[CLAUDE] Rebrand: 3 domain huypham.vn → solutions.com.vn + migrate script

User request: anh trỏ 3 subdomain mới về VPS IP 103.124.94.38:
  - api.huypham.vn        → api.solutions.com.vn
  - admin.huypham.vn      → admin.solutions.com.vn
  - user.huypham.vn       → eoffice.solutions.com.vn

Verified DNS: cả 3 resolve 103.124.94.38 ✓

Update 17 file repo:
FE (4): fe-admin/.env.production + fe-user/.env.production
        (VITE_API_BASE_URL → https://api.solutions.com.vn)
        fe-admin/src/lib/{api,realtime}.ts + fe-user equivalents (comment)
BE (1): appsettings.Production.json.example — CORS AllowedOrigins
CI/CD (1): .gitea/workflows/deploy.yml — smoke test URL
Scripts (3): setup-iis-sites (DomainApi/Admin/User), setup-ssl (3 host),
             deploy-all (verify curls)
Docs (5): STATUS, HANDOFF, PROJECT-MAP, vps-setup, gotchas
Skill (1): iis-deploy-runbook — 3 site table + description
Email admin@huypham.vn giữ nguyên (Let's Encrypt contact — không phải
domain serve).

Thêm scripts/migrate-domains.ps1 — 1-shot VPS migration:
  1. Pre-flight: resolve DNS 3 domain → verify IP VPS khớp
  2. Add HTTP binding mới cho 3 IIS site (giữ binding cũ làm fallback)
  3. Run win-acme xin 3 cert Let's Encrypt qua HTTP-01 challenge
     (auto add HTTPS binding + http→https redirect)
  4. Verify /health/live + /health/ready + 2 FE endpoint
  5. (Optional -RemoveOld) xóa binding huypham.vn sau verify OK
Rollback: nếu fail, binding cũ vẫn active → site serve qua huypham.vn.

Anh chạy trên VPS:
  cd C:\solution-erp\scripts  ;  .\migrate-domains.ps1
  # Sau 1-2 ngày verify stable:
  .\migrate-domains.ps1 -RemoveOld -SkipCert

docs/HANDOFF.md

@@ -363,9 +363,9 @@ Demo users (User@123456):
 ⚠ Rotate ALL passwords trước UAT thật
 ```
 
-- API prod: https://api.huypham.vn — `/health/live`, `/health/ready`
-- Admin FE prod: https://admin.huypham.vn
-- User FE prod: https://user.huypham.vn
+- API prod: https://api.solutions.com.vn — `/health/live`, `/health/ready`
+- Admin FE prod: https://admin.solutions.com.vn
+- User FE prod: https://eoffice.solutions.com.vn
 - API dev: http://localhost:5443 — `/swagger` (Dev only)
 - Admin FE dev: http://localhost:8082
 - User FE dev: http://localhost:8080

docs/PROJECT-MAP.md

@@ -7,7 +7,7 @@
 ```
 ┌─────────────────────────────────────────────────────────────────┐
 │                      SOLUTION_ERP                                │
-│   🌐 Prod live: api/admin/user.huypham.vn (HTTPS Let's Encrypt)  │
+│   🌐 Prod live: api.solutions.com.vn / admin.solutions.com.vn / eoffice.solutions.com.vn (HTTPS Let's Encrypt)  │
 └─────────────────────────────────────────────────────────────────┘
 
  ╔════════════════╗   ╔════════════════╗   ╔════════════════╗

docs/STATUS.md

@@ -8,9 +8,9 @@
 
 ### 🌐 Production URLs
 
-- https://api.huypham.vn — API (Let's Encrypt, auto-renew via win-acme)
-- https://admin.huypham.vn — Admin FE (HTTP→HTTPS auto-redirect)
-- https://user.huypham.vn — User FE (HTTP→HTTPS auto-redirect)
+- https://api.solutions.com.vn — API (Let's Encrypt, auto-renew via win-acme)
+- https://admin.solutions.com.vn — Admin FE (HTTP→HTTPS auto-redirect)
+- https://eoffice.solutions.com.vn — User FE (HTTP→HTTPS auto-redirect)
 - https://git.baocaogiaoduc.vn/vietreport-admin/solution-erp — Gitea repo + Actions
 - Default admin: `admin@solutionerp.local` / `Admin@123456` ⚠️ **RE-ROTATE sau login đầu**
 
@@ -54,7 +54,7 @@
   Get-Service *gitea-runner* ; & "C:\nssm\nssm.exe" status gitea-runner
   # Nếu Stopped → Start-Service gitea-runner
   ```
-  Sau đó recheck `curl https://api.huypham.vn/api/purchase-evaluations` → 401 = deploy OK.
+  Sau đó recheck `curl https://api.solutions.com.vn/api/purchase-evaluations` → 401 = deploy OK.
 
 ## ✅ Recently Done (newest on top)
 
@@ -185,9 +185,9 @@ Session logs: [P0](changelog/sessions/2026-04-21-1045-phase0-scaffold.md) · [P1
 admin@solutionerp.local / Admin@123456
 ```
 
