Replace Dockerfiles, Compose and Drone CI with clean working setup

.drone.yml

@@ -1,13 +1,13 @@
-kind: pipeline
+kind: pipeline
 type: docker
-name: code-quality
+name: checks
 
 trigger:
   event:
     - pull_request
 
 steps:
-  - name: backend-sanity
+  - name: backend-syntax
     image: python:3.11-slim
     commands:
       - cd backend
@@ -26,10 +26,6 @@ type: docker
 name: build-images
 
 trigger:
-  branch:
-    - main
-    - master
-    - develop
   event:
     - push
     - tag
@@ -40,14 +36,14 @@ steps:
     settings:
       registry: registry.nevetime.ru
       repo: registry.nevetime.ru/mc-panel-backend
-      cache_from:
-        - registry.nevetime.ru/mc-panel-backend:latest
+      context: backend
+      dockerfile: Dockerfile
       tags:
         - latest
         - ${DRONE_BUILD_NUMBER}
       auto_tag: true
-      dockerfile: backend/Dockerfile
-      context: backend
+      cache_from:
+        - registry.nevetime.ru/mc-panel-backend:latest
       username:
         from_secret: docker_username
       password:
@@ -58,14 +54,14 @@ steps:
     settings:
       registry: registry.nevetime.ru
       repo: registry.nevetime.ru/mc-panel-frontend
-      cache_from:
-        - registry.nevetime.ru/mc-panel-frontend:latest
+      context: frontend
+      dockerfile: Dockerfile
       tags:
         - latest
         - ${DRONE_BUILD_NUMBER}
       auto_tag: true
-      dockerfile: frontend/Dockerfile
-      context: frontend
+      cache_from:
+        - registry.nevetime.ru/mc-panel-frontend:latest
       username:
         from_secret: docker_username
       password:

HOSTING_DEPLOY.md

@@ -0,0 +1,33 @@
+# Hosting Deployment
+
+## 1) Prerequisites
+- Docker Engine + Docker Compose plugin
+- Domain pointing to your host IP
+- (Optional) HTTPS reverse proxy in front of port 80
+
+## 2) Prepare environment
+```bash
+cp backend/.env.example backend/.env
+cp deploy/.env.hosting.example deploy/.env
+```
+
+Edit `backend/.env`:
+- `SECRET_KEY`
+- `BASE_URL` and `FRONTEND_URL` (your real domain)
+- `SSO_ENABLED=true` + `ZITADEL_*` only if you use SSO
+
+## 3) Pull and run published images
+```bash
+docker compose --env-file deploy/.env -f deploy/docker-compose.hosting.yml pull
+docker compose --env-file deploy/.env -f deploy/docker-compose.hosting.yml up -d
+```
+
+## 4) Verify
+- Frontend: `http://<your-host>/`
+- Backend health: `docker compose -f deploy/docker-compose.hosting.yml logs backend`
+- Frontend health: `docker compose -f deploy/docker-compose.hosting.yml logs frontend`
+
+## Notes
+- Frontend uses same-origin `/api` in production, so no hardcoded API host is required.
+- Backend health endpoint is `/health`.
+- If you need local frontend->local backend development, use `frontend/.env.local`.

backend/.env.example

@@ -0,0 +1,14 @@
+# JWT
+SECRET_KEY=change-me-in-production
+ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=43200
+
+# OpenID Connect (SSO)
+SSO_ENABLED=false
+ZITADEL_ISSUER=
+ZITADEL_CLIENT_ID=
+ZITADEL_CLIENT_SECRET=
+
+# URLs
+BASE_URL=https://panel.example.com
+FRONTEND_URL=https://panel.example.com

backend/Dockerfile

@@ -1,79 +1,30 @@
-# ================================
-# MC Panel Backend - Production Dockerfile
-# ================================
+FROM python:3.11-slim
 
-FROM python:3.11-slim AS production
-
-# Метаданные
-LABEL maintainer="MC Panel Team" \
-      version="2.0.0" \
-      description="MC Panel Backend - FastAPI Server" \
-      component="backend"
-
-# Переменные окружения
 ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1 \
     PYTHONPATH=/app \
     PORT=8000 \
-    WORKERS=1 \
-    DEBIAN_FRONTEND=noninteractive
+    WORKERS=2
 
