6718c956f7
- Add ssh-tunnel.ps1: Windows SSH tunnel manager (equivalent to ssh-tunnel.sh) - Supports password auth via plink.exe (PuTTY) - Supports ssh_hostkey for non-interactive batch mode - Commands: start, stop, restart, status - Add start-backend-service.ps1: NSSM service wrapper - Starts SSH tunnels before uvicorn - Waits for tunnel ports to be accessible (30s timeout) - Configured by Install-ROA2WEB.ps1 - Add start.ps1: Windows equivalent of start.sh - Orchestrates SSH tunnel + backend + frontend startup - Add backend/shared/ssh_tunnel_manager.py: Python monitoring - Background asyncio task monitors tunnel health every 30s - Auto-restarts tunnels after 2 consecutive failures - Exposes status to /health endpoint - Update ROA2WEB-Console.ps1: - Add Deploy-Scripts function - Update Update-ServiceToUseVenv to use wrapper script - Fix PowerShell reserved variable ($PID -> $tunnelPid) - Fix script path detection (scripts/ vs deployment/windows/scripts/) - Update README.md with ssh_hostkey documentation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ROA2WEB Linux Deployment
Deploy ROA2WEB to Windows IIS production server from Linux/LXC (claude-agent).
Quick Deploy (TLDR)
# Din orice director ROA2WEB (main, worktree, sau branch):
# Exemple locații posibile:
# /workspace/roa2web # clone principal
# /workspace/.worktrees/roa2web/fix/fix-bon # worktree pentru fix
# /workspace/.worktrees/roa2web/feature/xxx # worktree pentru feature
# Deploy complet (frontend + backend)
./deployment/linux/deploy.sh
# Doar frontend
./deployment/linux/deploy.sh frontend
# Doar backend
./deployment/linux/deploy.sh backend
# Test conexiune SSH
./deployment/linux/deploy.sh test
După deploy: Serverul face auto-deploy în maxim 5 minute (scheduled task).
Current Setup (claude-agent LXC)
SSH-ul este deja configurat pe acest LXC:
# Verificare conexiune (ar trebui să funcționeze direct)
ssh roa2web-prod "echo OK"
Configurare existentă (~/.ssh/config):
Host roa2web-prod
HostName 10.0.20.36
Port 22122
User romfast
IdentityFile ~/.ssh/roa2web_deploy
Prerequisites
- Node.js 16+ - pentru build frontend
- SSH access - deja configurat pe claude-agent LXC
First-Time Setup (doar dacă SSH nu funcționează)
1. Generate SSH Key
ssh-keygen -t ed25519 -f ~/.ssh/roa2web_deploy -C "roa2web-deploy-lxc"
2. Configure SSH Host
Add to ~/.ssh/config:
Host roa2web-prod
HostName 10.0.20.36
Port 22122
User romfast
IdentityFile ~/.ssh/roa2web_deploy
IdentitiesOnly yes
StrictHostKeyChecking accept-new
3. Add Public Key to Server
Copy the content of ~/.ssh/roa2web_deploy.pub:
cat ~/.ssh/roa2web_deploy.pub
On Windows server (via RDP or SSH):
- Connect:
ssh romfast@10.0.20.36 -p 22122 - Add key to
C:\Users\romfast\.ssh\authorized_keys
4. Test Connection
ssh roa2web-prod "echo OK"
Usage
cd /workspace/.worktrees/roa2web/fix/fix-bon
# Full deployment (frontend + backend)
./deployment/linux/deploy.sh
# Frontend only
./deployment/linux/deploy.sh frontend
# Backend only
./deployment/linux/deploy.sh backend
# Test SSH connection
./deployment/linux/deploy.sh test
How It Works
[LXC] npm run build → dist/
↓
Package: deploy-package-TIMESTAMP/
├── frontend/
├── backend/
├── shared/
└── scripts/
↓
SCP → C:\Temp\deploy-TIMESTAMP\
↓
[Server] Check-And-Deploy.ps1 (scheduled task, every 5 min)
↓
Auto-deploy to C:\inetpub\wwwroot\roa2web\
Server Configuration
| Setting | Value |
|---|---|
| Host | 10.0.20.36 |
| SSH Port | 22122 |
| User | romfast |
| Remote Path | C:\Temp |
| Install Path | C:\inetpub\wwwroot\roa2web |
| Logs Path | C:\inetpub\wwwroot\roa2web\logs |
| Scripts Path | C:\TEMP\ROA2WEB-Scripts |
Permanent Scripts Location
Scripturile de deploy (Check-And-Deploy.ps1, ROA2WEB-Console.ps1) rulează din:
C:\TEMP\ROA2WEB-Scripts\
IMPORTANT: Când modifici scripturile, trebuie să le copiezi și aici:
# După deploy.sh, copiază scripturile actualizate în locația permanentă:
ssh roa2web-prod "powershell -Command \"Copy-Item -Path 'C:\\Temp\\deploy-*\\scripts\\*.ps1' -Destination 'C:\\TEMP\\ROA2WEB-Scripts\\' -Force\""
What Deploy Preserves
Deploy-ul păstrează automat (NU le șterge):
.env- Configurația mediului (credențiale, setări)data/- Directorul cu baze de date SQLite:data/receipts/receipts_prod.db- Bonuri fiscaledata/telegram/telegram_prod.db- Sesiuni Telegramdata/cache/- Cache SQLitedata/receipts/uploads/- Fișiere uploadate
Production Logs
# View backend stderr (errors)
ssh roa2web-prod "powershell -Command \"Get-Content 'C:\\inetpub\\wwwroot\\roa2web\\logs\\backend-stderr.log' -Tail 100\""
# View backend stdout (info logs)
ssh roa2web-prod "powershell -Command \"Get-Content 'C:\\inetpub\\wwwroot\\roa2web\\logs\\backend-stdout.log' -Tail 100\""
# Filter OCR errors
ssh roa2web-prod "powershell -Command \"Get-Content 'C:\\inetpub\\wwwroot\\roa2web\\logs\\backend-stderr.log' -Tail 200\"" | grep -i ocr
Troubleshooting
SSH Connection Failed
# Check SSH config
cat ~/.ssh/config
# Test with verbose output
ssh -v roa2web-prod "echo test"
# Check if key exists
ls -la ~/.ssh/roa2web_deploy*
Build Failed
# Check Node.js version
node --version
# Reinstall dependencies
rm -rf node_modules
npm install
Transfer Failed
# Test SCP manually
scp test.txt roa2web-prod:C:/Temp/
# Check Windows firewall (port 22122)