Pikappa2 480e7eafbd 🎯 NETGESCON - Setup iniziale repository completo

📋 Commit iniziale con:
- ✅ Documentazione unificata in docs/
- ✅ Codice Laravel in netgescon-laravel/
- ✅ Script automazione in scripts/
- ✅ Configurazione sync rsync
- ✅ Struttura organizzata e pulita

🔄 Versione: 2025.07.19-1644
🎯 Sistema pronto per Git distribuito

2025-07-19 16:44:47 +02:00

9.5 KiB

Raw Blame History

🏗️ PROXMOX BEST PRACTICES - NETGESCON ENTERPRISE

📋 CONFIGURAZIONE TEMPLATE BASE

1. Creazione Template Ubuntu 22.04 LTS

# Download ISO Ubuntu Server 22.04 LTS
wget https://releases.ubuntu.com/22.04/ubuntu-22.04.3-live-server-amd64.iso

# Configurazione VM Template (Proxmox Web UI)
VM ID: 9000
Nome: ubuntu-netgescon-template
ISO: ubuntu-22.04.3-live-server-amd64.iso
Tipo: Linux (Ubuntu)

2. Specifiche Hardware Template

CPU:
  Cores: 2
  Type: host (migliori performance)
  
Memory:
  RAM: 4096 MB
  Ballooning: Disabilitato
  
Storage:
  Disk: 40 GB (virtio-scsi)
  Cache: Write back
  Format: qcow2
  
Network:
  Bridge: vmbr0
  Model: VirtIO (migliori performance)
  
BIOS:
  Type: OVMF (UEFI)
  Add EFI Disk: Sì

3. Installazione Ubuntu Ottimizzata

# Durante installazione Ubuntu:
Hostname: netgescon-template
Username: netgescon
Password: [password sicura]
SSH Server: ✓ Installa
Snap packages: □ Nessuno

# Partizionamento personalizzato:
/boot/efi: 512 MB (FAT32)
swap: 2 GB
/: resto del disco (ext4)

4. Post-Installazione Template

# Aggiornamento sistema
sudo apt update && sudo apt upgrade -y

# Installazione guest tools
sudo apt install -y qemu-guest-agent
sudo systemctl enable qemu-guest-agent
sudo systemctl start qemu-guest-agent

# Pulizia pre-template
sudo apt autoremove -y
sudo apt autoclean
sudo rm -rf /tmp/*
sudo rm -rf /var/tmp/*
history -c

# Shutdown per conversione template
sudo shutdown -h now

5. Conversione a Template

# In Proxmox shell
qm template 9000

🚀 DEPLOYMENT ARCHITETTURA 3-VM

Configurazione Hardware Differenziata

VM-PRODUCTION (ID: 100)

Name: netgescon-production
Memory: 6144 MB
CPU Cores: 4
Storage: 80 GB SSD
Network: vmbr0 + Firewall
Boot Order: 1 (auto-start)
Protection: ✓ (anti-delete)
Backup: Ogni 6 ore

VM-DEVELOPMENT (ID: 101)

Name: netgescon-development  
Memory: 4096 MB
CPU Cores: 2
Storage: 60 GB
Network: vmbr0
Boot Order: 2
Git Repository: /var/git/netgescon.git
IDE: VS Code Server

VM-CLIENT-TEST (ID: 102)

Name: netgescon-client-test
Memory: 3072 MB
CPU Cores: 2  
Storage: 40 GB
Network: vmbr1 (NAT - simula cliente)
Boot Order: 3
Purpose: Remote update testing

🔧 CONFIGURAZIONE NETWORK AVANZATA

Bridge Configuration

# /etc/network/interfaces (Proxmox host)

# Bridge produzione (sicuro)
auto vmbr0
iface vmbr0 inet static
    address 192.168.1.10/24
    gateway 192.168.1.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

# Bridge sviluppo/test (isolato)
auto vmbr1  
iface vmbr1 inet static
    address 192.168.10.1/24
    bridge_ports none
    bridge_stp off
    bridge_fd 0

Firewall Rules (Proxmox)

# Gruppo: netgescon-production
[group netgescon-production]
IN ACCEPT -p tcp --dport 22  # SSH
IN ACCEPT -p tcp --dport 80  # HTTP
IN ACCEPT -p tcp --dport 443 # HTTPS
IN DROP                      # Default deny

