romfast/ROMFASTSQL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(infra): add Dokploy LXC 103 and new IIS web domains

Browse Source 
- Add LXC 103 Dokploy infrastructure (v0.28.2) with Traefik
- Deploy pdf-qr-app and qr-generator via Dokploy from GitHub
- Configure IIS VM 201: roa-qr and *.roa.romfast.ro wildcard sites
- Add SSL certificates (Let's Encrypt + wildcard DNS challenge)
- Fix Docker Swarm VIP DNS issue with dnsrr endpoint mode
- Document architecture: IIS → Traefik → Dokploy containers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Claude Agent
2026-03-03 15:44:53 +00:00
parent ae325d33b6
commit fcf1e06c66
8 changed files with 770 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
proxmox/vm201-windows/scripts/setup-new-iis-sites.ps1 Normal file
View File

@@ -0,0 +1,158 @@
# setup-new-iis-sites.ps1
# Creare site-uri IIS noi pentru infrastructura Dokploy ROMFAST
#
# Site-uri create:
# 1. roa-qr.romfast.ro → proxy la LXC 103 Traefik (pdf-qr-app)
# 2. *.roa.romfast.ro → proxy wildcard la LXC 103 Traefik (toate app-urile Dokploy)
#
# Rulat pe VM 201 (roacentral) ca Administrator
# Prerequisite: IIS URL Rewrite Module instalat
#
# Verificare prerequisite:
# Get-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.webServer/rewrite' -name 'enabled'
Import-Module WebAdministration
$LXC103_IP = "10.0.20.167"
$ADMIN_EMAIL = "admin@romfast.ro"
# ============================================================
# SITE 1: roa-qr.romfast.ro
# ============================================================
$RoaQrName = "roa-qr"
$RoaQrHost = "roa-qr.romfast.ro"
$RoaQrPath = "C:\inetpub\roa-qr"
Write-Host "Creare site: $RoaQrHost" -ForegroundColor Cyan
# Creare director
New-Item -Path $RoaQrPath -ItemType Directory -Force | Out-Null
# Creare site IIS (HTTP)
if (-not (Get-Website -Name $RoaQrName -ErrorAction SilentlyContinue)) {
New-Website -Name $RoaQrName `
-PhysicalPath $RoaQrPath `
-HostHeader $RoaQrHost `
-Port 80
Write-Host " [OK] Site $RoaQrName creat pe port 80" -ForegroundColor Green
} else {
Write-Host " [INFO] Site $RoaQrName deja existent" -ForegroundColor Yellow
}
# Adaugă binding HTTPS cu SNI
$existingHttps = Get-WebBinding -Name $RoaQrName -Protocol "https" -ErrorAction SilentlyContinue
if (-not $existingHttps) {
New-WebBinding -Name $RoaQrName `
-Protocol https `
-Port 443 `
-HostHeader $RoaQrHost `
-SslFlags 1 # SNI enabled
Write-Host " [OK] Binding HTTPS adăugat cu SNI" -ForegroundColor Green
}
# Creare web.config cu proxy rule
$RoaQrWebConfig = @"
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Proxy to LXC 103 Traefik" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="https://$($LXC103_IP)/{R:1}" />
<serverVariables>
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_REAL_IP" value="{REMOTE_ADDR}" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
"@
Set-Content -Path "$RoaQrPath\web.config" -Value $RoaQrWebConfig -Encoding UTF8
Write-Host " [OK] web.config creat pentru $RoaQrHost" -ForegroundColor Green
# ============================================================
# SITE 2: *.roa.romfast.ro (wildcard)
# ============================================================
$RoaAppsName = "roa-apps"
$RoaAppsHost = "*.roa.romfast.ro"
$RoaAppsPath = "C:\inetpub\roa-apps"
Write-Host "`nCreare site wildcard: $RoaAppsHost" -ForegroundColor Cyan
# Creare director
New-Item -Path $RoaAppsPath -ItemType Directory -Force | Out-Null
# Creare site IIS (HTTP)
if (-not (Get-Website -Name $RoaAppsName -ErrorAction SilentlyContinue)) {
New-Website -Name $RoaAppsName `
-PhysicalPath $RoaAppsPath `
-HostHeader $RoaAppsHost `
-Port 80
Write-Host " [OK] Site $RoaAppsName creat pe port 80" -ForegroundColor Green
} else {
Write-Host " [INFO] Site $RoaAppsName deja existent" -ForegroundColor Yellow
}
# Adaugă binding HTTPS cu SNI (wildcard funcționează din IIS 10 cu SNI)
$existingHttps = Get-WebBinding -Name $RoaAppsName -Protocol "https" -ErrorAction SilentlyContinue
if (-not $existingHttps) {
New-WebBinding -Name $RoaAppsName `
-Protocol https `
-Port 443 `
-HostHeader $RoaAppsHost `
-SslFlags 1 # SNI enabled - obligatoriu pentru wildcard
Write-Host " [OK] Binding HTTPS wildcard adăugat cu SNI" -ForegroundColor Green
}
# Creare web.config cu proxy rule (identic cu roa-qr)
$RoaAppsWebConfig = @"
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Proxy to LXC 103 Traefik" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="https://$($LXC103_IP)/{R:1}" />
<serverVariables>
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_REAL_IP" value="{REMOTE_ADDR}" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
"@
Set-Content -Path "$RoaAppsPath\web.config" -Value $RoaAppsWebConfig -Encoding UTF8
Write-Host " [OK] web.config creat pentru *.roa.romfast.ro" -ForegroundColor Green
# ============================================================
# STATUS FINAL
# ============================================================
Write-Host "`n=== STATUS SITE-URI IIS ===" -ForegroundColor Cyan
Get-Website | Select-Object ID, Name, State,
@{N='Bindings'; E={($_.Bindings.Collection | ForEach-Object { $_.bindingInformation }) -join ', '}} |
Format-Table -AutoSize
Write-Host "`n=== PAȘI URMĂTORI ===" -ForegroundColor Yellow
Write-Host "1. Generează certificate SSL cu Win-ACME:"
Write-Host " cd C:\Tools\win-acme"
Write-Host " .\wacs.exe --source iis --siteid <ID_roa-qr> --accepttos --emailaddress $ADMIN_EMAIL"
Write-Host " NOTĂ: Wildcard *.roa.romfast.ro necesita DNS challenge (nu HTTP-01)"
Write-Host ""
Write-Host "2. Dacă Win-ACME nu suportă DNS challenge pentru wildcard,"
Write-Host " generează certificate individuale per subdomain la fiecare app nouă."
Write-Host ""
Write-Host "3. Aplică certificate în IIS Manager (SNI obligatoriu)."
Write-Host "4. iisreset"