Inventory Management System Setup auf Debian Trixie

Datum: November 2025
OS: Debian 13 (Trixie)
Zweck: Production-ready Server für ~~ItemP~~Inventory ~~Inventory~~Management System

📋 InhaltsverzeichnisTable of Contents

Initial Server Setup
Hostname & RDNS ~~Konfiguration~~Configuration
Docker CE Installation
Nginx Installation & 3-Phase Setup
- Phase 1: ~~Basis-~~Basic Config (HTTP ~~für~~for Let's Encrypt)
- Phase 2: Let's Encrypt Certificate
- Phase 3: ~~Production-~~Production Config (SSL + ~~Optimierungen)~~Optimizations)
SSL/TLS ~~mit~~with Certbot
Firewall ~~Konfiguration~~Configuration
Docker Compose Production Setup
Monitoring & Maintenance
Troubleshooting
Production Deployment Checklist

Initial Server Setup

1. System Update & Upgrade


# Update package lists
sudo apt update

# Upgrade packages
sudo apt upgrade -y

# Install essential tools
sudo apt install -y \
    curl \
    wget \
    git \
    vim \
    htop \
    net-tools \
    ufw \
    sudo \
    apt-transport-https \
    ca-certificates \
    gnupg \
    lsb-release \
    certbot \
    python3-certbot-nginx

2. ZeitzonenTimezone KonfigurationConfiguration


# Set timezone to Europe/Berlin (oderor nachas Bedarf)needed)
sudo timedatectl set-timezone Europe/Berlin

# Verify timezone
timedatectl

Problem: Backend zeigtShows Errors


cd /opt/inventar

# Check logs
docker compose -f docker-compose.prod.yml logs -f backend

# Execute bash in backend for debugging
docker compose -f docker-compose.prod.yml exec backend bash

# Within container - check:
ls -la /app/
python manage.py shell
python manage.py check

Hostname & RDNS KonfigurationConfiguration

1. Set Hostname Setzen


# Check current hostname
hostnamectl status

# Set new hostname (z.B.e.g. "itemp-inventory-production")
sudo hostnamectl set-hostname itemp-inventory-production

# Verify
hostnamectl status

# Also update /etc/hosts
sudo nano /etc/hosts

~~Inhalt~~Content ~~von~~of `/etc/hosts`:


127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
<your-public-ip> itemp-inventory-production

# Example:
# 192.168.1.100 itemp-inventory-production

2. RDNS (Reverse DNS) KonfigurationConfiguration

~~WICHTIG:~~IMPORTANT: RDNS ~~wird~~is ~~auf~~configured ~~Seite~~on ~~des~~the ~~DNS-Providers~~DNS ~~konfiguriert,~~provider ~~nicht~~side, ~~auf~~not ~~dem~~on ~~Server!~~the server!

~~Schritte~~Steps ~~beim~~at ~~Provider:~~your provider:

~~Gehe~~Go zuto ~~deiner~~your ~~DNS-Verwaltung~~DNS management (~~z.B.~~e.g. ~~Hoster-Panel)~~hoster panel)
~~Finde~~Find "Reverse DNS" ~~oder~~or "PTR Records"
~~Setze~~Set ~~PTR-Record~~PTR ~~für~~record ~~deine~~for your IP:
- IP: <deine-your-public-ip>
- Hostname: itemp-inventory-production.yourdomain.com

Verify RDNS (~~nach~~after 24h):


# Check reverse DNS
nslookup <your-public-ip>
# oderor
dig -x <your-public-ip>

# Expected output:
# <your-public-ip>.in-addr.arpa. <ttl> IN PTR itemp-inventory-production.yourdomain.com.

Docker CE Installation

1. Add Docker's GPG Repo Key


# Download and add Docker's GPG key
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg

2. Add Docker Repository


# Add official Docker repository
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian trixie stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Refresh package lists again
sudo apt update

