Deploy

Guia completo para deploy do CSGOFlip em produção.

Pré-requisitos

• Servidor Linux (Ubuntu 22.04 LTS recomendado)
• Docker e Docker Compose
• Node.js 20 LTS
• PostgreSQL 15+
• Redis 7+
• Domínio configurado
• Certificado SSL

Arquitetura de Deploy

Passo a Passo

1. Preparar Servidor

# Atualizar sistema
sudo apt update && sudo apt upgrade -y

# Instalar dependências
sudo apt install -y curl git build-essential

# Instalar Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER

# Instalar Node.js 20
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs

# Instalar PM2
sudo npm install -g pm2

# Instalar Nginx
sudo apt install -y nginx

2. Configurar PostgreSQL

# Criar container
docker run -d \
  --name postgres \
  -e POSTGRES_USER=csgoflip \
  -e POSTGRES_PASSWORD=your-secure-password \
  -e POSTGRES_DB=csgoflip \
  -v postgres_data:/var/lib/postgresql/data \
  -p 5432:5432 \
  --restart always \
  postgres:15-alpine

# Verificar
docker logs postgres

3. Configurar Redis

# Criar container
docker run -d \
  --name redis \
  -v redis_data:/data \
  -p 6379:6379 \
  --restart always \
  redis:7-alpine redis-server --requirepass your-redis-password --appendonly yes

# Verificar
docker exec redis redis-cli -a your-redis-password ping

4. Configurar MinIO (Storage)

docker run -d \
  --name minio \
  -e MINIO_ROOT_USER=minioadmin \
  -e MINIO_ROOT_PASSWORD=minioadmin-secret \
  -v minio_data:/data \
  -p 9000:9000 \
  -p 9001:9001 \
  --restart always \
  minio/minio server /data --console-address ":9001"

5. Clonar e Configurar Projeto

# Clonar repositório
git clone https://github.com/your-org/csgoflip.git
cd csgoflip

# Instalar dependências
npm ci

# Configurar variáveis de ambiente
cp .env.example .env
nano .env

6. Configurar Variáveis de Ambiente

# .env
NODE_ENV=production
PORT=3000

# Database
DATABASE_URL=postgresql://csgoflip:your-secure-password@localhost:5432/csgoflip

# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=your-redis-password

# Steam
STEAM_API_KEY=your-steam-api-key
STEAM_REALM=https://csgoflip.com
STEAM_RETURN_URL=https://api.csgoflip.com/auth/steam/callback

# Storage
S3_ENDPOINT=http://localhost:9000
S3_ACCESS_KEY=minioadmin
S3_SECRET_KEY=minioadmin-secret
S3_BUCKET=csgoflip

# Security
SESSION_SECRET=generate-a-secure-random-string
ENCRYPTION_KEY=generate-a-32-byte-hex-string

# URLs
API_URL=https://api.csgoflip.com
FRONTEND_URL=https://csgoflip.com
ADMIN_URL=https://admin.csgoflip.com

7. Build e Migrations

# Build da API
npm run build

# Gerar Prisma Client
npx prisma generate

# Executar migrations
npx prisma migrate deploy

# Seed (opcional)
npx prisma db seed

8. Configurar PM2

// ecosystem.config.js
module.exports = {
  apps: [
    {
      name: 'csgoflip-api',
      script: 'dist/main.js',
      instances: 'max',
      exec_mode: 'cluster',
      env_production: {
        NODE_ENV: 'production',
      },
      max_memory_restart: '1G',
      error_file: './logs/api-error.log',
      out_file: './logs/api-out.log',
    },
  ],
};

# Iniciar API
pm2 start ecosystem.config.js --env production

# Salvar configuração
pm2 save

# Configurar startup
pm2 startup

9. Build Frontend

# Client (site principal)
cd client
npm ci
npm run build
pm2 start npm --name "csgoflip-client" -- start

# Admin Dashboard
cd ../next-shadcn-admin-dashboard
npm ci
npm run build
pm2 start npm --name "csgoflip-admin" -- start

10. Configurar Nginx

# /etc/nginx/sites-available/csgoflip.conf

# API
server {
    listen 443 ssl http2;
    server_name api.csgoflip.com;

    ssl_certificate /etc/letsencrypt/live/csgoflip.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/csgoflip.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

