## Мониторинг SSL сертификатов

Мониторятся 19 доменов:
- ai-impress.com, www.ai-impress.com
- auth.ai-impress.com, n8n.ai-impress.com
- odoo.ai-impress.com, marketing.ai-impress.com
- pgadmin.ai-impress.com, portainer.ai-impress.com
- social.ai-impress.com, status.ai-impress.com
- vault.ai-impress.com, wiki.ai-impress.com
- и другие...

## Логирование

Loki собирает логи:
- Всех Docker контейнеров (49 контейнеров)
- Системные логи (`/var/log/*`)
- Логи приложений (`/opt/**/*.log`)

## Доступ
- Grafana: http://51.89.231.46:3000 (admin/admin123)
- Prometheus: http://localhost:9090
- Alertmanager: http://localhost:9093
- Loki: http://localhost:3100

## Резервные копии
Конфиги хранятся в:
- `/opt/04-tools/grafana/dashboards/` - дашборды Grafana
- `/opt/00-infrastructure/` - конфиги сервисов
EOF

sudo tee /opt/05-backups/scripts/backup-configs.sh << 'EOF'
#!/bin/bash

BACKUP_DIR="/mnt/backups/configs"
DATE=$(date +%Y%m%d-%H%M%S)

echo "[$(date)] Starting config backup..."

# Создаем директорию для бэкапа
mkdir -p $BACKUP_DIR/$DATE

# Бэкап конфигов Grafana
mkdir -p $BACKUP_DIR/$DATE/grafana
cp -r /opt/04-tools/grafana/dashboards/* $BACKUP_DIR/$DATE/grafana/ 2>/dev/null || true

# Бэкап конфигов мониторинга
mkdir -p $BACKUP_DIR/$DATE/monitoring
cp -r /opt/00-infrastructure/loki/* $BACKUP_DIR/$DATE/monitoring/ 2>/dev/null || true
cp -r /opt/00-infrastructure/blackbox/* $BACKUP_DIR/$DATE/monitoring/ 2>/dev/null || true

# Бэкап системных сервисов
mkdir -p $BACKUP_DIR/$DATE/systemd
cp /etc/systemd/system/auto-update.* $BACKUP_DIR/$DATE/systemd/ 2>/dev/null || true

# Создаем архив
tar -czf $BACKUP_DIR/config-backup-$DATE.tar.gz -C $BACKUP_DIR/$DATE .

# Очистка старых бэкапов (храним 7 дней)
find $BACKUP_DIR -name "config-backup-*.tar.gz" -mtime +7 -delete
find $BACKUP_DIR -type d -name "202*" -mtime +1 -exec rm -rf {} + 2>/dev/null || true

echo "[$(date)] Backup completed: $BACKUP_DIR/config-backup-$DATE.tar.gz"
EOF

sudo chmod +x /opt/05-backups/scripts/backup-configs.sh
sudo tee /etc/systemd/system/backup-configs.timer << 'EOF'
[Unit]
Description=Run config backup daily
Requires=backup-configs.service

[Timer]
OnCalendar=daily
Persistent=true
RandomizedDelaySec=3600

[Install]
WantedBy=timers.target
EOF

sudo tee /etc/systemd/system/backup-configs.service << 'EOF'
[Unit]
Description=Backup configuration files
After=docker.service

[Service]
Type=oneshot
User=root
ExecStart=/opt/05-backups/scripts/backup-configs.sh
Environment=PATH=/usr/bin:/bin:/usr/sbin:/sbin
StandardOutput=journal
StandardError=journal
EOF

