284 lines
6.8 KiB
Markdown
284 lines
6.8 KiB
Markdown
# 🚀 Quick Start Deployment Guide
|
|
|
|
This guide provides a step-by-step process to set up all prerequisites and deploy the Miracles In Motion application to production.
|
|
|
|
## Prerequisites
|
|
|
|
- Azure subscription with Contributor or Owner role
|
|
- Azure CLI installed and configured
|
|
- Cloudflare account (for DNS/CDN)
|
|
- Stripe account (for payments)
|
|
- Domain name registered (miraclesinmotion.org)
|
|
|
|
## Step 1: Azure Setup
|
|
|
|
### 1.1 Login to Azure
|
|
|
|
```bash
|
|
az login
|
|
az account set --subscription "Your Subscription ID"
|
|
```
|
|
|
|
### 1.2 Create Resource Group
|
|
|
|
```bash
|
|
az group create \
|
|
--name rg-miraclesinmotion-prod \
|
|
--location eastus2
|
|
```
|
|
|
|
### 1.3 Deploy Infrastructure
|
|
|
|
```bash
|
|
cd infrastructure
|
|
|
|
# Update main-production.parameters.json with your values
|
|
# Then deploy:
|
|
az deployment group create \
|
|
--resource-group rg-miraclesinmotion-prod \
|
|
--template-file main-production.bicep \
|
|
--parameters main-production.parameters.json \
|
|
--parameters stripePublicKey="pk_live_YOUR_KEY"
|
|
```
|
|
|
|
## Step 2: MS Entra (Azure AD) Setup
|
|
|
|
### 2.1 Run Setup Script
|
|
|
|
**PowerShell (Windows):**
|
|
```powershell
|
|
.\scripts\setup-azure-entra.ps1 `
|
|
-StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
|
|
-AzureResourceGroup "rg-miraclesinmotion-prod"
|
|
```
|
|
|
|
**Bash (Linux/Mac):**
|
|
```bash
|
|
chmod +x scripts/setup-azure-entra.sh
|
|
./scripts/setup-azure-entra.sh
|
|
```
|
|
|
|
### 2.2 Configure Authentication in Azure Portal
|
|
|
|
1. Navigate to **Static Web App** → **Authentication**
|
|
2. Click **Add identity provider**
|
|
3. Select **Microsoft**
|
|
4. Enter your App Registration ID (from setup script)
|
|
5. Save
|
|
|
|
### 2.3 Assign Users to Roles
|
|
|
|
1. Go to **Microsoft Entra ID** → **App registrations** → Your app
|
|
2. Go to **App roles**
|
|
3. Assign users to Admin, Volunteer, or Resource roles
|
|
|
|
## Step 3: Cloudflare Setup
|
|
|
|
### 3.1 Run Setup Script
|
|
|
|
**PowerShell (Windows):**
|
|
```powershell
|
|
.\scripts\setup-cloudflare.ps1 `
|
|
-Domain "miraclesinmotion.org" `
|
|
-StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
|
|
-AzureResourceGroup "rg-miraclesinmotion-prod" `
|
|
-CloudflareApiToken "YOUR_CLOUDFLARE_API_TOKEN"
|
|
```
|
|
|
|
**Bash (Linux/Mac):**
|
|
```bash
|
|
chmod +x scripts/setup-cloudflare.sh
|
|
export STATIC_WEB_APP_NAME="YOUR_STATIC_WEB_APP_NAME"
|
|
export AZURE_RESOURCE_GROUP="rg-miraclesinmotion-prod"
|
|
./scripts/setup-cloudflare.sh
|
|
```
|
|
|
|
### 3.2 Verify DNS Propagation
|
|
|
|
Wait 24-48 hours for DNS propagation, then verify:
|
|
|
|
```bash
|
|
dig miraclesinmotion.org
|
|
dig www.miraclesinmotion.org
|
|
```
|
|
|
|
## Step 4: Stripe Configuration
|
|
|
|
### 4.1 Get Stripe Keys
|
|
|
|
1. Go to [Stripe Dashboard](https://dashboard.stripe.com)
|
|
2. Navigate to **Developers** → **API keys**
|
|
3. Copy your **Publishable key** and **Secret key**
|
|
|
|
### 4.2 Configure Webhooks
|
|
|
|
1. Go to **Developers** → **Webhooks**
|
|
2. Click **+ Add endpoint**
|
|
3. Set URL: `https://miraclesinmotion.org/api/webhooks/stripe`
|
|
4. Select events: `payment_intent.succeeded`, `payment_intent.payment_failed`
|
|
5. Copy the **Webhook signing secret**
|
|
|
|
### 4.3 Store Secrets in Key Vault
|
|
|
|
```bash
|
|
KEY_VAULT_NAME="YOUR_KEY_VAULT_NAME"
|
|
|
|
az keyvault secret set \
|
|
--vault-name $KEY_VAULT_NAME \
|
|
--name "stripe-publishable-key" \
|
|
--value "pk_live_YOUR_KEY"
|
|
|
|
az keyvault secret set \
|
|
--vault-name $KEY_VAULT_NAME \
|
|
--name "stripe-secret-key" \
|
|
--value "sk_live_YOUR_KEY"
|
|
|
|
az keyvault secret set \
|
|
--vault-name $KEY_VAULT_NAME \
|
|
--name "stripe-webhook-secret" \
|
|
--value "whsec_YOUR_SECRET"
