Commit Graph

26 Commits

Author SHA1 Message Date
aef38e871f fix(6): ensure background processes run from correct directories
- Wrap backend uvicorn with proper working directory subshell
- Wrap frontend Next.js server with proper working directory subshell
- Use subshell syntax (cd && run) to ensure processes inherit correct context
- Fixes processes starting but immediately crashing
2026-04-22 18:35:53 +03:00
66464cb148 fix(6): fix process monitoring - keep servers running indefinitely
- Replace wait with infinite monitoring loop
- Detect and warn if processes die instead of killing them
- Allows independent process failures without terminating script
- Trap still catches Ctrl-C to graceful shutdown
2026-04-22 18:34:18 +03:00
7041a6dc88 fix(6): correct venv path in start_server.sh - create in project root
- Virtual environment should be .venv in project root, not parent folder
- Fix venv creation and activation path logic
- Ensures venv is created and found in correct location
2026-04-22 18:30:58 +03:00
a2fd9b1ce6 fix(6): update standalone start_server.sh to use Python virtual environment
- Create .venv automatically if missing
- Activate virtual environment before pip install
- Fixes PEP 668 externally-managed-environment error on Python 3.12
- Virtual environment isolated from system Python packages
2026-04-22 18:29:15 +03:00
fc149184e9 feat(6): phase 6 plan 02 - operational runbook and documentation
- Created OPERATIONAL_RUNBOOK.md: comprehensive step-by-step procedures for both Docker and Standalone deployment modes covering deployment, daily ops, troubleshooting, backup/restore, disaster recovery, scaling, and updates
- Created HEALTH_MONITORING_CHECKLIST.md: daily/weekly/monthly health check procedures with alert thresholds and quick troubleshooting reference
- Created DISASTER_RECOVERY_PLAN.md: detailed procedures for 6 failure scenarios (database corruption, hardware failure, data center failure, app crash, disk full, network isolation) with RTO/RPO targets
- Created CONFIGURATION_REFERENCE.md: complete documentation of all inventory.env parameters for both deployment modes with common scenarios and troubleshooting
- Created EMERGENCY_PROCEDURES.md: quick-reference incident response playbook with 7 critical scenarios, decision tree, escalation path, and printable cheat sheet
- Created scripts/backup.sh: automated backup script supporting both Docker and Standalone with integrity verification and retention management
- Created scripts/restore.sh: restore script with triple confirmation, safety backups, and validation tests for both deployment modes
- Created config/backup-cron.sh: installer for daily/weekly automated backup cron jobs (2 AM daily, 3 AM Sunday)

