3 Commits

Author	SHA1	Message	Date
pqhuy1987	66c1a5c170	[CLAUDE] Rebrand: 3 domain huypham.vn → solutions.com.vn + migrate script ... User request: anh trỏ 3 subdomain mới về VPS IP 103.124.94.38: - api.huypham.vn → api.solutions.com.vn - admin.huypham.vn → admin.solutions.com.vn - user.huypham.vn → eoffice.solutions.com.vn Verified DNS: cả 3 resolve 103.124.94.38 ✓ Update 17 file repo: FE (4): fe-admin/.env.production + fe-user/.env.production (VITE_API_BASE_URL → https://api.solutions.com.vn) fe-admin/src/lib/{api,realtime}.ts + fe-user equivalents (comment) BE (1): appsettings.Production.json.example — CORS AllowedOrigins CI/CD (1): .gitea/workflows/deploy.yml — smoke test URL Scripts (3): setup-iis-sites (DomainApi/Admin/User), setup-ssl (3 host), deploy-all (verify curls) Docs (5): STATUS, HANDOFF, PROJECT-MAP, vps-setup, gotchas Skill (1): iis-deploy-runbook — 3 site table + description Email admin@huypham.vn giữ nguyên (Let's Encrypt contact — không phải domain serve). Thêm scripts/migrate-domains.ps1 — 1-shot VPS migration: 1. Pre-flight: resolve DNS 3 domain → verify IP VPS khớp 2. Add HTTP binding mới cho 3 IIS site (giữ binding cũ làm fallback) 3. Run win-acme xin 3 cert Let's Encrypt qua HTTP-01 challenge (auto add HTTPS binding + http→https redirect) 4. Verify /health/live + /health/ready + 2 FE endpoint 5. (Optional -RemoveOld) xóa binding huypham.vn sau verify OK Rollback: nếu fail, binding cũ vẫn active → site serve qua huypham.vn. Anh chạy trên VPS: cd C:\solution-erp\scripts ; .\migrate-domains.ps1 # Sau 1-2 ngày verify stable: .\migrate-domains.ps1 -RemoveOld -SkipCert	2026-04-24 09:43:05 +07:00
pqhuy1987	3990066b04	[CLAUDE] Scripts+Skill+Docs: hardening G-084 IPv4/IPv6 port hijack ... Bài học từ VietReport VPS shared (2026-04-23): Next.js app hijack port 3000 IPv4 → Gitea bị đẩy IPv6-only → IIS ARR localhost:3000 resolve IPv4 first → git.baocaogiaoduc.vn trả homepage VietReport. Apply 3 rules G-084 preemptively cho SOLUTION_ERP (risk thấp vì API in-process IIS, nhưng vẫn chuẩn hóa): 1. `scripts/deploy-iis.ps1` — HealthUrl `localhost` → `127.0.0.1` 2. `.claude/skills/iis-deploy-runbook/SKILL.md` — 7 ref localhost → 127.0.0.1 + section Hardening mới giải thích G-084 + 3 rules + note SOLUTION_ERP relevance (risk thấp vì no standalone Kestrel/no ARR proxy hiện tại, nhưng tương lai thêm phải tuân) 3. `docs/gotchas.md` — thêm entry #33 G-084 full writeup (triệu chứng, root cause, 3 rules, SOLUTION_ERP relevance) + update debug checklist 3 rules: - Reverse-proxy luôn IP literal 127.0.0.1, không localhost - Backend services bind loopback IPv4 explicit, không 0.0.0.0 - Service dependency cho boot order khi nhiều service cùng port family	2026-04-23 17:34:22 +07:00
pqhuy1987	661f8595f8	[CLAUDE] Skill: thêm 3 skill ops project-specific ... Khảo sát alirezarezvani/claude-skills repo — phần lớn skill đã có ở user-level (code-reviewer, sql-database-assistant, focused-fix, senior-frontend, mcp-builder...). Bulk import sẽ trùng + nhiều skill là doc-dump generic không có YAML when-to-use. Thay vào đó: viết 3 skill PROJECT-SPECIFIC encode kiến thức SOLUTION_ERP-only mà generic không thể biết: - dependency-audit-erp: dotnet list --vulnerable + npm audit cho fe-admin/fe-user, respect pin constraint MediatR 12.4.1 + Swashbuckle 6.9.0 + Node 20.x, dẫn chiếu gotchas, output template + CI integration TODO Phase 5.1 - ef-core-migration: 8 migration history + 3-file rule + Design TimeDbContextFactory + 6 pitfalls cụ thể (bao gồm cascade vs restrict cho WorkflowDefinitionId), workflow add entity mới end- to-end, prod apply via idempotent script - iis-deploy-runbook: 3 IIS site topology + win-acme cert + NSSM gitea-runner shared VIETREPORT + LibreOffice 25.8.6 headless, debug playbook 500/502/SignalR/login, deploy steps + manual emergency, rotate creds + backup commands, dẫn chiếu gotcha #25/26/28/29 Skills README cập nhật: 6 skill (3 domain + 3 ops). CLAUDE.md + docs/CLAUDE.md sync count. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 23:44:24 +07:00