-- API prod: https://api.huypham.vn — Health `/health/live` + `/health/ready`
+- API prod: https://api.solutions.com.vn — Health `/health/live` + `/health/ready`
 - API dev: http://localhost:5443 — Swagger `/swagger`
-- Admin FE prod: https://admin.huypham.vn · dev `http://localhost:8082`
-- User FE prod: https://user.huypham.vn · dev `http://localhost:8080`
+- Admin FE prod: https://admin.solutions.com.vn · dev `http://localhost:8082`
+- User FE prod: https://eoffice.solutions.com.vn · dev `http://localhost:8080`
 - SQL prod: `.\SQLEXPRESS` / `SolutionErp` / `vrapp`
 - SQL dev: `(localdb)\MSSQLLocalDB` / `SolutionErp_Dev`

docs/gotchas.md

@@ -328,7 +328,7 @@ subdomain có ARR proxy về `:3000`.
 
 **SOLUTION_ERP relevance:**
 - API host trong IIS app pool out-of-process (ANCM tự quản lý port Kestrel ephemeral) → risk THẤP
-- FE gọi trực tiếp `https://api.huypham.vn` (không ARR proxy) → risk THẤP
+- FE gọi trực tiếp `https://api.solutions.com.vn` (không ARR proxy) → risk THẤP
 - **NHƯNG** nếu tương lai thêm ARR reverse proxy (fe-admin/user `/api` proxy) hoặc
   deploy Kestrel standalone qua NSSM → PHẢI apply 3 rules trên
 - Scripts + skill doc đã update `localhost` → `127.0.0.1` để đồng bộ

docs/guides/vps-setup.md

@@ -7,7 +7,7 @@
 
 - **VPS OS:** Windows Server (có IIS + SQL Server)
 - **Shared với:** VIETREPORT project — naming isolation bắt buộc
-- **DNS đã trỏ:** `api.huypham.vn`, `admin.huypham.vn`, `user.huypham.vn`, `git.baocaogiaoduc.vn` → `103.124.94.38`
+- **DNS đã trỏ:** `api.solutions.com.vn`, `admin.solutions.com.vn`, `eoffice.solutions.com.vn`, `git.baocaogiaoduc.vn` → `103.124.94.38`
 - **Prefix resources:** `SolutionErp-*` (app pool, site), `SolutionErp` (DB), `C:\inetpub\solution-erp\` (path)
 
 ## 1. Prerequisites trên VPS (đã có sẵn với VIETREPORT)
@@ -92,21 +92,21 @@ dotnet user-secrets set "ConnectionStrings:Default" "Server=localhost;Database=S
 
 ```bash
 # Health check
-curl https://api.huypham.vn/health/live     # → Healthy
-curl https://api.huypham.vn/health/ready    # → Healthy (DB probe)
+curl https://api.solutions.com.vn/health/live     # → Healthy
+curl https://api.solutions.com.vn/health/ready    # → Healthy (DB probe)
 
 # Login
-curl -X POST https://api.huypham.vn/api/auth/login \
+curl -X POST https://api.solutions.com.vn/api/auth/login \
   -H "Content-Type: application/json" \
   -d '{"email":"admin@solutionerp.local","password":"Admin@123456"}'
 # → accessToken JWT
 
 # FE
-open https://admin.huypham.vn    # fe-admin login page
-open https://user.huypham.vn     # fe-user login page
+open https://admin.solutions.com.vn    # fe-admin login page
+open https://eoffice.solutions.com.vn     # fe-user login page
 
 # SSL grade
-# https://www.ssllabs.com/ssltest/analyze.html?d=api.huypham.vn
+# https://www.ssllabs.com/ssltest/analyze.html?d=api.solutions.com.vn
 ```
 
 ## 7. Sau go-live (bắt buộc)
@@ -114,7 +114,7 @@ open https://user.huypham.vn     # fe-user login page
 - [ ] **Đổi password admin** từ `Admin@123456` → mạnh. Warning log xuất hiện khi còn dùng default.
 - [ ] **Rotate secrets** đã post trong chat (SA, vrapp, Gitea token, JWT) — tất cả đã vượt khỏi VPS, cần đổi mới
 - [ ] **Backup SQL** daily schedule: `schtasks /Create /TN 'SolutionErp SQL Backup' /TR 'powershell -File C:\solution-erp\scripts\backup-sql.ps1 -SaPassword <pw>' /SC DAILY /ST 02:00 /RU SYSTEM`
-- [ ] **Disable Swagger prod**: Program.cs đã có `if (IsDevelopment())` — verify URL `https://api.huypham.vn/swagger` → 404
+- [ ] **Disable Swagger prod**: Program.cs đã có `if (IsDevelopment())` — verify URL `https://api.solutions.com.vn/swagger` → 404
 - [ ] **Monitor**: kiểm `C:\inetpub\solution-erp\logs\` ngày đầu, watch for ERR
 
 ## 8. Co-existence với VIETREPORT — checklist