Deployment Phase

Objective: Deploy the application to a production-ready server in this case (Hetzner) for now, with proper configuration, security, and monitoring in place.

1. Deployment Preparation¶

1.1 Tools¶

Tool	Purpose
Docker	Build and run application containers.
Hetzner Console	Manage server infrastructure.
Nginx	Reverse proxy for handling HTTP/HTTPS traffic.
Certbot	Generate and renew SSL certificates.

1.2 Checklist¶

Confirm Hetzner credentials and IP address.
Verify that the database credentials are available.
Ensure Docker Hub account access.
Check that the production .env file is ready with correct values.

2. Docker [Local]¶

2.1 Build the Docker Image¶

docker build -t app/app_backend:0.0.1 --build-arg REQUIREMENTS_FILE=prod.txt .

2.2 Test Docker¶

docker run -p 8000:80 app/app_backend:0.0.1

docker login -u app

2.4 Tag the Docker Image¶

docker tag app/app_backend:0.0.1 app/app_backend:0.0.1

2.5 Push the Docker Image¶

docker push app/app_backend:0.0.1

3. Database Setup¶

3.1 Connect to Hetzner Managed Database¶

Retrieve credentials from Hetzner and log in:

psql -d app_db -U app -h some_host.your-server.de

3.2 Verify Database¶

\dt

4. Server Preparation¶

4.1 Connect to the Server¶

ssh root@<ip>

4.2 Install Required Packages¶

apt update
apt install -y docker.io nginx certbot python3-certbot-nginx
systemctl enable --now docker

4.3 Pull Docker Image¶

docker pull app/app_backend:0.0.1

4.4 Set Up Environment Variables¶

Create /app/.env with the following content:

DATABASE_NAME=app_db
DATABASE_USER=app
DATABASE_PASSWORD=<password>
DATABASE_HOST=some_host.your-server.de
DATABASE_PORT=5432
DJANGO_SECRET_KEY=<your_secret_key>
DEBUG=False

5. Docker Deployment [Server]¶

5.1 Run the Docker Container¶

docker run -d --name app_backend \
  --env-file /app/.env \
  -v /app/staticfiles:/app/staticfiles \
  -p 8000:80 \
  app/app_backend:0.0.1

5.2 Verify the Docker Container¶

docker ps
docker logs <container_id>

5.3 Check Database Migrations¶

psql -d app_db -U app -h some_host.your-server.de

Run migrations if needed:

python manage.py migrate

6. Static Files Setup [Server]¶

6.1 Collect Static Files¶

docker exec -it app_backend bash
python manage.py collectstatic --noinput

6.2 Verify Static Files¶

ls /app/staticfiles

7. Nginx Configuration¶

7.1 Configure Nginx¶

Update /etc/nginx/sites-available/default:

server {
    listen 80;
    server_name api.app.no;

    location /static/ {
        alias /app/staticfiles/;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

7.2 Test and Restart Nginx¶

nginx -t
systemctl restart nginx

7.3 Verify Static Files Access¶

curl http://api.app.no/static/admin/css/base.css

8. SSL Setup¶

8.1 Install Certbot¶

apt install certbot python3-certbot-nginx

8.2 Obtain SSL Certificate¶

certbot --nginx -d api.app.no

8.3 Test SSL Certificate¶

curl https://api.app.no

8.4 Enable Auto Renewal¶

certbot renew --dry-run

9. DNS Configuration¶

9.1 Add A Record¶

Type	Host	Value	TTL
A	@	ip 192.0.0.1	1 Hour

9.2 Add CNAME Record (Optional)¶

Type	Host	Value	TTL
CNAME	www	api.app.no	1 Hour

10. Verification and Testing¶

10.1 Verify Application¶

Access the application via https://api.app.no.
Verify API endpoints.
Confirm the database is populated correctly.

10.2 Test Static Files¶

curl https://api.app.no/static/admin/css/base.css

11. Rollback (If Required)¶

TODO separate document

11.1 Stop the Current Container¶

docker stop app_backend
docker rm app_backend

11.2 Deploy the Previous Version¶

docker pull app/app_backend:<previous_version>
docker run -d --name app_backend \
  --env-file /app/.env \
  -v /app/staticfiles:/app/staticfiles \
  -p 8000:80 \
  app/app_backend:<previous_version>

12. Post-Deployment Monitoring¶

12.1 Monitoring¶

Tool	Purpose
Prometheus	Real-time application and server monitoring.
Grafana	Visualization of metrics from Prometheus.
ELK Stack	Centralized log aggregation (Elasticsearch, Logstash, Kibana).

12.2 Set Up Metrics and Alerts¶

Track critical metrics:
CPU and memory usage.
API response times.
Error rates (4xx/5xx HTTP status codes).
Configure alerts for critical thresholds using Prometheus or another monitoring tool.

12.3 Monitor Logs¶

Use ELK Stack or a similar solution to centralize logs:
```
apt install filebeat
filebeat setup
```

13 Firewall Configuration¶

TODO, separate docs as well as cloudflare config and setup todo

Restrict server access:

ufw allow OpenSSH
ufw allow 'Nginx Full'
ufw enable

13.3 Secure Environment Variables¶

Move .env file out of the application directory.

Set permissions to restrict access:

chmod 600 /path/to/.env
chown app_user:app_user /path/to/.env

14 CI/CD GitHub Actions¶

Step	Description
Build Docker image	Automate Docker builds on new code pushes.
Push to Docker Hub	Automatically push the latest images to Docker Hub.
Deploy to Hetzner	SSH into Hetzner and pull the new Docker image.

15. Backup Strategy¶

15.1 Database Backup¶

Schedule automatic backups using pg_dump:

pg_dump -U app -h some_host.your-server.de app_db > app_db_$(date +%F).sql

15.2 Docker Image Backup¶

Tag Docker images with a version before any changes:

docker tag app/app_backend:latest app/app_backend:backup-$(date +%F)
  ```

### 15.3 Environment File Backup
Encrypt sensitive backups using GPG:

```bash
gpg --encrypt --recipient "email@example.com" /path/to/.env

16. E2E Testing After Deployment¶

Test Type	Steps
API Tests	Verify all endpoints return expected responses.
UI Tests	Check user flows in the frontend (if applicable).
Load Tests	Simulate high traffic to test application limits.

17. Regular Maintenance¶

Task	Frequency
Rotate API keys	Monthly
Backup Verification	Weekly
Security Updates	As Needed
Log Review	Daily

18. Rollback Plan¶