305 lines
6.7 KiB
Markdown
305 lines
6.7 KiB
Markdown
# 🚀 Guide de Déploiement BTP Xpress
|
|
|
|
## 📋 Prérequis
|
|
|
|
### Environnement de Production
|
|
- **Node.js**: 18.x ou supérieur
|
|
- **Java**: 17 ou supérieur (pour Quarkus)
|
|
- **PostgreSQL**: 14 ou supérieur
|
|
- **Keycloak**: 22.x ou supérieur
|
|
- **Docker**: 24.x ou supérieur (optionnel)
|
|
- **Nginx**: 1.20 ou supérieur (reverse proxy)
|
|
|
|
### Domaines et Certificats SSL
|
|
- `btpxpress.lions.dev` (Frontend)
|
|
- `api.lions.dev` (Backend API)
|
|
- `security.lions.dev` (Keycloak)
|
|
|
|
## 🏗️ Architecture de Déploiement
|
|
|
|
```
|
|
Internet
|
|
↓
|
|
[Nginx Reverse Proxy]
|
|
↓
|
|
┌─────────────────┬─────────────────┐
|
|
│ Frontend │ Backend API │
|
|
│ Next.js │ Quarkus │
|
|
│ Port 3000 │ Port 8080 │
|
|
└─────────────────┴─────────────────┘
|
|
↓ ↓
|
|
[PostgreSQL] [Keycloak]
|
|
Port 5432 Port 8180
|
|
```
|
|
|
|
## 🐳 Déploiement avec Docker
|
|
|
|
### 1. Construction des Images
|
|
|
|
```bash
|
|
# Frontend
|
|
cd btpxpress-client
|
|
docker build -f Dockerfile.prod -t btpxpress-frontend:latest .
|
|
|
|
# Backend
|
|
cd btpxpress-server
|
|
docker build -f Dockerfile.prod -t btpxpress-backend:latest .
|
|
```
|
|
|
|
### 2. Docker Compose Production
|
|
|
|
```yaml
|
|
# docker-compose.prod.yml
|
|
version: '3.8'
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:14-alpine
|
|
environment:
|
|
POSTGRES_DB: btpxpress
|
|
POSTGRES_USER: btpxpress_user
|
|
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
ports:
|
|
- "5432:5432"
|
|
restart: unless-stopped
|
|
|
|
keycloak:
|
|
image: quay.io/keycloak/keycloak:22.0
|
|
environment:
|
|
KEYCLOAK_ADMIN: admin
|
|
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
|
KC_DB: postgres
|
|
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
|
|
KC_DB_USERNAME: keycloak_user
|
|
KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
|
|
KC_HOSTNAME: security.lions.dev
|
|
KC_PROXY: edge
|
|
ports:
|
|
- "8180:8080"
|
|
depends_on:
|
|
- postgres
|
|
restart: unless-stopped
|
|
command: start
|
|
|
|
backend:
|
|
image: btpxpress-backend:latest
|
|
environment:
|
|
DB_URL: jdbc:postgresql://postgres:5432/btpxpress
|
|
DB_USERNAME: btpxpress_user
|
|
DB_PASSWORD: ${DB_PASSWORD}
|
|
KEYCLOAK_SERVER_URL: https://security.lions.dev
|
|
KEYCLOAK_REALM: btpxpress
|
|
KEYCLOAK_CLIENT_ID: btpxpress-backend
|
|
KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET}
|
|
ports:
|
|
- "8080:8080"
|
|
depends_on:
|
|
- postgres
|
|
- keycloak
|
|
restart: unless-stopped
|
|
|
|
frontend:
|
|
image: btpxpress-frontend:latest
|
|
environment:
|
|
NEXT_PUBLIC_API_URL: https://api.lions.dev
|
|
NEXT_PUBLIC_KEYCLOAK_URL: https://security.lions.dev
|
|
NEXT_PUBLIC_KEYCLOAK_REALM: btpxpress
|
|
NEXT_PUBLIC_KEYCLOAK_CLIENT_ID: btpxpress-frontend
|
|
ports:
|
|
- "3000:3000"
|
|
depends_on:
|
|
- backend
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
postgres_data:
|
|
```
|
|
|
|
### 3. Lancement
|
|
|
|
```bash
|
|
# Variables d'environnement
|
|
export DB_PASSWORD="your-secure-db-password"
|
|
export KEYCLOAK_ADMIN_PASSWORD="your-keycloak-admin-password"
|
|
export KEYCLOAK_DB_PASSWORD="your-keycloak-db-password"
|
|
export KEYCLOAK_CLIENT_SECRET="your-client-secret"
|
|
|
|
# Démarrage
|
|
docker-compose -f docker-compose.prod.yml up -d
