pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(sprint-6): Phase 1 — Production deployment infrastructure (IONOS)
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details

Browse Source 
- docker-compose.prod.yml: production Docker Compose with health checks, logging, restart policies, resource limits
- deploy/nginx/cannamanage.conf: Nginx reverse proxy with TLS, CSP, security headers, rate limiting
- deploy/.env.production.example: environment template for secrets
- deploy/backup.sh: GPG-encrypted daily/weekly PostgreSQL backup with retention
- deploy/deploy.sh: manual deploy script with health check verification
- .gitea/workflows/deploy.yml: Gitea Actions CI/CD pipeline (test + deploy)
- application-production.properties: Spring Boot production profile (no stacktraces, Swagger disabled, Stripe)
- .gitignore: added .env to prevent accidental secret commits
This commit is contained in:
Patrick Plate
2026-06-12 22:11:43 +02:00
parent 4fa068092f
commit b38902a7ee
8 changed files with 461 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/.env.production.example
+41
View File
@@ -0,0 +1,41 @@
# =============================================================================
# Cannamanage Production Environment Variables
# =============================================================================
# Copy this file to .env in the project root on the production server:
# cp deploy/.env.production.example .env
# Then fill in all CHANGE_ME values with real secrets.
# =============================================================================
# --- Database ---
DB_NAME=cannamanage
DB_USER=cannamanage
DB_PASSWORD=CHANGE_ME_STRONG_PASSWORD
# --- JWT ---
# Minimum 32 characters, random. Generate with: openssl rand -base64 48
CANNAMANAGE_SECURITY_JWT_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_RANDOM
JWT_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_RANDOM
# --- NextAuth ---
# Generate with: openssl rand -base64 32
NEXTAUTH_SECRET=CHANGE_ME_RANDOM_32_CHARS
NEXTAUTH_URL=https://cannamanage.plate-software.de
# --- Stripe ---
STRIPE_SECRET_KEY=sk_live_CHANGE_ME
STRIPE_WEBHOOK_SECRET=whsec_CHANGE_ME
STRIPE_PUBLISHABLE_KEY=pk_live_CHANGE_ME
# --- Email (SMTP) ---
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USERNAME=CHANGE_ME
SMTP_PASSWORD=CHANGE_ME
SMTP_AUTH=true
SMTP_STARTTLS=true
MAIL_FROM=noreply@cannamanage.de
# --- Backup ---
BACKUP_GPG_RECIPIENT=cannamanage-backup
BACKUP_RETENTION_DAYS=7
BACKUP_RETENTION_WEEKS=4