Initial commit - Church Music Database

2026-01-27 18:04:50 -06:00
commit d367261867
336 changed files with 103545 additions and 0 deletions
--- a/new-site/DEPLOYMENT_READY.md
+++ b/new-site/DEPLOYMENT_READY.md
@@ -0,0 +1,242 @@
+# DNS and SSL Deployment Summary
+
+## 🎯 What's Ready
+
+All configuration files and scripts have been created for deploying your site with SSL encryption at:
+
+**<https://houseofprayer.ddns.net>**
+
+## 📋 Prerequisites Checklist
+
+Before running the deployment, verify:
+
+- [ ] DNS record `houseofprayer.ddns.net` points to this server's public IP
+- [ ] Router forwards ports 80 and 443 to this server
+- [ ] Firewall allows incoming traffic on ports 80 and 443
+- [ ] Backend and frontend are currently running (ports 8080 and 5100)
+
+## 🚀 Quick Deployment
+
+Run this single command to set everything up:
+
+```bash
+cd /media/pts/Website/Church_HOP_MusicData/new-site
+sudo ./deploy.sh
+```
+
+This automated script will:
+
+1. ✅ Install systemd services (auto-start on boot)
+2. ✅ Obtain SSL certificate from Let's Encrypt
+3. ✅ Configure Nginx as reverse proxy
+4. ✅ Set up automatic SSL renewal
+5. ✅ Start all services
+
+## 📁 Files Created
+
+### Configuration Files
+
+- `nginx-ssl.conf` - Nginx configuration with SSL
+- `church-music-backend.service` - Backend systemd service
+- `church-music-frontend.service` - Frontend systemd service
+
+### Scripts
+
+- `deploy.sh` - Complete deployment automation
+- `setup-ssl.sh` - SSL certificate and Nginx setup only
+
+### Documentation
+
+- `SSL_SETUP_GUIDE.md` - Complete guide with troubleshooting
+- `CREDENTIALS.md` - Login credentials for all users
+
+## 🔧 What Was Updated
+
+### Backend CORS Settings
+
+Updated to accept requests from:
+
+- ✅ `https://houseofprayer.ddns.net`
+- ✅ `http://houseofprayer.ddns.net`
+- ✅ `http://localhost:5100` (development)
+- ✅ `http://localhost:3000` (development)
+
+### Nginx Configuration
+
+- HTTP → HTTPS redirect
+- WebSocket support for Vite HMR
+- Proxy to backend (port 8080)
+- Proxy to frontend (port 5100)
+- Modern SSL/TLS settings (TLS 1.2, 1.3)
+- Security headers (HSTS, X-Frame-Options, etc.)
+- OCSP stapling
+- Gzip compression
+
+## 🔐 SSL Certificate Details
+
+- **Provider**: Let's Encrypt (free)
+- **Validity**: 90 days
+- **Auto-renewal**: Daily check at 3 AM
+- **Protocols**: TLS 1.2, TLS 1.3
+- **Cipher Suites**: Modern, secure ciphers only
+
+## 🌐 Access Points
+
+After deployment:
+
+| Service | Internal | External |
+|---------|----------|----------|
+| Frontend | <http://localhost:5100> | <https://houseofprayer.ddns.net> |
+| Backend API | <http://localhost:8080/api> | <https://houseofprayer.ddns.net/api> |
+| Direct Access | ✅ Works | ⚠️ Use domain instead |
+
+## 📊 Service Management
+
+### View Service Status
+
+```bash
+sudo systemctl status church-music-backend
+sudo systemctl status church-music-frontend
+sudo systemctl status nginx
+```
+
+### Restart Services
+
+```bash
+sudo systemctl restart church-music-backend
+sudo systemctl restart church-music-frontend
+sudo systemctl restart nginx
+```
+
+### View Logs
+
+```bash
+# Backend
+sudo journalctl -u church-music-backend -f
+
+# Frontend
+sudo journalctl -u church-music-frontend -f
+
+# Nginx
+sudo tail -f /var/log/nginx/church-music-*.log
+```
+
+## ✅ Testing Checklist
+
+After deployment, test:
+
+1. **DNS Resolution**
+
+   ```bash
+   nslookup houseofprayer.ddns.net
+   ```
+
+2. **SSL Certificate**
+
+   ```bash
+   curl -I https://houseofprayer.ddns.net
+   ```
+
+3. **HTTP → HTTPS Redirect**
+
+   ```bash
+   curl -I http://houseofprayer.ddns.net
+   # Should return 301 redirect to HTTPS
+   ```
+
+4. **API Endpoint**
+
+   ```bash
+   curl https://houseofprayer.ddns.net/api/stats
+   ```
+
+5. **Login Functionality**
+   - Open: <https://houseofprayer.ddns.net>
+   - Login with: hop / hopmusic2025
+   - Verify all features work
+
+6. **SSL Rating** (optional)
+   - Visit: <https://www.ssllabs.com/ssltest/analyze.html?d=houseofprayer.ddns.net>
+   - Expected: A or A+ rating
+
+## 🛡️ Security Features Enabled
+
+- ✅ HTTPS enforcement (HTTP redirects to HTTPS)
+- ✅ HSTS (HTTP Strict Transport Security)
+- ✅ Secure cipher suites only
+- ✅ X-Frame-Options: DENY (prevents clickjacking)
+- ✅ X-Content-Type-Options: nosniff
+- ✅ X-XSS-Protection enabled
+- ✅ OCSP stapling
+- ✅ Rate limiting (1000 req/15min)
+- ✅ Bcrypt password hashing
+- ✅ JWT token authentication (7-day expiry)
+
+## ⚠️ Important Notes
+
+1. **First-time SSL Setup**: Certificate generation takes 1-2 minutes
+2. **DNS Propagation**: If DNS was just updated, wait up to 24 hours
+3. **Port Forwarding**: Must be configured on your router
+4. **Firewall**: Must allow ports 80 and 443
+5. **Email for SSL**: Update in `setup-ssl.sh` before running
+
+## 🔄 Next Steps
+
+1. **Before Deployment**:
+   - Verify DNS points to this server
+   - Check router port forwarding
+   - Update email in `setup-ssl.sh` (line 12)
+
+2. **Run Deployment**:
+
+   ```bash
+   sudo ./deploy.sh
+   ```
+
+3. **Test Everything**:
+   - Access <https://houseofprayer.ddns.net>
+   - Test all login credentials
+   - Test biometric authentication
+   - Verify mobile responsiveness
+
+4. **Monitor**:
+   - Check logs daily for first week
+   - Verify SSL auto-renewal works (after 60 days)
+
+## 📞 Support Commands
+
+```bash
+# Quick status check
+sudo systemctl status church-music-* nginx
+
+# View all logs
+sudo journalctl -xe
+
+# Restart everything
+cd /media/pts/Website/Church_HOP_MusicData/new-site
+sudo ./deploy.sh
+
+# SSL certificate info
+sudo certbot certificates
+
+# Renew SSL manually
+sudo certbot renew --force-renewal
+```
+
+## 📚 Additional Documentation
+
+- [SSL_SETUP_GUIDE.md](SSL_SETUP_GUIDE.md) - Detailed SSL setup and troubleshooting
+- [CREDENTIALS.md](CREDENTIALS.md) - All user login credentials
+
+---
+
+**Ready to Deploy?**
+
+```bash
+cd /media/pts/Website/Church_HOP_MusicData/new-site
+sudo ./deploy.sh
+```
+
+---
+
+Last Updated: January 25, 2026