Remmer/stiftung-management-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c305417bb94cae6f86b8722eca8c946d53883aba
stiftung-management-system/deployIonos.txt
Stiftung Development ab23d7187e feat: add comprehensive GitHub workflow and development tools
2025-09-06 18:31:54 +02:00

424 lines
11 KiB
Plaintext
Raw Blame History

# Stiftung Deployment on IONOS Server (217.154.84.225)
## Server Details
- **IP Address**: 217.154.84.225
- **Operating System**: Ubuntu 22.04 LTS
- **Provider**: IONOS
- **Resources**: TBD (recommended 4 vCPU, 8GB RAM, 100GB SSD)
## Migration Overview
This deployment migrates the Stiftung application from Synology NAS to a dedicated IONOS Ubuntu server, incorporating all new features and lessons learned from the original deployment.
## New Features Since Synology Deployment
- **HelpBox System**: Editable info boxes with Markdown support on all "New" creation pages
- **Central HelpBox Management**: Admin interface at `/help-box/admin/`
- **Enhanced Förderung Search**: Improved search functionality
- **Template Cleanup System**: Handles orphaned recurring payment templates
- **PDF Export Improvements**: Better report generation
- **Bootstrap Layout Fixes**: Resolved grid alignment issues
## Pre-Migration Requirements
### 1. Backup Current Synology Data
```bash
# On Synology NAS
cd /volume1/docker/stiftung/deploy-synology
# Create Django data export
sudo docker-compose exec web python manage.py dumpdata \
--format=json --indent=2 > full_backup_$(date +%Y%m%d).json
# Create PostgreSQL backup
sudo docker-compose exec db pg_dump -U stiftung_user -d stiftung \
> db_backup_$(date +%Y%m%d).sql
# Backup media files
tar -czf media_backup_$(date +%Y%m%d).tar.gz ./data/uploads/
```
### 2. Upload Files to Local Machine
Download the backup files from Synology and prepare for upload to IONOS server.
## IONOS Server Deployment Steps
### Step 1: Server Setup
```bash
# Connect to IONOS server
ssh root@217.154.84.225
# Upload and run server setup script
wget https://raw.githubusercontent.com/yourusername/stiftung-starter/main/deploy-production/server-setup.sh
chmod +x server-setup.sh
./server-setup.sh
```
**server-setup.sh installs:**
- Docker and Docker Compose
- Nginx web server
- Certbot for SSL certificates
- UFW firewall
- Additional monitoring tools
- Creates `stiftung` user with Docker permissions
### Step 2: Application Deployment
```bash
# Switch to application user
su - stiftung
# Clone repository
cd /opt/stiftung
git clone https://github.com/yourusername/stiftung-starter.git .
# Copy production configuration
cp deploy-production/docker-compose.prod.yml docker-compose.yml
cp deploy-production/.env.production .env
# Configure environment variables
nano .env
```
**Required .env Configuration:**
```bash
# Core Django Settings
DEBUG=False
SECRET_KEY=your-new-production-secret-key-here
ALLOWED_HOSTS=217.154.84.225,your-domain.com,localhost
CSRF_TRUSTED_ORIGINS=https://your-domain.com,http://217.154.84.225
# Database Configuration
POSTGRES_DB=stiftung_prod
POSTGRES_USER=stiftung_user
POSTGRES_PASSWORD=secure-production-database-password
# Email Configuration
EMAIL_HOST=smtp.ionos.com
EMAIL_PORT=587
EMAIL_HOST_USER=admin@your-domain.com
EMAIL_HOST_PASSWORD=your-email-password
EMAIL_USE_TLS=True
# HelpBox System (New Feature)
HELPBOX_ENABLED=True
MARKDOWN_EXTENSIONS=nl2br,fenced_code,tables
# Backup Configuration
BACKUP_RETENTION_DAYS=30
```
### Step 3: Initial Deployment
```bash
# Make scripts executable
chmod +x deploy-production/deploy.sh
chmod +x deploy-production/migrate-data.sh
# Run initial deployment
./deploy-production/deploy.sh
```