# Gruppo: netgescon-development
[group netgescon-development]
IN ACCEPT -p tcp --dport 22    # SSH
IN ACCEPT -p tcp --dport 8000  # Laravel dev
IN ACCEPT -p tcp --dport 3000  # Node dev server
IN ACCEPT -source 192.168.1.0/24 # Access da produzione

# Gruppo: netgescon-client
[group netgescon-client]
IN ACCEPT -p tcp --dport 22    # SSH
IN ACCEPT -p tcp --dport 80    # HTTP test
IN ACCEPT -source 192.168.1.100 # Solo da produzione

📊 MONITORING E BACKUP

Backup Strategy

# Configurazione backup automatico Proxmox
vzdump 100 --mode snapshot --compress lzo --storage backup-storage --maxfiles 7
vzdump 101 --mode suspend --compress gzip --storage backup-storage --maxfiles 3  
vzdump 102 --mode stop --compress gzip --storage backup-storage --maxfiles 3

# Schedule crontab Proxmox
# Production: ogni 6 ore
0 */6 * * * vzdump 100 --mode snapshot --quiet 1

# Development: giornaliero  
0 2 * * * vzdump 101 --mode suspend --quiet 1

# Client test: settimanale
0 3 * * 0 vzdump 102 --mode stop --quiet 1

Monitoring Setup

# Installazione monitoring tools su Proxmox
apt install -y prometheus-node-exporter
apt install -y grafana

# Configurazione alerts
cat > /etc/prometheus/alert.rules <<EOF
groups:
- name: netgescon
  rules:
  - alert: VMDown
    expr: up{job="netgescon"} == 0
    for: 5m
  - alert: HighCPU
    expr: 100 - (avg(irate(cpu_time_total[5m])) * 100) > 80
  - alert: HighMemory  
    expr: (memory_usage / memory_total) * 100 > 85
EOF

🔄 SINCRONIZZAZIONE E DEPLOYMENT

Git Workflow Multi-VM

# Setup repository centrale su VM-PRODUCTION
git init --bare /var/git/netgescon.git

# Hook post-receive per auto-deploy
cat > /var/git/netgescon.git/hooks/post-receive <<'EOF'
#!/bin/bash
cd /var/www/netgescon/netgescon-laravel
git --git-dir=/var/git/netgescon.git --work-tree=/var/www/netgescon/netgescon-laravel checkout -f main
composer install --no-dev --optimize-autoloader
npm run build
php artisan migrate --force
systemctl reload nginx
EOF

chmod +x /var/git/netgescon.git/hooks/post-receive

Automated Sync Script

#!/bin/bash
# /usr/local/bin/netgescon-sync.sh

PROD_IP="192.168.1.100"
DEV_IP="192.168.1.101"  
CLIENT_IP="192.168.1.102"

# Sync development to client for testing
rsync -avz --exclude='.git' --exclude='vendor' \
  netgescon@$DEV_IP:/var/www/netgescon/ \
  netgescon@$CLIENT_IP:/var/www/netgescon/

# Rebuild on client
ssh netgescon@$CLIENT_IP "cd /var/www/netgescon/netgescon-laravel && composer install && npm run build"

# Run tests
ssh netgescon@$CLIENT_IP "cd /var/www/netgescon/netgescon-laravel && php artisan test"

🛡️ SICUREZZA E HARDENING

VM Security Best Practices

# Configurazione SSH sicura
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "AllowUsers netgescon" >> /etc/ssh/sshd_config

# Firewall locale (ufw)
ufw --force enable
ufw default deny incoming
ufw allow from 192.168.1.0/24 to any port 22
ufw allow 80,443/tcp

# Fail2ban
apt install -y fail2ban
systemctl enable fail2ban

# Automatic security updates
apt install -y unattended-upgrades
echo 'Unattended-Upgrade::Automatic-Reboot "false";' >> /etc/apt/apt.conf.d/50unattended-upgrades

SSL/TLS Configuration

# Certificati SSL con Let's Encrypt
apt install -y certbot python3-certbot-nginx

# Configurazione automatica SSL
certbot --nginx -d netgescon-prod.local --non-interactive --agree-tos --email admin@netgescon.local

