COLSYS/kniha_jizd_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit - Journey book (kniha jízd) automation system

Browse Source 
Features:
- FastAPI backend for scraping attendance and journey book data
- Deterministic kilometer distribution with random variance
- Refueling form filling with km values
- Next.js frontend with date range selector
- Docker deployment setup

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Docker Config Backup
2025-10-10 15:41:11 +02:00
commit 3b5d9fd940
40 changed files with 3777 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
NETWORK_SETUP.md Normal file
View File

@@ -0,0 +1,164 @@
# External Access Configuration
## Quick Setup
### 1. Get Your Server IP
```bash
# Find your server's IP address
ip addr show | grep "inet " | grep -v 127.0.0.1
# Or
hostname -I
```
### 2. Configure Frontend API URL
**Option A: Environment Variable (Recommended)**
```bash
# Edit frontend/.env.local
nano frontend/.env.local
# Set your server IP:
NEXT_PUBLIC_API_URL=http://YOUR_SERVER_IP:8000
```
**Option B: Docker Compose**
```bash
# Edit docker-compose.yml
nano docker-compose.yml
# Update the frontend environment section with your IP
```
### 3. Update Firewall Rules
**UFW (Ubuntu/Debian):**
```bash
sudo ufw allow 3000/tcp # Frontend
sudo ufw allow 8000/tcp # Backend API
sudo ufw reload
```
**Firewalld (CentOS/RHEL):**
```bash
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo firewall-cmd --permanent --add-port=8000/tcp
sudo firewall-cmd --reload
```
**iptables:**
```bash
sudo iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
sudo iptables-save
```
### 4. Start the Application
```bash
./start.sh
# or
./start.sh docker
```
### 5. Access from External Device
```
Frontend: http://YOUR_SERVER_IP:3000
Backend API: http://YOUR_SERVER_IP:8000/docs
```
## Production Setup (Nginx Reverse Proxy)
For production, use Nginx with SSL:
### Install Nginx
```bash
sudo apt install nginx certbot python3-certbot-nginx
```
### Configure Nginx
```bash
sudo nano /etc/nginx/sites-available/kniha-jizd
```
```nginx
server {
listen 80;
server_name your-domain.com;
# Frontend
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# Backend API
location /api {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
### Enable Site & SSL
```bash
sudo ln -s /etc/nginx/sites-available/kniha-jizd /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
# Get SSL certificate
sudo certbot --nginx -d your-domain.com
```
### Update Frontend Config
```bash
# frontend/.env.local
NEXT_PUBLIC_API_URL=https://your-domain.com
```
## Security Recommendations
1. **Use HTTPS in production** - Never expose unencrypted credentials
2. **Restrict CORS** - Update `allow_origins` in `backend/api/main.py`
3. **Use environment variables** - Never commit credentials
4. **Enable rate limiting** - Prevent abuse
5. **Use VPN or SSH tunnel** - For development access
## Troubleshooting
### Can't connect from outside
```bash
# Check if ports are listening on all interfaces
sudo netss -tlnp | grep -E '3000|8000'
# Should show 0.0.0.0:3000 and 0.0.0.0:8000
```
### Connection refused
- Check firewall rules
- Verify Docker binds to 0.0.0.0
- Check cloud provider security groups (AWS/GCP/Azure)
### CORS errors
- Verify NEXT_PUBLIC_API_URL is set correctly
- Check backend CORS middleware allows your origin
- Clear browser cache
## Cloud Provider Notes
### AWS EC2
- Add inbound rules to Security Group for ports 3000, 8000
### Google Cloud
- Add firewall rules: `gcloud compute firewall-rules create`
### Azure
- Configure Network Security Group inbound rules
### DigitalOcean
- Configure Cloud Firewall or droplet firewall