From 4fc681b2c49672b8b5ee850d566a86f1ec098fa1 Mon Sep 17 00:00:00 2001
From: Guillermo <guillermo@beyond120d.com>
Date: Tue, 10 Feb 2026 18:39:21 +0000
Subject: [PATCH] cambiado el path de instalacion, eliminado el nginx y con
 labels de traefik

---
 docker-compose.yml      |  24 ++-
 docker-compose.yml.back |  51 +++++++
 install_beyond.sh       | 317 +++++++++++++++++++++-------------------
 3 files changed, 225 insertions(+), 167 deletions(-)
 create mode 100644 docker-compose.yml.back

diff --git a/docker-compose.yml b/docker-compose.yml
index d7734af..68f876c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,21 +28,17 @@ services:
       - "4173"
     networks:
       - beyond-net
-
-  nginx:
-    image: nginx:1.27-alpine
-    container_name: beyond-nginx
+      - frontend
+    labels:
+      - "traefik.enable=true"
+      - "treafik.http.routers.XXX-https.rule=Host(`XXX.mylab.k8s.org.es`)"
+      - "traefik.http.routers.XXX-https.entrypoints=websecure"
+      - "traefik.http.routers.XXX-https.tls=true"
+      - "traefik.http.routers.XXX-https.tls.certresolver=doresolv"
+      - "traefik.http.routers.XXX-https.service=XXX-service-scv"
+      - "traefik.http.services.XXX-service-scv.loadBalancer.server.port=4173"
     depends_on:
       - backend
-      - frontend
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - /etc/letsencrypt:/etc/letsencrypt:ro
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-    networks:
-      - beyond-net
 
 volumes:
   cache-data:
@@ -51,3 +47,5 @@ volumes:
 networks:
   beyond-net:
     driver: bridge
+  frontend:
+    external: true 
diff --git a/docker-compose.yml.back b/docker-compose.yml.back
new file mode 100644
index 0000000..c2ee3e3
--- /dev/null
+++ b/docker-compose.yml.back
@@ -0,0 +1,51 @@
+version: "3.9"
+
+services:
+  backend:
+    build:
+      context: ./backend
+    container_name: beyond-backend
+    environment:
+      # credenciales del API (las mismas que usas ahora)
+      BASIC_AUTH_USERNAME: "beyond"
+      BASIC_AUTH_PASSWORD: "beyond2026"
+      CACHE_DIR: "/data/cache"
+    volumes:
+      - cache-data:/data/cache
+    expose:
+      - "8000"
+    networks:
+      - beyond-net
+
+  frontend:
+    build:
+      context: ./frontend
+      args:
+        # el front compilará con este BASE_URL -> /api
+        VITE_API_BASE_URL: /api
+    container_name: beyond-frontend
+    expose:
+      - "4173"
+    networks:
+      - beyond-net
+      - frontend
+    labels:
+      - "traefik.enable=true"
+      - "treafik.http.routers.XXX-https.rule=Host('XXX.mylab.k8s.org.es')"
+      - "traefik.http.routers.XXX-https.entrypoints=websecure"
+      - "traefik.http.routers.XXX-https.tls=true"
+      - "traefik.http.routers.XXX-https.tls.certresolver=doresolv"
+      - "traefik.http.routers.XXX-https.service=XXX-service-scv"
+      - "traefik.http.services.XXX-service-scv.loadBalancer.server.port=4173"
+    depends_on:
+      - backend
+
+volumes:
+  cache-data:
+    driver: local
+
+networks:
+  beyond-net:
+    driver: bridge
+  frontend:
+    external: true 
diff --git a/install_beyond.sh b/install_beyond.sh
index fa53ddc..c5bdc60 100644
--- a/install_beyond.sh
+++ b/install_beyond.sh
@@ -6,7 +6,7 @@ set -euo pipefail
 ###############################################
 # TODO: pon aquí la URL real de tu repo (sin credenciales)
 REPO_URL_DEFAULT="https://github.com/igferne/Beyond-Diagnosis.git"
-INSTALL_DIR="/opt/beyonddiagnosis"
+INSTALL_BASE="/home/garbelo/"
 
 ###############################################
 # UTILIDADES
@@ -37,7 +37,8 @@ if [ -z "$DOMAIN" ]; then
   echo "El dominio no puede estar vacío."
   exit 1
 fi
-
+SUBDOMAIN="$DOMAIN%%.*"
+INSTALL_DIR=$INSTALL_BASE"/"$SUBDOMAIN
 read -rp "Email para Let's Encrypt (avisos de renovación): " EMAIL
 if [ -z "$EMAIL" ]; then
   echo "El email no puede estar vacío."
