Files
AuthCentral/DEPLOYMENT.md
Beyhan Oğur 8b1fbdee99 first commit
2026-04-26 21:37:58 +03:00

407 lines
8.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 🚀 GAuth-Central Deployment Rehberi
## 📋 Deployment Senaryoları
### Senaryo 1: Standalone Deployment (Mevcut Sunucularla)
Bu senaryoda mevcut PostgreSQL ve Redis sunucularınızı kullanıyorsunuz.
#### Ön Gereksinimler
- ✅ PostgreSQL 17+ sunucusu çalışıyor
- ✅ Redis 7+ sunucusu çalışıyor
- ✅ Go 1.23+ yüklü
- ✅ Sunuculara network erişimi var
#### Adımlar
1. **Repository'yi klonlayın**
```bash
git clone <repository-url>
cd AuthCentral
```
2. **.env dosyasını yapılandırın**
```bash
# .env dosyasını oluşturun
cp .env.example .env
# Düzenleyin
nano .env
```
**.env içeriği:**
```env
PORT=8080
# Mevcut PostgreSQL sunucunuz
DB_URL="host=10.80.80.70 user=cloud password=xxx dbname=go_gauth port=5432 sslmode=disable TimeZone=Europe/Istanbul"
DB_USER=cloud
DB_PASSWORD=xxx
DB_NAME=go_gauth
DB_PORT=5432
DB_HOST=10.80.80.70
# Mevcut Redis sunucunuz
REDIS_HOST=10.80.80.70
REDIS_PORT=6379
REDIS_USER=default
REDIS_PASSWORD=xxx
REDIS_URL=redis://default:xxx@10.80.80.70:6379/0
# JWT Secret (production için güçlü bir değer)
JWT_SECRET=super_secure_production_secret_key_change_this
# OAuth Credentials
GOOGLE_CLIENT_ID=your_client_id
GOOGLE_CLIENT_SECRET=your_client_secret
GITHUB_CLIENT_ID=your_client_id
GITHUB_CLIENT_SECRET=your_client_secret
CLIENT_CALLBACK_URL=http://your-domain.com/v1/auth
APP_URL=http://your-domain.com
```
3. **Bağımlılıkları yükleyin**
```bash
go mod download
```
4. **Bağlantıları test edin**
```bash
# PostgreSQL bağlantısı
PGPASSWORD=xxx psql -h 10.80.80.70 -U cloud -d go_gauth -c "SELECT version();"
# Redis bağlantısı
redis-cli -h 10.80.80.70 -p 6379 -a xxx --no-auth-warning PING
```
5. **Uygulamayı başlatın**
```bash
# Quick start script ile
./start.sh
# veya systemd service olarak (aşağıya bakın)
```
---
### Senaryo 2: Docker Compose Deployment
Tüm servisleri (PostgreSQL, Redis, App) Docker ile çalıştırma.
#### Adımlar
1. **Repository'yi klonlayın**
```bash
git clone <repository-url>
cd AuthCentral
```
2. **.env dosyasını yapılandırın**
```bash
cp .env.example .env
nano .env
```
3. **Docker Compose ile başlatın**
```bash
docker-compose up -d
```
4. **Logları kontrol edin**
```bash
docker-compose logs -f app
```
5. **Durum kontrolü**
```bash
docker-compose ps
curl http://localhost:8080/
```
---
### Senaryo 3: Production Deployment (Systemd)
Production ortamında systemd ile çalıştırma.
#### 1. Systemd Service Dosyası Oluşturun
```bash
sudo nano /etc/systemd/system/gauth-central.service
```
**gauth-central.service:**
```ini
[Unit]
Description=GAuth-Central Authentication Service
After=network.target
[Service]
Type=simple
User=www-data
Group=www-data
WorkingDirectory=/opt/gauth-central
EnvironmentFile=/opt/gauth-central/.env
ExecStart=/opt/gauth-central/main
Restart=always
RestartSec=5
StandardOutput=append:/var/log/gauth-central/app.log
StandardError=append:/var/log/gauth-central/error.log
# Security
NoNewPrivileges=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target
```
#### 2. Log Dizinini Oluşturun
```bash
sudo mkdir -p /var/log/gauth-central
sudo chown www-data:www-data /var/log/gauth-central
```
#### 3. Uygulamayı Deploy Edin
```bash
# Deployment dizinine kopyalayın
sudo mkdir -p /opt/gauth-central
sudo cp -r . /opt/gauth-central/
cd /opt/gauth-central
# Build edin
go build -o main .
