rckrdmrd/workspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f248f65071
workspace/projects/gamilit/docs/95-guias-desarrollo/GUIA-SSL-NGINX-PRODUCCION.md
rckrdmrd a23f31ce8f feat(db): Sincronizar scripts de BD y documentacion de produccion 
## Scripts de Base de Datos (12 archivos)
- init-database.sh: Inicializacion completa con usuario y BD
- init-database-v3.sh: Version con dotenv-vault
- reset-database.sh: Reset BD manteniendo usuario
- recreate-database.sh: Recreacion completa
- cleanup-duplicados.sh, fix-duplicate-triggers.sh
- verify-users.sh, verify-missions-status.sh
- load-users-and-profiles.sh, DB-127-validar-gaps.sh

## Scripts de Produccion (5 archivos)
- build-production.sh: Compilar backend y frontend
- deploy-production.sh: Desplegar con PM2
- pre-deploy-check.sh: Validaciones pre-deploy
- repair-missing-data.sh: Reparar datos faltantes
- migrate-missing-objects.sh: Migrar objetos SQL

## Documentacion (7 archivos)
- GUIA-DESPLIEGUE-PRODUCCION-COMPLETA.md
- GUIA-ACTUALIZACION-PRODUCCION.md
- GUIA-VALIDACION-PRODUCCION.md
- GUIA-DEPLOYMENT-AGENTE-PRODUCCION.md
- GUIA-SSL-NGINX-PRODUCCION.md
- GUIA-SSL-AUTOFIRMADO.md
- DIRECTIVA-DEPLOYMENT.md

## Actualizaciones DDL/Seeds
- 99-post-ddl-permissions.sql: Permisos actualizados
- LOAD-SEEDS-gamification_system.sh: Seeds completos

## Nuevos archivos
- PROMPT-AGENTE-PRODUCCION.md: Prompt para agente productivo
- FLUJO-CARGA-LIMPIA.md: Documentacion de carga limpia

Resuelve: Problema de carga de BD entre dev y produccion
Cumple: DIRECTIVA-POLITICA-CARGA-LIMPIA.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-18 15:01:03 -06:00

6.9 KiB
Raw Blame History

GUIA: Configuracion SSL con Nginx para Produccion

Servidor: 74.208.126.102 Requisito: Dominio apuntando al servidor (ej: gamilit.com)

ARQUITECTURA

                    INTERNET
                        │
                        ▼
              ┌─────────────────┐
              │   Nginx :443    │  ◄── SSL/HTTPS (certbot)
              │   (Reverse      │
              │    Proxy)       │
              └────────┬────────┘
                       │
         ┌─────────────┴─────────────┐
         │                           │
         ▼                           ▼
┌─────────────────┐       ┌─────────────────┐
│ Backend :3006   │       │ Frontend :3005  │
│ (NestJS)        │       │ (Vite Preview)  │
│ /api/*          │       │ /*              │
└─────────────────┘       └─────────────────┘

PASO 1: Instalar Nginx y Certbot

sudo apt update
sudo apt install -y nginx certbot python3-certbot-nginx

PASO 2: Configurar DNS

Asegurar que el dominio apunte al servidor:

# Verificar DNS
dig gamilit.com +short
# Debe mostrar: 74.208.126.102

PASO 3: Configuracion Nginx (SIN SSL primero)

sudo tee /etc/nginx/sites-available/gamilit << 'NGINX'
server {
    listen 80;
    server_name gamilit.com www.gamilit.com;

    # Frontend (default)
    location / {
        proxy_pass http://localhost:3005;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }

    # Backend API
    location /api {
        proxy_pass http://localhost:3006;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # WebSocket
    location /socket.io {
        proxy_pass http://localhost:3006;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
    }
}
NGINX

# Habilitar sitio
sudo ln -sf /etc/nginx/sites-available/gamilit /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default

# Verificar configuracion
sudo nginx -t

# Reiniciar Nginx
sudo systemctl restart nginx

PASO 4: Obtener Certificado SSL con Certbot

# Obtener certificado (reemplazar dominio)
sudo certbot --nginx -d gamilit.com -d www.gamilit.com

# Certbot modifica automaticamente la configuracion de Nginx para HTTPS
# Verificar renovacion automatica
sudo certbot renew --dry-run

PASO 5: Configuracion Nginx FINAL (con SSL)

Despues de certbot, la configuracion se ve asi:

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name gamilit.com www.gamilit.com;
    return 301 https://$server_name$request_uri;
}

# HTTPS Server
server {
    listen 443 ssl http2;
    server_name gamilit.com www.gamilit.com;

    # SSL (certbot configura esto automaticamente)
    ssl_certificate /etc/letsencrypt/live/gamilit.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gamilit.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # IMPORTANTE: NO agregar headers CORS aqui
    # NestJS maneja CORS internamente
    # Headers duplicados causan: "multiple values" error

    # Frontend
    location / {
        proxy_pass http://localhost:3005;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }

    # Backend API
    location /api {
        proxy_pass http://localhost:3006;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # WebSocket
    location /socket.io {
        proxy_pass http://localhost:3006;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
    }
}

PASO 6: Configurar Backend para HTTPS

Editar apps/backend/.env.production:

# CORS con HTTPS
CORS_ORIGIN=https://gamilit.com,https://www.gamilit.com

# Frontend URL
FRONTEND_URL=https://gamilit.com

PASO 7: Configurar Frontend para HTTPS

Editar apps/frontend/.env.production:

# API con HTTPS (a traves de Nginx)
VITE_API_HOST=gamilit.com
VITE_API_PROTOCOL=https
VITE_API_VERSION=v1

# WebSocket con SSL
VITE_WS_HOST=gamilit.com
VITE_WS_PROTOCOL=wss

PASO 8: Rebuild y Reiniciar

# Rebuild frontend con nueva config
cd apps/frontend && npm run build && cd ../..

# Reiniciar servicios
pm2 restart all

# Verificar
curl -I https://gamilit.com
curl https://gamilit.com/api/v1/health

TROUBLESHOOTING

Error: CORS multiple values

The 'Access-Control-Allow-Origin' header contains multiple values

Causa: Nginx y NestJS ambos agregan headers CORS Solucion: NO agregar headers CORS en Nginx. Solo NestJS los maneja.

Error: SSL Certificate

# Verificar certificado
sudo certbot certificates

# Renovar manualmente
sudo certbot renew

# Ver logs
sudo tail -f /var/log/letsencrypt/letsencrypt.log

Error: Nginx no inicia

sudo nginx -t
sudo systemctl status nginx
sudo journalctl -u nginx

PUERTOS FINALES

Servicio Puerto Interno Puerto Externo Protocolo
Nginx 80, 443 80, 443 HTTP/HTTPS
Backend 3006 - (via Nginx) HTTP interno
Frontend 3005 - (via Nginx) HTTP interno
PostgreSQL 5432 - (local only) TCP

URLS DE ACCESO

Guia creada: 2025-12-18