feat: Update all production configs for dedicated PostgreSQL server

- PostgreSQL now on dedicated server: 10.0.0.207:5432 - Database: parentflow (user: postgres, password: a3ppq) - Removed PostgreSQL from docker-compose.production.yml - Updated start-production.sh to check PostgreSQL connectivity - Updated migration scripts to use dedicated server - Created .env.admin.example for admin service configuration - Updated admin dashboard docs with PostgreSQL details - Redis, MongoDB, MinIO remain as Docker containers on 10.0.0.240 Infrastructure: - Application Server: 10.0.0.240 (PM2 + Docker services) - Database Server: 10.0.0.207 (PostgreSQL only) - Admin Server: 10.0.0.241 (future deployment) - Nginx Proxy: Separate server with SSL configured 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-06 21:39:28 +00:00
parent bfefb19100
commit e07aaa5016
4 changed files with 143 additions and 40 deletions
--- a/.env.admin.example
+++ b/.env.admin.example
@@ -0,0 +1,82 @@
+# ParentFlow Admin Service Environment Variables
+# Copy this file to .env.admin and update with your secure values
+# Deploy on server: 10.0.0.241
+
+# Admin Service Configuration
+NODE_ENV=production
+PORT=4000
+ADMIN_UI_PORT=4001
+
+# Database Connection (Dedicated PostgreSQL Server)
+DATABASE_URL=postgresql://postgres:a3ppq@10.0.0.207:5432/parentflow
+DATABASE_HOST=10.0.0.207
+DATABASE_PORT=5432
+DATABASE_NAME=parentflow
+DATABASE_USER=postgres
+DATABASE_PASSWORD=a3ppq
+DATABASE_SSL=false
+
+# Redis Connection (Docker on 10.0.0.240)
+REDIS_HOST=10.0.0.240
+REDIS_PORT=6379
+REDIS_PASSWORD=parentflow_redis_password_2024
+
+# MongoDB Connection (Docker on 10.0.0.240)
+MONGODB_URI=mongodb://parentflow_admin:parentflow_mongo_password_2024@10.0.0.240:27017/parentflow_ai_chat?authSource=admin
+
+# Service-to-Service Authentication
+SERVICE_AUTH_KEY=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING_64_CHARS
+
+# Admin JWT Secrets (Different from main app)
+ADMIN_JWT_SECRET=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING_64_CHARS
+ADMIN_JWT_REFRESH_SECRET=CHANGE_THIS_TO_ANOTHER_SECURE_RANDOM_STRING_64_CHARS
+
+# Main Application URLs (for service communication)
+MAIN_API_URL=https://api.parentflowapp.com
+MAIN_APP_URL=https://web.parentflowapp.com
+
+# Admin Service URL
+ADMIN_API_URL=https://admin.parentflowapp.com
+ADMIN_UI_URL=https://admin.parentflowapp.com
+
+# CORS Configuration
+CORS_ORIGIN=https://admin.parentflowapp.com,https://web.parentflowapp.com,https://api.parentflowapp.com
+
+# Session Configuration
+SESSION_SECRET=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING
+SESSION_TIMEOUT_MINUTES=15
+
+# Security
+ENABLE_2FA=true
+IP_WHITELIST=10.0.0.0/24,192.168.1.0/24  # Office and VPN networks
+RATE_LIMIT_MAX=50
+RATE_LIMIT_WINDOW_MS=60000
+
+# Email Configuration (for admin notifications)
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=admin@parentflowapp.com
+SMTP_PASSWORD=your-smtp-password
+SMTP_FROM=ParentFlow Admin <admin@parentflowapp.com>
+
+# Logging
+LOG_LEVEL=info
+LOG_FORMAT=json
+AUDIT_LOG_RETENTION_DAYS=365
+
+# Feature Flags
+ENABLE_INVITE_CODES=true
+ENABLE_REGISTRATION=false  # Start with invite-only
+ENABLE_ANALYTICS_DASHBOARD=true
+ENABLE_LLM_CONFIG=true
+ENABLE_SUBSCRIPTION_MANAGEMENT=true
+
+# Default Admin User (created on first run)
+DEFAULT_ADMIN_EMAIL=admin@parentflowapp.com
+DEFAULT_ADMIN_PASSWORD=CHANGE_THIS_IMMEDIATELY
+
+# Backup Configuration
+BACKUP_ENABLED=true
+BACKUP_SCHEDULE=0 2 * * *  # Daily at 2 AM
+BACKUP_RETENTION_DAYS=30
+BACKUP_PATH=/var/backups/parentflow-admin