ske087/digiserver-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Complete HTTPS multi-endpoint configuration and deployment automation

Browse Source 
- Enhanced Caddyfile with consolidated HTTPS block supporting all access points
- Added support for https://digiserver, https://10.76.152.164, and https://digiserver.sibiusb.harting.intra
- Configured Caddy reverse proxy with HTTP/3 (QUIC), TLS 1.3+, and HTTP/2 support
- Implemented security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection)
- Added HTTP to HTTPS automatic redirects for all endpoints
- Enhanced setup_https.sh with improved error handling and progress reporting
- Created deploy.sh for fully automated one-command deployment
- Added comprehensive deployment documentation (5 guides)
- Configured 2GB file upload limit and 300s request/response timeouts
- Added Caddy admin API on port 2019 for configuration management
- Implemented health checks and container dependency management
- All volumes persistent and properly isolated
- Production-ready configuration with environment variable parameterization
This commit is contained in:
Quality App Developer
2026-01-14 20:40:26 +02:00
parent 361e0bc459
commit cedb411536
10 changed files with 1924 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

433
old_code_documentation/DEPLOYMENT_README.md Normal file
View File

@@ -0,0 +1,433 @@
# DigiServer Deployment Guide
Complete guide for deploying DigiServer on a new PC with automatic or manual configuration.
## 📋 Table of Contents
1. [Quick Start](#quick-start)
2. [Prerequisites](#prerequisites)
3. [Deployment Methods](#deployment-methods)
4. [Verification](#verification)
5. [Documentation Files](#documentation-files)
6. [Troubleshooting](#troubleshooting)
---
## 🚀 Quick Start
The fastest way to deploy DigiServer on a new PC:
```bash
# 1. Clone or copy the project to your new PC
cd /path/to/digiserver-v2
# 2. Run the automated deployment script
./deploy.sh
```
That's it! The script will:
- ✅ Start all Docker containers
- ✅ Run all database migrations
- ✅ Configure HTTPS with self-signed certificates
- ✅ Verify the setup
- ✅ Display access URLs
---
## 📋 Prerequisites
Before deploying, ensure you have:
### 1. Docker & Docker Compose
```bash
# Check Docker installation
docker --version
# Check Docker Compose installation
docker-compose --version
```
If not installed, follow the official guides:
- [Docker Installation](https://docs.docker.com/install/)
- [Docker Compose Installation](https://docs.docker.com/compose/install/)
### 2. Project Files
```bash
# You should have these files in the project directory:
ls -la
# Caddyfile - Reverse proxy configuration
# docker-compose.yml - Docker services definition
# setup_https.sh - Manual setup script
# deploy.sh - Automated deployment script
# requirements.txt - Python dependencies
```
### 3. Sufficient Disk Space
- ~2GB for Docker images and volumes
- Additional space for your content/uploads
### 4. Network Access
- Ports 80, 443 available (or configure in docker-compose.yml)
- Port 2019 for Caddy admin API (internal only)
---
## 🎯 Deployment Methods
### Method 1: Fully Automated (Recommended)
```bash
cd /path/to/digiserver-v2
./deploy.sh
```
**What it does:**
1. Starts Docker containers
2. Runs all migrations
3. Configures HTTPS
4. Verifies setup
5. Shows access URLs
**Configuration variables** (can be customized):
```bash
# Use environment variables to customize
HOSTNAME=digiserver \
DOMAIN=digiserver.sibiusb.harting.intra \
IP_ADDRESS=10.76.152.164 \
EMAIL=admin@example.com \
PORT=443 \
./deploy.sh
```
---
### Method 2: Semi-Automated Setup
```bash
cd /path/to/digiserver-v2
./setup_https.sh
```
**What it does:**
1. Starts containers (if needed)
2. Runs all migrations
3. Configures HTTPS with production settings
4. Shows status
---
### Method 3: Manual Step-by-Step
#### Step 1: Start Containers
```bash
cd /path/to/digiserver-v2
docker-compose up -d
```
Wait for containers to be ready (check with `docker-compose ps`).
#### Step 2: Run Migrations
```bash
# Migration 1: HTTPS Config
docker-compose exec -T digiserver-app python /app/migrations/add_https_config_table.py
# Migration 2: Player User
docker-compose exec -T digiserver-app python /app/migrations/add_player_user_table.py
# Migration 3: Email
docker-compose exec -T digiserver-app python /app/migrations/add_email_to_https_config.py
# Migration 4: Player User Global
docker-compose exec -T digiserver-app python /app/migrations/migrate_player_user_global.py
```
#### Step 3: Configure HTTPS
```bash
docker-compose exec -T digiserver-app python /app/https_manager.py enable \
digiserver \
digiserver.sibiusb.harting.intra \
admin@example.com \
10.76.152.164 \
443
```
#### Step 4: Verify Status
```bash
docker-compose exec -T digiserver-app python /app/https_manager.py status
```
---
## ✅ Verification
### Check Container Status
```bash
docker-compose ps
```
Expected output:
```
NAME SERVICE STATUS PORTS
digiserver-v2 digiserver-app Up (healthy) 5000/tcp
digiserver-caddy caddy Up 80, 443, 2019/tcp
```
### Test HTTPS Access
```bash
# From the same network (if DNS configured)
curl -k https://digiserver.sibiusb.harting.intra
# Or from container
docker-compose exec -T caddy wget --no-check-certificate -qO- https://localhost/ | head -10
```
