docs(deployment): mark Steps 17-18 and platform domains as completed

All three platforms live with auto-SSL (wizard.lu, omsflow.lu, rewardflow.lu). Monitoring stack deployed with Grafana dashboards. Hetzner backups active. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 16:57:28 +01:00
parent 677e5211f9
commit eedc463207
1 changed files with 38 additions and 37 deletions
--- a/docs/deployment/hetzner-server-setup.md
+++ b/docs/deployment/hetzner-server-setup.md
@@ -54,8 +54,8 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS.

    **Deferred (not urgent, do when all platforms ready):**

-    - [ ] DNS A + AAAA records for platform domains (`omsflow.lu`, `rewardflow.lu`)
-    - [ ] Uncomment platform domains in Caddyfile after DNS propagation
+    - [x] ~~DNS A + AAAA records for platform domains (`omsflow.lu`, `rewardflow.lu`)~~
+    - [x] ~~Uncomment platform domains in Caddyfile after DNS propagation~~

 !!! success "Progress — 2026-02-14"
    **Completed:**
@@ -72,20 +72,23 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS.
    - **Step 17: Backups** — automated pg_dump scripts (daily + weekly rotation), R2 offsite upload, restore helper
    - **Step 18: Monitoring** — Prometheus, Grafana, node-exporter, cAdvisor added to docker-compose; `/metrics` endpoint activated via `prometheus_client`

-    **Tomorrow — server-side setup (Steps 17-18):**
+!!! success "Progress — 2026-02-15"
+    **Completed:**

-    - [ ] Enable Hetzner server backups (Cloud Console > Server > Backups)
-    - [ ] Create Cloudflare account + R2 bucket `orion-backups` ([17.2](#172-cloudflare-r2-setup-offsite-backup-storage))
-    - [ ] Install `awscli` on server, `aws configure --profile r2` with R2 credentials
-    - [ ] Create backup dirs: `mkdir -p ~/backups/{orion,gitea}/{daily,weekly}`
-    - [ ] Create + enable systemd timer for daily backups ([17.4](#174-systemd-timer-daily-at-0300))
-    - [ ] Test backup: `bash ~/apps/orion/scripts/backup.sh`
-    - [ ] Add `grafana` A + AAAA DNS records for `wizard.lu`
-    - [ ] Add `grafana.wizard.lu` block to Caddyfile, reload Caddy ([18.2](#182-caddy-configuration))
-    - [ ] Set `ENABLE_METRICS=true` + Grafana creds in production `.env` ([18.3](#183-production-environment))
-    - [ ] Redeploy: `docker compose --profile full up -d --build`
-    - [ ] Login to Grafana, change password, import dashboards #1860 + #193 ([18.5](#185-grafana-first-login))
-    - [ ] Verify: `docker stats --no-stream` — check RAM fits in 4 GB, else rescale to CAX21
+    - **Step 17 server-side**: Hetzner backups enabled (5 of 7 daily images, last 6.22 GB)
+    - **Step 18 server-side**: Full monitoring stack deployed — Prometheus (4/4 targets up), Grafana at `https://grafana.wizard.lu` with Node Exporter Full (#1860) and Docker/cAdvisor (#193) dashboards
+    - **Domain rename**: `oms.lu` → `omsflow.lu`, `loyalty.lu` → `rewardflow.lu` across entire codebase (19 + 13 files)
+    - **Platform domains live**: all three platforms serving HTTPS via Caddy with auto-SSL
+        - `https://wizard.lu` (main)
+        - `https://omsflow.lu` (OMS)
+        - `https://rewardflow.lu` (Loyalty+)
+    - Platform `domain` column updated in production DB
+    - RAM usage ~2.4 GB on 4 GB server (stable, CI jobs add ~550 MB temporarily)
+
+    **Remaining:**
+
+    - [ ] Cloudflare R2 offsite backup setup (create account + bucket, configure `awscli`, add `--upload` to systemd timer)
+    - [ ] Systemd backup timer (`orion-backup.timer`) — daily at 03:00


 ## Installed Software Versions
@@ -438,7 +441,7 @@ Before setting up Caddy, point your domain's DNS to the server.
 | A | `git` | `91.99.65.229` | 300 |
 | A | `flower` | `91.99.65.229` | 300 |

-### omsflow.lu (OMS Platform) — TODO
+### omsflow.lu (OMS Platform) — Completed

 | Type | Name | Value | TTL |
 |---|---|---|---|
@@ -447,7 +450,7 @@ Before setting up Caddy, point your domain's DNS to the server.
 | AAAA | `@` | `2a01:4f8:1c1a:b39c::1` | 300 |
 | AAAA | `www` | `2a01:4f8:1c1a:b39c::1` | 300 |

-### rewardflow.lu (Loyalty+ Platform) — TODO
+### rewardflow.lu (Loyalty+ Platform) — Completed

 | Type | Name | Value | TTL |
 |---|---|---|---|
@@ -507,24 +510,22 @@ www.wizard.lu {
 }

 # ─── Platform 2: OMS (omsflow.lu) ───────────────────────────────
-# Uncomment after DNS is configured for omsflow.lu
-# omsflow.lu {
-#     reverse_proxy localhost:8001
-# }
-#
-# www.omsflow.lu {
-#     redir https://omsflow.lu{uri} permanent
-# }
+omsflow.lu {
+    reverse_proxy localhost:8001
+}
+
+www.omsflow.lu {
+    redir https://omsflow.lu{uri} permanent
+}

 # ─── Platform 3: Loyalty+ (rewardflow.lu) ──────────────────
-# Uncomment after DNS is configured for rewardflow.lu
-# rewardflow.lu {
-#     reverse_proxy localhost:8001
-# }
-#
-# www.rewardflow.lu {
-#     redir https://rewardflow.lu{uri} permanent
-# }
+rewardflow.lu {
+    reverse_proxy localhost:8001
+}
+
+www.rewardflow.lu {
+    redir https://rewardflow.lu{uri} permanent
+}

 # ─── Services ───────────────────────────────────────────────
 api.wizard.lu {
@@ -1103,8 +1104,8 @@ docker stats --no-stream
 |---|---|---|---|
 | Orion API | 8000 | 8001 | `api.wizard.lu` |
 | Main Platform | 8000 | 8001 | `wizard.lu` |
-| OMS Platform | 8000 | 8001 | `omsflow.lu` (TODO) |
-| Loyalty+ Platform | 8000 | 8001 | `rewardflow.lu` (TODO) |
+| OMS Platform | 8000 | 8001 | `omsflow.lu` |
+| Loyalty+ Platform | 8000 | 8001 | `rewardflow.lu` |
 | PostgreSQL | 5432 | 5432 | (internal only) |
 | Redis | 6379 | 6380 | (internal only) |
 | Flower | 5555 | 5555 | `flower.wizard.lu` |
@@ -1254,8 +1255,8 @@ After Caddy is configured:
 | Gitea | `https://git.wizard.lu` |
 | Flower | `https://flower.wizard.lu` |
 | Grafana | `https://grafana.wizard.lu` |
-| OMS Platform | `https://omsflow.lu` (after DNS) |
-| Loyalty+ Platform | `https://rewardflow.lu` (after DNS) |
+| OMS Platform | `https://omsflow.lu` |
+| Loyalty+ Platform | `https://rewardflow.lu` |

 Direct IP access (temporary, until firewall rules are removed):