# Deployment Guide ## Prerequisites - Node.js 18+ installed - PostgreSQL 14+ installed and running - Redis 6+ (optional, for session management) - SSL certificates (for mTLS, if required by receiver) ## Step 1: Install Dependencies ```bash npm install ``` ## Step 2: Database Setup ### Create Database ```bash createdb dbis_core ``` ### Run Schema ```bash psql -d dbis_core -f src/database/schema.sql ``` Or using the connection string: ```bash psql $DATABASE_URL -f src/database/schema.sql ``` ### Seed Initial Operators ```sql -- Example: Create a Maker operator INSERT INTO operators (operator_id, name, password_hash, role) VALUES ( 'MAKER001', 'John Maker', '$2a$10$YourHashedPasswordHere', -- Use bcrypt hash 'MAKER' ); -- Example: Create a Checker operator INSERT INTO operators (operator_id, name, password_hash, role) VALUES ( 'CHECKER001', 'Jane Checker', '$2a$10$YourHashedPasswordHere', -- Use bcrypt hash 'CHECKER' ); ``` To generate password hashes: ```bash node -e "const bcrypt = require('bcryptjs'); bcrypt.hash('yourpassword', 10).then(console.log);" ``` ## Step 3: Configuration Create a `.env` file in the project root: ```env NODE_ENV=production PORT=3000 # Database DATABASE_URL=postgresql://user:password@localhost:5432/dbis_core # Redis (optional) REDIS_URL=redis://localhost:6379 # JWT JWT_SECRET=your-secure-random-secret-key-change-this JWT_EXPIRES_IN=8h # Receiver Configuration RECEIVER_IP=172.67.157.88 RECEIVER_PORT=443 RECEIVER_SNI=devmindgroup.com RECEIVER_TLS_VERSION=TLSv1.3 # Client Certificates (for mTLS, if required) CLIENT_CERT_PATH=/path/to/client.crt CLIENT_KEY_PATH=/path/to/client.key CA_CERT_PATH=/path/to/ca.crt # Compliance COMPLIANCE_TIMEOUT=5000 # Audit AUDIT_RETENTION_YEARS=7 LOG_LEVEL=info ``` ## Step 4: Build ```bash npm run build ``` This creates the `dist/` directory with compiled JavaScript. ## Step 5: Start Server ### Production ```bash npm start ``` ### Development ```bash npm run dev ``` ## Step 6: Verify Deployment 1. Check health endpoint: ```bash curl http://localhost:3000/health ``` 2. Access terminal UI: ``` http://localhost:3000 ``` 3. Test login: ```bash curl -X POST http://localhost:3000/api/auth/login \ -H "Content-Type: application/json" \ -d '{"operatorId":"MAKER001","password":"yourpassword","terminalId":"TERM-001"}' ``` ## Docker Deployment (Optional) Create a `Dockerfile`: ```dockerfile FROM node:18-alpine WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build EXPOSE 3000 CMD ["npm", "start"] ``` Build and run: ```bash docker build -t dbis-core-lite . docker run -p 3000:3000 --env-file .env dbis-core-lite ``` ## Production Considerations 1. **Security**: - Use strong JWT_SECRET - Enable HTTPS/TLS - Configure firewall rules - Regular security updates 2. **Monitoring**: - Set up application monitoring (e.g., Prometheus, DataDog) - Monitor database connections - Monitor TLS connection health - Set up alerting for failed payments 3. **Backup**: - Regular database backups - Backup audit logs - Test restore procedures 4. **High Availability**: - Run multiple instances behind load balancer - Use connection pooling - Configure database replication 5. **Logging**: - Centralized logging (e.g., ELK stack) - Log rotation configured - Retention policy enforced ## Troubleshooting ### Database Connection Issues - Verify DATABASE_URL is correct - Check PostgreSQL is running - Verify network connectivity - Check firewall rules ### TLS Connection Issues - Verify receiver IP and port - Check certificate paths (if mTLS) - Verify SNI configuration - Check TLS version compatibility ### Payment Processing Issues - Check compliance screening status - Verify ledger adapter connection - Review audit logs - Check reconciliation reports ## Maintenance ### Daily Tasks - Review reconciliation reports - Check for aging items - Monitor exception queue ### Weekly Tasks - Review audit log integrity - Check system health metrics - Review security logs ### Monthly Tasks - Archive old audit logs - Review operator access - Update compliance lists