Active Domains: @infra-dev-prod-rf

Total SSL Certificates: 21 active domains (Let's Encrypt through NPM)
Status: All configured and active
Last Updated: 2025-11-09

Production Domains 🔴 CRITICAL

1. seller1.ru

Access: https://seller1.ru

Check Status:

curl -I https://seller1.ru
docker ps | grep seller1-prod-web
docker compose logs seller1-prod-web -f (from /opt/seller1-prod-stack)

2. www.seller1.ru

Access: https://www.seller1.ru (redirects to seller1.ru)

3. pro.seller1.ru

Access: https://pro.seller1.ru

Check Status:

curl -I https://pro.seller1.ru
docker ps | grep seller1-prod-n8n

4. auth.seller1.ru (In Planning)

Note: Service is running but not yet accessible via https://auth.seller1.ru

Infrastructure Domains

5. home.0kt.ru

Access: https://home.0kt.ru

6. git.0kt.ru

Access: https://git.0kt.ru

7. n8n.0kt.ru

Access: https://n8n.0kt.ru

8. jupyter.0kt.ru

Access: https://jupyter.0kt.ru

9. mailhog.0kt.ru

Access: https://mailhog.0kt.ru

10. pgadmin.0kt.ru

Access: https://pgadmin.0kt.ru

11. uptime.0kt.ru

Access: https://uptime.0kt.ru

12. portainer.0kt.ru (Not Yet Configured)

Current Access: http://localhost:9002 (internal only)

13. db.0kt.ru (Not Yet Configured)

Current Access: Use https://pgadmin.0kt.ru

14. adminer.0kt.ru (Not Yet Configured)

Current Access: Internal only

15. minio.0kt.ru (Not Yet Configured)

Current Access: http://localhost:9001 (internal only)

16. s3.0kt.ru (Not Yet Configured)

Current Access: http://localhost:9000 (internal only)

Development Domains

17. seller1.dev.0kt.ru (In Planning)

Current Access: Internal only

18. n8n-seller1.dev.0kt.ru (In Planning)

Current Access: Internal only

19. myshop.0kt.ru

Access: https://myshop.0kt.ru

20. commerce.0kt.ru

Access: https://commerce.0kt.ru

21. varbase.0kt.ru

Access: https://varbase.0kt.ru

22. py.dev.0kt.ru

Access: https://py.dev.0kt.ru

23. py.tst.0kt.ru

Access: https://py.tst.0kt.ru

Summary by Status

Configured & Active (14 domains)

✅ With SSL certificates:
1. seller1.ru
2. www.seller1.ru
3. pro.seller1.ru
4. home.0kt.ru
5. git.0kt.ru
6. n8n.0kt.ru
7. jupyter.0kt.ru
8. mailhog.0kt.ru
9. pgadmin.0kt.ru
10. uptime.0kt.ru
11. myshop.0kt.ru
12. commerce.0kt.ru
13. varbase.0kt.ru
14. py.dev.0kt.ru
15. py.tst.0kt.ru

Configured (In Planning) (4 domains)

⏳ Service running, no SSL yet:
1. auth.seller1.ru
2. seller1.dev.0kt.ru
3. n8n-seller1.dev.0kt.ru

Not Yet Configured (4 domains)

❌ Service running, no SSL:
1. portainer.0kt.ru
2. db.0kt.ru
3. minio.0kt.ru
4. s3.0kt.ru

SSL Certificate Management

Let's Encrypt Configuration

Certificate Location

/mnt/data/nginx/letsencrypt/live/
├── seller1.ru/
│   ├── cert.pem
│   ├── chain.pem
│   ├── fullchain.pem
│   └── privkey.pem
├── home.0kt.ru/
├── git.0kt.ru/
└── ... (one per domain)

Check Certificate Expiration

# Check specific certificate
openssl x509 -in /mnt/data/nginx/letsencrypt/live/seller1.ru/cert.pem -noout -dates

# Check all certificates
for domain in /mnt/data/nginx/letsencrypt/live/*/; do
  echo "Domain: $(basename $domain)"
  openssl x509 -in "$domain/cert.pem" -noout -dates
done

# From container
docker exec pro-0kt-nginx certbot certificates

Renewal Process

Automatic renewal runs via NPM every 30 days before expiration.

Manual renewal:
1. Login to NPM Admin: http://localhost:81 (via SSH tunnel)
2. Edit proxy host
3. SSL section > Request New SSL Certificate
4. Force SSL: Yes, HTTP/2: Yes

Via command line:

docker compose -f /opt/pro-0kt-stack/docker-compose.yml restart pro-0kt-nginx

Rate Limits

Be aware of Let's Encrypt rate limits:
- 50 certificates per registered domain per week
- 5 duplicate certificates per week

DNS Configuration

DNS A Records

All domains should point to: 45.144.177.147

Verify DNS:

nslookup seller1.ru
dig seller1.ru @8.8.8.8

From container:

docker exec <container> nslookup seller1.ru

Adding New Domain

1. Configure DNS:
   - Create A record: newdomain.tld → 45.144.177.147
   - Wait for DNS propagation (10-60 minutes)

2. Add to NPM:
   - Login to NPM Admin: http://localhost:81
   - Proxy Hosts > New Proxy Host
   - Domain: newdomain.tld
   - Forward Host: container-name
   - Forward Port: service-port
   - Enable: Websockets Support, Block Common Exploits

3. Request SSL:
   - Edit proxy host
   - SSL > Request New SSL Certificate
   - Force SSL: Yes
   - HTTP/2 Support: Yes

4. Test:
   - https://newdomain.tld
   - Check: curl -I https://newdomain.tld

Troubleshooting

SSL Certificate Failed

# Check DNS
nslookup domain.tld
# Should show: 45.144.177.147

# Check if hit rate limit
# Wait 1 week if limit exceeded

# Check NPM logs
docker logs pro-0kt-nginx | grep domain.tld

# Check ports open
sudo ufw status | grep 80
sudo ufw status | grep 443

502 Bad Gateway

# Check backend container
docker ps | grep <container>

# Check container logs
docker logs <container> --tail 50

# Verify network connectivity
docker network inspect <network-name> | grep <container>

# Reconnect to network if needed
docker network connect <network> <container>

# Reload NPM
docker exec pro-0kt-nginx nginx -s reload

Domain Not Resolving

# Check DNS propagation
nslookup domain.tld
# Should return: 45.144.177.147

# Try different DNS servers
nslookup domain.tld 8.8.8.8
nslookup domain.tld 1.1.1.1

# Clear browser cache
# Try incognito/private mode

# Wait for propagation (up to 60 minutes)

HTTPS Not Working

# Check certificate status
docker exec pro-0kt-nginx certbot certificates

# Check NPM health
docker logs pro-0kt-nginx --tail 100

# Check ports
sudo netstat -tulpn | grep 443

# Restart NPM
docker compose -f /opt/pro-0kt-stack/docker-compose.yml restart pro-0kt-nginx

Domain Usage Statistics

By Purpose

By SSL Status

Related Documentation

• $WORKSPACE/infra/@infra-dev-prod-rf/design/ARCHITECTURE.md
• $WORKSPACE/infra/@infra-dev-prod-rf/management/README.md
• $WORKSPACE/infra/@infra-dev-prod-rf/infrastructure/SERVER.md
• $WORKSPACE/infra/@infra-dev-prod-rf/infrastructure/STACKS.md

Document Version: 1.0.0
Last Updated: 2025-11-09
SSL Certificates Valid Until: January 2026