# Rocky Linux 8.x Production Deployment Checklist ## Pre-Deployment Checklist ### System Requirements ✓ - [ ] Rocky Linux 8.x server with minimum 2GB RAM - [ ] Root or sudo access to the server - [ ] Internet connectivity for package downloads - [ ] Domain name pointing to server IP - [ ] SSH access configured ### Security Preparation ✓ - [ ] SSH key authentication configured - [ ] Password authentication disabled for SSH - [ ] Non-root user created with sudo privileges - [ ] Firewall rules planned - [ ] SSL certificates obtained (Let's Encrypt or purchased) ## Deployment Steps ### 1. System Setup ```bash # Run the Rocky Linux setup script sudo bash deploy/setup-rocky.sh # Verify system configuration bash deploy/validate-rocky.sh ``` ### 2. Application Deployment ```bash # Deploy the application bash deploy/deploy-rocky.sh # Start services sudo systemctl start notyobiz-api sudo systemctl enable notyobiz-api ``` ### 3. Database Configuration ```bash # Configure MariaDB sudo mysql_secure_installation # Create application database mysql -u root -p << EOF CREATE DATABASE notyobiz_db; CREATE USER 'notyobiz_user'@'localhost' IDENTIFIED BY 'your_secure_password'; GRANT ALL PRIVILEGES ON notyobiz_db.* TO 'notyobiz_user'@'localhost'; FLUSH PRIVILEGES; EOF # Configure PostgreSQL (optional) sudo -u postgres createdb notyobiz_pg sudo -u postgres createuser notyobiz_pg_user ``` ### 4. SSL/TLS Configuration ```bash # Install Certbot for Let's Encrypt sudo dnf install certbot python3-certbot-nginx # Obtain SSL certificate sudo certbot --nginx -d notyobiz.com -d www.notyobiz.com -d api.notyobiz.com -d portal.notyobiz.com # Set up auto-renewal sudo crontab -e # Add: 0 12 * * * /usr/bin/certbot renew --quiet ``` ### 5. Nginx Configuration ```bash # Test Nginx configuration sudo nginx -t # Reload Nginx sudo systemctl reload nginx # Verify SSL curl -I https://notyobiz.com ``` ### 6. PM2 Process Management ```bash # Start application with PM2 pm2 start api/server-simple.js --name notyobiz-api # Save PM2 configuration pm2 save # Setup PM2 startup pm2 startup ``` ## Post-Deployment Verification ### Application Health Checks - [ ] API health endpoint: `curl http://localhost:3000/health` - [ ] Portal accessibility: `curl http://localhost` - [ ] Database connectivity: Test API endpoints that use database - [ ] SSL certificate validity: `curl -I https://notyobiz.com` ### Service Status Checks ```bash # Check all services sudo systemctl status nginx sudo systemctl status mariadb sudo systemctl status redis pm2 status # Check firewall sudo firewall-cmd --list-all # Check SELinux getenforce ``` ### Performance Verification ```bash # Run validation script bash deploy/validate-rocky.sh # Check logs tail -f /var/log/nginx/access.log tail -f logs/api.log pm2 logs notyobiz-api ``` ## Security Hardening ### Firewall Configuration ✓ - [ ] Only necessary ports open (22, 80, 443) - [ ] Rate limiting configured - [ ] Fail2ban installed and configured ### SELinux Configuration ✓ - [ ] SELinux enforcing mode enabled - [ ] Custom policies for Node.js applications - [ ] File contexts properly set ### Additional Security Measures ```bash # Install and configure fail2ban sudo dnf install fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban # Configure automatic updates sudo dnf install dnf-automatic sudo systemctl enable dnf-automatic-install.timer sudo systemctl start dnf-automatic-install.timer ``` ## Monitoring and Maintenance ### Log Monitoring Setup ```bash # Configure logrotate for application logs sudo tee /etc/logrotate.d/notyobiz << EOF /home/notyobiz/cloud_home_lab/logs/*.log { daily missingok rotate 30 compress delaycompress notifempty create 0644 notyobiz notyobiz postrotate pm2 reload notyobiz-api endscript } EOF ``` ### Backup Configuration ```bash # Create backup script sudo tee /usr/local/bin/notyobiz-backup.sh << 'EOF' #!