docs: add production install guide from git source

INSTALL-UBUNTU-APP-ZAPPCARE-FROM-GIT.md

@@ -0,0 +1,281 @@
+# Deploy WhatsApp Inbox dari Gitea (Ubuntu)
+
+Dokumen ini untuk deploy `whatsapp-inbox-platform` ke Ubuntu production dengan asumsi:
+
+- PostgreSQL sudah terinstall
+- Nginx sudah terinstall
+- Gitea berjalan di port `3001`
+- App domain: `app.zappcare.id`
+- Port `3000` tidak dipakai (dalam panduan ini dipakai `3002`)
+
+Source code proyek sudah ada di Git:
+
+- `https://git.iptek.co/wirabasalamah/whatsapp-inbox-platform.git`
+
+## 0) Persiapan dasar
+
+Login sebagai user sudo di server:
+
+```bash
+ssh user@YOUR_SERVER_IP
+```
+
+Update sistem & install dependency dasar:
+
+```bash
+sudo apt update && sudo apt upgrade -y
+sudo apt install -y curl ca-certificates git nginx postgresql postgresql-contrib
+curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
+sudo apt install -y nodejs
+node -v
+npm -v
+```
+
+## 1) Buat user & direktori aplikasi
+
+```bash
+sudo useradd --system --home /var/www/whatsapp-inbox --shell /usr/sbin/nologin whatsapp-inbox || true
+sudo mkdir -p /var/www/whatsapp-inbox
+sudo chown -R whatsapp-inbox:whatsapp-inbox /var/www/whatsapp-inbox
+```
+
+## 2) Buat DB PostgreSQL
+
+```bash
+sudo -u postgres psql
+```
+
+```sql
+CREATE USER whatsapp_inbox WITH PASSWORD 'YOUR_DB_PASSWORD';
+CREATE DATABASE whatsapp_inbox OWNER whatsapp_inbox;
+\q
+```
+
+## 3) Clone source dari Gitea
+
+```bash
+sudo -u whatsapp-inbox git clone https://git.iptek.co/wirabasalamah/whatsapp-inbox-platform.git /var/www/whatsapp-inbox
+cd /var/www/whatsapp-inbox
+git checkout main
+git remote -v
+```
+
+Catatan:
+- jika prompt autentikasi muncul, gunakan token/credential Gitea Anda (username: `wira` atau email, token lebih aman daripada password).
+- jangan simpan password Git di file lain di repo.
+
+## 4) Install dependency
+
+```bash
+cd /var/www/whatsapp-inbox
+sudo -u whatsapp-inbox npm ci
+```
+
+## 5) Setup environment `.env`
+
+```bash
+sudo -u whatsapp-inbox cp .env.example .env
+sudo -u whatsapp-inbox nano .env
+```
+
+Minimal konfigurasi:
+
+```env
+NODE_ENV=production
+HOST=127.0.0.1
+PORT=3002
+
+DATABASE_URL="postgresql://whatsapp_inbox:YOUR_DB_PASSWORD@127.0.0.1:5432/whatsapp_inbox?schema=public"
+AUTH_SECRET="ganti_secret_acak_minimal_32_karakter"
+
+APP_URL="https://app.zappcare.id"
+NEXT_PUBLIC_APP_URL="https://app.zappcare.id"
+OPS_BASE_URL="https://app.zappcare.id"
+
+WHATSAPP_WEBHOOK_VERIFY_TOKEN="ganti_verify_token"
+WHATSAPP_WEBHOOK_SECRET="ganti_webhook_secret"
+WHATSAPP_API_TOKEN="ganti_meta_token"
+WHATSAPP_API_VERSION="v22.0"
+WHATSAPP_ALLOW_SIMULATED_SEND="false"
+```
+
+Tambahkan variabel lain sesuai kebutuhan operasi/retry dari `.env.example`.
+
+## 6) Migrasi & seed
+
+```bash
+cd /var/www/whatsapp-inbox
+sudo -u whatsapp-inbox npm run db:deploy
+sudo -u whatsapp-inbox npm run db:seed
+```
+
+## 7) Uji jalur aplikasi (manual)
+
+```bash
+cd /var/www/whatsapp-inbox
+sudo -u whatsapp-inbox npm run start -- --hostname 127.0.0.1 --port 3002
+```
+
+Di terminal lain:
+
+```bash
+curl -I http://127.0.0.1:3002
+curl -s http://127.0.0.1:3002/api/health | cat
+```
+
+Tekan `Ctrl+C` setelah semua sehat lalu lanjut ke service/systemd.
