rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: implement deployment isolation checklist and update environment variable templates

Browse source
This commit is contained in:
WhiteX 2025-06-12 21:43:27 +03:00 committed by rzmk
parent e94fcded2a
commit 2ace169ab1
3 changed files with 223 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

28
COOLIFY_ENV_VARS.md
View file

@ -22,12 +22,12 @@ LEARNHOUSE_COOKIE_DOMAIN=your-dev-domain.com
LEARNHOUSE_CONTACT_EMAIL=contact@.com LEARNHOUSE_CONTACT_EMAIL=contact@.com
LEARNHOUSE_EMAIL_PROVIDER=resend LEARNHOUSE_EMAIL_PROVIDER=resend
LEARNHOUSE_IS_AI_ENABLED=false LEARNHOUSE_IS_AI_ENABLED=false
LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_DEV_REDIS_PASSWORD@redis:6379/1 LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_DEV_REDIS_PASSWORD@redis-dev:6379/1 # Use deployment-specific Redis hostname
LEARNHOUSE_RESEND_API_KEY=YOUR_RESEND_API_KEY LEARNHOUSE_RESEND_API_KEY=YOUR_RESEND_API_KEY
LEARNHOUSE_SELF_HOSTED=true LEARNHOUSE_SELF_HOSTED=true
LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences. LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences.
LEARNHOUSE_SITE_NAME=ADR LMS LEARNHOUSE_SITE_NAME=ADR LMS
LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_DEV_DB_PASSWORD@db:5432/learnhouse_dev LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_DEV_DB_PASSWORD@db-dev:5432/learnhouse_dev # Use deployment-specific database hostname
LEARNHOUSE_SSL=true LEARNHOUSE_SSL=true
LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=contact@.com LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=contact@.com
NEXTAUTH_SECRET=YOUR_DEV_NEXTAUTH_SECRET NEXTAUTH_SECRET=YOUR_DEV_NEXTAUTH_SECRET
@ -53,12 +53,12 @@ LEARNHOUSE_COOKIE_DOMAIN=your-prod-domain.com
LEARNHOUSE_CONTACT_EMAIL=contact@.com LEARNHOUSE_CONTACT_EMAIL=contact@.com
LEARNHOUSE_EMAIL_PROVIDER=resend LEARNHOUSE_EMAIL_PROVIDER=resend
LEARNHOUSE_IS_AI_ENABLED=false LEARNHOUSE_IS_AI_ENABLED=false
LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_LIVE_REDIS_PASSWORD@redis:6379/0 LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_LIVE_REDIS_PASSWORD@redis-live:6379/0 # Use deployment-specific Redis hostname
LEARNHOUSE_RESEND_API_KEY=YOUR_RESEND_API_KEY LEARNHOUSE_RESEND_API_KEY=YOUR_RESEND_API_KEY
LEARNHOUSE_SELF_HOSTED=true LEARNHOUSE_SELF_HOSTED=true
LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences. LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences.
LEARNHOUSE_SITE_NAME=ADR LMS LEARNHOUSE_SITE_NAME=ADR LMS
LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_LIVE_DB_PASSWORD@db:5432/learnhouse LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_LIVE_DB_PASSWORD@db-live:5432/learnhouse # Use deployment-specific database hostname
LEARNHOUSE_SSL=true LEARNHOUSE_SSL=true
LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=contact@.com LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=contact@.com
NEXTAUTH_SECRET=YOUR_LIVE_NEXTAUTH_SECRET NEXTAUTH_SECRET=YOUR_LIVE_NEXTAUTH_SECRET
@ -82,6 +82,20 @@ The critical environment variables that ensure complete isolation:
1. **DEPLOYMENT_NAME**: Different for each environment (`dev` vs `live`) 1. **DEPLOYMENT_NAME**: Different for each environment (`dev` vs `live`)
2. **Domain Variables**: Point to different domains 2. **Domain Variables**: Point to different domains
3. **Database Credentials**: Different databases and users 3. **Database Hostnames**: Use deployment-specific hostnames (`db-dev` vs `db-live`)
4. **Redis Connection**: Different Redis databases (1 vs 0) 4. **Redis Hostnames**: Use deployment-specific hostnames (`redis-dev` vs `redis-live`)
5. **Secrets**: Different NEXTAUTH_SECRET values 5. **Database Credentials**: Different databases and users
6. **Redis Connection**: Different Redis databases (1 vs 0)
7. **Secrets**: Different NEXTAUTH_SECRET values
## Deployment Isolation Strategy
To prevent cross-deployment contamination:
1. **Database Isolation**: Each deployment must use its own separate database server with a unique hostname
2. **Redis Isolation**: Each deployment must use its own Redis instance with a unique hostname
3. **Domain Isolation**: Each deployment must use its own domain and cookie domain
4. **URL Patching**: The Dockerfile includes runtime patching of hardcoded URLs
5. **Network Isolation**: Each deployment should use its own Docker network
See `DATABASE_ISOLATION_FIX.md` for detailed implementation steps.