@@ -66,30 +67,32 @@ read -rp "¿El repositorio es PRIVADO en GitHub y necesitas token? [s/N]: " IS_P
 IS_PRIVATE=${IS_PRIVATE:-N}
 
 GIT_CLONE_URL="$REPO_URL"
-if [[ "$IS_PRIVATE" =~ ^[sS]$ ]]; then
-  echo "Introduce un Personal Access Token (PAT) de GitHub con permiso de lectura del repo."
-  read -rsp "GitHub PAT: " GITHUB_TOKEN
-  echo
-  if [ -z "$GITHUB_TOKEN" ]; then
-    echo "El token no puede estar vacío si el repo es privado."
-    exit 1
-  fi
-
-  # Construimos una URL del tipo: https://TOKEN@github.com/usuario/repo.git
-  if [[ "$REPO_URL" =~ ^https:// ]]; then
-    GIT_CLONE_URL="https://${GITHUB_TOKEN}@${REPO_URL#https://}"
-  else
-    echo "La URL del repositorio debe empezar por https:// para usar el token."
-    exit 1
-  fi
-fi
-
+#if [[ "$IS_PRIVATE" =~ ^[sS]$ ]]; then
+#  echo "Introduce un Personal Access Token (PAT) de GitHub con permiso de lectura del repo."
+#  read -rsp "GitHub PAT: " GITHUB_TOKEN
+#  echo
+#  if [ -z "$GITHUB_TOKEN" ]; then
+#    echo "El token no puede estar vacío si el repo es privado."
+#    exit 1
+#  fi
+#
+#  # Construimos una URL del tipo: https://TOKEN@github.com/usuario/repo.git
+#  if [[ "$REPO_URL" =~ ^https:// ]]; then
+#    GIT_CLONE_URL="https://${GITHUB_TOKEN}@${REPO_URL#https://}"
+#  else
+#    echo "La URL del repositorio debe empezar por https:// para usar el token."
+#    exit 1
+#  fi
+#fi
+#
 echo
 echo "Resumen de configuración:"
 echo "  Dominio:         $DOMAIN"
 echo "  Email Let'sEnc:  $EMAIL"
 echo "  Usuario API:     $API_USER"
 echo "  Repo (visible):  $REPO_URL"
+echo "  Path del despliegue: $INSTALL_DIR"
+
 if [[ "$IS_PRIVATE" =~ ^[sS]$ ]]; then
   echo "  Repo privado:    Sí (se usará un PAT sólo para el clon inicial)"
 else
@@ -107,56 +110,56 @@ fi
 ###############################################
 # 2. INSTALAR DOCKER + DOCKER COMPOSE + CERTBOT
 ###############################################
-step "Instalando Docker, docker compose plugin y certbot"
-
-apt-get update -y
-
-# Dependencias para repositorio Docker
-apt-get install -y \
-  ca-certificates \
-  curl \
-  gnupg \
-  lsb-release
-
-# Clave GPG de Docker
-if [ ! -f /etc/apt/keyrings/docker.gpg ]; then
-  install -m 0755 -d /etc/apt/keyrings
-  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
-    gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-fi
-
-# Repo Docker estable
-if [ ! -f /etc/apt/sources.list.d/docker.list ]; then
-  echo \
-    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
-    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-    tee /etc/apt/sources.list.d/docker.list > /dev/null
-fi
-
-apt-get update -y
-
-apt-get install -y \
-  docker-ce \
-  docker-ce-cli \
-  containerd.io \
-  docker-buildx-plugin \
-  docker-compose-plugin \
-  git \
-  certbot
-
-systemctl enable docker
-systemctl start docker
-
-# Abrimos puertos en ufw si está activo
-if command -v ufw >/dev/null 2>&1; then
-  if ufw status | grep -q "Status: active"; then
-    step "Configurando firewall (ufw) para permitir 80 y 443"
-    ufw allow 80/tcp || true
-    ufw allow 443/tcp || true
-  fi
-fi
-
-###############################################
