d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f46bd213badc9d0ef9e7c0ce87e6f64dc262e70d
explorer-monorepo/deployment/DEPLOYMENT_TASKS.md
defiQUG f46bd213ba refactor: rename SolaceScanScout to Solace and update related configurations 
- Updated branding from "SolaceScanScout" to "Solace" across various files including deployment scripts, API responses, and documentation.
- Changed default base URL for Playwright tests and updated security headers to reflect the new branding.
- Enhanced README and API documentation to include new authentication endpoints and product access details.

This refactor aligns the project branding and improves clarity in the API documentation.
2026-04-10 12:52:17 -07:00

19 KiB
Raw Blame History

Complete Deployment Task List

This document provides a detailed checklist of all tasks required to deploy the ChainID 138 Explorer Platform using LXC, Nginx, Cloudflare DNS, SSL, and Cloudflare Tunnel.

📋 Complete Task List (71 Tasks)

PRE-DEPLOYMENT (5 tasks)

Task 1: Verify Prerequisites

  • Access to Proxmox VE host with LXC support
  • Cloudflare account created and domain added
  • Domain DNS managed by Cloudflare
  • Cloudflare API token created (with DNS edit permissions)
  • SSH access to Proxmox host configured

PHASE 1: LXC CONTAINER SETUP (8 tasks)

Task 2: Create LXC Container

  • Log into Proxmox host
  • Download Ubuntu 22.04 template (if not exists)
  • Run container creation command
  • Verify container created successfully
  • Note container ID for future reference

Task 3: Start and Access Container

  • Start container: pct start <CONTAINER_ID>
  • Access container: pct enter <CONTAINER_ID>
  • Verify network connectivity
  • Update system: apt update && apt upgrade -y

Task 4: Install Base Packages

  • Install essential packages (curl, wget, git, vim, etc.)
  • Install firewall: apt install -y ufw
  • Install fail2ban: apt install -y fail2ban
  • Install security updates tool: apt install -y unattended-upgrades

Task 5: Configure System Settings

  • Set timezone: timedatectl set-timezone UTC
  • Configure hostname: hostnamectl set-hostname explorer-prod
  • Configure locale settings

Task 6: Create Deployment User

  • Create user: adduser explorer
  • Add to sudo group: usermod -aG sudo explorer
  • Configure SSH access for new user
  • Disable root SSH login in /etc/ssh/sshd_config
  • Restart SSH service

PHASE 2: APPLICATION INSTALLATION (12 tasks)

Task 7: Install Go 1.21+

  • Download Go 1.21.6: wget https://go.dev/dl/go1.21.6.linux-amd64.tar.gz
  • Extract to /usr/local/go
  • Add Go to PATH in /etc/profile and ~/.bashrc
  • Source profile or logout/login
  • Verify: go version (should show 1.21.6+)

Task 8: Install Node.js 20+

  • Add NodeSource repository
  • Install Node.js 20.x
  • Verify: node --version (should show v20.x.x+)
  • Verify: npm --version

Task 9: Install Docker & Docker Compose

  • Add Docker GPG key
  • Add Docker repository
  • Install Docker CE
  • Install Docker Compose plugin
  • Start Docker service: systemctl start docker
  • Enable Docker on boot: systemctl enable docker
  • Add explorer user to docker group
  • Verify: docker --version and docker compose version

Task 10: Clone Repository

  • Switch to deployment user: su - explorer
  • Navigate to home: cd /home/explorer
  • Clone repository: git clone <repo-url> explorer-monorepo
  • Verify repository cloned correctly

Task 11: Install Dependencies

  • Navigate to backend: cd explorer-monorepo/backend
  • Download Go modules: go mod download
  • Navigate to frontend: cd ../frontend
  • Install npm packages: npm ci --production

Task 12: Build Applications

  • Build indexer: go build -o /usr/local/bin/explorer-indexer ./indexer/main.go
  • Build API: go build -o /usr/local/bin/explorer-api ./api/rest/main.go
  • Build gateway: go build -o /usr/local/bin/explorer-gateway ./api/gateway/main.go
  • Build search service: go build -o /usr/local/bin/explorer-search ./api/search/main.go
  • Build frontend: cd frontend && npm run build
  • Verify all binaries exist and are executable

