# Deployment Checklist Use this checklist to track deployment progress. ## Pre-Deployment - [ ] Proxmox VE host accessible - [ ] Cloudflare account ready - [ ] Domain registered and on Cloudflare - [ ] Cloudflare API token created - [ ] SSH access configured - [ ] Backup strategy defined ## Phase 1: LXC Container Setup - [ ] LXC container created (ID: _____) - [ ] Container resources allocated (CPU/RAM/Disk) - [ ] Container started and accessible - [ ] Base packages installed - [ ] Deployment user created - [ ] SSH configured ## Phase 2: Application Installation - [ ] Go 1.21+ installed - [ ] Node.js 20+ installed - [ ] Docker & Docker Compose installed - [ ] Repository cloned - [ ] Backend dependencies installed (`go mod download`) - [ ] Frontend dependencies installed (`npm ci`) - [ ] Backend applications built - [ ] Frontend application built (`npm run build`) ## Phase 3: Database Setup - [ ] PostgreSQL 16 installed - [ ] TimescaleDB extension installed - [ ] Database `explorer` created - [ ] User `explorer` created - [ ] Database migrations run - [ ] PostgreSQL tuned for performance - [ ] Backup script configured ## Phase 4: Infrastructure Services - [ ] Elasticsearch/OpenSearch deployed - [ ] Redis deployed - [ ] Services verified and accessible - [ ] Services configured to auto-start ## Phase 5: Application Services - [ ] Environment variables configured (`.env` file) - [ ] Systemd service files created: - [ ] `explorer-indexer.service` - [ ] `explorer-api.service` - [ ] `explorer-frontend.service` - [ ] Services enabled - [ ] Services started - [ ] Service status verified - [ ] Logs checked for errors ## Phase 6: Nginx Reverse Proxy - [ ] Nginx installed - [ ] Nginx configuration file created - [ ] Configuration tested (`nginx -t`) - [ ] Site enabled - [ ] Nginx started - [ ] Reverse proxy working - [ ] Health check endpoint accessible ## Phase 7: Cloudflare Configuration ### DNS - [ ] A record created for `explorer.d-bis.org` - [ ] CNAME record created for `www.explorer.d-bis.org` - [ ] DNS records set to "Proxied" (orange cloud) - [ ] DNS propagation verified ### SSL/TLS - [ ] SSL/TLS mode set to "Full (strict)" - [ ] Always Use HTTPS enabled - [ ] Automatic HTTPS Rewrites enabled - [ ] TLS 1.3 enabled - [ ] Certificate status verified ### Cloudflare Tunnel (if using) - [ ] `cloudflared` installed - [ ] Authenticated with Cloudflare - [ ] Tunnel created - [ ] Tunnel configuration file created - [ ] Tunnel systemd service installed - [ ] Tunnel started and running - [ ] Tunnel status verified ### WAF & Security - [ ] Cloudflare Managed Ruleset enabled - [ ] OWASP Core Ruleset enabled - [ ] Rate limiting rules configured - [ ] DDoS protection enabled - [ ] Bot protection configured ### Caching - [ ] Caching level configured - [ ] Cache rules created: - [ ] Static assets rule - [ ] API bypass rule - [ ] Frontend pages rule ## Phase 8: Security Hardening - [ ] Firewall (UFW) configured - [ ] Only necessary ports opened - [ ] Cloudflare IP ranges allowed (if direct connection) - [ ] Fail2ban installed and configured - [ ] Automatic updates configured - [ ] Log rotation configured - [ ] Backup script created and tested - [ ] Backup cron job configured ## Phase 9: Monitoring & Maintenance - [ ] Health check script created - [ ] Health check cron job configured - [ ] Log monitoring configured - [ ] Cloudflare analytics reviewed - [ ] Alerts configured (email/Slack/etc) - [ ] Documentation updated ## Post-Deployment Verification ### Services - [ ] All systemd services running - [ ] No service errors in logs - [ ] Database connection working - [ ] Indexer processing blocks - [ ] API responding to requests - [ ] Frontend loading correctly ### Network - [ ] DNS resolving correctly - [ ] HTTPS working (if direct connection) - [ ] Cloudflare Tunnel connected (if using) - [ ] Nginx proxying correctly - [ ] WebSocket connections working ### Functionality - [ ] Homepage loads - [ ] Block list page works - [ ] Transaction list page works - [ ] Search functionality works - [ ] API endpoints responding - [ ] Health check endpoint working ### Security - [ ] Security headers present - [ ] SSL/TLS certificate valid - [ ] Firewall rules active - [ ] Fail2ban active - [ ] No sensitive files exposed ### Performance - [ ] Response times acceptable - [ ] Caching working - [ ] CDN serving static assets - [ ] Database queries optimized ## Maintenance Schedule ### Daily - [ ] Check service status - [ ] Review error logs - [ ] Check Cloudflare analytics ### Weekly - [ ] Review security logs - [ ] Check disk space - [ ] Verify backups completed ### Monthly - [ ] Update system packages - [ ] Optimize database - [ ] Update application dependencies - [ ] Review resource usage - [ ] Test disaster recovery ## Emergency Contacts - **System Administrator**: ________________ - **Cloudflare Support**: https://support.cloudflare.com - **Proxmox Support**: https://www.proxmox.com/en/proxmox-ve/support ## Notes _Use this space for deployment-specific notes and issues encountered._ --- **Deployment Date**: _______________ **Deployed By**: _______________ **Container ID**: _______________ **Domain**: explorer.d-bis.org