# Frontend
server {
    listen 443 ssl http2;
    server_name csgoflip.com www.csgoflip.com;

    ssl_certificate /etc/letsencrypt/live/csgoflip.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/csgoflip.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_bypass $http_upgrade;
    }
}

# Admin
server {
    listen 443 ssl http2;
    server_name admin.csgoflip.com;

    ssl_certificate /etc/letsencrypt/live/csgoflip.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/csgoflip.com/privkey.pem;

    # IP whitelist (opcional)
    # allow 192.168.1.0/24;
    # deny all;

    location / {
        proxy_pass http://localhost:3002;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name csgoflip.com www.csgoflip.com api.csgoflip.com admin.csgoflip.com;
    return 301 https://$host$request_uri;
}

# Habilitar site
sudo ln -s /etc/nginx/sites-available/csgoflip.conf /etc/nginx/sites-enabled/

# Testar configuração
sudo nginx -t

# Recarregar
sudo systemctl reload nginx

11. SSL com Certbot

# Instalar Certbot
sudo apt install -y certbot python3-certbot-nginx

# Obter certificados
sudo certbot --nginx -d csgoflip.com -d www.csgoflip.com -d api.csgoflip.com -d admin.csgoflip.com

# Renovação automática
sudo certbot renew --dry-run

12. Configurar Cloudflare

1. Adicionar domínio ao Cloudflare
2. Atualizar nameservers no registrador
3. Configurar registros DNS:
   • A - csgoflip.com → IP do servidor
   • A - api.csgoflip.com → IP do servidor
   • A - admin.csgoflip.com → IP do servidor
4. Habilitar SSL/TLS → Full (strict)
5. Habilitar Always Use HTTPS
6. Configurar WAF rules

Monitoramento

PM2

# Status
pm2 status

# Logs
pm2 logs

# Monitoramento
pm2 monit

Health Checks

# API
curl https://api.csgoflip.com/health

# PostgreSQL
docker exec postgres pg_isready

# Redis
docker exec redis redis-cli -a your-password ping

Backup

Script de Backup

#!/bin/bash
# backup.sh

DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR=/backups

# PostgreSQL
docker exec postgres pg_dump -U csgoflip csgoflip > $BACKUP_DIR/db_$DATE.sql

# Redis
docker exec redis redis-cli -a your-password BGSAVE
docker cp redis:/data/dump.rdb $BACKUP_DIR/redis_$DATE.rdb

# Compactar
tar -czf $BACKUP_DIR/backup_$DATE.tar.gz $BACKUP_DIR/db_$DATE.sql $BACKUP_DIR/redis_$DATE.rdb

# Limpar arquivos temporários
rm $BACKUP_DIR/db_$DATE.sql $BACKUP_DIR/redis_$DATE.rdb

# Upload para S3 (opcional)
aws s3 cp $BACKUP_DIR/backup_$DATE.tar.gz s3://backups/csgoflip/

Cron

# Backup diário às 3h
0 3 * * * /path/to/backup.sh >> /var/log/backup.log 2>&1

Atualizações

Script de Deploy

#!/bin/bash
# deploy.sh

cd /path/to/csgoflip

# Pull latest
git pull origin main

# Install dependencies
npm ci

# Build
npm run build

# Migrations
npx prisma migrate deploy

# Restart API
pm2 restart csgoflip-api

# Build and restart frontend
cd client
npm ci
npm run build
pm2 restart csgoflip-client

# Build and restart admin
cd ../next-shadcn-admin-dashboard
npm ci
npm run build
pm2 restart csgoflip-admin

echo "Deploy completed!"

Rollback

# Voltar para commit anterior
git reset --hard HEAD~1

# Rebuild
npm run build

# Restart
pm2 restart all

Checklist de Produção

• [ ] Variáveis de ambiente configuradas
• [ ] SSL/TLS habilitado
• [ ] Firewall configurado (ufw)
• [ ] Backups automáticos
• [ ] Monitoramento ativo
• [ ] Logs rotacionados
• [ ] Rate limiting configurado
• [ ] WAF habilitado
• [ ] 2FA obrigatório para admins
• [ ] Alertas configurados