PHASE 3: DATABASE SETUP (10 tasks)

Task 13: Install PostgreSQL 16

  • Add PostgreSQL APT repository
  • Add PostgreSQL GPG key
  • Update package list
  • Install PostgreSQL 16: apt install -y postgresql-16 postgresql-contrib-16

Task 14: Install TimescaleDB

  • Add TimescaleDB repository
  • Add TimescaleDB GPG key
  • Update package list
  • Install TimescaleDB: apt install -y timescaledb-2-postgresql-16
  • Run TimescaleDB tuner: timescaledb-tune --quiet --yes
  • Restart PostgreSQL: systemctl restart postgresql

Task 15: Create Database and User

  • Switch to postgres user: su - postgres
  • Create database user: CREATE USER explorer WITH PASSWORD '<SECURE_PASSWORD>'
  • Create database: CREATE DATABASE explorer OWNER explorer;
  • Connect to database: \c explorer
  • Enable TimescaleDB extension: CREATE EXTENSION IF NOT EXISTS timescaledb;
  • Enable UUID extension: CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
  • Grant privileges: GRANT ALL PRIVILEGES ON DATABASE explorer TO explorer;

Task 16: Run Database Migrations

  • Return to deployment user
  • Navigate to backend: cd /home/explorer/explorer-monorepo/backend
  • Run migrations: go run database/migrations/migrate.go
  • Verify migrations completed successfully
  • Check database tables exist

Task 17: Configure PostgreSQL

  • Edit postgresql.conf: /etc/postgresql/16/main/postgresql.conf
  • Set max_connections = 100
  • Set shared_buffers = 4GB
  • Set effective_cache_size = 12GB
  • Set other performance tuning parameters
  • Edit pg_hba.conf for local connections
  • Restart PostgreSQL: systemctl restart postgresql
  • Verify PostgreSQL is running: systemctl status postgresql

PHASE 4: INFRASTRUCTURE SERVICES (6 tasks)

Task 18: Deploy Elasticsearch/OpenSearch

  • Navigate to deployment directory: cd /home/explorer/explorer-monorepo/deployment
  • Start Elasticsearch: docker compose -f docker-compose.yml up -d elasticsearch
  • Wait for Elasticsearch to be ready
  • Verify Elasticsearch: curl http://localhost:9200

Task 19: Deploy Redis

  • Start Redis: docker compose -f docker-compose.yml up -d redis
  • Verify Redis: redis-cli ping
  • Verify both services running: docker ps

PHASE 5: APPLICATION SERVICES (10 tasks)

Task 20: Create Environment Configuration

  • Copy .env.example to .env: cp .env.example .env
  • Edit .env file with production values
  • Set database credentials
  • Set RPC URLs and Chain ID
  • Set API URLs and ports
  • Verify all required variables are set
  • Set proper file permissions: chmod 600 .env

Task 21: Create Systemd Service Files

  • Create /etc/systemd/system/explorer-indexer.service
  • Create /etc/systemd/system/explorer-api.service
  • Create /etc/systemd/system/solacescanscout-frontend.service
  • Set proper ownership: chown root:root /etc/systemd/system/explorer-*.service /etc/systemd/system/solacescanscout-frontend.service
  • Set proper permissions: chmod 644 /etc/systemd/system/explorer-*.service /etc/systemd/system/solacescanscout-frontend.service

Task 22: Enable and Start Services

  • Reload systemd: systemctl daemon-reload
  • Enable indexer: systemctl enable explorer-indexer
  • Enable API: systemctl enable explorer-api
  • Enable frontend: systemctl enable solacescanscout-frontend
  • Start indexer: systemctl start explorer-indexer
  • Start API: systemctl start explorer-api
  • Start frontend: systemctl start solacescanscout-frontend

Task 23: Verify Services

  • Check indexer status: systemctl status explorer-indexer
  • Check API status: systemctl status explorer-api
  • Check frontend status: systemctl status solacescanscout-frontend
  • Check indexer logs: journalctl -u explorer-indexer -f
  • Check API logs: journalctl -u explorer-api -f
  • Check frontend logs: journalctl -u solacescanscout-frontend -f
  • Verify API responds: curl http://localhost:8080/health
  • Verify frontend responds: curl http://localhost:3000

