+

Nginx_install.md

@@ -27,14 +27,18 @@ sudo apt-get install nginx -y
 cd /etc/nginx/sites-available/ &&
 sudo tee ccalm.org > /dev/null <<'EOF'
 server {
-    listen 8081;
+    listen 8081 ssl http2;
-    listen [::]:8081;
+    listen [::]:8081 ssl http2;
 
     root /opt/www/org_ccalm;
     index index.html;
 
     server_name ccalm.org www.ccalm.org;
 
+    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
+    ssl_dhparam /etc/nginx/dhparam.pem;
+
     location / {
         try_files $uri $uri/ =404;
 

PostgreSQL/PostgreSQL_install.md

@@ -150,9 +150,12 @@ sudo mcedit /etc/postgresql/16/main/pg_hba.conf
 	pg_restore -U postgres -d transit_new -1 /home/administrator/temp/transit.backup
 	pg_restore -U postgres -d transit -1 /home/administrator/transit.backup
 	pg_restore --host=127.0.0.1 --username=postgres --dbname=transit_2024 --verbose /home/administrator/transit.backup
+	pg_restore --host=127.0.0.1 --username=postgres --dbname=CCALM --verbose /tmp/CCALM.backup
 
 	sudo -u postgres psql -d transit -f /tmp/transit.backup
 	
+	
+
 Или из архива (первоначально задать trust на 127.0.0.1) так:
 	gunzip -c /var/www/dump.sql.gz | psql -h 127.0.0.1 -U bigfoott_root -d bigfoott_shop
 

Proxy/Traefik_install_CCALM.md

@@ -1,7 +1,7 @@
 # Устанавливаю Traefik cервер в Астане
 
 ```sh
-ssh igor@5.180.46.11 -p 2200
+ssh ubuntu@194.32.140.11 -p 22
 ```
 
 # Установка Traefik на Linux Mint / Ubuntu
@@ -82,11 +82,11 @@ entryPoints:
   websecure:
     address: ":443"
   traefik:
-    address: ":8080"
+    address: ":8070"
 
 api:
   dashboard: true
-  insecure: true
+  #insecure: true
 
 # Настройка сертификатов (пример с Let's Encrypt)
 certificatesResolvers:
@@ -118,13 +118,15 @@ http:
     dashboard:
       entryPoints:
         - traefik
-      rule: "Host(`localhost`)"
+      rule: "Host(`194.32.140.11`)"
       service: api@internal
+      middlewares:
+        - dashboard-auth
 
     ccalm-api-auth:
       entryPoints:
         - websecure
-      rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/authorization/v02/`)"
+      rule: "(Host(`locust.ge`) || Host(`almaty.ccalm.org`) || Host(`ccalm.org`)) && PathPrefix(`/api/authorization/v02/`)"
       service: org_ccalm_api_authorization_v02
       tls:
         certresolver: myresolver
@@ -134,7 +136,7 @@ http:
     ccalm-dbms:
       entryPoints:
         - websecure
-      rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/dbms/v09/`)"
+      rule: "(Host(`locust.ge`) || Host(`almaty.ccalm.org`) || Host(`ccalm.org`)) && PathPrefix(`/api/dbms/v09/`)"
       service: org_ccalm_dbms_v09
       tls:
         certresolver: myresolver
@@ -144,15 +146,17 @@ http:
     ccalm-translation:
       entryPoints:
         - websecure
-      rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/api/translation/v01/`)"
+      rule: "(Host(`locust.ge`) || Host(`almaty.ccalm.org`) || Host(`ccalm.org`)) && PathPrefix(`/api/translation/v01/`)"
       service: org_ccalm_translation_v01
       tls:
         certresolver: myresolver
+      middlewares:
+        - strip-translation-prefix
 
     ccalm-login:
       entryPoints:
         - websecure
-      rule: "(Host(`locust.ge`) || Host(`test.ccalm.org`)) && PathPrefix(`/login/`)"
+      rule: "(Host(`locust.ge`) || Host(`almaty.ccalm.org`) || Host(`ccalm.org`)) && PathPrefix(`/login/`)"
       service: org_ccalm_login_v01
       tls:
         certresolver: myresolver
@@ -160,7 +164,7 @@ http:
     org-ccalm-main:
       entryPoints:
         - websecure
-      rule: "Host(`locust.ge`) || Host(`test.ccalm.org`)"
+      rule: "Host(`locust.ge`) || Host(`almaty.ccalm.org`) || Host(`ccalm.org`)"
       service: org_ccalm_main
       tls:
         certresolver: myresolver
@@ -199,7 +203,7 @@ http:
     org_ccalm_translation_v01:
       loadBalancer:
         servers:
-          - url: "https://ccalm.org"
+          - url: "https://127.0.0.1:8085"
         passHostHeader: false
         serversTransport: insecureTransport
         healthCheck:
@@ -246,10 +250,14 @@ http:
       stripPrefix:
         prefixes:
           - "/api/authorization/v02"
+    strip-translation-prefix:
+      stripPrefix:
+        prefixes:
+          - "/api/translation/v01"
     dashboard-auth:
       basicAuth:
         users:
-          - "admin:$apr1$NUoqcU3I$O6VxeuGhsA6RSIyh6rNbo."  # Пароль хешируется так: htpasswd -nb admin t745632746573t
+          - "admin:$apr1$NUoqcU3I$O6VxeuGhsA6RSIyh6rNbo."  # htpasswd -nb admin t745632746573t
 
 EOF
 ```
@@ -301,11 +309,11 @@ EOF
 ```
 
 ---
-
+ыгвщ куищще
 ## 🔎 Шаг 6. Проверка работы
 Откройте в браузере cпаролем что быше "":
 ```sh
-open https://5.180.46.11:8080/dashboard
+open http://194.32.140.11:8070/dashboard
 ```
 
 
@@ -361,7 +369,7 @@ services:
     ports:
       - "80:80"      # HTTP
       - "443:443"    # HTTPS
-      - "8080:8080"  # Dashboard
+      - "8070:8070"  # Dashboard
     volumes:
       - /etc/traefik:/etc/traefik
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -387,7 +395,7 @@ EOF
 
 Откройте в браузере:
 ```sh
-open http://192.168.200.85:8080/dashboard/
+open http://192.168.200.85:8070/dashboard/
 ```
 
 ```sh