3. Install Docker on Debian 13 (Trixie)


# Install Docker and related components
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

4. Verify Docker Installation


# Check if Docker service is active
sudo systemctl is-active docker

Nginx Installation & KonfigurationConfiguration

1. Install Nginx Installieren


# Install Nginx
sudo apt install -y nginx

# Start Nginx
sudo systemctl start nginx

# Enable on boot
sudo systemctl enable nginx

# Verify
sudo systemctl status nginx

# Check version
nginx -v

2. Phase 1: Basis-Nginx-Basic Nginx Config (fürfor Let's Encrypt)

⚠️ ~~WICHTIG:~~IMPORTANT: ~~Erst~~Start ~~mit~~with ~~einfacher~~a ~~HTTP-Config~~simple ~~starten,~~HTTP ~~damit~~config first so Let's Encrypt ~~Zertifikat~~can ~~erstellen~~create ~~kann!~~the certificate!

~~Schritt~~Step 1: Create Nginx ~~Config erstellen~~config


sudo nano /etc/nginx/sites-available/inventar

~~Inhalt~~Insert ~~einfügen~~content (~~Basis-Config~~Basic ~~für~~config for Let's Encrypt):


server {
    listen 80;
    server_name Ihre.Your.Domain.hier;here;

    # NotwendigRequired fürfor Certbot
    location /.well-known/acme-challenge/ {
        root /var/www/html;
    }

    # AlleRedirect anderenall Anfragenother direktrequests aufto HTTPS umleiten
    location / {
        return 301 https://$host$request_uri;
    }
}

~~Schritt~~Step 2: ~~Config~~Enable ~~aktivieren~~config & ~~testen~~test


# Enable site
sudo ln -s /etc/nginx/sites-available/inventar /etc/nginx/sites-enabled/

# Test nginx config
sudo nginx -t

# Restart Nginx
sudo systemctl restart nginx

# Verify running
sudo systemctl status nginx

SSL/TLS mitwith Certbot - Phase 2 & Phase 3

1. Phase 2: Create SSL Certificate mitwith Certbot erstellen

⚠️ ~~WICHTIG:~~IMPORTANT: ~~Die~~The ~~Basis-Nginx-Config~~basic Nginx config (Phase 1) ~~muss~~must ~~laufen!~~be running!


# Certbot mitwith Nginx Pluginplugin (wirdwill automatischautomatically Nginxupdate aktualisieren)Nginx)
sudo certbot --nginx -d Ihre.Your.Domain.hierhere

# Certbot führtwill dannthen automatisch:automatically:
# 1. Certificate-ValidierungValidate durchthe certificate (HTTP Challenge via Port 80)
# 2. Download Let's Encrypt Certificate
Download
# 3. Nginx-ConfigAutomatically automatischupdate anpassenNginx config (HTTP → HTTPS Redirect)

# Follow prompts:
# - Enter email for renewals
# - Accept Let's Encrypt Terms (Y)
# - Optional: Share email with EFF (Y/N)

# Verify certificate was created
sudo certbot certificates

3. Phase 3: Adjust Production Nginx-Nginx Config anpassen

~~Nach~~After ~~Certbot~~Certbot, ~~sind~~the ~~die~~certificates ~~Zertifikate~~are dain place - ~~jetzt~~now ~~anpassen~~adjust & ~~optimieren:~~optimize:


sudo nano /etc/nginx/sites-available/inventar

~~Production-~~Production Config (~~optimiert~~optimized ~~für~~for ~~ItemP)~~Inventory System):


# HTTP: ACME Challenge + Redirect to HTTPS
server {
    listen 80;
    server_name Ihre.Your.Domain.hier;here;

    # ACME Challenge (Certbot)
    location /.well-known/acme-challenge/ {
        root /var/www/html;
    }

    # Redirect everything else to HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

# HTTPS: Main Application
server {
    listen 443 ssl;
    http2 on;
    server_name Ihre.Your.Domain.hier;here;

    # SSL/TLS (Certbot-managed files)
    ssl_certificate /etc/letsencrypt/live/Ihre.Your.Domain.hier/here/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/Ihre.Your.Domain.hier/here/privkey.pem;