PHASE 6: NGINX REVERSE PROXY (9 tasks)

Task 24: Install Nginx

  • Install Nginx: apt install -y nginx
  • Verify installation: nginx -v

Task 25: Create Nginx Configuration

  • Copy config template: cp deployment/nginx/explorer.conf /etc/nginx/sites-available/explorer
  • Edit configuration file (update domain if needed)
  • Enable site: ln -s /etc/nginx/sites-available/explorer /etc/nginx/sites-enabled/
  • Remove default site: rm /etc/nginx/sites-enabled/default
  • Test configuration: nginx -t
  • If test passes, reload Nginx: systemctl reload nginx

Task 26: Configure Rate Limiting

  • Verify rate limiting zones in config
  • Adjust rate limits as needed
  • Test rate limiting (optional)

Task 27: Test Nginx Proxy

  • Verify Nginx is running: systemctl status nginx
  • Test HTTP endpoint: curl -I http://localhost
  • Test API proxy: curl http://localhost/api/v1/blocks
  • Check Nginx access logs: tail -f /var/log/nginx/explorer-access.log
  • Check Nginx error logs: tail -f /var/log/nginx/explorer-error.log

PHASE 7: CLOUDFLARE CONFIGURATION (18 tasks)

Task 28: Set Up Cloudflare DNS Records

  • Login to Cloudflare Dashboard
  • Select domain
  • Go to DNS → Records
  • Add A record for explorer (or @):
    • Type: A
    • Name: explorer
    • IPv4: [Your server IP] (if direct) or leave empty (if tunnel)
    • Proxy: Proxied (orange cloud)
    • TTL: Auto
  • Add CNAME for www:
    • Type: CNAME
    • Name: www
    • Target: explorer.d-bis.org
    • Proxy: Proxied
    • TTL: Auto
  • Save DNS records
  • Verify DNS propagation

Task 29: Configure Cloudflare SSL/TLS

  • Go to SSL/TLS → Overview
  • Set encryption mode to: Full (strict)
  • Go to SSL/TLS → Edge Certificates
  • Enable: "Always Use HTTPS"
  • Enable: "Automatic HTTPS Rewrites"
  • Enable: "Opportunistic Encryption"
  • Enable: "TLS 1.3"
  • Save settings

Task 30: Install Cloudflare Tunnel (cloudflared)

  • Download cloudflared: wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
  • Install: dpkg -i cloudflared-linux-amd64.deb
  • Verify: cloudflared --version

Task 31: Authenticate Cloudflare Tunnel

  • Run: cloudflared tunnel login
  • Follow browser authentication
  • Verify authentication successful

Task 32: Create Cloudflare Tunnel

  • Create tunnel: cloudflared tunnel create explorer-tunnel
  • List tunnels: cloudflared tunnel list
  • Note tunnel ID

Task 33: Configure Cloudflare Tunnel

  • Create config directory: mkdir -p /etc/cloudflared
  • Copy tunnel config template: cp deployment/cloudflare/tunnel-config.yml /etc/cloudflared/config.yml
  • Edit config file with tunnel ID
  • Update hostnames in config
  • Verify config: cloudflared tunnel --config /etc/cloudflared/config.yml ingress validate

Task 34: Install Cloudflare Tunnel as Service

  • Install service: cloudflared service install
  • Enable service: systemctl enable cloudflared
  • Start service: systemctl start cloudflared
  • Check status: systemctl status cloudflared
  • View logs: journalctl -u cloudflared -f

Task 35: Verify Cloudflare Tunnel

  • Check tunnel is running: cloudflared tunnel info explorer-tunnel
  • Verify DNS routes are configured in Cloudflare dashboard
  • Test domain access: curl -I https://explorer.d-bis.org
  • Verify SSL certificate is active

Task 36: Configure Cloudflare WAF

  • Go to Security → WAF
  • Enable Cloudflare Managed Ruleset
  • Enable OWASP Core Ruleset
  • Create custom rate limiting rule (if needed)
  • Save rules

