# TrueCV Deployment Guide ## Quick Start ### 1. Server Setup (run once on fresh Ubuntu server) ```bash # Copy server-setup.sh to your server scp deploy/server-setup.sh user@your-server:/tmp/ # SSH into server and run setup ssh user@your-server sudo bash /tmp/server-setup.sh ``` **Before running**, edit the script and update: - `DOMAIN` - Your domain name - `DB_PASSWORD` - Strong password for SQL Server - `ADMIN_EMAIL` - Email for SSL certificate notifications ### 2. Deploy Application (run from dev machine) ```bash # Edit deploy.sh and update configuration nano deploy/deploy.sh # Make executable and run chmod +x deploy/deploy.sh ./deploy/deploy.sh ``` **Update these values in deploy.sh:** - `SERVER_USER` - SSH username - `SERVER_HOST` - Server hostname or IP - `DOMAIN` - Your domain name ### 3. Enable SSL After DNS is configured and app is deployed: ```bash ssh user@your-server sudo certbot --nginx -d truecv.yourdomain.com ``` ## Configuration ### Environment Variables The systemd service sets these environment variables: - `ASPNETCORE_ENVIRONMENT=Production` - `ASPNETCORE_URLS=http://localhost:5000` - `ConnectionStrings__DefaultConnection=...` To add more (like API keys), edit: ```bash sudo systemctl edit truecv ``` Add: ```ini [Service] Environment=OpenAI__ApiKey=your-key-here ``` ### appsettings.Production.json For sensitive settings, create `/var/www/truecv/appsettings.Production.json`: ```json { "ConnectionStrings": { "DefaultConnection": "Server=127.0.0.1;Database=TrueCV;User Id=SA;Password=YourPassword;TrustServerCertificate=True" }, "OpenAI": { "ApiKey": "your-openai-key" } } ``` ## Maintenance ### View Logs ```bash # Application logs sudo journalctl -u truecv -f # Nginx logs sudo tail -f /var/log/nginx/access.log sudo tail -f /var/log/nginx/error.log # SQL Server logs docker logs truecv-sql -f ``` ### Restart Services ```bash sudo systemctl restart truecv sudo systemctl restart nginx docker restart truecv-sql ``` ### Database Backup ```bash # Backup docker exec truecv-sql /opt/mssql-tools18/bin/sqlcmd \ -S localhost -U SA -P 'YourPassword' -C \ -Q "BACKUP DATABASE TrueCV TO DISK='/var/opt/mssql/backup/truecv.bak'" # Copy backup from container docker cp truecv-sql:/var/opt/mssql/backup/truecv.bak ./truecv-backup.bak ``` ### Rollback Deployment ```bash # On server - restore previous version sudo systemctl stop truecv sudo rm -rf /var/www/truecv sudo mv /var/www/truecv.backup.YYYYMMDD_HHMMSS /var/www/truecv sudo systemctl start truecv ``` ## Troubleshooting ### App won't start ```bash # Check status sudo systemctl status truecv # Check logs sudo journalctl -u truecv -n 100 # Test manually cd /var/www/truecv sudo -u www-data dotnet TrueCV.Web.dll ``` ### Database connection issues ```bash # Check SQL Server is running docker ps | grep truecv-sql # Test connection docker exec -it truecv-sql /opt/mssql-tools18/bin/sqlcmd \ -S localhost -U SA -P 'YourPassword' -C \ -Q "SELECT name FROM sys.databases" ``` ### Blazor SignalR issues Ensure Nginx is configured for WebSocket support (included in setup script). Check browser console for connection errors. ## Security Checklist - [ ] Change default SQL Server password - [ ] Enable SSL with Let's Encrypt - [ ] Configure firewall (UFW) - [ ] Set up automated backups - [ ] Enable fail2ban for SSH protection - [ ] Keep system updated regularly