susana/BeyondCXAnalytics-Demo
2
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: susana:main
Branches Tags
susana:main susana:proxy susana:claude/check-agent-readiness-status-Exnpc susana:claude/add-english-language-1N9VX
susana:v0.1.7 susana:v0.1.6 susana:v0.1.5 susana:v0.1.4 susana:v0.1.3 susana:v0.1.2
...
compare: susana:083e398f5d153a10be1082fa584f18ef3b2a26e0
Branches Tags
susana:proxy susana:main susana:claude/check-agent-readiness-status-Exnpc susana:claude/add-english-language-1N9VX
susana:v0.1.7 susana:v0.1.6 susana:v0.1.5 susana:v0.1.4 susana:v0.1.3 susana:v0.1.2

22 Commits
main ... 083e398f5d

Author SHA1 Message Date
Guillermo
083e398f5d bad param name?
Some checks failed
Workflow de prueba / Build and push images (push) Has been cancelled
Details
2026-02-13 12:49:53 +00:00
Guillermo
3721bdd35f typo fixed
Some checks failed
Workflow de prueba / Build and push images (push) Has been cancelled
Details
2026-02-13 12:40:35 +00:00
Guillermo
1f2928a71d bug fixed?
Some checks failed
Workflow de prueba / Build and push images (push) Failing after 9m30s
Details
2026-02-13 11:57:40 +00:00
Guillermo
a92fb51b5d bug fixed?
Some checks failed
Workflow de prueba / Build and push images (push) Failing after 22s
Details
2026-02-13 11:51:47 +00:00
Guillermo
26534774ef bug fixed? 2026-02-13 11:50:40 +00:00
Guillermo
0f67f16047 With registry URL & credentials 2026-02-13 11:49:12 +00:00
Guillermo
eea9bcd885 Added a new step
Some checks failed
Workflow de prueba / Build and push images (push) Failing after 11m53s
Details
2026-02-13 08:41:24 +00:00
Guillermo
2747bef898 fix typo in action
All checks were successful
Workflow de prueba / Build and push images (push) Successful in 9m29s
Details
2026-02-13 07:43:13 +00:00
Guillermo
932ab0f0d4 test gitea action
Some checks failed
Workflow de prueba / Build and push images (push) Has been cancelled
Details
2026-02-12 22:08:48 +00:00
Guillermo
4039dc54cb traefik version updated 2026-02-12 14:19:56 +00:00
Guillermo
fe0c2de0d4 fixing bugs 2026-02-12 14:17:28 +00:00
Guillermo
02d25ea19f script to deploy traefik in server 2026-02-12 13:20:00 +00:00
Guillermo
af4a5a35c7 looks clean 2026-02-12 13:00:40 +00:00
Guillermo
022f04b9ed cleaning install script 2026-02-12 12:53:13 +00:00
Guillermo
122a10be49 sed command +g 2026-02-12 12:51:33 +00:00
Guillermo
2ef0a742e1 double quotes 2026-02-12 11:58:28 +00:00
Guillermo
9e01d9d2fb test 2026-02-12 11:43:27 +00:00
Guillermo
3532f4f621 adaptations 2026-02-12 11:32:38 +00:00
Guillermo
9effa23d3b Bug fixes 2026-02-12 11:19:18 +00:00
Guillermo
6a8ffe5da8 Actualizado Domain y subdomain 2026-02-12 09:19:56 +00:00
Guillermo
df12fe5339 Change domain_base in traefik labels 2026-02-12 09:12:29 +00:00
Guillermo
4fc681b2c4 cambiado el path de instalacion, eliminado el nginx y con labels de traefik 2026-02-10 18:39:21 +00:00
4 changed files with 256 additions and 196 deletions
Expand all files Collapse all files

46
.gitea/workflows/example.yaml Normal file
View File

@@ -0,0 +1,46 @@
name: Workflow de prueba
on:
- push
env:
DOCKER_ORG: beyondcx
BRANCH_NAME: main
jobs:
Build and push images:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Extract Branch Name
run: echo "BRANCH_NAME=${{ gitea.ref_name }}" >> env.BRANCH_NAME
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
- name: Setup Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Login to Registry
uses: docker/login-action@v3
with:
registry: git.beyondcx.org
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PWD }}
- name: Echo the Tag
run: echo "Tag ${{ env.DOCKER_ORG }}/beyondcx:${{ env.BRANCH_NAME }}"
- name: Build
uses: docker/build-push-action@v3
with:
context: .
push: false
tags: ${{ env.DOCKER_ORG }}/beyondcx:${{ env.BRANCH_NAME }}
platforms: linux/amd64,linux/arm64

