update
This commit is contained in:
191
AzA march 2026 - Kopie (18)/deploy/aza-deploy/GO_LIVE_RUNBOOK.md
Normal file
191
AzA march 2026 - Kopie (18)/deploy/aza-deploy/GO_LIVE_RUNBOOK.md
Normal file
@@ -0,0 +1,191 @@
|
||||
# AZA – Go-Live Runbook (aza-medwork.ch)
|
||||
|
||||
Schritte, um AZA vom lokalen Entwicklungsmodus auf den Produktionsserver zu bringen.
|
||||
|
||||
---
|
||||
|
||||
# Phase 1 – Server-Vorbereitung
|
||||
|
||||
## 1) Server-Anforderungen
|
||||
- Linux VPS (Ubuntu 22.04 empfohlen)
|
||||
- Docker + Docker Compose installiert
|
||||
- Ports 80 und 443 offen
|
||||
- DNS A-Record: aza-medwork.ch → Server-IP
|
||||
|
||||
Pruefen:
|
||||
- `ping aza-medwork.ch` → Server-IP
|
||||
|
||||
---
|
||||
|
||||
# Phase 2 – AZA-API deployen
|
||||
|
||||
## 1) Projekt hochladen
|
||||
Gesamtes AZA-Projekt auf den Server kopieren.
|
||||
|
||||
## 2) Umgebung vorbereiten
|
||||
|
||||
```
|
||||
cd deploy
|
||||
cp .env.example .env
|
||||
```
|
||||
|
||||
In `.env` setzen:
|
||||
|
||||
```
|
||||
MEDWORK_API_TOKENS=NEUER_TOKEN,ALTER_TOKEN
|
||||
STRIPE_SECRET_KEY=sk_live_...
|
||||
STRIPE_WEBHOOK_SECRET=whsec_...
|
||||
STRIPE_SUCCESS_URL=https://aza-medwork.ch/billing/success?session_id={CHECKOUT_SESSION_ID}
|
||||
STRIPE_CANCEL_URL=https://aza-medwork.ch/billing/cancel
|
||||
STRIPE_PORTAL_RETURN_URL=https://aza-medwork.ch/
|
||||
AZA_ADMIN_TOKEN=...
|
||||
AZA_LOG_LEVEL=INFO
|
||||
AZA_GRACE_DAYS=0
|
||||
ACME_EMAIL=info@aza-medwork.ch
|
||||
AZA_DOMAIN=aza-medwork.ch
|
||||
```
|
||||
|
||||
WICHTIG:
|
||||
- Starke Zufalls-Tokens verwenden.
|
||||
- KEINE Entwickler-Tokens wiederverwenden.
|
||||
|
||||
## 3) HTTPS aktivieren
|
||||
|
||||
`AZA_DOMAIN=aza-medwork.ch` in `.env` setzen (bereits vorbereitet).
|
||||
Caddy holt sich automatisch ein Let's-Encrypt-Zertifikat.
|
||||
|
||||
## 4) Container starten
|
||||
|
||||
```
|
||||
docker compose up -d --build
|
||||
docker compose ps
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Phase 3 – Verifikation
|
||||
|
||||
## 1) Health-Check
|
||||
`https://aza-medwork.ch/health` → `{"ok": true}`
|
||||
|
||||
## 2) Versions-Check
|
||||
`https://aza-medwork.ch/version` → `{"name":"AZA",...}`
|
||||
|
||||
## 3) Smoke-Test
|
||||
```
|
||||
export MEDWORK_API_TOKENS=NEUER_TOKEN
|
||||
bash smoke_test.sh https://aza-medwork.ch
|
||||
```
|
||||
|
||||
Erwartung:
|
||||
- /health OK
|
||||
- /license/status 401 ohne Token
|
||||
- Gueltige JSON-Antwort mit Token
|
||||
|
||||
## 4) Website pruefen
|
||||
- `https://aza-medwork.ch/web/index.html` → Landing-Page mit Pricing
|
||||
- `https://aza-medwork.ch/web/download.html` → Download-Seite
|
||||
|
||||
---
|
||||
|
||||
# Phase 4 – Stripe konfigurieren
|
||||
|
||||
## 1) Stripe Dashboard: Produkte anlegen
|
||||
|
||||
Im Stripe Dashboard unter Products zwei Preise anlegen:
|
||||
- **AZA Basic**: `aza_basic_monthly` CHF 59/Monat, `aza_basic_yearly` CHF 590/Jahr
|
||||
- **AZA Team**: `aza_team_monthly` CHF 89/Monat, `aza_team_yearly` CHF 890/Jahr
|
||||
|
||||
## 2) Webhook einrichten
|
||||
Developers → Webhooks → Endpoint hinzufuegen
|
||||
|
||||
URL: `https://aza-medwork.ch/stripe/webhook`
|
||||
|
||||
Events:
|
||||
- `checkout.session.completed`
|
||||
- `customer.subscription.updated`
|
||||
- `customer.subscription.deleted`
|
||||
|
||||
## 3) Signing-Secret uebernehmen
|
||||
In `deploy/.env` setzen:
|
||||
|
||||
```
|
||||
STRIPE_WEBHOOK_SECRET=whsec_...
