vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3990066b04aec94b3d291ca8911e8e25a29d5aab
solution-erp/.claude
History
pqhuy1987 3990066b04
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m53s
Details
[CLAUDE] Scripts+Skill+Docs: hardening G-084 IPv4/IPv6 port hijack 
Bài học từ VietReport VPS shared (2026-04-23): Next.js app hijack port
3000 IPv4 → Gitea bị đẩy IPv6-only → IIS ARR localhost:3000 resolve
IPv4 first → git.baocaogiaoduc.vn trả homepage VietReport.

Apply 3 rules G-084 preemptively cho SOLUTION_ERP (risk thấp vì API
in-process IIS, nhưng vẫn chuẩn hóa):

1. `scripts/deploy-iis.ps1` — HealthUrl `localhost` → `127.0.0.1`
2. `.claude/skills/iis-deploy-runbook/SKILL.md` — 7 ref localhost →
   127.0.0.1 + section Hardening mới giải thích G-084 + 3 rules + note
   SOLUTION_ERP relevance (risk thấp vì no standalone Kestrel/no ARR
   proxy hiện tại, nhưng tương lai thêm phải tuân)
3. `docs/gotchas.md` — thêm entry #33 G-084 full writeup (triệu chứng,
   root cause, 3 rules, SOLUTION_ERP relevance) + update debug
   checklist

3 rules:
- Reverse-proxy luôn IP literal 127.0.0.1, không localhost
- Backend services bind loopback IPv4 explicit, không 0.0.0.0
- Service dependency cho boot order khi nhiều service cùng port family
2026-04-23 17:34:22 +07:00
..
skills
[CLAUDE] Scripts+Skill+Docs: hardening G-084 IPv4/IPv6 port hijack
2026-04-23 17:34:22 +07:00