38
docker-compose.yml
View File

@@ -4,7 +4,7 @@ services:
backend:
build:
context: ./backend
container_name: beyond-backend
container_name: XXX-backend
environment:
# credenciales del API (las mismas que usas ahora)
BASIC_AUTH_USERNAME: "beyond"
@@ -15,39 +15,37 @@ services:
expose:
- "8000"
networks:
- beyond-net
- XXX-beyond-net
frontend:
XXXfrontend:
build:
context: ./frontend
args:
# el front compilará con este BASE_URL -> /api
# el front compilar con este BASE_URL -> /api
VITE_API_BASE_URL: /api
container_name: beyond-frontend
container_name: XXX-frontend
expose:
- "4173"
networks:
- beyond-net
nginx:
image: nginx:1.27-alpine
container_name: beyond-nginx
- XXX-beyond-net
- frontend
labels:
- "traefik.enable=true"
- "traefik.http.routers.XXX-server.rule=Host(`DDD`)"
- "traefik.http.routers.XXX-server.entrypoints=websecure"
- "traefik.http.routers.XXX-server.tls=true"
- "traefik.http.routers.XXX-server.tls.certresolver=doresolv"
- "traefik.http.routers.XXX-server.service=XXXfrontend"
- "traefik.http.services.XXXfrontend.loadBalancer.server.port=4173"
depends_on:
- backend
- frontend
ports:
- "80:80"
- "443:443"
volumes:
- /etc/letsencrypt:/etc/letsencrypt:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro
networks:
- beyond-net
volumes:
cache-data:
driver: local
networks:
beyond-net:
XXX-beyond-net:
driver: bridge
frontend:
external: true

