valitovgaziz/tp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: valitovgaziz/tp:eee067f0cac2fe53d0b0f1b6a41275558563c45b
Branches Tags
valitovgaziz/tp:main valitovgaziz/tp:develop
...
compare: valitovgaziz/tp:17b194dd3090de9ecf4e49f37a740a9108999ac5
Branches Tags
valitovgaziz/tp:main valitovgaziz/tp:develop

10 Commits
eee067f0ca ... 17b194dd30

Author SHA1 Message Date
valitovgaziz 17b194dd30 fix: nginx healthcheck (wget / instead of curl /health); add backup healthcheck
Deploy / deploy (push) Failing after 2m42s
Details
2026-06-12 12:55:13 +05:00
valitovgaziz e1807167d2 fix(backup): mount rclone.conf to correct path 2026-06-12 12:51:18 +05:00
valitovgaziz 8645342666 fix(backup): use app-network instead of internal for DB access 2026-06-12 12:50:26 +05:00
valitovgaziz 5e4d78b83d add yandex token 2026-06-12 12:49:19 +05:00
Gaziz Valitov ef84eb9a9d fix(certbot): crond -f instead of -b; add rclone.conf 2026-06-12 12:33:02 +05:00
valitovgaziz 3688abb259 fix: nginx entrypoint - use sed instead of grep -oP for Alpine compat 2026-06-12 12:32:06 +05:00
valitovgaziz 8e766b540e feat: CI/CD, per-domain HTTPS, backup, config generator 
- sites.yml — единый источник истины для всех сайтов
- generate-configs.sh — генератор nginx конфигов, certbot domains.txt, .env
- nginx: per-domain HTTPS (вместо all-or-nothing switch-config)
- certbot: единый renew-all.sh, динамический init (без 5 дублирующих скриптов)
- backup: контейнер с pg_dump + rclone (Яндекс.Диск), ежедневно в 3AM
- Gitea + Gitea Runner в docker-compose (self-hosted Git + CI/CD)
- .gitea/workflows/deploy.yml — CI/CD pipeline: push → авто-деплой
- Makefile: generate-configs, reconfig, deploy, backup, restore, gitea, help
 2026-06-12 12:22:19 +05:00
valitovgaziz abcb327278 docs: add server info and fix easySite paths in AGENTS.md 2026-06-12 11:52:21 +05:00
valitovgaziz 5d22544df1 docs(nginx): remove outdated serv_spa references 
Updated the domains table to reflect that yalarba.ru is now
Nuxt 4 SSR (not static Vue SPA), and the old static path
/usr/share/nginx/yalarba/html no longer exists.
 2026-06-12 11:27:28 +05:00
valitovgaziz 0898315910 remove legacy serv_spa (yalarba Vue SPA) 
- Deleted main_dc/yalarba/serv_spa/ directory
- No docker-compose.yml changes needed (service was already unused)
- Updated docs references to point to yalarba-nuxt
- docker-compose.yml and nginx configs had no references to serv_spa
 2026-06-12 11:26:18 +05:00
225 changed files with 1567 additions and 28583 deletions
Expand all files Collapse all files
.gitea/workflows/deploy.yml
+52
View File
@@ -0,0 +1,52 @@
name: Deploy
on:
push:
branches: [main]
paths:
- 'main_dc/**'
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Deploy
run: |
cd /home/gaziz/artefacts/tp/main_dc
git pull origin main
# Если изменился sites.yml — генерируем конфиги
if git diff --name-only HEAD~1 HEAD | grep -q 'main_dc/sites.yml'; then
echo "→ sites.yml changed, generating configs..."
bash generate-configs.sh
fi
# Авто-детект и пересборка изменённых сервисов
echo "→ Detecting changed services..."
CHANGED=$(git diff --name-only HEAD~1 HEAD | grep -oP 'main_dc/\K[^/]+' | sort -u)
for svc in $CHANGED; do
svc_name="$svc"
# маппинг директорий на имена compose-сервисов
case "$svc" in
BB) svc_name="api_bb" ;;
valitovgaziz) svc_name="valitovgaziz" ;;
nginx|certbot|backup|gitea) svc_name="$svc" ;;
api_bb|api_yal|analytics|db) svc_name="$svc" ;;
yalarba) svc_name="yalarba" ;;
*) svc_name="" ;;
esac
if [ -n "$svc_name" ] && grep -q "^ $svc_name:" docker-compose.yml; then
echo " → Rebuilding $svc_name..."
make stop_$svc_name build_$svc_name start_$svc_name || \
make stop_$svc build_$svc start_$svc 2>/dev/null || \
true
fi
done
# Nginx всегда перезапускаем если изменились конфиги
if echo "$CHANGED" | grep -q 'nginx\|sites.yml'; then
echo " → Reloading nginx..."
docker compose exec -T nginx nginx -s reload 2>/dev/null || \
docker compose restart nginx
fi
AGENTS.md
+18 -6
View File
@@ -17,8 +17,8 @@ main_dc/
yalarba/api_tp/ -- Go REST API (GORM+Chi), port 8888, DB: db (5432) yalarba/api_tp/ -- Go REST API (GORM+Chi), port 8888, DB: db (5432)
yalarba/api_es/ -- Go REST API (GORM+Chi), port 8088, DB: db (5432) yalarba/api_es/ -- Go REST API (GORM+Chi), port 8088, DB: db (5432)
yalarba/api_yal/ -- Go REST API (GORM+Chi), port 8787, DB: db (5432) yalarba/api_yal/ -- Go REST API (GORM+Chi), port 8787, DB: db (5432)
yalarba/easySite/easySite/ -- Nuxt 4 SPA for easysite102.ru yalarba/easySite/ -- Nuxt 4 SPA for easysite102.ru
yalarba/serv_spa/spa/vue/ -- Vue 3 + Vite SPA for yalarba.ru yalarba/yalarba-nuxt/ -- Nuxt 4 SPA for yalarba.ru
valitovgaziz/analytics/ -- Node.js (Express) analytics server, port 9999 valitovgaziz/analytics/ -- Node.js (Express) analytics server, port 9999
valitovgaziz/html/ -- static HTML for valitovgaziz.ru valitovgaziz/html/ -- static HTML for valitovgaziz.ru
nginx/ -- nginx with automatic HTTP↔HTTPS switching nginx/ -- nginx with automatic HTTP↔HTTPS switching
@@ -47,16 +47,16 @@ cd main_dc/BB/bbvue && npm run dev # Vite dev server
cd main_dc/BB/bbvue && npm run lint # ESLint --fix cd main_dc/BB/bbvue && npm run lint # ESLint --fix
cd main_dc/BB/bbvue && npm run format # Prettier --write src/ cd main_dc/BB/bbvue && npm run format # Prettier --write src/
cd main_dc/yalarba/serv_spa/spa/vue && npm run dev # Vite dev (yalarba SPA) # serv_spa удалён — yalarba работает через yalarba-nuxt (Nuxt SSR)
cd main_dc/yalarba/easySite/easySite && npm run dev # Nuxt dev cd main_dc/yalarba/easySite && npm run dev # Nuxt dev
cd main_dc/yalarba/easySite/easySite && npm run build # Nuxt build cd main_dc/yalarba/easySite && npm run build # Nuxt build
``` ```
## Service quirks ## Service quirks
- **Nginx SSL**: `switch-config.sh` is all-or-nothing — HTTPS only activates when *every* domain has a cert. Until then, SSL port redirects back to HTTP. - **Nginx SSL**: `switch-config.sh` is all-or-nothing — HTTPS only activates when *every* domain has a cert. Until then, SSL port redirects back to HTTP.
- **`yalarba/serv_spa/spa/`**: Dockerfile is incomplete (build stage only, no runtime). The `spa/vue/` package.json includes express/pg deps despite being a Vite SPA — likely unused or legacy. The nginx compose mounts `yalarba/serv_spa/spa/vue/dist`. - **`yalarba/serv_spa/`**: удалён — был legacy Vue SPA, не использовался.
- **`api_yal`** is the only container that runs as non-root. Runs on port 8787. - **`api_yal`** is the only container that runs as non-root. Runs on port 8787.
- **`api_es`** port is configurable via `API_ES_APP_PORT` in `.env` (default 8088). All other API ports are hardcoded. - **`api_es`** port is configurable via `API_ES_APP_PORT` in `.env` (default 8088). All other API ports are hardcoded.
- **Databases**: `db` (port 5432) is shared between api_tp, api_es, api_yal. `db_bb` (port 5433) is dedicated to api_bb. - **Databases**: `db` (port 5432) is shared between api_tp, api_es, api_yal. `db_bb` (port 5433) is dedicated to api_bb.
@@ -67,3 +67,15 @@ cd main_dc/yalarba/easySite/easySite && npm run build # Nuxt build
## Docs convention ## Docs convention
READMEs and documentation are primarily in Russian. See `documentation/` for Makefile, Docker, restart, and LLM info docs. READMEs and documentation are primarily in Russian. See `documentation/` for Makefile, Docker, restart, and LLM info docs.
