ske087/digiserver-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Complete HTTPS multi-endpoint configuration and deployment automation

Browse Source 
- Enhanced Caddyfile with consolidated HTTPS block supporting all access points
- Added support for https://digiserver, https://10.76.152.164, and https://digiserver.sibiusb.harting.intra
- Configured Caddy reverse proxy with HTTP/3 (QUIC), TLS 1.3+, and HTTP/2 support
- Implemented security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection)
- Added HTTP to HTTPS automatic redirects for all endpoints
- Enhanced setup_https.sh with improved error handling and progress reporting
- Created deploy.sh for fully automated one-command deployment
- Added comprehensive deployment documentation (5 guides)
- Configured 2GB file upload limit and 300s request/response timeouts
- Added Caddy admin API on port 2019 for configuration management
- Implemented health checks and container dependency management
- All volumes persistent and properly isolated
- Production-ready configuration with environment variable parameterization
This commit is contained in:
Quality App Developer
2026-01-14 20:40:26 +02:00
parent 361e0bc459
commit cedb411536
10 changed files with 1924 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
old_code_documentation/DEPLOYMENT_COMMANDS.md Normal file
View File

@@ -0,0 +1,272 @@
# DigiServer Deployment Commands
This document contains all necessary `docker exec` commands to deploy and configure DigiServer on a new PC with the same settings as the production system.
## Prerequisites
```bash
# Ensure you're in the project directory
cd /path/to/digiserver-v2
# Start the containers
docker-compose up -d
```
## 1. Database Initialization and Migrations
### Run all database migrations in sequence:
```bash
# Create https_config table
docker-compose exec -T digiserver-app python /app/migrations/add_https_config_table.py
# Create player_user table
docker-compose exec -T digiserver-app python /app/migrations/add_player_user_table.py
# Add email to https_config table
docker-compose exec -T digiserver-app python /app/migrations/add_email_to_https_config.py
# Migrate player_user global settings
docker-compose exec -T digiserver-app python /app/migrations/migrate_player_user_global.py
```
**Note:** The `-T` flag prevents Docker from allocating a pseudo-terminal, which is useful for automated deployments.
## 2. HTTPS Configuration via CLI
### Check HTTPS Configuration Status:
```bash
docker-compose exec -T digiserver-app python /app/https_manager.py status
```
### Enable HTTPS with Production Settings:
```bash
docker-compose exec -T digiserver-app python /app/https_manager.py enable \
digiserver \
digiserver.sibiusb.harting.intra \
admin@example.com \
10.76.152.164 \
443
```
### Show Detailed Configuration:
```bash
docker-compose exec -T digiserver-app python /app/https_manager.py show
```
## 3. Admin User Setup
### Create/Reset Admin User (if needed):
```bash
docker-compose exec -T digiserver-app python -c "
from app.app import create_app
from app.models.user import User
from app.extensions import db
app = create_app()
with app.app_context():
# Check if admin exists
admin = User.query.filter_by(username='admin').first()
if admin:
print('✅ Admin user already exists')
else:
# Create new admin user
admin = User(username='admin', email='admin@example.com')
admin.set_password('admin123') # Change this password!
