Dockerfile.prod

@@ -0,0 +1,48 @@
+# Use the official PHP 5.6 Apache image for classic mod_php
+FROM php:5.6-apache
+
+# Install required system libraries and PHP extensions for CakePHP
+RUN sed -i 's|http://deb.debian.org/debian|http://archive.debian.org/debian|g' /etc/apt/sources.list && \
+    sed -i 's|http://security.debian.org/debian-security|http://archive.debian.org/debian-security|g' /etc/apt/sources.list && \
+    sed -i '/stretch-updates/d' /etc/apt/sources.list && \
+    echo 'Acquire::AllowInsecureRepositories "true";' > /etc/apt/apt.conf.d/99allow-insecure && \
+    echo 'Acquire::AllowDowngradeToInsecureRepositories "true";' >> /etc/apt/apt.conf.d/99allow-insecure && \
+    apt-get update && \
+    apt-get install --allow-unauthenticated -y libc-client2007e-dev libkrb5-dev libpng-dev libjpeg-dev libfreetype6-dev libcurl4-openssl-dev libxml2-dev libssl-dev libmcrypt-dev libicu-dev && \
+    docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && \
+    docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
+    docker-php-ext-install mysql mbstring gd curl imap
+
+# Set environment variables.
+ENV HOME /root
+
+# Define working directory.
+WORKDIR /root
+
+ARG COMMIT
+ENV COMMIT_SHA=${COMMIT}
+
+EXPOSE 80
+
+# Copy vhost config to Apache's sites-available
+ADD conf/apache-vhost.conf /etc/apache2/sites-available/cmc-sales.conf
+ADD conf/ripmime /bin/ripmime
+
+RUN chmod +x /bin/ripmime \
+    && a2ensite cmc-sales \
+    && a2dissite 000-default \
+    && a2enmod rewrite \
+    && a2enmod headers
+
+# Copy site into place.
+ADD . /var/www/cmc-sales
+ADD app/config/database.php /var/www/cmc-sales/app/config/database.php
+RUN mkdir /var/www/cmc-sales/app/tmp
+RUN mkdir /var/www/cmc-sales/app/tmp/logs
+RUN chmod -R 755 /var/www/cmc-sales/app/tmp
+RUN chmod +x /var/www/cmc-sales/run_vault.sh
+
+# Ensure CakePHP tmp directory is writable by web server
+RUN chmod -R 777 /var/www/cmc-sales/app/tmp
+# By default, simply start apache.
+CMD /usr/sbin/apache2ctl -D FOREGROUND

Dockerfile.prod.db

@@ -0,0 +1,12 @@
+# Use the same content as Dockerfile.stg.db, but for prod. If you want to customize, edit this file.
+# For now, copy the staging DB Dockerfile and adjust as needed for production.
+FROM mysql:5.7
+
+ENV MYSQL_ROOT_PASSWORD=secureRootPassword
+ENV MYSQL_DATABASE=cmc
+ENV MYSQL_USER=cmc
+ENV MYSQL_PASSWORD=xVRQI&cA?7AU=hqJ!%au
+
+EXPOSE 3306
+
+VOLUME ["/var/lib/mysql"]

Dockerfile.prod.go

@@ -0,0 +1,20 @@
+FROM golang:1.24-alpine AS builder
+
+RUN apk add --no-cache git
+WORKDIR /app
+COPY go-app/go.mod go-app/go.sum ./
+RUN go mod download
+COPY go-app/ .
+RUN go install github.com/sqlc-dev/sqlc/cmd/sqlc@latest
+RUN sqlc generate
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o server cmd/server/main.go
+
+FROM alpine:latest
+RUN apk --no-cache add ca-certificates
+WORKDIR /root/
+COPY --from=builder /app/server .
+COPY go-app/templates ./templates
+COPY go-app/static ./static
+COPY go-app/.env.example .env
+EXPOSE 8082
+CMD ["./server"]

app/config/core.php

@@ -62,11 +62,21 @@ $host = $_SERVER['HTTP_HOST'];
 //   'timeout' => '30',
 //   'host' => '172.17.0.1'));
 