## Server (YalArbaServer)
| Field | Value |
|---|---|
| IP | `94.41.23.97` |
| User | `gaziz` |
| SSH key | `~/.ssh/id_ed25519` (local) |
| SSH | `ssh gaziz@94.41.23.97` |
| Root password | `sudoowneranduser` |
| User `gaziz` password | `sudoowneranduser` |
| Repo path | `/home/gaziz/artefacts/tp/main_dc` |
main_dc/.env
+6 -7
View File
@@ -1,12 +1,11 @@
#CERTBOT NGINX VARIABLES
EMAIL=valitovgaziz@yandex.ru EMAIL=valitovgaziz@yandex.ru
DOMAINS_yalarba=yalarba.ru,www.yalarba.ru #CERTBOT NGINX VARIABLES — авто-сгенерировано, не редактировать вручную
DOMAINS_valitovgaziz=valitovgaziz.ru,www.valitovgaziz.ru
DOMAINS_easysite102=easysite102.ru,www.easysite102.ru
DOMAINS_begushiybashkir=xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai
DOMAINS_begushiybashkir_latin=begushiybashkir.ru,www.begushiybashkir.ru
ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai ALL_DOMAINS=yalarba.ru,www.yalarba.ru,valitovgaziz.ru,www.valitovgaziz.ru,easysite102.ru,www.easysite102.ru,begushiybashkir.ru,www.begushiybashkir.ru,xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai
DOMAINS_begushiybashkir=begushiybashkir.ru,www.begushiybashkir.ru
DOMAINS_begushiybashkir_idn=xn--80abahjtcfl5d0a8di.xn--p1ai,www.xn--80abahjtcfl5d0a8di.xn--p1ai
DOMAINS_easysite102=easysite102.ru,www.easysite102.ru
DOMAINS_valitovgaziz=valitovgaziz.ru,www.valitovgaziz.ru
DOMAINS_yalarba=yalarba.ru,www.yalarba.ru
# keycloak # keycloak
KEYCLOAK_ADMIN_PASSWORD=your_secure_password KEYCLOAK_ADMIN_PASSWORD=your_secure_password
main_dc/Makefile
+117
View File
@@ -238,3 +238,120 @@ start_yalarba:
# Полный цикл обновления yalarba-nuxt # Полный цикл обновления yalarba-nuxt
yalarba: stop_yalarba git build_yalarba start_yalarba wn yalarba: stop_yalarba git build_yalarba start_yalarba wn
# ═══════════════════════════════════════════════
# НОВЫЕ ЦЕЛИ: generate-configs, deploy, backup
# ═══════════════════════════════════════════════
# Генерация конфигов из sites.yml
generate-configs:
bash generate-configs.sh
# Генерация + рестарт nginx
reconfig: generate-configs
docker compose restart nginx
$(MAKE) wn
# Авто-детект изменённых сервисов и деплой только их
deploy: git
@echo "=== Detecting changes ==="
@CHANGED=$$(git diff --name-only HEAD~1 HEAD | grep -oP 'main_dc/\K[^/]+' | sort -u); \
for svc in $$CHANGED; do \
case "$$svc" in \
BB) name="api_bb" ;; \
certbot) name="certbot" ;; \
backup) name="backup" ;; \
gitea) name="gitea" ;; \
*) name="$$svc" ;; \
esac; \
if grep -q "^ $$name:" docker-compose.yml 2>/dev/null; then \
echo " → Rebuilding $$name..."; \
$(MAKE) stop_$$name build_$$name start_$$name 2>/dev/null || \
$(MAKE) stop_$$svc build_$$svc start_$$svc 2>/dev/null || true; \
fi; \
done; \
if echo "$$CHANGED" | grep -q 'sites.yml\|nginx'; then \
echo " → Regenerating configs..."; \
bash generate-configs.sh; \
docker compose restart nginx; \
fi
# Ручной запуск бэкапа
backup:
docker compose exec backup /opt/backup.sh
# Ручной запуск бэкапа (разовый контейнер)
backup-run:
docker compose run --rm backup /opt/backup.sh
# Восстановление из бэкапа: make restore [DATE=2026-06-11]
restore:
docker compose run --rm backup /opt/restore.sh $(DATE)
# Gitea — полный цикл обновления
gitea: stop_gitea git build_gitea start_gitea wn
stop_gitea:
docker compose down gitea
build_gitea:
docker compose build gitea --no-cache
start_gitea:
docker compose up gitea -d
# Gitea Runner — полный цикл
gitea-runner: stop_gitea-runner git build_gitea-runner start_gitea-runner wn
stop_gitea-runner:
docker compose down gitea-runner
build_gitea-runner:
docker compose build gitea-runner --no-cache
start_gitea-runner:
docker compose up gitea-runner -d
# Gitea first-time setup helper
gitea-setup:
@echo "=== Gitea Setup ==="
@echo "1. Open http://94.41.23.97:3001 in browser"
@echo "2. Complete initial setup (DB: SQLite3 is fine)"
@echo "3. Create admin user"
@echo "4. Create new repository 'tp' and push:"
@echo " git remote add gitea http://94.41.23.97:3001/USER/tp.git"
@echo " git push -u gitea main"
@echo "5. Register runner:"
@echo " Settings → Actions → Runners → Create Token"
@echo " Update GITEA_RUNNER_REGISTRATION_TOKEN in docker-compose.yml"
@echo " Then: docker compose up -d gitea-runner"
@echo "6. Add secrets in repo Settings → Actions → Secrets:"
@echo " (none needed — runner runs locally)"
# Показать все доступные цели
help:
@echo "=== Make targets ==="
@echo ""
@echo "Site management:"
@echo " generate-configs — generate nginx configs from sites.yml"
@echo " reconfig — generate configs + restart nginx"
@echo ""
@echo "Deploy:"
@echo " all — full cycle all services"
@echo " deploy — auto-detect changes, rebuild only changed"
@echo " <service> — full cycle for one service"
@echo ""
@echo "Backup:"
@echo " backup — run backup via running container"
@echo " backup-run — run backup in one-shot container"
@echo " restore DATE=... — restore from backup"
@echo ""
@echo "Gitea:"
@echo " gitea — full cycle Gitea"
@echo " gitea-runner — full cycle Runner"
@echo " gitea-setup — first-time setup instructions"
@echo ""
@echo "Monitoring:"
@echo " wn — watch docker ps"
@echo " logs_<service> — logs for a service"
@echo " bb_db — psql into bb_db"
main_dc/backup/Dockerfile
+11
View File
@@ -0,0 +1,11 @@
FROM alpine:3.19
RUN apk add --no-cache postgresql-client rclone bash curl
COPY scripts/ /opt/
RUN chmod +x /opt/*.sh
# crontab для расписания бэкапов
RUN echo "$BACKUP_TIME /opt/backup.sh > /proc/1/fd/1 2>&1" > /etc/crontabs/root
CMD ["crond", "-f", "-l", "2"]
main_dc/backup/rclone.conf
+3
View File
@@ -0,0 +1,3 @@
[yadisk]
type = yandex
token = {"access_token":"y0__wgBEI6uquABGMKlCyC2ru7zFztUXB9VV10fCqLpn1iMh9-P7HDo","token_type":"bearer","refresh_token":"2:AAA:AAAAABwKlw4:1:XOD3WRFNbRzP_QWC:hVdNSjVSdfjzZNOXQy6eH7El9bRfWPxzGXvI99qACcdHl7qJrDbAug38IdTRnqglIcni00y1TA:Zbl9G33wrF55KgVeFtfgDQ","expiry":"2027-06-12T12:38:51.056926299+05:00"}
main_dc/backup/rclone.conf.example
+8
View File
@@ -0,0 +1,8 @@
# Пример конфига rclone для Яндекс.Диска
# Скопируй в backup/rclone.conf и заполни токен
# Инструкция: https://rclone.org/yandex/
[yadisk]
type = yandex
client_id =
client_secret =
token = {"access_token":"...","token_type":"...","expiry":"..."}
main_dc/backup/scripts/backup.sh
+47
View File
@@ -0,0 +1,47 @@
#!/bin/bash
# backup.sh — ежедневный бэкап: pg_dump + файлы → локально + Яндекс.Диск
set -euo pipefail
BACKUP_DIR="/backups/$(date +%Y-%m-%d)"
RETENTION_DAYS="${BACKUP_RETENTION_DAYS:-7}"
DB_NAMES="${DB_NAMES:-mydb}"
TIMESTAMP=$(date +%H%M%S)
mkdir -p "$BACKUP_DIR/db" "$BACKUP_DIR/files"
echo "=== Backup $TIMESTAMP ==="
# 1. Дампы всех БД
IFS=',' read -ra databases <<< "$DB_NAMES"
for db in "${databases[@]}"; do
db=$(echo "$db" | xargs) # trim
echo "→ Dumping database: $db"
PGPASSWORD="$DB_PASSWORD" pg_dump -h "$DB_HOST" -p "${DB_PORT:-5432}" \
-U "$DB_USER" -d "$db" --format=custom \
-f "$BACKUP_DIR/db/${db}-${TIMESTAMP}.dump"
done
# 2. Архив файлов
echo "→ Archiving files..."
tar -czf "$BACKUP_DIR/files/certbot-${TIMESTAMP}.tar.gz" -C /data/certbot . 2>/dev/null || true
tar -czf "$BACKUP_DIR/files/uploads-${TIMESTAMP}.tar.gz" -C /data/uploads . 2>/dev/null || true
tar -czf "$BACKUP_DIR/files/analytics-${TIMESTAMP}.tar.gz" -C /data/analytics . 2>/dev/null || true
# 3. Создаём symlink latest
rm -f /backups/latest
ln -sf "$BACKUP_DIR" /backups/latest
# 4. Ротация — удаляем старше RETENTION_DAYS
find /backups -maxdepth 1 -type d -name '2*' -mtime "+$RETENTION_DAYS" -exec rm -rf {} \; 2>/dev/null || true
echo "✓ Local backup saved to $BACKUP_DIR"
# 5. Синхронизация с Яндекс.Диск
if command -v rclone > /dev/null 2>&1 && [ -n "${RCLONE_REMOTE:-}" ]; then
echo "→ Syncing to cloud: $RCLONE_REMOTE"
rclone sync /backups "$RCLONE_REMOTE" --progress 2>&1 || \
echo " ⚠ Cloud sync failed (check rclone config)"
echo "✓ Cloud sync complete"
fi
echo "=== Backup finished ==="
main_dc/backup/scripts/restore.sh
+43
View File
@@ -0,0 +1,43 @@
#!/bin/bash
# restore.sh — восстановление из бэкапа
# Использование: docker compose run --rm backup /opt/restore.sh [дата]
set -euo pipefail
BACKUP_DATE="${1:-latest}"
BACKUP_DIR="/backups/$BACKUP_DATE"
if [ ! -d "$BACKUP_DIR" ]; then
echo "Ошибка: бэкап $BACKUP_DIR не найден"
echo "Доступные бэкапы:"
ls -d /backups/2* 2>/dev/null || echo " (нет бэкапов)"
exit 1
fi
echo "=== Restore from $BACKUP_DIR ==="
# Восстановить БД
if [ -d "$BACKUP_DIR/db" ]; then
for dump in "$BACKUP_DIR/db"/*.dump; do
[ -f "$dump" ] || continue
db=$(basename "$dump" | sed 's/-.*//')
echo "→ Restoring database: $db"
PGPASSWORD="$DB_PASSWORD" pg_restore -h "$DB_HOST" -p "${DB_PORT:-5432}" \
-U "$DB_USER" -d "$db" --clean --if-exists "$dump" || \
echo " ⚠ Restore of $db had warnings (non-fatal)"
done
fi
# Распаковать файлы
if [ -d "$BACKUP_DIR/files" ]; then
for archive in "$BACKUP_DIR/files"/*.tar.gz; do
[ -f "$archive" ] || continue
name=$(basename "$archive" | sed 's/-.*//')
target="/data/$name"
echo "→ Extracting $name to $target"
mkdir -p "$target"
tar -xzf "$archive" -C "$target" || true
done
fi
echo "=== Restore completed ==="
echo "При необходимости перезапусти сервисы: docker compose restart"
main_dc/certbot/Dockerfile
+2 -12
View File
@@ -1,20 +1,10 @@
FROM certbot/certbot FROM certbot/certbot
# Проверяем наличие crond (используем command -v вместо which) RUN apk add --no-cache cronie docker-cli
RUN if ! command -v crond > /dev/null 2>&1; then \
echo "Cron not found. Installing cronie..."; \
apk add --no-cache cronie; \
else \
echo "Cron is already installed."; \
fi
# Создаем директории для конфигов
RUN mkdir -p /etc/letsencrypt/config RUN mkdir -p /etc/letsencrypt/config
# Копируем конфигурационные файлы
COPY scripts/ /opt/ COPY scripts/ /opt/
RUN chmod +x /opt/*.sh
# Устанавливаем права
RUN chmod +x /opt/*
ENTRYPOINT ["/opt/init-certbot.sh"] ENTRYPOINT ["/opt/init-certbot.sh"]
main_dc/certbot/domains.txt
+10
View File
@@ -0,0 +1,10 @@
yalarba.ru
www.yalarba.ru
valitovgaziz.ru
www.valitovgaziz.ru
easysite102.ru
www.easysite102.ru
begushiybashkir.ru
www.begushiybashkir.ru
xn--80abahjtcfl5d0a8di.xn--p1ai
www.xn--80abahjtcfl5d0a8di.xn--p1ai
main_dc/certbot/scripts/crontab.txt
+1 -1
View File
@@ -1 +1 @@
0 0 * * * root /opt/checkRenewCerts.sh > /proc/1/fd/1 2>&1 0 0 * * * /opt/renew-all.sh > /proc/1/fd/1 2>&1
main_dc/certbot/scripts/init-certbot.sh
+22 -59
View File
@@ -1,69 +1,32 @@
#!/bin/sh #!/bin/sh
# init-certbot.sh — точка входа certbot контейнера
set -e
# Проверяем наличие сертификатов для yalarba.ru echo "=== Certbot init ==="
if [ ! -d "/etc/letsencrypt/live/yalarba.ru" ]; then
echo "Получаем новые сертификаты yalarba.ru ..." # Получаем сертификаты для всех доменов из DOMAINS_* env
env | grep '^DOMAINS_' | grep -v '^ALL_DOMAINS' | sort | while IFS='=' read -r var_name domains; do
primary_domain=$(echo "$domains" | cut -d, -f1)
if [ ! -d "/etc/letsencrypt/live/$primary_domain" ]; then
echo "→ Получаем сертификат для $primary_domain"
certbot certonly --webroot \ certbot certonly --webroot \
--config /etc/letsencrypt/config/certbot.ini \ --config /etc/letsencrypt/config/certbot.ini \
-w /var/www/certbot \ -w /var/www/certbot \
-d ${DOMAINS_yalarba} -d "$domains"
echo "✓ Сертификат для $primary_domain получен"
else
echo "✓ Сертификат для $primary_domain уже существует"
fi fi
done
echo "сertificates for ${DOMAINS_yalarba} is ready" # Настраиваем cron для ежедневного обновления
# Проверяем наличие сертификатов для valitovgaziz.ru
if [ ! -d "/etc/letsencrypt/live/valitovgaziz.ru" ]; then
echo "Получаем новые сертификаты valitovgaziz ..."