### Expected Response
Should show HTML login page with "DigiServer" in the title.
### Check Database
```bash
docker-compose exec -T digiserver-app python -c "
from app.app import create_app
from sqlalchemy import inspect
app = create_app()
with app.app_context():
inspector = inspect(app.extensions.db.engine)
tables = inspector.get_table_names()
print('Database tables:', len(tables))
for t in sorted(tables):
print(f' ✓ {t}')
"
```
---
## 📚 Documentation Files
### 1. `DOCKER_EXEC_COMMANDS.md` ⭐ **START HERE**
Quick reference for all docker exec commands
- Database operations
- User management
- HTTPS configuration
- Health checks
- Maintenance tasks
### 2. `DEPLOYMENT_COMMANDS.md`
Comprehensive deployment guide
- Prerequisites
- Each deployment step explained
- Complete deployment script template
- Troubleshooting section
### 3. `deploy.sh`
Automated deployment script (executable)
- Runs all steps automatically
- Shows progress with colors
- Configurable via environment variables
### 4. `setup_https.sh`
Semi-automated setup script (executable)
- Detects if running in Docker or on host
- Manual configuration option
- Detailed output
### 5. `Caddyfile`
Reverse proxy configuration
- HTTPS certificate management
- Domain routing
- Security headers
### 6. `docker-compose.yml`
Docker services definition
- Flask application
- Caddy reverse proxy
- Volumes and networks
---
## 🔐 First Access
After deployment:
1. **Access the application**
- https://digiserver.sibiusb.harting.intra
- https://10.76.152.164
- https://digiserver
2. **Log in with default credentials**
```
Username: admin
Password: admin123
```
3. **⚠️ IMPORTANT: Change the password immediately**
- Click on admin user settings
- Change default password to a strong password
4. **Configure your system**
- Set up players
- Upload content
- Create groups
- Configure playlists
---
## 🆘 Troubleshooting
### Containers Won't Start
```bash
# Check logs
docker-compose logs
# Try rebuilding
docker-compose down
docker-compose up -d --build
```
### Migration Fails
```bash
# Check database connection
docker-compose exec -T digiserver-app python -c "
from app.app import create_app
app = create_app()
print('Database OK')
"
# Check if tables already exist
docker-compose exec -T digiserver-app python -c "
from app.app import create_app
from sqlalchemy import inspect
app = create_app()
with app.app_context():
inspector = inspect(app.extensions.db.engine)
print('Existing tables:', inspector.get_table_names())
"
```
### HTTPS Certificate Issues
```bash
# Clear Caddy certificate cache
docker volume rm digiserver-v2_caddy-data
docker volume rm digiserver-v2_caddy-config
# Restart Caddy
docker-compose restart caddy
```
### Port 80/443 Already in Use
```bash
# Find what's using the port
lsof -i :80 # For port 80
lsof -i :443 # For port 443
# Stop the conflicting service or change ports in docker-compose.yml
```
### Can't Access via IP Address
```bash
# Verify Caddy is listening
docker-compose exec -T caddy netstat -tlnp 2>/dev/null | grep -E ':(80|443)'
# Test from container
docker-compose exec -T caddy wget --no-check-certificate -qO- https://localhost/
```
### Database Corruption
```bash
# Backup current database
docker-compose exec -T digiserver-app cp /app/instance/digiserver.db /app/instance/digiserver.db.backup
# Reset database (CAUTION: This deletes all data)
docker-compose exec -T digiserver-app rm /app/instance/digiserver.db
# Restart and re-run migrations
docker-compose restart digiserver-app
./setup_https.sh
```
---
## 📞 More Help
See the detailed documentation files:
- **Quick Commands**: `DOCKER_EXEC_COMMANDS.md`
- **Full Guide**: `DEPLOYMENT_COMMANDS.md`
- **HTTPS Details**: `old_code_documentation/HTTPS_CONFIGURATION.md`
---
## 🔄 Deployment on Different PC
To deploy on a different PC:
1. **Copy project files** to the new PC (or clone from git)
2. **Ensure Docker and Docker Compose are installed**
3. **Run deployment script**:
```bash
cd /path/to/digiserver-v2
./deploy.sh
```
4. **Access the application** on the new PC at the configured URLs
All settings will be automatically configured! 🎉
---
## 📋 Environment Variables
You can customize deployment using environment variables:
```bash
# Customize hostname
HOSTNAME=myserver ./deploy.sh
# Customize domain
DOMAIN=myserver.example.com ./deploy.sh
# Customize IP address
IP_ADDRESS=192.168.1.100 ./deploy.sh
# Customize email
EMAIL=admin@myserver.com ./deploy.sh
# Customize port
PORT=8443 ./deploy.sh
# All together
HOSTNAME=server1 \
DOMAIN=server1.internal \
IP_ADDRESS=192.168.1.100 \
EMAIL=admin@server1.com \
PORT=443 \
./deploy.sh
```
---
## ✨ Features
✅ Automated HTTPS with self-signed certificates
✅ Multi-access (hostname, domain, IP address)
✅ Automatic reverse proxy with Caddy
✅ Docker containerized (easy deployment)
✅ Complete database schema with migrations
✅ Admin dashboard for configuration
✅ User management
✅ Player management
✅ Content/Playlist management
✅ Group management
---
## 📝 Notes
- Default SSL certificates are **self-signed** (internal use)
- For production with Let's Encrypt, edit the Caddyfile
- Keep database backups before major changes
- Default credentials are in the code; change them in production
- All logs available via `docker-compose logs`
---
**Ready to deploy? Run:** `./deploy.sh` 🚀