solution-erp

vietreport-admin/solution-erp

Fork 0

Commit Graph

Author	SHA1	Message	Date
pqhuy1987	3990066b04	[CLAUDE] Scripts+Skill+Docs: hardening G-084 IPv4/IPv6 port hijack All checks were successful Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m53s Details Bài học từ VietReport VPS shared (2026-04-23): Next.js app hijack port 3000 IPv4 → Gitea bị đẩy IPv6-only → IIS ARR localhost:3000 resolve IPv4 first → git.baocaogiaoduc.vn trả homepage VietReport. Apply 3 rules G-084 preemptively cho SOLUTION_ERP (risk thấp vì API in-process IIS, nhưng vẫn chuẩn hóa): 1. `scripts/deploy-iis.ps1` — HealthUrl `localhost` → `127.0.0.1` 2. `.claude/skills/iis-deploy-runbook/SKILL.md` — 7 ref localhost → 127.0.0.1 + section Hardening mới giải thích G-084 + 3 rules + note SOLUTION_ERP relevance (risk thấp vì no standalone Kestrel/no ARR proxy hiện tại, nhưng tương lai thêm phải tuân) 3. `docs/gotchas.md` — thêm entry #33 G-084 full writeup (triệu chứng, root cause, 3 rules, SOLUTION_ERP relevance) + update debug checklist 3 rules: - Reverse-proxy luôn IP literal 127.0.0.1, không localhost - Backend services bind loopback IPv4 explicit, không 0.0.0.0 - Service dependency cho boot order khi nhiều service cùng port family	2026-04-23 17:34:22 +07:00
pqhuy1987	661f8595f8	[CLAUDE] Skill: thêm 3 skill ops project-specific All checks were successful Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m47s Details Khảo sát alirezarezvani/claude-skills repo — phần lớn skill đã có ở user-level (code-reviewer, sql-database-assistant, focused-fix, senior-frontend, mcp-builder...). Bulk import sẽ trùng + nhiều skill là doc-dump generic không có YAML when-to-use. Thay vào đó: viết 3 skill PROJECT-SPECIFIC encode kiến thức SOLUTION_ERP-only mà generic không thể biết: - dependency-audit-erp: dotnet list --vulnerable + npm audit cho fe-admin/fe-user, respect pin constraint MediatR 12.4.1 + Swashbuckle 6.9.0 + Node 20.x, dẫn chiếu gotchas, output template + CI integration TODO Phase 5.1 - ef-core-migration: 8 migration history + 3-file rule + Design TimeDbContextFactory + 6 pitfalls cụ thể (bao gồm cascade vs restrict cho WorkflowDefinitionId), workflow add entity mới end- to-end, prod apply via idempotent script - iis-deploy-runbook: 3 IIS site topology + win-acme cert + NSSM gitea-runner shared VIETREPORT + LibreOffice 25.8.6 headless, debug playbook 500/502/SignalR/login, deploy steps + manual emergency, rotate creds + backup commands, dẫn chiếu gotcha #25/26/28/29 Skills README cập nhật: 6 skill (3 domain + 3 ops). CLAUDE.md + docs/CLAUDE.md sync count. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 23:44:24 +07:00

Author

SHA1

Message

Date

pqhuy1987

3990066b04

[CLAUDE] Scripts+Skill+Docs: hardening G-084 IPv4/IPv6 port hijack

Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m53s

Details

Bài học từ VietReport VPS shared (2026-04-23): Next.js app hijack port
3000 IPv4 → Gitea bị đẩy IPv6-only → IIS ARR localhost:3000 resolve
IPv4 first → git.baocaogiaoduc.vn trả homepage VietReport.

Apply 3 rules G-084 preemptively cho SOLUTION_ERP (risk thấp vì API
in-process IIS, nhưng vẫn chuẩn hóa):

1. `scripts/deploy-iis.ps1` — HealthUrl `localhost` → `127.0.0.1`
2. `.claude/skills/iis-deploy-runbook/SKILL.md` — 7 ref localhost →
   127.0.0.1 + section Hardening mới giải thích G-084 + 3 rules + note
   SOLUTION_ERP relevance (risk thấp vì no standalone Kestrel/no ARR
   proxy hiện tại, nhưng tương lai thêm phải tuân)
3. `docs/gotchas.md` — thêm entry #33 G-084 full writeup (triệu chứng,
   root cause, 3 rules, SOLUTION_ERP relevance) + update debug
   checklist

3 rules:
- Reverse-proxy luôn IP literal 127.0.0.1, không localhost
- Backend services bind loopback IPv4 explicit, không 0.0.0.0
- Service dependency cho boot order khi nhiều service cùng port family

2026-04-23 17:34:22 +07:00

pqhuy1987

661f8595f8

[CLAUDE] Skill: thêm 3 skill ops project-specific

Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m47s

Details

Khảo sát alirezarezvani/claude-skills repo — phần lớn skill đã có ở
user-level (code-reviewer, sql-database-assistant, focused-fix,
senior-frontend, mcp-builder...). Bulk import sẽ trùng + nhiều skill
là doc-dump generic không có YAML when-to-use.

Thay vào đó: viết 3 skill PROJECT-SPECIFIC encode kiến thức
SOLUTION_ERP-only mà generic không thể biết:

- dependency-audit-erp: dotnet list --vulnerable + npm audit cho
  fe-admin/fe-user, respect pin constraint MediatR 12.4.1 +
  Swashbuckle 6.9.0 + Node 20.x, dẫn chiếu gotchas, output template
  + CI integration TODO Phase 5.1

- ef-core-migration: 8 migration history + 3-file rule + Design
  TimeDbContextFactory + 6 pitfalls cụ thể (bao gồm cascade vs
  restrict cho WorkflowDefinitionId), workflow add entity mới end-
  to-end, prod apply via idempotent script

- iis-deploy-runbook: 3 IIS site topology + win-acme cert + NSSM
  gitea-runner shared VIETREPORT + LibreOffice 25.8.6 headless,
  debug playbook 500/502/SignalR/login, deploy steps + manual
  emergency, rotate creds + backup commands, dẫn chiếu gotcha #25/26/28/29

Skills README cập nhật: 6 skill (3 domain + 3 ops). CLAUDE.md
+ docs/CLAUDE.md sync count.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-22 23:44:24 +07:00

2 Commits