Server Setup
Panduan setup server production RetailOS dari fresh Ubuntu 22.04/24.04 LTS.
Tahap 1: Server Hardening (01-harden.sh)
Script ini dijalankan pertama kali pada server baru via SSH:
ssh root@NEW_SERVER 'bash -s' < deploy/fresh-server/01-harden.shYang dilakukan:
- Update sistem --
apt update && apt upgrade - Install essentials --
ufw,fail2ban,curl,wget,htop,jq - Install PostgreSQL -- PostgreSQL + contrib extensions
- Install Nginx -- Reverse proxy + certbot untuk SSL
- Buat user
retailos-- Non-root user untuk menjalankan services - Hardening SSH:
- Pindah ke port 2222
- Disable password auth (key-only)
- Disable root login via password
- Install SSH public key
- Setup UFW Firewall:
- Allow SSH port 2222
- Allow HTTP/HTTPS (80, 443)
- Deny semua port lain
- Enable fail2ban -- Brute force protection
Catatan
Setelah script selesai, SSH harus melalui port 2222: ssh -p 2222 root@SERVER
Tahap 2: Deploy Aplikasi (02-deploy.sh)
SSH_PORT=2222 ./deploy/fresh-server/02-deploy.sh SERVER_IPYang dilakukan:
Build Go binaries (cross-compile untuk Linux amd64):
bashCGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" \ -o /tmp/retailos-cloud-hub ./cmd/cloud-hub/Upload binaries ke
/opt/retailos/(compressed transfer via gzip pipe)Upload migrations -- SQL files ke
/opt/retailos/migrations/Setup PostgreSQL database:
- Create database
retailos_cloud - Create user
retailos_app - Run cloud migrations
- Create database
Create systemd services:
ini[Unit] Description=RetailOS Cloud Hub After=postgresql.service [Service] Type=simple User=retailos ExecStart=/opt/retailos/cloud-hub EnvironmentFile=/opt/retailos/.env Restart=always RestartSec=5 [Install] WantedBy=multi-user.targetSetup Nginx reverse proxy:
api.domain.com-> Cloud Hub:8090- SSL via Cloudflare (origin certificate)
Start services dan enable auto-start
Verify -- Health check endpoints
Tahap 3: Tailscale + Cloudflare (03-tailscale-cloudflare.sh)
Lihat Cloudflare + Tailscale untuk detail.
Tahap 4: Web Apps (04-webapps.sh)
SSH_PORT=2222 DOMAIN=retailos.id ./deploy/fresh-server/04-webapps.sh SERVER_IPYang dilakukan:
Build semua portal (7 portal + docs):
ho-finance,store-admin,hr-portal,purchasing-portalfinance-portal,ga-portal,promo-portaldocs(VitePress)
Upload static files ke
/opt/retailos/web/{portal}/Configure Nginx -- Virtual hosts per subdomain:
ho.retailos.id->/opt/retailos/web/ho-finance/store.retailos.id->/opt/retailos/web/store-admin/hr.retailos.id->/opt/retailos/web/hr-portal/- dll.
Deploy Uptime Kuma -- Monitoring dashboard via Docker
Environment Variables
File /opt/retailos/.env:
| Variable | Deskripsi | Contoh |
|---|---|---|
CLOUD_DB_URL | PostgreSQL connection | postgres://retailos_app:xxx@localhost/retailos_cloud |
CLOUD_PORT | Cloud Hub port | 8090 |
JWT_SECRET | JWT signing secret | Min 32 karakter |
API_KEYS | Comma-separated API keys | sk_store_001,sk_store_002 |
TAILSCALE_AUTH_KEY | Tailscale auth key | tskey-auth-xxxxx |
LOG_LEVEL | Log level | info |
Update / Upgrade
Rolling Update Cloud Hub
# Build binary baru
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" \
-o /tmp/retailos-cloud-hub ./cmd/cloud-hub/
# Upload dan restart
gzip -c /tmp/retailos-cloud-hub | ssh -p 2222 root@SERVER \
"gunzip > /opt/retailos/cloud-hub && chmod +x /opt/retailos/cloud-hub"
ssh -p 2222 root@SERVER "systemctl restart retailos-cloud-hub"Store Router Update
Store Router bisa di-update secara remote via Cloud Hub command system atau manual SSH via Tailscale.