-# Устанавливаем системные зависимости
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    curl \
-    procps \
-    ca-certificates \
-    tini \
-    && rm -rf /var/lib/apt/lists/* \
-    && apt-get clean
-
-# Создаем пользователя для безопасности
-RUN groupadd -r -g 1000 mcpanel && \
-    useradd -r -u 1000 -g mcpanel -d /app -s /bin/bash mcpanel
-
-# Создаем рабочую директорию
 WORKDIR /app
 
-# Копируем requirements и устанавливаем зависимости
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends curl \
+    && rm -rf /var/lib/apt/lists/*
+
 COPY requirements.txt ./
-RUN pip install --no-cache-dir --upgrade pip && \
-    pip install --no-cache-dir -r requirements.txt
+RUN pip install --no-cache-dir --upgrade pip \
+    && pip install --no-cache-dir -r requirements.txt
 
-# Копируем исходный код
-COPY --chown=mcpanel:mcpanel . ./
+COPY . ./
 
-# Создаем необходимые директории
-RUN mkdir -p \
-    servers \
-    data \
-    logs \
-    && touch users.json tickets.json
+RUN mkdir -p /app/servers /app/data /app/logs \
+    && ([ -f /app/users.json ] || echo '{}' > /app/users.json) \
+    && ([ -f /app/tickets.json ] || echo '{}' > /app/tickets.json)
 
-# Создаем конфигурационные файлы по умолчанию если их нет
-RUN [ ! -f users.json ] && echo '{}' > users.json || true && \
-    [ ! -f tickets.json ] && echo '{}' > tickets.json || true
-
-# Устанавливаем права доступа
-RUN chown -R mcpanel:mcpanel /app && \
-    chmod -R 755 /app && \
-    chmod +x main.py
-
-# Переключаемся на непривилегированного пользователя
-USER mcpanel
-
-# Health check
-HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
-    CMD curl -f http://localhost:${PORT}/health 2>/dev/null || \
-        curl -f http://localhost:${PORT}/ 2>/dev/null || exit 1
-
-# Expose порт
 EXPOSE 8000
 
-# Volumes для персистентных данных
-VOLUME ["/app/servers", "/app/data", "/app/logs"]
+HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 \
+  CMD curl -fsS "http://localhost:${PORT}/health" || exit 1
 
-# Используем tini как init процесс
-ENTRYPOINT ["/usr/bin/tini", "--"]
-
-# Команда запуска
-CMD ["sh", "-c", "python -m uvicorn main:app --host 0.0.0.0 --port ${PORT} --workers ${WORKERS}"]
+CMD ["sh", "-c", "uvicorn main:app --host 0.0.0.0 --port ${PORT:-8000} --workers ${WORKERS:-2}"]

backend/main.py

@@ -172,6 +172,11 @@ def check_server_access(user: dict, server_name: str):
         return False
     return server_name in user.get("servers", [])
 
+# Healthcheck endpoint for Docker/hosting probes
+@app.get("/health")
+async def health():
+    return {"status": "ok"}
+
 # API для аутентификации
 
 # OpenID Connect endpoints
@@ -1936,4 +1941,4 @@ app.include_router(daemons_router)
 
 if __name__ == "__main__":
     import uvicorn
-    uvicorn.run(app, host="0.0.0.0", port=8000)
+    uvicorn.run(app, host="0.0.0.0", port=4546)

