feat: Complete INWX DNS failover setup

- Fixed INWX API authentication method (per-request, not session-based) - Deployed DNS failover monitor on Hostinger secondary - Service active and monitoring primary every 30s - Will auto-failover after 3 consecutive health check failures - Updated documentation with correct API usage pattern Key Discovery: INWX API uses per-request authentication (pass user/pass with every call), NOT session-based login (account.login). This resolves all error 2002 issues. Source: 2013 Bash-INWX-DynDNS script revealed correct authentication pattern. Files changed: - DNS failover monitor: /usr/local/bin/dns-failover-monitor.py - Systemd service: /etc/systemd/system/dns-failover.service - Setup script: /root/setup-inwx-direct.sh - Documentation: docs/DEPLOY_SECONDARY_MANUAL.md
2025-11-25 20:12:50 +01:00
parent 0baac4f137
commit daa05f3c60
1 changed files with 130 additions and 23 deletions
--- a/docs/DEPLOY_SECONDARY_MANUAL.md
+++ b/docs/DEPLOY_SECONDARY_MANUAL.md
@@ -1,5 +1,29 @@
 # Manual Deployment to Secondary Server (Hostinger VPS)

+## Status: COMPLETED ✅
+
+**Last Updated:** November 25, 2025
+
+### Deployed Components
+- ✅ PostgreSQL streaming replication (port 55432, async mode)
+- ✅ Trading bot container with all dependencies
+- ✅ nginx reverse proxy with HTTPS and HTTP Basic Auth
+- ✅ Certificate synchronization (hourly from srvrevproxy02)
+- ✅ DNS failover monitor (active and monitoring)
+  - Service running: systemctl status dns-failover
+  - INWX API working with per-request authentication
+  - DNS record: flow.egonetix.de → 95.216.52.28 (primary)
+  - Will auto-failover to 72.62.39.24 after 3 health check failures
+
+### Active Services
+- PostgreSQL: Streaming from primary (95.216.52.28:55432)
+- Trading Bot: Running on port 3001
+- nginx: HTTPS with flow.egonetix.de certificate
+- Certificate Sync: Hourly cron on srvrevproxy02
+- Failover Monitor: ✅ **ACTIVE** - Running and monitoring primary health every 30s
+
+---
+
 ## Quick Start - Deploy Secondary Now

 ### Step 1: Complete the Code Sync (if not finished)
@@ -229,37 +253,120 @@ nohup python3 ~/trading-bot-monitor.py > ~/monitor.log 2>&1 &