+#step "Instalando Docker, docker compose plugin y certbot"
+#
+#apt-get update -y
+#
+## Dependencias para repositorio Docker
+#apt-get install -y \
+#  ca-certificates \
+#  curl \
+#  gnupg \
+#  lsb-release
+#
+## Clave GPG de Docker
+#if [ ! -f /etc/apt/keyrings/docker.gpg ]; then
+#  install -m 0755 -d /etc/apt/keyrings
+#  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
+#    gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+#fi
+#
+## Repo Docker estable
+#if [ ! -f /etc/apt/sources.list.d/docker.list ]; then
+#  echo \
+#    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+#    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+#    tee /etc/apt/sources.list.d/docker.list > /dev/null
+#fi
+#
+#apt-get update -y
+#
+#apt-get install -y \
+#  docker-ce \
+#  docker-ce-cli \
+#  containerd.io \
+#  docker-buildx-plugin \
+#  docker-compose-plugin \
+#  git \
+#  certbot
+#
+#systemctl enable docker
+#systemctl start docker
+#
+## Abrimos puertos en ufw si está activo
+#if command -v ufw >/dev/null 2>&1; then
+#  if ufw status | grep -q "Status: active"; then
+#    step "Configurando firewall (ufw) para permitir 80 y 443"
+#    ufw allow 80/tcp || true
+#    ufw allow 443/tcp || true
+#  fi
+#fi
+#
+################################################
 # 3. CLONAR / ACTUALIZAR REPO
 ###############################################
 step "Descargando/actualizando el repositorio en $INSTALL_DIR"
@@ -189,94 +192,100 @@ else
   sed -i "s/BASIC_AUTH_PASSWORD:.*/BASIC_AUTH_PASSWORD: \"$API_PASS\"/" docker-compose.yml
 fi
 
+if ! grep -q "XXX" docker-compose.yml; then
+  echo "⚠ No encuentro XXX en docker-compose.yml. Revisa el archivo a mano."
+else
+  sed -i "s/XXX/\"$SUBDOMAIN\"/" docker-compose.yml
+fi
+
 # Aseguramos que nginx exponga también 443
-if grep -q 'ports:' docker-compose.yml && grep -q 'nginx:' docker-compose.yml; then
-  if ! grep -q '443:443' docker-compose.yml; then
-    sed -i '/- "80:80"/a\      - "443:443"' docker-compose.yml || true
-  fi
-fi
-
-# Aseguramos que montamos /etc/letsencrypt dentro del contenedor de nginx
-if ! grep -q '/etc/letsencrypt:/etc/letsencrypt:ro' docker-compose.yml; then
-  sed -i '/nginx:/,/networks:/{
-    /volumes:/a\      - /etc/letsencrypt:/etc/letsencrypt:ro
-  }' docker-compose.yml || true
-fi
-
+#if grep -q 'ports:' docker-compose.yml && grep -q 'nginx:' docker-compose.yml; then
+#  if ! grep -q '443:443' docker-compose.yml; then
+#    sed -i '/- "80:80"/a\      - "443:443"' docker-compose.yml || true
+#  fi
+#fi
+#
+## Aseguramos que montamos /etc/letsencrypt dentro del contenedor de nginx
+#if ! grep -q '/etc/letsencrypt:/etc/letsencrypt:ro' docker-compose.yml; then
+#  sed -i '/nginx:/,/networks:/{
+#    /volumes:/a\      - /etc/letsencrypt:/etc/letsencrypt:ro
+#  }' docker-compose.yml || true
+#fi
+#
 ###############################################
 # 5. OBTENER CERTIFICADO LET'S ENCRYPT
 ###############################################
-step "Obteniendo certificado SSL de Let’s Encrypt para $DOMAIN"
-
-if [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then
-  echo "Certificado ya existe, saltando paso de emisión."
