vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[CLAUDE] VPS setup scripts + SSL + runner + FE prod config + master runbook
Some checks failed
Deploy SOLUTION_ERP / build-backend (push) Failing after 9s
Details
Deploy SOLUTION_ERP / build-fe-admin (push) Has been cancelled
Details
Deploy SOLUTION_ERP / build-fe-user (push) Has been cancelled
Details
Deploy SOLUTION_ERP / deploy-iis (push) Has been cancelled
Details

Browse Source 
Scripts moi (PowerShell admin trên VPS Windows Server):
- setup-sql-db.ps1: tao DB SolutionErp + grant db_owner cho vrapp (user shared voi VIETREPORT). Idempotent.
- setup-iis-sites.ps1: app pool SolutionErp-Api (NoManagedCode + AlwaysRunning + no idle) + 3 site (SolutionErp-Api/Admin/User) voi host header, C:\inetpub\solution-erp\{api,fe-admin,fe-user,logs,uploads}. Placeholder index.html + SPA web.config voi URL rewrite fallback + security headers. Firewall rule. ACL grant AppPool identity Modify. Naming prefix SolutionErp-* tranh conflict VIETREPORT.
- setup-ssl.ps1: download win-acme v2.2.9 → issue cert Let's Encrypt 3 domain (api/admin/user.huypham.vn) qua HTTP-01 challenge + auto install IIS binding + HTTP→HTTPS redirect + scheduled task 90d renew.
- setup-gitea-runner.ps1: download act_runner.exe → register voi Gitea git.baocaogiaoduc.vn, install Windows service, labels windows-latest,self-hosted,windows,x64 (cho phep share voi VIETREPORT).

FE production config:
- fe-admin/.env.production + fe-user/.env.production: VITE_API_BASE_URL=https://api.huypham.vn
- fe-admin/src/lib/api.ts + fe-user/src/lib/api.ts: BASE_URL = (import.meta.env.VITE_API_BASE_URL ?? '') + '/api'
  - Dev: empty prefix → /api qua Vite proxy :5443
  - Prod: https://api.huypham.vn/api (cross-origin CORS da config AllowedOrigins)

Docs:
- docs/guides/vps-setup.md MOI (master runbook): prereq, 4 script chay theo thu tu, set 5 Gitea secrets, first deploy, appsettings.Production.json pattern (file hoac user-secrets), smoke test 3 curl, post go-live checklist (doi admin password, rotate secrets chat-exposed, backup schedule, disable Swagger prod, monitor logs), table co-existence VIETREPORT
- CLAUDE.md root: add vps-setup.md reference

Gitea repo da setup (extern):
- https://git.baocaogiaoduc.vn/vietreport-admin/solution-erp (private)
- Secrets set via API: IIS_HOST=103.124.94.38, IIS_USER=Administrator, DB_CONNECTION (voi vrapp password), JWT_SECRET placeholder
- CON THIEU: IIS_PASSWORD (Windows admin — user cung cap), JWT_SECRET real value (64-char tu vps-jwt-key.txt — user update qua Gitea UI)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
pqhuy1987
2026-04-21 13:34:26 +07:00
parent fba0754110
commit b1a4571c86
10 changed files with 612 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
scripts/setup-gitea-runner.ps1 Normal file
View File

@ -0,0 +1,77 @@
# Register Gitea Actions runner trên VPS Windows Server.
# Có thể dùng chung với VIETREPORT (runner có thể serve nhiều repo qua labels).
#
# Usage (admin PowerShell):
# .\setup-gitea-runner.ps1 -RegistrationToken 'xxxx' -RunnerName 'vps-win-01'
#
# Lấy RegistrationToken từ:
# https://git.baocaogiaoduc.vn/-/admin/actions/runners (admin only)
# hoặc per-repo: https://git.baocaogiaoduc.vn/vietreport-admin/solution-erp/settings/actions/runners
param(
[Parameter(Mandatory=$true)] [string]$RegistrationToken,
[string]$RunnerName = "vps-win-$(Get-Date -Format 'yyyyMMdd')",
[string]$InstallDir = "C:\gitea-runner",
[string]$GiteaUrl = "https://git.baocaogiaoduc.vn",
[string]$Labels = "windows-latest,self-hosted,windows,x64"
)
$ErrorActionPreference = 'Stop'
# ===================== 1. Download runner =====================
$RunnerExe = Join-Path $InstallDir "act_runner.exe"
if (-not (Test-Path $RunnerExe)) {
Write-Host "==> Download Gitea act_runner" -ForegroundColor Cyan
if (-not (Test-Path $InstallDir)) { New-Item -ItemType Directory -Force -Path $InstallDir | Out-Null }
# Latest release từ Gitea
$url = "https://dl.gitea.com/act_runner/act_runner-windows-amd64.exe"
Invoke-WebRequest -Uri $url -OutFile $RunnerExe -UseBasicParsing
Write-Host " Downloaded $RunnerExe"
}
# ===================== 2. Register =====================
Set-Location $InstallDir
if (-not (Test-Path (Join-Path $InstallDir ".runner"))) {
Write-Host "`n==> Register với Gitea $GiteaUrl" -ForegroundColor Cyan
& $RunnerExe register `
--no-interactive `
--instance $GiteaUrl `
--token $RegistrationToken `
--name $RunnerName `
--labels $Labels
if ($LASTEXITCODE -ne 0) {
Write-Error "Register fail. Check:`n- Token đúng?`n- GiteaUrl reachable?`n- Runner name '$RunnerName' đã dùng?"
exit 1
}
Write-Host " Registered as '$RunnerName'"
} else {
Write-Host " Runner đã register (.runner file exists)"
}
# ===================== 3. Install as Windows service =====================
$ServiceName = "gitea-runner"
$svc = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue
if (-not $svc) {
Write-Host "`n==> Install Windows service" -ForegroundColor Cyan
# act_runner không có built-in service install — dùng nssm hoặc sc.exe
# Dùng sc.exe đơn giản:
$escapedPath = $RunnerExe -replace '\\', '\\'
sc.exe create $ServiceName binPath= "`"$escapedPath`" daemon --config `"$InstallDir\config.yml`"" start= auto DisplayName= "Gitea Actions Runner"
Start-Service $ServiceName
Write-Host " Service '$ServiceName' installed + started"
} else {
if ($svc.Status -ne 'Running') {
Start-Service $ServiceName
Write-Host " Service started"
} else {
Write-Host " Service already running"
}
}
Write-Host "`n✅ Runner setup DONE" -ForegroundColor Green
Write-Host " Check trên Gitea: $GiteaUrl/-/admin/actions/runners (admin) hoặc repo settings > Actions > Runners"
Write-Host " Labels: $Labels"
Write-Host " Log: Get-Content '$InstallDir\log.txt' -Tail 50 -Wait"