8.9 KiB
8.9 KiB
SolarBank IoT Dashboard - Production Deployment Guide
This guide will walk you through deploying the SolarBank IoT Dashboard to a production server with SSL certificates, security hardening, and monitoring.
Prerequisites
Before starting the deployment, ensure your server meets these requirements:
System Requirements
- OS: Ubuntu 20.04+ / CentOS 8+ / Debian 11+
- RAM: Minimum 4GB, Recommended 8GB+
- CPU: Minimum 2 cores, Recommended 4+ cores
- Storage: Minimum 20GB free space
- Network: Public IP address with ports 80 and 443 accessible
Software Requirements
- Docker 20.10+
- Docker Compose 2.0+
- Git
- Curl
- A registered domain name pointing to your server
Domain and DNS Setup
- Register a domain name (e.g.,
yourdomain.com) - Create an A record pointing to your server's public IP address
- Wait for DNS propagation (can take up to 24 hours)
Quick Start
1. Clone the Repository
git clone <your-repo-url>
cd solarbank
2. Configure Environment Variables
# Copy the production environment template
cp environment.prod.example .env.prod
# Edit the configuration with your values
nano .env.prod
Critical values to change in .env.prod:
DOMAIN_NAME: Your actual domain (e.g.,example.com)EMAIL: Your email for Let's Encrypt notificationsSECRET_KEY: Generate withpython -c "import secrets; print(secrets.token_urlsafe(32))"JWT_SECRET_KEY: Generate withpython -c "import secrets; print(secrets.token_urlsafe(32))"POSTGRES_PASSWORD: Strong database passwordPOSTGRES_INITDB_ROOT_PASSWORD: Strong root passwordBACKEND_CORS_ORIGINS: Your domain URLs in JSON format
3. Run the Deployment Script
# Make scripts executable
chmod +x scripts/*.sh
# Run the deployment
./scripts/deploy.sh
The deployment script will:
- Check system requirements
- Validate environment configuration
- Set up SSL certificates with Let's Encrypt
- Build and deploy all services
- Run database migrations
- Set up automated backups
- Perform health checks
4. Verify Deployment
After deployment, your application should be accessible at:
- Frontend:
https://yourdomain.com - API:
https://yourdomain.com/api - API Documentation:
https://yourdomain.com/api/docs
Detailed Configuration
Environment Variables Reference
Project Configuration
PROJECT_NAME=SolarBank IoT Dashboard
API_PREFIX=/api
DEBUG=false
ENV=production
Security Configuration
SECRET_KEY=your-secret-key-here # Generate random 32+ chars
JWT_SECRET_KEY=your-jwt-secret-key-here # Generate random 32+ chars
JWT_ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=11520 # 8 days
CORS Configuration
# JSON array of allowed origins
BACKEND_CORS_ORIGINS=["https://yourdomain.com", "https://www.yourdomain.com"]
Database Configuration
POSTGRES_SERVER=db
POSTGRES_USER=solarbank
POSTGRES_PASSWORD=secure-password-here # Change this!
POSTGRES_DB=solarbank_iot
POSTGRES_INITDB_ROOT_PASSWORD=root-password # Change this!
