partial update create nginx proxy https

DEPLOYMENT.md

@@ -0,0 +1,289 @@
+# CKB Application Deployment Guide
+
+## Overview
+
+This guide explains how to deploy the CKB Laravel application with Docker, SSL certificate, and reverse proxy configuration.
+
+## Prerequisites
+
+-   Ubuntu/Debian server
+-   Docker and Docker Compose installed
+-   Domain pointing to server IP
+-   Nginx installed on main server
+-   Root/sudo access
+
+## Architecture
+
+```
+Internet → Nginx (Port 80/443) → Docker Container (Port 8082) → Laravel App
+```
+
+## File Structure
+
+```
+/var/www/ckb/
+├── docker-compose.prod.yml    # Docker services configuration
+├── Dockerfile                 # Laravel app container
+├── docker/
+│   ├── nginx-proxy.conf       # Internal nginx proxy
+│   ├── php.ini               # PHP configuration
+│   ├── mysql.cnf             # MySQL configuration
+│   └── supervisord.conf      # Process manager
+├── nginx-ckb-reverse-proxy.conf  # Main server nginx config
+├── deploy-ckb.sh             # Deployment script
+├── setup-ssl.sh              # SSL certificate setup script
+└── DEPLOYMENT.md             # This file
+```
+
+## Container Names and Volumes
+
+All containers and volumes are prefixed with `ckb-` to avoid conflicts:
+
+### Containers:
+
+-   `ckb-laravel-app` - Laravel application
+-   `ckb-mariadb` - Database
+-   `ckb-redis` - Cache/Queue
+-   `ckb-nginx-proxy` - Internal nginx proxy
+
+### Volumes:
+
+-   `ckb_mysql_data` - Database data
+-   `ckb_redis_data` - Redis data
+-   `ckb_nginx_logs` - Nginx logs
+-   `ckb_storage_logs` - Laravel logs
+-   `ckb_storage_cache` - Laravel cache
+
+## Step-by-Step Deployment
+
+### Step 1: Prepare the Application
+
+```bash
+cd /var/www/ckb
+
+# Make scripts executable
+chmod +x deploy-ckb.sh
+chmod +x setup-ssl.sh
+```
+
+### Step 2: Deploy Docker Application
+
+```bash
+# Run deployment script
+./deploy-ckb.sh
+```
+
+This script will:
+
+-   Stop existing containers
+-   Build and start new containers
+-   Check if containers are running
+-   Verify port 8082 is accessible
+
+### Step 3: Setup SSL Certificate
+
+```bash
+# Run SSL setup script (requires sudo)
+sudo ./setup-ssl.sh
+```
+
+This script will:
+
+-   Install certbot if not present
+-   Create temporary nginx configuration
+-   Generate Let's Encrypt certificate
+-   Update nginx with SSL configuration
+-   Setup auto-renewal
+
+### Step 4: Manual Verification
+
+```bash
+# Check if containers are running
+docker ps | grep ckb
+
+# Check if port 8082 is accessible
+curl -I http://localhost:8082
+
+# Check SSL certificate
+sudo certbot certificates
+
+# Test HTTPS access
+curl -I https://bengkel.digitaloasis.xyz
+```
+
+## Configuration Files
+
+### docker-compose.prod.yml
+
+-   Updated container names with `ckb-` prefix
+-   Removed certbot service (handled by main server)
+-   Updated APP_URL to use HTTPS
+-   Specific volume names to avoid conflicts
+
+### nginx-proxy.conf
+
+-   Simplified configuration (no SSL handling)
+-   Proxy to `ckb-app` container
+-   Rate limiting and security headers
+-   Static file caching
+
+### nginx-ckb-reverse-proxy.conf
+
+-   Main server nginx configuration
+-   SSL termination
+-   Reverse proxy to port 8082
+-   Security headers and SSL settings
+
+## Environment Variables
+
+Create `.env` file in `/var/www/ckb/`:
+
+```env
+APP_ENV=production
