sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(deployment): mark Steps 17-18 and platform domains as completed
All checks were successful
CI / ruff (push) Successful in 12s
Details
CI / pytest (push) Successful in 37m39s
Details
CI / validate (push) Successful in 23s
Details
CI / dependency-scanning (push) Successful in 32s
Details
CI / docs (push) Successful in 42s
Details
CI / deploy (push) Successful in 51s
Details

Browse Source 
All three platforms live with auto-SSL (wizard.lu, omsflow.lu, rewardflow.lu).
Monitoring stack deployed with Grafana dashboards. Hetzner backups active.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-15 16:57:28 +01:00
parent 677e5211f9
commit eedc463207
1 changed files with 38 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
docs/deployment/hetzner-server-setup.md
View File

@@ -54,8 +54,8 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS.
**Deferred (not urgent, do when all platforms ready):** **Deferred (not urgent, do when all platforms ready):**
- [ ] DNS A + AAAA records for platform domains (`omsflow.lu`, `rewardflow.lu`) - [x] ~~DNS A + AAAA records for platform domains (`omsflow.lu`, `rewardflow.lu`)~~
- [ ] Uncomment platform domains in Caddyfile after DNS propagation - [x] ~~Uncomment platform domains in Caddyfile after DNS propagation~~
!!! success "Progress — 2026-02-14" !!! success "Progress — 2026-02-14"
**Completed:** **Completed:**
@@ -72,20 +72,23 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS.
- **Step 17: Backups** — automated pg_dump scripts (daily + weekly rotation), R2 offsite upload, restore helper - **Step 17: Backups** — automated pg_dump scripts (daily + weekly rotation), R2 offsite upload, restore helper
- **Step 18: Monitoring** — Prometheus, Grafana, node-exporter, cAdvisor added to docker-compose; `/metrics` endpoint activated via `prometheus_client` - **Step 18: Monitoring** — Prometheus, Grafana, node-exporter, cAdvisor added to docker-compose; `/metrics` endpoint activated via `prometheus_client`
**Tomorrow — server-side setup (Steps 17-18):** !!! success "Progress — 2026-02-15"
**Completed:**
- [ ] Enable Hetzner server backups (Cloud Console > Server > Backups) - **Step 17 server-side**: Hetzner backups enabled (5 of 7 daily images, last 6.22 GB)
- [ ] Create Cloudflare account + R2 bucket `orion-backups` ([17.2](#172-cloudflare-r2-setup-offsite-backup-storage)) - **Step 18 server-side**: Full monitoring stack deployed — Prometheus (4/4 targets up), Grafana at `https://grafana.wizard.lu` with Node Exporter Full (#1860) and Docker/cAdvisor (#193) dashboards
- [ ] Install `awscli` on server, `aws configure --profile r2` with R2 credentials - **Domain rename**: `oms.lu``omsflow.lu`, `loyalty.lu``rewardflow.lu` across entire codebase (19 + 13 files)
- [ ] Create backup dirs: `mkdir -p ~/backups/{orion,gitea}/{daily,weekly}` - **Platform domains live**: all three platforms serving HTTPS via Caddy with auto-SSL
- [ ] Create + enable systemd timer for daily backups ([17.4](#174-systemd-timer-daily-at-0300)) - `https://wizard.lu` (main)
- [ ] Test backup: `bash ~/apps/orion/scripts/backup.sh` - `https://omsflow.lu` (OMS)
- [ ] Add `grafana` A + AAAA DNS records for `wizard.lu` - `https://rewardflow.lu` (Loyalty+)
- [ ] Add `grafana.wizard.lu` block to Caddyfile, reload Caddy ([18.2](#182-caddy-configuration)) - Platform `domain` column updated in production DB
- [ ] Set `ENABLE_METRICS=true` + Grafana creds in production `.env` ([18.3](#183-production-environment)) - RAM usage ~2.4 GB on 4 GB server (stable, CI jobs add ~550 MB temporarily)
- [ ] Redeploy: `docker compose --profile full up -d --build`
- [ ] Login to Grafana, change password, import dashboards #1860 + #193 ([18.5](#185-grafana-first-login)) **Remaining:**
- [ ] Verify: `docker stats --no-stream` — check RAM fits in 4 GB, else rescale to CAX21
- [ ] Cloudflare R2 offsite backup setup (create account + bucket, configure `awscli`, add `--upload` to systemd timer)
- [ ] Systemd backup timer (`orion-backup.timer`) — daily at 03:00
## Installed Software Versions ## Installed Software Versions
@@ -438,7 +441,7 @@ Before setting up Caddy, point your domain's DNS to the server.
