first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:37:58 +03:00
commit 8b1fbdee99
104 changed files with 23398 additions and 0 deletions

406
DEPLOYMENT.md Normal file
View File

@@ -0,0 +1,406 @@
# 🚀 GAuth-Central Deployment Rehberi
## 📋 Deployment Senaryoları
### Senaryo 1: Standalone Deployment (Mevcut Sunucularla)
Bu senaryoda mevcut PostgreSQL ve Redis sunucularınızı kullanıyorsunuz.
#### Ön Gereksinimler
- ✅ PostgreSQL 17+ sunucusu çalışıyor
- ✅ Redis 7+ sunucusu çalışıyor
- ✅ Go 1.23+ yüklü
- ✅ Sunuculara network erişimi var
#### Adımlar
1. **Repository'yi klonlayın**
```bash
git clone <repository-url>
cd AuthCentral
```
2. **.env dosyasını yapılandırın**
```bash
# .env dosyasını oluşturun
cp .env.example .env
# Düzenleyin
nano .env
```
**.env içeriği:**
```env
PORT=8080
# Mevcut PostgreSQL sunucunuz
DB_URL="host=10.80.80.70 user=cloud password=xxx dbname=go_gauth port=5432 sslmode=disable TimeZone=Europe/Istanbul"
DB_USER=cloud
DB_PASSWORD=xxx
DB_NAME=go_gauth
DB_PORT=5432
DB_HOST=10.80.80.70
# Mevcut Redis sunucunuz
REDIS_HOST=10.80.80.70
REDIS_PORT=6379
REDIS_USER=default
REDIS_PASSWORD=xxx
REDIS_URL=redis://default:xxx@10.80.80.70:6379/0
# JWT Secret (production için güçlü bir değer)
JWT_SECRET=super_secure_production_secret_key_change_this
# OAuth Credentials
GOOGLE_CLIENT_ID=your_client_id
GOOGLE_CLIENT_SECRET=your_client_secret
GITHUB_CLIENT_ID=your_client_id
GITHUB_CLIENT_SECRET=your_client_secret
CLIENT_CALLBACK_URL=http://your-domain.com/v1/auth
APP_URL=http://your-domain.com
```
3. **Bağımlılıkları yükleyin**
```bash
go mod download
```
4. **Bağlantıları test edin**
```bash
# PostgreSQL bağlantısı
PGPASSWORD=xxx psql -h 10.80.80.70 -U cloud -d go_gauth -c "SELECT version();"
# Redis bağlantısı
redis-cli -h 10.80.80.70 -p 6379 -a xxx --no-auth-warning PING
```
5. **Uygulamayı başlatın**
```bash
# Quick start script ile
./start.sh
# veya systemd service olarak (aşağıya bakın)
```
---
### Senaryo 2: Docker Compose Deployment
Tüm servisleri (PostgreSQL, Redis, App) Docker ile çalıştırma.
#### Adımlar
1. **Repository'yi klonlayın**
```bash
git clone <repository-url>
cd AuthCentral
```
2. **.env dosyasını yapılandırın**
```bash
cp .env.example .env
nano .env
```
3. **Docker Compose ile başlatın**
```bash
docker-compose up -d
```
4. **Logları kontrol edin**
```bash
docker-compose logs -f app
```
5. **Durum kontrolü**
```bash
docker-compose ps
curl http://localhost:8080/
```
---
### Senaryo 3: Production Deployment (Systemd)
Production ortamında systemd ile çalıştırma.
#### 1. Systemd Service Dosyası Oluşturun
```bash
sudo nano /etc/systemd/system/gauth-central.service
```
**gauth-central.service:**
```ini
[Unit]
Description=GAuth-Central Authentication Service
After=network.target
[Service]
Type=simple
User=www-data
Group=www-data
WorkingDirectory=/opt/gauth-central
EnvironmentFile=/opt/gauth-central/.env
ExecStart=/opt/gauth-central/main
Restart=always
RestartSec=5
StandardOutput=append:/var/log/gauth-central/app.log
StandardError=append:/var/log/gauth-central/error.log
# Security
NoNewPrivileges=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target
```
#### 2. Log Dizinini Oluşturun
```bash
sudo mkdir -p /var/log/gauth-central
sudo chown www-data:www-data /var/log/gauth-central
```
#### 3. Uygulamayı Deploy Edin
```bash
# Deployment dizinine kopyalayın
sudo mkdir -p /opt/gauth-central
sudo cp -r . /opt/gauth-central/
cd /opt/gauth-central
# Build edin
go build -o main .