|
|
```
|
|
|
|
## 🌐 Configuration Nginx
|
|
|
|
```nginx
|
|
# /etc/nginx/sites-available/btpxpress
|
|
server {
|
|
listen 80;
|
|
server_name btpxpress.lions.dev;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name btpxpress.lions.dev;
|
|
|
|
ssl_certificate /path/to/ssl/cert.pem;
|
|
ssl_certificate_key /path/to/ssl/key.pem;
|
|
|
|
# Frontend
|
|
location / {
|
|
proxy_pass http://localhost:3000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_cache_bypass $http_upgrade;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name api.lions.dev;
|
|
|
|
ssl_certificate /path/to/ssl/cert.pem;
|
|
ssl_certificate_key /path/to/ssl/key.pem;
|
|
|
|
# Backend API
|
|
location / {
|
|
proxy_pass http://localhost:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
```
|
|
|
|
## 🔧 Configuration Keycloak
|
|
|
|
### 1. Création du Realm
|
|
|
|
1. Accéder à https://security.lions.dev
|
|
2. Créer le realm `btpxpress`
|
|
3. Configurer les clients :
|
|
- `btpxpress-frontend` (Public)
|
|
- `btpxpress-backend` (Confidential)
|
|
|
|
### 2. Configuration des Rôles
|
|
|
|
```json
|
|
{
|
|
"roles": [
|
|
"super_admin",
|
|
"admin",
|
|
"directeur",
|
|
"manager",
|
|
"chef_chantier",
|
|
"conducteur_travaux",
|
|
"chef_equipe",
|
|
"commercial",
|
|
"comptable",
|
|
"logisticien",
|
|
"employe",
|
|
"ouvrier",
|
|
"client_entreprise",
|
|
"client_particulier",
|
|
"viewer",
|
|
"guest"
|
|
]
|
|
}
|
|
```
|
|
|
|
## 📊 Monitoring et Logs
|
|
|
|
### Health Checks
|
|
|
|
```bash
|
|
# Frontend
|
|
curl https://btpxpress.lions.dev/_next/static/health
|
|
|
|
# Backend
|
|
curl https://api.lions.dev/api/health
|
|
|
|
# Keycloak
|
|
curl https://security.lions.dev/health
|
|
```
|
|
|
|
### Logs
|
|
|
|
```bash
|
|
# Docker logs
|
|
docker-compose logs -f frontend
|
|
docker-compose logs -f backend
|
|
docker-compose logs -f keycloak
|
|
|
|
# Application logs
|
|
tail -f /var/log/btpxpress/application.log
|
|
```
|
|
|
|
## 🔒 Sécurité
|
|
|
|
### Firewall
|
|
|
|
```bash
|
|
# Ouvrir les ports nécessaires
|
|
ufw allow 80/tcp
|
|
ufw allow 443/tcp
|
|
ufw allow 22/tcp
|
|
ufw enable
|
|
```
|
|
|
|
### Backup
|
|
|
|
```bash
|
|
# Base de données
|
|
pg_dump -h localhost -U btpxpress_user btpxpress > backup_$(date +%Y%m%d).sql
|
|
|
|
# Volumes Docker
|
|
docker run --rm -v btpxpress_postgres_data:/data -v $(pwd):/backup alpine tar czf /backup/postgres_backup_$(date +%Y%m%d).tar.gz /data
|
|
```
|
|
|
|
## 🚀 Mise en Production
|
|
|
|
### Checklist
|
|
|
|
- [ ] SSL/TLS configuré
|
|
- [ ] Base de données initialisée
|
|
- [ ] Keycloak configuré
|
|
- [ ] Variables d'environnement définies
|
|
- [ ] Nginx configuré
|
|
- [ ] Monitoring activé
|
|
- [ ] Backups programmés
|
|
- [ ] Tests de charge effectués
|
|
- [ ] Documentation à jour
|
|
|
|
### Commandes de Déploiement
|
|
|
|
```bash
|
|
# 1. Arrêt des services
|
|
docker-compose down
|
|
|
|
# 2. Mise à jour du code
|
|
git pull origin main
|
|
|
|
# 3. Reconstruction des images
|
|
docker-compose build
|
|
|
|
# 4. Redémarrage
|
|
docker-compose up -d
|
|
|
|
# 5. Vérification
|
|
docker-compose ps
|
|
curl -f https://btpxpress.lions.dev/api/health
|
|
```
|
|
|
|
## 📞 Support
|
|
|
|
- **Documentation**: https://docs.btpxpress.lions.dev
|
|
- **Support**: support@btpxpress.com
|
|
- **Urgences**: +33 1 23 45 67 89
|