sudo systemctl daemon-reload
sudo systemctl enable backup-configs.timer
sudo systemctl start backup-configs.timer
sudo systemctl list-timers backup-configs.timer
clear
docker ps | grep prometheus
docker logs prometheus
clear
docker exec prometheus cat /etc/prometheus/prometheus.yml
docker stop prometheus
find /opt -name "prometheus.yml" 2>/dev/null
cat /opt/04-tools/monitoring/prometheus/prometheus.yml
nano /opt/04-tools/monitoring/prometheus/prometheus.yml
sudo nano /opt/04-tools/monitoring/prometheus/prometheus.yml
docker start prometheus
docker ps | grep prometheus
docker logs prometheus --tail 20
clerar
clear
cat /opt/04-tools/monitoring/prometheus/prometheus.yml
nano /opt/04-tools/monitoring/prometheus/prometheus.yml
sudo nano /opt/04-tools/monitoring/prometheus/prometheus.yml
docker restart prometheus
docker ps | grep prometheus
docker logs prometheus --tail 20
clear
cat /opt/04-tools/monitoring/prometheus/prometheus.yml
sudo nano /opt/04-tools/monitoring/prometheus/prometheus.yml
docker restart prometheus
docker ps | grep prometheus
docker logs prometheus --tail 20
clear
curl -s http://localhost:9090/api/v1/targets | jq '.data.activeTargets[] | {job: .labels.job, instance: .labels.instance, health: .health}'
docker exec grafana curl -s http://prometheus:9090/api/v1/query?query=up
clear
curl -s http://localhost:9090/api/v1/label/__name__/values | jq -r '.data[]' | grep -E "(postgres|postiz|database)" | head -20
# Запусти postgres-exporter
docker run -d --name postgres-exporter   --network=database-internal   -e DATA_SOURCE_NAME="postgresql://username:password@postgres-main:5432/postgres?sslmode=disable"   prometheuscommunity/postgres-exporter
# Проверим как настроен postgres-main контейнер
docker inspect postgres-main | grep -A5 -B5 "POSTGRES"
docker stop postgres-exporter
docker rm postgres-exporter
docker run -d --name postgres-exporter   --network=database-internal   -e DATA_SOURCE_NAME="postgresql://aimpress_admin:OYcH3tc0RfXokYdyTQvMiH1MnIThUZ4J@postgres-main:5432/postgres?sslmode=disable"   prometheuscommunity/postgres-exporter
docker run -d --name postgres-exporter   --network=database-internal   -e DATA_SOURCE_NAME="postgresql://aimpress_admin:OYcH3tc0RfXokYdyTQvMiH1MnIThUZ4J@postgres-main:5432/postgres?sslmode=disable"   prometheuscommunity/postgres-exporter
echo '
  - job_name: "postgres-exporter"
    static_configs:
      - targets: ["postgres-exporter:9187"]
    scrape_interval: 30s' >> /opt/04-tools/monitoring/prometheus/prometheus.yml
sudo sh -c 'echo "  - job_name: \"postgres-exporter\"
    static_configs:
      - targets: [\"postgres-exporter:9187\"]
    scrape_interval: 30s" >> /opt/04-tools/monitoring/prometheus/prometheus.yml'
curl -X POST http://localhost:9090/-/reload
curl -s http://localhost:9090/api/v1/targets | jq '.data.activeTargets[] | select(.labels.job == "postgres-exporter") | {job: .labels.job, instance: .labels.instance, health: .health}'
docker logs postgres-exporter
docker exec postgres-exporter psql "postgresql://aimpress_admin:OYcH3tc0RfXokYdyTQvMiH1MnIThUZ4J@postgres-main:5432/postgres?sslmode=disable" -c "SELECT 1;"
curl -s http://localhost:9187/metrics | head -20
docker exec postgres-exporter wget -q -O- http://localhost:9187/metrics | head -10
docker logs postgres-exporter --tail 10
curl -s http://localhost:9187/metrics | grep -E "(pg_|postgres)" | head -10
curl -s http://localhost:9187/metrics | head -30
docker exec -it prometheus wget -q -O- http://postgres-exporter:9187/metrics | head -10
docker network connect monitoring_monitoring postgres-exporter
docker inspect postgres-exporter | grep -A10 "Networks"
docker network connect monitoring_monitoring postgres-exporter
docker exec -it prometheus wget -q -O- http://postgres-exporter:9187/metrics | head -10
curl -s http://localhost:9090/api/v1/targets | jq '.data.activeTargets[] | select(.labels.job == "postgres-exporter") | {job: .labels.job, instance: .labels.instance, health: .health}'
clean
clear
cd
healt
health
sudo mkdir -p /opt/03-business/documenso/{config,data,secrets} && sudo chown -R ubuntu:ubuntu /opt/03-business/documenso && cd /opt/03-business/documenso && ls -la
cd /opt/00-infrastructure/vault && docker compose exec vault vault kv put secret/documenso/smtp   host="aiimpress-com0e.mail.protection.outlook.com"   port="25"   from_address="noreply@ai-impress.com"   from_name="AI Impress Documenso"
cd /opt/00-infrastructure/vault && docker compose exec vault vault login hvs.jYguDdf2IzobXG8b9QWyATV8 && docker compose exec vault vault kv put secret/documenso/smtp   host="aiimpress-com0e.mail.protection.outlook.com"   port="25"   from_address="noreply@ai-impress.com"   from_name="AI Impress Documenso"
cd /opt/00-infrastructure/vault && docker compose exec vault vault secrets enable -path=secret kv-v2 && docker compose exec vault vault kv put secret/documenso/smtp   host="aiimpress-com0e.mail.protection.outlook.com"   port="25"   from_address="noreply@ai-impress.com"   from_name="AI Impress Documenso"
cd /opt/00-infrastructure/postgres-main && docker compose exec -T postgres-main psql -U postgres -c "CREATE DATABASE documenso;" && docker compose exec -T postgres-main psql -U postgres -c "CREATE USER documenso_user WITH PASSWORD 'temp_password_123';" && docker compose exec -T postgres-main psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE documenso TO documenso_user;"
find /opt -name "*postgres*" -type d | grep -v vault | head -10
cd /opt/00-infrastructure/postgres && docker compose exec -T postgres-main psql -U postgres -c "CREATE DATABASE documenso;" && docker compose exec -T postgres-main psql -U postgres -c "CREATE USER documenso_user WITH PASSWORD 'temp_password_123';" && docker compose exec -T postgres-main psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE documenso TO documenso_user;"
docker ps | grep postgres
cd /opt/00-infrastructure/postgres && docker compose exec -T postgres-main psql -U postgres -c "CREATE DATABASE documenso;" && docker compose exec -T postgres-main psql -U postgres -c "CREATE USER documenso_user WITH PASSWORD 'temp_password_123';" && docker compose exec -T postgres-main psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE documenso TO documenso_user;"
clear
docker exec -i postgres-main psql -U postgres -c "CREATE DATABASE documenso;" && docker exec -i postgres-main psql -U postgres -c "CREATE USER documenso_user WITH PASSWORD 'temp_password_123';" && docker exec -i postgres-main psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE documenso TO documenso_user;"
docker exec -i postgres-main psql -U ubuntu -c "\du" || docker exec -i postgres-main psql -U supabase -c "\du" || docker exec -i postgres-main psql -c "\du"
docker inspect postgres-main | grep -A 5 -B 5 "POSTGRES"
docker exec -i postgres-main psql -U aimpress_admin -d postgres -c "CREATE DATABASE documenso;" && docker exec -i postgres-main psql -U aimpress_admin -d postgres -c "CREATE USER documenso_user WITH PASSWORD 'temp_password_123';" && docker exec -i postgres-main psql -U aimpress_admin -d postgres -c "GRANT ALL PRIVILEGES ON DATABASE documenso TO documenso_user;"
cd /opt/00-infrastructure/vault && docker compose exec vault vault kv put secret/documenso/database   username="documenso_user"   password="temp_password_123"   database="documenso"   host="postgres-main"   port="5432"
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # OIDC для Authentik SSO
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware для защиты роутов сотрудников
      - "traefik.http.routers.documenso.middlewares=documenso-auth"
      - "traefik.http.middlewares.documenso-auth.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik"
      - "traefik.http.middlewares.documenso-auth.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.documenso-auth.forwardauth.authResponseHeaders=Set-Cookie,Authentik-Username,Authentik-Groups,Authentik-Email,Authentik-Name,Authentik-Uid"
    volumes:
      - ./data:/data
    depends_on:
      - postgres-main

