# Deployment Guide - TagneticAI Email Client\n\nThis guide covers deploying the TagneticAI Email Client to production using Docker.\n\n## Prerequisites\n\n- Docker Engine 20.10+\n- Docker Compose 2.0+\n- A mail server with IMAP (port 993) and SMTP (port 465 or 587)\n- Email account credentials\n- Optional: A reverse proxy (Nginx, Apache, Caddy)\n\n## Local Docker Deployment\n\n### Step 1: Prepare Environment\n\n```bash\n# Navigate to project directory\ncd TagneticAI-Email Client\n\n# Create .env from template\ncp .env.example .env\n```\n\n### Step 2: Configure Email Settings\n\nEdit `.env` with your mail server details:\n\n```env\nEMAIL_HOST=mail.yourdomain.com\nEMAIL_IMAP_PORT=993\nEMAIL_SMTP_PORT=465\nEMAIL_USER=your-email@yourdomain.com\nEMAIL_PASSWORD=your-password\nEMAIL_FROM_NAME=TagneticAI\nNEXT_PUBLIC_API_URL=http://localhost:3000\n```\n\n### Step 3: Build and Start\n\n```bash\n# Build Docker image\ndocker-compose build\n\n# Start container\ndocker-compose up -d\n\n# Check status\ndocker-compose ps\n\n# View logs\ndocker-compose logs -f\n```\n\n### Step 4: Verify\n\n```bash\n# Test health endpoint\ncurl http://localhost:3000\n\n# Test API\ncurl http://localhost:3000/api/emails\n```\n\n## Cloud Deployment\n\n### DigitalOcean App Platform\n\n1. **Create App Platform App**\n   - Connect GitHub repository\n   - Select Node.js builder\n   - Set environment variables from `.env`\n\n2. **Configure in `app.yaml`**\n\n```yaml\nservices:\n- name: tagneticai-email\n  github:\n    repo: your-repo/tagneticai-email-client\n    branch: main\n  build_command: npm ci && npm run build\n  run_command: npm start\n  http_port: 3000\n  envs:\n  - key: EMAIL_HOST\n    value: ${EMAIL_HOST}\n  - key: EMAIL_USER\n    value: ${EMAIL_USER}\n  - key: EMAIL_PASSWORD\n    value: ${EMAIL_PASSWORD}\n```\n\n3. **Deploy** - Platform automatically builds and deploys on push to `main`\n\n### AWS EC2\n\n1. **Launch EC2 Instance**\n   ```bash\n   # Connect via SSH\n   ssh -i key.pem ubuntu@your-instance-ip\n   \n   # Install Docker\n   curl -fsSL https://get.docker.com -o get-docker.sh\n   sudo sh get-docker.sh\n   \n   # Install Docker Compose\n   sudo curl -L \"https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose\n   sudo chmod +x /usr/local/bin/docker-compose\n   ```\n\n2. **Deploy Application**\n   ```bash\n   git clone <repo> tagneticai-email\n   cd tagneticai-email\n   cp .env.example .env\n   # Edit .env with credentials\n   sudo docker-compose up -d\n   ```\n\n3. **Configure Security Group**\n   - Allow SSH (22)\n   - Allow HTTP (80)\n   - Allow HTTPS (443)\n\n### Heroku\n\n```bash\n# Login\nheroku login\n\n# Create app\nheroku create tagneticai-email\n\n# Set environment variables\nheroku config:set EMAIL_HOST=mail.yourdomain.com\nheroku config:set EMAIL_USER=email@yourdomain.com\nheroku config:set EMAIL_PASSWORD=password\nheroku config:set EMAIL_SMTP_PORT=465\nheroku config:set NEXT_PUBLIC_API_URL=https://tagneticai-email.herokuapp.com\n\n# Deploy\ngit push heroku main\n```\n\n### Railway.app\n\n1. Connect GitHub repository to Railway\n2. Add environment variables in Railway dashboard\n3. Platform automatically detects Next.js and deploys\n\n## Production Best Practices\n\n### 1. Reverse Proxy (Nginx)\n\nCreate `/etc/nginx/sites-available/tagneticai-email`:\n\n```nginx\nupstream nextjs {\n    server localhost:3000;\n}\n\nserver {\n    listen 80;\n    server_name mail.yourdomain.com;\n    return 301 https://$server_name$request_uri;\n}\n\nserver {\n    listen 443 ssl http2;\n    server_name mail.yourdomain.com;\n\n    ssl_certificate /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem;\n    ssl_certificate_key /etc/letsencrypt/live/mail.yourdomain.com/privkey.pem;\n    ssl_protocols TLSv1.2 TLSv1.3;\n    ssl_ciphers HIGH:!aNULL:!MD5;\n    ssl_prefer_server_ciphers on;\n\n    # Security headers\n    add_header Strict-Transport-Security \"max-age=31536000\" always;\n    add_header X-Frame-Options \"SAMEORIGIN\" always;\n    add_header X-Content-Type-Options \"nosniff\" always;\n    add_header X-XSS-Protection \"1; mode=block\" always;\n\n    location / {\n        proxy_pass http://nextjs;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection 