/unterstuetzungen/new/
   - http://217.154.84.225/paechter/new/
   - http://217.154.84.225/laendereien/new/

2. **Central Management**: Test admin interface:
   - http://217.154.84.225/help-box/admin/

3. **Features to Verify**:
   - Markdown rendering with syntax highlighting
   - Edit functionality for superusers
   - Responsive Bootstrap layout
   - Real-time updates

### Enhanced Search Testing
- Test improved Förderung search functionality
- Verify search performance and accuracy
- Check pagination and filtering

### PDF Export Testing
- Generate various reports
- Verify PDF formatting and content
- Test download functionality

## Performance Optimization

### Database Optimization
```sql
-- Run these queries to optimize PostgreSQL
ALTER SYSTEM SET shared_buffers = '256MB';
ALTER SYSTEM SET effective_cache_size = '1GB';
ALTER SYSTEM SET maintenance_work_mem = '64MB';
SELECT pg_reload_conf();
```

### Nginx Optimization
- Static file caching (1 year)
- Gzip compression enabled
- Connection keep-alive
- Buffer optimization

## Backup Strategy

### Automated Backups
```bash
# Daily backup via cron
0 2 * * * /opt/stiftung/deploy-production/backup.sh

# Weekly offsite backup
0 3 * * 0 rsync -av /opt/stiftung/backups/ backup-server:/stiftung-backups/
```

### Backup Contents
- PostgreSQL database dumps
- Media files (documents, images)
- Configuration files
- Docker volumes

## Monitoring and Alerting

### System Monitoring
```bash
# Install monitoring tools
sudo apt install -y htop iotop nethogs ncdu

# Optional: Netdata for real-time monitoring
# docker run -d --name=netdata -p 19999:19999 netdata/netdata
```

### Log Monitoring
```bash
# View application logs
docker compose logs -f web

# Monitor system logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
```

## Maintenance Procedures

### Regular Updates
```bash
# Update system packages
sudo apt update && sudo apt upgrade -y

# Update Docker images
docker compose pull
docker compose up -d --build

# Run database maintenance
docker compose exec db vacuumdb -U stiftung_user -d stiftung_prod -z
```

### Health Checks
```bash
# Application health
curl -f http://localhost:8000/health/

# Database health
docker compose exec db pg_isready -U stiftung_user -d stiftung_prod

# Container status
docker compose ps
```

## Troubleshooting Guide

### Common Issues and Solutions

1. **Application Not Responding**
   ```bash
   # Check container status
   docker compose ps
   
   # View logs
   docker compose logs web
   
   # Restart services
   docker compose restart web
   ```

2. **Database Connection Issues**
   ```bash
   # Check database logs
   docker compose logs db
   
   # Verify credentials
   docker compose exec web env | grep POSTGRES
   
   # Test connection
   docker compose exec db psql -U stiftung_user -d stiftung_prod -c "SELECT 1;"
   ```

3. **HelpBox System Issues**
   ```bash
   # Verify HelpBox models
   docker compose exec web python manage.py shell
   >>> from stiftung.models import HelpBox
   >>> HelpBox.objects.all()
   
   # Recreate default help boxes
   docker compose exec web python manage.py shell < recreate_helpboxes.py
   ```

4. **SSL Certificate Issues**
   ```bash
   # Check certificate status
   sudo certbot certificates
   
   # Renew certificate
   sudo certbot renew
   
   # Test Nginx configuration
   sudo nginx -t
   ```

## Rollback Plan

If issues occur during migration:

1. **Immediate DNS Rollback**: Point domain back to Synology NAS
2. **Service Restoration**: Restart Synology services
3. **Data Recovery**: Use pre-migration backups
4. **Issue Documentation**: Log problems for retry

## Success Criteria

- [ ] All services running (`docker compose ps` shows "Up")
- [ ] Application accessible via http://217.154.84.225
- [ ] Admin interface working at `/admin/`
- [ ] HelpBox system functional on all creation pages
- [ ] HelpBox admin interface at `/help-box/admin/`
- [ ] All data migrated successfully
- [ ] New features (search, PDF, templates) working
- [ ] SSL certificate installed and working
- [ ] Backups configured and tested
- [ ] Monitoring active and alerting configured

## Timeline

**Estimated Total Time**: 4-6 hours

- **Phase 1** (Server Setup): 1 hour
- **Phase 2** (Application Deployment): 1 hour  
- **Phase 3** (Data Migration): 1-2 hours
- **Phase 4** (Web Server & SSL): 1 hour
- **Phase 5** (Testing & Verification): 1 hour

## Contacts and Resources

- **IONOS Support**: [IONOS Control Panel](https://www.ionos.com)
- **Server IP**: 217.154.84.225
- **SSH Access**: `ssh root@217.154.84.225`
- **Application User**: `stiftung`
- **Application Directory**: `/opt/stiftung`

## Post-Deployment Checklist

- [ ] Update DNS records to point to 217.154.84.225
- [ ] Configure domain SSL certificate
- [ ] Set up monitoring and alerting
- [ ] Create admin documentation for users
- [ ] Train users on new HelpBox features
- [ ] Schedule regular backup tests
- [ ] Plan decommissioning of Synology deployment

---

**Deployment Date**: `________________`  
**Deployed By**: `________________`  
**Verification**: `________________`  
**Production Go-Live**: `________________`  
**Notes**: `________________`