sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update progress — server fully ready (44/44 checks pass)
All checks were successful
CI / ruff (push) Successful in 11s
Details
CI / pytest (push) Successful in 36m0s
Details
CI / validate (push) Successful in 23s
Details
CI / dependency-scanning (push) Successful in 31s
Details
CI / docs (push) Successful in 39s
Details
CI / deploy (push) Successful in 48s
Details

Browse Source 
- Mark all server-side tasks as complete (fail2ban, Flower password,
  unattended-upgrades, verification script)
- Correct memory limits: celery-beat and flower bumped to 256m after OOM
- Update scaling guide memory budget to match actual limits

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-17 11:04:43 +01:00
parent 44568893fd
commit 67260e9322
2 changed files with 14 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/deployment/hetzner-server-setup.md
View File

@@ -132,21 +132,19 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS.
**Steps 124 fully deployed and operational.**
!!! success "Progress — 2026-02-16 (continued)"
**Launch readiness — code changes:**
!!! success "Progress — 2026-02-17"
**Launch readiness — fully deployed and verified (44/44 checks pass):**
- **Memory limits** added to all 6 app containers in `docker-compose.yml` (db: 512m, redis: 128m, api: 512m, celery-worker: 512m, celery-beat: 128m, flower: 128m)
- **Memory limits** on all 6 app containers (db: 512m, redis: 128m, api: 512m, celery-worker: 512m, celery-beat: 256m, flower: 256m) — beat/flower bumped from 128m after OOM kills
- **Flower port** restricted to localhost only (`127.0.0.1:5555:5555`) — access via Caddy reverse proxy
- **Flower password** changed from default
- **Infrastructure health checks** — `/health/ready` now checks PostgreSQL (`SELECT 1`) and Redis (`ping`) with individual check details and latency
- **Scaling guide** — practical playbook at `docs/deployment/scaling-guide.md` (metrics, thresholds, Hetzner pricing, timeline)
- **Server verification script** — `scripts/verify-server.sh` checks all 12 infrastructure components
- **fail2ban Caddy auth jail** deployed — bans IPs after 10 failed auth attempts
- **Unattended upgrades** verified active
- **Scaling guide** — practical playbook at `docs/deployment/scaling-guide.md`
- **Server verification script** — `scripts/verify-server.sh` (44/44 PASS, 0 FAIL, 0 WARN)
**Pending server-side tasks:**
- [ ] Deploy fail2ban Caddy auth jail (documented in Step 20, config ready but not yet applied)
- [ ] Change Flower password from default (`FLOWER_PASSWORD` in `.env`)
- [ ] Verify unattended-upgrades is active (`sudo unattended-upgrades --dry-run`)
- [ ] Run `scripts/verify-server.sh` on server to validate all infrastructure
**Server is launch-ready for first client (24 stores).**
## Installed Software Versions