rckrdmrd
a23f31ce8f
## Scripts de Base de Datos (12 archivos) - init-database.sh: Inicializacion completa con usuario y BD - init-database-v3.sh: Version con dotenv-vault - reset-database.sh: Reset BD manteniendo usuario - recreate-database.sh: Recreacion completa - cleanup-duplicados.sh, fix-duplicate-triggers.sh - verify-users.sh, verify-missions-status.sh - load-users-and-profiles.sh, DB-127-validar-gaps.sh ## Scripts de Produccion (5 archivos) - build-production.sh: Compilar backend y frontend - deploy-production.sh: Desplegar con PM2 - pre-deploy-check.sh: Validaciones pre-deploy - repair-missing-data.sh: Reparar datos faltantes - migrate-missing-objects.sh: Migrar objetos SQL ## Documentacion (7 archivos) - GUIA-DESPLIEGUE-PRODUCCION-COMPLETA.md - GUIA-ACTUALIZACION-PRODUCCION.md - GUIA-VALIDACION-PRODUCCION.md - GUIA-DEPLOYMENT-AGENTE-PRODUCCION.md - GUIA-SSL-NGINX-PRODUCCION.md - GUIA-SSL-AUTOFIRMADO.md - DIRECTIVA-DEPLOYMENT.md ## Actualizaciones DDL/Seeds - 99-post-ddl-permissions.sql: Permisos actualizados - LOAD-SEEDS-gamification_system.sh: Seeds completos ## Nuevos archivos - PROMPT-AGENTE-PRODUCCION.md: Prompt para agente productivo - FLUJO-CARGA-LIMPIA.md: Documentacion de carga limpia Resuelve: Problema de carga de BD entre dev y produccion Cumple: DIRECTIVA-POLITICA-CARGA-LIMPIA.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
249 lines
5.7 KiB
Markdown
249 lines
5.7 KiB
Markdown
# GUIA: SSL Auto-firmado para Produccion (Sin Dominio)
|
|
|
|
**Servidor:** 74.208.126.102
|
|
**Uso:** Cuando NO tienes dominio configurado
|
|
|
|
---
|
|
|
|
## ARQUITECTURA
|
|
|
|
```
|
|
INTERNET
|
|
│
|
|
▼
|
|
┌─────────────────┐
|
|
│ Nginx :443 │ ◄── HTTPS (SSL auto-firmado)
|
|
│ (Reverse │
|
|
│ Proxy) │
|
|
└────────┬────────┘
|
|
│
|
|
┌─────────────┴─────────────┐
|
|
│ │
|
|
▼ ▼
|
|
┌─────────────────┐ ┌─────────────────┐
|
|
│ Backend :3006 │ │ Frontend :3005 │
|
|
│ (NestJS) │ │ (Vite Preview) │
|
|
│ /api/* │ │ /* │
|
|
└─────────────────┘ └─────────────────┘
|
|
```
|
|
|
|
**Puertos (NO SE CAMBIAN):**
|
|
- Frontend: 3005 (HTTP interno)
|
|
- Backend: 3006 (HTTP interno)
|
|
- Nginx: 443 (HTTPS externo)
|
|
|
|
**Acceso:**
|
|
- https://74.208.126.102 → Frontend
|
|
- https://74.208.126.102/api → Backend
|
|
|
|
---
|
|
|
|
## PASO 1: Generar Certificado Auto-firmado
|
|
|
|
```bash
|
|
sudo mkdir -p /etc/nginx/ssl
|
|
|
|
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
|
-keyout /etc/nginx/ssl/gamilit.key \
|
|
-out /etc/nginx/ssl/gamilit.crt \
|
|
-subj "/C=MX/ST=Estado/L=Ciudad/O=Gamilit/CN=74.208.126.102"
|
|
|
|
sudo ls -la /etc/nginx/ssl/
|
|
```
|
|
|
|
---
|
|
|
|
## PASO 2: Instalar Nginx
|
|
|
|
```bash
|
|
sudo apt update
|
|
sudo apt install -y nginx
|
|
```
|
|
|
|
---
|
|
|
|
## PASO 3: Configurar Nginx con SSL
|
|
|
|
```bash
|
|
sudo tee /etc/nginx/sites-available/gamilit << 'NGINX'
|
|
# =============================================================================
|
|
# GAMILIT Production - SSL Auto-firmado
|
|
# Acceso: https://74.208.126.102
|
|
# =============================================================================
|
|
|
|
# Redirect HTTP to HTTPS
|
|
server {
|
|
listen 80;
|
|
server_name 74.208.126.102;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