# Auto-renewal
echo "0 12 * * * /usr/bin/certbot renew --quiet" | crontab -

📈 PERFORMANCE OPTIMIZATION

Database Tuning

# MySQL configuration per NetGescon
cat > /etc/mysql/mysql.conf.d/netgescon.cnf <<EOF
[mysqld]
# NetGescon specific optimizations
innodb_buffer_pool_size = 2G
innodb_log_file_size = 256M
query_cache_size = 128M
query_cache_limit = 64M
max_connections = 200
tmp_table_size = 64M
max_heap_table_size = 64M
EOF

PHP-FPM Optimization

# Pool configuration per VM
cat > /etc/php/8.2/fpm/pool.d/netgescon.conf <<EOF
[netgescon]
user = www-data
group = www-data
listen = /run/php/php8.2-fpm-netgescon.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 500
EOF

🎯 DEPLOYMENT CHECKLIST

✅ Pre-Deployment

Template Ubuntu 22.04 creato e testato
Proxmox backup storage configurato
Network bridges configurati
Firewall rules create
Monitoring dashboard setup

✅ Deployment

3 VM create con script automatico
SSH keys distribuite
Git repository setup
NetGescon installato su tutte le VM
Database sincronizzato

✅ Post-Deployment

Backup automatici attivi
Monitoring alerts configurati
SSL certificati installati
Performance tuning applicato
Team access configurato

💡 TIPS & TRICKS PROXMOX

Gestione Template

# Backup template per sicurezza
qm backup 9000 --storage backup-storage

# Update template (clona, aggiorna, riconverti)
qm clone 9000 9001 --full --name ubuntu-netgescon-template-update
# ... aggiornamenti ...
qm template 9001
qm destroy 9000
qm set 9001 --vmid 9000

Resource Management

# Limite CPU e RAM dinamici
qm set 100 --memory 8192 --cores 6  # Scale up production
qm set 101 --memory 2048 --cores 1  # Scale down development

# Live migration tra nodi Proxmox
qm migrate 100 proxmox-node2 --online

Troubleshooting

# Log VM
qm monitor 100
info status
info network

# Console accesso diretto
qm terminal 100

# Snapshot per testing
qm snapshot 102 test-before-update
# ... testing ...
qm rollback 102 test-before-update

🎉 RISULTATO FINALE

Con questa configurazione Proxmox avrai un'architettura enterprise per NetGescon che garantisce:

⚡ Performance: Hardware dedicato per ogni environment
🔒 Sicurezza: Isolamento e firewall avanzato
🔄 Scalabilità: Facilmente espandibile
💾 Backup: Automatico e ridondante
👥 Team Work: Sviluppo parallelo senza conflitti
📊 Monitoring: Visibilità completa sistema

Ready for production deployment! 🚀

9.5 KiB Raw Blame History

🏗️ PROXMOX BEST PRACTICES - NETGESCON ENTERPRISE

📋 CONFIGURAZIONE TEMPLATE BASE

1. Creazione Template Ubuntu 22.04 LTS

2. Specifiche Hardware Template

3. Installazione Ubuntu Ottimizzata

4. Post-Installazione Template

5. Conversione a Template

🚀 DEPLOYMENT ARCHITETTURA 3-VM

Configurazione Hardware Differenziata

VM-PRODUCTION (ID: 100)

VM-DEVELOPMENT (ID: 101)

VM-CLIENT-TEST (ID: 102)

🔧 CONFIGURAZIONE NETWORK AVANZATA

Bridge Configuration

Firewall Rules (Proxmox)

📊 MONITORING E BACKUP

Backup Strategy

Monitoring Setup

🔄 SINCRONIZZAZIONE E DEPLOYMENT

Git Workflow Multi-VM

Automated Sync Script

🛡️ SICUREZZA E HARDENING

VM Security Best Practices

SSL/TLS Configuration

📈 PERFORMANCE OPTIMIZATION

Database Tuning

PHP-FPM Optimization

🎯 DEPLOYMENT CHECKLIST

✅ Pre-Deployment

✅ Deployment

✅ Post-Deployment

💡 TIPS & TRICKS PROXMOX

Gestione Template

Resource Management

Troubleshooting

🎉 RISULTATO FINALE

9.5 KiB

Raw Blame History