202
install_beyond.sh
View File

@@ -5,8 +5,8 @@ set -euo pipefail
# CONFIGURACIÓN BÁSICA EDITA ESTO
###############################################
# TODO: pon aquí la URL real de tu repo (sin credenciales)
REPO_URL_DEFAULT="https://github.com/igferne/Beyond-Diagnosis.git"
INSTALL_DIR="/opt/beyonddiagnosis"
REPO_URL_DEFAULT="ssh://git@git.beyondcx.org:2424/susana/BeyondCXAnalytics-Demo.git"
INSTALL_BASE="/opt/beyondcx"
###############################################
# UTILIDADES
@@ -38,11 +38,13 @@ if [ -z "$DOMAIN" ]; then
exit 1
fi
read -rp "Email para Let's Encrypt (avisos de renovación): " EMAIL
if [ -z "$EMAIL" ]; then
echo "El email no puede estar vacío."
exit 1
SUBDOMAIN=${DOMAIN%%.*}
if [[ $DOMAIN == $SUBDOMAIN ]]; then
DOMAIN=$DOMAIN".analytics.beyondcx.org"
fi
echo "el dominio es $DOMAIN y el subdominio $SUBDOMAIN"
INSTALL_DIR=$INSTALL_BASE"/"$SUBDOMAIN
read -rp "Usuario de acceso (Basic Auth / login): " API_USER
if [ -z "$API_USER" ]; then
@@ -61,41 +63,14 @@ echo
read -rp "URL del repositorio Git (HTTPS, sin credenciales) [$REPO_URL_DEFAULT]: " REPO_URL
REPO_URL=${REPO_URL:-$REPO_URL_DEFAULT}
echo
read -rp "¿El repositorio es PRIVADO en GitHub y necesitas token? [s/N]: " IS_PRIVATE
IS_PRIVATE=${IS_PRIVATE:-N}
GIT_CLONE_URL="$REPO_URL"
if [[ "$IS_PRIVATE" =~ ^[sS]$ ]]; then
echo "Introduce un Personal Access Token (PAT) de GitHub con permiso de lectura del repo."
read -rsp "GitHub PAT: " GITHUB_TOKEN
echo
if [ -z "$GITHUB_TOKEN" ]; then
echo "El token no puede estar vacío si el repo es privado."
exit 1
fi
# Construimos una URL del tipo: https://TOKEN@github.com/usuario/repo.git
if [[ "$REPO_URL" =~ ^https:// ]]; then
GIT_CLONE_URL="https://${GITHUB_TOKEN}@${REPO_URL#https://}"
else
echo "La URL del repositorio debe empezar por https:// para usar el token."
exit 1
fi
fi
echo
echo "Resumen de configuración:"
echo " Dominio: $DOMAIN"
echo " Email Let'sEnc: $EMAIL"
echo " Usuario API: $API_USER"
echo " Repo (visible): $REPO_URL"
if [[ "$IS_PRIVATE" =~ ^[sS]$ ]]; then
echo " Repo privado: Sí (se usará un PAT sólo para el clon inicial)"
else
echo " Repo privado: No"
fi
echo
echo " Path del despliegue: $INSTALL_DIR"
read -rp "¿Continuar con la instalación? [s/N]: " CONFIRM
CONFIRM=${CONFIRM:-N}
@@ -104,70 +79,20 @@ if [[ ! "$CONFIRM" =~ ^[sS]$ ]]; then
exit 0
fi
###############################################
# 2. INSTALAR DOCKER + DOCKER COMPOSE + CERTBOT
###############################################
step "Instalando Docker, docker compose plugin y certbot"
apt-get update -y
# Dependencias para repositorio Docker
apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
# Clave GPG de Docker
if [ ! -f /etc/apt/keyrings/docker.gpg ]; then
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor -o /etc/apt/keyrings/docker.gpg
fi
# Repo Docker estable
if [ ! -f /etc/apt/sources.list.d/docker.list ]; then
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
fi
apt-get update -y
apt-get install -y \
docker-ce \
docker-ce-cli \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin \
git \
certbot
systemctl enable docker
systemctl start docker
# Abrimos puertos en ufw si está activo
if command -v ufw >/dev/null 2>&1; then
if ufw status | grep -q "Status: active"; then
step "Configurando firewall (ufw) para permitir 80 y 443"
ufw allow 80/tcp || true
ufw allow 443/tcp || true
fi
fi
###############################################
# 3. CLONAR / ACTUALIZAR REPO
###############################################
# COMENZAMOS ...
step "Descargando/actualizando el repositorio en $INSTALL_DIR"
eval $(ssh-agent -s)
ssh-add /home/garbelo/.ssh/id_ed25519
if [ -d "$INSTALL_DIR/.git" ]; then
echo "Directorio git ya existe, haciendo 'git pull'..."
git -C "$INSTALL_DIR" pull --ff-only
else
rm -rf "$INSTALL_DIR"
echo "Clonando repositorio..."
git clone "$GIT_CLONE_URL" "$INSTALL_DIR"
# git clone "$GIT_CLONE_URL" "$INSTALL_DIR"
git clone -b proxy "$GIT_CLONE_URL" "$INSTALL_DIR"
fi
cd "$INSTALL_DIR"
@@ -189,97 +114,22 @@ else
sed -i "s/BASIC_AUTH_PASSWORD:.*/BASIC_AUTH_PASSWORD: \"$API_PASS\"/" docker-compose.yml
fi
# Aseguramos que nginx exponga también 443
if grep -q 'ports:' docker-compose.yml && grep -q 'nginx:' docker-compose.yml; then
if ! grep -q '443:443' docker-compose.yml; then
sed -i '/- "80:80"/a\ - "443:443"' docker-compose.yml || true
fi
fi
# Aseguramos que montamos /etc/letsencrypt dentro del contenedor de nginx
if ! grep -q '/etc/letsencrypt:/etc/letsencrypt:ro' docker-compose.yml; then
sed -i '/nginx:/,/networks:/{
/volumes:/a\ - /etc/letsencrypt:/etc/letsencrypt:ro
}' docker-compose.yml || true
fi
###############################################
# 5. OBTENER CERTIFICADO LET'S ENCRYPT
###############################################
step "Obteniendo certificado SSL de Lets Encrypt para $DOMAIN"
if [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then
echo "Certificado ya existe, saltando paso de emisión."
if ! grep -q "XXX" docker-compose.yml; then
echo "⚠ No encuentro XXX en docker-compose.yml. Revisa el archivo a mano."
else
# Asegurarnos de que no hay nada escuchando en 80/443
systemctl stop nginx || true
certbot certonly \
--standalone \
--non-interactive \
--agree-tos \
-m "$EMAIL" \
-d "$DOMAIN"
echo "Certificado emitido en /etc/letsencrypt/live/$DOMAIN/"
sed -i "s/XXX/$SUBDOMAIN/g" docker-compose.yml
fi
if [[ $DOMAIN == $SUBDOMAIN ]]; then
set DOMAIN=$DOMAIN".analytics.beyondcx.org"
fi
if ! grep -q "DDD" docker-compose.yml; then
echo "⚠ No encuentro DDD en docker-compose.yml. Revisa el archivo a mano."
else
sed -i "s/DDD/$DOMAIN/" docker-compose.yml
fi
###############################################
# 6. CONFIGURAR NGINX DENTRO DEL REPO
###############################################
step "Generando configuración nginx con SSL"
mkdir -p nginx/conf.d
cat > nginx/conf.d/beyond.conf <<EOF
server {
listen 80;
server_name $DOMAIN;
return 301 https://\$host\$request_uri;
client_max_body_size 1024M;
}
server {
listen 443 ssl;
server_name $DOMAIN;
client_max_body_size 1024M;
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# FRONTEND (React)
location / {
proxy_pass http://frontend:4173/;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
}
# BACKEND (FastAPI)
location /api/ {
proxy_pass http://backend:8000/;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
send_timeout 600s;
}
}
EOF
###############################################
# 7. BUILD Y ARRANQUE DE CONTENEDORES
###############################################
step "Construyendo imágenes Docker y arrancando contenedores"
docker compose build