# İzinleri ayarlayın
sudo chown -R www-data:www-data /opt/gauth-central
sudo chmod +x /opt/gauth-central/main
```
#### 4. Service'i Başlatın
```bash
sudo systemctl daemon-reload
sudo systemctl enable gauth-central
sudo systemctl start gauth-central
sudo systemctl status gauth-central
```
#### 5. Logları İzleyin
```bash
# Real-time logs
sudo journalctl -u gauth-central -f
# Son 100 satır
sudo journalctl -u gauth-central -n 100
# Application logs
tail -f /var/log/gauth-central/app.log
```
---
## 🔒 Production Checklist
### Güvenlik
- [ ] JWT_SECRET güçlü bir değer olarak ayarlandı
- [ ] PostgreSQL şifreleri güçlü
- [ ] Redis şifre koruması aktif
- [ ] SSL/TLS sertifikaları yapılandırıldı (Nginx/Caddy ile)
- [ ] CORS AllowOrigins production domain'lere güncellendi
- [ ] Firewall kuralları ayarlandı
- [ ] PostgreSQL sslmode=require (production)
- [ ] Rate limiting limitleri gözden geçirildi
### Performance
- [ ] PostgreSQL connection pooling ayarları
- [ ] Redis max memory policy ayarlandı
- [ ] Log rotation yapılandırıldı
- [ ] Monitoring kuruldu (Prometheus/Grafana)
- [ ] Health check endpoint'i aktif
### Backup
- [ ] PostgreSQL otomatik backup
- [ ] Redis persistence yapılandırması
- [ ] Backup restore testi yapıldı
### Monitoring
- [ ] Application logs toplanıyor
- [ ] Error tracking (Sentry vb.)
- [ ] Uptime monitoring
- [ ] Resource monitoring (CPU, RAM, Disk)
---
## 🌐 Nginx Reverse Proxy
Production'da Nginx kullanarak SSL termination:
```nginx
server {
listen 80;
server_name api.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name api.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/api.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.yourdomain.com/privkey.pem;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
```
---
## 📊 Health Checks
### Application Health Check
```bash
curl http://localhost:8080/
```
### PostgreSQL Health
```bash
PGPASSWORD=xxx psql -h 10.80.80.70 -U cloud -d go_gauth -c "SELECT 1;"
```
### Redis Health
```bash
redis-cli -h 10.80.80.70 -p 6379 -a xxx --no-auth-warning PING
```
---
## 🔄 Update/Rollback Prosedürü
### Update
```bash
cd /opt/gauth-central
# Backup
sudo cp main main.backup
# Pull updates
git pull
# Build
go build -o main .
# Restart service
sudo systemctl restart gauth-central
# Check status
sudo systemctl status gauth-central
# Check logs
sudo journalctl -u gauth-central -f
```
### Rollback
```bash
cd /opt/gauth-central
# Restore backup
sudo cp main.backup main
# Restart
sudo systemctl restart gauth-central
```
---
## 🐛 Troubleshooting
### Service başlamıyor
```bash
# Logs kontrol
sudo journalctl -u gauth-central -n 50
# Config kontrol
cat /opt/gauth-central/.env
# Permissions kontrol
ls -la /opt/gauth-central/main
```
### PostgreSQL bağlantı hatası
```bash
# Bağlantı testi
PGPASSWORD=xxx psql -h HOST -U USER -d DB -c "SELECT 1;"
# Network kontrolü
telnet HOST 5432
```
### Redis bağlantı hatası
```bash
# Redis testi
redis-cli -h HOST -p PORT -a PASSWORD PING
# Network kontrolü
telnet HOST 6379
```
---
## 📝 Environment Variables Reference
| Variable | Required | Example | Description |
|----------|----------|---------|-------------|
| `PORT` | Yes | `8080` | Application port |
| `DB_URL` | Yes | `host=...` | PostgreSQL connection string |
| `REDIS_URL` | Yes | `redis://...` | Redis connection URL |
| `JWT_SECRET` | Yes | `secret123` | JWT signing key |
| `GOOGLE_CLIENT_ID` | No | `xxx.apps.googleusercontent.com` | Google OAuth |
| `GITHUB_CLIENT_ID` | No | `Ov23li...` | GitHub OAuth |
| `CLIENT_CALLBACK_URL` | Yes | `http://localhost:8080/v1/auth` | OAuth callback base URL |
| `APP_URL` | Yes | `http://localhost:8080` | Application URL |
---
## 🎯 Next Steps
1. Setup monitoring (Prometheus + Grafana)
2. Configure log aggregation (ELK Stack)
3. Setup automated backups
4. Configure CI/CD pipeline
5. Setup staging environment
6. Configure load balancing (if needed)
---
💡 **Pro Tip**: Her deployment öncesi staging ortamında test edin!