-// SMTP settings for staging
-Configure::write('smtp_settings', array(
-  'port' => '1025',
-  'timeout' => '30',
-  'host' => 'mailpit'));
+
+// SMTP settings for production
+if (in_array($host, $production_hosts)) {
+  Configure::write('smtp_settings', array(
+    'port' => '25',
+    'timeout' => '30',
+    'host' => '172.17.0.1'
+  ));
+} else {
+  // SMTP settings for staging
+  Configure::write('smtp_settings', array(
+    'port' => '1025',
+    'timeout' => '30',
+    'host' => 'mailpit'));
+}
 
 
 // Mailhog SMTP settings for local development

conf/nginx-site.prod.conf

@@ -0,0 +1,26 @@
+server {
+        server_name cmclocal;
+        auth_basic_user_file /etc/nginx/userpasswd;
+        auth_basic "Restricted";
+        location /go/ {
+             proxy_pass http://cmc-prod-go:8082;
+             proxy_read_timeout 300s;
+             proxy_set_header Host $host;
+             proxy_set_header X-Real-IP $remote_addr;
+             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+             proxy_set_header X-Forwarded-Proto $scheme;
+        }
+        location / {
+             proxy_pass http://cmc-prod-php:80;
+             proxy_read_timeout 300s;
+             proxy_set_header Host $host;
+             proxy_set_header X-Real-IP $remote_addr;
+             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+             proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+    listen 0.0.0.0:80;
+#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}

deploy/deploy-prod.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+# Deploy production environment for cmc-sales
+
+# Usage: ./deploy-prod.sh [--no-cache]
+
+USE_CACHE=true
+for arg in "$@"; do
+  if [[ "$arg" == "--no-cache" ]]; then
+    USE_CACHE=false
+    echo "No cache flag detected: will rebuild images without cache."
+  fi
+done
+if [[ "$USE_CACHE" == "true" ]]; then
+  echo "Using cached layers for docker build."
+fi
+
+echo "Starting production deployment for cmc-sales..."
+echo "Setting variables..."
+SERVER="cmc-sales"
+REPO="git@code.springupsoftware.com:cmc/cmc-sales.git"
+BRANCH="master"
+PROD_DIR="cmc-sales-prod"
+    
+echo "Connecting to server $SERVER via SSH..."
+# Pass variables into SSH session
+ssh $SERVER \
+  "SERVER=$SERVER REPO='$REPO' BRANCH='$BRANCH' PROD_DIR='$PROD_DIR' USE_CACHE='$USE_CACHE' bash -s" << 'ENDSSH'
+  set -e
+  echo "Connected to $SERVER."
+  cd /home/cmc
+  # Clone or update production branch
+  if [ -d "$PROD_DIR" ]; then
+    echo "Updating existing production directory $PROD_DIR..."
+    cd "$PROD_DIR"
+    git fetch origin
+    git checkout $BRANCH
+    git reset --hard origin/$BRANCH
+  else
+    echo "Cloning repository $REPO to $PROD_DIR..."
+    git clone -b $BRANCH $REPO $PROD_DIR
+    cd "$PROD_DIR"
+  fi
+
+    # Create .env file for go-app if it doesn't exist
+  ENV_PATH="/home/cmc/$PROD_DIR/go-app/.env"
+  echo "(Re)creating .env file for go-app..."
+  cat > "$ENV_PATH" <<'ENVEOF'
+# Database configuration
+DB_HOST=db
+DB_PORT=3306
+DB_USER=cmc
+DB_PASSWORD=xVRQI&cA?7AU=hqJ!%au
+DB_NAME=cmc
+
+# Root database password (for dbshell-root)
+DB_ROOT_PASSWORD=secureRootPassword
+
+# Environment variables for Go app mail configuration
+SMTP_HOST="172.17.0.1"
+SMTP_PORT=25
+SMTP_USER=""
+SMTP_PASS=""
+SMTP_FROM="CMC Sales <sales@cmctechnologies.com.au>"
+ENVEOF
+
+  if [[ "$USE_CACHE" == "false" ]]; then
+    echo "Building and starting docker compose for production (no cache)..."
+    docker compose -f docker-compose.prod.yml build --no-cache
+    docker compose -f docker-compose.prod.yml up -d --remove-orphans
+  else
+    echo "Building and starting docker compose for production (using cache)..."
+    docker compose -f docker-compose.prod.yml build
+    docker compose -f docker-compose.prod.yml up -d --remove-orphans
+  fi
+
+  echo "Checking running containers..."
+  echo "Production deployment complete."
+ENDSSH

