DOCS/General/Deployment.md

# Deployment Guide: OpenVPN Monitor & Profiler

This guide describes how to deploy the full suite on a fresh Linux server (Ubuntu/Debian).

## Architecture Overview
- **Frontend**: Vue.js (Built and served by Nginx) - `APP_UI`
- **Monitoring API (APP_CORE)**: Flask (Port 5000) - Real-time statistics.
- **Profiler API (APP_PROFILER)**: FastAPI (Port 8000) - Profile & Server management.

---

## 1. Prerequisites
- Python 3.10+
- Nginx
- OpenVPN & Easy-RSA (for the Profiler)
- Node.js & NPM (only for building the UI)

---

## 2. Shared Security Setup (Critical)
Both API services must share the same `SECRET_KEY` to recognize the same JWT tokens.

### A. Environment Variable (Recommended)
Add this to your shell profile (`~/.bashrc`) or your Systemd service files:
```bash
export OVPMON_SECRET_KEY='your-very-long-random-secret-key'
```

### B. Configuration File
Alternatively, set it in `APP_CORE/config.ini`:
```ini
[api]
secret_key = your-very-long-random-secret-key
```

---

## 3. Backend Deployment

### Monitoring API (Flask)
1. Navigate to `APP_CORE/`.
2. Create virtual environment: `python3 -m venv venv`.
3. Install dependencies: `venv/bin/pip install -r requirements.txt`.
4. Run with Gunicorn (production):
   ```bash
   venv/bin/gunicorn -w 4 -b 127.0.0.1:5000 openvpn_api_v3:app
   ```

### Profiler API (FastAPI)
1. Navigate to `APP_PROFILER/`.
2. Create virtual environment: `python3 -m venv venv`.
3. **Important**: Uninstall potential conflicts and install PyJWT:
   ```bash
   venv/bin/pip uninstall jwt PyJWT
   venv/bin/pip install -r requirements.txt PyJWT
   ```
4. Run with Uvicorn:
   ```bash
   venv/bin/uvicorn main:app --host 127.0.0.1 --port 8000
   ```

---

## 4. Frontend Deployment (Nginx)

### Build the UI
1. Navigate to `UI/client`.
2. Install: `npm install`.
3. Build: `npm run build`.
4. Copy `dist/` contents to `/var/www/ovpmon/`.

### Nginx Configuration
Create `/etc/nginx/sites-available/ovpmon`:

```nginx
server {
    listen 80;
    server_name your_domain_or_ip;

    root /var/www/ovpmon;
    index index.html;

    # Frontend Routing
    location / {
        try_files $uri $uri/ /index.html;
    }

    # Monitoring API (Flask)
    location /api/v1/ {
        proxy_pass http://127.0.0.1:5000/api/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    # Profiler API (FastAPI)
    location /profiles-api/ {
        proxy_pass http://127.0.0.1:8000/api/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
```

---

## 5. First Run & Initialization
1. Access the UI via browser.
2. Login with default credentials: `admin` / `password`.
3. **Immediately** change the password and set up 2FA in the Settings/Profile section.
4. If using the Profiler, ensure the `easy-rsa` directory is present and initialized via the UI.
new awesome build 2026-01-28 22:37:47 +03:00			`# Deployment Guide: OpenVPN Monitor & Profiler`

			`This guide describes how to deploy the full suite on a fresh Linux server (Ubuntu/Debian).`

			`## Architecture Overview`
			- Frontend: Vue.js (Built and served by Nginx) - `APP_UI`
			`- Monitoring API (APP_CORE): Flask (Port 5000) - Real-time statistics.`
			`- Profiler API (APP_PROFILER): FastAPI (Port 8000) - Profile & Server management.`

			`---`

			`## 1. Prerequisites`
			`- Python 3.10+`
			`- Nginx`
			`- OpenVPN & Easy-RSA (for the Profiler)`
			`- Node.js & NPM (only for building the UI)`

			`---`

			`## 2. Shared Security Setup (Critical)`
			Both API services must share the same `SECRET_KEY` to recognize the same JWT tokens.

			`### A. Environment Variable (Recommended)`
			Add this to your shell profile (`~/.bashrc`) or your Systemd service files:
			```bash
			`export OVPMON_SECRET_KEY='your-very-long-random-secret-key'`
			```

			`### B. Configuration File`
			Alternatively, set it in `APP_CORE/config.ini`:
			```ini
			`[api]`
			`secret_key = your-very-long-random-secret-key`
			```

			`---`

			`## 3. Backend Deployment`

			`### Monitoring API (Flask)`
			1. Navigate to `APP_CORE/`.
			2. Create virtual environment: `python3 -m venv venv`.
			3. Install dependencies: `venv/bin/pip install -r requirements.txt`.
			`4. Run with Gunicorn (production):`
			```bash
			`venv/bin/gunicorn -w 4 -b 127.0.0.1:5000 openvpn_api_v3:app`
			```

			`### Profiler API (FastAPI)`
			1. Navigate to `APP_PROFILER/`.
			2. Create virtual environment: `python3 -m venv venv`.
			`3. Important: Uninstall potential conflicts and install PyJWT:`
			```bash
			`venv/bin/pip uninstall jwt PyJWT`
			`venv/bin/pip install -r requirements.txt PyJWT`
			```
			`4. Run with Uvicorn:`
			```bash
			`venv/bin/uvicorn main:app --host 127.0.0.1 --port 8000`
			```

			`---`

			`## 4. Frontend Deployment (Nginx)`

			`### Build the UI`
			1. Navigate to `UI/client`.
			2. Install: `npm install`.
			3. Build: `npm run build`.
			4. Copy `dist/` contents to `/var/www/ovpmon/`.

			`### Nginx Configuration`
			Create `/etc/nginx/sites-available/ovpmon`:

			```nginx
			`server {`
			`listen 80;`
			`server_name your_domain_or_ip;`

			`root /var/www/ovpmon;`
			`index index.html;`

			`# Frontend Routing`
			`location / {`
			`try_files $uri $uri/ /index.html;`
			`}`

			`# Monitoring API (Flask)`
			`location /api/v1/ {`
			`proxy_pass http://127.0.0.1:5000/api/;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`}`

			`# Profiler API (FastAPI)`
			`location /profiles-api/ {`
			`proxy_pass http://127.0.0.1:8000/api/;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`}`
			`}`
			```

			`---`

			`## 5. First Run & Initialization`
			`1. Access the UI via browser.`
			2. Login with default credentials: `admin` / `password`.
			`3. Immediately change the password and set up 2FA in the Settings/Profile section.`
			4. If using the Profiler, ensure the `easy-rsa` directory is present and initialized via the UI.