337 lines
8.3 KiB
Markdown
337 lines
8.3 KiB
Markdown
# Infoscreen Deployment Guide (Debian)
|
||
|
||
Komplette Anleitung für das Deployment des Infoscreen-Systems auf einem Debian-Server (Bookworm/Trixie) mit GitHub Container Registry.
|
||
|
||
## 📋 Übersicht
|
||
|
||
- **Phase 0**: Docker Installation (optional)
|
||
- **Phase 1**: Images bauen und zur Registry pushen
|
||
- **Phase 2**: Debian-Server Vorbereitung
|
||
- **Phase 3**: System-Konfiguration und Start
|
||
|
||
---
|
||
|
||
## 🐳 Phase 0: Docker Installation (optional)
|
||
|
||
Falls Docker noch nicht installiert ist, wählen Sie eine der folgenden Optionen:
|
||
|
||
### Option A: Debian Repository (schnell, aber oft ältere Version)
|
||
|
||
```bash
|
||
sudo apt update
|
||
sudo apt install -y docker.io docker-compose-plugin
|
||
sudo systemctl enable docker
|
||
sudo systemctl start docker
|
||
```
|
||
|
||
### Option B: Offizielle Docker-Installation (empfohlen für Produktion)
|
||
|
||
```bash
|
||
# Alte Docker-Versionen entfernen (falls vorhanden)
|
||
sudo apt remove -y docker docker-engine docker.io containerd runc
|
||
|
||
# Abhängigkeiten installieren
|
||
sudo apt update
|
||
sudo apt install -y ca-certificates curl gnupg lsb-release
|
||
|
||
# Repository-Schlüssel hinzufügen
|
||
sudo install -m 0755 -d /etc/apt/keyrings
|
||
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||
sudo chmod a+r /etc/apt/keyrings/docker.gpg
|
||
|
||
# Debian Codename ermitteln (bookworm / trixie / bullseye ...)
|
||
source /etc/os-release
|
||
echo "Using Debian release: $VERSION_CODENAME"
|
||
|
||
# Docker Repository hinzufügen
|
||
echo \
|
||
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
|
||
$VERSION_CODENAME stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||
|
||
# Docker installieren (neueste aus dem offiziellen Repo)
|
||
sudo apt update
|
||
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||
|
||
# Docker aktivieren
|
||
sudo systemctl enable docker
|
||
sudo systemctl start docker
|
||
|
||
# Benutzer zur docker-Gruppe hinzufügen (für Root-losen Zugriff)
|
||
sudo usermod -aG docker $USER
|
||
|
||
echo "Bitte neu einloggen (SSH Sitzung beenden und neu verbinden), damit die Gruppenzugehörigkeit aktiv wird."
|
||
```
|
||
|
||
### Docker-Installation testen
|
||
|
||
```bash
|
||
docker run hello-world
|
||
docker --version
|
||
docker compose version
|
||
```
|
||
|
||
---
|
||
|
||
## 🏗️ Phase 1: Images bauen und pushen (lokale Entwicklungsmaschine)
|
||
|
||
### 1. GitHub Container Registry Login
|
||
|
||
```bash
|
||
# Personal Access Token (write:packages) verwenden
|
||
echo $GITHUB_TOKEN | docker login ghcr.io -u robbstarkaustria --password-stdin
|
||
|
||
# Alternativ interaktiv
|
||
docker login ghcr.io
|
||
# Username: robbstarkaustria
|
||
# Password: [GITHUB_TOKEN]
|
||
```
|
||
|
||
### 2. Images bauen und taggen
|
||
|
||
```bash
|
||
cd /workspace
|
||
|
||
docker build -f server/Dockerfile -t ghcr.io/robbstarkaustria/infoscreen-api:latest .
|
||
docker build -f dashboard/Dockerfile -t ghcr.io/robbstarkaustria/infoscreen-dashboard:latest .
|
||
docker build -f listener/Dockerfile -t ghcr.io/robbstarkaustria/infoscreen-listener:latest .
|
||
docker build -f scheduler/Dockerfile -t ghcr.io/robbstarkaustria/infoscreen-scheduler:latest .