166
prepare_server.sh Normal file
View File

@@ -0,0 +1,166 @@
#!/usr/bin/env bash
set -euo pipefail
step() {
echo
echo "=================================================="
echo " 👉 $1"
echo "=================================================="
}
require_root() {
if [ "$(id -u)" -ne 0 ]; then
echo "Este script debe ejecutarse como root (o con sudo)."
exit 1
fi
}
require_root
step "Instalando Docker, docker compose plugin y certbot"
apt-get update -y
# Dependencias para repositorio Docker
apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
# Clave GPG de Docker
if [ ! -f /etc/apt/keyrings/docker.gpg ]; then
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor -o /etc/apt/keyrings/docker.gpg
fi
# Repo Docker estable
if [ ! -f /etc/apt/sources.list.d/docker.list ]; then
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
fi
apt-get update -y
apt-get install -y \
docker-ce \
docker-ce-cli \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin \
git
systemctl enable docker
systemctl start docker
# Abrimos puertos en ufw si está activo
if command -v ufw >/dev/null 2>&1; then
if ufw status | grep -q "Status: active"; then
step "Configurando firewall (ufw) para permitir 80 y 443"
ufw allow 80/tcp || true
ufw allow 443/tcp || true
fi
fi
# Creamos carpeta del proxy con docker compose.
mkdir -p /opt/beyondcx/traefik
cat > /opt/beyondcx/traefik/docker-compose.yaml <<EOF
services:
traefik:
image: traefik:v3.6.1
container_name: traefik-prod-1
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- DO_AUTH_TOKEN=\${DO_AUTH_TOKEN}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config/traefik.yml:/etc/traefik/traefik.yaml:ro
- ./data/certs:/var/traefik/certs/:rw
- ./config/conf:/etc/traefik/conf/:rw
- ./logs:/var/traefik/logs:rw
logging:
driver: "json-file"
options:
max-size: "100m"
networks:
- frontend
restart: unless-stopped
networks:
frontend:
external: true
EOF
mkdir -p /opt/beyondcx/traefik/config
mkdir -p /opt/beyondcx/traefik/logs
mkdir -p /opt/beyondcx/traefik/config/conf
echo "DO_AUTH_TOKEN=" > /opt/beyondcx/traefik/.env
cat > /opt/beyondcx/traefik/config/traefik.yml <<EOF
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
level: DEBUG
api:
dashboard: true
insecure: true
entryPoints:
web:
address: :80
websecure:
address: :443
certificatesResolvers:
doresolv:
acme:
email: "garbelo@gmail.com"
storage: /var/traefik/certs/doresolv-acme.json
caServer: 'https://acme-v02.api.letsencrypt.org/directory'
keyType: EC256
dnsChallenge:
provider: digitalocean
resolvers:
- "8.8.8.8:53"
- "1.1.1.1:53"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: frontend
file:
directory: /etc/traefik/conf/
watch: true
EOF
cd /opt/beyondcx/traefik
PROXY_NETWORK="frontend"
if docker network inspect $PROXY_NETWORK > /dev/null 2>&1; then
echo "red de traefik existe"
else
docker network create $PROXY_NETWORK
fi
docker compose up -d
step "Levantado traefik "
docker compose ps
docker compose logs
step "Recuerda, tienes que crear el DO_AUTH_TOKEN en el .env"