CKB/PRODUCTION-DEPLOYMENT.md

# CKB Production Deployment Guide

Panduan deployment aplikasi CKB Laravel ke production server dengan domain `bengkel.digitaloasis.xyz`.

## 🚀 Quick Start

### 1. Deploy ke Production

```bash
# Full deployment (recommended untuk pertama kali)
./docker-deploy-prod.sh deploy

# Hanya build containers
./docker-deploy-prod.sh build

# Setup SSL certificate
./docker-deploy-prod.sh ssl

# Check deployment status
./docker-deploy-prod.sh status
```

### 2. Akses Aplikasi

-   **Domain**: https://bengkel.digitaloasis.xyz
-   **Health Check**: https://bengkel.digitaloasis.xyz/health

## 📋 Prerequisites

### Server Requirements

-   **OS**: Ubuntu 20.04+ atau CentOS 7+
-   **Memory**: Minimum 2GB RAM (4GB recommended)
-   **Storage**: Minimum 20GB SSD
-   **Docker**: Version 20.10+
-   **Docker Compose**: Version 2.0+

### Domain Setup

1. **DNS Configuration**:

    ```
    A Record: bengkel.digitaloasis.xyz → [Server IP]
    CNAME: www.bengkel.digitaloasis.xyz → bengkel.digitaloasis.xyz
    ```

2. **Firewall Configuration**:

    ```bash
    # Allow HTTP/HTTPS traffic
    sudo ufw allow 80/tcp
    sudo ufw allow 443/tcp

    # Allow SSH (if needed)
    sudo ufw allow 22/tcp
    ```

## 🛡️ Security Configuration

### 1. Environment Variables

Edit `.env` file untuk production:

```env
# Application
APP_ENV=production
APP_DEBUG=false
APP_URL=https://bengkel.digitaloasis.xyz
APP_KEY=base64:...

# Database (GANTI dengan credentials yang aman!)
DB_HOST=db
DB_DATABASE=ckb_production
DB_USERNAME=ckb_user
DB_PASSWORD=secure_password_here
DB_ROOT_PASSWORD=secure_root_password_here

# Redis
REDIS_HOST=redis
REDIS_PASSWORD=secure_redis_password

# Mail
MAIL_MAILER=smtp
MAIL_HOST=your-smtp-host
MAIL_PORT=587
MAIL_USERNAME=your-email@domain.com
MAIL_PASSWORD=your-email-password
MAIL_ENCRYPTION=tls

# Session & Cache
SESSION_DRIVER=redis
CACHE_DRIVER=redis
QUEUE_CONNECTION=redis

# Trusted Proxies
TRUSTED_PROXIES=*
```

### 2. Database Security

```bash
# Setelah deployment, jalankan MySQL secure installation
docker-compose -f docker-compose.prod.yml exec db mysql_secure_installation
```

## 🔧 Deployment Process

### Manual Step-by-Step

1. **Persiapan Server**:

    ```bash
    # Update system
    sudo apt update && sudo apt upgrade -y

    # Install Docker
    curl -fsSL https://get.docker.com -o get-docker.sh
    sudo sh get-docker.sh

    # Install Docker Compose
    sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose
    ```

2. **Clone Repository**:

    ```bash
    git clone https://github.com/your-repo/ckb.git
    cd ckb
    ```

3. **Setup Environment**:

    ```bash
    # For production environment
    ./docker-setup-env.sh production

    # Edit production settings (IMPORTANT!)
    nano .env
    # Change all CHANGE_THIS_* values with secure passwords
    ```

4. **Deploy Application**:

    ```bash
    ./docker-deploy-prod.sh deploy
    ```

5. **Setup SSL Certificate**:
    ```bash
    ./docker-deploy-prod.sh ssl
    ```

## 📊 Monitoring & Maintenance

### 1. Health Checks

```bash
# Check application status
./docker-deploy-prod.sh status

# Check specific service logs
docker-compose -f docker-compose.prod.yml logs -f app
docker-compose -f docker-compose.prod.yml logs -f nginx-proxy
docker-compose -f docker-compose.prod.yml logs -f db
```

### 2. Database Backup

```bash
# Manual backup
docker-compose -f docker-compose.prod.yml exec -T db mysqldump -u root -p"$DB_ROOT_PASSWORD" ckb_production > backup_$(date +%Y%m%d).sql

# Automated backup (add to crontab)
0 2 * * * /path/to/ckb/docker-backup.sh
```

