205 lines
5.1 KiB
Markdown
205 lines
5.1 KiB
Markdown
# Deployment Checklist
|
|
|
|
Use this checklist to track deployment progress.
|
|
|
|
## Pre-Deployment
|
|
|
|
- [ ] Proxmox VE host accessible
|
|
- [ ] Cloudflare account ready
|
|
- [ ] Domain registered and on Cloudflare
|
|
- [ ] Cloudflare API token created
|
|
- [ ] SSH access configured
|
|
- [ ] Backup strategy defined
|
|
|
|
## Phase 1: LXC Container Setup
|
|
|
|
- [ ] LXC container created (ID: _____)
|
|
- [ ] Container resources allocated (CPU/RAM/Disk)
|
|
- [ ] Container started and accessible
|
|
- [ ] Base packages installed
|
|
- [ ] Deployment user created
|
|
- [ ] SSH configured
|
|
|
|
## Phase 2: Application Installation
|
|
|
|
- [ ] Go 1.21+ installed
|
|
- [ ] Node.js 20+ installed
|
|
- [ ] Docker & Docker Compose installed
|
|
- [ ] Repository cloned
|
|
- [ ] Backend dependencies installed (`go mod download`)
|
|
- [ ] Frontend dependencies installed (`npm ci`)
|
|
- [ ] Backend applications built
|
|
- [ ] Frontend application built (`npm run build`)
|
|
|
|
## Phase 3: Database Setup
|
|
|
|
- [ ] PostgreSQL 16 installed
|
|
- [ ] TimescaleDB extension installed
|
|
- [ ] Database `explorer` created
|
|
- [ ] User `explorer` created
|
|
- [ ] Database migrations run
|
|
- [ ] PostgreSQL tuned for performance
|
|
- [ ] Backup script configured
|
|
|
|
## Phase 4: Infrastructure Services
|
|
|
|
- [ ] Elasticsearch/OpenSearch deployed
|
|
- [ ] Redis deployed
|
|
- [ ] Services verified and accessible
|
|
- [ ] Services configured to auto-start
|
|
|
|
## Phase 5: Application Services
|
|
|
|
- [ ] Environment variables configured (`.env` file)
|
|
- [ ] Systemd service files created:
|
|
- [ ] `explorer-indexer.service`
|
|
- [ ] `explorer-api.service`
|
|
- [ ] `explorer-frontend.service`
|
|
- [ ] Services enabled
|
|
- [ ] Services started
|
|
- [ ] Service status verified
|
|
- [ ] Logs checked for errors
|
|
|
|
## Phase 6: Nginx Reverse Proxy
|
|
|
|
- [ ] Nginx installed
|
|
- [ ] Nginx configuration file created
|
|
- [ ] Configuration tested (`nginx -t`)
|
|
- [ ] Site enabled
|
|
- [ ] Nginx started
|
|
- [ ] Reverse proxy working
|
|
- [ ] Health check endpoint accessible
|
|
|
|
## Phase 7: Cloudflare Configuration
|
|
|
|
### DNS
|
|
- [ ] A record created for `explorer.d-bis.org`
|
|
- [ ] CNAME record created for `www.explorer.d-bis.org`
|
|
- [ ] DNS records set to "Proxied" (orange cloud)
|
|
- [ ] DNS propagation verified
|
|
|
|
### SSL/TLS
|
|
- [ ] SSL/TLS mode set to "Full (strict)"
|
|
- [ ] Always Use HTTPS enabled
|
|
- [ ] Automatic HTTPS Rewrites enabled
|
|
- [ ] TLS 1.3 enabled
|
|
- [ ] Certificate status verified
|
|
|
|
### Cloudflare Tunnel (if using)
|
|
- [ ] `cloudflared` installed
|
|
- [ ] Authenticated with Cloudflare
|
|
- [ ] Tunnel created
|
|
- [ ] Tunnel configuration file created
|
|
- [ ] Tunnel systemd service installed
|
|
- [ ] Tunnel started and running
|
|
- [ ] Tunnel status verified
|
|
|
|
### WAF & Security
|
|
- [ ] Cloudflare Managed Ruleset enabled
|
|
- [ ] OWASP Core Ruleset enabled
|
|
- [ ] Rate limiting rules configured
|
|
- [ ] DDoS protection enabled
|
|
- [ ] Bot protection configured
|
|
|
|
### Caching
|
|
- [ ] Caching level configured
|
|
- [ ] Cache rules created:
|
|
- [ ] Static assets rule
|
|
- [ ] API bypass rule
|
|
- [ ] Frontend pages rule
|
|
|
|
## Phase 8: Security Hardening
|
|
|
|
- [ ] Firewall (UFW) configured
|
|
- [ ] Only necessary ports opened
|
|
- [ ] Cloudflare IP ranges allowed (if direct connection)
|
|
- [ ] Fail2ban installed and configured
|
|
- [ ] Automatic updates configured
|
|
- [ ] Log rotation configured
|
|
- [ ] Backup script created and tested
|
|
- [ ] Backup cron job configured
|
|
|
|
## Phase 9: Monitoring & Maintenance
|
|
|
|
- [ ] Health check script created
|
|
- [ ] Health check cron job configured
|
|
- [ ] Log monitoring configured
|
|
- [ ] Cloudflare analytics reviewed
|
|
- [ ] Alerts configured (email/Slack/etc)
|
|
- [ ] Documentation updated
|
|
|
|
## Post-Deployment Verification
|
|
|
|
### Services
|
|
- [ ] All systemd services running
|
|
- [ ] No service errors in logs
|
|
- [ ] Database connection working
|
|
- [ ] Indexer processing blocks
|
|
- [ ] API responding to requests
|
|
- [ ] Frontend loading correctly
|
|
|
|
### Network
|
|
- [ ] DNS resolving correctly
|
|
- [ ] HTTPS working (if direct connection)
|
|
- [ ] Cloudflare Tunnel connected (if using)
|
|
- [ ] Nginx proxying correctly
|
|
- [ ] WebSocket connections working
|
|
|
|
### Functionality
|
|
- [ ] Homepage loads
|
|
- [ ] Block list page works
|
|
- [ ] Transaction list page works
|
|
- [ ] Search functionality works
|
|
- [ ] API endpoints responding
|
|
- [ ] Health check endpoint working
|
|
|
|
### Security
|
|
- [ ] Security headers present
|
|
- [ ] SSL/TLS certificate valid
|
|
- [ ] Firewall rules active
|
|
- [ ] Fail2ban active
|
|
- [ ] No sensitive files exposed
|
|
|
|
### Performance
|
|
- [ ] Response times acceptable
|
|
- [ ] Caching working
|
|
- [ ] CDN serving static assets
|
|
- [ ] Database queries optimized
|
|
|
|
## Maintenance Schedule
|
|
|
|
### Daily
|
|
- [ ] Check service status
|
|
- [ ] Review error logs
|
|
- [ ] Check Cloudflare analytics
|
|
|
|
### Weekly
|
|
- [ ] Review security logs
|
|
- [ ] Check disk space
|
|
- [ ] Verify backups completed
|
|
|
|
### Monthly
|
|
- [ ] Update system packages
|
|
- [ ] Optimize database
|
|
- [ ] Update application dependencies
|
|
- [ ] Review resource usage
|
|
- [ ] Test disaster recovery
|
|
|
|
## Emergency Contacts
|
|
|
|
- **System Administrator**: ________________
|
|
- **Cloudflare Support**: https://support.cloudflare.com
|
|
- **Proxmox Support**: https://www.proxmox.com/en/proxmox-ve/support
|
|
|
|
## Notes
|
|
|
|
_Use this space for deployment-specific notes and issues encountered._
|
|
|
|
---
|
|
|
|
**Deployment Date**: _______________
|
|
**Deployed By**: _______________
|
|
**Container ID**: _______________
|
|
**Domain**: explorer.d-bis.org
|
|
|