All documentation covers dual-deployment modes with shared configuration files.
Documentation is operator-ready with copy-paste commands and clear expected outputs.
2026-04-22 18:25:32 +03:00
59565c9b8a improve: comprehensive process cleanup in startup script
- Add -9 (force kill) flag to all pkill commands
- Kill Python backend processes explicitly
- Kill npm and node processes
- Use fuser to kill processes bound to ports 8000, 3001, 3002, 3003
- Add 1 second wait after cleanup
- Ensures absolutely clean state before restart
2026-04-22 09:45:50 +03:00
8d9e8998f8 fix: clean shutdown handling in start_server.sh
- Add signal traps for SIGINT (Ctrl-C) and SIGTERM
- Cleanup function kills all child processes gracefully
- Script now exits cleanly without hanging
- Users can press Ctrl-C to stop all services at once
2026-04-22 09:33:43 +03:00
fcff97bae2 fix: bind SSL proxies to SERVER_IP for VPN/remote access
local-ssl-proxy was binding to 0.0.0.0 which doesn't work reliably for
cross-network access (VPN, remote clients). Now binds to SERVER_IP from
inventory.env, ensuring the proxy is reachable from all networks that can
reach the server's main IP address.
2026-04-21 15:27:28 +03:00
3c9e5a8149 refactor: remove all hardcoded IPs/subnets, use environment variables only
- Next.js allowedDevOrigins now loaded from ALLOWED_DEV_ORIGINS env var
- start_server.sh generates ALLOWED_DEV_ORIGINS from EXTRA_ALLOWED_ORIGINS
- Subnet notation (10.0.0.0/24) auto-converts to wildcard patterns (10.0.0.*)
- Individual IPs convert to subnet patterns (192.168.1.100 -> 192.168.1.*)
- Zero hardcoded IPs in source code - all from inventory.env
2026-04-21 15:21:05 +03:00
983d6e4bb4 feat: add subnet-based CORS validation support for VPN/Tailscale origins
- Add ipaddress module for subnet parsing (10.0.0.0/24 format)
- Implement subnet validation in CORS middleware
- Separate individual IPs from subnet definitions in EXTRA_ALLOWED_ORIGINS
- Custom SubnetAwareCORSMiddleware for dynamic origin validation
- Support both exact IP matches and subnet ranges
- Backward compatible with existing ALLOWED_ORIGINS list
2026-04-21 15:17:29 +03:00
600b6c8a76 Build [v1.10.16] 2026-04-18 16:20:49 +00:00
7b1f318916 fix: improve venv creation with error checking and proper validation 2026-04-18 13:40:30 +00:00
8b6dc0db33 fix: use venv pip to avoid externally-managed-environment error 2026-04-18 13:39:37 +00:00
5e0ffe6d80 fix: use venv python for uvicorn and add node version check 2026-04-18 13:25:05 +00:00
f74a17485f fix: add npm install and expose pip install errors in start_server.sh 2026-04-18 13:22:48 +00:00
f6ff190465 chore: replace macOS commands with Linux equivalents in start_server.sh
- Remove /opt/homebrew/bin PATH injection (macOS Homebrew specific)
- Replace ipconfig with hostname -I for IP detection (Linux native)
- Add fallback to 'localhost' for edge cases
2026-04-18 13:00:44 +00:00
Daniel Bedeleanu
fcb187974e Build [v1.9.18] 2026-04-13 23:43:52 +03:00
Daniel Bedeleanu
7c3d0e102f Build [v1.9.5] (Bulletproof Deployment with visible inventory.env and deploy.sh) 2026-04-13 21:32:49 +03:00
Daniel Bedeleanu
a0eaddf994 Build [v1.9.4] (Single Source of Truth: Consolidated Configuration) 2026-04-13 21:15:19 +03:00
Daniel Bedeleanu
81b775c9ae Build [v1.8.0] 2026-04-13 19:23:48 +03:00
Daniel Bedeleanu
f3d861b1a2 Build [v1.4.0] - Audit Dashboard & LDAP Restoration 2026-04-12 09:39:17 +03:00
Daniel Bedeleanu
161a182281 Build [v.1.3.9] 2026-04-12 07:29:58 +03:00
Daniel Bedeleanu
c1b8d2d8b9 fix: use absolute paths for DATA_DIR and LOGS_DIR in start_server.sh
- Resolves sqlite3.OperationalError when database path is relative
- Uses script directory as base for all relative paths
- Ensures consistent behavior regardless of working directory
2026-04-11 15:07:51 +03:00
Daniel Bedeleanu
ac1703e6c2 fix: set DATA_DIR and LOGS_DIR environment variables in start_server.sh
- DATA_DIR=./data points backend to correct config location
- Ensures ldap_config.json and database are found consistently
- Matches docker-compose setup
2026-04-11 15:04:05 +03:00
Daniel Bedeleanu
483a747600 fix: CORS configuration for both docker-compose and start_server.sh deployments
- Update start_server.sh to auto-detect local IP and export ALLOWED_ORIGINS
- Includes both localhost and detected IP on HTTP/HTTPS proxy ports
- Export JWT_SECRET_KEY with ephemeral key if not set
- Fix Romanian comments in docker-compose.yml to English
- Document two deployment methods in SESSION_STATE.md
2026-04-11 14:44:00 +03:00
Daniel Bedeleanu
8a3783c7e9 Infrastructure: Implement master/dev/vX branching, save git path, and fix username casing 2026-04-10 21:51:22 +03:00