PTS/Church-Music
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Church-Music/new-site/DEPLOYMENT_READY.md

243 lines
5.5 KiB
Markdown
Raw Permalink Blame History

# DNS and SSL Deployment Summary
## 🎯 What's Ready
All configuration files and scripts have been created for deploying your site with SSL encryption at:
**<https://houseofprayer.ddns.net>**
## 📋 Prerequisites Checklist
Before running the deployment, verify:
- [ ] DNS record `houseofprayer.ddns.net` points to this server's public IP
- [ ] Router forwards ports 80 and 443 to this server
- [ ] Firewall allows incoming traffic on ports 80 and 443
- [ ] Backend and frontend are currently running (ports 8080 and 5100)
## 🚀 Quick Deployment
Run this single command to set everything up:
```bash
cd /media/pts/Website/Church_HOP_MusicData/new-site
sudo ./deploy.sh
```
This automated script will:
1. ✅ Install systemd services (auto-start on boot)
2. ✅ Obtain SSL certificate from Let's Encrypt
3. ✅ Configure Nginx as reverse proxy
4. ✅ Set up automatic SSL renewal
5. ✅ Start all services
## 📁 Files Created
### Configuration Files
- `nginx-ssl.conf` - Nginx configuration with SSL
- `church-music-backend.service` - Backend systemd service
- `church-music-frontend.service` - Frontend systemd service
### Scripts
- `deploy.sh` - Complete deployment automation
- `setup-ssl.sh` - SSL certificate and Nginx setup only
### Documentation
- `SSL_SETUP_GUIDE.md` - Complete guide with troubleshooting
- `CREDENTIALS.md` - Login credentials for all users
## 🔧 What Was Updated
### Backend CORS Settings
Updated to accept requests from:
-`https://houseofprayer.ddns.net`
-`http://houseofprayer.ddns.net`
-`http://localhost:5100` (development)
-`http://localhost:3000` (development)
### Nginx Configuration
- HTTP → HTTPS redirect
- WebSocket support for Vite HMR
- Proxy to backend (port 8080)
- Proxy to frontend (port 5100)
- Modern SSL/TLS settings (TLS 1.2, 1.3)
- Security headers (HSTS, X-Frame-Options, etc.)
- OCSP stapling
- Gzip compression
## 🔐 SSL Certificate Details
- **Provider**: Let's Encrypt (free)
- **Validity**: 90 days
- **Auto-renewal**: Daily check at 3 AM
- **Protocols**: TLS 1.2, TLS 1.3
- **Cipher Suites**: Modern, secure ciphers only
## 🌐 Access Points
After deployment:
| Service | Internal | External |
|---------|----------|----------|
| Frontend | <http://localhost:5100> | <https://houseofprayer.ddns.net> |
| Backend API | <http://localhost:8080/api> | <https://houseofprayer.ddns.net/api> |
| Direct Access | ✅ Works | ⚠️ Use domain instead |
## 📊 Service Management
### View Service Status
```bash
sudo systemctl status church-music-backend
sudo systemctl status church-music-frontend
sudo systemctl status nginx
```
### Restart Services
```bash
sudo systemctl restart church-music-backend
sudo systemctl restart church-music-frontend
sudo systemctl restart nginx
```
### View Logs
```bash
# Backend
sudo journalctl -u church-music-backend -f
# Frontend
sudo journalctl -u church-music-frontend -f
# Nginx
sudo tail -f /var/log/nginx/church-music-*.log
```
## ✅ Testing Checklist
After deployment, test:
1. **DNS Resolution**
```bash
nslookup houseofprayer.ddns.net
```
2. **SSL Certificate**
```bash
curl -I https://houseofprayer.ddns.net
```
3. **HTTP → HTTPS Redirect**
```bash
curl -I http://houseofprayer.ddns.net
# Should return 301 redirect to HTTPS
```
4. **API Endpoint**
```bash
curl https://houseofprayer.ddns.net/api/stats
```
5. **Login Functionality**
- Open: <https://houseofprayer.ddns.net>
- Login with: hop / hopmusic2025
- Verify all features work
6. **SSL Rating** (optional)
- Visit: <https://www.ssllabs.com/ssltest/analyze.html?d=houseofprayer.ddns.net>
- Expected: A or A+ rating
## 🛡️ Security Features Enabled
- ✅ HTTPS enforcement (HTTP redirects to HTTPS)
- ✅ HSTS (HTTP Strict Transport Security)
- ✅ Secure cipher suites only
- ✅ X-Frame-Options: DENY (prevents clickjacking)
- ✅ X-Content-Type-Options: nosniff
- ✅ X-XSS-Protection enabled
- ✅ OCSP stapling
- ✅ Rate limiting (1000 req/15min)
- ✅ Bcrypt password hashing
- ✅ JWT token authentication (7-day expiry)
## ⚠️ Important Notes
1. **First-time SSL Setup**: Certificate generation takes 1-2 minutes
2. **DNS Propagation**: If DNS was just updated, wait up to 24 hours
3. **Port Forwarding**: Must be configured on your router
4. **Firewall**: Must allow ports 80 and 443
5. **Email for SSL**: Update in `setup-ssl.sh` before running
## 🔄 Next Steps
1. **Before Deployment**:
- Verify DNS points to this server
- Check router port forwarding
- Update email in `setup-ssl.sh` (line 12)
2. **Run Deployment**:
```bash
sudo ./deploy.sh
```
3. **Test Everything**:
- Access <https://houseofprayer.ddns.net>
- Test all login credentials
- Test biometric authentication
- Verify mobile responsiveness
4. **Monitor**:
- Check logs daily for first week
- Verify SSL auto-renewal works (after 60 days)
## 📞 Support Commands
```bash
# Quick status check
sudo systemctl status church-music-* nginx
# View all logs
sudo journalctl -xe
# Restart everything
cd /media/pts/Website/Church_HOP_MusicData/new-site
sudo ./deploy.sh
# SSL certificate info
sudo certbot certificates
# Renew SSL manually
sudo certbot renew --force-renewal
```
## 📚 Additional Documentation
- [SSL_SETUP_GUIDE.md](SSL_SETUP_GUIDE.md) - Detailed SSL setup and troubleshooting
- [CREDENTIALS.md](CREDENTIALS.md) - All user login credentials
---
**Ready to Deploy?**
```bash
cd /media/pts/Website/Church_HOP_MusicData/new-site
sudo ./deploy.sh
```
---
Last Updated: January 25, 2026
Reference in New Issue View Git Blame Copy Permalink