aza/AzA march 2026/deploy/DEPLOY_CHECKLIST.md

# AZA Deployment Checklist – Hetzner (Variante B)

## 1. Voraussetzungen

- Hetzner VPS mit Docker + Docker Compose
- DNS A-Record: `api.aza-medwork.ch` -> Hetzner-IP
- Ports 80 + 443 offen (Caddy/HTTPS)

## 2. Environment variables (deploy/.env)

Pflicht:
- `OPENAI_API_KEY` – OpenAI API Key (NUR serverseitig, Variante B)
- `MEDWORK_API_TOKENS` – API-Auth-Tokens (kommasepariert fuer Rotation)
- `AZA_DOMAIN` – z.B. `api.aza-medwork.ch`
- `ACME_EMAIL` – z.B. `info@aza-medwork.ch`

Optional/spaeter:
- `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET` (wenn Stripe konfiguriert)

Secrets-Policy: NIEMALS Secrets committen. deploy/.env ist in .gitignore.

## 3. Deploy starten

```bash
cd deploy
cp .env.example .env
# .env editieren: echte Keys eintragen
docker compose --profile proxy up -d --build
```

## 4. Health verification

```bash
curl https://api.aza-medwork.ch/health
curl -H "X-API-Token: DEIN_TOKEN" https://api.aza-medwork.ch/v1/chat \
  -X POST -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o-mini","messages":[{"role":"user","content":"test"}]}'
```

## 5. Desktop-App konfigurieren

In `backend_url.txt` oder `MEDWORK_BACKEND_URL`:
```
https://api.aza-medwork.ch
```

## 6. Restart / Update

```bash
cd deploy
docker compose --profile proxy down
git pull
docker compose --profile proxy up -d --build
```