backend/oidc_config.py

@@ -4,28 +4,58 @@
 import os
 from typing import Dict, Any
 
-# Конфигурация провайдеров OpenID Connect
-OIDC_PROVIDERS = {
-    "zitadel": {
-        "name": "ZITADEL",
-        "client_id": os.getenv("ZITADEL_CLIENT_ID", ""),
-        "client_secret": os.getenv("ZITADEL_CLIENT_SECRET", ""),
-        "server_metadata_url": os.getenv("ZITADEL_ISSUER", "") + "/.well-known/openid-configuration",
-        "issuer": os.getenv("ZITADEL_ISSUER", ""),
-        "scopes": ["openid", "email", "profile"],
-        "icon": "🔐",
-        "color": "bg-purple-600 hover:bg-purple-700"
+
+def _is_truthy(value: str) -> bool:
+    """Безопасный парсинг bool из переменных окружения."""
+    return value.strip().lower() in {"1", "true", "yes", "on"}
+
+
+def _is_config_value_set(value: str) -> bool:
+    """Проверка, что значение реально задано, а не заглушка."""
+    normalized = value.strip().lower()
+    return normalized not in {"", "none", "null", "undefined"}
+
+
+def is_sso_enabled() -> bool:
+    """Глобальный флаг включения SSO через env."""
+    # По умолчанию SSO включён, чтобы не ломать существующее поведение.
+    raw = os.getenv("SSO_ENABLED", "true")
+    return _is_truthy(raw)
+
+
+def get_oidc_providers() -> Dict[str, Dict[str, Any]]:
+    """Собрать конфигурацию OpenID Connect провайдеров из env."""
+    issuer = os.getenv("ZITADEL_ISSUER", "")
+    return {
+        "zitadel": {
+            "name": "ZITADEL",
+            "client_id": os.getenv("ZITADEL_CLIENT_ID", ""),
+            "client_secret": os.getenv("ZITADEL_CLIENT_SECRET", ""),
+            "server_metadata_url": issuer.rstrip("/") + "/.well-known/openid-configuration" if issuer else "",
+            "issuer": issuer,
+            "scopes": ["openid", "email", "profile"],
+            "icon": "🔐",
+            "color": "bg-purple-600 hover:bg-purple-700"
+        }
     }
-}
+
+
+# Для обратной совместимости с импортами из других модулей
+OIDC_PROVIDERS = get_oidc_providers()
+
 
 def get_enabled_providers() -> Dict[str, Dict[str, Any]]:
-    """Получить список включённых провайдеров (с настроенными client_id)"""
-    enabled = {}
-    for provider_id, config in OIDC_PROVIDERS.items():
-        if config.get("client_id") and config.get("issuer"):
+    """Получить список включённых провайдеров (с настроенным client_id)."""
+    if not is_sso_enabled():
+        return {}
+
+    enabled: Dict[str, Dict[str, Any]] = {}
+    for provider_id, config in get_oidc_providers().items():
+        if _is_config_value_set(config.get("client_id", "")) and _is_config_value_set(config.get("issuer", "")):
             enabled[provider_id] = config
     return enabled
 
+
 def get_redirect_uri(provider_id: str, base_url: str = "http://localhost:8000") -> str:
-    """Получить redirect URI для провайдера"""
-    return f"{base_url}/api/auth/oidc/{provider_id}/callback"
+    """Получить redirect URI для провайдера."""
+    return f"{base_url}/api/auth/oidc/{provider_id}/callback"

deploy/.env.hosting.example

@@ -0,0 +1,9 @@
+# Image tag produced by Drone (latest or build number)
+IMAGE_TAG=latest
+
+# Optional explicit image names
+# BACKEND_IMAGE=registry.nevetime.ru/mc-panel-backend:latest
+# FRONTEND_IMAGE=registry.nevetime.ru/mc-panel-frontend:latest
+
+# External port for the frontend container
+FRONTEND_PORT=80

deploy/docker-compose.hosting.yml

@@ -0,0 +1,49 @@
+version: '3.8'
+
+services:
+  backend:
+    image: ${BACKEND_IMAGE:-registry.nevetime.ru/mc-panel-backend:${IMAGE_TAG:-latest}}
+    container_name: mc-panel-backend
+    restart: unless-stopped
+    env_file:
+      - ../backend/.env
+    environment:
+      PORT: 8000
+      WORKERS: 2
+    volumes:
+      - mc_servers:/app/servers
+      - mc_data:/app/data
+      - mc_logs:/app/logs
+    networks:
+      - mc-panel
+    healthcheck:
+      test: ["CMD", "curl", "-fsS", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  frontend:
+    image: ${FRONTEND_IMAGE:-registry.nevetime.ru/mc-panel-frontend:${IMAGE_TAG:-latest}}
+    container_name: mc-panel-frontend
+    restart: unless-stopped
+    ports:
+      - "${FRONTEND_PORT:-80}:80"
+    depends_on:
+      backend:
+        condition: service_healthy
+    networks:
+      - mc-panel
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+volumes:
+  mc_servers:
+  mc_data:
+  mc_logs:
+
+networks:
+  mc-panel:
+    driver: bridge

docker-compose.dev.yml

@@ -1,61 +1,48 @@
-version: '3.8'
+version: '3.8'
 
 services:
-  # Backend для разработки
-  backend-dev:
+  backend:
     build:
       context: ./backend
       dockerfile: Dockerfile
-      target: production
     container_name: mc-panel-backend-dev
     restart: unless-stopped
     ports:
       - "8000:8000"
+    env_file:
+      - ./backend/.env
     environment:
-      - PORT=8000
-      - WORKERS=1
-      - PYTHONPATH=/app
-      - DEBUG=true
-      - LOG_LEVEL=DEBUG
+      PORT: 8000
+      WORKERS: 1
     volumes:
-      # Монтируем исходный код для hot reload
       - ./backend:/app
       - mc_servers_dev:/app/servers
       - mc_data_dev:/app/data
       - mc_logs_dev:/app/logs
+    command: ["sh", "-c", "uvicorn main:app --host 0.0.0.0 --port 8000 --reload"]
     networks:
       - mc-panel-dev
-    command: ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
 
