# Deployment-Plan: Jotty auf srvdocker02 ## Zusammenfassung **Dienst:** Jotty (Notiz-/Checklisten-App) **Quelle:** https://github.com/fccview/jotty **Domain:** coldstorage.egonetix.de **Backend:** srvdocker02 (10.0.0.48:1122) **Reverse Proxy:** srvrevproxy02 (10.0.0.29) --- ## Phase 1: Repo-Setup (lokal) Verzeichnis: `/home/rwiegand/Nextcloud/egonetix/jotty` 1. `git init && git branch -M main` 2. README.md aus Template erstellen 3. Repo auf Gitea erstellen (Organisation: Egonetix) 4. `git remote add origin ssh://git@gitea.egonetix.de:222/Egonetix/jotty.git` 5. Initial commit + push --- ## Phase 2: Deployment-Dateien erstellen ### docker-compose.yml (in `/home/icke/jotty/`) ```yaml services: jotty: image: ghcr.io/fccview/jotty:latest container_name: jotty user: "1000:1000" ports: - "1122:3000" volumes: - ./data:/app/data:rw - ./config:/app/config:rw - ./cache:/app/.next/cache:rw restart: unless-stopped environment: - NODE_ENV=production networks: - jotty networks: jotty: name: jotty_network ``` **Port 1122 ist frei** (bestätigt via Port-Scan) --- ## Phase 3: Deployment auf srvdocker02 ```bash # Verzeichnisse anlegen (alles unter /home/icke/jotty/) mkdir -p /home/icke/jotty/{data,config,cache} mkdir -p /home/icke/jotty/data/{users,checklists,notes,sharing,encryption} # Berechtigungen sudo chown -R 1000:1000 /home/icke/jotty/ # docker-compose.yml anlegen (direkt im Dienst-Ordner) nano /home/icke/jotty/docker-compose.yml # Starten cd /home/icke/jotty && docker-compose up -d ``` --- ## Phase 4: SSL-Zertifikat auf srvrevproxy02 **DNS:** User richtet `coldstorage.egonetix.de` bei INWX ein → 78.46.222.24 (oder aktuelle IP) **Certbot-Befehl:** ```bash /usr/bin/certbot certonly --rsa-key-size 4096 -d coldstorage.egonetix.de --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" ``` --- ## Phase 5: Nginx-Config auf srvrevproxy02 **Datei:** `/etc/nginx/sites-available/coldstorage.conf` ```nginx add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; server { listen 80; server_name coldstorage.egonetix.de; return 301 https://$server_name$request_uri; } server { listen 10.0.0.29:443 ssl http2; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl on; ssl_certificate /etc/letsencrypt/live/coldstorage.egonetix.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/coldstorage.egonetix.de/privkey.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem; server_name coldstorage.egonetix.de; access_log /var/log/nginx/coldstorage-access_log; error_log /var/log/nginx/coldstorage-error_log; set $upstream 10.0.0.48; location / { proxy_pass http://$upstream:1122; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; } } ``` **Aktivieren:** ```bash ln -s /etc/nginx/sites-available/coldstorage.conf /etc/nginx/sites-enabled/ nginx -t && systemctl reload nginx ``` --- ## Phase 6: Dokumentation aktualisieren | Datei | Aktion | |-------|--------| | `infrastructure/hosts/srvdocker02.md` | Jotty zu Container-Liste | | `infrastructure/hosts/srvrevproxy02.md` | coldstorage.conf erwähnen | | `infrastructure/netzwerk/domains.md` | coldstorage.egonetix.de hinzufügen | --- ## Verifikation ```bash # Container läuft? (srvdocker02) docker ps | grep jotty docker logs jotty # Lokal erreichbar? (srvdocker02) curl http://localhost:1122 # Extern erreichbar? (nach DNS-Propagation) curl -I https://coldstorage.egonetix.de ``` --- ## Kritische Dateien | Datei | Aktion | |-------|--------| | `/home/rwiegand/Nextcloud/egonetix/jotty/docker-compose.yml` | Erstellen | | `/home/rwiegand/Nextcloud/egonetix/jotty/README.md` | Erstellen | | `srvdocker02:/home/icke/jotty/docker-compose.yml` | Deployen | | `srvrevproxy02:/etc/nginx/sites-available/coldstorage.conf` | Erstellen |