docs: add production checklist and rollback plan for my.votcloud.com

2026-04-18 08:58:22 +01:00
parent 6279347e4b
commit 731a833075
1 changed files with 80 additions and 0 deletions
--- a/infra/deploy/PRODUCTION_CHECKLIST_my.votcloud.com.md
+++ b/infra/deploy/PRODUCTION_CHECKLIST_my.votcloud.com.md
@@ -0,0 +1,80 @@
 # ProxPanel Production Checklist (`my.votcloud.com`)
 Date baseline: April 18, 2026  
 Target host: `102.69.243.167`  
 Domain: `my.votcloud.com`
 ## 1) Pre-Deploy Safety Gate
 1. Confirm DNS `A` record points to `102.69.243.167`.
 2. Confirm server ports `80` and `443` are reachable externally.
 3. Confirm current stack health:
   - `docker compose --env-file /opt/proxpanel/.env.production -f /opt/proxpanel/infra/deploy/docker-compose.production.yml ps`
   - `curl -fsS http://127.0.0.1:8080/api/health`
 ## 2) Backup + Rollback Guardrails
 1. Create timestamped release directory:
   - `/opt/proxpanel-backups/<timestamp>/`
 2. Backup application working tree:
   - `rsync -a /opt/proxpanel/ /opt/proxpanel-backups/<timestamp>/app/`
 3. Backup runtime env:
   - `cp /opt/proxpanel/.env.production /opt/proxpanel-backups/<timestamp>/env.production.bak`
 4. Backup Postgres before migration:
   - `docker exec proxpanel-postgres pg_dump -U proxpanel -d proxpanel > /opt/proxpanel-backups/<timestamp>/db_pre_migration.sql`
 Rollback entrypoint:
 1. Restore app files from `/opt/proxpanel-backups/<timestamp>/app/`.
 2. Restore env file from `/opt/proxpanel-backups/<timestamp>/env.production.bak`.
 3. Recreate containers with prior source:
   - `docker compose --env-file /opt/proxpanel/.env.production -f /opt/proxpanel/infra/deploy/docker-compose.production.yml up -d --build`
 4. Restore DB if required:
   - `cat /opt/proxpanel-backups/<timestamp>/db_pre_migration.sql | docker exec -i proxpanel-postgres psql -U proxpanel -d proxpanel`
 ## 3) Deploy Order (Strict)
 1. Upload release bundle to server.
 2. Extract bundle to `/opt/proxpanel` (keep `.env.production`).
 3. Build and start containers:
   - `docker compose --env-file .env.production -f infra/deploy/docker-compose.production.yml up -d --build`
 4. Wait for DB + backend readiness.
 5. Apply schema in this order:
   - `npm run prisma:deploy`
   - If no migration path or deploy failure, fallback once to `npm run prisma:push`
 6. Run seed:
   - `npm run prisma:seed`
 7. Health checks:
   - API health endpoint
   - Auth login flow
   - Key pages load
 8. Validate Proxmox sync endpoint with admin token.
 ## 4) HTTPS + Edge Routing
 1. Nginx site config should proxy:
   - `my.votcloud.com` -> `http://127.0.0.1:<FRONTEND_PORT>`
 2. Issue cert:
   - `certbot --nginx -d my.votcloud.com --non-interactive --agree-tos -m <ops-email> --redirect`
 3. Verify:
   - `curl -I https://my.votcloud.com`
   - Certificate auto-renew timer active.
 ## 5) Post-Deploy Validation
 1. `GET /api/health` returns `200`.
 2. Admin login works.
 3. RBAC page loads users/roles without crash.
 4. Audit logs page renders with no blank state error.
 5. Profile page can list sessions.
 6. System Management page can load branding/policy/CMS data.
 7. Proxmox sync returns success (or actionable credential/SSL error message).
 ## 6) Incident Rollback Criteria
 Rollback immediately if any of the following persists > 10 minutes:
 1. API health not green.
 2. Migration errors with broken runtime schema.
 3. Login failures for seeded admin.
 4. Persistent 5xx from `/api/proxmox/sync`.
 5. TLS provisioning failure with site unreachable.