NetGescon/netgescon-master
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
235687cd28
netgescon-master/docs/archived/PROXMOX-BEST-PRACTICES-NETGESCON.md
Pikappa2 480e7eafbd 🎯 NETGESCON - Setup iniziale repository completo 
📋 Commit iniziale con:
-  Documentazione unificata in docs/
-  Codice Laravel in netgescon-laravel/
-  Script automazione in scripts/
-  Configurazione sync rsync
-  Struttura organizzata e pulita

🔄 Versione: 2025.07.19-1644
🎯 Sistema pronto per Git distribuito
2025-07-19 16:44:47 +02:00

418 lines
9.5 KiB
Markdown
Raw Blame History

# 🏗️ PROXMOX BEST PRACTICES - NETGESCON ENTERPRISE
## 📋 CONFIGURAZIONE TEMPLATE BASE
### 1. Creazione Template Ubuntu 22.04 LTS
```bash
# Download ISO Ubuntu Server 22.04 LTS
wget https://releases.ubuntu.com/22.04/ubuntu-22.04.3-live-server-amd64.iso
# Configurazione VM Template (Proxmox Web UI)
VM ID: 9000
Nome: ubuntu-netgescon-template
ISO: ubuntu-22.04.3-live-server-amd64.iso
Tipo: Linux (Ubuntu)
```
### 2. Specifiche Hardware Template
```yaml
CPU:
Cores: 2
Type: host (migliori performance)
Memory:
RAM: 4096 MB
Ballooning: Disabilitato
Storage:
Disk: 40 GB (virtio-scsi)
Cache: Write back
Format: qcow2
Network:
Bridge: vmbr0
Model: VirtIO (migliori performance)
BIOS:
Type: OVMF (UEFI)
Add EFI Disk:
```
### 3. Installazione Ubuntu Ottimizzata
```bash
# Durante installazione Ubuntu:
Hostname: netgescon-template
Username: netgescon
Password: [password sicura]
SSH Server: ✓ Installa
Snap packages: □ Nessuno
# Partizionamento personalizzato:
/boot/efi: 512 MB (FAT32)
swap: 2 GB
/: resto del disco (ext4)
```
### 4. Post-Installazione Template
```bash
# Aggiornamento sistema
sudo apt update && sudo apt upgrade -y
# Installazione guest tools
sudo apt install -y qemu-guest-agent
sudo systemctl enable qemu-guest-agent
sudo systemctl start qemu-guest-agent
# Pulizia pre-template
sudo apt autoremove -y
sudo apt autoclean
sudo rm -rf /tmp/*
sudo rm -rf /var/tmp/*
history -c
# Shutdown per conversione template
sudo shutdown -h now
```
### 5. Conversione a Template
```bash
# In Proxmox shell
qm template 9000
```
## 🚀 DEPLOYMENT ARCHITETTURA 3-VM
### Configurazione Hardware Differenziata
#### VM-PRODUCTION (ID: 100)
```yaml
Name: netgescon-production
Memory: 6144 MB
CPU Cores: 4
Storage: 80 GB SSD
Network: vmbr0 + Firewall
Boot Order: 1 (auto-start)
Protection: ✓ (anti-delete)
Backup: Ogni 6 ore
```
#### VM-DEVELOPMENT (ID: 101)
```yaml
Name: netgescon-development
Memory: 4096 MB
CPU Cores: 2
Storage: 60 GB
Network: vmbr0
Boot Order: 2
Git Repository: /var/git/netgescon.git
IDE: VS Code Server
```
#### VM-CLIENT-TEST (ID: 102)
```yaml
Name: netgescon-client-test
Memory: 3072 MB
CPU Cores: 2
Storage: 40 GB
Network: vmbr1 (NAT - simula cliente)
Boot Order: 3
Purpose: Remote update testing
```
## 🔧 CONFIGURAZIONE NETWORK AVANZATA
### Bridge Configuration
```bash
# /etc/network/interfaces (Proxmox host)
# Bridge produzione (sicuro)
auto vmbr0
iface vmbr0 inet static
address 192.168.1.10/24
gateway 192.168.1.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
# Bridge sviluppo/test (isolato)
auto vmbr1
iface vmbr1 inet static
address 192.168.10.1/24