+APP_DEBUG=false
+APP_URL=https://bengkel.digitaloasis.xyz
+DB_DATABASE=ckb_production
+DB_USERNAME=laravel
+DB_PASSWORD=your_password
+DB_ROOT_PASSWORD=your_root_password
+REDIS_PASSWORD=your_redis_password
+```
+
+## Monitoring and Maintenance
+
+### View Logs
+
+```bash
+# Docker logs
+docker-compose -f docker-compose.prod.yml logs -f
+
+# Nginx logs (main server)
+sudo tail -f /var/log/nginx/access.log
+sudo tail -f /var/log/nginx/error.log
+
+# Laravel logs
+docker exec ckb-laravel-app tail -f /var/www/html/storage/logs/laravel.log
+```
+
+### SSL Certificate Renewal
+
+```bash
+# Manual renewal
+sudo certbot renew
+
+# Check renewal status
+sudo certbot certificates
+```
+
+### Container Management
+
+```bash
+# Restart all services
+docker-compose -f docker-compose.prod.yml restart
+
+# Update application
+git pull
+docker-compose -f docker-compose.prod.yml up -d --build
+
+# Stop all services
+docker-compose -f docker-compose.prod.yml down
+
+# Remove all data (WARNING: This will delete all data)
+docker-compose -f docker-compose.prod.yml down -v
+```
+
+## Troubleshooting
+
+### Port 8082 Not Accessible
+
+```bash
+# Check if container is running
+docker ps | grep ckb-nginx-proxy
+
+# Check container logs
+docker-compose -f docker-compose.prod.yml logs ckb-nginx-proxy
+
+# Check if port is bound
+netstat -tlnp | grep 8082
+```
+
+### SSL Certificate Issues
+
+```bash
+# Check certificate status
+sudo certbot certificates
+
+# Test certificate
+sudo certbot renew --dry-run
+
+# Check nginx configuration
+sudo nginx -t
+```
+
+### Database Connection Issues
+
+```bash
+# Check database container
+docker exec ckb-mariadb mysql -u root -p -e "SHOW DATABASES;"
+
+# Check Laravel database connection
+docker exec ckb-laravel-app php artisan tinker
+```
+
+### Permission Issues
+
+```bash
+# Fix Laravel permissions
+docker exec ckb-laravel-app chown -R www-data:www-data /var/www/html
+docker exec ckb-laravel-app chmod -R 775 /var/www/html/storage
+docker exec ckb-laravel-app chmod -R 775 /var/www/html/bootstrap/cache
+```
+
+## Security Considerations
+
+1. **Firewall**: Ensure only necessary ports are open
+2. **SSL**: Certificate auto-renewal is configured
+3. **Rate Limiting**: Configured for login and API endpoints
+4. **Security Headers**: HSTS, XSS protection, etc.
+5. **File Permissions**: Proper Laravel file permissions
+6. **Database**: Strong passwords and limited access
+
+## Backup Strategy
+
+### Database Backup
+
+```bash
+# Create backup
+docker exec ckb-mariadb mysqldump -u root -p ckb_production > backup.sql
+
+# Restore backup
+docker exec -i ckb-mariadb mysql -u root -p ckb_production < backup.sql
+```
+
+### Application Backup
+
+```bash
+# Backup application files
+tar -czf ckb-backup-$(date +%Y%m%d).tar.gz /var/www/ckb/
+
+# Backup volumes
+docker run --rm -v ckb_mysql_data:/data -v $(pwd):/backup alpine tar czf /backup/mysql-backup.tar.gz -C /data .
+```
+
+## Performance Optimization
+
+1. **Nginx**: Gzip compression enabled
+2. **Laravel**: Production optimizations
+3. **Database**: Proper indexing
+4. **Redis**: Caching and session storage
+5. **Static Files**: Long-term caching headers
+
+## Support
+
+For issues or questions:
+
+1. Check logs first
+2. Verify configuration files
+3. Test connectivity step by step
+4. Check system resources
+5. Review security settings