| A | `git` | `91.99.65.229` | 300 | | A | `git` | `91.99.65.229` | 300 |
| A | `flower` | `91.99.65.229` | 300 | | A | `flower` | `91.99.65.229` | 300 |
### omsflow.lu (OMS Platform) — TODO ### omsflow.lu (OMS Platform) — Completed
| Type | Name | Value | TTL | | Type | Name | Value | TTL |
|---|---|---|---| |---|---|---|---|
@@ -447,7 +450,7 @@ Before setting up Caddy, point your domain's DNS to the server.
| AAAA | `@` | `2a01:4f8:1c1a:b39c::1` | 300 | | AAAA | `@` | `2a01:4f8:1c1a:b39c::1` | 300 |
| AAAA | `www` | `2a01:4f8:1c1a:b39c::1` | 300 | | AAAA | `www` | `2a01:4f8:1c1a:b39c::1` | 300 |
### rewardflow.lu (Loyalty+ Platform) — TODO ### rewardflow.lu (Loyalty+ Platform) — Completed
| Type | Name | Value | TTL | | Type | Name | Value | TTL |
|---|---|---|---| |---|---|---|---|
@@ -507,24 +510,22 @@ www.wizard.lu {
} }
# ─── Platform 2: OMS (omsflow.lu) ─────────────────────────────── # ─── Platform 2: OMS (omsflow.lu) ───────────────────────────────
# Uncomment after DNS is configured for omsflow.lu omsflow.lu {
# omsflow.lu { reverse_proxy localhost:8001
# reverse_proxy localhost:8001 }
# }
# www.omsflow.lu {
# www.omsflow.lu { redir https://omsflow.lu{uri} permanent
# redir https://omsflow.lu{uri} permanent }
# }
# ─── Platform 3: Loyalty+ (rewardflow.lu) ────────────────── # ─── Platform 3: Loyalty+ (rewardflow.lu) ──────────────────
# Uncomment after DNS is configured for rewardflow.lu rewardflow.lu {
# rewardflow.lu { reverse_proxy localhost:8001
# reverse_proxy localhost:8001 }
# }
# www.rewardflow.lu {
# www.rewardflow.lu { redir https://rewardflow.lu{uri} permanent
# redir https://rewardflow.lu{uri} permanent }
# }
# ─── Services ─────────────────────────────────────────────── # ─── Services ───────────────────────────────────────────────
api.wizard.lu { api.wizard.lu {
@@ -1103,8 +1104,8 @@ docker stats --no-stream
|---|---|---|---| |---|---|---|---|
| Orion API | 8000 | 8001 | `api.wizard.lu` | | Orion API | 8000 | 8001 | `api.wizard.lu` |
| Main Platform | 8000 | 8001 | `wizard.lu` | | Main Platform | 8000 | 8001 | `wizard.lu` |
| OMS Platform | 8000 | 8001 | `omsflow.lu` (TODO) | | OMS Platform | 8000 | 8001 | `omsflow.lu` |
| Loyalty+ Platform | 8000 | 8001 | `rewardflow.lu` (TODO) | | Loyalty+ Platform | 8000 | 8001 | `rewardflow.lu` |
| PostgreSQL | 5432 | 5432 | (internal only) | | PostgreSQL | 5432 | 5432 | (internal only) |
| Redis | 6379 | 6380 | (internal only) | | Redis | 6379 | 6380 | (internal only) |
| Flower | 5555 | 5555 | `flower.wizard.lu` | | Flower | 5555 | 5555 | `flower.wizard.lu` |
@@ -1254,8 +1255,8 @@ After Caddy is configured:
| Gitea | `https://git.wizard.lu` | | Gitea | `https://git.wizard.lu` |
| Flower | `https://flower.wizard.lu` | | Flower | `https://flower.wizard.lu` |
| Grafana | `https://grafana.wizard.lu` | | Grafana | `https://grafana.wizard.lu` |
| OMS Platform | `https://omsflow.lu` (after DNS) | | OMS Platform | `https://omsflow.lu` |
| Loyalty+ Platform | `https://rewardflow.lu` (after DNS) | | Loyalty+ Platform | `https://rewardflow.lu` |
Direct IP access (temporary, until firewall rules are removed): Direct IP access (temporary, until firewall rules are removed):