+
+## 8) Buat service systemd untuk app
+
+Buat `/etc/systemd/system/whatsapp-inbox.service`:
+
+```ini
+[Unit]
+Description=WhatsApp Inbox (Next.js)
+After=network.target postgresql.service
+
+[Service]
+Type=simple
+User=whatsapp-inbox
+Group=whatsapp-inbox
+WorkingDirectory=/var/www/whatsapp-inbox
+EnvironmentFile=/var/www/whatsapp-inbox/.env
+ExecStart=/usr/bin/npm run start -- --hostname 127.0.0.1 --port 3002
+Restart=always
+RestartSec=5
+LimitNOFILE=65535
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Enable:
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl enable --now whatsapp-inbox
+sudo systemctl status whatsapp-inbox
+```
+
+## 9) Buat service retry worker
+
+Buat `/etc/systemd/system/whatsapp-inbox-retry.service`:
+
+```ini
+[Unit]
+Description=WhatsApp Inbox Campaign Retry Daemon
+After=network.target whatsapp-inbox.service
+
+[Service]
+Type=simple
+User=whatsapp-inbox
+Group=whatsapp-inbox
+WorkingDirectory=/var/www/whatsapp-inbox
+EnvironmentFile=/var/www/whatsapp-inbox/.env
+ExecStart=/usr/bin/npm run job:campaign-retry:daemon
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Enable:
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl enable --now whatsapp-inbox-retry
+sudo systemctl status whatsapp-inbox-retry
+```
+
+## 10) Konfigurasi Nginx + HTTPS ke app.zappcare.id
+
+Buat `/etc/nginx/sites-available/app.zappcare.id`:
+
+```nginx
+server {
+    listen 80;
+    server_name app.zappcare.id;
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name app.zappcare.id;
+    client_max_body_size 20m;
+    proxy_buffering off;
+
+    ssl_certificate     /etc/letsencrypt/live/app.zappcare.id/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/app.zappcare.id/privkey.pem;
+
+    location / {
+        proxy_pass http://127.0.0.1:3002;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 120s;
+    }
+}
+```
+
+Aktifkan dan reload:
+
+```bash
+sudo ln -s /etc/nginx/sites-available/app.zappcare.id /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
+Install certbot dan issue SSL:
+
+```bash
+sudo apt install -y certbot python3-certbot-nginx
+sudo certbot --nginx -d app.zappcare.id
+```
+
+## 11) Validasi akhir
+
+```bash
+curl -I https://app.zappcare.id
+curl -s https://app.zappcare.id/api/health | cat
+APP_URL=https://app.zappcare.id NEXT_PUBLIC_APP_URL=https://app.zappcare.id OPS_BASE_URL=https://app.zappcare.id npm run ops:readiness
+APP_URL=https://app.zappcare.id NEXT_PUBLIC_APP_URL=https://app.zappcare.id OPS_BASE_URL=https://app.zappcare.id npm run ops:smoke
+```
+
+## 12) Update dan rollback ringan
+
+Update:
+
+```bash
+cd /var/www/whatsapp-inbox
+git pull origin main
+sudo -u whatsapp-inbox npm ci
+sudo -u whatsapp-inbox npm run db:deploy
+sudo -u whatsapp-inbox npm run ci:verify
+sudo systemctl restart whatsapp-inbox
+sudo systemctl restart whatsapp-inbox-retry
+```
+
+Rollback cepat (jika perlu):
+
+```bash
+cd /var/www/whatsapp-inbox
+git log --oneline -n 5
+git checkout <commit-id-sebelumnya>
+sudo systemctl restart whatsapp-inbox
+```
+
+## 13) Catatan produksi
+
+- App service berjalan di `127.0.0.1:3002` (internal), Nginx mengekspose ke `https://app.zappcare.id`.
+- Tidak menyimpan secrets di git.
+- Gunakan `npm run ops:readiness` secara berkala setelah deploy/reboot.