From e8e8ed6ba3a38307faa94a541ae6b8debeb3b889 Mon Sep 17 00:00:00 2001
From: arkonsadter <arkonsad@list.ru>
Date: Wed, 18 Mar 2026 19:00:19 +0600
Subject: [PATCH] Add hosting deployment setup and backend health endpoint

---
 HOSTING_DEPLOY.md                 | 33 ++++++++++++++++++
 backend/.env.example              | 14 ++++++++
 backend/main.py                   |  7 +++-
 deploy/.env.hosting.example       |  9 +++++
 deploy/docker-compose.hosting.yml | 56 +++++++++++++++++++++++++++++++
 5 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 HOSTING_DEPLOY.md
 create mode 100644 backend/.env.example
 create mode 100644 deploy/.env.hosting.example
 create mode 100644 deploy/docker-compose.hosting.yml

diff --git a/HOSTING_DEPLOY.md b/HOSTING_DEPLOY.md
new file mode 100644
index 0000000..260196f
--- /dev/null
+++ b/HOSTING_DEPLOY.md
@@ -0,0 +1,33 @@
+# Hosting Deployment
+
+## 1) Prerequisites
+- Docker Engine + Docker Compose plugin
+- Domain pointing to your host IP
+- (Optional) HTTPS reverse proxy in front of port 80
+
+## 2) Prepare environment
+```bash
+cp backend/.env.example backend/.env
+cp deploy/.env.hosting.example deploy/.env
+```
+
+Edit `backend/.env`:
+- `SECRET_KEY`
+- `BASE_URL` and `FRONTEND_URL` (your real domain)
+- `SSO_ENABLED=true` + `ZITADEL_*` only if you use SSO
+
+## 3) Pull and run published images
+```bash
+docker compose --env-file deploy/.env -f deploy/docker-compose.hosting.yml pull
+docker compose --env-file deploy/.env -f deploy/docker-compose.hosting.yml up -d
+```
+
+## 4) Verify
+- Frontend: `http://<your-host>/`
+- Backend health: `docker compose -f deploy/docker-compose.hosting.yml logs backend`
+- Frontend health: `docker compose -f deploy/docker-compose.hosting.yml logs frontend`
+
+## Notes
+- Frontend uses same-origin `/api` in production, so no hardcoded API host is required.
+- Backend health endpoint is `/health`.
+- If you need local frontend->local backend development, use `frontend/.env.local`.
diff --git a/backend/.env.example b/backend/.env.example
new file mode 100644
index 0000000..8cf2594
--- /dev/null
+++ b/backend/.env.example
@@ -0,0 +1,14 @@
+# JWT
+SECRET_KEY=change-me-in-production
+ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=43200
+
+# OpenID Connect (SSO)
+SSO_ENABLED=false
+ZITADEL_ISSUER=
+ZITADEL_CLIENT_ID=
+ZITADEL_CLIENT_SECRET=
+
+# URLs
+BASE_URL=https://panel.example.com
+FRONTEND_URL=https://panel.example.com
diff --git a/backend/main.py b/backend/main.py
index 13243ed..de71eaa 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -172,6 +172,11 @@ def check_server_access(user: dict, server_name: str):
         return False
     return server_name in user.get("servers", [])
 
+# Healthcheck endpoint for Docker/hosting probes
+@app.get("/health")
+async def health():
+    return {"status": "ok"}
+
 # API для аутентификации
 
 # OpenID Connect endpoints
@@ -1936,4 +1941,4 @@ app.include_router(daemons_router)
 
 if __name__ == "__main__":
     import uvicorn
-    uvicorn.run(app, host="0.0.0.0", port=8000)
+    uvicorn.run(app, host="0.0.0.0", port=4546)
diff --git a/deploy/.env.hosting.example b/deploy/.env.hosting.example
new file mode 100644
index 0000000..0a1eeb9
--- /dev/null
+++ b/deploy/.env.hosting.example
@@ -0,0 +1,9 @@
+# Image tag produced by Drone (latest or build number)
+IMAGE_TAG=latest
+
+# Optional explicit image names
+# BACKEND_IMAGE=registry.nevetime.ru/mc-panel-backend:latest
+# FRONTEND_IMAGE=registry.nevetime.ru/mc-panel-frontend:latest
+
+# External port for the frontend container
+FRONTEND_PORT=80
diff --git a/deploy/docker-compose.hosting.yml b/deploy/docker-compose.hosting.yml
new file mode 100644
index 0000000..97116ac
--- /dev/null
+++ b/deploy/docker-compose.hosting.yml
@@ -0,0 +1,56 @@
+version: '3.8'
+
+services:
+  backend:
+    image: ${BACKEND_IMAGE:-registry.nevetime.ru/mc-panel-backend:${IMAGE_TAG:-latest}}
+    container_name: mc-panel-backend
+    restart: unless-stopped
+    env_file:
+      - ../backend/.env
+    environment:
+      PORT: 8000
+      WORKERS: 2
+      PYTHONPATH: /app
+      DEBUG: 'false'
+    volumes:
+      - mc_servers:/app/servers
+      - mc_data:/app/data
+      - mc_logs:/app/logs
+    networks:
+      - mc-panel-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+
+  frontend:
+    image: ${FRONTEND_IMAGE:-registry.nevetime.ru/mc-panel-frontend:${IMAGE_TAG:-latest}}
+    container_name: mc-panel-frontend
+    restart: unless-stopped
+    ports:
+      - "${FRONTEND_PORT:-80}:80"
+    depends_on:
+      backend:
+        condition: service_healthy
+    networks:
+      - mc-panel-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+volumes:
+  mc_servers:
+    driver: local
+  mc_data:
+    driver: local
+  mc_logs:
+    driver: local
+
+networks:
+  mc-panel-network:
+    driver: bridge