# İzinleri ayarlayın
sudo chown -R www-data:www-data /opt/gauth-central
sudo chmod +x /opt/gauth-central/main
```
#### 4. Service'i Başlatın
```bash
sudo systemctl daemon-reload
sudo systemctl enable gauth-central
sudo systemctl start gauth-central
sudo systemctl status gauth-central
```
#### 5. Logları İzleyin
```bash
# Real-time logs
sudo journalctl -u gauth-central -f
# Son 100 satır
sudo journalctl -u gauth-central -n 100
# Application logs
tail -f /var/log/gauth-central/app.log
```
---
## 🔒 Production Checklist
### Güvenlik
- [ ] JWT_SECRET güçlü bir değer olarak ayarlandı
- [ ] PostgreSQL şifreleri güçlü
- [ ] Redis şifre koruması aktif
- [ ] SSL/TLS sertifikaları yapılandırıldı (Nginx/Caddy ile)
- [ ] CORS AllowOrigins production domain'lere güncellendi
- [ ] Firewall kuralları ayarlandı
- [ ] PostgreSQL sslmode=require (production)
- [ ] Rate limiting limitleri gözden geçirildi
### Performance
- [ ] PostgreSQL connection pooling ayarları
- [ ] Redis max memory policy ayarlandı
- [ ] Log rotation yapılandırıldı
- [ ] Monitoring kuruldu (Prometheus/Grafana)
- [ ] Health check endpoint'i aktif
### Backup
- [ ] PostgreSQL otomatik backup
- [ ] Redis persistence yapılandırması
- [ ] Backup restore testi yapıldı
### Monitoring
- [ ] Application logs toplanıyor
- [ ] Error tracking (Sentry vb.)
- [ ] Uptime monitoring
- [ ] Resource monitoring (CPU, RAM, Disk)
---
## 🌐 Nginx Reverse Proxy
Production'da Nginx kullanarak SSL termination:
```nginx
server {
listen 80;
server_name api.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name api.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/api.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.yourdomain.com/privkey.pem;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
```
---
## 📊 Health Checks
### Application Health Check
```bash
curl http://localhost:8080/
```
### PostgreSQL Health
```bash
PGPASSWORD=xxx psql -h 10.80.80.70 -U cloud -d go_gauth -c "SELECT 1;"
```
### Redis Health
```bash
redis-cli -h 10.80.80.70 -p 6379 -a xxx --no-auth-warning PING
```
---
## 🔄 Update/Rollback Prosedürü
### Update
```bash
cd /opt/gauth-central
# Backup
sudo cp main main.backup
# Pull updates
git pull
# Build
go build -o main .
# Restart service
sudo systemctl restart gauth-central
# Check status
sudo systemctl status gauth-central
# Check logs
sudo journalctl -u gauth-central -f
```
### Rollback
```bash
cd /opt/gauth-central
# Restore backup
sudo cp main.backup main
# Restart
sudo systemctl restart gauth-central
```
---
## 🐛 Troubleshooting
### Service başlamıyor
```bash
# Logs kontrol
sudo journalctl -u gauth-central -n 50
# Config kontrol
cat /opt/gauth-central/.env
# Permissions kontrol
ls -la /opt/gauth-central/main
```
### PostgreSQL bağlantı hatası
```bash
# Bağlantı testi
PGPASSWORD=xxx psql -h HOST -U USER -d DB -c "SELECT 1;"
# Network kontrolü
telnet HOST 5432
```
### Redis bağlantı hatası
```bash
# Redis testi
redis-cli -h HOST -p PORT -a PASSWORD PING
# Network kontrolü
telnet HOST 6379
```
---
## 📝 Environment Variables Reference
| Variable | Required | Example | Description |
|----------|----------|---------|-------------|
| `PORT` | Yes | `8080` | Application port |
| `DB_URL` | Yes | `host=...` | PostgreSQL connection string |
| `REDIS_URL` | Yes | `redis://...` | Redis connection URL |
| `JWT_SECRET` | Yes | `secret123` | JWT signing key |
| `GOOGLE_CLIENT_ID` | No | `xxx.apps.googleusercontent.com` | Google OAuth |
| `GITHUB_CLIENT_ID` | No | `Ov23li...` | GitHub OAuth |
| `CLIENT_CALLBACK_URL` | Yes | `http://localhost:8080/v1/auth` | OAuth callback base URL |
| `APP_URL` | Yes | `http://localhost:8080` | Application URL |
---
## 🎯 Next Steps
1. Setup monitoring (Prometheus + Grafana)
2. Configure log aggregation (ELK Stack)
3. Setup automated backups
4. Configure CI/CD pipeline
5. Setup staging environment
6. Configure load balancing (if needed)
---
💡 **Pro Tip**: Her deployment öncesi staging ortamında test edin!