**This script will:**
- Validate environment configuration
- Build Docker images with resource limits
- Start services in correct order
- Run database migrations
- Set up HelpBox system with default content
- Perform health checks
### Step 4: Data Migration
```bash
# Upload backup files to server
scp full_backup_*.json root@217.154.84.225:/opt/stiftung/migration-data/
scp db_backup_*.sql root@217.154.84.225:/opt/stiftung/migration-data/
scp media_backup_*.tar.gz root@217.154.84.225:/opt/stiftung/migration-data/
# Run migration script
su - stiftung
cd /opt/stiftung
./deploy-production/migrate-data.sh
```
**Migration script provides:**
- Interactive migration wizard
- Multiple restoration options (Django JSON or PostgreSQL dump)
- Media files restoration
- User account creation guidance
- Post-migration verification
### Step 5: Web Server Configuration
```bash
# Configure Nginx (as root)
sudo cp /opt/stiftung/deploy-production/nginx.conf /etc/nginx/sites-available/stiftung
sudo ln -s /etc/nginx/sites-available/stiftung /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default
# Test and restart Nginx
sudo nginx -t
sudo systemctl restart nginx
```
### Step 6: SSL Certificate Setup
```bash
# Install SSL certificate with Let's Encrypt
sudo certbot --nginx -d your-domain.com
# Test auto-renewal
sudo certbot renew --dry-run
```
## Production Configuration Details
### Docker Compose Resource Limits
```yaml
services:
web:
deploy:
resources:
limits:
memory: 1G
cpus: '1.0'
db:
deploy:
resources:
limits:
memory: 1G
cpus: '1.0'
worker:
deploy:
resources:
limits:
memory: 512M
cpus: '0.5'
```
### Security Configuration
- **Firewall**: UFW with ports 22, 80, 443 open
- **Fail2ban**: Protection against brute force attacks
- **Security Headers**: X-Frame-Options, CSP, etc.
- **Rate Limiting**: 10 requests per minute per IP
### Monitoring Setup
- **Health Endpoint**: `/health/` for application monitoring
- **Container Stats**: `docker stats` for resource monitoring
- **Log Management**: Centralized logging with rotation
## New Features Verification
### HelpBox System Testing
1. **Creation Pages**: Test help boxes on all "New" entity pages:
- http://217.154.84.225/destinataere/new/
- http://217.154.84.225/foerderungen/new/
- http://217.154.84.225/unterstuetzungen/new/
- http://217.154.84.225/paechter/new/
- http://217.154.84.225/laendereien/new/
2. **Central Management**: Test admin interface:
- http://217.154.84.225/help-box/admin/
3. **Features to Verify**:
- Markdown rendering with syntax highlighting
- Edit functionality for superusers
- Responsive Bootstrap layout
- Real-time updates
### Enhanced Search Testing
- Test improved Förderung search functionality
- Verify search performance and accuracy
- Check pagination and filtering
### PDF Export Testing
- Generate various reports
- Verify PDF formatting and content
- Test download functionality
## Performance Optimization
### Database Optimization
```sql
-- Run these queries to optimize PostgreSQL
ALTER SYSTEM SET shared_buffers = '256MB';
ALTER SYSTEM SET effective_cache_size = '1GB';
ALTER SYSTEM SET maintenance_work_mem = '64MB';
SELECT pg_reload_conf();
```
### Nginx Optimization
- Static file caching (1 year)
- Gzip compression enabled
- Connection keep-alive
- Buffer optimization
## Backup Strategy
### Automated Backups
```bash
# Daily backup via cron
0 2 * * * /opt/stiftung/deploy-production/backup.sh
# Weekly offsite backup
0 3 * * 0 rsync -av /opt/stiftung/backups/ backup-server:/stiftung-backups/
```
### Backup Contents
- PostgreSQL database dumps
- Media files (documents, images)
- Configuration files
- Docker volumes
## Monitoring and Alerting
### System Monitoring
```bash