admin.is_admin = True
db.session.add(admin)
db.session.commit()
print('✅ Admin user created with username: admin')
"
```
## 4. Database Verification
### Check Database Tables:
```bash
docker-compose exec -T digiserver-app python -c "
from app.app import create_app
from app.extensions import db
from sqlalchemy import inspect
app = create_app()
with app.app_context():
inspector = inspect(db.engine)
tables = inspector.get_table_names()
print('📊 Database Tables:')
for table in sorted(tables):
print(f' ✓ {table}')
print(f'\\n✅ Total tables: {len(tables)}')
"
```
### Check HTTPS Configuration in Database:
```bash
docker-compose exec -T digiserver-app python -c "
from app.app import create_app
from app.models.https_config import HTTPSConfig
app = create_app()
with app.app_context():
config = HTTPSConfig.get_config()
if config:
print('✅ HTTPS Configuration Found:')
print(f' Status: {\"ENABLED\" if config.https_enabled else \"DISABLED\"}')
print(f' Hostname: {config.hostname}')
print(f' Domain: {config.domain}')
print(f' IP Address: {config.ip_address}')
print(f' Port: {config.port}')
else:
print('⚠️ No HTTPS configuration found')
"
```
## 5. Health Checks
### Test Caddy Configuration:
```bash
docker-compose exec -T caddy caddy validate --config /etc/caddy/Caddyfile
```
### Test Flask Application Health:
```bash
docker-compose exec -T digiserver-app python -c "
import urllib.request
try:
response = urllib.request.urlopen('http://localhost:5000/health', timeout=5)
print('✅ Application is responding')
print(f' Status: {response.status}')
except Exception as e:
print(f'❌ Application health check failed: {e}')
"
```
### Check Docker Container Logs:
```bash
# Flask app logs
docker-compose logs digiserver-app | tail -50
# Caddy logs
docker-compose logs caddy | tail -50
```
## 6. Complete Deployment Script
Create a file called `deploy.sh` to run all steps automatically:
```bash
#!/bin/bash
set -e
echo "🚀 DigiServer Deployment Script"
echo "=================================="
echo ""
# Change to project directory
cd /path/to/digiserver-v2
# Step 1: Start containers
echo "📦 Starting containers..."
docker-compose up -d
sleep 5
# Step 2: Run migrations
echo "📊 Running database migrations..."
docker-compose exec -T digiserver-app python /app/migrations/add_https_config_table.py
docker-compose exec -T digiserver-app python /app/migrations/add_player_user_table.py
docker-compose exec -T digiserver-app python /app/migrations/add_email_to_https_config.py
docker-compose exec -T digiserver-app python /app/migrations/migrate_player_user_global.py
# Step 3: Configure HTTPS
echo "🔒 Configuring HTTPS..."
docker-compose exec -T digiserver-app python /app/https_manager.py enable \
digiserver \
digiserver.sibiusb.harting.intra \
admin@example.com \
10.76.152.164 \
443
# Step 4: Verify setup
echo "✅ Verifying setup..."
docker-compose exec -T digiserver-app python /app/https_manager.py status
echo ""
echo "🎉 Deployment Complete!"
echo "=================================="
echo "Access your application at:"
echo " - https://digiserver"
echo " - https://10.76.152.164"
echo " - https://digiserver.sibiusb.harting.intra"
echo ""
echo "Login with:"
echo " Username: admin"
echo " Password: (check your password settings)"
```
Make it executable:
```bash
chmod +x deploy.sh
```
Run it:
```bash
./deploy.sh
```
## 7. Troubleshooting
### Restart Services:
```bash
# Restart all containers
docker-compose restart
# Restart just the app
docker-compose restart digiserver-app
# Restart just Caddy
docker-compose restart caddy
```
### View Caddy Configuration:
```bash
docker-compose exec -T caddy cat /etc/caddy/Caddyfile
```
### Test HTTPS Endpoints:
```bash
# Test from host machine (if accessible)
curl -k https://digiserver.sibiusb.harting.intra
# Test from within containers
docker-compose exec -T caddy wget --no-check-certificate -qO- https://localhost/ | head -20
```
### Clear Caddy Cache (if certificate issues occur):
```bash
docker volume rm digiserver-v2_caddy-data
docker volume rm digiserver-v2_caddy-config
docker-compose restart caddy
```
## Important Notes
- Always use `-T` flag with `docker-compose exec` in automated scripts to prevent TTY issues
- Change default passwords (`admin123`) in production environments
- Adjust email address in HTTPS configuration as needed
- For different network setups, modify the IP address and domain in the enable HTTPS command
- Keep database backups before running migrations
- Test all three access points after deployment