nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1b7e4b94b5
fiddy/docs/public-launch-runbook.md

66 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Public Launch Runbook (Self-Hosted + Dokploy)
## 1) Goals
- Deploy Fiddy publicly without stack rewrite.
- Keep Postgres self-hosted.
- Enable fast rollback and basic operational visibility.
- Keep security baseline enforceable for direct home-IP exposure.
## 2) Deploy Control Plane (Dokploy)
1. Install Dokploy on your Proxmox Docker host.
2. Add project in Dokploy and connect Gitea repository.
3. Configure image source: `git.nicosaya.com/nalalangan/fiddy/web`.
4. Deploy by immutable tag (`github.sha`) and keep `main` as convenience tag.
5. Configure health check endpoint: `/api/health/ready`.
6. Keep previous releases for rollback and verify rollback button path.
### Required secrets/variables
- `DATABASE_URL`
- `DATABASE_SSL`
- `ALLOWED_DB_NAMES`
- `SESSION_COOKIE_NAME`
- `SESSION_TTL_DAYS`
- `DEBUG_API=0`
## 3) CI/CD (Gitea Actions)
- Use `.gitea/workflows/deploy-dokploy.yml`.
- Required secrets:
- `REGISTRY_USER`
- `REGISTRY_PASS`
- `DOKPLOY_DEPLOY_HOOK`
## 4) Reverse Proxy + Network Hardening
- Use `docker/nginx/fiddy.conf` as baseline.
- Install certificate with Lets Encrypt.
- Route 443 -> app container only.
- Keep Postgres private; never expose 5432 publicly.
- Restrict SSH to allowlist/VPN.
- Add host firewall rules:
- Allow inbound `80/443`.
- Deny all other inbound by default.
## 5) Observability
- Bring up monitoring stack:
- `docker compose -f docker/observability/docker-compose.observability.yml up -d`
- Configure Grafana datasource to Loki (`http://loki:3100`).
- Add Uptime Kuma monitors:
- `/api/health/live`
- `/api/health/ready`
- home page (`/`)
## 6) Backup + Restore
- Daily backup command:
- `scripts/backup-postgres.sh`
- Retention:
- default 7 days (`RETENTION_DAYS=7`)
- Restore drill:
- `scripts/restore-postgres.sh backups/postgres/<file>.dump <target_database_url>`
- Run restore drill on non-prod DB before public launch.
## 7) Incident Response Quick Flow
1. Identify failing request and `request_id`.
2. Correlate application logs (Loki) by `request_id`.
3. Check `/api/health/ready` status and DB connectivity.
4. Roll back to previous known-good Dokploy release if needed.
5. Capture root cause and update this runbook/checklist.
Reference in New Issue View Git Blame Copy Permalink