COLSYS/kniha_jizd_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ffdfac65deb61ef1d3c5069101d4f3c2da9ec9ef
kniha_jizd_web/NETWORK_SETUP.md
Docker Config Backup 3b5d9fd940 Initial commit - Journey book (kniha jízd) automation system 
Features:
- FastAPI backend for scraping attendance and journey book data
- Deterministic kilometer distribution with random variance
- Refueling form filling with km values
- Next.js frontend with date range selector
- Docker deployment setup

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-10 15:41:11 +02:00

3.6 KiB
Raw Blame History

External Access Configuration

Quick Setup

1. Get Your Server IP

# Find your server's IP address
ip addr show | grep "inet " | grep -v 127.0.0.1
# Or
hostname -I

2. Configure Frontend API URL

Option A: Environment Variable (Recommended)

# Edit frontend/.env.local
nano frontend/.env.local

# Set your server IP:
NEXT_PUBLIC_API_URL=http://YOUR_SERVER_IP:8000

Option B: Docker Compose

# Edit docker-compose.yml
nano docker-compose.yml

# Update the frontend environment section with your IP

3. Update Firewall Rules

UFW (Ubuntu/Debian):

sudo ufw allow 3000/tcp  # Frontend
sudo ufw allow 8000/tcp  # Backend API
sudo ufw reload

Firewalld (CentOS/RHEL):

sudo firewall-cmd --permanent --add-port=3000/tcp
sudo firewall-cmd --permanent --add-port=8000/tcp
sudo firewall-cmd --reload

iptables:

sudo iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
sudo iptables-save

4. Start the Application

./start.sh
# or
./start.sh docker

5. Access from External Device

Frontend: http://YOUR_SERVER_IP:3000
Backend API: http://YOUR_SERVER_IP:8000/docs

Production Setup (Nginx Reverse Proxy)

For production, use Nginx with SSL:

Install Nginx

sudo apt install nginx certbot python3-certbot-nginx

Configure Nginx

sudo nano /etc/nginx/sites-available/kniha-jizd

server {
    listen 80;
    server_name your-domain.com;

    # Frontend
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # Backend API
    location /api {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable Site & SSL

sudo ln -s /etc/nginx/sites-available/kniha-jizd /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

# Get SSL certificate
sudo certbot --nginx -d your-domain.com

Update Frontend Config

# frontend/.env.local
NEXT_PUBLIC_API_URL=https://your-domain.com

Security Recommendations

  1. Use HTTPS in production - Never expose unencrypted credentials
  2. Restrict CORS - Update allow_origins in backend/api/main.py
  3. Use environment variables - Never commit credentials
  4. Enable rate limiting - Prevent abuse
  5. Use VPN or SSH tunnel - For development access

Troubleshooting

Can't connect from outside

# Check if ports are listening on all interfaces
sudo netss -tlnp | grep -E '3000|8000'

# Should show 0.0.0.0:3000 and 0.0.0.0:8000

Connection refused

  • Check firewall rules
  • Verify Docker binds to 0.0.0.0
  • Check cloud provider security groups (AWS/GCP/Azure)

CORS errors

  • Verify NEXT_PUBLIC_API_URL is set correctly
  • Check backend CORS middleware allows your origin
  • Clear browser cache

Cloud Provider Notes

AWS EC2

  • Add inbound rules to Security Group for ports 3000, 8000

Google Cloud

  • Add firewall rules: gcloud compute firewall-rules create

Azure

  • Configure Network Security Group inbound rules

DigitalOcean

  • Configure Cloud Firewall or droplet firewall