/bin/bash BACKUP_DIR="/backup/notyobiz" DATE=$(date +%Y%m%d_%H%M%S) # Create backup directory mkdir -p "$BACKUP_DIR" # Backup database mysqldump -u root -p notyobiz_db > "$BACKUP_DIR/db_backup_$DATE.sql" # Backup application files tar -czf "$BACKUP_DIR/app_backup_$DATE.tar.gz" /home/notyobiz/cloud_home_lab # Keep only last 7 backups find "$BACKUP_DIR" -name "*.sql" -mtime +7 -delete find "$BACKUP_DIR" -name "*.tar.gz" -mtime +7 -delete EOF chmod +x /usr/local/bin/notyobiz-backup.sh # Schedule daily backups sudo crontab -e # Add: 0 2 * * * /usr/local/bin/notyobiz-backup.sh ``` ### Health Monitoring ```bash # Create health check cron job (crontab -l 2>/dev/null; echo "*/5 * * * * curl -f http://localhost:3000/health || pm2 restart notyobiz-api") | crontab - ``` ## Performance Optimization ### Nginx Optimization - [ ] Gzip compression enabled - [ ] Static file caching configured - [ ] Connection limits set - [ ] Rate limiting configured ### Node.js Optimization - [ ] PM2 cluster mode configured if needed - [ ] Memory limits set - [ ] Environment variables optimized - [ ] Database connection pooling configured ### Database Optimization ```bash # MariaDB tuning sudo mysql_secure_installation # Optimize MariaDB configuration sudo tee -a /etc/my.cnf.d/server.cnf << EOF [mysqld] innodb_buffer_pool_size = 512M max_connections = 100 query_cache_size = 32M query_cache_limit = 2M EOF sudo systemctl restart mariadb ``` ## Troubleshooting Guide ### Common Issues and Solutions 1. **Application not starting** ```bash # Check PM2 logs pm2 logs notyobiz-api # Check systemd logs sudo journalctl -u notyobiz-api -f ``` 2. **Database connection issues** ```bash # Test database connectivity mysql -u notyobiz_user -p notyobiz_db # Check MariaDB status sudo systemctl status mariadb ``` 3. **SSL certificate issues** ```bash # Check certificate status sudo certbot certificates # Renew certificate manually sudo certbot renew --force-renewal ``` 4. **Firewall blocking connections** ```bash # Check firewall rules sudo firewall-cmd --list-all # Open required ports sudo firewall-cmd --permanent --add-port=80/tcp sudo firewall-cmd --permanent --add-port=443/tcp sudo firewall-cmd --reload ``` 5. **High resource usage** ```bash # Monitor resources htop iotop # Check PM2 status pm2 monit ``` ## Final Verification Commands ```bash # Complete system check bash deploy/validate-rocky.sh # Test all endpoints curl http://localhost:3000/health curl http://localhost:3000/api/status curl https://notyobiz.com curl https://api.notyobiz.com/health # Check service status sudo systemctl status nginx mariadb redis pm2 status # View logs tail -f /var/log/nginx/error.log tail -f logs/api.log ``` ## Success Criteria ✅ - [ ] All services running and enabled - [ ] SSL certificates installed and auto-renewing - [ ] Application accessible via HTTPS - [ ] Database connections working - [ ] Monitoring and logging configured - [ ] Backups scheduled - [ ] Security measures in place - [ ] Performance optimized ## Post-Deployment Notes Record the following information for future reference: - **Server IP**: ________________ - **Domain**: notyobiz.com - **Database Password**: ________________ - **SSL Certificate Expiry**: ________________ - **PM2 Process ID**: ________________ - **Backup Location**: /backup/notyobiz ## Emergency Contacts - **Hosting Provider**: resellerspanel.com support - **Domain Registrar**: ________________ - **SSL Provider**: Let's Encrypt / ________________ --- **Date Deployed**: ________________ **Deployed By**: ________________ **Version**: 1.0.0 **Rocky Linux Version**: ________________