-  # Frontend для разработки
-  frontend-dev:
+  frontend:
     build:
       context: ./frontend
       dockerfile: Dockerfile
-      target: development
+      args:
+        VITE_API_URL: http://localhost:8000
     container_name: mc-panel-frontend-dev
     restart: unless-stopped
     ports:
-      - "5173:5173"
-    volumes:
-      # Монтируем исходный код для hot reload
-      - ./frontend:/app
-      - /app/node_modules
+      - "3000:80"
+    depends_on:
+      - backend
     networks:
       - mc-panel-dev
-    environment:
-      - VITE_API_URL=http://localhost:8000
-    depends_on:
-      - backend-dev
 
 volumes:
   mc_servers_dev:
-    driver: local
   mc_data_dev:
-    driver: local
   mc_logs_dev:
-    driver: local
 
 networks:
   mc-panel-dev:
-    driver: bridge
+    driver: bridge

docker-compose.yml

@@ -1,59 +1,49 @@
-version: '3.8'
+version: '3.8'
 
 services:
-  # Backend сервис
   backend:
-    image: registry.nevetime.ru/mc-panel-backend:${IMAGE_TAG:-latest}
+    image: ${BACKEND_IMAGE:-registry.nevetime.ru/mc-panel-backend:${IMAGE_TAG:-latest}}
     container_name: mc-panel-backend
     restart: unless-stopped
-    ports:
-      - "8000:8000"
-    environment:
-      - PORT=8000
-      - WORKERS=2
-      - PYTHONPATH=/app
-      - DEBUG=false
     env_file:
       - ./backend/.env
+    environment:
+      PORT: ${BACKEND_PORT:-8000}
+      WORKERS: ${BACKEND_WORKERS:-2}
     volumes:
       - mc_servers:/app/servers
       - mc_data:/app/data
       - mc_logs:/app/logs
     networks:
-      - mc-panel-network
+      - mc-panel
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      test: ["CMD", "curl", "-fsS", "http://localhost:8000/health"]
       interval: 30s
       timeout: 10s
       retries: 3
-      start_period: 60s
 
-  # Frontend сервис
   frontend:
-    image: registry.nevetime.ru/mc-panel-frontend:${IMAGE_TAG:-latest}
+    image: ${FRONTEND_IMAGE:-registry.nevetime.ru/mc-panel-frontend:${IMAGE_TAG:-latest}}
     container_name: mc-panel-frontend
     restart: unless-stopped
     ports:
-      - "80:80"
+      - "${FRONTEND_PORT:-80}:80"
     depends_on:
-      - backend
+      backend:
+        condition: service_healthy
     networks:
-      - mc-panel-network
+      - mc-panel
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost/health"]
+      test: ["CMD", "wget", "-qO-", "http://localhost/health"]
       interval: 30s
       timeout: 10s
       retries: 3
-      start_period: 30s
 
 volumes:
   mc_servers:
-    driver: local
   mc_data:
-    driver: local
   mc_logs:
-    driver: local
 
 networks:
-  mc-panel-network:
-    driver: bridge
+  mc-panel:
+    driver: bridge

frontend/.env

@@ -1 +1 @@
-VITE_API_URL=http://26.62.117.104:8000
+VITE_API_URL=

frontend/.env.example

@@ -1,3 +1,4 @@
-# API URL (необязательно, по умолчанию определяется автоматически)
-# Раскомментируйте и укажите ваш IP для удаленного доступа
-# VITE_API_URL=http://26.123.45.67:8000
+# API URL:
+# - пусто: same-origin (/api), рекомендуется для production с nginx proxy
+# - http://localhost:4546: локальный backend
+VITE_API_URL=

frontend/.env.local.example

@@ -1,10 +1,10 @@
 # Создайте файл .env.local и раскомментируйте нужную строку
 
 # Для локального использования (по умолчанию)
-# VITE_API_URL=http://localhost:8000
+# VITE_API_URL=http://localhost:4546
 
