diff --git a/COOLIFY_ENV_VARS.md b/COOLIFY_ENV_VARS.md index 169672cb..ee05449c 100644 --- a/COOLIFY_ENV_VARS.md +++ b/COOLIFY_ENV_VARS.md @@ -22,12 +22,12 @@ LEARNHOUSE_COOKIE_DOMAIN=your-dev-domain.com LEARNHOUSE_CONTACT_EMAIL=contact@.com LEARNHOUSE_EMAIL_PROVIDER=resend LEARNHOUSE_IS_AI_ENABLED=false -LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_DEV_REDIS_PASSWORD@redis:6379/1 +LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_DEV_REDIS_PASSWORD@redis-dev:6379/1 # Use deployment-specific Redis hostname LEARNHOUSE_RESEND_API_KEY=YOUR_RESEND_API_KEY LEARNHOUSE_SELF_HOSTED=true LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences. LEARNHOUSE_SITE_NAME=ADR LMS -LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_DEV_DB_PASSWORD@db:5432/learnhouse_dev +LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_DEV_DB_PASSWORD@db-dev:5432/learnhouse_dev # Use deployment-specific database hostname LEARNHOUSE_SSL=true LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=contact@.com NEXTAUTH_SECRET=YOUR_DEV_NEXTAUTH_SECRET @@ -53,12 +53,12 @@ LEARNHOUSE_COOKIE_DOMAIN=your-prod-domain.com LEARNHOUSE_CONTACT_EMAIL=contact@.com LEARNHOUSE_EMAIL_PROVIDER=resend LEARNHOUSE_IS_AI_ENABLED=false -LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_LIVE_REDIS_PASSWORD@redis:6379/0 +LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_LIVE_REDIS_PASSWORD@redis-live:6379/0 # Use deployment-specific Redis hostname LEARNHOUSE_RESEND_API_KEY=YOUR_RESEND_API_KEY LEARNHOUSE_SELF_HOSTED=true LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences. LEARNHOUSE_SITE_NAME=ADR LMS -LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_LIVE_DB_PASSWORD@db:5432/learnhouse +LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_LIVE_DB_PASSWORD@db-live:5432/learnhouse # Use deployment-specific database hostname LEARNHOUSE_SSL=true LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=contact@.com NEXTAUTH_SECRET=YOUR_LIVE_NEXTAUTH_SECRET @@ -81,7 +81,21 @@ REDIS_PASSWORD=YOUR_LIVE_REDIS_PASSWORD The critical environment variables that ensure complete isolation: 1. **DEPLOYMENT_NAME**: Different for each environment (`dev` vs `live`) -2. **Domain Variables**: Point to different domains -3. **Database Credentials**: Different databases and users -4. **Redis Connection**: Different Redis databases (1 vs 0) -5. **Secrets**: Different NEXTAUTH_SECRET values +2. **Domain Variables**: Point to different domains +3. **Database Hostnames**: Use deployment-specific hostnames (`db-dev` vs `db-live`) +4. **Redis Hostnames**: Use deployment-specific hostnames (`redis-dev` vs `redis-live`) +5. **Database Credentials**: Different databases and users +6. **Redis Connection**: Different Redis databases (1 vs 0) +7. **Secrets**: Different NEXTAUTH_SECRET values + +## Deployment Isolation Strategy + +To prevent cross-deployment contamination: + +1. **Database Isolation**: Each deployment must use its own separate database server with a unique hostname +2. **Redis Isolation**: Each deployment must use its own Redis instance with a unique hostname +3. **Domain Isolation**: Each deployment must use its own domain and cookie domain +4. **URL Patching**: The Dockerfile includes runtime patching of hardcoded URLs +5. **Network Isolation**: Each deployment should use its own Docker network + +See `DATABASE_ISOLATION_FIX.md` for detailed implementation steps. diff --git a/ISOLATION_IMPLEMENTATION_CHECKLIST.md b/ISOLATION_IMPLEMENTATION_CHECKLIST.md index e69de29b..37896f29 100644 --- a/ISOLATION_IMPLEMENTATION_CHECKLIST.md +++ b/ISOLATION_IMPLEMENTATION_CHECKLIST.md @@ -0,0 +1,119 @@ +# LearnHouse Deployment Isolation Implementation Checklist + +This checklist guides you through implementing complete isolation between DEV and LIVE LearnHouse deployments to prevent cross-deployment contamination. + +## Issue Overview + +We've identified that both DEV and LIVE deployments are accessing the same database and contain hardcoded URLs, causing: +- Data contamination (same courses appear in both deployments) +- Session mixing (logging in on one deployment affects the other) +- Inconsistent user experience (clicking links on DEV may lead to LIVE site) + +## Implementation Checklist + +### Step 1: Deploy API Changes + +- [ ] Pull the latest code with isolation fixes: + ```bash + git pull origin dev + ``` + +- [ ] Verify the debug endpoint files exist: + ```bash + ls -la apps/api/src/routers/debug.py + ``` + +- [ ] Deploy API changes to both environments using your CI/CD system + +### Step 2: Update Environment Variables + +#### For DEV Environment: + +- [ ] Update database connection string: + ``` + LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_DEV_PASSWORD@db-dev:5432/learnhouse_dev + ``` + +- [ ] Update Redis connection string: + ``` + LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_DEV_REDIS_PASSWORD@redis-dev:6379/1 + ``` + +- [ ] Ensure domain settings are correct: + ``` + LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud + LEARNHOUSE_COOKIE_DOMAIN=adr-lms.whitex.cloud + NEXT_PUBLIC_LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud + ``` + +#### For LIVE Environment: + +- [ ] Update database connection string: + ``` + LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_LIVE_PASSWORD@db-live:5432/learnhouse + ``` + +- [ ] Update Redis connection string: + ``` + LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_LIVE_REDIS_PASSWORD@redis-live:6379/0 + ``` + +- [ ] Ensure domain settings are correct: + ``` + LEARNHOUSE_DOMAIN=edu.adradviser.ro + LEARNHOUSE_COOKIE_DOMAIN=edu.adradviser.ro + NEXT_PUBLIC_LEARNHOUSE_DOMAIN=edu.adradviser.ro + ``` + +### Step 3: Database Infrastructure + +- [ ] Ensure each deployment has its own database server: + - DEV: db-dev + - LIVE: db-live + +- [ ] If using shared infrastructure, ensure logical isolation through server names and proper networking + +### Step 4: Rebuild & Deploy + +- [ ] Rebuild and deploy both environments with updated environment variables +- [ ] Restart all services to apply changes + +### Step 5: Verification + +- [ ] Run verification scripts: + ```bash + ./verify-isolation.sh + ./verify-db-isolation.sh + ``` + +- [ ] Access debug endpoints directly: + - DEV: https://adr-lms.whitex.cloud/api/v1/debug/deployment + - LIVE: https://edu.adradviser.ro/api/v1/debug/deployment + +- [ ] Check URLs in frontend: + - DEV: https://adr-lms.whitex.cloud/api/v1/debug/urls + - LIVE: https://edu.adradviser.ro/api/v1/debug/urls + +- [ ] Test in incognito browsers to verify session isolation + +## Troubleshooting + +If isolation issues persist after implementation: + +1. **Verify Database Connections**: + - Confirm debug endpoints show different database hosts + - Check actual database servers to confirm connections come from different sources + +2. **Clear Browser Data**: + - Use incognito mode or clear all cookies/cache for proper testing + +3. **Check Docker Network Isolation**: + - Ensure each deployment uses its own Docker network + - Verify hostnames resolve to different IP addresses within containers + +4. **Validate URL Patching**: + - Run URL debug endpoint to confirm no hardcoded references remain + +For additional help, refer to the full documentation in: +- `DATABASE_ISOLATION_FIX.md` +- `DEPLOYMENT_TROUBLESHOOTING.md` diff --git a/deploy-isolation-fix.sh b/deploy-isolation-fix.sh index e69de29b..4e09b4a6 100755 --- a/deploy-isolation-fix.sh +++ b/deploy-isolation-fix.sh @@ -0,0 +1,82 @@ +#!