From 7446318bf38e6328c0fe8a131027c884ecbcea26 Mon Sep 17 00:00:00 2001 From: Martin Porwoll Date: Sat, 14 Feb 2026 17:56:16 +0000 Subject: [PATCH] docs: update Redis auth, PM2 config, and eviction policy documentation Co-Authored-By: Claude Opus 4.6 --- CLAUDE.md | 3 ++- docs/CLAUDE_REFERENCE.md | 3 +++ docs/DEPLOYMENT.md | 10 ++++++---- docs/DEPLOYMENT_STRATEGY.md | 2 +- docs/INFRASTRUCTURE.md | 2 +- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 1dfd553..551b4c7 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -167,7 +167,7 @@ Beispiel: `src/migrations/20260109_020000_add_blogwoman_collections.ts` - **Plugin ImportMap:** Nach Plugin-Änderungen `pnpm payload generate:importmap` - **User-Tenant-Zuweisung:** Neue User müssen manuell Tenants zugewiesen bekommen - **Admin Login:** Custom Route mit Audit-Logging (`src/app/(payload)/api/users/login/route.ts`) -- **Queue Worker:** Benötigt `tsx` als devDependency (TypeScript via PM2) +- **Queue Worker:** PM2 nutzt `node_modules/tsx/dist/cli.mjs` direkt (nicht `npx`), `exec_mode: 'fork'` - **PgBouncer:** Transaction-Mode kann Migrationen stören → `./scripts/db-direct.sh` - **TRUST_PROXY=true:** PFLICHT hinter Reverse-Proxy, sonst funktionieren Rate-Limiting und IP-Allowlists nicht - **CSRF_SECRET:** PFLICHT in Production (oder PAYLOAD_SECRET) - Server startet nicht ohne @@ -374,6 +374,7 @@ Wichtigste Variablen (vollständige Liste in `.env`): | `TRUST_PROXY` | `true` hinter Reverse-Proxy | Ja | | `CSRF_SECRET` | CSRF-Token Secret (oder PAYLOAD_SECRET) | Prod | | `CRON_SECRET` | Auth für Cron-Endpoints | Ja | +| `REDIS_PASSWORD` | Redis Authentifizierung | Ja | | `REDIS_URL` | Redis Cache (localhost:6379) | Optional | | `META_APP_ID/SECRET` | Facebook/Instagram OAuth | Für Community | | `GOOGLE_CLIENT_ID/SECRET` | YouTube OAuth | Für YouTube | diff --git a/docs/CLAUDE_REFERENCE.md b/docs/CLAUDE_REFERENCE.md index 64c2b3c..2cbf33f 100644 --- a/docs/CLAUDE_REFERENCE.md +++ b/docs/CLAUDE_REFERENCE.md @@ -125,6 +125,7 @@ const status = await getPdfJobStatus(job.id) - `QUEUE_RETENTION_CONCURRENCY`: Parallele Retention-Jobs (default: 1) - `QUEUE_DEFAULT_RETRY`: Retry-Versuche (default: 3) - `QUEUE_REDIS_DB`: Redis-Datenbank für Queue (default: 1) +- `REDIS_PASSWORD`: Redis-Authentifizierung (Pflicht) **Dateien:** - `src/lib/queue/queue-service.ts` - Zentrale Queue-Verwaltung @@ -181,6 +182,8 @@ Scheduler (Cron) → Retention Queue (BullMQ) → Retention Worker ## Redis Caching +Redis erfordert Authentifizierung (`REDIS_PASSWORD`). Eviction-Policy: `noeviction` (BullMQ-Anforderung — verhindert Datenverlust bei Queue-Jobs). + ```typescript import { redis } from '@/lib/redis' diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md index a44624c..fe37219 100644 --- a/docs/DEPLOYMENT.md +++ b/docs/DEPLOYMENT.md @@ -304,12 +304,12 @@ module.exports = { }, { name: 'queue-worker', - script: './scripts/run-queue-worker.ts', - interpreter: 'node', - interpreter_args: '--import tsx', + script: 'node_modules/tsx/dist/cli.mjs', + args: 'scripts/run-queue-worker.ts', + exec_mode: 'fork', cwd: '/home/payload/payload-cms', instances: 1, - max_memory_restart: '500M' + max_memory_restart: '768M' } ] } @@ -399,6 +399,7 @@ PORT=3001 # Redis REDIS_URL=redis://localhost:6379 +REDIS_PASSWORD=*** # Security CSRF_SECRET=*** @@ -422,6 +423,7 @@ PORT=3000 # Redis REDIS_URL=redis://localhost:6379 +REDIS_PASSWORD=*** # Security CSRF_SECRET=*** diff --git a/docs/DEPLOYMENT_STRATEGY.md b/docs/DEPLOYMENT_STRATEGY.md index ba99a2a..2366e25 100644 --- a/docs/DEPLOYMENT_STRATEGY.md +++ b/docs/DEPLOYMENT_STRATEGY.md @@ -304,7 +304,7 @@ curl -I https://cms.c2sgmbh.de/admin curl -I https://cms.c2sgmbh.de/api # Redis verbunden? -redis-cli ping +redis-cli -a $REDIS_PASSWORD ping ``` --- diff --git a/docs/INFRASTRUCTURE.md b/docs/INFRASTRUCTURE.md index 8d26c98..de8dd7f 100644 --- a/docs/INFRASTRUCTURE.md +++ b/docs/INFRASTRUCTURE.md @@ -175,7 +175,7 @@ systemctl status frontend-* | PostgreSQL 17 | postgres | 5432 | localhost | ✅ Läuft | | Payload CMS | payload | 3001 | https://cms.c2sgmbh.de | ✅ Läuft | | Umami Analytics | umami | 3000 | https://analytics.c2sgmbh.de | ✅ Läuft | -| Redis Cache | redis | 6379 | localhost | ✅ Läuft | +| Redis Cache | redis | 6379 | localhost (auth: REDIS_PASSWORD, policy: noeviction) | ✅ Läuft | | Nginx | root | 80/443 | Reverse Proxy | ✅ Läuft | ### Deploy