deploy/README.md

# TrueCV Deployment Guide

## Quick Start

### 1. Server Setup (run once on fresh Ubuntu server)

```bash
# Copy server-setup.sh to your server
scp deploy/server-setup.sh user@your-server:/tmp/

# SSH into server and run setup
ssh user@your-server
sudo bash /tmp/server-setup.sh
```

**Before running**, edit the script and update:
- `DOMAIN` - Your domain name
- `DB_PASSWORD` - Strong password for SQL Server
- `ADMIN_EMAIL` - Email for SSL certificate notifications

### 2. Deploy Application (run from dev machine)

```bash
# Edit deploy.sh and update configuration
nano deploy/deploy.sh

# Make executable and run
chmod +x deploy/deploy.sh
./deploy/deploy.sh
```

**Update these values in deploy.sh:**
- `SERVER_USER` - SSH username
- `SERVER_HOST` - Server hostname or IP
- `DOMAIN` - Your domain name

### 3. Enable SSL

After DNS is configured and app is deployed:

```bash
ssh user@your-server
sudo certbot --nginx -d truecv.yourdomain.com
```

## Configuration

### Environment Variables

The systemd service sets these environment variables:
- `ASPNETCORE_ENVIRONMENT=Production`
- `ASPNETCORE_URLS=http://localhost:5000`
- `ConnectionStrings__DefaultConnection=...`

To add more (like API keys), edit:
```bash
sudo systemctl edit truecv
```

Add:
```ini
[Service]
Environment=OpenAI__ApiKey=your-key-here
```

### appsettings.Production.json

For sensitive settings, create `/var/www/truecv/appsettings.Production.json`:

```json
{
  "ConnectionStrings": {
    "DefaultConnection": "Server=127.0.0.1;Database=TrueCV;User Id=SA;Password=YourPassword;TrustServerCertificate=True"
  },
  "OpenAI": {
    "ApiKey": "your-openai-key"
  }
}
```

## Maintenance

### View Logs
```bash
# Application logs
sudo journalctl -u truecv -f

# Nginx logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

# SQL Server logs
docker logs truecv-sql -f
```

### Restart Services
```bash
sudo systemctl restart truecv
sudo systemctl restart nginx
docker restart truecv-sql
```

### Database Backup
```bash
# Backup
docker exec truecv-sql /opt/mssql-tools18/bin/sqlcmd \
    -S localhost -U SA -P 'YourPassword' -C \
    -Q "BACKUP DATABASE TrueCV TO DISK='/var/opt/mssql/backup/truecv.bak'"

# Copy backup from container
docker cp truecv-sql:/var/opt/mssql/backup/truecv.bak ./truecv-backup.bak
```

### Rollback Deployment
```bash
# On server - restore previous version
sudo systemctl stop truecv
sudo rm -rf /var/www/truecv
sudo mv /var/www/truecv.backup.YYYYMMDD_HHMMSS /var/www/truecv
sudo systemctl start truecv
```

## Troubleshooting

### App won't start
```bash
# Check status
sudo systemctl status truecv

# Check logs
sudo journalctl -u truecv -n 100

# Test manually
cd /var/www/truecv
sudo -u www-data dotnet TrueCV.Web.dll
```

### Database connection issues
```bash
# Check SQL Server is running
docker ps | grep truecv-sql

# Test connection
docker exec -it truecv-sql /opt/mssql-tools18/bin/sqlcmd \
    -S localhost -U SA -P 'YourPassword' -C \
    -Q "SELECT name FROM sys.databases"
```

### Blazor SignalR issues
Ensure Nginx is configured for WebSocket support (included in setup script).

Check browser console for connection errors.

## Security Checklist

- [ ] Change default SQL Server password
- [ ] Enable SSL with Let's Encrypt
- [ ] Configure firewall (UFW)
- [ ] Set up automated backups
- [ ] Enable fail2ban for SSH protection
- [ ] Keep system updated regularly
Add Linux deployment scripts - deploy.sh: Publish and deploy from dev machine - server-setup.sh: One-time Ubuntu server setup (Nginx, Docker, SQL Server) - README.md: Deployment documentation and troubleshooting guide Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-21 09:48:59 +01:00			`# TrueCV Deployment Guide`

			`## Quick Start`

			`### 1. Server Setup (run once on fresh Ubuntu server)`

			```bash
			`# Copy server-setup.sh to your server`
			`scp deploy/server-setup.sh user@your-server:/tmp/`

			`# SSH into server and run setup`
			`ssh user@your-server`
			`sudo bash /tmp/server-setup.sh`
			```

