shop-server/scripts/SERVER_SETUP.md

# Первичная настройка LXC для Craftshop

Выполнять от **root** на свежем Debian/Ubuntu LXC.

test2

---

## 1. Базовые пакеты и Node.js

```bash
apt-get update -y
apt-get install -y ca-certificates curl gnupg curl git

curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y nodejs

node --version  # ожидается >= 22
npm --version
```

## 2. Каталоги

```bash
mkdir -p /opt/craftshop/server/uploads /opt/craftshop/www
```

## 3. systemd unit

```bash
cat >/etc/systemd/system/craftshop-api.service <<'UNIT'
[Unit]
Description=Craftshop API (Fastify)
After=network.target

[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/opt/craftshop/server
EnvironmentFile=-/opt/craftshop/server/.env
ExecStart=/usr/bin/node src/index.js
Restart=on-failure
RestartSec=5
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target
UNIT

systemctl daemon-reload
systemctl enable craftshop-api.service
```

## 4. Nginx

```bash
apt-get install -y nginx

cat >/etc/nginx/sites-available/craftshop <<'NGX'
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    root /opt/craftshop/www;
    index index.html;

    location /api/ {
        client_max_body_size 250m;
        proxy_pass http://127.0.0.1:3333;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /uploads/ {
        proxy_pass http://127.0.0.1:3333;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /uploads-resized/ {
        client_max_body_size 250m;
        proxy_pass http://127.0.0.1:3333;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        try_files $uri $uri/ /index.html;
    }
}
NGX

rm -f /etc/nginx/sites-enabled/default
ln -sf /etc/nginx/sites-available/craftshop /etc/nginx/sites-enabled/craftshop
nginx -t && systemctl reload nginx
```

## 5. Переменные окружения

Сгенерируй JWT_SECRET:

```bash
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
```

Создай `.env`:

```bash
cat >/opt/craftshop/server/.env <<'ENV'
DATABASE_URL="file:./prod.db"
PORT=3333
JWT_SECRET=<вставь сгенерированную строку>
ADMIN_EMAIL=<твой email>
CORS_ORIGIN=https://<твой-домен>
IS_DEFAULT_CODE_ENABLED=false
ENV
chmod 600 /opt/craftshop/server/.env
```

## 6. Первый запуск

```bash
systemctl start craftshop-api
systemctl status craftshop-api
curl http://127.0.0.1:3333/health
```

## 7. Бэкапы БД (systemd timer)

Установить таймер для автоматического бэкапа каждые 6 часов:

```bash
# Установить sqlite3 для безопасного копирования
apt-get install -y sqlite3

# Скопировать unit-файлы
cp /opt/craftshop/scripts/craftshop-backup.service /etc/systemd/system/
cp /opt/craftshop/scripts/craftshop-backup.timer /etc/systemd/system/

systemctl daemon-reload
systemctl enable --now craftshop-backup.timer

# Проверить статус
systemctl list-timers craftshop-backup.timer

# Ручной запуск для проверки
systemctl start craftshop-backup.service
ls /opt/craftshop/server/backups/
```

Бэкапы хранятся 30 дней (настраивается в `scripts/backup-db.sh`).