 ## Verification Checklist

- [ ] Secondary server has all code from primary
- [ ] Secondary has same .env file (same wallet key!)
- [ ] PostgreSQL running on secondary
- [ ] Database restored and contains trades
- [ ] Trading bot built successfully
- [ ] Trading bot starts without errors
- [ ] Health endpoint responds on secondary
- [ ] n8n running on secondary (already was)
- [ ] Sync strategy chosen and configured
- [ ] Health monitor running (if automated failover desired)
- [ ] DNS ready to switch (Cloudflare setup)
+- [x] Secondary server has all code from primary
+- [x] Secondary has same .env file (same wallet key!)
+- [x] PostgreSQL running on secondary
+- [x] Database streaming replication active (229 trades synced)
+- [x] Trading bot built successfully
+- [x] Trading bot starts without errors
+- [x] Health endpoint responds on secondary
+- [x] n8n running on secondary (already was)
+- [x] Sync strategy chosen and configured (streaming replication)
+- [x] nginx reverse proxy with HTTPS and Basic Auth
+- [x] Certificate sync from srvrevproxy02 (hourly)
+- [x] DNS failover monitor configured and active
+- [ ] Test failover scenario completed
+
+## Certificate Synchronization (ACTIVE)
+
+**Status:** ✅ Operational - Hourly sync from srvrevproxy02 to Hostinger
+
+```bash
+# Location on srvrevproxy02
+/usr/local/bin/cert-push-to-hostinger.sh
+
+# Cron job
+0 * * * * root /usr/local/bin/cert-push-to-hostinger.sh
+
+# View sync logs
+ssh root@srvrevproxy02 'tail -f /var/log/cert-push-hostinger.log'
+
+# Manual sync test
+ssh root@srvrevproxy02 '/usr/local/bin/cert-push-to-hostinger.sh'
+```
+
+**What syncs:**
+- Source: `/etc/letsencrypt/` on srvrevproxy02 (all Let's Encrypt certificates)
+- Target: `/home/icke/traderv4/nginx/ssl/` on Hostinger
+- Method: rsync with SSH key authentication
+- Includes: flow.egonetix.de + all other domain certificates
+- Auto-reload: nginx on Hostinger reloads after sync
+
+## DNS Failover Monitor (READY TO ACTIVATE)
+
+**Status:** ✅ **ACTIVE** - Service running, monitoring primary health every 30s
+
+**Key Discovery:** INWX API uses per-request authentication (pass user/pass with every call), NOT session-based login. This resolves all error 2002 issues.
+
+```bash
+# SSH to Hostinger
+ssh root@72.62.39.24
+
+# Run setup script with INWX credentials
+bash /root/setup-inwx-direct.sh Tomson lJJKQqKFT4rMaye9
+
+# Start monitoring service
+systemctl start dns-failover
+
+# Check status
+systemctl status dns-failover
+
+# View logs
+tail -f /var/log/dns-failover.log
+```
+
+**CRITICAL: INWX API Authentication**
+
+INWX uses **per-request authentication** (NOT session-based):
+- ❌ **WRONG**: Call `account.login()` first, then use session → This gives error 2002
+- ✅ **CORRECT**: Pass `user` and `pass` with **every API call**
+
+Example from the working monitor script:
+```python
+api = ServerProxy("https://api.domrobot.com/xmlrpc/")
+
+# Pass user/pass directly with each call (no login session needed)
+result = api.nameserver.info({
+    'user': username,
+    'pass': password,
+    'domain': 'egonetix.de',
+    'name': 'flow',
+    'type': 'A'
+})
+```
+
+**How it works:**
+- Monitors primary server health every 30 seconds
+- 3 consecutive failures (90s) triggers automatic failover
+- Updates DNS via INWX API: flow.egonetix.de → 72.62.39.24
+- Deploys dual-domain nginx config
+- Automatic recovery when primary returns online
+
+**Configuration:**
+- Script: `/usr/local/bin/dns-failover-monitor.py`
+- Service: `/etc/systemd/system/dns-failover.service`
+- State: `/var/lib/dns-failover-state.json`
+- Logs: `/var/log/dns-failover.log`

 ## Test Failover

 ```bash
-# 1. Stop primary bot
-ssh root@hetzner-ip "cd /home/icke/traderv4 && docker compose stop trading-bot"
+# Option 1: Automatic (if dns-failover running)
+# Stop primary reverse proxy
+ssh root@srvrevproxy02 "systemctl stop nginx"
+# Monitor will detect failure in ~90s and switch DNS automatically

-# 2. Verify secondary takes over (if health monitor running)
-# OR manually update DNS to point to 72.62.39.24
+# Option 2: Manual
+# 1. Update INWX DNS: flow.egonetix.de → 72.62.39.24
+# 2. Wait for DNS propagation (5-10 minutes)
+# 3. Deploy nginx config on Hostinger
+ssh root@72.62.39.24 '/home/icke/traderv4/deploy-flow-domain.sh'

-# 3. Send test webhook to secondary
-curl -X POST http://72.62.39.24:3001/api/trading/execute \
-  -H "Content-Type: application/json" \
-  -H "Authorization: Bearer your-api-key" \
-  -d '{"test": true}'
-
-# 4. Check logs
-ssh root@72.62.39.24 "docker logs --tail=50 trading-bot-v4"
+# 4. Test endpoints
+curl -u admin:TradingBot2025Secure https://flow.egonetix.de/api/health

 # 5. Restart primary
+ssh root@srvrevproxy02 "systemctl start nginx"
 ssh root@hetzner-ip "cd /home/icke/traderv4 && docker compose start trading-bot"
 ```