Task 37: Configure Cloudflare Caching

  • Go to Caching → Configuration
  • Set Caching Level: Standard
  • Go to Caching → Cache Rules
  • Create rule for static assets (Cache everything, Edge TTL: 1 year)
  • Create rule for API endpoints (Bypass cache)
  • Create rule for frontend pages (Cache HTML for 5 minutes)

Task 38: Configure DDoS Protection

  • Go to Security → DDoS
  • Enable DDoS protection
  • Configure protection level (Medium recommended)
  • Review and adjust as needed

PHASE 8: SECURITY HARDENING (12 tasks)

Task 39: Configure Firewall (UFW)

  • Enable UFW: ufw --force enable
  • Allow SSH: ufw allow 22/tcp
  • Allow HTTP: ufw allow 80/tcp (if direct connection)
  • Allow HTTPS: ufw allow 443/tcp (if direct connection)
  • Add Cloudflare IP ranges (if direct connection)
  • Check status: ufw status verbose

Task 40: Configure Fail2ban

  • Create Nginx jail config: /etc/fail2ban/jail.d/nginx.conf
  • Configure nginx-limit-req jail
  • Configure nginx-botsearch jail
  • Restart fail2ban: systemctl restart fail2ban
  • Check status: fail2ban-client status

Task 41: Configure Automatic Updates

  • Configure /etc/apt/apt.conf.d/50unattended-upgrades
  • Enable security updates only
  • Disable automatic reboot
  • Enable service: systemctl enable unattended-upgrades
  • Start service: systemctl start unattended-upgrades

Task 42: Configure Log Rotation

  • Create logrotate config: /etc/logrotate.d/explorer
  • Set rotation schedule (daily)
  • Set retention (30 days)
  • Configure compression
  • Test: logrotate -d /etc/logrotate.d/explorer

Task 43: Set Up Backup Script

  • Create backup script: /usr/local/bin/explorer-backup.sh
  • Configure database backup
  • Configure config file backup
  • Set cleanup of old backups
  • Make executable: chmod +x /usr/local/bin/explorer-backup.sh
  • Test backup script manually
  • Add to crontab: Daily at 2 AM

Task 44: Secure Environment File

  • Set proper permissions: chmod 600 /home/explorer/explorer-monorepo/.env
  • Verify only owner can read: ls -l .env
  • Add .env to .gitignore (verify)

Task 45: Configure SSH Hardening

  • Edit /etc/ssh/sshd_config
  • Disable root login: PermitRootLogin no
  • Disable password authentication (use keys only): PasswordAuthentication no
  • Set SSH port (optional, change from 22)
  • Restart SSH: systemctl restart sshd
  • Test SSH connection before closing session

PHASE 9: MONITORING & MAINTENANCE (8 tasks)

Task 46: Create Health Check Script

  • Create script: /usr/local/bin/explorer-health-check.sh
  • Configure API health check
  • Configure service restart on failure
  • Add alert mechanism (email/Slack)
  • Make executable: chmod +x /usr/local/bin/explorer-health-check.sh
  • Test script manually

Task 47: Configure Health Check Cron Job

  • Add to crontab: Every 5 minutes
  • Verify cron job added: crontab -l

Task 48: Set Up Log Monitoring

  • Install logwatch: apt install -y logwatch
  • Configure logwatch
  • Set up daily log summaries (optional)

Task 49: Configure Cloudflare Analytics

  • Access Cloudflare Analytics dashboard
  • Set up custom dashboards
  • Configure alert thresholds

Task 50: Set Up Alerts

  • Configure email alerts in Cloudflare
  • Set up high error rate alerts
  • Set up DDoS detection alerts
  • Set up certificate expiration alerts
  • Test alert mechanism

POST-DEPLOYMENT VERIFICATION (13 tasks)

Task 51: Verify All Services

  • Check all systemd services: systemctl status explorer-*
  • Verify no service errors
  • Check service logs for warnings

Task 52: Verify Database

  • Test database connection: psql -U explorer -d explorer -h localhost
  • Check database tables exist
  • Verify migrations applied

Task 53: Verify Infrastructure Services

  • Check Elasticsearch: curl http://localhost:9200
  • Check Redis: redis-cli ping
  • Check Docker containers: docker ps