certbot certonly --webroot \
--config /etc/letsencrypt/config/certbot.ini \
-w /var/www/certbot \
-d ${DOMAINS_valitovgaziz}
fi
echo "сertificates for ${DOMAINS_valitovgaziz} is ready"
# Проверяем наличие сертификатов для easysite102.ru
if [ ! -d "/etc/letsencrypt/live/easysite102.ru" ]; then
echo "Получаем новые сертификаты easysite102.ru ..."
certbot certonly --webroot \
--config /etc/letsencrypt/config/certbot.ini \
-w /var/www/certbot \
-d ${DOMAINS_easysite102}
fi
echo "сertificates for ${DOMAINS_easysite102} is ready"
# Проверяем наличие сертификатов для бегущийбашкир.рф
if [ ! -d "/etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai" ]; then
echo "Получаем новые сертификаты xn--80abahjtcfl5d0a8di.xn--p1ai(бегущийбашкир.рф) ..."
certbot certonly --webroot \
--config /etc/letsencrypt/config/certbot.ini \
-w /var/www/certbot \
-d ${DOMAINS_begushiybashkir}
fi
echo "сertificates for ${DOMAINS_begushiybashkir} is ready"
# Проверяем наличие сертификатов для begushiybashkir.ru
if [ ! -d "/etc/letsencrypt/live/begushiybashkir.ru" ]; then
echo "Получаем новые сертификаты begushiybashkir.ru ..."
certbot certonly --webroot \
--config /etc/letsencrypt/config/certbot.ini \
-w /var/www/certbot \
-d ${DOMAINS_begushiybashkir_latin}
fi
echo "сertificates for ${DOMAINS_begushiybashkir_latin} is ready"
set -e # Завершаем работу, если любая команда вернёт ошибку
# Активируем сервис cron
/usr/sbin/crond -f &
crond -f &
# Копируем нашу собственную crontab таблицу
cp /opt/crontab.txt /etc/crontabs/root cp /opt/crontab.txt /etc/crontabs/root
# Оставляем контейнер открытым # Запускаем crond в фоне
tail -f /dev/null crond -f &
echo "=== Init завершён, контейнер работает ==="
# Держим контейнер живым
tail -f /dev/null
main_dc/certbot/scripts/renew-all.sh
+17
View File
@@ -0,0 +1,17 @@
#!/bin/sh
# renew-all.sh — единый скрипт обновления всех сертификатов
set -e
echo "=== Certbot renewal ==="
# Обновляем все сертификаты
certbot renew --webroot -w /var/www/certbot
# Перезагружаем nginx чтобы он подхватил новые сертификаты
if command -v docker > /dev/null 2>&1; then
echo "→ Перезагружаем nginx..."
docker exec nginx nginx -s reload 2>/dev/null || \
echo " (nginx reload не удался, возможно контейнер не запущен)"
fi
echo "=== Renewal завершён ==="
main_dc/docker-compose.yml
+88 -9
View File
@@ -10,19 +10,15 @@ services:
- ./certbot/config:/etc/letsencrypt/config - ./certbot/config:/etc/letsencrypt/config
- certbot_data:/etc/letsencrypt - certbot_data:/etc/letsencrypt
- certbot_www:/var/www/certbot - certbot_www:/var/www/certbot
- /var/run/docker.sock:/var/run/docker.sock
env_file: env_file:
- .env - .env
environment: environment:
- EMAIL=${EMAIL} - EMAIL=${EMAIL}
- DOMAINS=${ALL_DOMAINS}
- STAGING=0 - STAGING=0
restart: unless-stopped restart: unless-stopped
healthcheck: healthcheck:
test: test: ["CMD-SHELL", "ls /etc/letsencrypt/live/*/fullchain.pem 2>/dev/null | head -1 | xargs test -f || exit 1"]
[
"CMD-SHELL",
"test -f /etc/letsencrypt/live/$$(echo $${DOMAINS} | cut -d',' -f1)/fullchain.pem || exit 1",
]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
@@ -45,6 +41,7 @@ services:
- ./stubSite:/usr/share/nginx/stub/html - ./stubSite:/usr/share/nginx/stub/html
- ./BB/bbvue/dist:/usr/share/nginx/begushiybashkir/html - ./BB/bbvue/dist:/usr/share/nginx/begushiybashkir/html
- analytics_logs:/var/log/analytics:ro - analytics_logs:/var/log/analytics:ro
- ./nginx/conf.available:/etc/nginx/conf.available:ro
networks: networks:
- web-network - web-network
- internal - internal
@@ -52,8 +49,6 @@ services:
depends_on: depends_on:
easysite: easysite:
condition: service_healthy condition: service_healthy
certbot:
condition: service_healthy
api_bb: api_bb:
condition: service_healthy condition: service_healthy
analytics: analytics:
@@ -65,7 +60,7 @@ services:
valitovgaziz: valitovgaziz:
condition: service_healthy condition: service_healthy
healthcheck: healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost/health || exit 1"] test: ["CMD", "wget", "--spider", "http://localhost/"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
@@ -254,6 +249,88 @@ services:
timeout: 10s timeout: 10s
retries: 3 retries: 3
# ──────────────────────────────────────────────
# Gitea — self-hosted Git сервер + CI/CD
# ──────────────────────────────────────────────
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: unless-stopped
ports:
- "3001:3000"
- "2222:22"
volumes:
- gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__server__DOMAIN=git.yalarba.ru
- GITEA__server__SSH_DOMAIN=94.41.23.97
- GITEA__server__ROOT_URL=https://git.yalarba.ru
networks:
- web-network
- internal
healthcheck:
test: ["CMD", "wget", "--spider", "http://localhost:3000"]
interval: 30s
timeout: 10s
retries: 3
gitea-runner:
image: gitea/act_runner:latest
container_name: gitea-runner
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/gaziz/artefacts/tp:/home/gaziz/artefacts/tp
- gitea_runner:/data
environment:
- GITEA_INSTANCE_URL=http://gitea:3000
- GITEA_RUNNER_REGISTRATION_TOKEN=
depends_on:
gitea:
condition: service_healthy
networks:
- internal
# ──────────────────────────────────────────────
# Backup — ежедневные бэкапы БД + файлов → локально + Яндекс.Диск
# ──────────────────────────────────────────────
backup:
build:
context: ./backup
dockerfile: Dockerfile
container_name: backup
restart: unless-stopped
volumes:
- /var/backups/tp:/backups
- certbot_data:/data/certbot:ro
- api_bb_uploads:/data/uploads:ro
- analytics_data:/data/analytics:ro
- ./backup/rclone.conf:/root/.config/rclone/rclone.conf:ro
environment:
DB_HOST: db
DB_PORT: 5432
DB_USER: postgres
DB_PASSWORD: postgres
DB_NAMES: mydb,bb_db
RCLONE_REMOTE: "yadisk:tp-backups"
BACKUP_RETENTION_DAYS: 7
BACKUP_TIME: "0 3 * * *"
healthcheck:
test: ["CMD-SHELL", "pidof crond > /dev/null && ls /backups/ > /dev/null || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
depends_on:
db:
condition: service_healthy
networks:
- app-network
volumes: volumes:
certbot_data: # volume для данных Certbot certbot_data: # volume для данных Certbot
certbot_www: # volume для данных Certbot certbot_www: # volume для данных Certbot
@@ -261,6 +338,8 @@ volumes:
api_bb_uploads: # Volume для загружаемых файлов бегущий башкир api_bb_uploads: # Volume для загружаемых файлов бегущий башкир
analytics_logs: # Volume для логов аналитики analytics_logs: # Volume для логов аналитики
analytics_data: # Volume для данных аналитики analytics_data: # Volume для данных аналитики
gitea_data: # Volume для Gitea
gitea_runner: # Volume для Gitea Runner
networks: networks:
web-network: web-network:
main_dc/generate-configs.sh
Executable
+474
View File
@@ -0,0 +1,474 @@
#!/bin/bash
# generate-configs.sh — генератор конфигов из sites.yml
# Генерирует: nginx-http.conf, nginx-ssl.conf, certbot/domains.txt, обновляет .env
set -euo pipefail
DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$DIR"
SITES_YML="$DIR/sites.yml"
NGINX_DIR="$DIR/nginx"
ENV_FILE="$DIR/.env"
if [ ! -f "$SITES_YML" ]; then
echo "Ошибка: $SITES_YML не найден"
exit 1
fi
echo "=== Генерация конфигов из sites.yml ==="
# Используем python3 с quoted heredoc — предотвращает интерпретацию $ переменных bash
python3 - "$DIR" "$NGINX_DIR" "$ENV_FILE" << 'PYEOF'
import yaml, os, sys
BASE_DIR = sys.argv[1]
NGINX_DIR = sys.argv[2]
ENV_FILE = sys.argv[3]
SITES_YML = os.path.join(BASE_DIR, "sites.yml")
with open(SITES_YML) as f:
data = yaml.safe_load(f)
sites = data.get("sites", {})
if not sites:
print("Ошибка: в sites.yml нет сайтов")
sys.exit(1)
# собираем данные
all_domains = []
env_domains = {}
site_list = []
for name, cfg in sites.items():
domain = cfg["domain"]
aliases = cfg.get("aliases", [])
all_domains.append(domain)
all_domains.extend(aliases)
env_key = f"DOMAINS_{name}"
env_val = ",".join([domain] + aliases)
env_domains[env_key] = env_val
site_list.append({
"name": name,
"domain": domain,
"aliases": aliases,
"type": cfg.get("type", "upstream"),
"upstream": cfg.get("upstream", ""),
"root": cfg.get("root", ""),
"api": cfg.get("api", {}),
})
env_domains["ALL_DOMAINS"] = ",".join(all_domains)
def all_server_names():
"""Возвращает строку со всеми доменами и алиасами через пробел"""
parts = []
for s in site_list:
parts.append(s["domain"])
parts.extend(s["aliases"])
return " ".join(parts)
def all_server_names_multiline():
"""Возвращает строку с переносами для nginx server_name"""
lines = []
for s in site_list:
lines.append(s["domain"])
for a in s["aliases"]:
lines.append(a)
return " \\\n ".join(lines)
# ──────────────────────────────────────────────
# 2. Генерация nginx-http.conf
# ──────────────────────────────────────────────
http_conf = f"""# Автоматически сгенерировано generate-configs.sh — не редактировать вручную
# HTTP-only конфигурация (работает когда нет сертификатов)
server {{
listen 80;
server_name {all_server_names_multiline()};
location / {{
root /usr/share/nginx/stub/html;
index index.html;
}}
location /.well-known/acme-challenge/ {{
root /var/www/certbot;
}}
}}
# Блок для HTTPS → HTTP редиректа (порт 443)
server {{
listen 443 ssl;
server_name {all_server_names_multiline()};
ssl_certificate /etc/nginx/ssl/dummy.crt;
ssl_certificate_key /etc/nginx/ssl/dummy.key;
return 301 http://$host$request_uri;
}}
"""
http_conf_path = os.path.join(NGINX_DIR, "nginx-http.conf")
with open(http_conf_path, "w") as f:
f.write(http_conf.lstrip())
print(f" ✓ {http_conf_path}")
# ──────────────────────────────────────────────
# 3. Генерация nginx-ssl.conf
# ──────────────────────────────────────────────
ssl_server_blocks = []
for s in site_list:
server_names = " ".join([s["domain"]] + s["aliases"])
block = f"""
server {{
listen 443 ssl;
server_name {server_names};
ssl_certificate /etc/letsencrypt/live/{s["domain"]}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{s["domain"]}/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
"""
if s["type"] == "upstream":
block += f"""
location / {{
proxy_pass {s["upstream"]};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}}
"""
elif s["type"] == "static":
block += f"""
location / {{
root {s["root"]};
index index.html;
try_files $uri $uri/ /index.html;
}}
"""
# API routes
for path, target in s["api"].items():
cors_block = ""
if "/api/" in path:
cors_block = """
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
"""
block += f"""
location {path} {{
proxy_pass {target};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
{cors_block}
}}
"""
if s["type"] == "static":
block += f"""
location /uploads/ {{
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}}
"""
block += "}"
ssl_server_blocks.append(block)
ssl_conf = f"""# Автоматически сгенерировано generate-configs.sh — не редактировать вручную
# Полная HTTPS конфигурация
# --- HTTP → HTTPS редирект ---
server {{
listen 80;
server_name {all_server_names()};
location /.well-known/acme-challenge/ {{
root /var/www/certbot;
}}
location /uploads/ {{
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}}
location / {{
return 301 https://$host$request_uri;
}}
}}
# --- HTTPS серверные блоки ---
{''.join(ssl_server_blocks)}
"""
ssl_conf_path = os.path.join(NGINX_DIR, "nginx-ssl.conf")
