admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
955c6d1c017b7b80adf92f56e451f7a50ad2b692
honey-be/VPS_DEPLOYMENT_SUMMARY.md

189 lines
5.7 KiB
Markdown
Raw Normal View History

Initial setup, cleanup, VPS setup
2026-03-07 23:10:41 +02:00
# VPS Deployment Summary
## ✅ Compatibility Check
### Backend (lottery-be)
**Dockerfile**: Production-ready
- Multi-stage build (Maven → JRE)
- Exposes port 8080 (internal only)
- HTTP only (no HTTPS configuration)
- Binds to 0.0.0.0 by default (Spring Boot default)
- Graceful shutdown supported
**Configuration**: Externalized
- Database connection via environment variables
- Avatar storage path configurable (`APP_AVATAR_STORAGE_PATH`)
- All sensitive data via `.env` file
- CORS configured via `FRONTEND_URL` env var
**File Uploads**: Persistent storage ready
- Avatar path configurable and mountable as Docker volume
- Uses filesystem (not ephemeral storage)
- Path: `/app/data/avatars` (configurable)
**Networking**: Internal Docker network
- No ports exposed to host in production compose
- Accessible only via Nginx reverse proxy
- Uses Docker bridge network
**Production Readiness**:
- Logging to stdout/stderr (Docker logs)
- Health checks configured
- Graceful shutdown
- No dev-only features enabled
### Frontend (lottery-fe)
**Build Mode**: Production-ready
- `npm run build` creates static files in `dist/`
- Vite production build configured
**API Base URL**: Configurable
- Uses relative URLs in production (empty string)
- Falls back to `localhost:8080` in development
- Can be overridden via `VITE_API_BASE_URL` env var
**Docker Usage**: Optional
- Dockerfile exists but not required for VPS
- Static files can be served directly by Nginx
**Telegram Mini App**: Ready
- Works under HTTPS
- No localhost assumptions
- Uses relative API URLs
## 📋 Required Changes Made
### Frontend Changes
1. **API Base URL Configuration** (`src/api.js`, `src/auth/authService.js`, `src/services/gameWebSocket.js`, `src/utils/remoteLogger.js`)
- Changed to use relative URLs in production
- Falls back to `localhost:8080` only in development
- Pattern: `import.meta.env.VITE_API_BASE_URL || (import.meta.env.PROD ? "" : "http://localhost:8080")`
### Backend Changes
**No changes required** - Already production-ready!
## 📁 New Files Created
1. **`docker-compose.prod.yml`** - Production Docker Compose configuration
- No port exposure to host
- Persistent volumes for database and avatars
- Health checks configured
- Internal Docker network
2. **`nginx.conf.template`** - Nginx reverse proxy configuration
- HTTPS termination
- Frontend static file serving
- Backend API proxying (`/api/*`)
- WebSocket support (`/ws`)
- Avatar file serving (`/avatars/*`)
- Security headers
- Gzip compression
3. **`DEPLOYMENT_GUIDE.md`** - Comprehensive deployment guide
- Step-by-step instructions
- Troubleshooting section
- Maintenance commands
- Security checklist
## 🚀 Deployment Steps Overview
1. **VPS Setup**: Install Docker, Docker Compose, Nginx, Certbot
2. **Directory Structure**: Create `/opt/app` with subdirectories
3. **Backend Deployment**: Copy files, create secret file at `/run/secrets/lottery-config.properties`, build and start
4. **Frontend Deployment**: Build locally, copy `dist/` to VPS
5. **Nginx Configuration**: Copy template, update domain, link config
6. **SSL Setup**: Obtain Let's Encrypt certificate
7. **Telegram Webhook**: Update webhook URL
8. **Verification**: Test all endpoints and functionality
## 🔧 Configuration Required
### Backend Secret File (`/run/secrets/lottery-config.properties`)
All configuration is stored in a mounted secret file. See `lottery-config.properties.template` for the complete template.
**Required variables:**
- `SPRING_DATASOURCE_URL`
- `SPRING_DATASOURCE_USERNAME`
- `SPRING_DATASOURCE_PASSWORD`
- `TELEGRAM_BOT_TOKEN`
- `TELEGRAM_CHANNEL_CHECKER_BOT_TOKEN`
- `TELEGRAM_FOLLOW_TASK_CHANNEL_ID`
- `FRONTEND_URL`
**Optional variables:**
- `APP_AVATAR_STORAGE_PATH`
- `APP_AVATAR_PUBLIC_BASE_URL`
- `APP_SESSION_MAX_ACTIVE_PER_USER`
- `APP_SESSION_CLEANUP_BATCH_SIZE`
- `APP_SESSION_CLEANUP_MAX_BATCHES`
- `GEOIP_DB_PATH`
**Note:** The MySQL container also needs `DB_PASSWORD` and `DB_ROOT_PASSWORD` as environment variables (should match `SPRING_DATASOURCE_PASSWORD`).
## 📂 Final Directory Structure on VPS
```
/opt/app/
├── backend/
│ ├── Dockerfile
│ ├── docker-compose.prod.yml
│ ├── lottery-config.properties.template
│ └── [source files]
├── frontend/
│ └── dist/ (Vite production build)
├── nginx/
│ └── nginx.conf
├── data/
│ └── avatars/ (persistent uploads)
└── mysql/
└── data/ (persistent DB storage)
/run/secrets/
└── lottery-config.properties (mounted secret file)
```
## ✅ Verification Checklist
Before going live:
- [ ] All environment variables set in `.env`
- [ ] Backend containers running (`docker ps`)
- [ ] Frontend `dist/` folder populated
- [ ] Nginx configuration tested (`nginx -t`)
- [ ] SSL certificate installed and valid
- [ ] Telegram webhook updated
- [ ] Health checks passing (`/actuator/health`)
- [ ] Frontend loads in browser
- [ ] API calls work (check browser console)
- [ ] WebSocket connects (game updates work)
- [ ] Avatar uploads work
- [ ] Database persists data (restart test)
## 🔒 Security Notes
- Backend port 8080 not exposed to host
- MySQL port 3306 not exposed to host
- HTTPS enforced (HTTP → HTTPS redirect)
- Strong passwords required
- `.env` file permissions restricted
- Firewall recommended (UFW)
## 📝 Next Steps
1. Review `DEPLOYMENT_GUIDE.md` for detailed instructions
2. Prepare your VPS (Ubuntu recommended)
3. Follow the step-by-step guide
4. Test thoroughly before going live
5. Set up monitoring and backups
---
**Status**: ✅ Ready for VPS Deployment
**Last Updated**: 2026-01-24
Reference in New Issue Copy Permalink