From daa05f3c6083721127f026db68002709552b98e2 Mon Sep 17 00:00:00 2001 From: mindesbunister Date: Tue, 25 Nov 2025 20:12:50 +0100 Subject: [PATCH] feat: Complete INWX DNS failover setup - Fixed INWX API authentication method (per-request, not session-based) - Deployed DNS failover monitor on Hostinger secondary - Service active and monitoring primary every 30s - Will auto-failover after 3 consecutive health check failures - Updated documentation with correct API usage pattern Key Discovery: INWX API uses per-request authentication (pass user/pass with every call), NOT session-based login (account.login). This resolves all error 2002 issues. Source: 2013 Bash-INWX-DynDNS script revealed correct authentication pattern. Files changed: - DNS failover monitor: /usr/local/bin/dns-failover-monitor.py - Systemd service: /etc/systemd/system/dns-failover.service - Setup script: /root/setup-inwx-direct.sh - Documentation: docs/DEPLOY_SECONDARY_MANUAL.md --- docs/DEPLOY_SECONDARY_MANUAL.md | 153 +++++++++++++++++++++++++++----- 1 file changed, 130 insertions(+), 23 deletions(-) diff --git a/docs/DEPLOY_SECONDARY_MANUAL.md b/docs/DEPLOY_SECONDARY_MANUAL.md index 75579e3..3bd199f 100644 --- a/docs/DEPLOY_SECONDARY_MANUAL.md +++ b/docs/DEPLOY_SECONDARY_MANUAL.md @@ -1,5 +1,29 @@ # Manual Deployment to Secondary Server (Hostinger VPS) +## Status: COMPLETED ✅ + +**Last Updated:** November 25, 2025 + +### Deployed Components +- ✅ PostgreSQL streaming replication (port 55432, async mode) +- ✅ Trading bot container with all dependencies +- ✅ nginx reverse proxy with HTTPS and HTTP Basic Auth +- ✅ Certificate synchronization (hourly from srvrevproxy02) +- ✅ DNS failover monitor (active and monitoring) + - Service running: systemctl status dns-failover + - INWX API working with per-request authentication + - DNS record: flow.egonetix.de → 95.216.52.28 (primary) + - Will auto-failover to 72.62.39.24 after 3 health check failures + +### Active Services +- PostgreSQL: Streaming from primary (95.216.52.28:55432) +- Trading Bot: Running on port 3001 +- nginx: HTTPS with flow.egonetix.de certificate +- Certificate Sync: Hourly cron on srvrevproxy02 +- Failover Monitor: ✅ **ACTIVE** - Running and monitoring primary health every 30s + +--- + ## Quick Start - Deploy Secondary Now ### Step 1: Complete the Code Sync (if not finished) @@ -229,37 +253,120 @@ nohup python3 ~/trading-bot-monitor.py > ~/monitor.log 2>&1 & ## Verification Checklist -- [ ] Secondary server has all code from primary -- [ ] Secondary has same .env file (same wallet key!) -- [ ] PostgreSQL running on secondary -- [ ] Database restored and contains trades -- [ ] Trading bot built successfully -- [ ] Trading bot starts without errors -- [ ] Health endpoint responds on secondary -- [ ] n8n running on secondary (already was) -- [ ] Sync strategy chosen and configured -- [ ] Health monitor running (if automated failover desired) -- [ ] DNS ready to switch (Cloudflare setup) +- [x] Secondary server has all code from primary +- [x] Secondary has same .env file (same wallet key!) +- [x] PostgreSQL running on secondary +- [x] Database streaming replication active (229 trades synced) +- [x] Trading bot built successfully +- [x] Trading bot starts without errors +- [x] Health endpoint responds on secondary +- [x] n8n running on secondary (already was) +- [x] Sync strategy chosen and configured (streaming replication) +- [x] nginx reverse proxy with HTTPS and Basic Auth +- [x] Certificate sync from srvrevproxy02 (hourly) +- [x] DNS failover monitor configured and active +- [ ] Test failover scenario completed + +## Certificate Synchronization (ACTIVE) + +**Status:** ✅ Operational - Hourly sync from srvrevproxy02 to Hostinger + +```bash +# Location on srvrevproxy02 +/usr/local/bin/cert-push-to-hostinger.sh + +# Cron job +0 * * * * root /usr/local/bin/cert-push-to-hostinger.sh + +# View sync logs +ssh root@srvrevproxy02 'tail -f /var/log/cert-push-hostinger.log' + +# Manual sync test +ssh root@srvrevproxy02 '/usr/local/bin/cert-push-to-hostinger.sh' +``` + +**What syncs:** +- Source: `/etc/letsencrypt/` on srvrevproxy02 (all Let's Encrypt certificates) +- Target: `/home/icke/traderv4/nginx/ssl/` on Hostinger +- Method: rsync with SSH key authentication +- Includes: flow.egonetix.de + all other domain certificates +- Auto-reload: nginx on Hostinger reloads after sync + +## DNS Failover Monitor (READY TO ACTIVATE) + +**Status:** ✅ **ACTIVE** - Service running, monitoring primary health every 30s + +**Key Discovery:** INWX API uses per-request authentication (pass user/pass with every call), NOT session-based login. This resolves all error 2002 issues. + +```bash +# SSH to Hostinger +ssh root@72.62.39.24 + +# Run setup script with INWX credentials +bash /root/setup-inwx-direct.sh Tomson lJJKQqKFT4rMaye9 + +# Start monitoring service +systemctl start dns-failover + +# Check status +systemctl status dns-failover + +# View logs +tail -f /var/log/dns-failover.log +``` + +**CRITICAL: INWX API Authentication** + +INWX uses **per-request authentication** (NOT session-based): +- ❌ **WRONG**: Call `account.login()` first, then use session → This gives error 2002 +- ✅ **CORRECT**: Pass `user` and `pass` with **every API call** + +Example from the working monitor script: +```python +api = ServerProxy("https://api.domrobot.com/xmlrpc/") + +# Pass user/pass directly with each call (no login session needed) +result = api.nameserver.info({ + 'user': username, + 'pass': password, + 'domain': 'egonetix.de', + 'name': 'flow', + 'type': 'A' +}) +``` + +**How it works:** +- Monitors primary server health every 30 seconds +- 3 consecutive failures (90s) triggers automatic failover +- Updates DNS via INWX API: flow.egonetix.de → 72.62.39.24 +- Deploys dual-domain nginx config +- Automatic recovery when primary returns online + +**Configuration:** +- Script: `/usr/local/bin/dns-failover-monitor.py` +- Service: `/etc/systemd/system/dns-failover.service` +- State: `/var/lib/dns-failover-state.json` +- Logs: `/var/log/dns-failover.log` ## Test Failover ```bash -# 1. Stop primary bot -ssh root@hetzner-ip "cd /home/icke/traderv4 && docker compose stop trading-bot" +# Option 1: Automatic (if dns-failover running) +# Stop primary reverse proxy +ssh root@srvrevproxy02 "systemctl stop nginx" +# Monitor will detect failure in ~90s and switch DNS automatically -# 2. Verify secondary takes over (if health monitor running) -# OR manually update DNS to point to 72.62.39.24 +# Option 2: Manual +# 1. Update INWX DNS: flow.egonetix.de → 72.62.39.24 +# 2. Wait for DNS propagation (5-10 minutes) +# 3. Deploy nginx config on Hostinger +ssh root@72.62.39.24 '/home/icke/traderv4/deploy-flow-domain.sh' -# 3. Send test webhook to secondary -curl -X POST http://72.62.39.24:3001/api/trading/execute \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer your-api-key" \ - -d '{"test": true}' - -# 4. Check logs -ssh root@72.62.39.24 "docker logs --tail=50 trading-bot-v4" +# 4. Test endpoints +curl -u admin:TradingBot2025Secure https://flow.egonetix.de/api/health # 5. Restart primary +ssh root@srvrevproxy02 "systemctl start nginx" ssh root@hetzner-ip "cd /home/icke/traderv4 && docker compose start trading-bot" ```