    # Security: HSTS (1 year)
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # Performance: gzip compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_min_length 1024;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;

    # Serve media files directly from host (user uploads)
    location /media/ {
        alias /opt/inventar/media/;
        try_files $uri =404;
        expires 1d;
        add_header Cache-Control "public";
        access_log off;
    }

    # Serve static files directly from host (MAXIMUM PERFORMANCE)
    location /static/ {
        alias /opt/inventar/static/;
        try_files $uri =404;
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
    }

    # Reverse proxy for the app (frontend container at 127.0.0.1:8080)
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        # Keepalive and limits
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        client_max_body_size 70m;
        proxy_read_timeout 60s;
        proxy_send_timeout 60s;
    }
}

~~Config~~Test ~~testen~~config & ~~Nginx~~restart ~~neustarten:~~Nginx:


# Test the configuration
sudo nginx -t

# Reload Nginx with new config
sudo systemctl reload nginx

# Verify it's working
sudo systemctl status nginx
# API Backend
    location /api/ {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        client_max_body_size 70m;
    }

    # Admin Panel
    location /admin/ {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        client_max_body_size 70m;
    }
}

4. Production-Enable Production Config aktivieren & testenTest


# Test new nginx config
sudo nginx -t

# If OK, reload
sudo systemctl reload nginx

# Verify SSL certificate
echo | openssl s_client -servername Ihre.Your.Domain.hierhere -connect Ihre.Your.Domain.hier:here:443 2>/dev/null | openssl x509 -noout -dates

# Test HTTP Redirect to HTTPS
curl -I http://Ihre.Your.Domain.hierhere
# Should show: HTTP/1.1 301 Moved Permanently
# Location: https://Ihre.Your.Domain.hier/here/

# Test HTTPS
curl -I https://Ihre.Your.Domain.hierhere
# Should show: HTTP/2 200

5. Configure Certbot Auto-Renewal konfigurieren


# Enable auto-renewal timer
sudo systemctl enable certbot.timer

# Start timer
sudo systemctl start certbot.timer

# Check status
sudo systemctl status certbot.timer

# Test renewal (dry-run - keinno echtesactual Renewal!renewal!)
sudo certbot renew --dry-run

# View renewal logs
sudo journalctl -u certbot.timer -f

Firewall KonfigurationConfiguration

1. UFW (Uncomplicated Firewall) Setup

~~Nur~~Only ~~diese~~open these 4 ~~Ports öffnen~~ports - ~~alles~~everything ~~andere~~else ~~bleibt~~remains ~~blockiert:~~blocked:


# Enable UFW
sudo ufw enable

# Allow SSH (WICHTIG:IMPORTANT: VORBEFORE demenabling Firewall Enable!firewall!)
sudo ufw allow 22/tcp

# Allow HTTP (fürfor Let's Encrypt)
sudo ufw allow 80/tcp

# Allow HTTPS
sudo ufw allow 443/tcp

# Allow SMTP (E-Mailoutbound nach außen)email)
sudo ufw allow 587/tcp

# Verify all rules
sudo ufw status verbose

# Show added rules only
sudo ufw show added

⚠️ ~~WICHTIG:~~IMPORTANT: ~~Nur~~Only ~~diese~~these 4 ~~Ports~~ports ~~sind~~are ~~erlaubt.~~allowed. ~~Alle~~All ~~anderen~~others (5432, 8000, etc.) ~~sind~~remain blocked!

