feat: Update all production configs for dedicated PostgreSQL server

- PostgreSQL now on dedicated server: 10.0.0.207:5432
- Database: parentflow (user: postgres, password: a3ppq)
- Removed PostgreSQL from docker-compose.production.yml
- Updated start-production.sh to check PostgreSQL connectivity
- Updated migration scripts to use dedicated server
- Created .env.admin.example for admin service configuration
- Updated admin dashboard docs with PostgreSQL details
- Redis, MongoDB, MinIO remain as Docker containers on 10.0.0.240

Infrastructure:
- Application Server: 10.0.0.240 (PM2 + Docker services)
- Database Server: 10.0.0.207 (PostgreSQL only)
- Admin Server: 10.0.0.241 (future deployment)
- Nginx Proxy: Separate server with SSL configured

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.env.admin.example

@@ -0,0 +1,82 @@
+# ParentFlow Admin Service Environment Variables
+# Copy this file to .env.admin and update with your secure values
+# Deploy on server: 10.0.0.241
+
+# Admin Service Configuration
+NODE_ENV=production
+PORT=4000
+ADMIN_UI_PORT=4001
+
+# Database Connection (Dedicated PostgreSQL Server)
+DATABASE_URL=postgresql://postgres:a3ppq@10.0.0.207:5432/parentflow
+DATABASE_HOST=10.0.0.207
+DATABASE_PORT=5432
+DATABASE_NAME=parentflow
+DATABASE_USER=postgres
+DATABASE_PASSWORD=a3ppq
+DATABASE_SSL=false
+
+# Redis Connection (Docker on 10.0.0.240)
+REDIS_HOST=10.0.0.240
+REDIS_PORT=6379
+REDIS_PASSWORD=parentflow_redis_password_2024
+
+# MongoDB Connection (Docker on 10.0.0.240)
+MONGODB_URI=mongodb://parentflow_admin:parentflow_mongo_password_2024@10.0.0.240:27017/parentflow_ai_chat?authSource=admin
+
+# Service-to-Service Authentication
+SERVICE_AUTH_KEY=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING_64_CHARS
+
+# Admin JWT Secrets (Different from main app)
+ADMIN_JWT_SECRET=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING_64_CHARS
+ADMIN_JWT_REFRESH_SECRET=CHANGE_THIS_TO_ANOTHER_SECURE_RANDOM_STRING_64_CHARS
+
+# Main Application URLs (for service communication)
+MAIN_API_URL=https://api.parentflowapp.com
+MAIN_APP_URL=https://web.parentflowapp.com
+
+# Admin Service URL
+ADMIN_API_URL=https://admin.parentflowapp.com
+ADMIN_UI_URL=https://admin.parentflowapp.com
+
+# CORS Configuration
+CORS_ORIGIN=https://admin.parentflowapp.com,https://web.parentflowapp.com,https://api.parentflowapp.com
+
+# Session Configuration
+SESSION_SECRET=CHANGE_THIS_TO_A_SECURE_RANDOM_STRING
+SESSION_TIMEOUT_MINUTES=15
+
+# Security
+ENABLE_2FA=true
+IP_WHITELIST=10.0.0.0/24,192.168.1.0/24  # Office and VPN networks
+RATE_LIMIT_MAX=50
+RATE_LIMIT_WINDOW_MS=60000
+
+# Email Configuration (for admin notifications)
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=admin@parentflowapp.com
+SMTP_PASSWORD=your-smtp-password
+SMTP_FROM=ParentFlow Admin <admin@parentflowapp.com>
+
+# Logging
+LOG_LEVEL=info
+LOG_FORMAT=json
+AUDIT_LOG_RETENTION_DAYS=365
+
+# Feature Flags
+ENABLE_INVITE_CODES=true
+ENABLE_REGISTRATION=false  # Start with invite-only
+ENABLE_ANALYTICS_DASHBOARD=true
+ENABLE_LLM_CONFIG=true
+ENABLE_SUBSCRIPTION_MANAGEMENT=true
+
+# Default Admin User (created on first run)
+DEFAULT_ADMIN_EMAIL=admin@parentflowapp.com
+DEFAULT_ADMIN_PASSWORD=CHANGE_THIS_IMMEDIATELY
+
+# Backup Configuration
+BACKUP_ENABLED=true
+BACKUP_SCHEDULE=0 2 * * *  # Daily at 2 AM
+BACKUP_RETENTION_DAYS=30
+BACKUP_PATH=/var/backups/parentflow-admin

docker-compose.production.yml

@@ -1,26 +1,13 @@
 version: '3.8'
 
