Active Domains on DEV-PROD-RF

Total SSL Certificates: 14 (Let's Encrypt through NPM)

Production Domains 🔴

1. seller1.ru

• Service: seller1-prod-web
• Stack: seller1-prod-stack
• Type: Drupal/Varbase
• Status: PRODUCTION 24/7
• SSL: Valid

2. www.seller1.ru

• Redirect: → seller1.ru
• SSL: Valid

3. pro.seller1.ru

• Service: seller1-prod backend
• Stack: seller1-prod-stack
• Type: Backend API
• SSL: Valid

Infrastructure Domains

4. home.0kt.ru

• Service: Homarr Dashboard
• Container: pro-0kt-homarr
• Port: 7575
• Purpose: Entry point, unified dashboard
• Auth: Authelia OAuth
• SSL: Valid

5. git.0kt.ru

• Service: Gitea
• Container: pro-0kt-gitea
• Port: 3000 (HTTP), 2222 (SSH)
• Purpose: Git repository hosting
• Auth: Authelia OAuth
• SSL: Valid

6. n8n.0kt.ru

• Service: N8N Workflows (utilities)
• Container: pro-0kt-n8n
• Port: 5678
• Purpose: Workflow automation
• Auth: Authelia OAuth
• SSL: Valid

7. jupyter.0kt.ru

• Service: Jupyter Notebooks
• Container: pro-0kt-jupyter
• Port: 8888
• Purpose: Data analysis, notebooks
• Auth: Authelia OAuth
• SSL: Valid

8. mailhog.0kt.ru

• Service: Mailhog
• Container: pro-0kt-mailhog
• Port: 8025 (UI), 1025 (SMTP)
• Purpose: Email testing
• Auth: Authelia OAuth
• SSL: Valid

9. pgadmin.0kt.ru

• Service: PgAdmin
• Container: pro-0kt-pgadmin
• Port: 5050
• Purpose: PostgreSQL management
• Auth: Authelia OAuth
• SSL: Valid

10. uptime.0kt.ru

• Service: Uptime Kuma
• Container: pro-0kt-uptime
• Port: 3001
• Purpose: Status monitoring
• Auth: Authelia OAuth
• SSL: Valid

Development Domains

11. myshop.0kt.ru

• Service: MyShop Drupal Commerce
• Stack: myshop-stack
• Container: myshop-web
• Purpose: Drupal Commerce demo
• SSL: Valid

12. commerce.0kt.ru

• Service: Commerce Kickstart
• Stack: commerce-stack
• Container: commerce-web
• Purpose: Commerce demo
• SSL: Valid

13. varbase.0kt.ru

• Service: Varbase Demo
• Stack: varbase-stack
• Container: varbase-web
• Purpose: Varbase distribution demo
• SSL: Valid

14. python-dev.0kt.ru

• Service: Python Development
• Stack: python-stack
• Container: python-dev
• Purpose: Python app development
• SSL: Valid

15. python-tst.0kt.ru

• Service: Python Testing
• Stack: python-stack
• Container: python-tst
• Purpose: Python app testing
• SSL: Valid

Not Yet Configured (from original planning)

These domains were planned but don't have SSL certificates yet:

Infrastructure

• npm.0kt.ru (NPM Admin - accessed via http://localhost:81)
• auth.0kt.ru (Authelia - accessed via internal)
• minio.0kt.ru (MinIO Console)
• s3.0kt.ru (MinIO S3 API)
• portainer.0kt.ru (Portainer)
• db.0kt.ru (PgAdmin alternative URL)
• adminer.0kt.ru (Adminer)
• backup.0kt.ru (Restic)

Development

• seller1.dev.0kt.ru (Seller1 Dev)
• n8n-seller1.dev.0kt.ru (Seller1 N8N Dev)
• py.dev.0kt.ru (Python Dev alternative)
• py.tst.0kt.ru (Python Test alternative)

Production

• auth.seller1.ru (Drupal Simple OAuth)

Note: These services are running but accessed via:
- Internal ports (localhost)
- Direct IP
- Existing SSL domains

OAuth Configuration

Authelia (for *.0kt.ru)

• URL: Internal (auth.0kt.ru not public)
• Protected Services: Most *.0kt.ru domains
• Admin: admin
• 2FA: Available

Drupal Simple OAuth (for seller1.ru)

• URL: auth.seller1.ru (not yet configured with SSL)
• Purpose: seller1.ru authentication
• Integration: Drupal module

SSL Management

Provider: Let's Encrypt
Manager: Nginx Proxy Manager (NPM)
Admin Panel: http://localhost:81 (from server)
Email: admin@0kt.ru
Auto-renewal: Yes (through NPM)

Rate Limits: Be aware of Let's Encrypt limits:
- 50 certificates per registered domain per week
- 5 duplicate certificates per week

Certificate Location:

/mnt/data/nginx/letsencrypt/live/<domain>/
├── cert.pem
├── chain.pem
├── fullchain.pem
└── privkey.pem

Adding New Domain

1. Configure DNS A record → 45.144.177.147
2. Wait for DNS propagation (10-60 minutes)
3. Add Proxy Host in NPM:
   - Domain: newdomain.tld
   - Forward Host: container-name
   - Forward Port: service-port
   - Enable: Websockets Support, Block Common Exploits
4. Request SSL Certificate in NPM:
   - Force SSL: Yes
   - HTTP/2 Support: Yes
5. (Optional) Configure Authelia protection
6. Test: https://newdomain.tld

Troubleshooting

SSL Certificate Failed

• Check DNS: nslookup domain.tld → should show 45.144.177.147
• Check rate limits: wait 1 week if hit limit
• Check NPM logs: docker logs pro-0kt-nginx
• Verify ports 80, 443 open: sudo ufw status

502 Bad Gateway

• Backend container running: docker ps | grep <container>
• NPM connected to network: docker network inspect <network>
• Correct forward host/port in NPM

Domain Not Resolving

• DNS propagation: wait up to 60 minutes
• Check DNS: nslookup domain.tld
• Clear browser cache
• Try different DNS server

Last Updated: 2025-10-26
Total Active SSL Domains: 14