Docker Compose Production Setup

0. Verzeichnis-StrukturCreate erstellenDirectory Structure

~~Erstelle~~Create ~~die~~the ~~erforderliche~~required ~~Verzeichnisstruktur~~directory ~~mit~~structure ~~den~~with ~~korrekten~~correct ~~Rechten:~~permissions:


# Create main application directory
sudo mkdir -p /opt/inventar

# Create subdirectories for static and media files
sudo mkdir -p /opt/inventar/static
sudo mkdir -p /opt/inventar/media

# Set permissions (www-data for web content, docker user for app files)
sudo chmod 777 /opt/inventar
sudo chown root:www-data /opt/inventar/static
sudo chown root:www-data /opt/inventar/media
sudo chmod 755 /opt/inventar/static
sudo chmod 755 /opt/inventar/media

# Verify structure
ls -la /opt/inventar/

~~Erwartetes~~Expected ~~Ergebnis:~~result:


root@inv:/opt/inventar# ls -l
total 0
drwxr-xr-x  2 root www-data  4096 Nov  2 12:00 static
drwxr-xr-x  2 root www-data  4096 Nov  2 12:00 media

1. Create Docker Compose Datei erstellenFile

~~Datei:~~File: `/opt/inventar/docker-compose.prod.yml`


services:
  db:
    image: inventory-system-db-postgres:1.1
    container_name: inventory_db
    restart: unless-stopped
    env_file:
      - .env.production
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - inventory_network
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U inventory_user -d inventory_db"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    command: >
      postgres
      -c shared_buffers=256MB
      -c max_connections=200
      -c effective_cache_size=1GB
      -c maintenance_work_mem=64MB

  backend:
    image: inventory-system-backend:1.1
    container_name: inventory_backend
    restart: unless-stopped
    env_file: 
      - .env.production
    depends_on:
      db:
        condition: service_healthy
    volumes:
      - ./media:/app/media
      - ./static:/app/static
    networks:
      - inventory_network
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  frontend:
    image: inventory-system-frontend:1.1
    container_name: inventory_frontend
    restart: unless-stopped
    depends_on:
      - backend
    ports:
      - "127.0.0.1:8080:80"
    networks:
      - inventory_network
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

volumes:
  postgres_data:
    name: inventory_postgres_data

networks:
  inventory_network:
    driver: bridge

2. Load Docker Images

~~Die~~The Docker ~~Images~~images ~~müssen~~must ~~erst~~be inloaded into Docker ~~geladen werden, bevor~~before Docker Compose ~~gestartet~~is ~~wird:~~started:

⚠️ ~~WICHTIG:~~IMPORTANT: Docker Images Download ~~auf~~on ~~Anfrage!~~Request!
~~Die~~The Docker ~~Images~~images (backend.tar, db-postgres.tar, redis.tar, frontend.tar) ~~werden~~are ~~auf~~provided ~~Anfrage~~on ~~bereitgestellt.~~request. ~~Diese~~You ~~müssen~~must ~~Sie~~upload inthem ~~das~~to ~~Verzeichnis~~the `/opt/inventar/` ~~hochladen,~~directory ~~bevor~~before ~~Sie~~executing ~~die~~the ~~folgenden~~following ~~Befehle ausführen.~~commands.


cd /opt/inventar

# Load Docker images from tar files
docker load < backend.tar
docker load < db-postgres.tar
docker load < redis.tar
docker load < frontend.tar

# Verify images were loaded
docker images | grep inventory-system

3. Create Environment Datei erstellenFile

~~Datei:~~File: `/opt/inventar/.env.production`

⚠️ ~~WICHTIG~~IMPORTANT - ~~E-Mail-Konfiguration:~~Email Configuration:
~~Das~~The ~~System~~system ~~unterstützt~~supports ~~zwei~~two ~~E-Mail-Modi:~~email modes:

SMTP (Production): ~~Echte~~Real ~~E-Mails~~emails via ~~SMTP-Server~~SMTP server (~~wenn~~if ~~Credentials~~valid ~~gültig~~credentials ~~sind)~~are provided)
Console (Fallback): ~~E-Mails~~Emails ~~werden~~are inlogged ~~den~~to ~~Logs~~console ~~ausgegeben~~output (~~wenn~~if ~~Credentials~~credentials ~~leer/ungültig)~~are empty/invalid)

