# LittleShop Standalone Deployment Guide

## Overview
This package contains everything needed to deploy LittleShop as a standalone service on the Hostinger VPS with localhost-only binding for security.

## Architecture
- **Binding**: localhost only (127.0.0.1:5000)
- **Service**: systemd managed service
- **User**: www-data (non-root)
- **Database**: SQLite (local file)
- **Logs**: /opt/littleshop/logs/

## Quick Deployment

1. **Transfer files to server**:
```bash
# From your local machine
tar -czf littleshop-deploy.tar.gz -C /mnt/c/Production/Source/LittleShop/LittleShop/publish .
scp -P 2255 littleshop-deploy.tar.gz root@srv1002428.hstgr.cloud:/tmp/
```

2. **On the server**:
```bash
cd /tmp
tar -xzf littleshop-deploy.tar.gz
chmod +x deploy.sh
sudo ./deploy.sh
```

## Configuration

### Essential Settings
Edit `/opt/littleshop/appsettings.Localhost.json`:

1. **JWT Secret** (REQUIRED):
   - Generate a secure key (minimum 32 characters)
   - Example: `openssl rand -base64 32`

2. **SilverPay Integration**:
   - Set your API key and webhook secret
   - Ensure SilverPay can reach your webhook endpoint

3. **Database**:
   - SQLite database auto-created on first run
   - Location: `/opt/littleshop/littleshop-production.db`

## Service Management

### Check Status
```bash
systemctl status littleshop
```

### View Logs
```bash
# System logs
journalctl -u littleshop -f

# Application logs
tail -f /opt/littleshop/logs/littleshop-*.log
```

### Restart Service
```bash
systemctl restart littleshop
```

### Stop/Start Service
```bash
systemctl stop littleshop
systemctl start littleshop
```

## Nginx Reverse Proxy (Optional)

To expose the service externally through nginx:

1. Copy nginx config:
```bash
cp nginx-littleshop.conf /etc/nginx/sites-available/littleshop
ln -s /etc/nginx/sites-available/littleshop /etc/nginx/sites-enabled/
```

2. Test and reload nginx:
```bash
nginx -t
systemctl reload nginx
```

3. Set up SSL (recommended):
```bash
certbot --nginx -d srv1002428.hstgr.cloud
```

## Security Notes

1. **Localhost Binding**: Service only listens on 127.0.0.1:5000
2. **Non-root User**: Runs as www-data user
3. **Systemd Hardening**:
   - PrivateTmp=true
   - NoNewPrivileges=true
   - ProtectSystem=strict
   - ProtectHome=true
4. **File Permissions**: Restrictive permissions on all files

## Testing

### Local Health Check
```bash
curl http://127.0.0.1:5000/api/health
```

### API Documentation
Access Swagger UI locally:
```bash
ssh -L 5000:127.0.0.1:5000 -p 2255 root@srv1002428.hstgr.cloud
# Then open browser to: http://localhost:5000/swagger
```

## Troubleshooting

### Service Won't Start
```bash
# Check logs
journalctl -u littleshop -n 100

# Check .NET runtime
dotnet --info

# Check permissions
ls -la /opt/littleshop/
```

### Database Issues
```bash
# Check database file
ls -la /opt/littleshop/*.db

# Reset database (WARNING: deletes all data)
systemctl stop littleshop
rm /opt/littleshop/littleshop-production.db*
systemctl start littleshop
```

### Port Already in Use
```bash
# Check what's using port 5000
ss -tulpn | grep :5000

# Change port in appsettings.Localhost.json if needed
```

## Updates

To update the application:

1. Build new version locally
2. Transfer to server
3. Stop service: `systemctl stop littleshop`
4. Backup database: `cp /opt/littleshop/*.db /backup/`
5. Copy new files to `/opt/littleshop/`
6. Start service: `systemctl start littleshop`

## Integration Points

### SilverPay Webhook
- Endpoint: `http://127.0.0.1:5000/api/orders/payments/webhook`
- Configure in SilverPay to point to your public URL

### TeleBot Integration
- Configure TeleBot API URL and key in appsettings
- Ensure TeleBot can reach the API endpoints

## Monitoring

### Health Check
```bash
# Add to crontab for monitoring
*/5 * * * * curl -f http://127.0.0.1:5000/api/health || systemctl restart littleshop
```

### Disk Usage
```bash
# Check database size
du -h /opt/littleshop/*.db

# Check log size
du -sh /opt/littleshop/logs/
```

## Backup

### Database Backup
```bash
# Create backup
sqlite3 /opt/littleshop/littleshop-production.db ".backup /backup/littleshop-$(date +%Y%m%d).db"

# Restore backup
systemctl stop littleshop
cp /backup/littleshop-20250123.db /opt/littleshop/littleshop-production.db
chown www-data:www-data /opt/littleshop/littleshop-production.db
systemctl start littleshop
```

## Support

For issues or questions:
- Check application logs first
- Review this documentation
- Check service status and system logs