|
||
```
|
||
|
||
### 3. Images pushen
|
||
|
||
```bash
|
||
docker push ghcr.io/robbstarkaustria/infoscreen-api:latest
|
||
docker push ghcr.io/robbstarkaustria/infoscreen-dashboard:latest
|
||
docker push ghcr.io/robbstarkaustria/infoscreen-listener:latest
|
||
docker push ghcr.io/robbstarkaustria/infoscreen-scheduler:latest
|
||
|
||
docker images | grep ghcr.io
|
||
```
|
||
|
||
---
|
||
|
||
## 🖥️ Phase 2: Debian-Server Vorbereitung
|
||
|
||
### 4. Grundsystem aktualisieren
|
||
|
||
```bash
|
||
sudo apt update && sudo apt upgrade -y
|
||
sudo apt install -y git curl wget
|
||
|
||
# Falls Docker noch fehlt → Phase 0 ausführen
|
||
```
|
||
|
||
### 5. Deployment-Dateien übertragen
|
||
|
||
```bash
|
||
mkdir -p ~/infoscreen-deployment
|
||
cd ~/infoscreen-deployment
|
||
|
||
scp user@dev-machine:/workspace/docker-compose.prod.yml .
|
||
scp user@dev-machine:/workspace/.env .
|
||
scp user@dev-machine:/workspace/nginx.conf .
|
||
scp -r user@dev-machine:/workspace/certs ./
|
||
scp -r user@dev-machine:/workspace/mosquitto ./
|
||
|
||
# Alternative Paketierung:
|
||
# (auf Entwicklungsrechner)
|
||
# tar -czf infoscreen-deployment.tar.gz docker-compose.prod.yml .env nginx.conf certs/ mosquitto/
|
||
# scp infoscreen-deployment.tar.gz user@server:~/
|
||
# (auf Server)
|
||
# tar -xzf infoscreen-deployment.tar.gz -C ~/infoscreen-deployment
|
||
```
|
||
|
||
### 6. Mosquitto-Konfiguration (falls nicht kopiert)
|
||
|
||
```bash
|
||
mkdir -p mosquitto/{config,data,log}
|
||
|
||
cat > mosquitto/config/mosquitto.conf << 'EOF'
|
||
listener 1883
|
||
allow_anonymous true
|
||
|
||
listener 9001
|
||
protocol websockets
|
||
|
||
persistence true
|
||
persistence_location /mosquitto/data/
|
||
|
||
log_dest file /mosquitto/log/mosquitto.log
|
||
EOF
|
||
|
||
sudo chown -R 1883:1883 mosquitto/data mosquitto/log
|
||
chmod 755 mosquitto/config mosquitto/data mosquitto/log
|
||
```
|
||
|
||
### 7. Environment (.env) prüfen/anpassen
|
||
|
||
```bash
|
||
nano .env
|
||
# Prüfen u.a.:
|
||
# DB_HOST=db
|
||
# DB_CONN=mysql+pymysql://${DB_USER}:${DB_PASSWORD}@db/${DB_NAME}
|
||
# VITE_API_URL=https://YOUR_SERVER_HOST/api
|
||
# Sichere Passwörter & Secrets setzen
|
||
```
|
||
|
||
Hinweise:
|
||
- Vorlage `.env.example` aus dem Repository verwenden: `cp .env.example .env` (falls noch nicht vorhanden).
|
||
- In Produktion lädt der Code keine `.env` automatisch (nur bei `ENV=development`).
|
||
|
||
---
|
||
|
||
## 🚀 Phase 3: System-Start und Konfiguration
|
||
|
||
### 8. Images von Registry pullen
|
||
|
||
```bash
|
||
echo $GITHUB_TOKEN | docker login ghcr.io -u robbstarkaustria --password-stdin
|
||
docker compose -f docker-compose.prod.yml pull
|
||
```
|
||
|
||
### 9. System starten
|
||
|
||
```bash
|
||
docker compose -f docker-compose.prod.yml up -d
|
||
docker compose ps
|
||
docker compose logs -f
|
||
```
|
||
|
||
### 10. Firewall konfigurieren
|
||
|
||
Debian hat standardmäßig nftables/iptables aktiv. Falls eine einfache Verwaltung gewünscht ist, kann `ufw` installiert werden:
|
||
|
||
```bash
|
||
sudo apt install -y ufw
|
||
sudo ufw allow ssh
|
||
sudo ufw allow 80/tcp
|
||
sudo ufw allow 443/tcp
|
||
sudo ufw allow 1883/tcp
|
||
sudo ufw allow 9001/tcp
|
||
sudo ufw enable
|
||
sudo ufw status
|
||
```
|
||
|
||
Alternativ direkt via nftables / iptables konfigurieren (optional, nicht dargestellt).
