{"id":30600589,"url":"https://github.com/arifnextdev/neyamot","last_synced_at":"2025-10-05T01:48:37.628Z","repository":{"id":310183932,"uuid":"1038938564","full_name":"arifnextdev/neyamot","owner":"arifnextdev","description":null,"archived":false,"fork":false,"pushed_at":"2025-08-16T10:53:04.000Z","size":51,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-16T11:14:33.759Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arifnextdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-16T05:57:46.000Z","updated_at":"2025-08-16T10:53:08.000Z","dependencies_parsed_at":"2025-08-16T11:14:47.958Z","dependency_job_id":"833263e1-2f27-43a0-844b-2a671f5c6d55","html_url":"https://github.com/arifnextdev/neyamot","commit_stats":null,"previous_names":["arifnextdev/neyamot"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/arifnextdev/neyamot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arifnextdev%2Fneyamot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arifnextdev%2Fneyamot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arifnextdev%2Fneyamot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arifnextdev%2Fneyamot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arifnextdev","download_url":"https://codeload.github.com/arifnextdev/neyamot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arifnextdev%2Fneyamot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272782947,"owners_count":24992350,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-29T02:00:10.610Z","response_time":87,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-29T23:35:35.440Z","updated_at":"2025-10-05T01:48:32.606Z","avatar_url":"https://github.com/arifnextdev.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Neyamot Enterprise Production Deployment Guide\n\nComplete production deployment guide for Neyamot Enterprise - a modern web application with NestJS API backend and Next.js frontend, featuring Docker containerization, Nginx reverse proxy, and SSL certificates.\n\n## 🏗️ Architecture\n\n- **Frontend**: Next.js 15 with TypeScript and Tailwind CSS\n- **Backend**: NestJS with Prisma ORM\n- **Database**: PostgreSQL 15\n- **Cache**: Redis Stack\n- **Reverse Proxy**: Nginx with SSL/TLS\n- **Containerization**: Docker \u0026 Docker Compose\n- **SSL**: Let's Encrypt certificates via Certbot\n\n## 🚀 Quick Start\n\n### Prerequisites\n\n- Docker and Docker Compose installed\n- Domain name pointing to your server (new.neyamotenterprise.com)\n- Server with ports 80 and 443 open\n\n### Initial Deployment\n\n1. **Clone and setup environment**:\n   ```bash\n   git clone https://github.com/yourusername/neyamot-enterprise.git\n   cd neyamot-enterprise/apps\n   cp .env.example .env\n   ```\n\n2. **Configure environment variables**:\n   Edit `.env` file with your production values:\n   ```bash\n   # Update these critical values\n   DOMAIN=new.neyamotenterprise.com\n   SSL_EMAIL=admin@neyamotenterprise.com\n   \n   # Database credentials (will be auto-generated if not set)\n   DATABASE_URL=\"postgresql://neyamot_user:your_secure_password@postgres:5432/neyamot_db?schema=public\"\n   POSTGRES_DB=neyamot_db\n   POSTGRES_USER=neyamot_user\n   POSTGRES_PASSWORD=your_secure_password\n   \n   # Redis credentials\n   REDIS_PASSWORD=your_redis_password\n   \n   # JWT secret\n   JWT_SECRET=your_jwt_secret\n   \n   # OAuth credentials\n   GOOGLE_CLIENT_ID=your_google_client_id\n   GOOGLE_CLIENT_SECRET=your_google_client_secret\n   \n   # Email configuration\n   MAIL_HOST=smtp.gmail.com\n   MAIL_USER=your_email@gmail.com\n   MAIL_PASS=your_app_password\n   ```\n\n3. **Deploy**:\n   ```bash\n   ./deploy.sh init\n   ```\n\nThis will:\n- Generate secure passwords if not provided\n- Build and start all services\n- Setup SSL certificates\n- Run database migrations\n- Perform health checks\n\n## 📋 Available Commands\n\n```bash\n# Initial deployment\n./deploy.sh init\n\n# Update existing deployment\n./deploy.sh update\n\n# Setup/renew SSL certificates\n./deploy.sh ssl\n\n# Create database backup\n./deploy.sh backup\n\n# Check deployment status\n./deploy.sh status\n```\n\n## 🔧 Manual Operations\n\n### Database Operations\n\n```bash\n# Access database\ndocker-compose -f docker-compose.prod.yml exec postgres psql -U postgres -d alphanet_db\n\n# Run migrations\ndocker-compose -f docker-compose.prod.yml exec api npx prisma migrate deploy\n\n# Generate Prisma client\ndocker-compose -f docker-compose.prod.yml exec api npx prisma generate\n\n# Database backup\ndocker-compose -f docker-compose.prod.yml exec postgres pg_dump -U postgres alphanet_db \u003e backup.sql\n```\n\n### Service Management\n\n```bash\n# View logs\ndocker-compose -f docker-compose.prod.yml logs -f [service_name]\n\n# Restart specific service\ndocker-compose -f docker-compose.prod.yml restart [service_name]\n\n# Scale services\ndocker-compose -f docker-compose.prod.yml up -d --scale api=2\n\n# Update single service\ndocker-compose -f docker-compose.prod.yml up -d --no-deps --build api\n```\n\n## 🔒 Security Features\n\n### Network Security\n- Custom Docker network with subnet isolation\n- Services only expose necessary ports\n- Database and Redis only accessible internally\n- Rate limiting on API endpoints\n- Stricter rate limiting on authentication endpoints\n\n### SSL/TLS Configuration\n- TLS 1.2 and 1.3 only\n- Strong cipher suites\n- HSTS headers\n- Automatic HTTP to HTTPS redirect\n\n### Application Security\n- Non-root users in containers\n- Security headers (X-Frame-Options, X-XSS-Protection, etc.)