# HTTPS Server
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name 74.208.126.102;
|
|
|
|
# SSL con certificado auto-firmado
|
|
ssl_certificate /etc/nginx/ssl/gamilit.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/gamilit.key;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
# IMPORTANTE: NO agregar headers CORS aqui
|
|
# NestJS maneja CORS internamente
|
|
|
|
# Frontend (default) - proxy a puerto 3005
|
|
location / {
|
|
proxy_pass http://localhost:3005;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_cache_bypass $http_upgrade;
|
|
}
|
|
|
|
# Backend API - proxy a puerto 3006
|
|
location /api {
|
|
proxy_pass http://localhost:3006;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# WebSocket
|
|
location /socket.io {
|
|
proxy_pass http://localhost:3006;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
}
|
|
}
|
|
NGINX
|
|
|
|
sudo ln -sf /etc/nginx/sites-available/gamilit /etc/nginx/sites-enabled/
|
|
sudo rm -f /etc/nginx/sites-enabled/default
|
|
sudo nginx -t
|
|
sudo systemctl restart nginx
|
|
sudo systemctl enable nginx
|
|
```
|
|
|
|
---
|
|
|
|
## PASO 4: Configurar Backend (.env.production)
|
|
|
|
**NO cambiar PORT.** Solo actualizar CORS:
|
|
|
|
```bash
|
|
# En apps/backend/.env.production
|
|
# Puerto se mantiene en 3006
|
|
PORT=3006
|
|
|
|
# CORS apunta al acceso HTTPS via Nginx
|
|
CORS_ORIGIN=https://74.208.126.102
|
|
|
|
# Frontend URL
|
|
FRONTEND_URL=https://74.208.126.102
|
|
```
|
|
|
|
---
|
|
|
|
## PASO 5: Configurar Frontend (.env.production)
|
|
|
|
```bash
|
|
# En apps/frontend/.env.production
|
|
# API a través de Nginx (mismo host, path /api)
|
|
VITE_API_HOST=74.208.126.102
|
|
VITE_API_PROTOCOL=https
|
|
|
|
# WebSocket
|
|
VITE_WS_HOST=74.208.126.102
|
|
VITE_WS_PROTOCOL=wss
|
|
```
|
|
|
|
---
|
|
|
|
## PASO 6: Rebuild Frontend
|
|
|
|
```bash
|
|
cd apps/frontend
|
|
npm run build
|
|
cd ../..
|
|
```
|
|
|
|
---
|
|
|
|
## PASO 7: Reiniciar Servicios
|
|
|
|
```bash
|
|
pm2 restart all
|
|
pm2 list
|
|
```
|
|
|
|
---
|
|
|
|
## PASO 8: Validar
|
|
|
|
```bash
|
|
# Verificar Nginx
|
|
sudo systemctl status nginx
|
|
|
|
# Health check via HTTPS
|
|
curl -sk https://74.208.126.102/api/v1/health
|
|
|
|
# Frontend via HTTPS
|
|
curl -sk -o /dev/null -w "HTTP Status: %{http_code}\n" https://74.208.126.102
|
|
|
|
# PM2 status
|
|
pm2 list
|
|
```
|
|
|
|
---
|
|
|
|
## URLs de Acceso
|
|
|
|
| Servicio | URL |
|
|
|----------|-----|
|
|
| Frontend | https://74.208.126.102 |
|
|
| Backend API | https://74.208.126.102/api/v1 |
|
|
| Health Check | https://74.208.126.102/api/v1/health |
|
|
|
|
---
|
|
|
|
## IMPORTANTE
|
|
|
|
1. **NO cambiar puertos de las apps** - Backend 3006, Frontend 3005
|
|
2. **Solo Nginx expone HTTPS** - Puerto 443
|
|
3. **Acceso unificado** - Todo via https://74.208.126.102
|
|
4. **CORS apunta a Nginx** - https://74.208.126.102 (no a puertos internos)
|
|
|
|
---
|
|
|
|
## Troubleshooting
|
|
|
|
### Error: Puerto 443 en uso
|
|
```bash
|
|
sudo lsof -i :443
|
|
sudo systemctl stop apache2 # Si Apache está corriendo
|
|
```
|
|
|
|
### Error: CORS
|
|
Verificar que CORS_ORIGIN sea `https://74.208.126.102` (sin puerto)
|
|
|
|
### Error: Nginx no inicia
|
|
```bash
|
|
sudo nginx -t
|
|
sudo journalctl -u nginx --no-pager -n 50
|
|
```
|
|
|
|
---
|
|
|
|
*Guia actualizada: 2025-12-18*
|