bridge_ports none
bridge_stp off
bridge_fd 0
```
### Firewall Rules (Proxmox)
```bash
# Gruppo: netgescon-production
[group netgescon-production]
IN ACCEPT -p tcp --dport 22 # SSH
IN ACCEPT -p tcp --dport 80 # HTTP
IN ACCEPT -p tcp --dport 443 # HTTPS
IN DROP # Default deny
# Gruppo: netgescon-development
[group netgescon-development]
IN ACCEPT -p tcp --dport 22 # SSH
IN ACCEPT -p tcp --dport 8000 # Laravel dev
IN ACCEPT -p tcp --dport 3000 # Node dev server
IN ACCEPT -source 192.168.1.0/24 # Access da produzione
# Gruppo: netgescon-client
[group netgescon-client]
IN ACCEPT -p tcp --dport 22 # SSH
IN ACCEPT -p tcp --dport 80 # HTTP test
IN ACCEPT -source 192.168.1.100 # Solo da produzione
```
## 📊 MONITORING E BACKUP
### Backup Strategy
```bash
# Configurazione backup automatico Proxmox
vzdump 100 --mode snapshot --compress lzo --storage backup-storage --maxfiles 7
vzdump 101 --mode suspend --compress gzip --storage backup-storage --maxfiles 3
vzdump 102 --mode stop --compress gzip --storage backup-storage --maxfiles 3
# Schedule crontab Proxmox
# Production: ogni 6 ore
0 */6 * * * vzdump 100 --mode snapshot --quiet 1
# Development: giornaliero
0 2 * * * vzdump 101 --mode suspend --quiet 1
# Client test: settimanale
0 3 * * 0 vzdump 102 --mode stop --quiet 1
```
### Monitoring Setup
```bash
# Installazione monitoring tools su Proxmox
apt install -y prometheus-node-exporter
apt install -y grafana
# Configurazione alerts
cat > /etc/prometheus/alert.rules <<EOF
groups:
- name: netgescon
rules:
- alert: VMDown
expr: up{job="netgescon"} == 0
for: 5m
- alert: HighCPU
expr: 100 - (avg(irate(cpu_time_total[5m])) * 100) > 80
- alert: HighMemory
expr: (memory_usage / memory_total) * 100 > 85
EOF
```
## 🔄 SINCRONIZZAZIONE E DEPLOYMENT
### Git Workflow Multi-VM
```bash
# Setup repository centrale su VM-PRODUCTION
git init --bare /var/git/netgescon.git
# Hook post-receive per auto-deploy
cat > /var/git/netgescon.git/hooks/post-receive <<'EOF'
#!/bin/bash
cd /var/www/netgescon/netgescon-laravel
git --git-dir=/var/git/netgescon.git --work-tree=/var/www/netgescon/netgescon-laravel checkout -f main
composer install --no-dev --optimize-autoloader
npm run build
php artisan migrate --force
systemctl reload nginx
EOF
chmod +x /var/git/netgescon.git/hooks/post-receive
```
### Automated Sync Script
```bash
#!/bin/bash
# /usr/local/bin/netgescon-sync.sh
PROD_IP="192.168.1.100"
DEV_IP="192.168.1.101"
CLIENT_IP="192.168.1.102"
# Sync development to client for testing
rsync -avz --exclude='.git' --exclude='vendor' \
netgescon@$DEV_IP:/var/www/netgescon/ \
netgescon@$CLIENT_IP:/var/www/netgescon/
# Rebuild on client
ssh netgescon@$CLIENT_IP "cd /var/www/netgescon/netgescon-laravel && composer install && npm run build"
# Run tests
ssh netgescon@$CLIENT_IP "cd /var/www/netgescon/netgescon-laravel && php artisan test"
```
## 🛡️ SICUREZZA E HARDENING
### VM Security Best Practices
```bash
# Configurazione SSH sicura
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "AllowUsers netgescon" >> /etc/ssh/sshd_config
# Firewall locale (ufw)
ufw --force enable
ufw default deny incoming
ufw allow from 192.168.1.0/24 to any port 22