|
||
|
||
### 11. Installation validieren
|
||
|
||
```bash
|
||
curl http://localhost/api/health
|
||
curl -k https://localhost # -k bei selbstsignierten Zertifikaten
|
||
|
||
docker compose ps
|
||
docker compose logs server
|
||
docker compose logs mqtt
|
||
```
|
||
|
||
---
|
||
|
||
## 🧪 Quickstart (lokale Entwicklung)
|
||
|
||
```bash
|
||
cp -n .env.example .env
|
||
docker compose up -d --build
|
||
docker compose ps
|
||
docker compose logs -f server
|
||
```
|
||
|
||
Dev-Erreichbarkeit:
|
||
- Dashboard: http://localhost:5173
|
||
- API: http://localhost:8000/api
|
||
- Health: http://localhost:8000/health
|
||
- Screenshots: http://localhost:8000/screenshots/<uuid>.jpg
|
||
- MQTT: localhost:1883 (WebSocket: 9001)
|
||
|
||
### 12. Systemd Autostart (optional)
|
||
|
||
```bash
|
||
sudo tee /etc/systemd/system/infoscreen.service > /dev/null << 'EOF'
|
||
[Unit]
|
||
Description=Infoscreen Application
|
||
Requires=docker.service
|
||
After=docker.service
|
||
|
||
[Service]
|
||
Type=oneshot
|
||
RemainAfterExit=yes
|
||
WorkingDirectory=/home/$USER/infoscreen-deployment
|
||
ExecStart=/usr/bin/docker compose -f docker-compose.prod.yml up -d
|
||
ExecStop=/usr/bin/docker compose -f docker-compose.prod.yml down
|
||
TimeoutStartSec=300
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target
|
||
EOF
|
||
|
||
sudo systemctl enable infoscreen.service
|
||
sudo systemctl start infoscreen.service
|
||
```
|
||
|
||
---
|
||
|
||
## 🌐 Zugriff auf die Anwendung
|
||
|
||
- HTTPS Dashboard: `https://YOUR_SERVER_IP`
|
||
- HTTP (Redirect): `http://YOUR_SERVER_IP`
|
||
- API: `http://YOUR_SERVER_IP/api/`
|
||
- MQTT: `YOUR_SERVER_IP:1883`
|
||
- MQTT WebSocket: `YOUR_SERVER_IP:9001`
|
||
|
||
---
|
||
|
||
## 🔧 Troubleshooting
|
||
|
||
```bash
|
||
docker compose ps
|
||
docker compose logs -f server
|
||
docker compose restart server
|
||
```
|
||
|
||
Häufige Ursachen:
|
||
|
||
| Problem | Lösung |
|
||
|---------|--------|
|
||
| Container startet nicht | `docker compose logs <service>` prüfen |
|
||
| Ports belegt | `ss -tulpn | grep -E ':80|:443|:1883|:9001'` |
|
||
| Keine Berechtigung Docker | User zur Gruppe `docker` hinzufügen & neu einloggen |
|
||
| DB-Verbindung schlägt fehl | `.env` Einträge prüfen (Host = db) |
|
||
| Mosquitto Fehler | Ordner-Berechtigungen (`1883:1883`) prüfen |
|
||
|
||
System Neustart / Update des Stacks:
|
||
|
||
```bash
|
||
docker compose down
|
||
docker compose pull
|
||
docker compose up -d
|
||
```
|
||
|
||
---
|
||
|
||
## 📝 Wartung
|
||
|
||
### Updates
|
||
|
||
```bash
|
||
docker compose pull
|
||
docker compose up -d
|
||
sudo apt update && sudo apt upgrade -y
|
||
```
|
||
|
||
### Backup (abhängig von persistenter Datenhaltung – hier nur Mosquitto + Certs exemplarisch)
|
||
|
||
```bash
|
||
docker compose down
|
||
sudo tar -czf infoscreen-backup-$(date +%Y%m%d).tar.gz mosquitto/data/ certs/
|
||
|
||
# Wiederherstellung
|
||
sudo tar -xzf infoscreen-backup-YYYYMMDD.tar.gz
|
||
docker compose up -d
|
||
```
|
||
|
||
---
|
||
|
||
**Das Infoscreen-System ist jetzt auf Ihrem Debian-Server bereitgestellt.**
|
||
|
||
Bei Verbesserungswünschen oder Problemen: Issues / Pull Requests im Repository willkommen.
|