shop-server/scripts/SERVER_SETUP.md

# Первичная настройка LXC для Craftshop

Выполнять от **root** на свежем Debian/Ubuntu LXC.

---

## 1. Базовые пакеты и Node.js

```bash
apt-get update -y
apt-get install -y ca-certificates curl gnupg curl git

curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y nodejs

node --version  # ожидается >= 22
npm --version
```

## 2. Пользователь и каталоги

```bash
useradd --create-home --shell /bin/bash deploy
mkdir -p /opt/craftshop/server/uploads /opt/craftshop/www
chown -R deploy:deploy /opt/craftshop
chmod 755 /opt/craftshop /opt/craftshop/server /opt/craftshop/www
```

## 3. systemd unit

```bash
cat >/etc/systemd/system/craftshop-api.service <<'UNIT'
[Unit]
Description=Craftshop API (Fastify)
After=network.target

[Service]
Type=simple
User=deploy
Group=deploy
WorkingDirectory=/opt/craftshop/server
EnvironmentFile=-/opt/craftshop/server/.env
ExecStart=/usr/bin/node src/index.js
Restart=on-failure
RestartSec=5
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target
UNIT

systemctl daemon-reload
systemctl enable craftshop-api.service
```

## 4. Nginx

```bash
apt-get install -y nginx

cat >/etc/nginx/sites-available/craftshop <<'NGX'
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    root /opt/craftshop/www;
    index index.html;

    location /api/ {
        client_max_body_size 250m;
        proxy_pass http://127.0.0.1:3333;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /uploads/ {
        proxy_pass http://127.0.0.1:3333;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        try_files $uri $uri/ /index.html;
    }
}
NGX

rm -f /etc/nginx/sites-enabled/default
ln -sf /etc/nginx/sites-available/craftshop /etc/nginx/sites-enabled/craftshop
nginx -t && systemctl reload nginx
```

## 5. NetBird VPN

```bash
curl -fsSL https://pkgs.netbird.io/install.sh | sh
netbird up
```

После `netbird up` появится интерфейс `wt0` с IP из твоей NetBird-сети. Запомни его — он понадобится для NPM.

## 6. Переменные окружения

Сгенерируй JWT_SECRET:

```bash
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
```

Создай `.env`:

```bash
cat >/opt/craftshop/server/.env <<'ENV'
DATABASE_URL="file:./prod.db"
PORT=3333
JWT_SECRET=<вставь сгенерированную строку>
ADMIN_EMAIL=<твой email>
CORS_ORIGIN=https://<твой-домен>
IS_DEFAULT_CODE_ENABLED=false
ENV
chown deploy:deploy /opt/craftshop/server/.env
chmod 600 /opt/craftshop/server/.env
```

## 7. Первый деплой

На машине разработчика (после заполнения `scripts/deploy.env`):

```bash
./scripts/deploy-auto.sh --force
```

После завершения — на сервере:

```bash
systemctl start craftshop-api
systemctl status craftshop-api
curl http://127.0.0.1:3333/health
```

## 8. VPS с Nginx Proxy Manager

На VPS (где установлен NPM):

1. DNS-запись A: `craftshop.твой-домен` → IP VPS
2. В NPM → Proxy Hosts → Add:
   - Domain: `craftshop.твой-домен`
   - Forward Hostname: `<NetBird-IP-LXC>` (IP wt0 на LXC)
   - Forward Port: `80`
   - SSL: Let's Encrypt
3. Сохрани

Проверка:

```bash
curl https://craftshop.твой-домен/api/health
```