 # Для Radmin VPN (замените на ваш IP)
-# VITE_API_URL=http://26.62.117.104:8000
+# VITE_API_URL=http://26.62.117.104:4546
 
 # Для Hamachi (замените на ваш IP)
-# VITE_API_URL=http://25.123.45.67:8000
+# VITE_API_URL=http://25.123.45.67:4546

frontend/Dockerfile

@@ -1,207 +1,25 @@
-# ================================
-# MC Panel Frontend - Multi-Stage Dockerfile
-# ================================
+FROM node:20-alpine AS build
 
-# Stage 1: Build Stage
-FROM node:20-alpine AS builder
-
-# Метаданные
-LABEL maintainer="MC Panel Team" \
-      version="2.0.0" \
-      description="MC Panel Frontend - React Build Stage" \
-      component="frontend"
-
-# Устанавливаем зависимости для сборки
-RUN apk add --no-cache git python3 make g++
-
-# Создаем рабочую директорию
 WORKDIR /app
 
-# Копируем package files для кеширования зависимостей
 COPY package*.json ./
-
-# Устанавливаем зависимости
 RUN npm ci --silent
 
-# Копируем исходный код
 COPY . ./
 
-# Собираем приложение для production
+ARG VITE_API_URL=
+ENV VITE_API_URL=${VITE_API_URL}
+
 RUN npm run build
 
-# Проверяем размер сборки
-RUN du -sh dist/ && \
-    echo "Build completed successfully"
+FROM nginx:1.27-alpine
 
-# ================================
-# Stage 2: Production Stage (Nginx)
-# ================================
-FROM nginx:alpine AS production
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=build /app/dist /usr/share/nginx/html
 
-# Метаданные
-LABEL maintainer="MC Panel Team" \
-      version="2.0.0" \
-      description="MC Panel Frontend - Nginx Production Server" \
-      component="frontend"
-
-# Устанавливаем дополнительные пакеты
-RUN apk add --no-cache curl tini
-
-# Создаем пользователя nginx если его нет
-RUN addgroup -g 1000 -S mcpanel && \
-    adduser -u 1000 -D -S -G mcpanel mcpanel
-
-# Копируем собранное приложение из builder stage
-COPY --from=builder /app/dist /usr/share/nginx/html
-
-# Создаем кастомную конфигурацию Nginx
-RUN cat > /etc/nginx/conf.d/default.conf << 'EOF'
-server {
-    listen 80;
-    listen [::]:80;
-    server_name _;
-    
-    root /usr/share/nginx/html;
-    index index.html;
-    
-    # Gzip compression
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 1024;
-    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
-    
-    # Security headers
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-XSS-Protection "1; mode=block" always;
-    add_header Referrer-Policy "no-referrer-when-downgrade" always;
-    
-    # Cache static assets
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-    }
-    
-    # Handle React Router (SPA)
-    location / {
-        try_files $uri $uri/ /index.html;
-    }
-    
-    # API proxy (если нужно)
-    location /api/ {
-        proxy_pass http://backend:8000/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-    
-    # WebSocket proxy (если нужно)
-    location /ws/ {
-        proxy_pass http://backend:8000/ws/;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-    
-    # Health check endpoint
-    location /health {
-        access_log off;
-        return 200 "healthy\n";
-        add_header Content-Type text/plain;
-    }
-}
-EOF
-
-# Создаем кастомную конфигурацию nginx.conf
-RUN cat > /etc/nginx/nginx.conf << 'EOF'
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections 1024;
-    use epoll;
-    multi_accept on;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-    
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-    
-    access_log /var/log/nginx/access.log main;
-    
-    sendfile on;
-    tcp_nopush on;
-    tcp_nodelay on;
-    keepalive_timeout 65;
-    types_hash_max_size 2048;
-    client_max_body_size 100M;
-    
-    include /etc/nginx/conf.d/*.conf;
-}
-EOF
-
-# Health check
-HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
-    CMD curl -f http://localhost/health || exit 1
-
-# Expose порт
 EXPOSE 80
 
-# Используем tini как init процесс
-ENTRYPOINT ["/sbin/tini", "--"]
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
+  CMD wget -qO- http://localhost/health >/dev/null || exit 1
 