119
ISOLATION_IMPLEMENTATION_CHECKLIST.md
View file

@ -0,0 +1,119 @@
# LearnHouse Deployment Isolation Implementation Checklist
This checklist guides you through implementing complete isolation between DEV and LIVE LearnHouse deployments to prevent cross-deployment contamination.
## Issue Overview
We've identified that both DEV and LIVE deployments are accessing the same database and contain hardcoded URLs, causing:
- Data contamination (same courses appear in both deployments)
- Session mixing (logging in on one deployment affects the other)
- Inconsistent user experience (clicking links on DEV may lead to LIVE site)
## Implementation Checklist
### Step 1: Deploy API Changes
- [ ] Pull the latest code with isolation fixes:
```bash
git pull origin dev
```
- [ ] Verify the debug endpoint files exist:
```bash
ls -la apps/api/src/routers/debug.py
```
- [ ] Deploy API changes to both environments using your CI/CD system
### Step 2: Update Environment Variables
#### For DEV Environment:
- [ ] Update database connection string:
```
LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_DEV_PASSWORD@db-dev:5432/learnhouse_dev
```
- [ ] Update Redis connection string:
```
LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_DEV_REDIS_PASSWORD@redis-dev:6379/1
```
- [ ] Ensure domain settings are correct:
```
LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
LEARNHOUSE_COOKIE_DOMAIN=adr-lms.whitex.cloud
NEXT_PUBLIC_LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
```
#### For LIVE Environment:
- [ ] Update database connection string:
```
LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_LIVE_PASSWORD@db-live:5432/learnhouse
```
- [ ] Update Redis connection string:
```
LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:YOUR_LIVE_REDIS_PASSWORD@redis-live:6379/0
```
- [ ] Ensure domain settings are correct:
```
LEARNHOUSE_DOMAIN=edu.adradviser.ro
LEARNHOUSE_COOKIE_DOMAIN=edu.adradviser.ro
NEXT_PUBLIC_LEARNHOUSE_DOMAIN=edu.adradviser.ro
```
### Step 3: Database Infrastructure
- [ ] Ensure each deployment has its own database server:
- DEV: db-dev
- LIVE: db-live
- [ ] If using shared infrastructure, ensure logical isolation through server names and proper networking
### Step 4: Rebuild & Deploy
- [ ] Rebuild and deploy both environments with updated environment variables
- [ ] Restart all services to apply changes
### Step 5: Verification
- [ ] Run verification scripts:
```bash
./verify-isolation.sh
./verify-db-isolation.sh
```
- [ ] Access debug endpoints directly:
- DEV: https://adr-lms.whitex.cloud/api/v1/debug/deployment
- LIVE: https://edu.adradviser.ro/api/v1/debug/deployment
- [ ] Check URLs in frontend:
- DEV: https://adr-lms.whitex.cloud/api/v1/debug/urls
- LIVE: https://edu.adradviser.ro/api/v1/debug/urls
- [ ] Test in incognito browsers to verify session isolation
## Troubleshooting
If isolation issues persist after implementation:
1. **Verify Database Connections**:
- Confirm debug endpoints show different database hosts
- Check actual database servers to confirm connections come from different sources
2. **Clear Browser Data**:
- Use incognito mode or clear all cookies/cache for proper testing
3. **Check Docker Network Isolation**:
- Ensure each deployment uses its own Docker network
- Verify hostnames resolve to different IP addresses within containers
4. **Validate URL Patching**:
- Run URL debug endpoint to confirm no hardcoded references remain
For additional help, refer to the full documentation in:
- `DATABASE_ISOLATION_FIX.md`
- `DEPLOYMENT_TROUBLESHOOTING.md`

