From e07aaa5016d792535e46a9937a8fd0e98ee74621 Mon Sep 17 00:00:00 2001 From: Andrei Date: Mon, 6 Oct 2025 21:39:28 +0000 Subject: [PATCH] feat: Update all production configs for dedicated PostgreSQL server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - PostgreSQL now on dedicated server: 10.0.0.207:5432 - Database: parentflow (user: postgres, password: a3ppq) - Removed PostgreSQL from docker-compose.production.yml - Updated start-production.sh to check PostgreSQL connectivity - Updated migration scripts to use dedicated server - Created .env.admin.example for admin service configuration - Updated admin dashboard docs with PostgreSQL details - Redis, MongoDB, MinIO remain as Docker containers on 10.0.0.240 Infrastructure: - Application Server: 10.0.0.240 (PM2 + Docker services) - Database Server: 10.0.0.207 (PostgreSQL only) - Admin Server: 10.0.0.241 (future deployment) - Nginx Proxy: Separate server with SSL configured 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .env.admin.example | 82 ++++++++++++++++++++++++++ docker-compose.production.yml | 29 +++------ docs/ADMIN_DASHBOARD_IMPLEMENTATION.md | 37 ++++++++++-- start-production.sh | 35 +++++++---- 4 files changed, 143 insertions(+), 40 deletions(-) create mode 100644 .env.admin.example diff --git a/.env.admin.example b/.env.admin.example new file mode 100644 index 0000000..252c182 --- /dev/null +++ b/.env.admin.example @@ -0,0 +1,82 @@ +# ParentFlow Admin Service Environment Variables +# Copy this file to .env.admin and update with your secure values +# Deploy on server: 10.0.0.241 + +# Admin Service Configuration +NODE_ENV=production +PORT=4000 +ADMIN_UI_PORT=4001 + +# Database Connection (Dedicated PostgreSQL Server) +DATABASE_URL=postgresql://postgres:a3ppq@10.0.0.207:5432/parentflow +DATABASE_HOST=10.0.0.207 +DATABASE_PORT=5432 +DATABASE_NAME=parentflow +DATABASE_USER=postgres +DATABASE_PASSWORD=a3ppq +DATABASE_SSL=false + +# Redis Connection (Docker on 10.0.0.240) +REDIS_HOST=10.0.0.240 +REDIS_PORT=6379 +REDIS_PASSWORD=parentflow_redis_password_2024 + +# MongoDB Connection (Docker on 10.0.0.240) +MONGODB_URI=mongodb://parentflow_admin:parentflow_mongo_password_2024@10.0.0.240:27017/parentflow_ai_chat?authSource=admin + +# Service-to-Service Authentication +SERVICE_AUTH_KEY=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING_64_CHARS + +# Admin JWT Secrets (Different from main app) +ADMIN_JWT_SECRET=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING_64_CHARS +ADMIN_JWT_REFRESH_SECRET=CHANGE_THIS_TO_ANOTHER_SECURE_RANDOM_STRING_64_CHARS + +# Main Application URLs (for service communication) +MAIN_API_URL=https://api.parentflowapp.com +MAIN_APP_URL=https://web.parentflowapp.com + +# Admin Service URL +ADMIN_API_URL=https://admin.parentflowapp.com +ADMIN_UI_URL=https://admin.parentflowapp.com + +# CORS Configuration +CORS_ORIGIN=https://admin.parentflowapp.com,https://web.parentflowapp.com,https://api.parentflowapp.com + +# Session Configuration +SESSION_SECRET=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING +SESSION_TIMEOUT_MINUTES=15 + +# Security +ENABLE_2FA=true +IP_WHITELIST=10.0.0.0/24,192.168.1.0/24 # Office and VPN networks +RATE_LIMIT_MAX=50 +RATE_LIMIT_WINDOW_MS=60000 + +# Email Configuration (for admin notifications) +SMTP_HOST=smtp.example.com +SMTP_PORT=587 +SMTP_USER=admin@parentflowapp.com +SMTP_PASSWORD=your-smtp-password +SMTP_FROM=ParentFlow Admin + +# Logging +LOG_LEVEL=info +LOG_FORMAT=json +AUDIT_LOG_RETENTION_DAYS=365 + +# Feature Flags +ENABLE_INVITE_CODES=true +ENABLE_REGISTRATION=false # Start with invite-only +ENABLE_ANALYTICS_DASHBOARD=true +ENABLE_LLM_CONFIG=true +ENABLE_SUBSCRIPTION_MANAGEMENT=true + +# Default Admin User (created on first run) +DEFAULT_ADMIN_EMAIL=admin@parentflowapp.com +DEFAULT_ADMIN_PASSWORD=CHANGE_THIS_IMMEDIATELY + +# Backup Configuration +BACKUP_ENABLED=true +BACKUP_SCHEDULE=0 2 * * * # Daily at 2 AM +BACKUP_RETENTION_DAYS=30 +BACKUP_PATH=/var/backups/parentflow-admin \ No newline at end of file diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 1442401..6a505a0 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -1,26 +1,13 @@ version: '3.8' +# Production Docker Compose for ParentFlow +# PostgreSQL is on dedicated server: 10.0.0.207 +# These services run on application server: 10.0.0.240 + services: - postgres: - image: pgvector/pgvector:pg15 - container_name: parentflow-postgres-prod - environment: - POSTGRES_DB: parentflow_production - POSTGRES_USER: parentflow_user - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-parentflow_secure_password_2024} - ports: - - "5432:5432" - volumes: - - postgres_prod_data:/var/lib/postgresql/data - - ./maternal-app/maternal-app-backend/src/database/migrations:/docker-entrypoint-initdb.d:ro - networks: - - parentflow-network - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "pg_isready -U parentflow_user -d parentflow_production"] - interval: 10s - timeout: 5s - retries: 5 + # PostgreSQL removed - using dedicated server + # Connection: postgresql://postgres:a3ppq@10.0.0.207:5432/parentflow + # Migrations should be run directly on the database server redis: image: redis:7-alpine @@ -86,8 +73,6 @@ networks: driver: bridge volumes: - postgres_prod_data: - driver: local redis_prod_data: driver: local mongodb_prod_data: diff --git a/docs/ADMIN_DASHBOARD_IMPLEMENTATION.md b/docs/ADMIN_DASHBOARD_IMPLEMENTATION.md index b137ca9..5c08bfe 100644 --- a/docs/ADMIN_DASHBOARD_IMPLEMENTATION.md +++ b/docs/ADMIN_DASHBOARD_IMPLEMENTATION.md @@ -1362,11 +1362,25 @@ services: - "4000:4000" # Admin API on separate port environment: NODE_ENV: production - DATABASE_URL: postgresql://... + # Dedicated PostgreSQL Server + DATABASE_URL: postgresql://postgres:a3ppq@10.0.0.207:5432/parentflow + DATABASE_HOST: 10.0.0.207 + DATABASE_PORT: 5432 + DATABASE_NAME: parentflow + DATABASE_USER: postgres + DATABASE_PASSWORD: a3ppq + # Redis on 10.0.0.240 + REDIS_HOST: 10.0.0.240 + REDIS_PORT: 6379 + # MongoDB on 10.0.0.240 + MONGODB_URI: mongodb://parentflow_admin:parentflow_mongo_password_2024@10.0.0.240:27017/parentflow_ai_chat?authSource=admin + # Auth keys JWT_SECRET: ${ADMIN_JWT_SECRET} SERVICE_AUTH_KEY: ${SERVICE_AUTH_KEY} # For service-to-service auth networks: - parentflow-network + extra_hosts: + - "host.docker.internal:host-gateway" # For accessing host services admin-ui: build: ./parentflow-admin-service/admin-ui @@ -1375,6 +1389,7 @@ services: - "4001:3000" # Admin UI environment: REACT_APP_API_URL: http://admin-api:4000 + REACT_APP_MAIN_APP_URL: https://web.parentflowapp.com networks: - parentflow-network @@ -1474,17 +1489,27 @@ Production Environment: │ ├── Server: 10.0.0.241 (separate from main app) │ ├── URL: admin.parentflowapp.com │ ├── Ports: 4000 (API), 4001 (UI) -│ └── Database: Shared with main app (read/write to admin tables) +│ └── Database: Connects to dedicated PostgreSQL server │ ├── Main Applications │ ├── Web: 10.0.0.240:3030 → web.parentflowapp.com │ ├── API: 10.0.0.240:3020 → api.parentflowapp.com │ └── Mobile APIs: Will connect to api.parentflowapp.com │ -└── Shared Infrastructure - ├── PostgreSQL: 10.0.0.240:5432 - ├── Redis: 10.0.0.240:6379 - └── MongoDB: 10.0.0.240:27017 +├── Database Infrastructure +│ ├── PostgreSQL: 10.0.0.207:5432 +│ │ ├── Database: parentflow +│ │ ├── User: postgres +│ │ └── Password: a3ppq +│ │ +│ └── Docker on 10.0.0.240 +│ ├── Redis: Port 6379 +│ ├── MongoDB: Port 27017 +│ └── MinIO: Ports 9000/9001 +│ +└── Nginx Proxy Server (Separate) + ├── SSL certificates configured + └── Reverse proxy for all domains ``` --- diff --git a/start-production.sh b/start-production.sh index 81e68d4..d07182a 100755 --- a/start-production.sh +++ b/start-production.sh @@ -57,29 +57,40 @@ fi echo -e "${YELLOW}Waiting for databases to be healthy...${NC}" sleep 10 -# Check database health -echo -e "${BLUE}Checking database health...${NC}" +# Check PostgreSQL connectivity (dedicated server) +echo -e "${BLUE}Checking PostgreSQL connectivity on 10.0.0.207...${NC}" +PGPASSWORD=a3ppq psql -h 10.0.0.207 -p 5432 -U postgres -d parentflow -c "SELECT version();" > /dev/null 2>&1 +if [ $? -eq 0 ]; then + echo -e "${GREEN}✓ PostgreSQL connection successful${NC}" +else + echo -e "${RED}✗ Cannot connect to PostgreSQL on 10.0.0.207${NC}" + echo "Please ensure PostgreSQL is running and accessible" + exit 1 +fi + +# Check Docker services health +echo -e "${BLUE}Checking Docker services health...${NC}" MAX_RETRIES=30 RETRY_COUNT=0 while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do - POSTGRES_HEALTHY=$(docker inspect parentflow-postgres-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting") REDIS_HEALTHY=$(docker inspect parentflow-redis-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting") MONGO_HEALTHY=$(docker inspect parentflow-mongodb-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting") + MINIO_HEALTHY=$(docker inspect parentflow-minio-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting") - if [ "$POSTGRES_HEALTHY" = "healthy" ] && [ "$REDIS_HEALTHY" = "healthy" ] && [ "$MONGO_HEALTHY" = "healthy" ]; then - echo -e "${GREEN}✓ All databases are healthy${NC}" + if [ "$REDIS_HEALTHY" = "healthy" ] && [ "$MONGO_HEALTHY" = "healthy" ] && [ "$MINIO_HEALTHY" = "healthy" ]; then + echo -e "${GREEN}✓ All Docker services are healthy${NC}" break fi - echo -e "${YELLOW}Waiting for databases... ($RETRY_COUNT/$MAX_RETRIES)${NC}" + echo -e "${YELLOW}Waiting for Docker services... ($RETRY_COUNT/$MAX_RETRIES)${NC}" sleep 2 ((RETRY_COUNT++)) done if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then - echo -e "${RED}✗ Databases failed to become healthy${NC}" - echo "Check Docker logs with: docker logs parentflow-postgres-prod" + echo -e "${RED}✗ Docker services failed to become healthy${NC}" + echo "Check Docker logs with: docker logs parentflow-redis-prod" exit 1 fi @@ -91,11 +102,11 @@ cd /root/maternal-app/maternal-app/maternal-app-backend # Check if migration script exists if [ -f "./scripts/master-migration.sh" ]; then echo -e "${YELLOW}Running master migration script...${NC}" - DATABASE_HOST=localhost \ + DATABASE_HOST=10.0.0.207 \ DATABASE_PORT=5432 \ - DATABASE_NAME=parentflow_production \ - DATABASE_USER=parentflow_user \ - DATABASE_PASSWORD=parentflow_secure_password_2024 \ + DATABASE_NAME=parentflow \ + DATABASE_USER=postgres \ + DATABASE_PASSWORD=a3ppq \ ./scripts/master-migration.sh || { echo -e "${YELLOW}Warning: Migrations may have partially failed. Continuing...${NC}" }