### 3. SSL Certificate Renewal

Certificate akan otomatis renewal. Untuk manual renewal:

```bash
# Test renewal
docker-compose -f docker-compose.prod.yml run --rm certbot renew --dry-run

# Manual renewal
./docker-ssl-renew.sh

# Setup auto-renewal (add to crontab)
0 12 * * * /path/to/ckb/docker-ssl-renew.sh
```

## 🔍 Troubleshooting

### Common Issues

1. **Application Not Loading**:

    ```bash
    # Check container status
    docker-compose -f docker-compose.prod.yml ps

    # Check application logs
    docker-compose -f docker-compose.prod.yml logs app

    # Restart application
    docker-compose -f docker-compose.prod.yml restart app
    ```

2. **SSL Certificate Issues**:

    ```bash
    # Check certificate status
    openssl s_client -connect bengkel.digitaloasis.xyz:443 -servername bengkel.digitaloasis.xyz

    # Re-setup SSL
    ./docker-ssl-setup.sh
    ```

3. **Database Connection Issues**:

    ```bash
    # Check database logs
    docker-compose -f docker-compose.prod.yml logs db

    # Test database connection
    docker-compose -f docker-compose.prod.yml exec app php artisan tinker
    >>> DB::connection()->getPdo();
    ```

4. **Permission Issues**:
    ```bash
    # Fix Laravel permissions
    ./docker-fix-permissions.sh prod
    ```

### Performance Issues

```bash
# Check resource usage
docker stats

# Clean up Docker system
docker system prune -a -f

# Optimize Laravel
docker-compose -f docker-compose.prod.yml exec app php artisan optimize
```

## 🚦 Load Testing

Before going live, test your application:

```bash
# Install testing tools
sudo apt install apache2-utils

# Basic load test
ab -n 1000 -c 10 https://bengkel.digitaloasis.xyz/

# More comprehensive testing with siege
sudo apt install siege
siege -c 25 -t 60s https://bengkel.digitaloasis.xyz/
```

## 📈 Performance Optimization

### 1. Laravel Optimizations

```bash
# Run after each deployment
docker-compose -f docker-compose.prod.yml exec app php artisan config:cache
docker-compose -f docker-compose.prod.yml exec app php artisan route:cache
docker-compose -f docker-compose.prod.yml exec app php artisan view:cache
docker-compose -f docker-compose.prod.yml exec app composer install --optimize-autoloader --no-dev
```

### 2. Database Optimization

```bash
# MySQL tuning
docker-compose -f docker-compose.prod.yml exec db mysql -u root -p -e "
  SET GLOBAL innodb_buffer_pool_size = 1073741824;
  SET GLOBAL query_cache_size = 67108864;
  SET GLOBAL query_cache_type = 1;
"
```

### 3. Nginx Optimization

Edit `docker/nginx-proxy.conf` untuk mengoptimalkan:

-   Gzip compression
-   Browser caching
-   Connection pooling

## 🔄 Updates & Maintenance

### Application Updates

```bash
# Pull latest code
git pull origin main

# Backup before update
./docker-deploy-prod.sh backup

# Deploy updates
./docker-deploy-prod.sh deploy
```

### Security Updates

```bash
# Update base images
docker-compose -f docker-compose.prod.yml pull

# Rebuild with latest security patches
./docker-deploy-prod.sh build
```

## 📞 Support & Contact

Untuk bantuan deployment atau issues:

-   **Email**: admin@digitaloasis.xyz
-   **Documentation**: https://github.com/your-repo/ckb/docs
-   **Issues**: https://github.com/your-repo/ckb/issues

## 📄 File Structure

```
ckb/
├── docker/
│   ├── nginx-proxy.conf      # Main nginx configuration
│   ├── nginx-temp.conf       # Temporary config for SSL setup
│   ├── env.example          # Environment template
│   └── ...
├── docker-compose.prod.yml   # Production compose file
├── docker-deploy-prod.sh     # Main deployment script
├── docker-ssl-setup.sh       # SSL certificate setup
├── docker-ssl-renew.sh       # SSL renewal script
└── PRODUCTION-DEPLOYMENT.md  # This file
```

## ✅ Production Checklist

-   [ ] Domain DNS configured
-   [ ] Firewall rules configured
-   [ ] .env file configured with production values
-   [ ] Database credentials changed from defaults
-   [ ] SSL certificate obtained and configured
-   [ ] Backup system configured
-   [ ] Monitoring setup
-   [ ] Load testing completed
-   [ ] Security audit completed

---

**🚨 Remember**: Always test in staging environment before deploying to production!