~~Wenn~~If ~~Sie~~you ~~KEINE~~DON'T ~~E-Mail-Konfiguration~~need ~~brauchen:~~email configuration:
~~Lassen~~Simply ~~Sie~~omit ~~die~~the ~~SMTP-Zeilen~~SMTP ~~einfach~~lines ~~weg~~or ~~oder~~leave ~~leer.~~them ~~Das~~empty. ~~Frontend~~The ~~zeigt~~frontend ~~dann~~will ~~eine~~show ~~Warnung~~a ~~und~~warning ~~Passwort-Reset~~and ~~ist~~password ~~deaktiviert.~~reset ~~Sie~~will ~~können~~be ~~E-Mails~~disabled. ~~später~~You ~~jederzeit~~can imconfigure ~~Admin-Interface~~email ~~konfigurieren!~~later anytime in the Admin Interface!


# Production environment variables - PostgreSQL Version
ENVIRONMENT=production
DEBUG=False

# Django Security & Configuration
SECRET_KEY=<GENERATE_STRONG_64_CHAR_KEY>
ALLOWED_HOSTS=Ihre.Your.Domain.hier,here,<YOUR_IP>,localhost,127.0.0.1
DOMAIN=Ihre.Your.Domain.hierhere
FRONTEND_URL=https://Ihre.Your.Domain.hierhere

# Admin User
ADMIN_USERNAME=admin
ADMIN_EMAIL=admin@yourdomain.com
ADMIN_PASSWORD=<STRONG_PASSWORD>

# PostgreSQL 18 Database
POSTGRES_DB=inventory_db
POSTGRES_USER=inventory_user
POSTGRES_PASSWORD=<STRONG_DATABASE_PASSWORD>
POSTGRES_HOST=db
POSTGRES_PORT=5432

# Connection String
DATABASE_URL=postgresql://inventory_user:<STRONG_DATABASE_PASSWORD>@db:5432/inventory_db

# SMTP Configuration (OPTIONAL - leerleave lassenempty wennif nichtnot genutzt)needed)
# System fälltautomatically automatischfalls aufback Console-Backendto zurückconsole wennbackend leerif empty
EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
EMAIL_HOST=smtp.yourdomain.com
EMAIL_PORT=587
EMAIL_USE_TLS=True
EMAIL_HOST_USER=noreply@yourdomain.com
EMAIL_HOST_PASSWORD=<SMTP_PASSWORD>
DEFAULT_FROM_EMAIL=noreply@yourdomain.com

4. Start Docker Compose starten


cd /opt/inventar

# Start services (images already loaded via docker load)
docker compose -f docker-compose.prod.yml up -d

# Check status
docker compose -f docker-compose.prod.yml ps

# View logs (all services)
docker compose -f docker-compose.prod.yml logs -f

# View logs per service
docker compose -f docker-compose.prod.yml logs -f frontend
docker compose -f docker-compose.prod.yml logs -f backend
docker compose -f docker-compose.prod.yml logs -f db

# Execute bash in backend container (for debugging)
docker compose -f docker-compose.prod.yml exec backend bash

# Collect static files (nuronly fallsif nichtnot automatischdone gemacht)automatically)
docker compose -f docker-compose.prod.yml exec backend python manage.py collectstatic --noinput

Monitoring & Maintenance

1. Log Monitoring


# Nginx access logs
sudo tail -f /var/log/nginx/itemp_access.log

# Nginx error logs
sudo tail -f /var/log/nginx/itemp_error.log

# Docker logs (all services)
cd /opt/inventar
docker compose -f docker-compose.prod.yml logs -f

# Docker logs per service
docker compose -f docker-compose.prod.yml logs -f backend
docker compose -f docker-compose.prod.yml logs -f frontend
docker compose -f docker-compose.prod.yml logs -f db