# Install monitoring tools
sudo apt install -y htop iotop nethogs ncdu
# Optional: Netdata for real-time monitoring
# docker run -d --name=netdata -p 19999:19999 netdata/netdata
```
### Log Monitoring
```bash
# View application logs
docker compose logs -f web
# Monitor system logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
```
## Maintenance Procedures
### Regular Updates
```bash
# Update system packages
sudo apt update && sudo apt upgrade -y
# Update Docker images
docker compose pull
docker compose up -d --build
# Run database maintenance
docker compose exec db vacuumdb -U stiftung_user -d stiftung_prod -z
```
### Health Checks
```bash
# Application health
curl -f http://localhost:8000/health/
# Database health
docker compose exec db pg_isready -U stiftung_user -d stiftung_prod
# Container status
docker compose ps
```
## Troubleshooting Guide
### Common Issues and Solutions
1. **Application Not Responding**
```bash
# Check container status
docker compose ps
# View logs
docker compose logs web
# Restart services
docker compose restart web
```
2. **Database Connection Issues**
```bash
# Check database logs
docker compose logs db
# Verify credentials
docker compose exec web env | grep POSTGRES
# Test connection
docker compose exec db psql -U stiftung_user -d stiftung_prod -c "SELECT 1;"
```
3. **HelpBox System Issues**
```bash
# Verify HelpBox models
docker compose exec web python manage.py shell
>>> from stiftung.models import HelpBox
>>> HelpBox.objects.all()
# Recreate default help boxes
docker compose exec web python manage.py shell < recreate_helpboxes.py
```
4. **SSL Certificate Issues**
```bash
# Check certificate status
sudo certbot certificates
# Renew certificate
sudo certbot renew
# Test Nginx configuration
sudo nginx -t
```
## Rollback Plan
If issues occur during migration:
1. **Immediate DNS Rollback**: Point domain back to Synology NAS
2. **Service Restoration**: Restart Synology services
3. **Data Recovery**: Use pre-migration backups
4. **Issue Documentation**: Log problems for retry
## Success Criteria
- [ ] All services running (`docker compose ps` shows "Up")
- [ ] Application accessible via http://217.154.84.225
- [ ] Admin interface working at `/admin/`
- [ ] HelpBox system functional on all creation pages
- [ ] HelpBox admin interface at `/help-box/admin/`
- [ ] All data migrated successfully
- [ ] New features (search, PDF, templates) working
- [ ] SSL certificate installed and working
- [ ] Backups configured and tested
- [ ] Monitoring active and alerting configured
## Timeline
**Estimated Total Time**: 4-6 hours
- **Phase 1** (Server Setup): 1 hour
- **Phase 2** (Application Deployment): 1 hour
- **Phase 3** (Data Migration): 1-2 hours
- **Phase 4** (Web Server & SSL): 1 hour
- **Phase 5** (Testing & Verification): 1 hour
## Contacts and Resources
- **IONOS Support**: [IONOS Control Panel](https://www.ionos.com)
- **Server IP**: 217.154.84.225
- **SSH Access**: `ssh root@217.154.84.225`
- **Application User**: `stiftung`
- **Application Directory**: `/opt/stiftung`
## Post-Deployment Checklist
- [ ] Update DNS records to point to 217.154.84.225
- [ ] Configure domain SSL certificate
- [ ] Set up monitoring and alerting
- [ ] Create admin documentation for users
- [ ] Train users on new HelpBox features
- [ ] Schedule regular backup tests
- [ ] Plan decommissioning of Synology deployment
---
**Deployment Date**: `________________`
**Deployed By**: `________________`
**Verification**: `________________`
**Production Go-Live**: `________________`
**Notes**: `________________`
Reference in New Issue View Git Blame Copy Permalink