+# Production Docker Compose for ParentFlow
+# PostgreSQL is on dedicated server: 10.0.0.207
+# These services run on application server: 10.0.0.240
+
 services:
-  postgres:
+  # PostgreSQL removed - using dedicated server
-    image: pgvector/pgvector:pg15
+  # Connection: postgresql://postgres:a3ppq@10.0.0.207:5432/parentflow
-    container_name: parentflow-postgres-prod
+  # Migrations should be run directly on the database server
-    environment:
-      POSTGRES_DB: parentflow_production
-      POSTGRES_USER: parentflow_user
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-parentflow_secure_password_2024}
-    ports:
-      - "5432:5432"
-    volumes:
-      - postgres_prod_data:/var/lib/postgresql/data
-      - ./maternal-app/maternal-app-backend/src/database/migrations:/docker-entrypoint-initdb.d:ro
-    networks:
-      - parentflow-network
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U parentflow_user -d parentflow_production"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
 
   redis:
     image: redis:7-alpine
@@ -86,8 +73,6 @@ networks:
     driver: bridge
 
 volumes:
-  postgres_prod_data:
-    driver: local
   redis_prod_data:
     driver: local
   mongodb_prod_data:

docs/ADMIN_DASHBOARD_IMPLEMENTATION.md

@@ -1362,11 +1362,25 @@ services:
       - "4000:4000"  # Admin API on separate port
     environment:
       NODE_ENV: production
-      DATABASE_URL: postgresql://...
+      # Dedicated PostgreSQL Server
+      DATABASE_URL: postgresql://postgres:a3ppq@10.0.0.207:5432/parentflow
+      DATABASE_HOST: 10.0.0.207
+      DATABASE_PORT: 5432
+      DATABASE_NAME: parentflow
+      DATABASE_USER: postgres
+      DATABASE_PASSWORD: a3ppq
+      # Redis on 10.0.0.240
+      REDIS_HOST: 10.0.0.240
+      REDIS_PORT: 6379
+      # MongoDB on 10.0.0.240
+      MONGODB_URI: mongodb://parentflow_admin:parentflow_mongo_password_2024@10.0.0.240:27017/parentflow_ai_chat?authSource=admin
+      # Auth keys
       JWT_SECRET: ${ADMIN_JWT_SECRET}
       SERVICE_AUTH_KEY: ${SERVICE_AUTH_KEY}  # For service-to-service auth
     networks:
       - parentflow-network
+    extra_hosts:
+      - "host.docker.internal:host-gateway"  # For accessing host services
 
   admin-ui:
     build: ./parentflow-admin-service/admin-ui
@@ -1375,6 +1389,7 @@ services:
       - "4001:3000"  # Admin UI
     environment:
       REACT_APP_API_URL: http://admin-api:4000
+      REACT_APP_MAIN_APP_URL: https://web.parentflowapp.com
     networks:
       - parentflow-network
 
