# 🚀 Guide de DĂ©ploiement BTP Xpress ## 📋 PrĂ©requis ### Environnement de Production - **Node.js**: 18.x ou supĂ©rieur - **Java**: 17 ou supĂ©rieur (pour Quarkus) - **PostgreSQL**: 14 ou supĂ©rieur - **Keycloak**: 22.x ou supĂ©rieur - **Docker**: 24.x ou supĂ©rieur (optionnel) - **Nginx**: 1.20 ou supĂ©rieur (reverse proxy) ### Domaines et Certificats SSL - `btpxpress.lions.dev` (Frontend) - `api.lions.dev` (Backend API) - `security.lions.dev` (Keycloak) ## đŸ—ïž Architecture de DĂ©ploiement ``` Internet ↓ [Nginx Reverse Proxy] ↓ ┌─────────────────┬─────────────────┐ │ Frontend │ Backend API │ │ Next.js │ Quarkus │ │ Port 3000 │ Port 8080 │ └─────────────────┮─────────────────┘ ↓ ↓ [PostgreSQL] [Keycloak] Port 5432 Port 8180 ``` ## 🐳 DĂ©ploiement avec Docker ### 1. Construction des Images ```bash # Frontend cd btpxpress-client docker build -f Dockerfile.prod -t btpxpress-frontend:latest . # Backend cd btpxpress-server docker build -f Dockerfile.prod -t btpxpress-backend:latest . ``` ### 2. Docker Compose Production ```yaml # docker-compose.prod.yml version: '3.8' services: postgres: image: postgres:14-alpine environment: POSTGRES_DB: btpxpress POSTGRES_USER: btpxpress_user POSTGRES_PASSWORD: ${DB_PASSWORD} volumes: - postgres_data:/var/lib/postgresql/data ports: - "5432:5432" restart: unless-stopped keycloak: image: quay.io/keycloak/keycloak:22.0 environment: KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} KC_DB: postgres KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak KC_DB_USERNAME: keycloak_user KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD} KC_HOSTNAME: security.lions.dev KC_PROXY: edge ports: - "8180:8080" depends_on: - postgres restart: unless-stopped command: start backend: image: btpxpress-backend:latest environment: DB_URL: jdbc:postgresql://postgres:5432/btpxpress DB_USERNAME: btpxpress_user DB_PASSWORD: ${DB_PASSWORD} KEYCLOAK_SERVER_URL: https://security.lions.dev KEYCLOAK_REALM: btpxpress KEYCLOAK_CLIENT_ID: btpxpress-backend KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET} ports: - "8080:8080" depends_on: - postgres - keycloak restart: unless-stopped frontend: image: btpxpress-frontend:latest environment: NEXT_PUBLIC_API_URL: https://api.lions.dev NEXT_PUBLIC_KEYCLOAK_URL: https://security.lions.dev NEXT_PUBLIC_KEYCLOAK_REALM: btpxpress NEXT_PUBLIC_KEYCLOAK_CLIENT_ID: btpxpress-frontend ports: - "3000:3000" depends_on: - backend restart: unless-stopped volumes: postgres_data: ``` ### 3. Lancement ```bash # Variables d'environnement export DB_PASSWORD="your-secure-db-password" export KEYCLOAK_ADMIN_PASSWORD="your-keycloak-admin-password" export KEYCLOAK_DB_PASSWORD="your-keycloak-db-password" export KEYCLOAK_CLIENT_SECRET="your-client-secret" # DĂ©marrage docker-compose -f docker-compose.prod.yml up -d ``` ## 🌐 Configuration Nginx ```nginx # /etc/nginx/sites-available/btpxpress server { listen 80; server_name btpxpress.lions.dev; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name btpxpress.lions.dev; ssl_certificate /path/to/ssl/cert.pem; ssl_certificate_key /path/to/ssl/key.pem; # Frontend location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; } } server { listen 443 ssl http2; server_name api.lions.dev; ssl_certificate /path/to/ssl/cert.pem; ssl_certificate_key /path/to/ssl/key.pem; # Backend API location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } ``` ## 🔧 Configuration Keycloak ### 1. CrĂ©ation du Realm 1. AccĂ©der Ă  https://security.lions.dev 2. CrĂ©er le realm `btpxpress` 3. Configurer les clients : - `btpxpress-frontend` (Public) - `btpxpress-backend` (Confidential) ### 2. Configuration des RĂŽles ```json { "roles": [ "super_admin", "admin", "directeur", "manager", "chef_chantier", "conducteur_travaux", "chef_equipe", "commercial", "comptable", "logisticien", "employe", "ouvrier", "client_entreprise", "client_particulier", "viewer", "guest" ] } ``` ## 📊 Monitoring et Logs ### Health Checks ```bash # Frontend curl https://btpxpress.lions.dev/_next/static/health # Backend curl https://api.lions.dev/api/health # Keycloak curl https://security.lions.dev/health ``` ### Logs ```bash # Docker logs docker-compose logs -f frontend docker-compose logs -f backend docker-compose logs -f keycloak # Application logs tail -f /var/log/btpxpress/application.log ``` ## 🔒 SĂ©curitĂ© ### Firewall ```bash # Ouvrir les ports nĂ©cessaires ufw allow 80/tcp ufw allow 443/tcp ufw allow 22/tcp ufw enable ``` ### Backup ```bash # Base de donnĂ©es pg_dump -h localhost -U btpxpress_user btpxpress > backup_$(date +%Y%m%d).sql # Volumes Docker docker run --rm -v btpxpress_postgres_data:/data -v $(pwd):/backup alpine tar czf /backup/postgres_backup_$(date +%Y%m%d).tar.gz /data ``` ## 🚀 Mise en Production ### Checklist - [ ] SSL/TLS configurĂ© - [ ] Base de donnĂ©es initialisĂ©e - [ ] Keycloak configurĂ© - [ ] Variables d'environnement dĂ©finies - [ ] Nginx configurĂ© - [ ] Monitoring activĂ© - [ ] Backups programmĂ©s - [ ] Tests de charge effectuĂ©s - [ ] Documentation Ă  jour ### Commandes de DĂ©ploiement ```bash # 1. ArrĂȘt des services docker-compose down # 2. Mise Ă  jour du code git pull origin main # 3. Reconstruction des images docker-compose build # 4. RedĂ©marrage docker-compose up -d # 5. VĂ©rification docker-compose ps curl -f https://btpxpress.lions.dev/api/health ``` ## 📞 Support - **Documentation**: https://docs.btpxpress.lions.dev - **Support**: support@btpxpress.com - **Urgences**: +33 1 23 45 67 89