ufw allow 80,443/tcp
# Fail2ban
apt install -y fail2ban
systemctl enable fail2ban
# Automatic security updates
apt install -y unattended-upgrades
echo 'Unattended-Upgrade::Automatic-Reboot "false";' >> /etc/apt/apt.conf.d/50unattended-upgrades
```
### SSL/TLS Configuration
```bash
# Certificati SSL con Let's Encrypt
apt install -y certbot python3-certbot-nginx
# Configurazione automatica SSL
certbot --nginx -d netgescon-prod.local --non-interactive --agree-tos --email admin@netgescon.local
# Auto-renewal
echo "0 12 * * * /usr/bin/certbot renew --quiet" | crontab -
```
## 📈 PERFORMANCE OPTIMIZATION
### Database Tuning
```bash
# MySQL configuration per NetGescon
cat > /etc/mysql/mysql.conf.d/netgescon.cnf <<EOF
[mysqld]
# NetGescon specific optimizations
innodb_buffer_pool_size = 2G
innodb_log_file_size = 256M
query_cache_size = 128M
query_cache_limit = 64M
max_connections = 200
tmp_table_size = 64M
max_heap_table_size = 64M
EOF
```
### PHP-FPM Optimization
```bash
# Pool configuration per VM
cat > /etc/php/8.2/fpm/pool.d/netgescon.conf <<EOF
[netgescon]
user = www-data
group = www-data
listen = /run/php/php8.2-fpm-netgescon.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 500
EOF
```
## 🎯 DEPLOYMENT CHECKLIST
### ✅ Pre-Deployment
- [ ] Template Ubuntu 22.04 creato e testato
- [ ] Proxmox backup storage configurato
- [ ] Network bridges configurati
- [ ] Firewall rules create
- [ ] Monitoring dashboard setup
### ✅ Deployment
- [ ] 3 VM create con script automatico
- [ ] SSH keys distribuite
- [ ] Git repository setup
- [ ] NetGescon installato su tutte le VM
- [ ] Database sincronizzato
### ✅ Post-Deployment
- [ ] Backup automatici attivi
- [ ] Monitoring alerts configurati
- [ ] SSL certificati installati
- [ ] Performance tuning applicato
- [ ] Team access configurato
## 💡 TIPS & TRICKS PROXMOX
### Gestione Template
```bash
# Backup template per sicurezza
qm backup 9000 --storage backup-storage
# Update template (clona, aggiorna, riconverti)
qm clone 9000 9001 --full --name ubuntu-netgescon-template-update
# ... aggiornamenti ...
qm template 9001
qm destroy 9000
qm set 9001 --vmid 9000
```
### Resource Management
```bash
# Limite CPU e RAM dinamici
qm set 100 --memory 8192 --cores 6 # Scale up production
qm set 101 --memory 2048 --cores 1 # Scale down development
# Live migration tra nodi Proxmox
qm migrate 100 proxmox-node2 --online
```
### Troubleshooting
```bash
# Log VM
qm monitor 100
info status
info network
# Console accesso diretto
qm terminal 100
# Snapshot per testing
qm snapshot 102 test-before-update
# ... testing ...
qm rollback 102 test-before-update
```
---
## 🎉 RISULTATO FINALE
Con questa configurazione Proxmox avrai un'**architettura enterprise** per NetGescon che garantisce:
-**Performance**: Hardware dedicato per ogni environment
- 🔒 **Sicurezza**: Isolamento e firewall avanzato
- 🔄 **Scalabilità**: Facilmente espandibile
- 💾 **Backup**: Automatico e ridondante
- 👥 **Team Work**: Sviluppo parallelo senza conflitti
- 📊 **Monitoring**: Visibilità completa sistema
**Ready for production deployment!** 🚀
Reference in New Issue View Git Blame Copy Permalink