'upgrade';\n        proxy_set_header Host $host;\n        proxy_cache_bypass $http_upgrade;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n    }\n}\n```\n\nEnable site:\n```bash\nsudo ln -s /etc/nginx/sites-available/tagneticai-email /etc/nginx/sites-enabled/\nsudo systemctl restart nginx\n```\n\n### 2. SSL Certificate (Let's Encrypt)\n\n```bash\nsudo apt install certbot python3-certbot-nginx\nsudo certbot certonly --nginx -d mail.yourdomain.com\nsudo certbot renew --dry-run\n```\n\n### 3. Docker Compose for Production\n\nCreate `docker-compose.prod.yml`:\n\n```yaml\nversion: '3.8'\nservices:\n  tagneticai-email:\n    build:\n      context: .\n      dockerfile: Dockerfile\n    restart: always\n    environment:\n      NODE_ENV: production\n      EMAIL_HOST: ${EMAIL_HOST}\n      EMAIL_IMAP_PORT: ${EMAIL_IMAP_PORT}\n      EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT}\n      EMAIL_USER: ${EMAIL_USER}\n      EMAIL_PASSWORD: ${EMAIL_PASSWORD}\n      EMAIL_FROM_NAME: ${EMAIL_FROM_NAME}\n      NEXT_PUBLIC_API_URL: https://mail.yourdomain.com\n    ports:\n      - \"3000:3000\"\n    healthcheck:\n      test: [\"CMD\", \"wget\", \"--quiet\", \"--tries=1\", \"--spider\", \"http://localhost:3000\"]\n      interval: 30s\n      timeout: 10s\n      retries: 3\n      start_period: 10s\n    logging:\n      driver: \"json-file\"\n      options:\n        max-size: \"10m\"\n        max-file: \"5\"\n```\n\nDeploy:\n```bash\ndocker-compose -f docker-compose.prod.yml up -d\n```\n\n### 4. Monitoring\n\n#### Docker Stats\n```bash\ndocker stats tagneticai-email-client\n```\n\n#### Log Monitoring\n```bash\ndocker-compose logs -f --tail 100\n```\n\n#### Health Check\n```bash\ncurl -v http://localhost:3000/api/emails\n```\n\n### 5. Backup Strategy\n\n#### Environment Variables\n```bash\n# Securely backup .env\ntar czf backup-env-$(date +%Y%m%d).tar.gz .env\n```\n\n#### Database/Mail Server\nBackup your mail server separately (this app is stateless).\n\n### 6. Performance Tuning\n\n#### Docker Resource Limits\n```yaml\nservices:\n  tagneticai-email:\n    mem_limit: 512m\n    cpus: '1.0'\n```\n\n#### Nginx Caching\n```nginx\nproxy_cache_path /var/cache/nginx levels=1:2 keys_zone=next_cache:10m;\n\nlocation / {\n    proxy_cache next_cache;\n    proxy_cache_valid 200 10m;\n}\n```\n\n## Troubleshooting\n\n### Container Won't Start\n\n```bash\n# Check logs\ndocker-compose logs tagneticai-email\n\n# Verify env vars\ndocker-compose config | grep EMAIL\n\n# Rebuild\ndocker-compose down\ndocker-compose build --no-cache\ndocker-compose up -d\n```\n\n### Port Already in Use\n\n```bash\n# Find process using port 3000\nsudo lsof -i :3000\n\n# Kill process\nsudo kill -9 <PID>\n\n# Or change port in docker-compose.yml: \"8000:3000\"\n```\n\n### Can't Connect to Mail Server\n\n```bash\n# Test connectivity\ntelnet mail.yourdomain.com 993\ntelnet mail.yourdomain.com 465\n\n# Check firewall\nsudo ufw status\nsudo ufw allow 993\nsudo ufw allow 465\n```\n\n## Scaling\n\n### Multiple Instances (Load Balanced)\n\nUse Nginx upstream with multiple containers:\n\n```bash\n# Start multiple containers\ndocker-compose up -d --scale tagneticai-email=3\n```\n\nConfigure Nginx to round-robin:\n```nginx\nupstream nextjs {\n    server localhost:3001;\n    server localhost:3002;\n    server localhost:3003;\n}\n```\n\n## Security Checklist\n\n- [ ] Use HTTPS with valid SSL certificate\n- [ ] Configure firewall to restrict SSH access\n- [ ] Use strong, unique passwords\n- [ ] Enable Docker security scanning: `docker scan tagneticai-email:latest`\n- [ ] Keep Docker and dependencies updated\n- [ ] Monitor logs for suspicious activity\n- [ ] Implement rate limiting on API endpoints\n- [ ] Use environment variables for all secrets\n- [ ] Regular security audits\n- [ ] Implement backup and disaster recovery plan\n\n## Maintenance\n\n### Updates\n\n```bash\n# Pull latest code\ngit pull origin main\n\n# Rebuild and restart\ndocker-compose build\ndocker-compose up -d\n```\n\n### Cleanup\n\n```bash\n# Remove stopped containers\ndocker-compose rm -f\n\n# Remove unused images\ndocker image prune -a\n\n# Remove unused volumes\ndocker volume prune\n```\n"