Skip to content

Latest commit

 

History

History
444 lines (362 loc) · 8.61 KB

File metadata and controls

444 lines (362 loc) · 8.61 KB

Deployment Guide

This guide covers various deployment options for GraphDone, from local development to production environments.

Quick Deployment Options

Development (Local)

./tools/run.sh

Development (Docker)

./tools/run.sh --docker-dev

Production (Docker)

./tools/run.sh --docker

Environment Variables

Server (.env)

# Database
NEO4J_URI=bolt://localhost:7687
NEO4J_USER=neo4j
NEO4J_PASSWORD=graphdone_password

# Server
NODE_ENV=production
PORT=4000
CORS_ORIGIN=https://yourdomain.com

# Authentication (when implemented)
JWT_SECRET=your-secure-secret
AUTH0_DOMAIN=your-domain.auth0.com
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret

Web App (.env)

# API endpoints
VITE_GRAPHQL_URL=https://api.yourdomain.com/graphql
VITE_GRAPHQL_WS_URL=wss://api.yourdomain.com/graphql

# App configuration
VITE_APP_NAME=GraphDone
VITE_APP_VERSION=1.0.0

# Feature flags
VITE_ENABLE_SUBSCRIPTIONS=true
VITE_ENABLE_3D_VIEW=true

Docker Deployment

Production Stack

  1. Build and start services:

    docker compose up -d
  2. Scale services:

    docker compose up -d --scale server=3
  3. View logs:

    docker compose logs -f server

Custom Configuration

Create docker-compose.override.yml:

version: '3.8'
services:
  server:
    environment:
      - NEO4J_URI=bolt://your-neo4j:7687
      - NEO4J_USER=neo4j
      - NEO4J_PASSWORD=secure_password
    deploy:
      replicas: 3
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M

  web:
    environment:
      - VITE_GRAPHQL_URL=https://your-api.com/graphql

Kubernetes Deployment

Prerequisites

  • Kubernetes cluster (1.20+)
  • kubectl configured
  • Ingress controller
  • Cert-manager (for TLS)

Quick Deploy

# Apply manifests
kubectl apply -f k8s/

# Check status
kubectl get pods -l app=graphdone

# Get external IP
kubectl get ingress graphdone-ingress

Configuration

  1. Create secrets:

    kubectl create secret generic graphdone-secrets \
      --from-literal=neo4j-uri="bolt://..." \
      --from-literal=neo4j-password="your-password" \
      --from-literal=jwt-secret="your-secret"
  2. Configure ingress:

    # k8s/ingress.yaml
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: graphdone-ingress
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
    spec:
      tls:
        - hosts:
            - graphdone.yourdomain.com
          secretName: graphdone-tls
      rules:
        - host: graphdone.yourdomain.com
          http:
            paths:
              - path: /
                pathType: Prefix
                backend:
                  service:
                    name: graphdone-web
                    port:
                      number: 80
              - path: /graphql
                pathType: Prefix
                backend:
                  service:
                    name: graphdone-server
                    port:
                      number: 4000

Cloud Provider Deployments

AWS ECS

  1. Create task definition:

    {
      "family": "graphdone",
      "networkMode": "awsvpc",
      "cpu": "512",
      "memory": "1024",
      "containerDefinitions": [
        {
          "name": "graphdone-server",
          "image": "your-registry/graphdone-server:latest",
          "portMappings": [
            {
              "containerPort": 4000,
              "protocol": "tcp"
            }
          ],
          "environment": [
            {
              "name": "NODE_ENV",
              "value": "production"
            }
          ],
          "secrets": [
            {
              "name": "NEO4J_URI",
              "valueFrom": "arn:aws:secretsmanager:region:account:secret:graphdone/neo4j"
            }
          ]
        }
      ]
    }
  2. Create service:

    aws ecs create-service \
      --cluster graphdone-cluster \
      --service-name graphdone-service \
      --task-definition graphdone \
      --desired-count 2