82
deploy-isolation-fix.sh
View file

@ -0,0 +1,82 @@
#!/bin/bash
# Deployment Isolation Fix Script
# This script will deploy the isolation fixes to both environments
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
echo -e "${BLUE}=== LearnHouse Deployment Isolation Fix Script ===${NC}"
echo -e "${YELLOW}This script will apply deployment isolation fixes${NC}"
# Verify script is running from correct directory
if [ ! -d "./apps/api" ] || [ ! -d "./apps/web" ]; then
echo -e "${RED}Error: This script must be run from the root of the learnhouse project${NC}"
exit 1
fi
# Check if we have git access
if ! git status &>/dev/null; then
echo -e "${RED}Error: Unable to access git repository${NC}"
exit 1
fi
# Ensure we have the latest code
echo -e "\n${BLUE}Fetching latest code...${NC}"
git fetch
# Check for uncommitted changes
if [[ -n $(git status -s) ]]; then
echo -e "${YELLOW}Warning: There are uncommitted changes in the repository${NC}"
echo -e "Current changes:"
git status -s
read -p "Do you want to continue and commit these changes? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "${YELLOW}Fix aborted. Please commit or stash your changes first.${NC}"
exit 1
fi
# Commit changes
git add apps/api/src/routers/debug.py apps/api/src/router.py apps/api/app.py Dockerfile_coolify
git commit -m "Add deployment isolation fixes"
fi
# Display what will be deployed
echo -e "\n${BLUE}The following fixes will be deployed:${NC}"
echo -e "1. Debug endpoints at /api/v1/debug/deployment and /api/v1/debug/urls"
echo -e "2. Enhanced URL patching in Dockerfile_coolify"
echo -e "3. Updated environment variable templates for database isolation"
read -p "Do you want to deploy these fixes now? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "${YELLOW}Deployment aborted.${NC}"
exit 1
fi
# Push changes
echo -e "\n${BLUE}Pushing changes to repository...${NC}"
git push || { echo -e "${RED}Failed to push changes${NC}"; exit 1; }
echo -e "${GREEN}${NC} Code changes pushed successfully"
# Instructions for deployment
echo -e "\n${BLUE}=== Next Steps ===${NC}"
echo -e "1. Deploy the changes to both environments using your CI/CD system"
echo -e "2. Update environment variables for each deployment:"
echo -e "${YELLOW} DEV:${NC} LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:YOUR_PASSWORD@db-dev:5432/learnhouse_dev"
echo -e "${YELLOW} LIVE:${NC} LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:YOUR_PASSWORD@db-live:5432/learnhouse"
echo -e "3. Verify deployment isolation using the verification scripts:"
echo -e " ${YELLOW}./verify-isolation.sh${NC}"
echo -e " ${YELLOW}./verify-db-isolation.sh${NC}"
echo -e "4. Restart both deployments after updating environment variables"
echo -e "\n${BLUE}=== Verification URLs ===${NC}"
echo -e "DEV debug endpoint: ${YELLOW}https://adr-lms.whitex.cloud/api/v1/debug/deployment${NC}"
echo -e "LIVE debug endpoint: ${YELLOW}https://edu.adradviser.ro/api/v1/debug/deployment${NC}"
echo -e "DEV URL check: ${YELLOW}https://adr-lms.whitex.cloud/api/v1/debug/urls${NC}"
echo -e "LIVE URL check: ${YELLOW}https://edu.adradviser.ro/api/v1/debug/urls${NC}"