d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06e2c7a29e3b578df126b8c30cb627045f6452b6
explorer-monorepo/deployment/DEPLOYMENT_CHECKLIST.md

205 lines
5.1 KiB
Markdown
Raw Normal View History

Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-10 11:32:49 -08:00
# Deployment Checklist
Use this checklist to track deployment progress.
## Pre-Deployment
- [ ] Proxmox VE host accessible
- [ ] Cloudflare account ready
- [ ] Domain registered and on Cloudflare
- [ ] Cloudflare API token created
- [ ] SSH access configured
- [ ] Backup strategy defined
## Phase 1: LXC Container Setup
- [ ] LXC container created (ID: _____)
- [ ] Container resources allocated (CPU/RAM/Disk)
- [ ] Container started and accessible
- [ ] Base packages installed
- [ ] Deployment user created
- [ ] SSH configured
## Phase 2: Application Installation
- [ ] Go 1.21+ installed
- [ ] Node.js 20+ installed
- [ ] Docker & Docker Compose installed
- [ ] Repository cloned
- [ ] Backend dependencies installed (`go mod download`)
- [ ] Frontend dependencies installed (`npm ci`)
- [ ] Backend applications built
- [ ] Frontend application built (`npm run build`)
## Phase 3: Database Setup
- [ ] PostgreSQL 16 installed
- [ ] TimescaleDB extension installed
- [ ] Database `explorer` created
- [ ] User `explorer` created
- [ ] Database migrations run
- [ ] PostgreSQL tuned for performance
- [ ] Backup script configured
## Phase 4: Infrastructure Services
- [ ] Elasticsearch/OpenSearch deployed
- [ ] Redis deployed
- [ ] Services verified and accessible
- [ ] Services configured to auto-start
## Phase 5: Application Services
- [ ] Environment variables configured (`.env` file)
- [ ] Systemd service files created:
- [ ] `explorer-indexer.service`
- [ ] `explorer-api.service`
- [ ] `explorer-frontend.service`
- [ ] Services enabled
- [ ] Services started
- [ ] Service status verified
- [ ] Logs checked for errors
## Phase 6: Nginx Reverse Proxy
- [ ] Nginx installed
- [ ] Nginx configuration file created
- [ ] Configuration tested (`nginx -t`)
- [ ] Site enabled
- [ ] Nginx started
- [ ] Reverse proxy working
- [ ] Health check endpoint accessible
## Phase 7: Cloudflare Configuration
### DNS
- [ ] A record created for `explorer.d-bis.org`
- [ ] CNAME record created for `www.explorer.d-bis.org`
- [ ] DNS records set to "Proxied" (orange cloud)
- [ ] DNS propagation verified
### SSL/TLS
- [ ] SSL/TLS mode set to "Full (strict)"
- [ ] Always Use HTTPS enabled
- [ ] Automatic HTTPS Rewrites enabled
- [ ] TLS 1.3 enabled
- [ ] Certificate status verified
### Cloudflare Tunnel (if using)
- [ ] `cloudflared` installed
- [ ] Authenticated with Cloudflare
- [ ] Tunnel created
- [ ] Tunnel configuration file created
- [ ] Tunnel systemd service installed
- [ ] Tunnel started and running
- [ ] Tunnel status verified
### WAF & Security
- [ ] Cloudflare Managed Ruleset enabled
- [ ] OWASP Core Ruleset enabled
- [ ] Rate limiting rules configured
- [ ] DDoS protection enabled
- [ ] Bot protection configured
### Caching
- [ ] Caching level configured
- [ ] Cache rules created:
- [ ] Static assets rule
- [ ] API bypass rule
- [ ] Frontend pages rule
## Phase 8: Security Hardening
- [ ] Firewall (UFW) configured
- [ ] Only necessary ports opened
- [ ] Cloudflare IP ranges allowed (if direct connection)
- [ ] Fail2ban installed and configured
- [ ] Automatic updates configured
- [ ] Log rotation configured
- [ ] Backup script created and tested
- [ ] Backup cron job configured
## Phase 9: Monitoring & Maintenance
- [ ] Health check script created
- [ ] Health check cron job configured
- [ ] Log monitoring configured
- [ ] Cloudflare analytics reviewed
- [ ] Alerts configured (email/Slack/etc)
- [ ] Documentation updated
## Post-Deployment Verification
### Services
- [ ] All systemd services running
- [ ] No service errors in logs
- [ ] Database connection working
- [ ] Indexer processing blocks
- [ ] API responding to requests
- [ ] Frontend loading correctly
### Network
- [ ] DNS resolving correctly
- [ ] HTTPS working (if direct connection)
- [ ] Cloudflare Tunnel connected (if using)
- [ ] Nginx proxying correctly
- [ ] WebSocket connections working
### Functionality
- [ ] Homepage loads
- [ ] Block list page works
- [ ] Transaction list page works
- [ ] Search functionality works
- [ ] API endpoints responding
- [ ] Health check endpoint working
### Security
- [ ] Security headers present
- [ ] SSL/TLS certificate valid
- [ ] Firewall rules active
- [ ] Fail2ban active
- [ ] No sensitive files exposed
### Performance
- [ ] Response times acceptable
- [ ] Caching working
- [ ] CDN serving static assets
- [ ] Database queries optimized
## Maintenance Schedule
### Daily
- [ ] Check service status
- [ ] Review error logs
- [ ] Check Cloudflare analytics
### Weekly
- [ ] Review security logs
- [ ] Check disk space
- [ ] Verify backups completed
### Monthly
- [ ] Update system packages
- [ ] Optimize database
- [ ] Update application dependencies
- [ ] Review resource usage
- [ ] Test disaster recovery
## Emergency Contacts
- **System Administrator**: ________________
- **Cloudflare Support**: https://support.cloudflare.com
- **Proxmox Support**: https://www.proxmox.com/en/proxmox-ve/support
## Notes
_Use this space for deployment-specific notes and issues encountered._
---
**Deployment Date**: _______________
**Deployed By**: _______________
**Container ID**: _______________
**Domain**: explorer.d-bis.org
Reference in New Issue Copy Permalink