@@ -1474,17 +1489,27 @@ Production Environment:
 │   ├── Server: 10.0.0.241 (separate from main app)
 │   ├── URL: admin.parentflowapp.com
 │   ├── Ports: 4000 (API), 4001 (UI)
-│   └── Database: Shared with main app (read/write to admin tables)
+│   └── Database: Connects to dedicated PostgreSQL server
 │
 ├── Main Applications
 │   ├── Web: 10.0.0.240:3030 → web.parentflowapp.com
 │   ├── API: 10.0.0.240:3020 → api.parentflowapp.com
 │   └── Mobile APIs: Will connect to api.parentflowapp.com
 │
-└── Shared Infrastructure
+├── Database Infrastructure
-    ├── PostgreSQL: 10.0.0.240:5432
+│   ├── PostgreSQL: 10.0.0.207:5432
-    ├── Redis: 10.0.0.240:6379
+│   │   ├── Database: parentflow
-    └── MongoDB: 10.0.0.240:27017
+│   │   ├── User: postgres
+│   │   └── Password: a3ppq
+│   │
+│   └── Docker on 10.0.0.240
+│       ├── Redis: Port 6379
+│       ├── MongoDB: Port 27017
+│       └── MinIO: Ports 9000/9001
+│
+└── Nginx Proxy Server (Separate)
+    ├── SSL certificates configured
+    └── Reverse proxy for all domains
 ```
 
 ---

start-production.sh

@@ -57,29 +57,40 @@ fi
 echo -e "${YELLOW}Waiting for databases to be healthy...${NC}"
 sleep 10
 
-# Check database health
+# Check PostgreSQL connectivity (dedicated server)
-echo -e "${BLUE}Checking database health...${NC}"
+echo -e "${BLUE}Checking PostgreSQL connectivity on 10.0.0.207...${NC}"
+PGPASSWORD=a3ppq psql -h 10.0.0.207 -p 5432 -U postgres -d parentflow -c "SELECT version();" > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✓ PostgreSQL connection successful${NC}"
+else
+    echo -e "${RED}✗ Cannot connect to PostgreSQL on 10.0.0.207${NC}"
+    echo "Please ensure PostgreSQL is running and accessible"
+    exit 1
+fi
+
+# Check Docker services health
+echo -e "${BLUE}Checking Docker services health...${NC}"
 MAX_RETRIES=30
 RETRY_COUNT=0
 
 while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
-    POSTGRES_HEALTHY=$(docker inspect parentflow-postgres-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting")
     REDIS_HEALTHY=$(docker inspect parentflow-redis-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting")
     MONGO_HEALTHY=$(docker inspect parentflow-mongodb-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting")
+    MINIO_HEALTHY=$(docker inspect parentflow-minio-prod --format='{{.State.Health.Status}}' 2>/dev/null || echo "starting")
 
-    if [ "$POSTGRES_HEALTHY" = "healthy" ] && [ "$REDIS_HEALTHY" = "healthy" ] && [ "$MONGO_HEALTHY" = "healthy" ]; then
+    if [ "$REDIS_HEALTHY" = "healthy" ] && [ "$MONGO_HEALTHY" = "healthy" ] && [ "$MINIO_HEALTHY" = "healthy" ]; then
-        echo -e "${GREEN}✓ All databases are healthy${NC}"
+        echo -e "${GREEN}✓ All Docker services are healthy${NC}"
         break
     fi
 
-    echo -e "${YELLOW}Waiting for databases... ($RETRY_COUNT/$MAX_RETRIES)${NC}"
+    echo -e "${YELLOW}Waiting for Docker services... ($RETRY_COUNT/$MAX_RETRIES)${NC}"
     sleep 2
     ((RETRY_COUNT++))
 done
 
 if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
-    echo -e "${RED}✗ Databases failed to become healthy${NC}"
+    echo -e "${RED}✗ Docker services failed to become healthy${NC}"
-    echo "Check Docker logs with: docker logs parentflow-postgres-prod"
+    echo "Check Docker logs with: docker logs parentflow-redis-prod"
     exit 1
 fi
 
@@ -91,11 +102,11 @@ cd /root/maternal-app/maternal-app/maternal-app-backend
 # Check if migration script exists
 if [ -f "./scripts/master-migration.sh" ]; then
     echo -e "${YELLOW}Running master migration script...${NC}"
-    DATABASE_HOST=localhost \
+    DATABASE_HOST=10.0.0.207 \
     DATABASE_PORT=5432 \
-    DATABASE_NAME=parentflow_production \
+    DATABASE_NAME=parentflow \
-    DATABASE_USER=parentflow_user \
+    DATABASE_USER=postgres \
-    DATABASE_PASSWORD=parentflow_secure_password_2024 \
+    DATABASE_PASSWORD=a3ppq \
     ./scripts/master-migration.sh || {
         echo -e "${YELLOW}Warning: Migrations may have partially failed. Continuing...${NC}"
     }