72a0a76f6a
- CLAUDE.md: CRA-Sektion mit Architektur, Kommando-Referenz, Wann-vorschlagen-Tabelle - Skills-Referenz um /delegate-remote erweitert - Neuer Skill delegate-remote.md für geführte Remote-Delegation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
4.1 KiB
4.1 KiB
Deployment-Plan: Jotty auf srvdocker02
Zusammenfassung
Dienst: Jotty (Notiz-/Checklisten-App) Quelle: https://github.com/fccview/jotty Domain: coldstorage.egonetix.de Backend: srvdocker02 (10.0.0.48:1122) Reverse Proxy: srvrevproxy02 (10.0.0.29)
Phase 1: Repo-Setup (lokal)
Verzeichnis: /home/rwiegand/Nextcloud/egonetix/jotty
git init && git branch -M main- README.md aus Template erstellen
- Repo auf Gitea erstellen (Organisation: Egonetix)
git remote add origin ssh://git@gitea.egonetix.de:222/Egonetix/jotty.git- Initial commit + push
Phase 2: Deployment-Dateien erstellen
docker-compose.yml (in /home/icke/jotty/)
services:
jotty:
image: ghcr.io/fccview/jotty:latest
container_name: jotty
user: "1000:1000"
ports:
- "1122:3000"
volumes:
- ./data:/app/data:rw
- ./config:/app/config:rw
- ./cache:/app/.next/cache:rw
restart: unless-stopped
environment:
- NODE_ENV=production
networks:
- jotty
networks:
jotty:
name: jotty_network
Port 1122 ist frei (bestätigt via Port-Scan)
Phase 3: Deployment auf srvdocker02
# Verzeichnisse anlegen (alles unter /home/icke/jotty/)
mkdir -p /home/icke/jotty/{data,config,cache}
mkdir -p /home/icke/jotty/data/{users,checklists,notes,sharing,encryption}
# Berechtigungen
sudo chown -R 1000:1000 /home/icke/jotty/
# docker-compose.yml anlegen (direkt im Dienst-Ordner)
nano /home/icke/jotty/docker-compose.yml
# Starten
cd /home/icke/jotty && docker-compose up -d
Phase 4: SSL-Zertifikat auf srvrevproxy02
DNS: User richtet coldstorage.egonetix.de bei INWX ein → 78.46.222.24 (oder aktuelle IP)
Certbot-Befehl:
/usr/bin/certbot certonly --rsa-key-size 4096 -d coldstorage.egonetix.de --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
Phase 5: Nginx-Config auf srvrevproxy02
Datei: /etc/nginx/sites-available/coldstorage.conf
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name coldstorage.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl on;
ssl_certificate /etc/letsencrypt/live/coldstorage.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/coldstorage.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name coldstorage.egonetix.de;
access_log /var/log/nginx/coldstorage-access_log;
error_log /var/log/nginx/coldstorage-error_log;
set $upstream 10.0.0.48;
location / {
proxy_pass http://$upstream:1122;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
Aktivieren:
ln -s /etc/nginx/sites-available/coldstorage.conf /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx
Phase 6: Dokumentation aktualisieren
| Datei | Aktion |
|---|---|
infrastructure/hosts/srvdocker02.md |
Jotty zu Container-Liste |
infrastructure/hosts/srvrevproxy02.md |
coldstorage.conf erwähnen |
infrastructure/netzwerk/domains.md |
coldstorage.egonetix.de hinzufügen |
Verifikation
# Container läuft? (srvdocker02)
docker ps | grep jotty
docker logs jotty
# Lokal erreichbar? (srvdocker02)
curl http://localhost:1122
# Extern erreichbar? (nach DNS-Propagation)
curl -I https://coldstorage.egonetix.de
Kritische Dateien
| Datei | Aktion |
|---|---|
/home/rwiegand/Nextcloud/egonetix/jotty/docker-compose.yml |
Erstellen |
/home/rwiegand/Nextcloud/egonetix/jotty/README.md |
Erstellen |
srvdocker02:/home/icke/jotty/docker-compose.yml |
Deployen |
srvrevproxy02:/etc/nginx/sites-available/coldstorage.conf |
Erstellen |