with open(ssl_conf_path, "w") as f:
f.write(ssl_conf.lstrip())
print(f" ✓ {ssl_conf_path}")
# ──────────────────────────────────────────────
# 4. Генерация per-domain конфигов (conf.available/)
# ──────────────────────────────────────────────
CONF_AVAILABLE = os.path.join(NGINX_DIR, "conf.available")
os.makedirs(CONF_AVAILABLE, exist_ok=True)
# 00-http.conf — базовый HTTP catch-all (всегда активен)
base_http = f"""# Автоматически сгенерировано generate-configs.sh
server {{
listen 80 default_server;
server_name _;
location / {{
root /usr/share/nginx/stub/html;
index index.html;
}}
location /.well-known/acme-challenge/ {{
root /var/www/certbot;
}}
}}
"""
path = os.path.join(CONF_AVAILABLE, "00-http.conf")
with open(path, "w") as f:
f.write(base_http.lstrip())
print(f" ✓ conf.available/00-http.conf")
# per-domain: SSL + HTTP fallback
ORDER = ["10", "20", "30", "40", "50", "60", "70", "80", "90"]
for idx, s in enumerate(site_list):
prefix = ORDER[idx] if idx < len(ORDER) else f"{90 + idx}"
safe_name = s["name"]
server_names = " ".join([s["domain"]] + s["aliases"])
# --- SSL variant ---
ssl_block = f"""# CERT_DOMAIN={s["domain"]}
# Автоматически сгенерировано generate-configs.sh
server {{
listen 443 ssl;
server_name {server_names};
ssl_certificate /etc/letsencrypt/live/{s["domain"]}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{s["domain"]}/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
"""
if s["type"] == "upstream":
ssl_block += f"""
location / {{
proxy_pass {s["upstream"]};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}}
"""
elif s["type"] == "static":
ssl_block += f"""
location / {{
root {s["root"]};
index index.html;
try_files $uri $uri/ /index.html;
}}
"""
for path, target in s["api"].items():
cors = ""
if "/api/" in path:
cors = """
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
"""
ssl_block += f"""
location {path} {{
proxy_pass {target};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
{cors}
}}
"""
if s["type"] == "static":
ssl_block += f"""
location /uploads/ {{
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}}
"""
ssl_block += "}"
ssl_path = os.path.join(CONF_AVAILABLE, f"{prefix}-{safe_name}.ssl.conf")
with open(ssl_path, "w") as f:
f.write(ssl_block.lstrip())
# --- HTTP fallback variant ---
http_block = f"""# HTTP fallback for {s["domain"]} (no SSL cert)
server {{
listen 80;
server_name {server_names};
"""
if s["type"] == "upstream":
http_block += f"""
location / {{
proxy_pass {s["upstream"]};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}}
"""
elif s["type"] == "static":
http_block += f"""
location / {{
root {s["root"]};
index index.html;
try_files $uri $uri/ /index.html;
}}
"""
for path, target in s["api"].items():
cors = ""
if "/api/" in path:
cors = """
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
"""
http_block += f"""
location {path} {{
proxy_pass {target};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
{cors}
}}
"""
if s["type"] == "static":
http_block += f"""
location /uploads/ {{
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}}
"""
http_block += "}"
http_path = os.path.join(CONF_AVAILABLE, f"{prefix}-{safe_name}.http.conf")
with open(http_path, "w") as f:
f.write(http_block.lstrip())
print(f" ✓ conf.available/{prefix}-{safe_name}.ssl.conf + .http.conf")
# ──────────────────────────────────────────────
# 5. Генерация certbot/domains.txt
# ──────────────────────────────────────────────
domains_txt_path = os.path.join(BASE_DIR, "certbot", "domains.txt")
with open(domains_txt_path, "w") as f:
for d in all_domains:
f.write(d + "\n")
print(f" ✓ {domains_txt_path}")
# ──────────────────────────────────────────────
# 6. Обновление .env
# ──────────────────────────────────────────────
if os.path.exists(ENV_FILE):
with open(ENV_FILE) as f:
env_lines = f.readlines()
else:
env_lines = []
new_env = []
for line in env_lines:
stripped = line.strip()
if stripped.startswith("DOMAINS_") or stripped.startswith("ALL_DOMAINS") or "CERTBOT NGINX VARIABLES" in stripped:
continue
new_env.append(line)
# удаляем пустые строки в начале
while new_env and not new_env[0].strip():
new_env.pop(0)
domain_keys = {k: v for k, v in env_domains.items()}
insert_idx = None
for i, line in enumerate(new_env):
if line.strip().startswith("EMAIL="):
insert_idx = i + 1
break
env_header = "#CERTBOT NGINX VARIABLES — авто-сгенерировано, не редактировать вручную\n"
domain_lines = [f"{k}={v}\n" for k, v in sorted(domain_keys.items())]
if insert_idx is not None:
new_env.insert(insert_idx, env_header)
for dl in reversed(domain_lines):
new_env.insert(insert_idx + 1, dl)
else:
new_env = [env_header] + domain_lines + new_env
with open(ENV_FILE, "w") as f:
f.writelines(new_env)
print(f" ✓ {ENV_FILE} (обновлён)")
print()
print("=== Генерация завершена ===")
print(f"Сгенерировано {len(site_list)} сайтов:")
for s in site_list:
print(f" • {s['domain']} ({s['type']})")
print()
print("Не забудь перезапустить nginx: docker compose restart nginx")
PYEOF
main_dc/nginx/Dockerfile
+6 -17
View File
@@ -1,28 +1,17 @@
FROM nginx:alpine FROM nginx:alpine
# Установка зависимостей
RUN apk add --no-cache bash openssl RUN apk add --no-cache bash openssl
# Создание директории для сертификатов # dummy сертификаты для nginx (нужны чтобы nginx стартовал с любым конфигом)
RUN mkdir -p /etc/nginx/ssl RUN mkdir -p /etc/nginx/ssl && \
openssl req -x509 -nodes -days 365 \
# Генерация самоподписанных сертификатов (действительны 365 дней)
RUN openssl req -x509 -nodes -days 365 \
-newkey rsa:2048 \ -newkey rsa:2048 \
-keyout /etc/nginx/ssl/dummy.key \ -keyout /etc/nginx/ssl/dummy.key \
-out /etc/nginx/ssl/dummy.crt \ -out /etc/nginx/ssl/dummy.crt \
-subj "/C=US/ST=State/L=City/O=Organization/CN=localhost" -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
# Копируем обе конфигурации RUN mkdir -p /var/www/certbot /etc/nginx/conf.d /etc/nginx/conf.available
COPY nginx-http.conf /etc/nginx/nginx-http.conf
COPY nginx-ssl.conf /etc/nginx/nginx-ssl.conf
# Создаем симлинк по умолчанию на HTTP конфиг # per-domain entrypoint для проверки сертификатов
RUN ln -sf /etc/nginx/nginx-http.conf /etc/nginx/conf.d/default.conf COPY entrypoint.sh /docker-entrypoint.d/switch-config.sh
# Скрипт для проверки сертификатов и переключения конфига
COPY switch-config.sh /docker-entrypoint.d/switch-config.sh
RUN chmod +x /docker-entrypoint.d/switch-config.sh RUN chmod +x /docker-entrypoint.d/switch-config.sh
# Создаем необходимые директории
RUN mkdir -p /var/www/certbot
main_dc/nginx/conf.available/00-http.conf
+14
View File
@@ -0,0 +1,14 @@
# Автоматически сгенерировано generate-configs.sh
server {
listen 80 default_server;
server_name _;
location / {
root /usr/share/nginx/stub/html;
index index.html;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
main_dc/nginx/conf.available/10-yalarba.http.conf
+38
View File
@@ -0,0 +1,38 @@
# HTTP fallback for yalarba.ru (no SSL cert)
server {
listen 80;
server_name yalarba.ru www.yalarba.ru;
location / {
proxy_pass http://yalarba:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location /api/v1/ {
proxy_pass http://api_yal:8787;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
}
main_dc/nginx/conf.available/10-yalarba.ssl.conf
+48
View File
@@ -0,0 +1,48 @@
# CERT_DOMAIN=yalarba.ru
# Автоматически сгенерировано generate-configs.sh
server {
listen 443 ssl;
server_name yalarba.ru www.yalarba.ru;
ssl_certificate /etc/letsencrypt/live/yalarba.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yalarba.ru/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
proxy_pass http://yalarba:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location /api/v1/ {
proxy_pass http://api_yal:8787;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
}
main_dc/nginx/conf.available/20-valitovgaziz.http.conf
+38
View File
@@ -0,0 +1,38 @@
# HTTP fallback for valitovgaziz.ru (no SSL cert)
server {
listen 80;
server_name valitovgaziz.ru www.valitovgaziz.ru;
location / {
proxy_pass http://valitovgaziz/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location /api/ {
proxy_pass http://analytics:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
}
main_dc/nginx/conf.available/20-valitovgaziz.ssl.conf
+48
View File
@@ -0,0 +1,48 @@
# CERT_DOMAIN=valitovgaziz.ru
# Автоматически сгенерировано generate-configs.sh
server {
listen 443 ssl;
server_name valitovgaziz.ru www.valitovgaziz.ru;
ssl_certificate /etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/valitovgaziz.ru/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
proxy_pass http://valitovgaziz/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location /api/ {
proxy_pass http://analytics:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
}
main_dc/nginx/conf.available/30-easysite102.http.conf
+38
View File
@@ -0,0 +1,38 @@
# HTTP fallback for easysite102.ru (no SSL cert)
server {
listen 80;
server_name easysite102.ru www.easysite102.ru;
location / {
proxy_pass http://easysite:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location /api/v1/ {
proxy_pass http://api_yal:8787;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
}
main_dc/nginx/conf.available/30-easysite102.ssl.conf
+48
View File
@@ -0,0 +1,48 @@
# CERT_DOMAIN=easysite102.ru
# Автоматически сгенерировано generate-configs.sh
server {
listen 443 ssl;
server_name easysite102.ru www.easysite102.ru;
ssl_certificate /etc/letsencrypt/live/easysite102.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/easysite102.ru/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
proxy_pass http://easysite:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
location /api/v1/ {
proxy_pass http://api_yal:8787;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
}
main_dc/nginx/conf.available/40-begushiybashkir.http.conf
+39
View File
@@ -0,0 +1,39 @@
# HTTP fallback for begushiybashkir.ru (no SSL cert)
server {
listen 80;
server_name begushiybashkir.ru www.begushiybashkir.ru;
location / {
root /usr/share/nginx/begushiybashkir/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://api_bb:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
location /uploads/ {
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
main_dc/nginx/conf.available/40-begushiybashkir.ssl.conf
+48
View File
@@ -0,0 +1,48 @@
# CERT_DOMAIN=begushiybashkir.ru
# Автоматически сгенерировано generate-configs.sh
server {
listen 443 ssl;
server_name begushiybashkir.ru www.begushiybashkir.ru;
ssl_certificate /etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/begushiybashkir.ru/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
root /usr/share/nginx/begushiybashkir/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://api_bb:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
location /uploads/ {
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
main_dc/nginx/conf.available/50-begushiybashkir_idn.http.conf
+39
View File
@@ -0,0 +1,39 @@
# HTTP fallback for xn--80abahjtcfl5d0a8di.xn--p1ai (no SSL cert)
server {
listen 80;
server_name xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai;
location / {
root /usr/share/nginx/begushiybashkir/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://api_bb:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