/bin/bash +# Deployment Isolation Fix Script +# This script will deploy the isolation fixes to both environments + +GREEN='\033[0;32m' +RED='\033[0;31m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +echo -e "${BLUE}=== LearnHouse Deployment Isolation Fix Script ===${NC}" +echo -e "${YELLOW}This script will apply deployment isolation fixes${NC}" + +# Verify script is running from correct directory +if [ ! -d "./apps/api" ] || [ ! -d "./apps/web" ]; then + echo -e "${RED}Error: This script must be run from the root of the learnhouse project${NC}" + exit 1 +fi + +# Check if we have git access +if ! git status &>/dev/null; then + echo -e "${RED}Error: Unable to access git repository${NC}" + exit 1 +fi + +# Ensure we have the latest code +echo -e "\n${BLUE}Fetching latest code...${NC}" +git fetch + +# Check for uncommitted changes +if [[ -n $(git status -s) ]]; then + echo -e "${YELLOW}Warning: There are uncommitted changes in the repository${NC}" + echo -e "Current changes:" + git status -s + + read -p "Do you want to continue and commit these changes? (y/n) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + echo -e "${YELLOW}Fix aborted. Please commit or stash your changes first.${NC}" + exit 1 + fi + + # Commit changes + git add apps/api/src/routers/debug.py apps/api/src/router.py apps/api/app.py Dockerfile_coolify + git commit -m "Add deployment isolation fixes" +fi + +# Display what will be deployed +echo -e "\n${BLUE}The following fixes will be deployed:${NC}" +echo -e "1. Debug endpoints at /api/v1/debug/deployment and /api/v1/debug/urls" +echo -e "2. Enhanced URL patching in Dockerfile_coolify" +echo -e "3. Updated environment variable templates for database isolation" + +read -p "Do you want to deploy these fixes now? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]]; then + echo -e "${YELLOW}Deployment aborted.${NC}" + exit 1 +fi + +# Push changes +echo -e "\n${BLUE}Pushing changes to repository...${NC}" +git push || { echo -e "${RED}Failed to push changes${NC}"; exit 1; } + +echo -e "${GREEN}✓${NC} Code changes pushed successfully" + +# Instructions for deployment +echo -e "\n${BLUE}=== Next Steps ===${NC}" +echo -e "1. Deploy the changes to both environments using your CI/CD system" +echo -e "2. Update environment variables for each deployment:" +echo -e "${YELLOW} DEV:${NC} LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_PASSWORD@db-dev:5432/learnhouse_dev" +echo -e "${YELLOW} LIVE:${NC} LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_PASSWORD@db-live:5432/learnhouse" +echo -e "3. Verify deployment isolation using the verification scripts:" +echo -e " ${YELLOW}./verify-isolation.sh${NC}" +echo -e " ${YELLOW}./verify-db-isolation.sh${NC}" +echo -e "4. Restart both deployments after updating environment variables" + +echo -e "\n${BLUE}=== Verification URLs ===${NC}" +echo -e "DEV debug endpoint: ${YELLOW}https://adr-lms.whitex.cloud/api/v1/debug/deployment${NC}" +echo -e "LIVE debug endpoint: ${YELLOW}https://edu.adradviser.ro/api/v1/debug/deployment${NC}" +echo -e "DEV URL check: ${YELLOW}https://adr-lms.whitex.cloud/api/v1/debug/urls${NC}" +echo -e "LIVE URL check: ${YELLOW}https://edu.adradviser.ro/api/v1/debug/urls${NC}"