admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
honey-be/VPS_DEPLOYMENT_SUMMARY.md
Tihon 15498c8337
All checks were successful
Deploy to VPS / deploy (push) Successful in 52s
Details
Initial setup, cleanup, VPS setup
2026-03-07 23:11:31 +02:00

5.7 KiB
Raw Permalink Blame History

VPS Deployment Summary

Compatibility Check

Backend (lottery-be)

Dockerfile: Production-ready

  • Multi-stage build (Maven → JRE)
  • Exposes port 8080 (internal only)
  • HTTP only (no HTTPS configuration)
  • Binds to 0.0.0.0 by default (Spring Boot default)
  • Graceful shutdown supported

Configuration: Externalized

  • Database connection via environment variables
  • Avatar storage path configurable (APP_AVATAR_STORAGE_PATH)
  • All sensitive data via .env file
  • CORS configured via FRONTEND_URL env var

File Uploads: Persistent storage ready

  • Avatar path configurable and mountable as Docker volume
  • Uses filesystem (not ephemeral storage)
  • Path: /app/data/avatars (configurable)

Networking: Internal Docker network

  • No ports exposed to host in production compose
  • Accessible only via Nginx reverse proxy
  • Uses Docker bridge network

Production Readiness:

  • Logging to stdout/stderr (Docker logs)
  • Health checks configured
  • Graceful shutdown
  • No dev-only features enabled

Frontend (lottery-fe)

Build Mode: Production-ready

  • npm run build creates static files in dist/
  • Vite production build configured

API Base URL: Configurable

  • Uses relative URLs in production (empty string)
  • Falls back to localhost:8080 in development
  • Can be overridden via VITE_API_BASE_URL env var

Docker Usage: Optional

  • Dockerfile exists but not required for VPS
  • Static files can be served directly by Nginx

Telegram Mini App: Ready

  • Works under HTTPS
  • No localhost assumptions
  • Uses relative API URLs

📋 Required Changes Made

Frontend Changes

  1. API Base URL Configuration (src/api.js, src/auth/authService.js, src/services/gameWebSocket.js, src/utils/remoteLogger.js)
    • Changed to use relative URLs in production
    • Falls back to localhost:8080 only in development
    • Pattern: import.meta.env.VITE_API_BASE_URL || (import.meta.env.PROD ? "" : "http://localhost:8080")

Backend Changes

No changes required - Already production-ready!

📁 New Files Created

  1. docker-compose.prod.yml - Production Docker Compose configuration

    • No port exposure to host
    • Persistent volumes for database and avatars
    • Health checks configured
    • Internal Docker network

  2. nginx.conf.template - Nginx reverse proxy configuration

    • HTTPS termination
    • Frontend static file serving
    • Backend API proxying (/api/*)
    • WebSocket support (/ws)
    • Avatar file serving (/avatars/*)
    • Security headers
    • Gzip compression

  3. DEPLOYMENT_GUIDE.md - Comprehensive deployment guide

    • Step-by-step instructions
    • Troubleshooting section
    • Maintenance commands
    • Security checklist

🚀 Deployment Steps Overview

  1. VPS Setup: Install Docker, Docker Compose, Nginx, Certbot
  2. Directory Structure: Create /opt/app with subdirectories
  3. Backend Deployment: Copy files, create secret file at /run/secrets/lottery-config.properties, build and start
  4. Frontend Deployment: Build locally, copy dist/ to VPS
  5. Nginx Configuration: Copy template, update domain, link config
  6. SSL Setup: Obtain Let's Encrypt certificate
  7. Telegram Webhook: Update webhook URL
  8. Verification: Test all endpoints and functionality

🔧 Configuration Required

Backend Secret File (/run/secrets/lottery-config.properties)

All configuration is stored in a mounted secret file. See lottery-config.properties.template for the complete template.

Required variables:

  • SPRING_DATASOURCE_URL
  • SPRING_DATASOURCE_USERNAME
  • SPRING_DATASOURCE_PASSWORD
  • TELEGRAM_BOT_TOKEN
  • TELEGRAM_CHANNEL_CHECKER_BOT_TOKEN
  • TELEGRAM_FOLLOW_TASK_CHANNEL_ID
  • FRONTEND_URL

Optional variables:

  • APP_AVATAR_STORAGE_PATH
  • APP_AVATAR_PUBLIC_BASE_URL
  • APP_SESSION_MAX_ACTIVE_PER_USER
  • APP_SESSION_CLEANUP_BATCH_SIZE
  • APP_SESSION_CLEANUP_MAX_BATCHES
  • GEOIP_DB_PATH

Note: The MySQL container also needs DB_PASSWORD and DB_ROOT_PASSWORD as environment variables (should match SPRING_DATASOURCE_PASSWORD).

📂 Final Directory Structure on VPS

/opt/app/
├── backend/
│   ├── Dockerfile
│   ├── docker-compose.prod.yml
│   ├── lottery-config.properties.template
│   └── [source files]
├── frontend/
│   └── dist/          (Vite production build)
├── nginx/
│   └── nginx.conf
├── data/
│   └── avatars/       (persistent uploads)
└── mysql/
    └── data/          (persistent DB storage)

/run/secrets/
└── lottery-config.properties  (mounted secret file)

Verification Checklist

Before going live:

  • All environment variables set in .env
  • Backend containers running (docker ps)
  • Frontend dist/ folder populated
  • Nginx configuration tested (nginx -t)
  • SSL certificate installed and valid
  • Telegram webhook updated
  • Health checks passing (/actuator/health)
  • Frontend loads in browser
  • API calls work (check browser console)
  • WebSocket connects (game updates work)
  • Avatar uploads work
  • Database persists data (restart test)

🔒 Security Notes

  • Backend port 8080 not exposed to host
  • MySQL port 3306 not exposed to host
  • HTTPS enforced (HTTP → HTTPS redirect)
  • Strong passwords required
  • .env file permissions restricted
  • Firewall recommended (UFW)

📝 Next Steps

  1. Review DEPLOYMENT_GUIDE.md for detailed instructions
  2. Prepare your VPS (Ubuntu recommended)
  3. Follow the step-by-step guide
  4. Test thoroughly before going live
  5. Set up monitoring and backups

Status: Ready for VPS Deployment Last Updated: 2026-01-24

Reference in New Issue View Git Blame Copy Permalink