docker-compose.prod.yml

@@ -0,0 +1,96 @@
+services:
+  nginx:
+    image: nginx:latest
+    container_name: cmc-prod-nginx
+    hostname: nginx-prod
+    ports:
+      - "80:80"  # Production nginx on standard port
+    volumes:
+      - ./conf/nginx-site.conf:/etc/nginx/conf.d/cmc.conf
+      - ./userpasswd:/etc/nginx/userpasswd:ro
+    depends_on:
+      - cmc-prod-php
+    restart: unless-stopped
+    networks:
+      - cmc-prod-network
+
+  cmc-prod-php:
+    build:
+      context: .
+      dockerfile: Dockerfile.prod
+    container_name: cmc-prod-php
+    environment:
+      MAIL_HOST: 172.17.0.1
+      MAIL_PORT: 25
+      DB_HOST: db
+      DB_PORT: 3306
+      DB_USER: cmc
+      DB_PASSWORD: xVRQI&cA?7AU=hqJ!%au
+      DB_NAME: cmc
+    volumes:
+      - ./userpasswd:/etc/nginx/userpasswd:ro
+    networks:
+      - cmc-prod-network
+    restart: unless-stopped
+    depends_on:
+      - db
+
+  cmc-prod-go:
+    build:
+      context: .
+      dockerfile: Dockerfile.prod.go
+    container_name: cmc-prod-go
+    environment:
+      DB_HOST: db
+      DB_PORT: 3306
+      DB_USER: cmc
+      DB_PASSWORD: xVRQI&cA?7AU=hqJ!%au
+      DB_NAME: cmc
+      PORT: 8082
+      SMTP_HOST: 172.17.0.1
+      SMTP_PORT: 25
+      SMTP_USER: ""
+      SMTP_PASS: ""
+      SMTP_FROM: "sales@cmctechnologies.com.au"
+    ports:
+      - "8082:8082"
+    volumes:
+      - /var/www/cmc-sales/app/webroot/pdf:/root/webroot/pdf:ro
+    networks:
+      - cmc-prod-network
+    restart: unless-stopped
+    depends_on:
+      - db
+
+  db:
+    build:
+      context: .
+      dockerfile: Dockerfile.prod.db
+    container_name: cmc-prod-db
+    environment:
+      MYSQL_ROOT_PASSWORD: secureRootPassword
+      MYSQL_DATABASE: cmc
+      MYSQL_USER: cmc
+      MYSQL_PASSWORD: xVRQI&cA?7AU=hqJ!%au
+    volumes:
+      - db_data:/var/lib/mysql
+    ports:
+      - "3306:3306"
+    networks:
+      - cmc-prod-network
+
+  mailpit:
+    image: axllent/mailpit:latest
+    container_name: mailpit
+    ports:
+      - "8025:8025"  # Mailpit web UI
+      - "1025:1025"  # SMTP
+    networks:
+      - cmc-prod-network
+    restart: unless-stopped
+
+networks:
+  cmc-prod-network:
+
+volumes:
+  db_data: