d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ca14deb4cc9102e088f4d7b86fbcd05abd3d0a0
explorer-monorepo/deployment/DEPLOYMENT_CHECKLIST.md

5.1 KiB
Raw Blame History

Deployment Checklist

Use this checklist to track deployment progress.

Pre-Deployment

  • Proxmox VE host accessible
  • Cloudflare account ready
  • Domain registered and on Cloudflare
  • Cloudflare API token created
  • SSH access configured
  • Backup strategy defined

Phase 1: LXC Container Setup

  • LXC container created (ID: _____)
  • Container resources allocated (CPU/RAM/Disk)
  • Container started and accessible
  • Base packages installed
  • Deployment user created
  • SSH configured

Phase 2: Application Installation

  • Go 1.21+ installed
  • Node.js 20+ installed
  • Docker & Docker Compose installed
  • Repository cloned
  • Backend dependencies installed (go mod download)
  • Frontend dependencies installed (npm ci)
  • Backend applications built
  • Frontend application built (npm run build)

Phase 3: Database Setup

  • PostgreSQL 16 installed
  • TimescaleDB extension installed
  • Database explorer created
  • User explorer created
  • Database migrations run
  • PostgreSQL tuned for performance
  • Backup script configured

Phase 4: Infrastructure Services

  • Elasticsearch/OpenSearch deployed
  • Redis deployed
  • Services verified and accessible
  • Services configured to auto-start

Phase 5: Application Services

  • Environment variables configured (.env file)
  • Systemd service files created:
    • explorer-indexer.service
    • explorer-api.service
    • explorer-frontend.service
  • Services enabled
  • Services started
  • Service status verified
  • Logs checked for errors

Phase 6: Nginx Reverse Proxy

  • Nginx installed
  • Nginx configuration file created
  • Configuration tested (nginx -t)
  • Site enabled
  • Nginx started
  • Reverse proxy working
  • Health check endpoint accessible

Phase 7: Cloudflare Configuration

DNS

  • A record created for explorer.d-bis.org
  • CNAME record created for www.explorer.d-bis.org
  • DNS records set to "Proxied" (orange cloud)
  • DNS propagation verified

SSL/TLS

  • SSL/TLS mode set to "Full (strict)"
  • Always Use HTTPS enabled
  • Automatic HTTPS Rewrites enabled
  • TLS 1.3 enabled
  • Certificate status verified

Cloudflare Tunnel (if using)

  • cloudflared installed
  • Authenticated with Cloudflare
  • Tunnel created
  • Tunnel configuration file created
  • Tunnel systemd service installed
  • Tunnel started and running
  • Tunnel status verified

WAF & Security

  • Cloudflare Managed Ruleset enabled
  • OWASP Core Ruleset enabled
  • Rate limiting rules configured
  • DDoS protection enabled
  • Bot protection configured

Caching

  • Caching level configured
  • Cache rules created:
    • Static assets rule
    • API bypass rule
    • Frontend pages rule

Phase 8: Security Hardening

  • Firewall (UFW) configured
  • Only necessary ports opened
  • Cloudflare IP ranges allowed (if direct connection)
  • Fail2ban installed and configured
  • Automatic updates configured
  • Log rotation configured
  • Backup script created and tested
  • Backup cron job configured

Phase 9: Monitoring & Maintenance

  • Health check script created
  • Health check cron job configured
  • Log monitoring configured
  • Cloudflare analytics reviewed
  • Alerts configured (email/Slack/etc)
  • Documentation updated

Post-Deployment Verification

Services

  • All systemd services running
  • No service errors in logs
  • Database connection working
  • Indexer processing blocks
  • API responding to requests
  • Frontend loading correctly

Network

  • DNS resolving correctly
  • HTTPS working (if direct connection)
  • Cloudflare Tunnel connected (if using)
  • Nginx proxying correctly
  • WebSocket connections working

Functionality

  • Homepage loads
  • Block list page works
  • Transaction list page works
  • Search functionality works
  • API endpoints responding
  • Health check endpoint working

Security

  • Security headers present
  • SSL/TLS certificate valid
  • Firewall rules active
  • Fail2ban active
  • No sensitive files exposed

Performance

  • Response times acceptable
  • Caching working
  • CDN serving static assets
  • Database queries optimized

Maintenance Schedule

Daily

  • Check service status
  • Review error logs
  • Check Cloudflare analytics

Weekly

  • Review security logs
  • Check disk space
  • Verify backups completed

Monthly

  • Update system packages
  • Optimize database
  • Update application dependencies
  • Review resource usage
  • Test disaster recovery

Emergency Contacts

Notes

Use this space for deployment-specific notes and issues encountered.

Deployment Date: _______________ Deployed By: _______________ Container ID: _______________ Domain: explorer.d-bis.org

Reference in New Issue View Git Blame Copy Permalink