Task 54: Verify API

  • Test health endpoint: curl https://explorer.d-bis.org/api/health
  • Test blocks endpoint: curl https://explorer.d-bis.org/api/v1/blocks
  • Test transactions endpoint
  • Test search endpoint

Task 55: Verify Frontend

  • Open browser: https://explorer.d-bis.org
  • Verify homepage loads
  • Test navigation
  • Verify static assets load

Task 56: Verify DNS

  • Check DNS resolution: dig explorer.d-bis.org
  • Verify DNS points to Cloudflare IPs
  • Test from multiple locations

Task 57: Verify SSL/TLS

  • Check SSL certificate: openssl s_client -connect explorer.d-bis.org:443 -servername explorer.d-bis.org
  • Verify certificate is valid
  • Verify TLS 1.3 is enabled
  • Check SSL Labs rating (optional): https://www.ssllabs.com/ssltest/

Task 58: Verify Cloudflare Tunnel

  • Check tunnel status: systemctl status cloudflared
  • View tunnel info: cloudflared tunnel info explorer-tunnel
  • Check tunnel logs for errors

Task 59: Verify Nginx

  • Check Nginx status: systemctl status nginx
  • Test configuration: nginx -t
  • Check access logs
  • Check error logs

Task 60: Verify Security

  • Test firewall: ufw status
  • Test fail2ban: fail2ban-client status
  • Verify security headers present
  • Test rate limiting (optional)

Task 61: Verify Performance

  • Test response times
  • Verify caching working
  • Check Cloudflare cache hit ratio
  • Monitor resource usage

Task 62: Verify Monitoring

  • Test health check script
  • Verify cron jobs running
  • Check log rotation working
  • Verify backups running

Task 63: Documentation

  • Document deployed version
  • Document configuration changes
  • Document known issues
  • Update deployment checklist

OPTIONAL ENHANCEMENTS (8 tasks)

Task 64: Set Up Let's Encrypt Certificates (Optional)

  • Install certbot: apt install -y certbot python3-certbot-nginx
  • Obtain certificate: certbot --nginx -d explorer.d-bis.org -d www.explorer.d-bis.org
  • Test renewal: certbot renew --dry-run
  • Set up auto-renewal cron job

Task 65: Configure CDN for Static Assets

  • Configure Cloudflare cache rules
  • Set up custom cache headers
  • Verify CDN serving static assets

Task 66: Set Up Monitoring Dashboard (Optional)

  • Install Prometheus (optional)
  • Install Grafana (optional)
  • Configure dashboards
  • Set up alerts

Task 67: Configure Database Replication (Optional)

  • Set up read replica
  • Configure connection pooling
  • Update application config

Task 68: Set Up Load Balancing (Optional)

  • Configure multiple API instances
  • Set up load balancer
  • Configure health checks

Task 69: Configure Auto-Scaling (Optional)

  • Set up monitoring metrics
  • Configure scaling rules
  • Test auto-scaling

Task 70: Set Up Disaster Recovery

  • Configure automated backups
  • Set up backup verification
  • Document recovery procedures
  • Test recovery process

Task 71: Performance Optimization

  • Optimize database queries
  • Configure Redis caching
  • Optimize Nginx config
  • Review and optimize Cloudflare settings

📊 Deployment Summary

  • Total Tasks: 71
  • Required Tasks: 63
  • Optional Tasks: 8
  • Estimated Time: 6-8 hours (first deployment)

🚀 Quick Start Commands

# 1. Run automated deployment script (Phase 1-2)
./deployment/scripts/deploy-lxc.sh

# 2. Follow manual steps for remaining phases
# See DEPLOYMENT_GUIDE.md for detailed instructions

# 3. Use checklist to track progress
# See DEPLOYMENT_CHECKLIST.md

📝 Notes

  • Tasks marked with ⚠️ require careful attention
  • Tasks marked with can be automated
  • Always test in staging before production
  • Keep backups before major changes
  • Document any deviations from standard procedure

Last Updated: 2024-12-23 Version: 1.0.0

Reference in New Issue View Git Blame Copy Permalink