location /uploads/ {
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
main_dc/nginx/conf.available/50-begushiybashkir_idn.ssl.conf
+48
View File
@@ -0,0 +1,48 @@
# CERT_DOMAIN=xn--80abahjtcfl5d0a8di.xn--p1ai
# Автоматически сгенерировано generate-configs.sh
server {
listen 443 ssl;
server_name xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai;
ssl_certificate /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
root /usr/share/nginx/begushiybashkir/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://api_bb:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
location /uploads/ {
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
main_dc/yalarba/serv_spa/spa/vue/src/components/profile/profileEdit.vue → main_dc/nginx/conf.d/.gitkeep
View File
main_dc/nginx/documentation/docs.md
+2 -2
View File
@@ -72,7 +72,7 @@
| Домен | Тип | Backend сервис | Путь на диске | | Домен | Тип | Backend сервис | Путь на диске |
|-------|-----|----------------|---------------| |-------|-----|----------------|---------------|
| `yalarba.ru` | SPA (Vue) | `api_tp:8080` | `/usr/share/nginx/yalarba/html` | | `yalarba.ru` | Nuxt 4 SSR | `yalarba:3000` + `api_yal:8787` | Прокси |
| `valitovgaziz.ru` | Статический сайт | - | `/usr/share/nginx/valitovgaziz/html` | | `valitovgaziz.ru` | Статический сайт | - | `/usr/share/nginx/valitovgaziz/html` |
| `easysite102.ru` | SPA (Nuxt.js) | `easysite:3000` + `api_yal:8787` | Прокси | | `easysite102.ru` | SPA (Nuxt.js) | `easysite:3000` + `api_yal:8787` | Прокси |
| `begushiybashkir.ru` | SPA (Vue) | `api_bb:8080` | `/usr/share/nginx/begushiybashkir/html` | | `begushiybashkir.ru` | SPA (Vue) | `api_bb:8080` | `/usr/share/nginx/begushiybashkir/html` |
@@ -165,7 +165,7 @@ Nginx запускается только после подтверждения
### Монтирование статических файлов ### Монтирование статических файлов
``` ```
./stubSite → /usr/share/nginx/stub/html ./stubSite → /usr/share/nginx/stub/html
./yalarba/serv_spa/spa/vue/dist → /usr/share/nginx/yalarba/html # удалено: serv_spa больше не используется, yalarba работает через Nuxt SSR (yalarba-nuxt)
./valitovgaziz/html → /usr/share/nginx/valitovgaziz/html ./valitovgaziz/html → /usr/share/nginx/valitovgaziz/html
./BB/bbvue/dist → /usr/share/nginx/begushiybashkir/html ./BB/bbvue/dist → /usr/share/nginx/begushiybashkir/html
``` ```
main_dc/nginx/entrypoint.sh
Executable
+37
View File
@@ -0,0 +1,37 @@
#!/bin/bash
# entrypoint.sh — per-domain HTTPS переключение
# Для каждого домена проверяет сертификат и активирует SSL или HTTP конфиг
set -euo pipefail
CONF_AVAILABLE="/etc/nginx/conf.available"
CONF_D="/etc/nginx/conf.d"
CERT_DIR="/etc/letsencrypt/live"
rm -f "$CONF_D"/*.conf
# базовый HTTP (ACME challenge, catch-all redirect)
if [ -f "$CONF_AVAILABLE/00-http.conf" ]; then
ln -sf "$CONF_AVAILABLE/00-http.conf" "$CONF_D/00-http.conf"
fi
# per-domain конфиги
shopt -s nullglob
for ssl_conf in "$CONF_AVAILABLE"/*.ssl.conf; do
base="$(basename "$ssl_conf" .ssl.conf)"
http_conf="$CONF_AVAILABLE/$base.http.conf"
# CERT_DOMAIN в первой строке: # CERT_DOMAIN=example.ru
cert_domain="$(head -1 "$ssl_conf" | sed -n 's/.*# CERT_DOMAIN=\(.*\)/\1/p')" || true
if [ -n "$cert_domain" ] && [ -f "$CERT_DIR/$cert_domain/fullchain.pem" ]; then
ln -sf "$ssl_conf" "$CONF_D/$base.ssl.conf"
echo "$base → HTTPS ($cert_domain)"
elif [ -f "$http_conf" ]; then
ln -sf "$http_conf" "$CONF_D/$base.http.conf"
echo "$base → HTTP (no cert for $cert_domain)"
fi
done
echo "---"
ls -la "$CONF_D/" | grep -v '^total'
nginx -t
main_dc/nginx/nginx-http.conf
+17 -8
View File
@@ -1,16 +1,18 @@
# Автоматически сгенерировано generate-configs.sh — не редактировать вручную
# HTTP-only конфигурация (работает когда нет сертификатов)
server { server {
listen 80; listen 80;
server_name yalarba.ru \ server_name yalarba.ru \
www.yalarba.ru \ www.yalarba.ru \
easysite102.ru \
www.easysite102.ru \
valitovgaziz.ru \ valitovgaziz.ru \
www.valitovgaziz.ru \ www.valitovgaziz.ru \
xn--80abahjtcfl5d0a8di.xn--p1ai \ easysite102.ru \
www.xn--80abahjtcfl5d0a8di.xn--p1ai \ www.easysite102.ru \
begushiybashkir.ru \ begushiybashkir.ru \
www.begushiybashkir.ru \ www.begushiybashkir.ru \
auth.yalarba.ru; xn--80abahjtcfl5d0a8di.xn--p1ai \
www.xn--80abahjtcfl5d0a8di.xn--p1ai;
location / { location / {
root /usr/share/nginx/stub/html; root /usr/share/nginx/stub/html;
@@ -25,12 +27,19 @@ server {
# Блок для HTTPS → HTTP редиректа (порт 443) # Блок для HTTPS → HTTP редиректа (порт 443)
server { server {
listen 443 ssl; listen 443 ssl;
server_name yalarba.ru www.yalarba.ru easysite102.ru www.easysite102.ru valitovgaziz.ru www.valitovgaziz.ru xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai begushiybashkir.ru www.begushiybashkir.ru; server_name yalarba.ru \
www.yalarba.ru \
valitovgaziz.ru \
www.valitovgaziz.ru \
easysite102.ru \
www.easysite102.ru \
begushiybashkir.ru \
www.begushiybashkir.ru \
xn--80abahjtcfl5d0a8di.xn--p1ai \
www.xn--80abahjtcfl5d0a8di.xn--p1ai;
# Указание пустых сертификатов (обязательно для запуска Nginx)
ssl_certificate /etc/nginx/ssl/dummy.crt; ssl_certificate /etc/nginx/ssl/dummy.crt;
ssl_certificate_key /etc/nginx/ssl/dummy.key; ssl_certificate_key /etc/nginx/ssl/dummy.key;
# Редирект всех HTTPS-запросов на HTTP
return 301 http://$host$request_uri; return 301 http://$host$request_uri;
} }
main_dc/nginx/nginx-ssl.conf
+78 -219
View File
@@ -1,130 +1,52 @@
# ================================================ # Автоматически сгенерировано generate-configs.sh — не редактировать вручную
# КОНФИГУРАЦИЯ NGINX С ПОДДЕРЖКОЙ SSL # Полная HTTPS конфигурация
# Основные задачи:
# 1. Перенаправление HTTP → HTTPS
# 2. Обслуживание статических файлов
# 3. Проксирование к backend сервисам
# 4. Поддержка нескольких доменов
# ================================================
# ================================================ # --- HTTP → HTTPS редирект ---
# БЛОК 1: HTTP СЕРВЕР (ПОРТ 80)
# ================================================
server { server {
# Прослушивание порта 80 для всех входящих HTTP соединений
listen 80; listen 80;
# Список доменов, которые обслуживает этот сервер server_name yalarba.ru www.yalarba.ru valitovgaziz.ru www.valitovgaziz.ru easysite102.ru www.easysite102.ru begushiybashkir.ru www.begushiybashkir.ru xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai;
# Все запросы к этим доменам по HTTP будут обработаны здесь
server_name yalarba.ru www.yalarba.ru
valitovgaziz.ru www.valitovgaziz.ru
easysite102.ru www.easysite102.ru
begushiybashkir.ru
xn--80abahjtcfl5d0a8di.xn--p1ai; # Punycode для IDN домена
# ============================================
# ЛОКАЦИЯ: Проверочные файлы для Certbot
# ============================================
# Этот блок КРИТИЧЕСКИ ВАЖЕН для получения SSL сертификатов
# Certbot (Let's Encrypt) размещает здесь временные файлы
# для подтверждения владения доменом
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
# Директория, где Certbot хранит проверочные файлы
root /var/www/certbot; root /var/www/certbot;
# Дополнительные настройки не нужны - nginx просто отдает файлы
} }
# ============================================
# ЛОКАЦИЯ: Основное перенаправление
# ============================================
# Все HTTP запросы перенаправляются на HTTPS
# Это обеспечивает безопасность и правильную SEO-практику
location / {
# 301 - постоянный редирект (лучше для SEO, кэшируется браузерами)
# https://$host$request_uri - сохраняет домен и полный путь запроса
return 301 https://$host$request_uri;
# Пример:
# HTTP: http://example.com/page?param=1
# ↓ перенаправление ↓
# HTTPS: https://example.com/page?param=1
}
# ============================================
# ЛОКАЦИЯ: Загруженные файлы
# ============================================
# Обслуживание статических файлов (загрузок) по HTTP
# Может быть полезно для прямых ссылок или кэширования
location /uploads/ { location /uploads/ {
# Псевдоним пути - запросы к /uploads/ обслуживаются из /uploads/ на диске
alias /uploads/; alias /uploads/;
# Кэширование в браузере на 1 год
expires 1y; expires 1y;
# Заголовки кэширования:
# "public" - может кэшироваться прокси-серверами
# "immutable" - файлы никогда не меняются, браузер не проверяет обновления
add_header Cache-Control "public, immutable"; add_header Cache-Control "public, immutable";
}
# Если файл не найден - вернуть 404 ошибку location / {
try_files $uri =404; return 301 https://$host$request_uri;
} }
} }
# ================================================ # --- HTTPS серверные блоки ---
# БЛОК 2: HTTPS СЕРВЕР ДЛЯ YALARBA.RU
# ================================================
server { server {
# Прослушивание порта 443 с SSL/TLS шифрованием
listen 443 ssl; listen 443 ssl;
# Домены для этого сервера
server_name yalarba.ru www.yalarba.ru; server_name yalarba.ru www.yalarba.ru;
# ============================================
# НАСТРОЙКИ SSL СЕРТИФИКАТОВ
# ============================================
# Пути к SSL сертификатам, сгенерированным Certbot
ssl_certificate /etc/letsencrypt/live/yalarba.ru/fullchain.pem; ssl_certificate /etc/letsencrypt/live/yalarba.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yalarba.ru/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/yalarba.ru/privkey.pem;
# ============================================
# НАСТРОЙКИ БЕЗОПАСНОСТИ SSL
# ============================================
# Разрешенные протоколы - только современные безопасные версии
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
# Сервер выбирает шифры (не клиент)
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
# Список безопасных шифров
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# ============================================
# ЛОКАЦИЯ: Nuxt 4 SSR приложение
# ============================================
location / { location / {
# Проксирование к Nuxt.js SSR серверу
proxy_pass http://yalarba:3000; proxy_pass http://yalarba:3000;
# Полный набор заголовков для корректной работы приложения
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
# Длинные таймауты
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
} }
# ============================================
# ЛОКАЦИЯ: REST API (api_yal)
# ============================================
location /api/v1/ { location /api/v1/ {
proxy_pass http://api_yal:8787; proxy_pass http://api_yal:8787;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -135,28 +57,30 @@ server {
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
}
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
} }
# ================================================ }
# БЛОК 3: HTTPS СЕРВЕР ДЛЯ VALITOVGAZIZ.RU }
# ================================================
server { server {
listen 443 ssl; listen 443 ssl;
server_name valitovgaziz.ru www.valitovgaziz.ru; server_name valitovgaziz.ru www.valitovgaziz.ru;
# Свой SSL сертификат для этого домена
ssl_certificate /etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem; ssl_certificate /etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/valitovgaziz.ru/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/valitovgaziz.ru/privkey.pem;
