torrust
diff --git a/‎Makefile‎
Lines changed: 3 additions & 2 deletions b/‎Makefile‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎docs/testing/manual-sessions/2025-01-08-issue-28-phase-4-7-staging.md‎
Lines changed: 65 additions & 1 deletion b/‎docs/testing/manual-sessions/2025-01-08-issue-28-phase-4-7-staging.md‎
Lines changed: 65 additions & 1 deletion
diff --git a/‎infrastructure/config/README.md‎
Lines changed: 265 additions & 0 deletions b/‎infrastructure/config/README.md‎
Lines changed: 265 additions & 0 deletions
@@ -13,8 +13,9 @@
 ENVIRONMENT_TYPE ?= development
 ENVIRONMENT_FILE ?= development-libvirt
 
-# Test directories
+# Directory paths
 INFRA_TESTS_DIR = infrastructure/tests
+SCRIPTS_DIR = infrastructure/scripts
 
 # Default target - show help when no target specified
 .DEFAULT_GOAL := help
@@ -207,7 +208,7 @@ infra-config: ## Generate environment configuration (requires ENVIRONMENT_TYPE a
 
 infra-validate-config: ## Validate configuration for all environments
 	@echo "Validating configuration..."
-	$(SCRIPTS_DIR)/validate-config.sh
+	$(SCRIPTS_DIR)/validate-config.sh $(ENVIRONMENT_FILE)
 
 infra-test-prereq: ## Test system prerequisites for development
 	@echo "Testing prerequisites..."
 
@@ -358,7 +358,71 @@ curl -I https://grafana.torrust-demo.dev
 
 ## Notes and Observations
 
-[This section will be populated during testing execution]
+### Current Test Session Status (2025-08-06)
+
+**Infrastructure Deployment**: ✅ **COMPLETED**
+
+- Hetzner Cloud server created successfully (ID: 106142302)
+- Server IP: 188.245.95.154
+- Server type: cx32 (4 vCPU, 8GB RAM, 160GB SSD NVMe)
+- Location: fsn1 (Falkenstein, Germany)
+
+**Application Deployment**: ✅ **COMPLETED**
+
+- All 5 Docker containers running successfully:
+  - mysql: Up 8 minutes (healthy)
+  - tracker: Up 8 minutes (healthy)
+  - prometheus: Up 8 minutes
+  - grafana: Up 8 minutes
+  - proxy (nginx): Up and stable after SSL certificate fix
+
+**SSL Certificate Status**: ✅ **RESOLVED**
+
+- Initial issue: SSL certificates generated for test.local domains instead of staging domains
+- Resolution: Regenerated certificates for tracker.torrust-demo.dev and grafana.torrust-demo.dev
+- nginx proxy now loads SSL certificates successfully
+- HTTPS endpoints accessible via localhost
+
+**Current Testing Limitation**: ⚠️ **FLOATING IP CONFIGURATION REQUIRED**
+
+**Issue Description**: The floating IP `78.47.140.132` is not currently assigned to the new
+server `188.245.95.154`. This means:
+
+- External domain access (tracker.torrust-demo.dev) does not work
+- DNS records point to floating IP, but floating IP doesn't route to server
+- Local testing via server IP (188.245.95.154) works correctly
+
+**Technical Solution**: According to
+[Hetzner documentation](https://docs.hetzner.com/cloud/floating-ips/persistent-configuration/),
+the floating IP can be assigned via:
+
+1. **Temporary assignment** (for testing):
+
+   ```bash
+   sudo ip addr add 78.47.140.132 dev eth0
+   ```
+
+2. **Persistent assignment** (for production):
+   - Configure via Hetzner Cloud Console
+   - Update network configuration on server
+   - Ensure proper routing configuration
+
+**Current Workaround**: Testing continues using server IP `188.245.95.154` directly until
+floating IP configuration is completed.
+
+**Test Results with Server IP**:
+
+- ✅ Health check endpoint: `{"status":"Ok"}`
+- ⚠️ Stats API endpoint: Token needs configuration (currently shows placeholder)
+- ✅ All Docker services running healthy
+- ✅ nginx proxy serving HTTPS correctly
+
+**Next Steps Required**:
+
+1. Configure floating IP assignment in Hetzner Cloud Console
+2. Update server network configuration to use floating IP
+3. Verify external domain access works correctly
+4. Complete functional testing with proper admin token
 
