ENT365 Host Deployment Guide

This guide walks through provisioning a fresh ENT365 workstation or server to run the Michael J Wright Fedora archive stack with Cloudflare connectivity. Follow the sections in order; once complete, the host will replace the office machine while maintaining the same public endpoints.

1. Prerequisites

Requirement	Notes
Windows 11/Server with admin rights	Ensure PowerShell 7+ is available (install from Microsoft Store if needed).
Stable 24/7 connectivity	Wired preferred; latency affects Cloudflare tunnel stability.
Disk space	≥ 100 GB free for Fedora binaries, Postgres, and backups.
Docker Desktop	Download latest release, enable WSL2 backend, and share the project drive.
Cloudflare access	Same account that manages `data.michaeljwright.com.au` and the existing tunnel.
Git + Node.js 18 LTS	Required for repository clone and documentation tooling.
Cloudflare WARP (optional)	Already deployed for Zero Trust routing; confirm it is connected.

2. System Preparation

Install/verify WSL2

wsl --install
wsl --set-default-version 2

Install Docker Desktop
- Turn on “Start Docker Desktop when you log in”.
- Under Settings → Resources → File Sharing, ensure the drive containing the repo (e.g., C:) is shared.

Install supporting tools

winget install --id Git.Git -e
winget install --id OpenJS.NodeJS.LTS -e
winget install --id Cloudflare.cloudflared -e

Login to Cloudflare WARP (if used)
- Confirm the client is connected and assigned to the correct Zero Trust team.

3. Repository Bootstrap

Clone the repository

cd C:\services
git clone https://github.com/Rob142857/fedoraMJWArtist.git
cd fedoraDockerCloudflare

Install npm dependencies
```
npm install
```
Copy and configure environment variables
```
Copy-Item .env.example .env
notepad .env
```
- Provide strong values for Fedora admin/secondary users and Postgres credentials.
- Set FEDORA_TUNNEL_HOSTNAME (optional) to the Cloudflare hostname used for the tunnel.
Review configuration overrides
- docker-compose.yml (service definitions)
- config/tomcat-users.xml (ensure FEDORA_ADMIN/SECONDARY users match .env)
- fcrepo.properties (storage layout)

4. Cloudflare Tunnel Setup

Authenticate cloudflared
```
cloudflared tunnel login
```
Select the michaeljwright.com.au zone.
Create or reuse tunnel
- If reusing: cloudflared tunnel list to find the existing tunnel ID.
- To create new (if migrating):
```
cloudflared tunnel create fedora-ent365
```

Configure tunnel routing

mkdir C:\services\cloudflared
cloudflared tunnel route dns fedora-ent365 fcrepo.michaeljwright.com.au

Set tunnel service configuration (C:\services\cloudflared\config.yml)

tunnel: fedora-ent365
credentials-file: C:\Users\%USERNAME%\.cloudflared\fedora-ent365.json
ingress:
  - hostname: fcrepo.michaeljwright.com.au
    service: http://localhost:8080
  - service: http_status:404

Install tunnel as a service

nssm install Cloudflared "C:\Program Files\cloudflared\cloudflared.exe" "tunnel run fedora-ent365 --config C:\services\cloudflared\config.yml"
nssm start Cloudflared

(Alternatively use cloudflared service install if available.)

5. Configure Cloudflare Worker

Authenticate Wrangler
```
npx wrangler auth login
```

Set the Fedora proxy secret

npx wrangler secret put FEDORA_BASIC_AUTH
# Paste "Basic base64(fedoraAdmin:SuperSecurePassword!)"

Deploy the Worker
```
npm run deploy
```
Confirm the route data.michaeljwright.com.au/fcrepo/* appears in the output.

6. Start the Docker Stack

Run the automation script

pwsh -ExecutionPolicy Bypass -File .\quickstartdockerandcloudflared.ps1 -ForceRestartTunnel

Verify container health

docker compose ps
docker compose logs fcrepo --tail=100

Confirm Fedora API access
- Local: https://localhost:8080/fcrepo/rest/
- Through Worker: https://data.michaeljwright.com.au/fcrepo/rest/

7. Post-Install Validation

Prometheus & Grafana
- http://localhost:9090 and http://localhost:3000
- Update Grafana admin password if not already changed.

Documentation check

npm run build:docs
npm run pages:preview   # optional preview
npm run pages:deploy    # publish to production branch

Backups
- Schedule nightly snapshots of postgres_data and fcrepo_data volumes (refer to docs/fedora-upgrade-guide.md).
Update DNS / Monitoring
- Ensure fcrepo.michaeljwright.com.au resolves to the tunnel.
- Confirm Cloudflare Zero Trust policies reflect the new source IP/connector.
Record the migration
- Update docs/development-roadmap.md with the deployment date.
- Note the new host details in the operations runbook or CMDB.

8. Cut-over Checklist

Fedora REST API reachable via Worker and direct tunnel.
Prometheus and Grafana confirm container health.
Documentation site updated and deployed.
Backups configured and tested.
Cloudflare tunnel service auto-starts on reboot.
Retire or power down the old office host after final verification.

Keep this document updated after each installation or infrastructure change to maintain a reliable reference for future rebuilds.