|
||||
```
|
||||
|
||||
Neustart: `docker compose up -d`
|
||||
|
||||
## 4) Test-Event senden
|
||||
Stripe → "Send test webhook" → Erwartung: 200 OK
|
||||
|
||||
---
|
||||
|
||||
# Phase 5 – Kauf-Flow testen
|
||||
|
||||
## 1) Landing-Page oeffnen
|
||||
`https://aza-medwork.ch/web/index.html`
|
||||
|
||||
## 2) "Abonnement starten" klicken
|
||||
→ Stripe Checkout oeffnet sich
|
||||
|
||||
## 3) Test-Kauf abschliessen (Stripe-Testkarte)
|
||||
→ Weiterleitung zu Success-Seite mit Download-Button
|
||||
|
||||
## 4) Installer herunterladen und installieren
|
||||
→ App startet, Lizenz wird automatisch geprueft
|
||||
|
||||
---
|
||||
|
||||
# Phase 6 – Desktop-Client konfigurieren
|
||||
|
||||
## 1) Client-Konfiguration
|
||||
Im Installer oder beim ersten Start:
|
||||
|
||||
```
|
||||
MEDWORK_BACKEND_URL=https://aza-medwork.ch
|
||||
```
|
||||
|
||||
## 2) Test auf neuem Rechner
|
||||
- Installieren → Starten → Lizenzstatus: ACTIVE
|
||||
|
||||
## 3) Token-Rotation abschliessen
|
||||
Nachdem alle Clients aktualisiert:
|
||||
|
||||
```
|
||||
MEDWORK_API_TOKENS=NEUER_TOKEN
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# Phase 7 – Billing-Portal testen
|
||||
|
||||
Im Desktop-Client: "Abonnement" klicken
|
||||
→ Browser oeffnet Stripe-Portal
|
||||
→ Nach Schliessen: Rueckkehr zu aza-medwork.ch
|
||||
|
||||
---
|
||||
|
||||
# Phase 8 – Rollback-Plan
|
||||
|
||||
Bei Problemen:
|
||||
|
||||
1. `docker compose logs`
|
||||
2. Vorherige `.env` wiederherstellen (ALTER_TOKEN behalten)
|
||||
3. `docker compose up -d`
|
||||
|
||||
---
|
||||
|
||||
# Produktions-Checkliste
|
||||
|
||||
- [ ] HTTPS funktioniert
|
||||
- [ ] /health OK
|
||||
- [ ] /version OK
|
||||
- [ ] Landing-Page erreichbar
|
||||
- [ ] Stripe-Checkout funktioniert
|
||||
- [ ] Success-Seite zeigt Download-Link
|
||||
- [ ] /license/status funktioniert
|
||||
- [ ] Device-Enforcement getestet
|
||||
- [ ] Billing-Portal funktioniert
|
||||
- [ ] Token-Rotation verifiziert
|
||||
- [ ] Admin-Endpoints gesichert
|
||||
Reference in New Issue
Block a user