VPS setup

2026-03-07 17:33:08 +02:00
parent b30d47c576
commit 82b9cfc8e3
5 changed files with 154 additions and 136 deletions
--- a/VPS_SETUP_FROM_SCRATCH.md
+++ b/VPS_SETUP_FROM_SCRATCH.md
@@ -81,7 +81,7 @@ On the VPS:

 ```bash
 sudo mkdir -p /run/secrets
-sudo cp /opt/app/backend/honey-config.properties.template /run/secrets/honey-config.properties
+sudo cp /opt/app/backend/honey-be/honey-config.properties.template /run/secrets/honey-config.properties
 sudo chmod 640 /run/secrets/honey-config.properties
 sudo chown root:docker /run/secrets/honey-config.properties   # if your user is in docker group, or root:$USER
 ```
@@ -114,6 +114,9 @@ Create 2 files `admin_api_url` and `admin_base_path` with URL and secret path in

 **When you need to source it:** Only for one-off manual `docker compose` runs (e.g. first-time start in §2.6, or starting phpMyAdmin in §4.1). You do **not** need to source it for deployment: `scripts/rolling-update.sh` loads the password from the secret file automatically when `DB_ROOT_PASSWORD` is not set.

+**IMPORTANT**
+`Change Java memory in docker-compose.prod.yml when you know the PROD VPS characteristics.`
+
 ### 2.4 Logging (logback) and config dir

 Backend uses an external **logback** config so you can change log level without rebuilding. Create the config dir and put `logback-spring.xml` there:
@@ -135,7 +138,7 @@ cp src/main/resources/logback-spring.xml /opt/app/backend/config/
 Optional: run the existing setup script (it may still reference lottery paths; adjust or run the copy above):

 ```bash
-cd /opt/app/backend
+cd /opt/app/backend/honey-be
 ./scripts/setup-logging.sh
 ```

@@ -161,13 +164,15 @@ Note: `on Staged VPS it has 4G RAM, so don't forget to change it for PROD accord
 ### 2.6 First start (backend + DB only)

 ```bash
-cd /opt/app/backend
+cd /opt/app/backend/honey-be
 source scripts/load-db-password.sh
 docker compose -f docker-compose.prod.yml up -d db
 # wait for DB healthy
 docker compose -f docker-compose.prod.yml up -d backend
 ```

+Note: `for Staged use a separate docker compose.`
+
 Check:

 ```bash
@@ -183,97 +188,20 @@ Backend should listen only on `127.0.0.1:8080` (Nginx will proxy to it). Do **no

 ### 3.1 Split config (like your lottery VPS)

- **Main config:** `/etc/nginx/nginx.conf` (includes sites, worker settings, etc.)
- **Site config:** `/etc/nginx/sites-enabled/your-domain` (or `your-domain.conf`) for the Honey server block.
+- `Take 2 files from already working VPS: nginx.conf and sites-enabled/<domain.com> and put to new VPS.`
+- `Remove or comment lines reg certificates and change 2 listen lines`: 

-So you have two files as on lottery: one global, one site.
-
-### 3.2 Site config (HTTPS, API, frontend, admin, avatars)
-
-Create a site config (e.g. `honey.yourdomain.com` or same domain as lottery). Example path: `/etc/nginx/sites-available/honey.conf` and symlink in `sites-enabled`.
-
- **Frontend:** root `/opt/app/frontend/dist` (SPA; `try_files` to `index.html`).
- **Admin panel:** root `/opt/app/admin-panel` (or a location like `/admin` pointing there).
- **API:** `location /api/` proxy to `http://127.0.0.1:8080`.
- **WebSocket:** `location /ws` proxy to `http://127.0.0.1:8080` with upgrade headers.
- **Avatars:** `location /avatars/` alias `/opt/app/data/avatars/`.
- **phpMyAdmin:** e.g. `location /pma/` or a secret path proxy to `http://127.0.0.1:8081` (see below).
-
-Use the repo’s **`nginx.conf.template`** as reference; adapt server_name, SSL paths, and add an admin location. Example skeleton:
-
-```nginx
-# Upstream for backend (same as template)
-upstream backend {
-    server 127.0.0.1:8080;
-}
-
-server {
-    listen 80;
-    server_name your-domain.com;
-    location /.well-known/acme-challenge/ { root /var/www/certbot; }
-    location / { return 301 https://$host$request_uri; }
-}
-
-server {
-    listen 443 ssl http2;
-    server_name your-domain.com;
-
-    ssl_certificate     /etc/letsencrypt/live/your-domain.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
-
-    root /opt/app/frontend/dist;
-    index index.html;
-
-    location /api/ {
-        proxy_pass http://backend;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_cache_bypass $http_upgrade;
-    }
-
-    location /ws {
-        proxy_pass http://backend;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_read_timeout 7d;
-        proxy_send_timeout 7d;
-    }
-
-    location /avatars/ {
-        alias /opt/app/data/avatars/;
-        expires 1h;
-    }
-
-    # Admin panel (e.g. secret path)
-    location /your-secret-admin-path/ {
-        alias /opt/app/admin-panel/;
-        try_files $uri $uri/ /your-secret-admin-path/index.html;
-    }
-
-    # phpMyAdmin (secret path, optional)
-    location /your-secret-pma-path/ {
-        proxy_pass http://127.0.0.1:8081/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
-    location / {
-        try_files $uri $uri/ /index.html;
-    }
-}
+```bash
+    # SSL Certificates
+    ssl_certificate /etc/letsencrypt/live/testforapp.website/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/testforapp.website/privkey.pem;
+    Change 'listen 443 ssl http2;' to 'listen 443;`
+    Change `listen [::]:443 ssl http2;` to `listen [::]:443;`
 ```
-
 Enable and test:

 ```bash
-sudo ln -s /etc/nginx/sites-available/honey.conf /etc/nginx/sites-enabled/
+sudo ln -s /etc/nginx/sites-available/testforapp.website /etc/nginx/sites-enabled/
 sudo nginx -t
 sudo systemctl reload nginx
 ```
@@ -281,10 +209,11 @@ sudo systemctl reload nginx
 ### 3.3 SSL (Let’s Encrypt)

 ```bash
-sudo certbot --nginx -d your-domain.com
+sudo certbot --nginx -d testforapp.website
 ```