Google Cloud Run

  1. Deploy server:

    gcloud run deploy graphdone-server \
      --image gcr.io/your-project/graphdone-server \
      --platform managed \
      --region us-central1 \
      --allow-unauthenticated \
      --set-env-vars NODE_ENV=production
  2. Deploy web app:

    gcloud run deploy graphdone-web \
      --image gcr.io/your-project/graphdone-web \
      --platform managed \
      --region us-central1 \
      --allow-unauthenticated

Azure Container Instances

# Create resource group
az group create --name graphdone-rg --location eastus

# Deploy container group
az container create \
  --resource-group graphdone-rg \
  --file azure-container-group.yaml

Database Setup

Neo4j

Managed Services

  • Neo4j AuraDB: Recommended for production
  • AWS: Neo4j on EC2 or ECS
  • Google Cloud: Neo4j on GKE
  • Azure: Neo4j on AKS

Self-hosted

# Using Docker
docker run -d \
  --name graphdone-neo4j \
  -e NEO4J_AUTH=neo4j/graphdone_password \
  -e NEO4J_PLUGINS='["apoc"]' \
  -e NEO4J_apoc_export_file_enabled=true \
  -e NEO4J_apoc_import_file_enabled=true \
  -v neo4j_data:/data \
  -v neo4j_logs:/logs \
  -p 7474:7474 -p 7687:7687 \
  neo4j:5.15-community

Redis (Optional)

For caching and session management:

# Using Docker
docker run -d \
  --name graphdone-redis \
  -v redis_data:/data \
  -p 6379:6379 \
  redis:7-alpine

SSL/TLS Configuration

Let's Encrypt with Certbot

# Install certbot
sudo apt install certbot python3-certbot-nginx

# Get certificate
sudo certbot --nginx -d yourdomain.com

# Auto-renewal
sudo systemctl enable certbot.timer

Custom Certificates

Add to nginx configuration:

server {
    listen 443 ssl http2;
    server_name yourdomain.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/private.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
}

Monitoring and Logging

Health Checks

The server provides health check endpoints:

  • GET /health - Basic health status
  • GET /health/ready - Readiness probe
  • GET /health/live - Liveness probe

Metrics

Configure Prometheus metrics:

# prometheus.yml
scrape_configs:
  - job_name: 'graphdone'
    static_configs:
      - targets: ['graphdone-server:4000']
    metrics_path: /metrics

Logging

Configure structured logging:

{
  "level": "info",
  "timestamp": "2024-01-01T00:00:00.000Z",
  "service": "graphdone-server",
  "message": "Server started",
  "port": 4000
}

Performance Optimization

Caching

  • Enable Redis for session and query caching
  • Configure CDN for static assets
  • Implement GraphQL query caching

Database

  • Create appropriate indexes
  • Configure connection pooling
  • Enable query optimization

Scaling

  • Horizontal scaling with load balancer
  • Database read replicas
  • CDN for global distribution

Security Considerations

Production Checklist

  • Enable HTTPS everywhere
  • Configure CORS properly
  • Set up authentication
  • Enable rate limiting
  • Configure firewall rules
  • Regular security updates
  • Monitor for vulnerabilities
  • Backup strategy implemented

Environment Hardening

# Disable unnecessary services
sudo systemctl disable apache2
sudo systemctl disable nginx-default

# Configure firewall
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Backup and Recovery

Database Backup

# Daily backup script
#!/bin/bash
neo4j-admin backup --backup-dir=/backups --name=graphdone-$(date +%Y%m%d)

# Upload to cloud storage
aws s3 cp backup-$(date +%Y%m%d).sql.gz s3://your-backup-bucket/

Disaster Recovery

  1. Maintain database backups (point-in-time recovery)
  2. Store application artifacts in registry
  3. Document recovery procedures
  4. Test recovery process regularly

Troubleshooting

Common Issues

Port Conflicts

# Find process using port
sudo lsof -i :4000
sudo kill -9 <PID>

Database Connection

# Test connection
cypher-shell -u neo4j -p $NEO4J_PASSWORD
MATCH (n) RETURN count(n);  // Test query
:exit  // Quit

Docker Issues

# View logs
docker compose logs server

# Restart service
docker compose restart server

# Rebuild images
docker compose build --no-cache

Support

For deployment support: