diff --git a/infra/deploy/PRODUCTION_CHECKLIST_my.votcloud.com.md b/infra/deploy/PRODUCTION_CHECKLIST_my.votcloud.com.md new file mode 100644 index 0000000..6a18c89 --- /dev/null +++ b/infra/deploy/PRODUCTION_CHECKLIST_my.votcloud.com.md @@ -0,0 +1,80 @@ +# ProxPanel Production Checklist (`my.votcloud.com`) + +Date baseline: April 18, 2026 +Target host: `102.69.243.167` +Domain: `my.votcloud.com` + +## 1) Pre-Deploy Safety Gate + +1. Confirm DNS `A` record points to `102.69.243.167`. +2. Confirm server ports `80` and `443` are reachable externally. +3. Confirm current stack health: + - `docker compose --env-file /opt/proxpanel/.env.production -f /opt/proxpanel/infra/deploy/docker-compose.production.yml ps` + - `curl -fsS http://127.0.0.1:8080/api/health` + +## 2) Backup + Rollback Guardrails + +1. Create timestamped release directory: + - `/opt/proxpanel-backups//` +2. Backup application working tree: + - `rsync -a /opt/proxpanel/ /opt/proxpanel-backups//app/` +3. Backup runtime env: + - `cp /opt/proxpanel/.env.production /opt/proxpanel-backups//env.production.bak` +4. Backup Postgres before migration: + - `docker exec proxpanel-postgres pg_dump -U proxpanel -d proxpanel > /opt/proxpanel-backups//db_pre_migration.sql` + +Rollback entrypoint: +1. Restore app files from `/opt/proxpanel-backups//app/`. +2. Restore env file from `/opt/proxpanel-backups//env.production.bak`. +3. Recreate containers with prior source: + - `docker compose --env-file /opt/proxpanel/.env.production -f /opt/proxpanel/infra/deploy/docker-compose.production.yml up -d --build` +4. Restore DB if required: + - `cat /opt/proxpanel-backups//db_pre_migration.sql | docker exec -i proxpanel-postgres psql -U proxpanel -d proxpanel` + +## 3) Deploy Order (Strict) + +1. Upload release bundle to server. +2. Extract bundle to `/opt/proxpanel` (keep `.env.production`). +3. Build and start containers: + - `docker compose --env-file .env.production -f infra/deploy/docker-compose.production.yml up -d --build` +4. Wait for DB + backend readiness. +5. Apply schema in this order: + - `npm run prisma:deploy` + - If no migration path or deploy failure, fallback once to `npm run prisma:push` +6. Run seed: + - `npm run prisma:seed` +7. Health checks: + - API health endpoint + - Auth login flow + - Key pages load +8. Validate Proxmox sync endpoint with admin token. + +## 4) HTTPS + Edge Routing + +1. Nginx site config should proxy: + - `my.votcloud.com` -> `http://127.0.0.1:` +2. Issue cert: + - `certbot --nginx -d my.votcloud.com --non-interactive --agree-tos -m --redirect` +3. Verify: + - `curl -I https://my.votcloud.com` + - Certificate auto-renew timer active. + +## 5) Post-Deploy Validation + +1. `GET /api/health` returns `200`. +2. Admin login works. +3. RBAC page loads users/roles without crash. +4. Audit logs page renders with no blank state error. +5. Profile page can list sessions. +6. System Management page can load branding/policy/CMS data. +7. Proxmox sync returns success (or actionable credential/SSL error message). + +## 6) Incident Rollback Criteria + +Rollback immediately if any of the following persists > 10 minutes: + +1. API health not green. +2. Migration errors with broken runtime schema. +3. Login failures for seeded admin. +4. Persistent 5xx from `/api/proxmox/sync`. +5. TLS provisioning failure with site unreachable.