# ProxPanel Production Checklist (`my.votcloud.com`) Date baseline: April 18, 2026 Target host: `102.69.243.167` Domain: `my.votcloud.com` ## 1) Pre-Deploy Safety Gate 1. Confirm DNS `A` record points to `102.69.243.167`. 2. Confirm server ports `80` and `443` are reachable externally. 3. Confirm current stack health: - `docker compose --env-file /opt/proxpanel/.env.production -f /opt/proxpanel/infra/deploy/docker-compose.production.yml ps` - `curl -fsS http://127.0.0.1:8080/api/health` ## 2) Backup + Rollback Guardrails 1. Create timestamped release directory: - `/opt/proxpanel-backups//` 2. Backup application working tree: - `rsync -a /opt/proxpanel/ /opt/proxpanel-backups//app/` 3. Backup runtime env: - `cp /opt/proxpanel/.env.production /opt/proxpanel-backups//env.production.bak` 4. Backup Postgres before migration: - `docker exec proxpanel-postgres pg_dump -U proxpanel -d proxpanel > /opt/proxpanel-backups//db_pre_migration.sql` Rollback entrypoint: 1. Restore app files from `/opt/proxpanel-backups//app/`. 2. Restore env file from `/opt/proxpanel-backups//env.production.bak`. 3. Recreate containers with prior source: - `docker compose --env-file /opt/proxpanel/.env.production -f /opt/proxpanel/infra/deploy/docker-compose.production.yml up -d --build` 4. Restore DB if required: - `cat /opt/proxpanel-backups//db_pre_migration.sql | docker exec -i proxpanel-postgres psql -U proxpanel -d proxpanel` ## 3) Deploy Order (Strict) 1. Upload release bundle to server. 2. Extract bundle to `/opt/proxpanel` (keep `.env.production`). 3. Build and start containers: - `docker compose --env-file .env.production -f infra/deploy/docker-compose.production.yml up -d --build` 4. Wait for DB + backend readiness. 5. Apply schema in this order: - `npm run prisma:deploy` - If no migration path or deploy failure, fallback once to `npm run prisma:push` 6. Run seed: - `npm run prisma:seed` 7. Health checks: - API health endpoint - Auth login flow - Key pages load 8. Validate Proxmox sync endpoint with admin token. ## 4) HTTPS + Edge Routing 1. Nginx site config should proxy: - `my.votcloud.com` -> `http://127.0.0.1:` 2. Issue cert: - `certbot --nginx -d my.votcloud.com --non-interactive --agree-tos -m --redirect` 3. Verify: - `curl -I https://my.votcloud.com` - Certificate auto-renew timer active. ## 5) Post-Deploy Validation 1. `GET /api/health` returns `200`. 2. Admin login works. 3. RBAC page loads users/roles without crash. 4. Audit logs page renders with no blank state error. 5. Profile page can list sessions. 6. System Management page can load branding/policy/CMS data. 7. Proxmox sync returns success (or actionable credential/SSL error message). ## 6) Backup Hardening (Offsite + Alerts) 1. Configure `/opt/proxpanel/.backup.env`: - `OFFSITE_BACKUP_ENABLED=true` - `OFFSITE_S3_BUCKET`, `OFFSITE_S3_ACCESS_KEY_ID`, `OFFSITE_S3_SECRET_ACCESS_KEY` - `OFFSITE_S3_ENDPOINT_URL` (required for Wasabi/B2 S3) - `BACKUP_ALERT_WEBHOOK_URL` and/or `BACKUP_ALERT_EMAIL_WEBHOOK_URL` 2. Apply cron wiring: - `sudo bash /opt/proxpanel/infra/deploy/configure-db-backup-cron.sh --run-now` 3. Validate offsite object upload: - `aws s3 ls s3://///` 4. Validate restore-test success and alert pipeline: - force a controlled failure and verify webhook/email delivery ## 7) Incident Rollback Criteria Rollback immediately if any of the following persists > 10 minutes: 1. API health not green. 2. Migration errors with broken runtime schema. 3. Login failures for seeded admin. 4. Persistent 5xx from `/api/proxmox/sync`. 5. TLS provisioning failure with site unreachable.