# Те же настройки безопасности SSL
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# ============================================
# ЛОКАЦИЯ: Проксирование к Vue SPA контейнеру
# ============================================
location / { location / {
proxy_pass http://valitovgaziz/; proxy_pass http://valitovgaziz/;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -169,79 +93,59 @@ server {
proxy_read_timeout 600; proxy_read_timeout 600;
} }
# ============================================
# ЛОКАЦИЯ: API для аналитики
# ============================================
location /api/ { location /api/ {
proxy_pass http://analytics:3000/; proxy_pass http://analytics:3000/;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
add_header Access-Control-Allow-Origin "*" always; proxy_connect_timeout 600;
add_header Access-Control-Allow-Methods "POST, GET, OPTIONS" always; proxy_send_timeout 600;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always; proxy_read_timeout 600;
add_header Access-Control-Allow-Credentials "true" always;
if ($request_method = OPTIONS) { if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204; return 204;
} }
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
} }
} }
# ================================================
# БЛОК 4: HTTPS СЕРВЕР ДЛЯ EASYSITE102.RU
# ================================================
server { server {
listen 443 ssl; listen 443 ssl;
server_name easysite102.ru www.easysite102.ru; server_name easysite102.ru www.easysite102.ru;
# Свой SSL сертификат
ssl_certificate /etc/letsencrypt/live/easysite102.ru/fullchain.pem; ssl_certificate /etc/letsencrypt/live/easysite102.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/easysite102.ru/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/easysite102.ru/privkey.pem;
# Безопасные настройки SSL
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# ============================================
# ЛОКАЦИЯ: Проксирование к Nuxt.js приложению
# ============================================
location / { location / {
# ВСЕ запросы проксируются к Nuxt.js серверу
proxy_pass http://easysite:3000; proxy_pass http://easysite:3000;
# Полный набор заголовков для корректной работы приложения
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
# Длинные таймауты для работы приложения
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
} }
# ============================================
# ЛОКАЦИЯ: API Backend для Easysite (api_yal)
# ============================================
location /api/v1/ { location /api/v1/ {
proxy_pass http://api_yal:8787; proxy_pass http://api_yal:8787;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
@@ -255,111 +159,26 @@ server {
add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204; return 204;
} }
} }
} }
# ================================================
# БЛОК 5: HTTPS СЕРВЕР ДЛЯ IDN ДОМЕНА
# (Punycode для "бегущийбашкир.рф")
# ================================================
server {
listen 443 ssl;
# Punycode представление кириллического домена
server_name xn--80abahjtcfl5d0a8di.xn--p1ai
www.xn--80abahjtcfl5d0a8di.xn--p1ai;
# Отдельный сертификат для IDN домена
ssl_certificate /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/privkey.pem;
# Стандартные SSL настройки
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# ============================================
# ЛОКАЦИЯ: SPA приложение (такое же как begushiybashkir.ru)
# ============================================
location / {
root /usr/share/nginx/begushiybashkir/html;
index index.html;
try_files $uri $uri/ /index.html;
}
# ============================================
# ЛОКАЦИЯ: API для "Бегущий Башкир"
# ============================================
location /api/ {
proxy_pass http://api_bb:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
# Те же CORS настройки что и у Easysite
if ($request_method = OPTIONS ) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
}
# ============================================
# ЛОКАЦИЯ: Загруженные файлы (статическое обслуживание)
# ============================================
location /uploads/ {
# Обслуживание файлов загрузок напрямую из файловой системы
alias /uploads/;
# Долгое кэширование - файлы загрузок редко меняются
expires 1y;
add_header Cache-Control "public, immutable";
# try_files не нужен - nginx сам проверит существование файла
}
}
# ================================================
# БЛОК 6: HTTPS СЕРВЕР ДЛЯ BEGUSHIYBASHKIR.RU
# (ДУБЛИРУЕТ БЛОК 5 С ДРУГИМ ДОМЕНОМ)
# ================================================
server { server {
listen 443 ssl; listen 443 ssl;
server_name begushiybashkir.ru www.begushiybashkir.ru; server_name begushiybashkir.ru www.begushiybashkir.ru;
# Свой SSL сертификат для этого домена
ssl_certificate /etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem; ssl_certificate /etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/begushiybashkir.ru/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/begushiybashkir.ru/privkey.pem;
# Стандартные SSL настройки
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# ВНИМАНИЕ: Весь контент ниже ДОСЛОВНО ДУБЛИРУЕТ
# предыдущий серверный блок для IDN домена
# ============================================
# ЛОКАЦИЯ: SPA приложение
# ============================================
location / { location / {
root /usr/share/nginx/begushiybashkir/html; root /usr/share/nginx/begushiybashkir/html;
index index.html; index index.html;
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
} }
# ============================================
# ЛОКАЦИЯ: API для "Бегущий Башкир"
# ============================================
location /api/ { location /api/ {
proxy_pass http://api_bb:8080/; proxy_pass http://api_bb:8080/;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -371,7 +190,6 @@ server {
proxy_send_timeout 600; proxy_send_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
# Копия CORS настроек
if ($request_method = OPTIONS) { if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin"; add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
@@ -381,17 +199,58 @@ server {
add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204; return 204;
} }
}
location /uploads/ {
alias /uploads/;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
server {
listen 443 ssl;
server_name xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai;
ssl_certificate /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
root /usr/share/nginx/begushiybashkir/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://api_bb:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
return 204;
}
} }
# ============================================
# ЛОКАЦИЯ: Загруженные файлы
# ============================================
location /uploads/ { location /uploads/ {
alias /uploads/; alias /uploads/;
expires 1y; expires 1y;
add_header Cache-Control "public, immutable"; add_header Cache-Control "public, immutable";
} }
} }
# ================================================
# КОНЕЦ КОНФИГУРАЦИИ
# ================================================
main_dc/sites.yml
+49
View File
@@ -0,0 +1,49 @@
# Единый источник истины для всех сайтов проекта
# Добавление нового сайта = одна секция в этом файле
# После изменений запусти: bash generate-configs.sh
sites:
yalarba:
domain: yalarba.ru
aliases:
- www.yalarba.ru
type: upstream
upstream: http://yalarba:3000
api:
/api/v1/: http://api_yal:8787
valitovgaziz:
domain: valitovgaziz.ru
aliases:
- www.valitovgaziz.ru
type: upstream
upstream: http://valitovgaziz/
api:
/api/: http://analytics:3000/
easysite102:
domain: easysite102.ru
aliases:
- www.easysite102.ru
type: upstream
upstream: http://easysite:3000
api:
/api/v1/: http://api_yal:8787
begushiybashkir:
domain: begushiybashkir.ru
aliases:
- www.begushiybashkir.ru
type: static
root: /usr/share/nginx/begushiybashkir/html
api:
/api/: http://api_bb:8080/
begushiybashkir_idn:
domain: xn--80abahjtcfl5d0a8di.xn--p1ai
aliases:
- www.xn--80abahjtcfl5d0a8di.xn--p1ai
type: static
root: /usr/share/nginx/begushiybashkir/html
api:
/api/: http://api_bb:8080/
main_dc/yalarba/documentation/docs.md
+1 -1
View File
@@ -155,7 +155,7 @@ docker-compose up -d
### Репозитории: ### Репозитории:
- Фронтенд EasySite: `./yalarba/easySite/` - Фронтенд EasySite: `./yalarba/easySite/`
- Фронтенд YalArba: `./yalarba/serv_spa/` - Фронтенд YalArba: `./yalarba/yalarba-nuxt/`
- API-сервисы: `./yalarba/api_*`, `./BB/api_bb` - API-сервисы: `./yalarba/api_*`, `./BB/api_bb`
--- ---
main_dc/yalarba/serv_spa/spa/Dockerfile
-11
View File
@@ -1,11 +0,0 @@
# Используем Node.js для сборки
FROM node:18-alpine as builde
WORKDIR /app
# Копируем package.json и package-lock.json для установки зависимостей
COPY vue/package*.json ./
RUN npm install
copy ./vue .
main_dc/yalarba/serv_spa/spa/vue/Makefile
-13
View File
@@ -1,13 +0,0 @@
build:
npm run build
run:
npm run dev
deploy:
npm run build
git add .
git commit -m 'build deploy'
git push
.DEFAULT_GOAL := run
main_dc/yalarba/serv_spa/spa/vue/README.md
-17
View File
@@ -1,17 +0,0 @@
## Project Setup
```sh
npm install
```
### Compile and Hot-Reload for Development
```sh
npm run dev
```
### Compile and Minify for Production
```sh
npm run build
```
main_dc/yalarba/serv_spa/spa/vue/documentation/docs.md
-262
View File
@@ -1,262 +0,0 @@
# Документация проекта YalArba
**Версия документации:** 1.0 (Первичная)
**Дата составления:** 03 декабря 2025 года
**Актуальный статус проекта:** Разработка в процессе (базовый функционал)
---
## 1. Общая информация
### 1.1. Назначение проекта
**YalArba** — это веб-приложение, созданное на Vue 3 с использованием современных инструментов разработки. На текущем этапе реализована базовая структура SPA (Single Page Application) с системой авторизации и основными страницами-заглушками для будущего функционала.
### 1.2. Технологический стек
- **Фреймворк:** Vue 3 (Composition API, `<script setup>`)
- **Маршрутизация:** Vue Router 4
- **Состояние приложения:** Pinia (стейт-менеджмент)
- **Интернационализация:** Vue I18n
- **Сборка:** Vite (предположительно)
- **Стилизация:** CSS (с использованием модульных компонентов)
### 1.3. Текущий статус функционала
**Реализовано:**
- Базовая структура SPA с маршрутизацией
- Система авторизации (логин, регистрация, защищенные маршруты)
- Главная страница с поисковой строкой
- Страницы профиля, настроек, поддержки, обратной связи
- Страница "О нас" с разделами о разработчиках
🔄 **В разработке:**
- Функционал поиска и отображения результатов
- Детальные страницы объектов (restObject)
- Основная бизнес-логика приложения
---
## 2. Архитектура проекта
### 2.1. Структура каталогов
```
src/
├── assets/ # Глобальные стили, шрифты, изображения
├── auth/ # Логика авторизации (store)
├── components/ # Vue-компоненты (сгруппированы по функциям)
├── locales/ # Файлы интернационализации (i18n)
├── router/ # Конфигурация маршрутизации
├── views/ # Страницы приложения (роуты)
├── App.vue # Корневой компонент
└── main.js # Точка входа приложения
```
### 2.2. Маршрутизация (router/index.js)
Приложение использует Vue Router с защитой маршрутов через мета-поле `requiresAuth`.
