From eedc463207266fe555428c9df3f00eebc1509ad7 Mon Sep 17 00:00:00 2001 From: Samir Boulahtit Date: Sun, 15 Feb 2026 16:57:28 +0100 Subject: [PATCH] docs(deployment): mark Steps 17-18 and platform domains as completed All three platforms live with auto-SSL (wizard.lu, omsflow.lu, rewardflow.lu). Monitoring stack deployed with Grafana dashboards. Hetzner backups active. Co-Authored-By: Claude Opus 4.6 --- docs/deployment/hetzner-server-setup.md | 75 +++++++++++++------------ 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/docs/deployment/hetzner-server-setup.md b/docs/deployment/hetzner-server-setup.md index fef4a6e2..3f3a4389 100644 --- a/docs/deployment/hetzner-server-setup.md +++ b/docs/deployment/hetzner-server-setup.md @@ -54,8 +54,8 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS. **Deferred (not urgent, do when all platforms ready):** - - [ ] DNS A + AAAA records for platform domains (`omsflow.lu`, `rewardflow.lu`) - - [ ] Uncomment platform domains in Caddyfile after DNS propagation + - [x] ~~DNS A + AAAA records for platform domains (`omsflow.lu`, `rewardflow.lu`)~~ + - [x] ~~Uncomment platform domains in Caddyfile after DNS propagation~~ !!! success "Progress — 2026-02-14" **Completed:** @@ -72,20 +72,23 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS. - **Step 17: Backups** — automated pg_dump scripts (daily + weekly rotation), R2 offsite upload, restore helper - **Step 18: Monitoring** — Prometheus, Grafana, node-exporter, cAdvisor added to docker-compose; `/metrics` endpoint activated via `prometheus_client` - **Tomorrow — server-side setup (Steps 17-18):** +!!! success "Progress — 2026-02-15" + **Completed:** - - [ ] Enable Hetzner server backups (Cloud Console > Server > Backups) - - [ ] Create Cloudflare account + R2 bucket `orion-backups` ([17.2](#172-cloudflare-r2-setup-offsite-backup-storage)) - - [ ] Install `awscli` on server, `aws configure --profile r2` with R2 credentials - - [ ] Create backup dirs: `mkdir -p ~/backups/{orion,gitea}/{daily,weekly}` - - [ ] Create + enable systemd timer for daily backups ([17.4](#174-systemd-timer-daily-at-0300)) - - [ ] Test backup: `bash ~/apps/orion/scripts/backup.sh` - - [ ] Add `grafana` A + AAAA DNS records for `wizard.lu` - - [ ] Add `grafana.wizard.lu` block to Caddyfile, reload Caddy ([18.2](#182-caddy-configuration)) - - [ ] Set `ENABLE_METRICS=true` + Grafana creds in production `.env` ([18.3](#183-production-environment)) - - [ ] Redeploy: `docker compose --profile full up -d --build` - - [ ] Login to Grafana, change password, import dashboards #1860 + #193 ([18.5](#185-grafana-first-login)) - - [ ] Verify: `docker stats --no-stream` — check RAM fits in 4 GB, else rescale to CAX21 + - **Step 17 server-side**: Hetzner backups enabled (5 of 7 daily images, last 6.22 GB) + - **Step 18 server-side**: Full monitoring stack deployed — Prometheus (4/4 targets up), Grafana at `https://grafana.wizard.lu` with Node Exporter Full (#1860) and Docker/cAdvisor (#193) dashboards + - **Domain rename**: `oms.lu` → `omsflow.lu`, `loyalty.lu` → `rewardflow.lu` across entire codebase (19 + 13 files) + - **Platform domains live**: all three platforms serving HTTPS via Caddy with auto-SSL + - `https://wizard.lu` (main) + - `https://omsflow.lu` (OMS) + - `https://rewardflow.lu` (Loyalty+) + - Platform `domain` column updated in production DB + - RAM usage ~2.4 GB on 4 GB server (stable, CI jobs add ~550 MB temporarily) + + **Remaining:** + + - [ ] Cloudflare R2 offsite backup setup (create account + bucket, configure `awscli`, add `--upload` to systemd timer) + - [ ] Systemd backup timer (`orion-backup.timer`) — daily at 03:00 ## Installed Software Versions @@ -438,7 +441,7 @@ Before setting up Caddy, point your domain's DNS to the server. | A | `git` | `91.99.65.229` | 300 | | A | `flower` | `91.99.65.229` | 300 | -### omsflow.lu (OMS Platform) — TODO +### omsflow.lu (OMS Platform) — Completed | Type | Name | Value | TTL | |---|---|---|---| @@ -447,7 +450,7 @@ Before setting up Caddy, point your domain's DNS to the server. | AAAA | `@` | `2a01:4f8:1c1a:b39c::1` | 300 | | AAAA | `www` | `2a01:4f8:1c1a:b39c::1` | 300 | -### rewardflow.lu (Loyalty+ Platform) — TODO +### rewardflow.lu (Loyalty+ Platform) — Completed | Type | Name | Value | TTL | |---|---|---|---| @@ -507,24 +510,22 @@ www.wizard.lu { } # ─── Platform 2: OMS (omsflow.lu) ─────────────────────────────── -# Uncomment after DNS is configured for omsflow.lu -# omsflow.lu { -# reverse_proxy localhost:8001 -# } -# -# www.omsflow.lu { -# redir https://omsflow.lu{uri} permanent -# } +omsflow.lu { + reverse_proxy localhost:8001 +} + +www.omsflow.lu { + redir https://omsflow.lu{uri} permanent +} # ─── Platform 3: Loyalty+ (rewardflow.lu) ────────────────── -# Uncomment after DNS is configured for rewardflow.lu -# rewardflow.lu { -# reverse_proxy localhost:8001 -# } -# -# www.rewardflow.lu { -# redir https://rewardflow.lu{uri} permanent -# } +rewardflow.lu { + reverse_proxy localhost:8001 +} + +www.rewardflow.lu { + redir https://rewardflow.lu{uri} permanent +} # ─── Services ─────────────────────────────────────────────── api.wizard.lu { @@ -1103,8 +1104,8 @@ docker stats --no-stream |---|---|---|---| | Orion API | 8000 | 8001 | `api.wizard.lu` | | Main Platform | 8000 | 8001 | `wizard.lu` | -| OMS Platform | 8000 | 8001 | `omsflow.lu` (TODO) | -| Loyalty+ Platform | 8000 | 8001 | `rewardflow.lu` (TODO) | +| OMS Platform | 8000 | 8001 | `omsflow.lu` | +| Loyalty+ Platform | 8000 | 8001 | `rewardflow.lu` | | PostgreSQL | 5432 | 5432 | (internal only) | | Redis | 6379 | 6380 | (internal only) | | Flower | 5555 | 5555 | `flower.wizard.lu` | @@ -1254,8 +1255,8 @@ After Caddy is configured: | Gitea | `https://git.wizard.lu` | | Flower | `https://flower.wizard.lu` | | Grafana | `https://grafana.wizard.lu` | -| OMS Platform | `https://omsflow.lu` (after DNS) | -| Loyalty+ Platform | `https://rewardflow.lu` (after DNS) | +| OMS Platform | `https://omsflow.lu` | +| Loyalty+ Platform | `https://rewardflow.lu` | Direct IP access (temporary, until firewall rules are removed):