-else
-  # Asegurarnos de que no hay nada escuchando en 80/443
-  systemctl stop nginx || true
-
-  certbot certonly \
-    --standalone \
-    --non-interactive \
-    --agree-tos \
-    -m "$EMAIL" \
-    -d "$DOMAIN"
-
-  echo "Certificado emitido en /etc/letsencrypt/live/$DOMAIN/"
-fi
-
-###############################################
-# 6. CONFIGURAR NGINX DENTRO DEL REPO
-###############################################
-step "Generando configuración nginx con SSL"
-
-mkdir -p nginx/conf.d
-
-cat > nginx/conf.d/beyond.conf <<EOF
-server {
-    listen 80;
-    server_name $DOMAIN;
-    return 301 https://\$host\$request_uri;
-    client_max_body_size 1024M;
-}
-
-server {
-    listen 443 ssl;
-    server_name $DOMAIN;
-
-    client_max_body_size 1024M;
-
-    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers HIGH:!aNULL:!MD5;
-
-    # FRONTEND (React)
-    location / {
-        proxy_pass http://frontend:4173/;
-        proxy_http_version 1.1;
-        proxy_set_header Host \$host;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection "upgrade";
-    }
-
-    # BACKEND (FastAPI)
-    location /api/ {
-        proxy_pass http://backend:8000/;
-        proxy_http_version 1.1;
-        proxy_set_header Host \$host;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection "upgrade";
-
-        proxy_connect_timeout 60s;
-        proxy_send_timeout    600s;
-        proxy_read_timeout    600s;
-        send_timeout          600s;
-    }
-}
-EOF
-
+#step "Obteniendo certificado SSL de Let’s Encrypt para $DOMAIN"
+#
+#if [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then
+#  echo "Certificado ya existe, saltando paso de emisión."
+#else
+#  # Asegurarnos de que no hay nada escuchando en 80/443
+#  systemctl stop nginx || true
+#
+#  certbot certonly \
+#    --standalone \
+#    --non-interactive \
+#    --agree-tos \
+#    -m "$EMAIL" \
+#    -d "$DOMAIN"
+#
+#  echo "Certificado emitido en /etc/letsencrypt/live/$DOMAIN/"
+#fi
+#
+################################################
+## 6. CONFIGURAR NGINX DENTRO DEL REPO
+################################################
+#step "Generando configuración nginx con SSL"
+#
+#mkdir -p nginx/conf.d
+#
+#cat > nginx/conf.d/beyond.conf <<EOF
+#server {
+#    listen 80;
+#    server_name $DOMAIN;
+#    return 301 https://\$host\$request_uri;
+#    client_max_body_size 1024M;
+#}
+#
+#server {
+#    listen 443 ssl;
+#    server_name $DOMAIN;
+#
+#    client_max_body_size 1024M;
+#
+#    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
+#    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
+#    ssl_protocols TLSv1.2 TLSv1.3;
+#    ssl_ciphers HIGH:!aNULL:!MD5;
+#
+#    # FRONTEND (React)
+#    location / {
+#        proxy_pass http://frontend:4173/;
+#        proxy_http_version 1.1;
+#        proxy_set_header Host \$host;
+#        proxy_set_header X-Real-IP \$remote_addr;
+#        proxy_set_header Upgrade \$http_upgrade;
+#        proxy_set_header Connection "upgrade";
+#    }
+#
+#    # BACKEND (FastAPI)
+#    location /api/ {
+#        proxy_pass http://backend:8000/;
+#        proxy_http_version 1.1;
+#        proxy_set_header Host \$host;
+#        proxy_set_header X-Real-IP \$remote_addr;
+#        proxy_set_header Upgrade \$http_upgrade;
+#        proxy_set_header Connection "upgrade";
+#
+#        proxy_connect_timeout 60s;
+#        proxy_send_timeout    600s;
+#        proxy_read_timeout    600s;
+#        send_timeout          600s;
+#    }
+#}
+#EOF
+#
 ###############################################
 # 7. BUILD Y ARRANQUE DE CONTENEDORES
 ###############################################