6.7 KiB
Executable File
6.7 KiB
Executable File
🚀 Guide de Déploiement BTP Xpress
📋 Prérequis
Environnement de Production
- Node.js: 18.x ou supérieur
- Java: 17 ou supérieur (pour Quarkus)
- PostgreSQL: 14 ou supérieur
- Keycloak: 22.x ou supérieur
- Docker: 24.x ou supérieur (optionnel)
- Nginx: 1.20 ou supérieur (reverse proxy)
Domaines et Certificats SSL
btpxpress.lions.dev(Frontend)api.lions.dev(Backend API)security.lions.dev(Keycloak)
🏗️ Architecture de Déploiement
Internet
↓
[Nginx Reverse Proxy]
↓
┌─────────────────┬─────────────────┐
│ Frontend │ Backend API │
│ Next.js │ Quarkus │
│ Port 3000 │ Port 8080 │
└─────────────────┴─────────────────┘
↓ ↓
[PostgreSQL] [Keycloak]
Port 5432 Port 8180
🐳 Déploiement avec Docker
1. Construction des Images
# Frontend
cd btpxpress-client
docker build -f Dockerfile.prod -t btpxpress-frontend:latest .
# Backend
cd btpxpress-server
docker build -f Dockerfile.prod -t btpxpress-backend:latest .
2. Docker Compose Production
# docker-compose.prod.yml
version: '3.8'
services:
postgres:
image: postgres:14-alpine
environment:
POSTGRES_DB: btpxpress
POSTGRES_USER: btpxpress_user
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
restart: unless-stopped
keycloak:
image: quay.io/keycloak/keycloak:22.0
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: keycloak_user
KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
KC_HOSTNAME: security.lions.dev
KC_PROXY: edge
ports:
- "8180:8080"
depends_on:
- postgres
restart: unless-stopped
command: start
backend:
image: btpxpress-backend:latest
environment:
DB_URL: jdbc:postgresql://postgres:5432/btpxpress
DB_USERNAME: btpxpress_user
DB_PASSWORD: ${DB_PASSWORD}
KEYCLOAK_SERVER_URL: https://security.lions.dev
KEYCLOAK_REALM: btpxpress
KEYCLOAK_CLIENT_ID: btpxpress-backend
KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET}
ports:
- "8080:8080"
depends_on:
- postgres
- keycloak
restart: unless-stopped
frontend:
image: btpxpress-frontend:latest
environment:
NEXT_PUBLIC_API_URL: https://api.lions.dev
NEXT_PUBLIC_KEYCLOAK_URL: https://security.lions.dev
NEXT_PUBLIC_KEYCLOAK_REALM: btpxpress
NEXT_PUBLIC_KEYCLOAK_CLIENT_ID: btpxpress-frontend
ports:
- "3000:3000"
depends_on:
- backend
restart: unless-stopped
volumes:
postgres_data:
3. Lancement
# Variables d'environnement
export DB_PASSWORD="your-secure-db-password"
export KEYCLOAK_ADMIN_PASSWORD="your-keycloak-admin-password"
export KEYCLOAK_DB_PASSWORD="your-keycloak-db-password"
export KEYCLOAK_CLIENT_SECRET="your-client-secret"
# Démarrage
docker-compose -f docker-compose.prod.yml up -d
🌐 Configuration Nginx
# /etc/nginx/sites-available/btpxpress
server {
listen 80;
server_name btpxpress.lions.dev;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name btpxpress.lions.dev;
ssl_certificate /path/to/ssl/cert.pem;
ssl_certificate_key /path/to/ssl/key.pem;
# Frontend
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 443 ssl http2;
server_name api.lions.dev;
ssl_certificate /path/to/ssl/cert.pem;
ssl_certificate_key /path/to/ssl/key.pem;
# Backend API
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
🔧 Configuration Keycloak
1. Création du Realm
- Accéder à https://security.lions.dev
- Créer le realm
btpxpress - Configurer les clients :
btpxpress-frontend(Public)btpxpress-backend(Confidential)
2. Configuration des Rôles
{
"roles": [
"super_admin",
"admin",
"directeur",
"manager",
"chef_chantier",
"conducteur_travaux",
"chef_equipe",
"commercial",
"comptable",
"logisticien",
"employe",
"ouvrier",
"client_entreprise",
"client_particulier",
"viewer",
"guest"
]
}
📊 Monitoring et Logs
Health Checks
# Frontend
curl https://btpxpress.lions.dev/_next/static/health
# Backend
curl https://api.lions.dev/api/health
# Keycloak
curl https://security.lions.dev/health
Logs
# Docker logs
docker-compose logs -f frontend
docker-compose logs -f backend
docker-compose logs -f keycloak
# Application logs
tail -f /var/log/btpxpress/application.log
🔒 Sécurité
Firewall
# Ouvrir les ports nécessaires
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 22/tcp
ufw enable
Backup
# Base de données
pg_dump -h localhost -U btpxpress_user btpxpress > backup_$(date +%Y%m%d).sql
# Volumes Docker
docker run --rm -v btpxpress_postgres_data:/data -v $(pwd):/backup alpine tar czf /backup/postgres_backup_$(date +%Y%m%d).tar.gz /data
🚀 Mise en Production
Checklist
- SSL/TLS configuré
- Base de données initialisée
- Keycloak configuré
- Variables d'environnement définies
- Nginx configuré
- Monitoring activé
- Backups programmés
- Tests de charge effectués
- Documentation à jour
Commandes de Déploiement
# 1. Arrêt des services
docker-compose down
# 2. Mise à jour du code
git pull origin main
# 3. Reconstruction des images
docker-compose build
# 4. Redémarrage
docker-compose up -d
# 5. Vérification
docker-compose ps
curl -f https://btpxpress.lions.dev/api/health
📞 Support
- Documentation: https://docs.btpxpress.lions.dev
- Support: support@btpxpress.com
- Urgences: +33 1 23 45 67 89