 ## Issue #28 Integration
 
 
@@ -0,0 +1,265 @@
+# Infrastructure Configuration Architecture
+
+This directory contains the configuration architecture for managing deployments across
+different environments and infrastructure providers.
+
+## 🏗️ Architectural Overview
+
+The configuration system uses a **three-layer architecture** to cleanly separate concerns:
+
+```text
+Provider Type → Provider Context → Environment Configuration
+```
+
+### 1. **Provider Type** (Hosting Company)
+
+- **What**: Templates for different hosting companies/platforms
+- **Where**: `templates/providers/`
+- **Examples**: `hetzner.env.tpl`, `aws.env.tpl`, `digitalocean.env.tpl`, `libvirt.env.tpl`
+- **Purpose**: Defines what configuration variables each provider type requires
+- **Versioned**: Templates are committed to git for reference
+
+### 2. **Provider Context** (Specific Credentials & Configuration)
+
+- **What**: Actual credentials and resource specifications for a specific provider account
+- **Where**: `providers/`
+- **Examples**: `hetzner-staging.env`, `hetzner-production.env`, `aws-dev.env`
+- **Purpose**: Real API tokens, server types, locations, account-specific settings
+- **Security**: Files are git-ignored and contain sensitive information
+
+### 3. **Environment Configuration** (Deployment Target)
+
+- **What**: Complete configuration for a specific deployment environment
+- **Where**: `environments/`
+- **Examples**: `staging-hetzner-staging.env`, `production-hetzner-production.env`
+- **Purpose**: Combines application config + infrastructure config for deployment
+- **Security**: Files are git-ignored and contain sensitive information
+
+## 🔄 Configuration Flow
+
+### Example: Staging Deployment on Hetzner
+
+1. **Provider Type**: `hetzner` (uses `templates/providers/hetzner.env.tpl`)
+2. **Provider Context**: `hetzner-staging` (uses `providers/hetzner-staging.env`)
+3. **Environment**: `staging-hetzner-staging` (uses `environments/staging-hetzner-staging.env`)
+
+### Configuration Variables in Environment File
+
+```bash
+# Environment identification
+ENVIRONMENT_TYPE=staging
+
+# Provider identification
+PROVIDER=hetzner                    # Points to terraform/providers/hetzner/
+PROVIDER_CONTEXT=hetzner-staging    # Points to providers/hetzner-staging.env
+
+# Application configuration (common across providers)
+TRACKER_DOMAIN=tracker.staging.example.com
+GRAFANA_DOMAIN=grafana.staging.example.com
+SSL_EMAIL=admin@example.com
+
+# Infrastructure configuration (provider-specific, inherited from provider context)
+HETZNER_SERVER_TYPE=cx31
+HETZNER_LOCATION=nbg1
+HETZNER_API_TOKEN=xxx
+```
+
+## 📁 Directory Structure
+
+```text
+infrastructure/config/
+├── README.md                           # ← This file (architecture overview)
+│
+├── templates/                          # Template files (committed to git)
+│   ├── providers/                      # Provider type templates
+│   │   ├── hetzner.env.tpl            # Hetzner Cloud provider template
+│   │   ├── aws.env.tpl                # AWS provider template (future)
+│   │   ├── digitalocean.env.tpl       # DigitalOcean provider template (future)
+│   │   └── libvirt.env.tpl            # libvirt provider template
+│   ├── environments/                   # Environment templates
+│   │   ├── base.env.tpl               # Base environment template
+│   │   ├── development.env.tpl        # Development environment template
+│   │   ├── staging.env.tpl            # Staging environment template
+│   │   └── production.env.tpl         # Production environment template
+│   └── application/                    # Application configuration templates
+│       └── ...                        # Docker, nginx, service configs
+│
+├── providers/                          # Provider contexts (git-ignored)
+│   ├── .gitignore                     # Ignores *.env files
+│   ├── README.md                      # Provider context documentation
+│   ├── hetzner-staging.env            # Hetzner staging account credentials
+│   ├── hetzner-production.env         # Hetzner production account credentials
+│   └── libvirt.env                    # Local libvirt configuration
+│
+└── environments/                       # Environment configurations (git-ignored)
+    ├── .gitignore                     # Ignores *.env files
+    ├── README.md                      # Environment configuration documentation
+    ├── development-libvirt.env        # Development using libvirt
+    ├── staging-hetzner-staging.env    # Staging using Hetzner staging account
+    └── production-hetzner-production.env # Production using Hetzner production account
+```
+
+## 🎯 Usage Examples
+
+### Creating a New Environment
+
+#### Option 1: Using Generation Scripts (Recommended)
+
+```bash
+# Generate staging environment using Hetzner staging provider
+./infrastructure/scripts/configure-env.sh staging hetzner-staging
+
+# This creates: environments/staging-hetzner-staging.env
+# Using templates: templates/environments/staging.env.tpl + providers/hetzner-staging.env
