6.9 KiB
6.9 KiB
🚀 Deployment Setup - Complete Prerequisites Guide
This document provides an overview of all the deployment prerequisites and setup scripts that have been created for the Miracles In Motion application.
📚 Documentation
Main Documentation Files
-
DEPLOYMENT_PREREQUISITES.md - Comprehensive guide covering:
- Azure infrastructure setup
- MS Entra (Azure AD) configuration
- Cloudflare setup
- Stripe configuration
- Environment variables
- Pre-deployment checklist
- Post-deployment verification
- Troubleshooting guide
-
QUICK_START_DEPLOYMENT.md - Step-by-step quick start guide for deployment
🛠️ Setup Scripts
PowerShell Scripts (Windows)
-
scripts/setup-azure-entra.ps1- MS Entra (Azure AD) setup- Creates app registration
- Configures redirect URIs
- Sets up API permissions
- Creates app roles (Admin, Volunteer, Resource)
- Stores configuration in Key Vault
-
scripts/setup-cloudflare.ps1- Cloudflare configuration- Creates DNS records (CNAME)
- Configures SSL/TLS settings
- Sets up security settings
- Configures speed optimizations
- Adds custom domain to Azure Static Web App
-
scripts/deployment-checklist.ps1- Pre-deployment verification- Checks Azure CLI installation
- Verifies Azure login
- Checks resource group existence
- Verifies all Azure resources
- Checks Azure AD app registration
- Verifies Cloudflare DNS
- Checks Stripe configuration
- Validates environment variables
Bash Scripts (Linux/Mac)
scripts/setup-azure-entra.sh- MS Entra (Azure AD) setup (Bash version)scripts/setup-cloudflare.sh- Cloudflare configuration (Bash version)
📋 Configuration Files
Infrastructure
-
infrastructure/main-production.bicep- Enhanced with:- Azure AD configuration parameters
- Key Vault secrets for Azure AD
- Static Web App configuration
- Function App configuration
- Cosmos DB configuration
- Application Insights configuration
- SignalR configuration
-
infrastructure/main-production.parameters.json- Updated with:- Azure AD Client ID parameter
- Azure AD Tenant ID parameter
- Azure AD Client Secret parameter
- Stripe public key parameter
- Custom domain configuration
Application Configuration
-
staticwebapp.config.json- Updated with:- Role-based route protection
- Azure AD authentication configuration
- Security headers
- Custom domain forwarding
-
env.production.template- Environment variable template with:- Azure configuration
- Stripe configuration
- Cosmos DB configuration
- Application Insights configuration
- Key Vault configuration
- SignalR configuration
- Cloudflare configuration
- Salesforce configuration (optional)
- Email configuration (optional)
🚀 Quick Start
1. Azure Setup
# Login to Azure
az login
# Create resource group
az group create --name rg-miraclesinmotion-prod --location eastus2
# Deploy infrastructure
cd infrastructure
az deployment group create \
--resource-group rg-miraclesinmotion-prod \
--template-file main-production.bicep \
--parameters main-production.parameters.json
2. MS Entra Setup
PowerShell:
.\scripts\setup-azure-entra.ps1 -StaticWebAppName "YOUR_APP_NAME"
Bash:
./scripts/setup-azure-entra.sh
3. Cloudflare Setup
PowerShell:
.\scripts\setup-cloudflare.ps1 -CloudflareApiToken "YOUR_TOKEN"
Bash:
./scripts/setup-cloudflare.sh
4. Verify Prerequisites
PowerShell:
.\scripts\deployment-checklist.ps1
5. Deploy Application
.\deploy-production-full.ps1
📝 Checklist
Pre-Deployment
- Azure subscription created and active
- Resource group created
- Infrastructure deployed via Bicep
- Azure AD app registration created
- Users assigned to app roles
- Cloudflare account created
- DNS records configured
- SSL/TLS configured
- Stripe account created
- Stripe keys obtained
- Webhook configured
- Environment variables configured
- Key Vault secrets stored
- All prerequisites verified
Post-Deployment
- Application deployed successfully
- Authentication working
- DNS resolving correctly
- SSL certificates valid
- Stripe integration working
- API endpoints functional
- Monitoring configured
- Logs being collected
- Alerts configured
- Backup strategy in place
🔒 Security Best Practices
- Never commit secrets to source control
- Use Key Vault for all secrets
- Enable MFA for all Azure accounts
- Regularly rotate API keys and secrets
- Monitor for suspicious activity
- Keep dependencies updated
- Use HTTPS everywhere
- Implement rate limiting
- Regular security audits
- Follow principle of least privilege
🆘 Troubleshooting
Common Issues
-
Authentication Not Working
- Verify app registration redirect URIs
- Check Static Web App authentication configuration
- Verify user roles are assigned
- Check browser console for errors
-
DNS Not Resolving
- Verify nameservers are updated
- Wait for DNS propagation (24-48 hours)
- Check Cloudflare DNS records
- Verify CNAME records
-
SSL Certificate Issues
- Verify Cloudflare SSL mode is "Full (strict)"
- Check Azure Static Web App custom domain configuration
- Wait for SSL certificate provisioning
-
Stripe Webhook Not Working
- Verify webhook endpoint URL
- Check webhook signing secret
- Verify Function App is receiving events
- Check Function App logs
📞 Support
For issues or questions:
- Check DEPLOYMENT_PREREQUISITES.md for detailed documentation
- Review Azure Portal logs
- Check Application Insights for errors
- Contact the development team
🔄 Updates
This setup has been created with the following updates:
- ✅ Enhanced Bicep infrastructure with Azure AD support
- ✅ Updated staticwebapp.config.json with authentication
- ✅ Created comprehensive deployment documentation
- ✅ Created setup scripts for Azure AD and Cloudflare
- ✅ Created deployment checklist script
- ✅ Created environment variable templates
- ✅ Updated deployment parameters
📅 Last Updated
January 2025
👥 Maintained By
Miracles In Motion Development Team
Note: All scripts and configurations have been tested and are ready for production use. Make sure to review and update all placeholder values before deployment.