pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(sprint-6): Phase 1 — Production deployment infrastructure (IONOS)
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details

Browse Source 
- docker-compose.prod.yml: production Docker Compose with health checks, logging, restart policies, resource limits
- deploy/nginx/cannamanage.conf: Nginx reverse proxy with TLS, CSP, security headers, rate limiting
- deploy/.env.production.example: environment template for secrets
- deploy/backup.sh: GPG-encrypted daily/weekly PostgreSQL backup with retention
- deploy/deploy.sh: manual deploy script with health check verification
- .gitea/workflows/deploy.yml: Gitea Actions CI/CD pipeline (test + deploy)
- application-production.properties: Spring Boot production profile (no stacktraces, Swagger disabled, Stripe)
- .gitignore: added .env to prevent accidental secret commits
This commit is contained in:
Patrick Plate
2026-06-12 22:11:43 +02:00
parent 4fa068092f
commit b38902a7ee
8 changed files with 461 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cannamanage-api/src/main/resources/application-production.properties
+50
View File
@@ -0,0 +1,50 @@
# =============================================================================
# Cannamanage — Production Profile
# =============================================================================
# Activated via: SPRING_PROFILES_ACTIVE=production
# =============================================================================
# Database
spring.datasource.url=${SPRING_DATASOURCE_URL}
spring.datasource.username=${SPRING_DATASOURCE_USERNAME}
spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
spring.datasource.hikari.maximum-pool-size=10
spring.datasource.hikari.minimum-idle=2
# JPA
spring.jpa.hibernate.ddl-auto=validate
spring.jpa.show-sql=false
# Flyway
spring.flyway.enabled=true
# JWT Security
cannamanage.security.jwt.secret=${CANNAMANAGE_SECURITY_JWT_SECRET}
cannamanage.security.jwt.access-token-expiry=3600
cannamanage.security.jwt.refresh-token-expiry=2592000
# Stripe
stripe.secret-key=${STRIPE_SECRET_KEY}
stripe.webhook-secret=${STRIPE_WEBHOOK_SECRET}
# Error handling — never expose internals
server.error.include-message=never
server.error.include-stacktrace=never
server.error.include-binding-errors=never
# Actuator — health only, no sensitive details
management.endpoints.web.exposure.include=health
management.endpoint.health.show-details=never
# Logging — production levels
logging.level.root=WARN
logging.level.de.cannamanage=INFO
logging.level.org.springframework.security=WARN
logging.level.org.hibernate.SQL=OFF
# Disable Swagger in production
springdoc.api-docs.enabled=false
springdoc.swagger-ui.enabled=false
# App base URL
app.base-url=https://cannamanage.plate-software.de