#### 2.2.1. Публичные маршруты (доступны без авторизации):
- `/` - Главная страница (HomeView)
- `/about` - О проекте
- `/support` - Поддержка
- `/feetback` - Обратная связь
- `/results` - Результаты поиска
- `/registration` - Регистрация
- `/login` - Вход в систему
#### 2.2.2. Защищенные маршруты (требуют авторизации):
- `/profile` - Профиль пользователя
- `/settings` - Настройки
- `/restObject` - Детальная страница объекта
#### 2.2.3. Механизм защиты маршрутов:
```javascript
router.beforeEach(async (to, from, next) => {
const authStore = useAuthStore();
await authStore.checkAuth();
if (to.meta.requiresAuth && !authStore.isAuthenticated) {
next('/login'); // Перенаправление на страницу входа
} else {
next();
}
});
```
### 2.3. Компонентная структура
Каждая страница (view) состоит из:
1. **FHeader** - Полный заголовок (шапка сайта)
2. **Основной компонент страницы** (контент)
3. **FooterB** - Нижний колонтитул
---
## 3. Страницы приложения
### 3.1. Главная страница (`/`)
**Компоненты:** `FHeader + SearchLine + FooterB`
**Назначение:** Отображает поисковую строку для будущего поискового функционала.
### 3.2. Страница авторизации (`/login`)
**Компоненты:** `FHeader + LogIn + FooterB`
**Компонент:** `inout.vue` (логика входа)
### 3.3. Страница регистрации (`/registration`)
**Компоненты:** `FHeader + Registration + FooterB`
**Компонент:** `registration.vue`
### 3.4. Профиль пользователя (`/profile`)
**Статус:** Требует авторизации
**Компоненты:** `FHeader + Profile + FooterB`
**Компонент:** `profile.vue`
### 3.5. Настройки (`/settings`)
**Статус:** Требует авторизации
**Компоненты:** `FHeader + Settings + FooterB`
**Компонент:** `settings.vue`
### 3.6. Объект (`/restObject`)
**Статус:** Требует авторизации, в разработке
**Компоненты:** `FHeader + RestObject + FooterB`
**Особенность:** Использует моковые данные (`mockPlace`)
### 3.7. Результаты поиска (`/results`)
**Компоненты:** `FHeader + SearchLine + Results + FooterB`
**Компоненты:** `searchLine.vue`, `results.vue`
### 3.8. О проекте (`/about`)
**Компоненты:** `FHeader + About + Developers + Commits + FooterB`
**Разделы:** Информация о проекте, разработчики, коммиты
### 3.9. Поддержка (`/support`)
**Компоненты:** `FHeader + Support + FooterB`
**Компонент:** `support.vue`
### 3.10. Обратная связь (`/feetback`)
**Примечание:** Возможна опечатка в названии (feedback → feetback)
**Компоненты:** `FHeader + Feetback + FooterB`
**Компонент:** `feetback.vue`
---
## 4. Система авторизации
### 4.1. Хранилище состояния (Pinia Store)
Расположение: `/src/auth/stores/auth.store.js` (предположительно)
**Основные функции:**
- `checkAuth()` - проверка статуса авторизации
- `isAuthenticated` - реактивное состояние авторизации
### 4.2. Процесс авторизации
1. Пользователь переходит на защищенный маршрут
2. `router.beforeEach` вызывает `authStore.checkAuth()`
3. Если пользователь не авторизован → перенаправление на `/login`
4. После успешной авторизации доступ к защищенным маршрутам разрешен
---
## 5. Конфигурация приложения
### 5.1. Точка входа (main.js)
```javascript
import { createApp } from 'vue';
import SPA_VUE_App from './App.vue';
import appRouter from './router/index.js';
import i18n from './locales/i18n.js';
import { createPinia } from 'pinia';
const spaAppVue3 = createApp(SPA_VUE_App);
const pinia = createPinia();
spaAppVue3.use(pinia);
spaAppVue3.use(appRouter);
spaAppVue3.use(i18n);
spaAppVue3.mount('#app');
```
### 5.2. Глобальные стили и шрифты
- `/src/assets/main.css` - основные стили
- `/src/assets/fonts.css` - подключение шрифтов
### 5.3. Интернационализация (i18n)
Конфигурация находится в `/src/locales/i18n.js`
(контент файла не предоставлен)
---
## 6. Текущие задачи и TODO
### 6.1. Необходимо исправить:
1. **Опечатка в маршруте:** `feetback``feedback`
2. **Импорты в ResultsView.vue:**
```javascript
// Избыточный импорт (дважды)
import searchLine from '@/components/searchLine/searchLine.vue';
import SearchLine from '@/components/searchLine/searchLine.vue';
```
### 6.2. Планируемый функционал:
1. **Реализация поиска** (компоненты `SearchLine`, `Results`)
2. **Работа с API** для получения реальных данных
3. **Детальная страница объекта** (заполнение `RestObject`)
4. **Интеграция бэкенда** для авторизации
5. **Заполнение страниц контентом** (About, Support, Settings)
### 6.3. Архитектурные улучшения:
1. Добавить Error Boundary для обработки ошибок
2. Реализовать ленивую загрузку компонентов для всех маршрутов
3. Добавить мета-теги для SEO
4. Реализовать систему уведомлений
5. Добавить валидацию форм
---
## 7. Рекомендации по разработке
### 7.1. Соглашения по именованию:
- **Компоненты:** PascalCase (`RestObjectView.vue`)
- **Файлы маршрутов:** Папка `views/` + суффикс `View`
- **Вложенные компоненты:** Группировка по функциональности
### 7.2. Структура компонентов:
```vue
<template>
<!-- 1. Шапка -->
<!-- 2. Основной контент -->
<!-- 3. Подвал -->
</template>
<script setup>
// Импорты в порядке: header → основной компонент → footer
</script>
```
### 7.3. Работа с состоянием:
- Использовать Pinia stores для глобального состояния
- Локальное состояние хранить в компонентах через `ref()`, `reactive()`
- Авторизацию обрабатывать через `auth.store`
---
## 8. Развертывание и сборка
### 8.1. Предполагаемая команда сборки:
```bash
npm run build # или yarn build
```
### 8.2. Структура сборки:
- **Входная точка:** `index.html`
- **Основной скрипт:** `main.js`
- **Базовая настройка:** Мета-теги, фавиконка, подключение стилей
---
## 9. Контакты и поддержка
**Сайт проекта:** [yalarba.ru](https://yalarba.ru)
**Дата начала разработки:** Не указана (актуально на 03.12.2025)
**Статус:** Активная разработка
---
*Документация будет обновляться по мере добавления нового функционала. Все изменения в архитектуре и API должны отражаться в соответствующих разделах документации.*
main_dc/yalarba/serv_spa/spa/vue/index.html
-14
View File
@@ -1,14 +0,0 @@
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<link rel="icon" href="/src/components/images/YalArbaLogo300.png">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/src/assets/main.css">
<title>YalArba</title>
</head>
<body>
<div id="app"></div>
<script type="module" src="/src/main.js"></script>
</body>
</html>
main_dc/yalarba/serv_spa/spa/vue/jsconfig.json
-8
View File
@@ -1,8 +0,0 @@
{
"compilerOptions": {
"paths": {
"@/*": ["./src/*"]
},
},
"exclude": ["node_modules", "dist"],
}
main_dc/yalarba/serv_spa/spa/vue/package-lock.json
Generated
-4123
View File
File diff suppressed because it is too large Load Diff
main_dc/yalarba/serv_spa/spa/vue/package.json
-29
View File
@@ -1,29 +0,0 @@
{
"name": "spa",
"version": "0.0.1",
"private": true,
"type": "module",
"scripts": {
"dev": "vite",
"build": "vite build",
"preview": "vite preview"
},
"dependencies": {
"axios": "^1.7.9",
"body-parser": "^1.20.3",
"cors": "^2.8.5",
"express": "^4.21.2",
"jwt-decode": "^4.0.0",
"pg": "^8.13.1",
"pinia": "^2.3.1",
"vue": "^3.5.13",
"vue-i18n": "^11.1.0",
"vue-material-design-icons": "^5.3.1",
"vue-router": "^4.5.0"
},
"devDependencies": {
"@vitejs/plugin-vue": "^5.2.1",
"vite": "^6.4.1",
"vite-plugin-vue-devtools": "^7.6.8"
}
}
main_dc/yalarba/serv_spa/spa/vue/src/App.vue
-12
View File
@@ -1,12 +0,0 @@
<script setup>
import { RouterLink, RouterView } from 'vue-router'
</script>
<template>
<div class="main">
<RouterView />
</div>
</template>
<style>
</style>
main_dc/yalarba/serv_spa/spa/vue/src/assets/advices.txt
-30
View File
@@ -1,30 +0,0 @@
Выбор шрифтов и размеров для мобильных устройств и десктопа зависит от множества факторов, таких как целевая аудитория, дизайн сайта/приложения и цели использования. Тем не менее, есть несколько общих рекомендаций, которые помогут обеспечить хорошую читаемость текста на разных устройствах.
### Шрифты
#### Для мобильных устройств:
- **Roboto**: Один из самых популярных шрифтов для Android. Он имеет четкий и чистый вид, хорошо подходит для чтения на небольших экранах.
- **San Francisco**: Стандартный шрифт для iOS. Хорошо сбалансирован и удобен для чтения.
- **Open Sans**: Универсальный шрифт, который отлично смотрится на любых устройствах благодаря своей нейтральной стилистике.
#### Для десктопных устройств:
- **Georgia**: Классический шрифт с засечками, который идеально подходит для длинных текстов. Обеспечивает комфортное чтение даже на больших экранах.
- **Lato**: Современный шрифт без засечек, легкий и элегантный. Подходит для заголовков и основного текста.
- **Merriweather**: Отличный выбор для длинных статей и блогов. Имеет хорошие пропорции и контрастность.
### Размеры шрифта
#### Мобильные устройства:
- **Основной текст**: 16px–18px. Это оптимальный размер для комфортного чтения на маленьких экранах.
- **Заголовки**: 20px24px для h2, 18px22px для h3, 16px20px для h4.
#### Десктопные устройства:
- **Основной текст**: 18px–20px. Такой размер обеспечивает удобство чтения на больших экранах.
- **Заголовки**: 28px32px для h2, 24px28px для h3, 20px24px для h4.
### Дополнительные советы:
- Используйте **относительные единицы измерения** (em, rem) вместо абсолютных (px), чтобы шрифт масштабировался вместе с изменением размера экрана.
- Следите за **межстрочным интервалом** (line-height). Оптимальное значение — около 1.5–1.6 для основного текста.
- Убедитесь, что у вас достаточно **контраста между текстом и фоном**. Черный текст на белом фоне — классический пример хорошего сочетания.
Эти рекомендации помогут создать удобный интерфейс как для мобильных пользователей, так и для тех, кто работает за компьютером.
