[CLAUDE] Rebrand: 3 domain huypham.vn → solutions.com.vn + migrate script

User request: anh trỏ 3 subdomain mới về VPS IP 103.124.94.38: - api.huypham.vn → api.solutions.com.vn - admin.huypham.vn → admin.solutions.com.vn - user.huypham.vn → eoffice.solutions.com.vn Verified DNS: cả 3 resolve 103.124.94.38 ✓ Update 17 file repo: FE (4): fe-admin/.env.production + fe-user/.env.production (VITE_API_BASE_URL → https://api.solutions.com.vn) fe-admin/src/lib/{api,realtime}.ts + fe-user equivalents (comment) BE (1): appsettings.Production.json.example — CORS AllowedOrigins CI/CD (1): .gitea/workflows/deploy.yml — smoke test URL Scripts (3): setup-iis-sites (DomainApi/Admin/User), setup-ssl (3 host), deploy-all (verify curls) Docs (5): STATUS, HANDOFF, PROJECT-MAP, vps-setup, gotchas Skill (1): iis-deploy-runbook — 3 site table + description Email admin@huypham.vn giữ nguyên (Let's Encrypt contact — không phải domain serve). Thêm scripts/migrate-domains.ps1 — 1-shot VPS migration: 1. Pre-flight: resolve DNS 3 domain → verify IP VPS khớp 2. Add HTTP binding mới cho 3 IIS site (giữ binding cũ làm fallback) 3. Run win-acme xin 3 cert Let's Encrypt qua HTTP-01 challenge (auto add HTTPS binding + http→https redirect) 4. Verify /health/live + /health/ready + 2 FE endpoint 5. (Optional -RemoveOld) xóa binding huypham.vn sau verify OK Rollback: nếu fail, binding cũ vẫn active → site serve qua huypham.vn. Anh chạy trên VPS: cd C:\solution-erp\scripts ; .\migrate-domains.ps1 # Sau 1-2 ngày verify stable: .\migrate-domains.ps1 -RemoveOld -SkipCert
2026-04-24 09:43:05 +07:00
parent 7ca6c914fa
commit 66c1a5c170
18 changed files with 263 additions and 53 deletions
--- a/.claude/skills/iis-deploy-runbook/SKILL.md
+++ b/.claude/skills/iis-deploy-runbook/SKILL.md
@ -1,6 +1,6 @@
 ---
 name: iis-deploy-runbook
-description: Ops runbook cho SOLUTION_ERP deploy trên Windows Server IIS — 3 site (api/admin/user.huypham.vn), win-acme Let's Encrypt, NSSM gitea-runner shared với VIETREPORT, LibreOffice soffice headless. Dùng khi debug 500/502 prod, restart site, rotate cert, fix CI/CD runner, troubleshoot WebSocket, thêm site mới.
+description: Ops runbook cho SOLUTION_ERP deploy trên Windows Server IIS — 3 site (api/admin/eoffice.solutions.com.vn), win-acme Let's Encrypt, NSSM gitea-runner shared với VIETREPORT, LibreOffice soffice headless. Dùng khi debug 500/502 prod, restart site, rotate cert, fix CI/CD runner, troubleshoot WebSocket, thêm site mới.
 when-to-use:
  - "prod 500 error"
  - "IIS site fail"
@ -27,7 +27,7 @@ Internet
 ┌─────────────────────────────────────────────────────┐
 │ IIS (Windows Server VPS)                            │
 │                                                      │
-│ ┌─ api.huypham.vn  ─┐  ┌─ admin.huypham.vn ─┐  ┌─ user.huypham.vn ─┐
+│ ┌─ api.solutions.com.vn  ─┐  ┌─ admin.solutions.com.vn ─┐  ┌─ eoffice.solutions.com.vn ─┐
 │ │ SolutionErp-Api    │  │ SolutionErp-Admin  │  │ SolutionErp-User  │
 │ │ → out-of-process   │  │ (static SPA, URL   │  │ (static SPA, URL  │
 │ │   Kestrel :5443    │  │  Rewrite /api → 5443)│ │  Rewrite...)      │
@ -46,9 +46,9 @@ Internet

 | Site | Binding | Physical path | Apool | Purpose |
 |---|---|---|---|---|
-| `SolutionErp-Api` | `*:443:api.huypham.vn` HTTPS | `C:\inetpub\apps\SolutionErp\Api\` | out-of-process Kestrel | ASP.NET Core 10 API (port 5443 internal) |
-| `SolutionErp-Admin` | `*:443:admin.huypham.vn` HTTPS + `*:80` redirect | `C:\inetpub\apps\SolutionErp\Admin\` | static (no app pool .NET) | React build fe-admin |
-| `SolutionErp-User` | `*:443:user.huypham.vn` HTTPS + `*:80` redirect | `C:\inetpub\apps\SolutionErp\User\` | static | React build fe-user |
+| `SolutionErp-Api` | `*:443:api.solutions.com.vn` HTTPS | `C:\inetpub\apps\SolutionErp\Api\` | out-of-process Kestrel | ASP.NET Core 10 API (port 5443 internal) |
+| `SolutionErp-Admin` | `*:443:admin.solutions.com.vn` HTTPS + `*:80` redirect | `C:\inetpub\apps\SolutionErp\Admin\` | static (no app pool .NET) | React build fe-admin |
+| `SolutionErp-User` | `*:443:eoffice.solutions.com.vn` HTTPS + `*:80` redirect | `C:\inetpub\apps\SolutionErp\User\` | static | React build fe-user |

 **SPA web.config:** 2 FE có `URL Rewrite` rule:
 1. HTTP → HTTPS redirect (bắt buộc, CORS whitelist chỉ https)
@ -94,7 +94,7 @@ curl http://127.0.0.1:5443/health/live
 curl http://127.0.0.1:5443/health/ready

 # Từ ngoài
-curl https://api.huypham.vn/health/ready
+curl https://api.solutions.com.vn/health/ready
 ```

 ## Let's Encrypt cert — win-acme
@ -237,9 +237,9 @@ Xem gotcha #26:

 Xem `docs/gotchas.md` CORS + HTTPS redirect:
 ```
-1. User gõ http://admin.huypham.vn → không redirect → CORS block
+1. User gõ http://admin.solutions.com.vn → không redirect → CORS block
 2. Fix: SPA web.config PHẢI có HTTP→HTTPS rule (đã có)
-3. Test: curl -I http://admin.huypham.vn → expect 301 Location: https://...
+3. Test: curl -I http://admin.solutions.com.vn → expect 301 Location: https://...
 ```

 ### DB connection fail
@ -349,9 +349,9 @@ VietReport.
 **Hiện trạng SOLUTION_ERP — risk THẤP:**

 - API host trong IIS app pool out-of-process → ANCM quản lý port Kestrel ephemeral
- FE gọi trực tiếp `https://api.huypham.vn` qua CORS (không ARR proxy)
+- FE gọi trực tiếp `https://api.solutions.com.vn` qua CORS (không ARR proxy)
 - Không có standalone Kestrel service trên port cố định
- **Nhưng** tương lai nếu thêm reverse proxy (fe-admin/user → `/api` → api.huypham.vn, hoặc /hubs for SignalR) → PHẢI dùng 127.0.0.1 không localhost
+- **Nhưng** tương lai nếu thêm reverse proxy (fe-admin/user → `/api` → api.solutions.com.vn, hoặc /hubs for SignalR) → PHẢI dùng 127.0.0.1 không localhost

 ## Related