From b6c7e96823fc8d6969ea34b059ce063cdd192784 Mon Sep 17 00:00:00 2001 From: TheFlow Date: Tue, 14 Oct 2025 15:45:39 +1300 Subject: [PATCH] docs: fix rsync deployment issue and create deployment script Problem: rsync with trailing slashes copied directory contents to wrong location Solution: Created automated deployment script with correct patterns Changes: - Created scripts/deploy-security-middleware.sh (automated deployment) - Created docs/DEPLOYMENT_RSYNC_PATTERNS.md (rsync best practices) - Cleaned up incorrectly placed files on production - Documented trailing slash behavior and correct patterns This prevents future deployment issues and provides reliable automation. --- docs/DEPLOYMENT_RSYNC_PATTERNS.md | 123 ++++++++++++++++++++++++++ scripts/deploy-security-middleware.sh | 69 +++++++++++++++ 2 files changed, 192 insertions(+) create mode 100644 docs/DEPLOYMENT_RSYNC_PATTERNS.md create mode 100755 scripts/deploy-security-middleware.sh diff --git a/docs/DEPLOYMENT_RSYNC_PATTERNS.md b/docs/DEPLOYMENT_RSYNC_PATTERNS.md new file mode 100644 index 00000000..79681052 --- /dev/null +++ b/docs/DEPLOYMENT_RSYNC_PATTERNS.md @@ -0,0 +1,123 @@ +# Rsync Deployment Patterns for Tractatus + +## Issue Discovered: 2025-10-14 + +During Phase 0 security deployment, files were deployed to incorrect locations due to rsync trailing slash behavior. + +### Problem: Trailing Slash Behavior + +**Incorrect command** (deployed contents to wrong location): +```bash +rsync -avz src/middleware/ src/routes/ user@host:/var/www/tractatus/ +``` + +**What happened:** +- `src/middleware/` with trailing slash = "copy contents of middleware/" +- Files ended up in `/var/www/tractatus/` root instead of `/var/www/tractatus/src/middleware/` +- All middleware and route files were dumped into root directory + +### Correct Patterns + +#### Pattern 1: Deploy directory contents to matching destination structure +```bash +# Deploy middleware files to remote middleware directory +rsync -avz src/middleware/ user@host:/var/www/tractatus/src/middleware/ + +# Deploy routes files to remote routes directory +rsync -avz src/routes/ user@host:/var/www/tractatus/src/routes/ +``` + +**Key:** Trailing slash on both source AND destination = copy contents into destination directory + +#### Pattern 2: Deploy entire directory tree +```bash +# Deploy entire src/ directory preserving structure +rsync -avz src/ user@host:/var/www/tractatus/src/ +``` + +**Key:** Trailing slash on source, matching destination = preserve structure + +#### Pattern 3: Deploy specific files +```bash +# Deploy individual files +rsync -avz src/server.js src/utils/security-logger.js \ + user@host:/var/www/tractatus/src/ +``` + +**Key:** No trailing slash on files + +### Rsync Trailing Slash Rules + +| Source | Destination | Result | +|--------|-------------|---------| +| `dir/` | `/dest/` | Copies **contents** of dir into /dest/ | +| `dir` | `/dest/` | Creates `/dest/dir/` with contents | +| `dir/` | `/dest/dir/` | Copies contents into existing /dest/dir/ | +| `file.js` | `/dest/` | Copies file.js into /dest/ | + +### Recommended Approach + +Use the automated deployment script: +```bash +./scripts/deploy-security-middleware.sh +``` + +This script uses correct patterns and handles: +- ✅ Directory structure preservation +- ✅ File permissions (D755 for dirs, F644 for files) +- ✅ Service restart +- ✅ Status verification + +### Manual Deployment (if needed) + +```bash +# 1. Deploy middleware +rsync -avz --chmod=D755,F644 -e "ssh -i ~/.ssh/tractatus_deploy" \ + src/middleware/ \ + ubuntu@vps-93a693da.vps.ovh.net:/var/www/tractatus/src/middleware/ + +# 2. Deploy routes +rsync -avz --chmod=D755,F644 -e "ssh -i ~/.ssh/tractatus_deploy" \ + src/routes/ \ + ubuntu@vps-93a693da.vps.ovh.net:/var/www/tractatus/src/routes/ + +# 3. Deploy server and utils +rsync -avz --chmod=D755,F644 -e "ssh -i ~/.ssh/tractatus_deploy" \ + src/server.js src/utils/security-logger.js \ + ubuntu@vps-93a693da.vps.ovh.net:/var/www/tractatus/src/ + +# 4. Restart service +ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net \ + "sudo systemctl restart tractatus" +``` + +### Cleanup After Incorrect Deployment + +If files end up in the wrong location: + +```bash +# SSH to server +ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net + +# Remove incorrectly placed files from root +cd /var/www/tractatus +rm -f *.routes.js *.middleware.js index.js + +# Verify correct locations +ls src/middleware/*.js +ls src/routes/*.js + +# Re-deploy using correct pattern +``` + +### Prevention + +1. **Always** use the deployment script when possible +2. **Test** rsync commands with `--dry-run` first +3. **Verify** destination paths include full directory structure +4. **Remember** trailing slash = "contents", no slash = "directory itself" + +--- + +**Last Updated:** 2025-10-14 +**Issue Resolved:** Files cleaned up and correct deployment script created diff --git a/scripts/deploy-security-middleware.sh b/scripts/deploy-security-middleware.sh new file mode 100755 index 00000000..9452c784 --- /dev/null +++ b/scripts/deploy-security-middleware.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +############################################################################### +# Tractatus Security Middleware Deployment Script +# Deploys security middleware and routes to production with correct structure +############################################################################### + +set -e # Exit on error + +# Configuration +REMOTE_USER="ubuntu" +REMOTE_HOST="vps-93a693da.vps.ovh.net" +SSH_KEY="$HOME/.ssh/tractatus_deploy" +REMOTE_PATH="/var/www/tractatus" +LOCAL_PATH="/home/theflow/projects/tractatus" + +echo "=========================================" +echo "Tractatus Security Deployment" +echo "=========================================" +echo "" + +# Verify we're in the correct directory +if [ ! -f "package.json" ] || [ ! -d "src/middleware" ]; then + echo "❌ Error: Must run from tractatus project root" + exit 1 +fi + +echo "📋 Deploying files to production..." +echo "" + +# Deploy security middleware +echo "1. Deploying security middleware..." +rsync -avz --chmod=D755,F644 -e "ssh -i $SSH_KEY" \ + src/middleware/ \ + ${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/src/middleware/ + +# Deploy routes +echo "2. Deploying routes..." +rsync -avz --chmod=D755,F644 -e "ssh -i $SSH_KEY" \ + src/routes/ \ + ${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/src/routes/ + +# Deploy server.js and utils +echo "3. Deploying server.js and utilities..." +rsync -avz --chmod=D755,F644 -e "ssh -i $SSH_KEY" \ + src/server.js \ + src/utils/security-logger.js \ + ${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/src/ + +# Verify deployment +echo "" +echo "✅ Files deployed successfully" +echo "" + +# Restart service +echo "🔄 Restarting Tractatus service..." +ssh -i $SSH_KEY ${REMOTE_USER}@${REMOTE_HOST} "sudo systemctl restart tractatus" + +sleep 3 + +# Check status +echo "" +echo "📊 Service status:" +ssh -i $SSH_KEY ${REMOTE_USER}@${REMOTE_HOST} "sudo systemctl status tractatus --no-pager -l | head -15" + +echo "" +echo "=========================================" +echo "✨ Deployment complete!" +echo "========================================="