			`Before running, edit the script and update:`
			- `DOMAIN` - Your domain name
			- `DB_PASSWORD` - Strong password for SQL Server
			- `ADMIN_EMAIL` - Email for SSL certificate notifications

			`### 2. Deploy Application (run from dev machine)`

			```bash
			`# Edit deploy.sh and update configuration`
			`nano deploy/deploy.sh`

			`# Make executable and run`
			`chmod +x deploy/deploy.sh`
			`./deploy/deploy.sh`
			```

			`Update these values in deploy.sh:`
			- `SERVER_USER` - SSH username
			- `SERVER_HOST` - Server hostname or IP
			- `DOMAIN` - Your domain name

			`### 3. Enable SSL`

			`After DNS is configured and app is deployed:`

			```bash
			`ssh user@your-server`
			`sudo certbot --nginx -d truecv.yourdomain.com`
			```

			`## Configuration`

			`### Environment Variables`

			`The systemd service sets these environment variables:`
			- `ASPNETCORE_ENVIRONMENT=Production`
			- `ASPNETCORE_URLS=http://localhost:5000`
			- `ConnectionStrings__DefaultConnection=...`

			`To add more (like API keys), edit:`
			```bash
			`sudo systemctl edit truecv`
			```

			`Add:`
			```ini
			`[Service]`
			`Environment=OpenAI__ApiKey=your-key-here`
			```

			`### appsettings.Production.json`

			For sensitive settings, create `/var/www/truecv/appsettings.Production.json`:

			```json
			`{`
			`"ConnectionStrings": {`
			`"DefaultConnection": "Server=127.0.0.1;Database=TrueCV;User Id=SA;Password=YourPassword;TrustServerCertificate=True"`
			`},`
			`"OpenAI": {`
			`"ApiKey": "your-openai-key"`
			`}`
			`}`
			```

			`## Maintenance`

			`### View Logs`
			```bash
			`# Application logs`
			`sudo journalctl -u truecv -f`

			`# Nginx logs`
			`sudo tail -f /var/log/nginx/access.log`
			`sudo tail -f /var/log/nginx/error.log`

			`# SQL Server logs`
			`docker logs truecv-sql -f`
			```

			`### Restart Services`
			```bash
			`sudo systemctl restart truecv`
			`sudo systemctl restart nginx`
			`docker restart truecv-sql`
			```

			`### Database Backup`
			```bash
			`# Backup`
			`docker exec truecv-sql /opt/mssql-tools18/bin/sqlcmd \`
			`-S localhost -U SA -P 'YourPassword' -C \`
			`-Q "BACKUP DATABASE TrueCV TO DISK='/var/opt/mssql/backup/truecv.bak'"`

			`# Copy backup from container`
			`docker cp truecv-sql:/var/opt/mssql/backup/truecv.bak ./truecv-backup.bak`
			```

			`### Rollback Deployment`
			```bash
			`# On server - restore previous version`
			`sudo systemctl stop truecv`
			`sudo rm -rf /var/www/truecv`
			`sudo mv /var/www/truecv.backup.YYYYMMDD_HHMMSS /var/www/truecv`
			`sudo systemctl start truecv`
			```

			`## Troubleshooting`

			`### App won't start`
			```bash
			`# Check status`
			`sudo systemctl status truecv`

			`# Check logs`
			`sudo journalctl -u truecv -n 100`

			`# Test manually`
			`cd /var/www/truecv`
			`sudo -u www-data dotnet TrueCV.Web.dll`
			```

			`### Database connection issues`
			```bash
			`# Check SQL Server is running`
			`docker ps \| grep truecv-sql`

			`# Test connection`
			`docker exec -it truecv-sql /opt/mssql-tools18/bin/sqlcmd \`
			`-S localhost -U SA -P 'YourPassword' -C \`
			`-Q "SELECT name FROM sys.databases"`
			```

			`### Blazor SignalR issues`
			`Ensure Nginx is configured for WebSocket support (included in setup script).`

			`Check browser console for connection errors.`

			`## Security Checklist`

			`- [ ] Change default SQL Server password`
			`- [ ] Enable SSL with Let's Encrypt`
			`- [ ] Configure firewall (UFW)`
			`- [ ] Set up automated backups`
			`- [ ] Enable fail2ban for SSH protection`
			`- [ ] Keep system updated regularly`