-# Команда запуска
 CMD ["nginx", "-g", "daemon off;"]
-
-# ================================
-# Stage 3: Development Stage
-# ================================
-FROM node:20-alpine AS development
-
-# Метаданные
-LABEL maintainer="MC Panel Team" \
-      version="2.0.0" \
-      description="MC Panel Frontend - Development Server" \
-      component="frontend"
-
-# Устанавливаем зависимости для разработки
-RUN apk add --no-cache git python3 make g++
-
-# Создаем пользователя для разработки
-RUN addgroup -g 1000 -S mcpanel && \
-    adduser -u 1000 -D -S -G mcpanel mcpanel
-
-# Создаем рабочую директорию
-WORKDIR /app
-
-# Меняем владельца директории
-RUN chown mcpanel:mcpanel /app
-
-# Переключаемся на пользователя
-USER mcpanel
-
-# Копируем package files
-COPY --chown=mcpanel:mcpanel package*.json ./
-
-# Устанавливаем зависимости
-RUN npm ci
-
-# Копируем исходный код
-COPY --chown=mcpanel:mcpanel . ./
-
-# Expose порт для dev сервера
-EXPOSE 5173
-
-# Команда для разработки
-CMD ["npm", "run", "dev"]

frontend/nginx.conf

@@ -0,0 +1,37 @@
+server {
+    listen 80;
+    server_name _;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    location /api/ {
+        proxy_pass http://backend:8000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /ws/ {
+        proxy_pass http://backend:8000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location = /health {
+        access_log off;
+        return 200 'ok';
+        add_header Content-Type text/plain;
+    }
+}

frontend/src/components/Auth.jsx

@@ -41,7 +41,7 @@ export default function Auth({ onLogin }) {
     try {
       await onLogin(username, password, isLogin);
     } catch (err) {
-      setError(err.message || 'Ошибка авторизации');
+      setError(err?.response?.data?.detail || err.message || 'Ошибка авторизации');
     } finally {
       setLoading(false);
     }
@@ -182,7 +182,7 @@ export default function Auth({ onLogin }) {
           {isLogin && (
             <div className={`mt-6 text-center text-sm ${currentTheme.textSecondary}`}>
               <p>Учётные данные по умолчанию:</p>
-              <p className={`${currentTheme.text} font-mono mt-1`}>none / none</p>
+              <p className={`${currentTheme.text} font-mono mt-1`}>admin / Admin</p>
             </div>
           )}
         </div>

frontend/src/components/UserManagement.jsx

@@ -2,6 +2,7 @@ import { useState, useEffect } from 'react';
 import { Users, Shield, Ban, Trash2, UserCheck, Server } from 'lucide-react';
 import axios from 'axios';
 import { notify } from './NotificationSystem';
+import { API_URL } from '../config';
 
 const UserManagement = ({ token, currentUser }) => {
   const [users, setUsers] = useState([]);
@@ -10,8 +11,6 @@ const UserManagement = ({ token, currentUser }) => {
   const [showRoleModal, setShowRoleModal] = useState(false);
   const [showAccessModal, setShowAccessModal] = useState(false);
 
-  const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:8000';
-
   // Загрузка пользователей
   const loadUsers = async () => {
     try {

frontend/src/config.js

@@ -1,21 +1,23 @@
 // Автоматически определяем API URL
 const getApiUrl = () => {
-  // Если задана переменная окружения, используем её
-  if (import.meta.env.VITE_API_URL) {
-    return import.meta.env.VITE_API_URL;
+  // Если переменная задана даже пустой строкой, используем её как явный override.
+  // Пустая строка = same-origin (/api через nginx proxy).
+  if (Object.prototype.hasOwnProperty.call(import.meta.env, 'VITE_API_URL')) {
+    const value = import.meta.env.VITE_API_URL || '';
+    return value.replace(/\/$/, '');
   }
   
-  // Иначе используем текущий хост с портом 8000
+  // Иначе используем текущий хост с портом 4546
   const protocol = window.location.protocol;
   const hostname = window.location.hostname;
   
-  // Если localhost, используем localhost:8000
+  // Если localhost, используем localhost:4546
   if (hostname === 'localhost' || hostname === '127.0.0.1') {
-    return `${protocol}//localhost:8000`;
+    return `${protocol}//localhost:4546`;
   }
   
-  // Для удаленного доступа используем IP:8000
-  return `${protocol}//${hostname}:8000`;
+  // Для удаленного доступа используем IP:4546
+  return `${protocol}//${hostname}:4546`;
 };
 
 export const API_URL = getApiUrl();