2. Disk Space Monitoring


# Check disk usage
df -h

# Check Docker usage
docker system df

# Clean up unused resources
docker system prune -a

3. Regular Maintenance


# Update system packages
sudo apt update && sudo apt upgrade -y

# Check for security updates
sudo apt list --upgradable

# Clean package cache
sudo apt autoclean
sudo apt autoremove

4. Certificate Expiry Monitoring


# Check certificate expiry
echo | openssl s_client -servername Ihre.Your.Domain.hierhere -connect Ihre.Your.Domain.hier:here:443 2>/dev/null | openssl x509 -noout -dates

# Certbot will send email alerts 30 days before expiry

📝 Troubleshooting

Problem: Nginx zeigtshows 502 Bad Gateway


# Check backend
curl http://localhost:8000

# Test Nginx config
sudo nginx -t

# Check Nginx logs
sudo tail -f /var/log/nginx/itemp_error.log

Problem: PostgreSQL startetdoes nichtnot start (Healthcheck failing)


# Check PostgreSQL logs
cd /opt/inventar
docker compose -f docker-compose.prod.yml logs db

# Verify environment variables
docker compose -f docker-compose.prod.yml config | grep POSTGRES

# Try restarting
docker compose -f docker-compose.prod.yml down
docker compose -f docker-compose.prod.yml up -d

Problem: Static/Media Files sindreturn 404


# Verify Host Directories exist
ls -la /opt/inventar/static/
ls -la /opt/inventar/media/

# Check permissions
sudo chown -R 1000:1000 /opt/inventar/static/
sudo chown -R 1000:1000 /opt/inventar/media/

# Verify docker volume mounts
cd /opt/inventar
docker compose -f docker-compose.prod.yml exec backend ls -la /app/static/

~~Letztes~~Last Update: 2.November ~~November~~2, 2025
Status: ✅ Production-Ready

🚀 Production Deployment Checklist

🔧 Nginx 3-Phase Setup (CRITICAL)

☐ PHASE 1: ~~Basis-~~Basic Nginx ~~mit~~with HTTP (Port 80)
- ☐ Nginx ~~installiert~~installed
- ☐ ~~Basis-Config~~Basic ~~mit~~config ~~Domain~~with ~~erstellt~~domain created (/etc/nginx/sites-available/inventar)
- ☐ Config ~~aktiviert:~~enabled: sudo ln -s sites-available/inventar sites-enabled/
- ☐ Nginx ~~lädt:~~reloaded: sudo systemctl reload nginx
- ☐ HTTP ~~funktioniert:~~working: curl -I http://Ihre.Your.Domain.hierhere
- ☐ Firewall ~~Port~~ports 80 & 443: sudo ufw allow 80/tcp; sudo ufw allow 443/tcp
☐ PHASE 2: Let's Encrypt Certificate
- ☐ Certbot ~~installiert~~installed
- ☐ Certificate ~~erstellt:~~created: sudo certbot --nginx -d Ihre.Your.Domain.hierhere
- ☐ Certificate ~~überprüft:~~verified: sudo certbot certificates
- ☐ Paths ~~vorhanden:~~present: /etc/letsencrypt/live/Ihre.Your.Domain.hier/here/
☐ PHASE 3: Production Nginx Config
- ☐ ~~Alte~~Old ~~Config~~config ~~gebackuped:~~backed up: sudo cp sites-available/inventar sites-available/inventar.bak
- ☐ ~~Production-Config~~Production ~~eingefügt~~config inserted (~~mit~~with SSL, Gzip, Security Headers)
- ☐ Config ~~testet:~~tested: sudo nginx -t
- ☐ Nginx reloaded: sudo systemctl reload nginx
- ☐ HTTPS ~~funktioniert:~~working: curl -I https://Ihre.Your.Domain.hierhere
- ☐ HTTP ~~Redirect~~redirect ~~funktioniert:~~working: curl -I http://Ihre.Your.Domain.hierhere
- ☐ SSL ~~Grade~~grade ~~prüfen:~~check: https://www.ssllabs.com/ssltest/