\n- CORS properly configured for production domain\n- Environment-based configuration\n- Secrets management via environment variables\n\n### Database Security\n- Strong password authentication (scram-sha-256)\n- Connection limits\n- Separate application user with limited privileges\n- Regular backups\n\n## 📊 Monitoring \u0026 Health Checks\n\n### Health Endpoints\n- API Health: `https://new.neyamotenterprise.com/api/health`\n- Database connectivity check included\n- Uptime and environment information\n\n### Container Health Checks\n- All services have built-in health checks\n- Automatic restart on failure\n- Dependency-based startup order\n\n### Logs\n- Centralized logging with Docker\n- Nginx access and error logs\n- Application logs with timestamps\n- Redis and PostgreSQL logs\n\n## 🔄 SSL Certificate Management\n\nSSL certificates are automatically managed via Let's Encrypt:\n\n```bash\n# Initial setup (done during init)\n./deploy.sh ssl\n\n# Renew certificates (setup cron job)\n0 12 * * * /path/to/deploy.sh ssl\n```\n\n## 🚨 Troubleshooting\n\n### Common Issues\n\n1. **SSL Certificate Issues**:\n   ```bash\n   # Check certificate status\n   docker-compose -f docker-compose.prod.yml logs certbot\n   \n   # Manually renew\n   ./deploy.sh ssl\n   ```\n\n2. **Database Connection Issues**:\n   ```bash\n   # Check database health\n   docker-compose -f docker-compose.prod.yml exec postgres pg_isready\n   \n   # View database logs\n   docker-compose -f docker-compose.prod.yml logs postgres\n   ```\n\n3. **Application Not Starting**:\n   ```bash\n   # Check service logs\n   docker-compose -f docker-compose.prod.yml logs api\n   docker-compose -f docker-compose.prod.yml logs web\n   \n   # Rebuild containers\n   docker-compose -f docker-compose.prod.yml build --no-cache\n   ```\n\n### Performance Tuning\n\n1. **Database Optimization**:\n   - Adjust PostgreSQL settings in docker-compose.prod.yml\n   - Monitor query performance\n   - Set up connection pooling\n\n2. **Redis Configuration**:\n   - Tune memory settings in redis.conf\n   - Monitor cache hit rates\n   - Adjust eviction policies\n\n3. **Nginx Optimization**:\n   - Enable gzip compression (already configured)\n   - Adjust worker processes\n   - Fine-tune cache settings\n\n## 📈 Scaling\n\n### Horizontal Scaling\n```bash\n# Scale API instances\ndocker-compose -f docker-compose.prod.yml up -d --scale api=3\n\n# Scale web instances\ndocker-compose -f docker-compose.prod.yml up -d --scale web=2\n```\n\n### Load Balancing\nNginx is configured to load balance between multiple instances automatically.\n\n## 🔐 Environment Variables Reference\n\n| Variable | Description | Required | Default |\n|----------|-------------|----------|---------|\n| `DOMAIN` | Your domain name | Yes | - |\n| `SSL_EMAIL` | Email for SSL certificates | Yes | - |\n| `DATABASE_URL` | PostgreSQL connection string | Yes | - |\n| `POSTGRES_DB` | Database name | Yes | - |\n| `POSTGRES_USER` | Database user | Yes | - |\n| `POSTGRES_PASSWORD` | Database password | Yes | - |\n| `REDIS_PASSWORD` | Redis password | Yes | - |\n| `JWT_SECRET` | JWT signing secret | Yes | - |\n| `API_URL` | API base URL | Yes | - |\n| `FRONTEND_URL` | Frontend base URL | Yes | - |\n| `GOOGLE_CLIENT_ID` | Google OAuth client ID | No | - |\n| `GOOGLE_CLIENT_SECRET` | Google OAuth client secret | No | - |\n| `MAIL_HOST` | SMTP server host | No | - |\n| `MAIL_USER` | SMTP username | No | - |\n| `MAIL_PASS` | SMTP password | No | - |\n\n## 📞 Support\n\nFor issues and questions:\n1. Check the logs using the commands above\n2. Review the troubleshooting section\n3. Ensure all environment variables are properly set\n4. Verify domain DNS settings point to your server\n\n## 🔄 Updates and Maintenance\n\n### Regular Maintenance Tasks\n- Monitor disk space and clean up old Docker images\n- Review and rotate logs\n- Update dependencies regularly\n- Monitor SSL certificate expiration\n- Backup database regularly\n- Review security logs\n\n### Update Process\n1. Test changes in development\n2. Create database backup\n3. Run `./deploy.sh update`\n4. Verify deployment with `./deploy.sh status`\n5. Monitor logs for any issues\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farifnextdev%2Fneyamot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farifnextdev%2Fneyamot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farifnextdev%2Fneyamot/lists"}