 Certbot will adjust the server block for certificates. Reload Nginx if needed.
+And remove redundant ssl/listen lines from server block to not override certbot's configs.

 ---

@@ -295,7 +224,7 @@ Certbot will adjust the server block for certificates. Reload Nginx if needed.
 `docker-compose.prod.yml` already defines a **phpmyadmin** service (port 8081, same network as `db`). Start it:

 ```bash
-cd /opt/app/backend
+cd /opt/app/backend/honey-be
 source scripts/load-db-password.sh
 docker compose -f docker-compose.prod.yml up -d phpmyadmin
 ```
@@ -406,7 +335,7 @@ The script auto-detects Nginx config from paths like `/etc/nginx/sites-enabled/w
 From the backend directory, run (no need to source `load-db-password.sh` — the script does it):

 ```bash
-cd /opt/app/backend
+cd /opt/app/backend/honey-be
 chmod +x scripts/rolling-update.sh
 sudo ./scripts/rolling-update.sh
 ```
@@ -469,7 +398,7 @@ sudo crontab -e
 Add:

 ```cron
-0 2 * * * /opt/app/backend/scripts/backup-database.sh >> /opt/app/logs/backup.log 2>&1
+0 2 * * * /opt/app/backend/honey-be/scripts/backup-database.sh >> /opt/app/logs/backup.log 2>&1
 ```

 Use the Honey-adapted backup script path and ensure `backup-database.sh` uses `honey_db` and `honey-mysql`.
@@ -478,25 +407,25 @@ Use the Honey-adapted backup script path and ensure `backup-database.sh` uses `h

 ## 10. Quick reference

-| Item | Honey |
-|------|--------|
-| **App root** | `/opt/app` |
-| **Backend code** | `/opt/app/backend` (honey-be) |
-| **Frontend static** | `/opt/app/frontend/dist` (honey-fe build) |
-| **Admin static** | `/opt/app/admin-panel` (honey-admin build) |
-| **Secret file** | `/run/secrets/honey-config.properties` |
+| Item | Honey                                                           |
+|------|-----------------------------------------------------------------|
+| **App root** | `/opt/app`                                                      |
+| **Backend code** | `/opt/app/backend/honey-be` (honey-be)                          |
+| **Frontend static** | `/opt/app/frontend/dist` (honey-fe build)                       |
+| **Admin static** | `/opt/app/admin-panel` (honey-admin build)                      |
+| **Secret file** | `/run/secrets/honey-config.properties`                          |
 | **Logs** | `/opt/app/logs` (+ logback config in `/opt/app/backend/config`) |
-| **Avatars** | `/opt/app/data/avatars` |
+| **Avatars** | `/opt/app/data/avatars`                                         |
 | **Nginx** | `/etc/nginx/nginx.conf` + `/etc/nginx/sites-enabled/your-domain` |
-| **DB container** | `honey-mysql` |
-| **DB name** | `honey_db` |
-| **Backend containers** | `honey-backend`, `honey-backend-new` (rolling) |
+| **DB container** | `honey-mysql`                                                   |
+| **DB name** | `honey_db`                                                      |
+| **Backend containers** | `honey-backend`, `honey-backend-new` (rolling)                  |
 | **phpMyAdmin** | Container `honey-phpmyadmin`, port 8081 → proxy via Nginx secret path |

 ### Deploy commands (summary)

 - **Backend (rolling):**  
-  `cd /opt/app/backend && chmod +x scripts/rolling-update.sh && sudo ./scripts/rolling-update.sh`  
+  `cd /opt/app/backend/honey-be && chmod +x scripts/rolling-update.sh && sudo ./scripts/rolling-update.sh`  
  (Password is loaded from the secret file inside the script.)

 - **Frontend:**