feat(infra): add Dokploy LXC 103 and new IIS web domains

- Add LXC 103 Dokploy infrastructure (v0.28.2) with Traefik - Deploy pdf-qr-app and qr-generator via Dokploy from GitHub - Configure IIS VM 201: roa-qr and *.roa.romfast.ro wildcard sites - Add SSL certificates (Let's Encrypt + wildcard DNS challenge) - Fix Docker Swarm VIP DNS issue with dnsrr endpoint mode - Document architecture: IIS → Traefik → Dokploy containers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-03 15:44:53 +00:00
parent ae325d33b6
commit fcf1e06c66
8 changed files with 770 additions and 6 deletions
--- a/proxmox/vm201-windows/iis-configs/roa-apps-wildcard.web.config
+++ b/proxmox/vm201-windows/iis-configs/roa-apps-wildcard.web.config
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  web.config pentru site-ul IIS wildcard: *.roa.romfast.ro
+  Locatie pe VM 201: C:\inetpub\roa-apps\web.config
+
+  Functie: Proxy HTTPS wildcard catre LXC 103 Traefik (10.0.20.167)
+  Destinatie: toate app-urile deployate prin Dokploy pe LXC 103
+
+  Exemple de subdomenii acoperite:
+    - app1.roa.romfast.ro    → app1 container
+    - app2.roa.romfast.ro    → app2 container
+    - dokploy.roa.romfast.ro → Dokploy UI
+    - [orice viitor subdomain]
+
+  Prerequisite:
+    - IIS URL Rewrite Module instalat
+    - IIS Application Request Routing (ARR) instalat
+    - IIS 10+ cu SNI support (Windows Server 2016+ sau Windows 10+)
+    - Binding *.roa.romfast.ro cu SslFlags=1 (SNI)
+
+  Nota SSL wildcard:
+    Certificate *.roa.romfast.ro necesita DNS challenge (nu HTTP-01).
+    Alternativa: certificate individuale per subdomain la fiecare app noua.
+-->
+<configuration>
+  <system.webServer>
+    <rewrite>
+      <rules>
+        <rule name="Proxy to LXC 103 Traefik" stopProcessing="true">
+          <match url="(.*)" />
+          <action type="Rewrite" url="https://10.0.20.167/{R:1}" />
+          <serverVariables>
+            <set name="HTTP_X_FORWARDED_PROTO" value="https" />
+            <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
+            <set name="HTTP_X_REAL_IP" value="{REMOTE_ADDR}" />
+          </serverVariables>
+        </rule>
+      </rules>
+    </rewrite>
+  </system.webServer>
+</configuration>
--- a/proxmox/vm201-windows/iis-configs/roa-qr.web.config
+++ b/proxmox/vm201-windows/iis-configs/roa-qr.web.config
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  web.config pentru site-ul IIS: roa-qr.romfast.ro
+  Locatie pe VM 201: C:\inetpub\roa-qr\web.config
+
+  Functie: Proxy HTTPS catre LXC 103 Traefik (10.0.20.167)
+  Destinatie: pdf-qr-app container gestionat de Dokploy
+
+  Prerequisite:
+    - IIS URL Rewrite Module instalat
+    - IIS Application Request Routing (ARR) instalat
+-->
+<configuration>
+  <system.webServer>
+    <rewrite>
+      <rules>
+        <rule name="Proxy to LXC 103 Traefik" stopProcessing="true">
+          <match url="(.*)" />
+          <action type="Rewrite" url="https://10.0.20.167/{R:1}" />
+          <serverVariables>
+            <set name="HTTP_X_FORWARDED_PROTO" value="https" />
+            <set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
+            <set name="HTTP_X_REAL_IP" value="{REMOTE_ADDR}" />
+          </serverVariables>
+        </rule>
+      </rules>
+    </rewrite>
+  </system.webServer>
+</configuration>