# CKB Application Deployment Guide ## Overview This guide explains how to deploy the CKB Laravel application with Docker, SSL certificate, and reverse proxy configuration. ## Prerequisites - Ubuntu/Debian server - Docker and Docker Compose installed - Domain pointing to server IP - Nginx installed on main server - Root/sudo access ## Architecture ``` Internet → Nginx (Port 80/443) → Docker Container (Port 8082) → Laravel App ``` ## File Structure ``` /var/www/ckb/ ├── docker-compose.prod.yml # Docker services configuration ├── Dockerfile # Laravel app container ├── docker/ │ ├── nginx-proxy.conf # Internal nginx proxy │ ├── php.ini # PHP configuration │ ├── mysql.cnf # MySQL configuration │ └── supervisord.conf # Process manager ├── nginx-ckb-reverse-proxy.conf # Main server nginx config ├── deploy-ckb.sh # Deployment script ├── setup-ssl.sh # SSL certificate setup script └── DEPLOYMENT.md # This file ``` ## Container Names and Volumes All containers and volumes are prefixed with `ckb-` to avoid conflicts: ### Containers: - `ckb-laravel-app` - Laravel application - `ckb-mariadb` - Database - `ckb-redis` - Cache/Queue - `ckb-nginx-proxy` - Internal nginx proxy ### Volumes: - `ckb_mysql_data` - Database data - `ckb_redis_data` - Redis data - `ckb_nginx_logs` - Nginx logs - `ckb_storage_logs` - Laravel logs - `ckb_storage_cache` - Laravel cache ## Step-by-Step Deployment ### Step 1: Prepare the Application ```bash cd /var/www/ckb # Make scripts executable chmod +x deploy-ckb.sh chmod +x setup-ssl.sh ``` ### Step 2: Deploy Docker Application ```bash # Run deployment script ./deploy-ckb.sh ``` This script will: - Stop existing containers - Build and start new containers - Check if containers are running - Verify port 8082 is accessible ### Step 3: Setup SSL Certificate ```bash # Run SSL setup script (requires sudo) sudo ./setup-ssl.sh ``` This script will: - Install certbot if not present - Create temporary nginx configuration - Generate Let's Encrypt certificate - Update nginx with SSL configuration - Setup auto-renewal ### Step 4: Manual Verification ```bash # Check if containers are running docker ps | grep ckb # Check if port 8082 is accessible curl -I http://localhost:8082 # Check SSL certificate sudo certbot certificates # Test HTTPS access curl -I https://bengkel.digitaloasis.xyz ``` ## Configuration Files ### docker-compose.prod.yml - Updated container names with `ckb-` prefix - Removed certbot service (handled by main server) - Updated APP_URL to use HTTPS - Specific volume names to avoid conflicts ### nginx-proxy.conf - Simplified configuration (no SSL handling) - Proxy to `ckb-app` container - Rate limiting and security headers - Static file caching ### nginx-ckb-reverse-proxy.conf - Main server nginx configuration - SSL termination - Reverse proxy to port 8082 - Security headers and SSL settings ## Environment Variables Create `.env` file in `/var/www/ckb/`: ```env APP_ENV=production APP_DEBUG=false APP_URL=https://bengkel.digitaloasis.xyz DB_DATABASE=ckb_production DB_USERNAME=laravel DB_PASSWORD=your_password DB_ROOT_PASSWORD=your_root_password REDIS_PASSWORD=your_redis_password ``` ## Monitoring and Maintenance ### View Logs ```bash # Docker logs docker-compose -f docker-compose.prod.yml logs -f # Nginx logs (main server) sudo tail -f /var/log/nginx/access.log sudo tail -f /var/log/nginx/error.log # Laravel logs docker exec ckb-laravel-app tail -f /var/www/html/storage/logs/laravel.log ``` ### SSL Certificate Renewal ```bash # Manual renewal sudo certbot renew # Check renewal status sudo certbot certificates ``` ### Container Management ```bash # Restart all services docker-compose -f docker-compose.prod.yml restart # Update application git pull docker-compose -f docker-compose.prod.yml up -d --build # Stop all services docker-compose -f docker-compose.prod.yml down # Remove all data (WARNING: This will delete all data) docker-compose -f docker-compose.prod.yml down -v ``` ## Troubleshooting ### Port 8082 Not Accessible ```bash # Check if container is running docker ps | grep ckb-nginx-proxy # Check container logs docker-compose -f docker-compose.prod.yml logs ckb-nginx-proxy # Check if port is bound netstat -tlnp | grep 8082 ``` ### SSL Certificate Issues ```bash # Check certificate status sudo certbot certificates # Test certificate sudo certbot renew --dry-run # Check nginx configuration sudo nginx -t ``` ### Database Connection Issues ```bash # Check database container docker exec ckb-mariadb mysql -u root -p -e "SHOW DATABASES;" # Check Laravel database connection docker exec ckb-laravel-app php artisan tinker ``` ### Permission Issues ```bash # Fix Laravel permissions docker exec ckb-laravel-app chown -R www-data:www-data /var/www/html docker exec ckb-laravel-app chmod -R 775 /var/www/html/storage docker exec ckb-laravel-app chmod -R 775 /var/www/html/bootstrap/cache ``` ## Security Considerations 1. **Firewall**: Ensure only necessary ports are open 2. **SSL**: Certificate auto-renewal is configured 3. **Rate Limiting**: Configured for login and API endpoints 4. **Security Headers**: HSTS, XSS protection, etc. 5. **File Permissions**: Proper Laravel file permissions 6. **Database**: Strong passwords and limited access ## Backup Strategy ### Database Backup ```bash # Create backup docker exec ckb-mariadb mysqldump -u root -p ckb_production > backup.sql # Restore backup docker exec -i ckb-mariadb mysql -u root -p ckb_production < backup.sql ``` ### Application Backup ```bash # Backup application files tar -czf ckb-backup-$(date +%Y%m%d).tar.gz /var/www/ckb/ # Backup volumes docker run --rm -v ckb_mysql_data:/data -v $(pwd):/backup alpine tar czf /backup/mysql-backup.tar.gz -C /data . ``` ## Performance Optimization 1. **Nginx**: Gzip compression enabled 2. **Laravel**: Production optimizations 3. **Database**: Proper indexing 4. **Redis**: Caching and session storage 5. **Static Files**: Long-term caching headers ## Support For issues or questions: 1. Check logs first 2. Verify configuration files 3. Test connectivity step by step 4. Check system resources 5. Review security settings