Pre-Deployment (Host Setup)

☐ Debian ~~Trixi~~Trixie installed & fully updated
☐ Hostname ~~gesetzt~~set (hostnamectl)
☐ RDNS ~~beim~~configured ~~Provider~~at ~~konfiguriert~~provider
☐ ~~SSH-Zugang~~SSH ~~als~~access configured for non-root user ~~konfiguriert~~
☐ UFW Firewall ~~aktiviert~~enabled (~~Port~~Ports 22, 80, 443)
☐ Docker CE ~~installiert~~installed (docker --version)
☐ Docker Compose ~~installiert~~installed (docker-compose --version)

Docker Setup

☐ /opt/inventar/ ~~Verzeichnis~~directory ~~erstellt~~created
☐ docker-compose.prod.yml ~~placiert~~placed
☐ .env.production ~~mit~~created ~~Secrets~~with ~~erstellt~~secrets
☐ .gitignore ~~aktualisiert~~updated
☐ Static/Media ~~Verzeichnisse~~directories ~~erstellt~~created
☐ Docker ~~Permissions~~permissions ~~konfiguriert~~configured

Initial Deployment

☐ Docker ~~Images~~images ~~gepullt:~~loaded: docker composeload pull< *.tar
☐ Docker Compose ~~gestartet:~~started: docker compose -f docker-compose.prod.yml up -d
☐ Services ~~laufen:~~running: docker compose -f docker-compose.prod.yml ps
☐ ~~Django~~Static ~~Migrations:~~files collected: docker compose exec-f backend python manage.py migrate

~~☐ Static Files:~~ docker composedocker-compose.prod.yml exec backend python manage.py collectstatic --noinput
☐ ~~Superuser erstellt:~~ docker compose exec backend python manage.py createsuperuser

☐ Backend ~~Health:~~health check: curl http://127.0.0.1:8000/api/health/

Final Verification

☐ ~~Alle~~All ~~Services~~services ~~laufen~~running ~~stabil:~~stably: docker compose -f docker-compose.prod.yml ps
☐ Logs ~~zeigen~~show ~~keine~~no ~~Fehler:~~errors: docker compose -f docker-compose.prod.yml logs
☐ Website ~~erreichbar~~accessible (HTTPS): https://Ihre.Your.Domain.hierhere
☐ HTTP ~~redirected~~redirects zuto HTTPS
☐ SSL Certificate valid: curl -I https://Ihre.Your.Domain.hierhere
☐ API ~~funktioniert:~~working: curl https://Ihre.Your.Domain.hier/here/api/books
☐ Frontend responsive
☐ Admin ~~Login~~login ~~funktioniert~~working

📌 WichtigerImportant HinweisNotice

Docker Images Download ~~auf~~on ~~Anfrage:~~Request:

~~Die~~The Docker ~~Container~~container ~~Images~~images (backend.tar, db-postgres.tar, redis.tar, frontend.tar) ~~sind~~are ~~notwendig~~required ~~für~~for ~~die~~operating ~~Inbetriebnahme des~~the Inventory Management ~~Systems.~~System. ~~Diese~~These ~~Images~~images ~~werden~~are ~~auf~~provided ~~Anfrage~~on ~~bereitgestellt~~request ~~und~~and ~~müssen~~must ~~vor~~be ~~dem~~uploaded ~~Start~~to ~~des Systems in das Verzeichnis~~the `/opt/inventar/` ~~hochgeladen~~directory ~~werden.~~before starting the system.

~~Bitte~~Please ~~kontaktieren~~contact ~~Sie~~support ~~den~~or ~~Support~~your ~~oder~~administrator ~~den~~to ~~Administrator,~~obtain umthe ~~die~~necessary ~~notwendigen Images zu erhalten.~~images.