Frontend Configuration
REACT_APP_API_URL=https://yourdomain.com/api
REACT_APP_MAPBOX_TOKEN=optional-mapbox-token
SSL/Domain Configuration
DOMAIN_NAME=yourdomain.com # Your actual domain
EMAIL=your-email@domain.com # For Let's Encrypt
Advanced Configuration
Custom SSL Certificates
If you have your own SSL certificates instead of using Let's Encrypt:
-
Place your certificates in
nginx/certbot/conf/live/yourdomain.com/:fullchain.pem: Full certificate chainprivkey.pem: Private key
-
Skip SSL setup during deployment:
./scripts/deploy.sh --no-ssl
Database Backups
Automated backups are configured to run daily at 2 AM. Manual backup:
./scripts/backup-database.sh
Restore from backup:
# Stop the application
docker-compose -f docker-compose.prod.yml down
# Restore database
gunzip -c backups/solarbank_backup_YYYYMMDD_HHMMSS.sql.gz | \
docker-compose -f docker-compose.prod.yml exec -T db \
psql -U solarbank -d solarbank_iot
# Restart application
docker-compose -f docker-compose.prod.yml up -d
Monitoring and Logs
View service logs:
# All services
docker-compose -f docker-compose.prod.yml logs -f
# Specific service
docker-compose -f docker-compose.prod.yml logs -f backend
docker-compose -f docker-compose.prod.yml logs -f frontend
docker-compose -f docker-compose.prod.yml logs -f nginx
Check service status:
docker-compose -f docker-compose.prod.yml ps
Health check endpoints:
- Backend:
https://yourdomain.com/api/health - Frontend:
https://yourdomain.com/health
Maintenance
Updating the Application
# Update deployment with latest changes
./scripts/deploy.sh --update
Renewing SSL Certificates
SSL certificates auto-renew via the certbot container. Manual renewal:
docker-compose -f docker-compose.prod.yml exec certbot certbot renew
docker-compose -f docker-compose.prod.yml exec nginx nginx -s reload
Scaling Services
To handle more traffic, scale backend instances:
docker-compose -f docker-compose.prod.yml up -d --scale backend=3
Security Considerations
Server Security
-
Firewall Configuration:
# Ubuntu/Debian ufw allow ssh ufw allow 80/tcp ufw allow 443/tcp ufw enable # CentOS/RHEL firewall-cmd --permanent --add-service=ssh firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload -
SSH Hardening:
- Disable root login
- Use SSH keys instead of passwords
- Change default SSH port
-
System Updates:
# Ubuntu/Debian apt update && apt upgrade -y # CentOS/RHEL yum update -y
Application Security
- All passwords are hashed using bcrypt
- JWT tokens have configurable expiration
- CORS is properly configured
- Security headers are set via nginx
- Rate limiting is enabled for API endpoints
Database Security
- Database is not exposed to the internet
- Strong passwords are required
- Regular backups are maintained
- Database runs as non-root user
Troubleshooting
Common Issues
SSL Certificate Issues
# Check certificate status
docker-compose -f docker-compose.prod.yml logs certbot
# Test certificate renewal
docker-compose -f docker-compose.prod.yml exec certbot certbot renew --dry-run
# Regenerate certificates
./scripts/deploy.sh --ssl-only
Database Connection Issues
# Check database logs
docker-compose -f docker-compose.prod.yml logs db
# Test database connection
docker-compose -f docker-compose.prod.yml exec db psql -U solarbank -d solarbank_iot
Service Not Starting
# Check service status
docker-compose -f docker-compose.prod.yml ps
# Check specific service logs
docker-compose -f docker-compose.prod.yml logs backend
Performance Issues
# Check resource usage
docker stats
# Monitor system resources
htop
df -h
free -h
Getting Help
If you encounter issues:
- Check the logs first
- Verify your environment configuration
- Ensure your domain DNS is properly configured
- Check that required ports are open
- Verify SSL certificates are valid
Production Checklist
Before going live, ensure:
- Domain DNS is properly configured
- Environment variables are set correctly
- SSL certificates are installed and valid
- All services are running and healthy
- Database backups are working
- Monitoring is configured
- Firewall is properly configured
- Application is thoroughly tested
- Login credentials are secure
- Rate limiting is working
- Security headers are present
Performance Optimization
Database Optimization
-- Connect to database
docker-compose -f docker-compose.prod.yml exec db psql -U solarbank -d solarbank_iot
-- Create indexes for better performance
CREATE INDEX IF NOT EXISTS idx_telemetry_device_id ON telemetry(device_id);
CREATE INDEX IF NOT EXISTS idx_telemetry_timestamp ON telemetry(timestamp);
CREATE INDEX IF NOT EXISTS idx_logs_device_id ON logs(device_id);
CREATE INDEX IF NOT EXISTS idx_logs_timestamp ON logs(timestamp);
Nginx Optimization
The production nginx configuration includes:
- Gzip compression
- Static file caching
- Rate limiting
- Security headers
Application Monitoring
Consider integrating external monitoring services:
- Uptime Monitoring: Pingdom, UptimeRobot
- Error Tracking: Sentry (configure SENTRY_DSN in .env.prod)
- Performance Monitoring: New Relic, DataDog
- Log Management: ELK Stack, Splunk
Support
For additional support or questions about deployment:
- Check the application logs
- Review this documentation
- Check the GitHub issues
- Contact the development team
Remember: Always test deployments in a staging environment before deploying to production!