+```
+
+#### Option 2: Manual Creation
+
+```bash
+# 1. Copy environment template
+cp templates/environments/staging.env.tpl environments/my-staging.env
+
+# 2. Set provider information
+echo "PROVIDER=hetzner" >> environments/my-staging.env
+echo "PROVIDER_CONTEXT=hetzner-staging" >> environments/my-staging.env
+
+# 3. Customize application settings
+vim environments/my-staging.env
+```
+
+### Deployment Commands
+
+```bash
+# Deploy staging environment
+make infra-apply ENVIRONMENT_TYPE=staging ENVIRONMENT_FILE=staging-hetzner-staging
+make app-deploy ENVIRONMENT_TYPE=staging ENVIRONMENT_FILE=staging-hetzner-staging
+
+# Deploy production environment
+make infra-apply ENVIRONMENT_TYPE=production ENVIRONMENT_FILE=production-hetzner-production
+make app-deploy ENVIRONMENT_TYPE=production ENVIRONMENT_FILE=production-hetzner-production
+```
+
+## 🔐 Security Model
+
+### Git-Ignored Files (Sensitive Data)
+
+- `providers/*.env` - Contains API tokens, credentials
+- `environments/*.env` - Contains complete deployment configuration
+- These files must be backed up separately and securely
+
+### Committed Files (Templates)
+
+- `templates/**/*.tpl` - Template files with placeholder values
+- Safe to commit, contain no sensitive information
+
+### File Permissions
+
+```bash
+# Secure your configuration files
+chmod 600 providers/*.env
+chmod 600 environments/*.env
+```
+
+## 🛠️ Provider Implementation
+
+### Adding a New Provider Type
+
+1. **Create provider template**: `templates/providers/newprovider.env.tpl`
+2. **Create terraform provider**: `../terraform/providers/newprovider/`
+3. **Create provider context**: `providers/newprovider-context.env`
+4. **Test configuration**: Generate environment and test deployment
+
+### Provider Context vs Provider Type
+
+| Aspect         | Provider Type          | Provider Context             |
+| -------------- | ---------------------- | ---------------------------- |
+| **Purpose**    | Template/blueprint     | Actual implementation        |
+| **Location**   | `templates/providers/` | `providers/`                 |
+| **Content**    | Variable definitions   | Real values                  |
+| **Examples**   | `hetzner.env.tpl`      | `hetzner-staging.env`        |
+| **Git Status** | Committed              | Git-ignored                  |
+| **Security**   | Safe (no secrets)      | Sensitive (contains secrets) |
+
+## 🔄 Migration Guide
+
+### From Old Architecture
+
+If you have files using the old naming convention:
+
+```bash
+# Old naming (mixed concepts)
+environments/staging-hetzner-staging.env with PROVIDER=hetzner-staging
+
+# New naming (separated concepts)
+environments/staging-hetzner-staging.env with PROVIDER=hetzner + PROVIDER_CONTEXT=hetzner-staging
+```
+
+Update your environment files:
+
+```bash
+# Change from:
+PROVIDER=hetzner-staging
+
+# Change to:
+PROVIDER=hetzner
+PROVIDER_CONTEXT=hetzner-staging
+```
+
+## 🧪 Testing Configuration
+
+### Validate Configuration Structure
+
+```bash
+# Test that all required files exist
+make infra-validate-config ENVIRONMENT_TYPE=staging ENVIRONMENT_FILE=staging-hetzner-staging
+
+# Test infrastructure planning
+make infra-plan ENVIRONMENT_TYPE=staging ENVIRONMENT_FILE=staging-hetzner-staging
+```
+
+### Configuration Debugging
+
+```bash
+# Check what provider context will be loaded
+grep PROVIDER_CONTEXT environments/staging-hetzner-staging.env
+
+# Check what provider type will be used
+grep "PROVIDER=" environments/staging-hetzner-staging.env
+
+# Verify provider context file exists
+ls -la providers/hetzner-staging.env
+```
+
+## 📚 Related Documentation
+
+- **Templates**: See `templates/environments/README.md` for template usage
+- **Providers**: See `providers/README.md` for provider context management
+- **Environments**: See `environments/README.md` for environment file management
+- **Deployment**: See `../../docs/guides/deployment-guide.md` for complete deployment workflows
+
+## 🎯 Best Practices
+
+### Naming Conventions
+
+- **Provider Types**: Use company/service name (e.g., `hetzner`, `aws`, `digitalocean`)
+- **Provider Contexts**: Use `{type}-{context}` (e.g., `hetzner-staging`, `hetzner-production`)
+- **Environments**: Use `{environment}-{provider-context}` (e.g., `staging-hetzner-staging`)
+
+### Security Practices
+
+- Never commit provider contexts or environment files
+- Use strong, unique passwords for all secrets
+- Backup configuration files securely and regularly
+- Restrict file permissions on sensitive files
+- Rotate API tokens and passwords regularly
+
+### Operational Practices
+
+- Test configuration changes in staging before production
+- Document any custom modifications in environment files
+- Keep provider contexts and environments in sync
+- Use descriptive comments in configuration files
+- Validate configurations before deployment
+
+This architecture provides clean separation of concerns while maintaining flexibility
+for different deployment scenarios and provider combinations.