|
|
```
|
|
|
|
## Step 5: Environment Configuration
|
|
|
|
### 5.1 Create Environment File
|
|
|
|
```bash
|
|
cp env.production.template .env.production
|
|
```
|
|
|
|
### 5.2 Update Environment Variables
|
|
|
|
Edit `.env.production` with your actual values:
|
|
|
|
- Azure Client ID (from Step 2)
|
|
- Azure Tenant ID (from Step 2)
|
|
- Stripe keys (from Step 4)
|
|
- Cosmos DB endpoint
|
|
- Application Insights connection string
|
|
- Key Vault URL
|
|
- SignalR connection string
|
|
|
|
## Step 6: Verify Prerequisites
|
|
|
|
### 6.1 Run Deployment Checklist
|
|
|
|
**PowerShell:**
|
|
```powershell
|
|
.\scripts\deployment-checklist.ps1 `
|
|
-ResourceGroupName "rg-miraclesinmotion-prod" `
|
|
-StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
|
|
-FunctionAppName "YOUR_FUNCTION_APP_NAME"
|
|
```
|
|
|
|
This will verify:
|
|
- ✅ Azure CLI and login
|
|
- ✅ Resource group exists
|
|
- ✅ Static Web App exists
|
|
- ✅ Function App exists
|
|
- ✅ Key Vault exists
|
|
- ✅ Cosmos DB exists
|
|
- ✅ Application Insights exists
|
|
- ✅ Azure AD App Registration exists
|
|
- ✅ Cloudflare DNS configured
|
|
- ✅ Stripe keys configured
|
|
- ✅ Environment variables configured
|
|
|
|
## Step 7: Deploy Application
|
|
|
|
### 7.1 Build Application
|
|
|
|
```bash
|
|
npm install --legacy-peer-deps
|
|
npm run build
|
|
```
|
|
|
|
### 7.2 Deploy to Azure
|
|
|
|
```powershell
|
|
.\deploy-production-full.ps1 `
|
|
-ResourceGroupName "rg-miraclesinmotion-prod" `
|
|
-CustomDomain "miraclesinmotion.org" `
|
|
-StripePublicKey "pk_live_YOUR_KEY"
|
|
```
|
|
|
|
## Step 8: Post-Deployment Verification
|
|
|
|
### 8.1 Verify Application
|
|
|
|
1. Navigate to `https://miraclesinmotion.org`
|
|
2. Test authentication flow
|
|
3. Test donation flow
|
|
4. Verify API endpoints
|
|
5. Check Application Insights for errors
|
|
|
|
### 8.2 Verify Security
|
|
|
|
1. Check SSL certificate is valid
|
|
2. Verify HTTPS redirects work
|
|
3. Test role-based access control
|
|
4. Verify secrets are stored in Key Vault
|
|
|
|
### 8.3 Verify Performance
|
|
|
|
1. Check page load times
|
|
2. Verify CDN is working (Cloudflare)
|
|
3. Check API response times
|
|
4. Monitor Application Insights
|
|
|
|
## Troubleshooting
|
|
|
|
### Authentication Not Working
|
|
|
|
- Verify app registration redirect URIs include your domain
|
|
- Check Static Web App authentication configuration in Azure Portal
|
|
- Verify user roles are assigned in Azure AD
|
|
- Check browser console for errors
|
|
|
|
### DNS Not Resolving
|
|
|
|
- Verify nameservers are updated at domain registrar
|
|
- Wait 24-48 hours for DNS propagation
|
|
- Check Cloudflare DNS records
|
|
- Verify CNAME records point to correct Azure endpoint
|
|
|
|
### SSL Certificate Issues
|
|
|
|
- Verify Cloudflare SSL mode is "Full (strict)"
|
|
- Check Azure Static Web App custom domain configuration
|
|
- Wait for SSL certificate provisioning (up to 24 hours)
|
|
|
|
### Stripe Webhook Not Working
|
|
|
|
- Verify webhook endpoint URL is correct
|
|
- Check webhook signing secret
|
|
- Verify Function App is receiving webhook events
|
|
- Check Function App logs for errors
|
|
|
|
## Next Steps
|
|
|
|
After successful deployment:
|
|
|
|
1. Set up monitoring and alerts
|
|
2. Configure backup and disaster recovery
|
|
3. Set up CI/CD pipeline
|
|
4. Schedule regular security audits
|
|
5. Set up performance monitoring
|
|
6. Configure log retention policies
|
|
7. Set up cost alerts
|
|
|
|
## Support
|
|
|
|
For issues or questions:
|
|
|
|
- Check [DEPLOYMENT_PREREQUISITES.md](./DEPLOYMENT_PREREQUISITES.md) for detailed documentation
|
|
- Review Azure Portal logs
|
|
- Check Application Insights for errors
|
|
- Contact the development team
|
|
|
|
---
|
|
|
|
**Last Updated**: January 2025
|
|
**Maintained by**: Miracles In Motion Development Team
|
|
|