main_dc/yalarba/serv_spa/spa/vue/src/assets/colors.css
-23
View File
@@ -1,23 +0,0 @@
/* Светлая тема (по умолчанию) */
:root {
--background-color: #ffffff;
--text-color: #1c1d1d;
--light-dark-background-color: #ffffff;
--light-dark-text-color: #273f2c;
--disabled-backgroud-color: rgba(23, 62, 31, 0.281);
--button-text-color: #bac677;
--disabled-dark-background-color: rgba(55, 64, 62, 0.2);
--button-dark-background-color: #3cbf40;
--light-dark-background-color: #8cd68f;
}
/* Темная тема */
[data-theme="dark"] {
--background-color: #282828;
--text-color: #3cb756;
--light-dark-background-color: #4e5e49;
--light-dark-text-color: #59f37b;
--disabled-dark-background-color: rgba(159, 193, 185, 0.2);
--button-dark-background-color: #395e3a;
}
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts.css
-56
View File
@@ -1,56 +0,0 @@
@font-face {
font-family: 'OpenSansVariableFont';
src: url('./fonts/Open_Sans/hinted-OpenSans-Regular.ttf') format('truetype-variations'),
url('./fonts/Open_Sans/OpenSans-Regular.woff') format('woff'),
url('./fonts/Open_Sans/OpenSans-Regular.woff2') format('woff2');
font-weight: 100 900;
font-stretch: 50% 200%;
}
@font-face {
font-family: 'OpenSansItalicVariableFont';
src: url('./fonts/Open_Sans/hinted-OpenSans-Italic.ttf') format('truetype-variations'),
url('./fonts/Open_Sans/OpenSans-Italic.woff') format('woff'),
url('./fonts/Open_Sans/OpenSans-Italic.woff2') format('woff2');
font-style: italic;
font-weight: 100 900;
font-stretch: 50% 200%;
}
@font-face {
font-family: 'RobotoVariableFont';
src: url('./fonts/Roboto/hinted-Roboto-Regular.ttf') format('truetype-variations'),
url('./fonts/Roboto/Roboto-Regular.woff') format('woff'),
url('./fonts/Roboto/Roboto-Regular.woff2') format('woff2');
font-weight: 100 900;
font-stretch: 50% 200%;
}
@font-face {
font-family: 'RobotoItalicVarFont';
src: url('./fonts/Roboto/hinted-Roboto-Italic.ttf') format('truetype-variations'),
url('./fonts/Roboto/Roboto-Italic.woff') format('woff'),
url('./fonts/Roboto/Roboto-Italic.woff2') format('woff2');
font-style: italic;
font-weight: 100 900;
font-stretch: 50% 200%;
}
:root {
--font-primary: 'OpenSansVariableFont', Arial, sans-serif;
--font-secondary: 'RobotoItalicVarFont', Arial, sans-serif;
--weight-light: 300;
--weight-normal: 400;
--weight-bold: 700;
}
body {
font-family: var(--font-primary);
font-weight: var(--weight-normal);
}
h1, h2, h3 {
font-family: var(--font-secondary);
font-weight: var(--weight-light);
}
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/OFL.txt
-93
View File
@@ -1,93 +0,0 @@
Copyright 2020 The Open Sans Project Authors (https://github.com/googlefonts/opensans)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
https://openfontlicense.org
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/OpenSans-Italic-VariableFont_wdth,wght.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/OpenSans-Italic.woff
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/OpenSans-Italic.woff2
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/OpenSans-Regular.woff
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/OpenSans-Regular.woff2
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/OpenSans-VariableFont_wdth,wght.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/README.txt
-100
View File
@@ -1,100 +0,0 @@
Open Sans Variable Font
=======================
This download contains Open Sans as both variable fonts and static fonts.
Open Sans is a variable font with these axes:
wdth
wght
This means all the styles are contained in these files:
OpenSans-VariableFont_wdth,wght.ttf
OpenSans-Italic-VariableFont_wdth,wght.ttf
If your app fully supports variable fonts, you can now pick intermediate styles
that arent available as static fonts. Not all apps support variable fonts, and
in those cases you can use the static font files for Open Sans:
static/OpenSans_Condensed-Light.ttf
static/OpenSans_Condensed-Regular.ttf
static/OpenSans_Condensed-Medium.ttf
static/OpenSans_Condensed-SemiBold.ttf
static/OpenSans_Condensed-Bold.ttf
static/OpenSans_Condensed-ExtraBold.ttf
static/OpenSans_SemiCondensed-Light.ttf
static/OpenSans_SemiCondensed-Regular.ttf
static/OpenSans_SemiCondensed-Medium.ttf
static/OpenSans_SemiCondensed-SemiBold.ttf
static/OpenSans_SemiCondensed-Bold.ttf
static/OpenSans_SemiCondensed-ExtraBold.ttf
static/OpenSans-Light.ttf
static/OpenSans-Regular.ttf
static/OpenSans-Medium.ttf
static/OpenSans-SemiBold.ttf
static/OpenSans-Bold.ttf
static/OpenSans-ExtraBold.ttf
static/OpenSans_Condensed-LightItalic.ttf
static/OpenSans_Condensed-Italic.ttf
static/OpenSans_Condensed-MediumItalic.ttf
static/OpenSans_Condensed-SemiBoldItalic.ttf
static/OpenSans_Condensed-BoldItalic.ttf
static/OpenSans_Condensed-ExtraBoldItalic.ttf
static/OpenSans_SemiCondensed-LightItalic.ttf
static/OpenSans_SemiCondensed-Italic.ttf
static/OpenSans_SemiCondensed-MediumItalic.ttf
static/OpenSans_SemiCondensed-SemiBoldItalic.ttf
static/OpenSans_SemiCondensed-BoldItalic.ttf
static/OpenSans_SemiCondensed-ExtraBoldItalic.ttf
static/OpenSans-LightItalic.ttf
static/OpenSans-Italic.ttf
static/OpenSans-MediumItalic.ttf
static/OpenSans-SemiBoldItalic.ttf
static/OpenSans-BoldItalic.ttf
static/OpenSans-ExtraBoldItalic.ttf
Get started
-----------
1. Install the font files you want to use
2. Use your app's font picker to view the font family and all the
available styles
Learn more about variable fonts
-------------------------------
https://developers.google.com/web/fundamentals/design-and-ux/typography/variable-fonts
https://variablefonts.typenetwork.com
https://medium.com/variable-fonts
In desktop apps
https://theblog.adobe.com/can-variable-fonts-illustrator-cc
https://helpx.adobe.com/nz/photoshop/using/fonts.html#variable_fonts
Online
https://developers.google.com/fonts/docs/getting_started
https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Fonts/Variable_Fonts_Guide
https://developer.microsoft.com/en-us/microsoft-edge/testdrive/demos/variable-fonts
Installing fonts
MacOS: https://support.apple.com/en-us/HT201749
Linux: https://www.google.com/search?q=how+to+install+a+font+on+gnu%2Blinux
Windows: https://support.microsoft.com/en-us/help/314960/how-to-install-or-remove-a-font-in-windows
Android Apps
https://developers.google.com/fonts/docs/android
https://developer.android.com/guide/topics/ui/look-and-feel/downloadable-fonts
License
-------
Please read the full license text (OFL.txt) to understand the permissions,
restrictions and requirements for usage, redistribution, and modification.
You can use them in your products & projects print or digital,
commercial or otherwise.
This isn't legal advice, please consider consulting a lawyer and see the full
license for all details.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/hinted-OpenSans-Italic.eot
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/hinted-OpenSans-Italic.svg
-3335
View File
File diff suppressed because it is too large Load Diff
Side by Side

Before

Width:  |  Height:  |  Size: 460 KiB

main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/hinted-OpenSans-Italic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/hinted-OpenSans-Regular.eot
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/hinted-OpenSans-Regular.svg
-3096
View File
File diff suppressed because it is too large Load Diff
Side by Side

Before

Width:  |  Height:  |  Size: 406 KiB

main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/hinted-OpenSans-Regular.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-Bold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-BoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-ExtraBold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-ExtraBoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-Italic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-Light.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-LightItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-Medium.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-MediumItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-Regular.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-SemiBold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans-SemiBoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-Bold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-BoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-ExtraBold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-ExtraBoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-Italic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-Light.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-LightItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-Medium.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-MediumItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-Regular.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-SemiBold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_Condensed-SemiBoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-Bold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-BoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-ExtraBold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-ExtraBoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-Italic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-Light.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-LightItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-Medium.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-MediumItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-Regular.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-SemiBold.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Open_Sans/static/OpenSans_SemiCondensed-SemiBoldItalic.ttf
BIN
View File
Binary file not shown.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Roboto/OFL.txt
-93
View File
@@ -1,93 +0,0 @@
Copyright 2011 The Roboto Project Authors (https://github.com/googlefonts/roboto-classic)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
https://openfontlicense.org
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Roboto/README.txt
-118
View File
@@ -1,118 +0,0 @@
Roboto Variable Font
====================
This download contains Roboto as both variable fonts and static fonts.
Roboto is a variable font with these axes:
wdth
wght
This means all the styles are contained in these files:
Roboto-VariableFont_wdth,wght.ttf
Roboto-Italic-VariableFont_wdth,wght.ttf
If your app fully supports variable fonts, you can now pick intermediate styles
that arent available as static fonts. Not all apps support variable fonts, and
in those cases you can use the static font files for Roboto:
static/Roboto_Condensed-Thin.ttf
static/Roboto_Condensed-ExtraLight.ttf
static/Roboto_Condensed-Light.ttf
static/Roboto_Condensed-Regular.ttf
static/Roboto_Condensed-Medium.ttf
static/Roboto_Condensed-SemiBold.ttf
static/Roboto_Condensed-Bold.ttf
static/Roboto_Condensed-ExtraBold.ttf
static/Roboto_Condensed-Black.ttf
static/Roboto_SemiCondensed-Thin.ttf
static/Roboto_SemiCondensed-ExtraLight.ttf
static/Roboto_SemiCondensed-Light.ttf
static/Roboto_SemiCondensed-Regular.ttf
static/Roboto_SemiCondensed-Medium.ttf
static/Roboto_SemiCondensed-SemiBold.ttf
static/Roboto_SemiCondensed-Bold.ttf
static/Roboto_SemiCondensed-ExtraBold.ttf
static/Roboto_SemiCondensed-Black.ttf
static/Roboto-Thin.ttf
static/Roboto-ExtraLight.ttf
static/Roboto-Light.ttf
static/Roboto-Regular.ttf
static/Roboto-Medium.ttf
static/Roboto-SemiBold.ttf
static/Roboto-Bold.ttf
static/Roboto-ExtraBold.ttf
static/Roboto-Black.ttf
static/Roboto_Condensed-ThinItalic.ttf
static/Roboto_Condensed-ExtraLightItalic.ttf
static/Roboto_Condensed-LightItalic.ttf
static/Roboto_Condensed-Italic.ttf
static/Roboto_Condensed-MediumItalic.ttf
static/Roboto_Condensed-SemiBoldItalic.ttf
static/Roboto_Condensed-BoldItalic.ttf
static/Roboto_Condensed-ExtraBoldItalic.ttf
static/Roboto_Condensed-BlackItalic.ttf
static/Roboto_SemiCondensed-ThinItalic.ttf
static/Roboto_SemiCondensed-ExtraLightItalic.ttf
static/Roboto_SemiCondensed-LightItalic.ttf
static/Roboto_SemiCondensed-Italic.ttf
static/Roboto_SemiCondensed-MediumItalic.ttf
static/Roboto_SemiCondensed-SemiBoldItalic.ttf
static/Roboto_SemiCondensed-BoldItalic.ttf
static/Roboto_SemiCondensed-ExtraBoldItalic.ttf
static/Roboto_SemiCondensed-BlackItalic.ttf
static/Roboto-ThinItalic.ttf
static/Roboto-ExtraLightItalic.ttf
static/Roboto-LightItalic.ttf
static/Roboto-Italic.ttf
static/Roboto-MediumItalic.ttf
static/Roboto-SemiBoldItalic.ttf
static/Roboto-BoldItalic.ttf
static/Roboto-ExtraBoldItalic.ttf
static/Roboto-BlackItalic.ttf
Get started
-----------
1. Install the font files you want to use
2. Use your app's font picker to view the font family and all the
available styles
Learn more about variable fonts
-------------------------------
https://developers.google.com/web/fundamentals/design-and-ux/typography/variable-fonts
https://variablefonts.typenetwork.com
https://medium.com/variable-fonts
In desktop apps
https://theblog.adobe.com/can-variable-fonts-illustrator-cc
https://helpx.adobe.com/nz/photoshop/using/fonts.html#variable_fonts
Online
https://developers.google.com/fonts/docs/getting_started
https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Fonts/Variable_Fonts_Guide
https://developer.microsoft.com/en-us/microsoft-edge/testdrive/demos/variable-fonts
Installing fonts
MacOS: https://support.apple.com/en-us/HT201749
Linux: https://www.google.com/search?q=how+to+install+a+font+on+gnu%2Blinux
Windows: https://support.microsoft.com/en-us/help/314960/how-to-install-or-remove-a-font-in-windows
Android Apps
https://developers.google.com/fonts/docs/android
https://developer.android.com/guide/topics/ui/look-and-feel/downloadable-fonts
License
-------
Please read the full license text (OFL.txt) to understand the permissions,
restrictions and requirements for usage, redistribution, and modification.
You can use them in your products & projects print or digital,
commercial or otherwise.
This isn't legal advice, please consider consulting a lawyer and see the full
license for all details.
main_dc/yalarba/serv_spa/spa/vue/src/assets/fonts/Roboto/Roboto-Italic-VariableFont_wdth,wght.ttf
BIN
View File
Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More