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

cd /opt/03-business/documenso && cat > scripts/generate-env.sh << 'EOF'
#!/bin/bash

# Скрипт для генерации .env файла из Vault
set -e

VAULT_ADDR="http://vault:8200"
ENV_FILE="/opt/03-business/documenso/.env"

echo "🔐 Получение секретов из Vault..."

# Получаем SMTP секреты
SMTP_SECRETS=$(docker compose exec -T vault vault kv get -format=json secret/documenso/smtp)
SMTP_HOST=$(echo "$SMTP_SECRETS" | jq -r '.data.data.host')
SMTP_PORT=$(echo "$SMTP_SECRETS" | jq -r '.data.data.port')
SMTP_FROM_ADDRESS=$(echo "$SMTP_SECRETS" | jq -r '.data.data.from_address')
SMTP_FROM_NAME=$(echo "$SMTP_SECRETS" | jq -r '.data.data.from_name')

# Получаем Database секреты
DB_SECRETS=$(docker compose exec -T vault vault kv get -format=json secret/documenso/database)
DB_PASSWORD=$(echo "$DB_SECRETS" | jq -r '.data.data.password')

# Генерируем NEXTAUTH_SECRET
NEXTAUTH_SECRET=$(openssl rand -base64 32)

# Создаем .env файл
cat > "$ENV_FILE" << EOL
# Database
DB_PASSWORD=$DB_PASSWORD

# NextAuth
NEXTAUTH_SECRET=$NEXTAUTH_SECRET

# SMTP
SMTP_HOST=$SMTP_HOST
SMTP_PORT=$SMTP_PORT
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_NAME=$SMTP_FROM_NAME
SMTP_FROM_ADDRESS=$SMTP_FROM_ADDRESS

# OIDC (будет настроено позже в Authentik)
AUTHENTIK_OIDC_CLIENT_ID=
AUTHENTIK_OIDC_CLIENT_SECRET=
AUTHENTIK_OIDC_ISSUER=
EOL

echo "✅ .env файл создан: $ENV_FILE"
echo "📧 SMTP настроен: $SMTP_HOST:$SMTP_PORT"
EOF

mkdir -p scripts && cat > scripts/generate-env.sh << 'EOF'
#!/bin/bash

# Скрипт для генерации .env файла из Vault
set -e

VAULT_ADDR="http://vault:8200"
ENV_FILE="/opt/03-business/documenso/.env"

echo "🔐 Получение секретов из Vault..."

# Получаем SMTP секреты
SMTP_SECRETS=$(docker compose exec -T vault vault kv get -format=json secret/documenso/smtp)
SMTP_HOST=$(echo "$SMTP_SECRETS" | jq -r '.data.data.host')
SMTP_PORT=$(echo "$SMTP_SECRETS" | jq -r '.data.data.port')
SMTP_FROM_ADDRESS=$(echo "$SMTP_SECRETS" | jq -r '.data.data.from_address')
SMTP_FROM_NAME=$(echo "$SMTP_SECRETS" | jq -r '.data.data.from_name')

# Получаем Database секреты
DB_SECRETS=$(docker compose exec -T vault vault kv get -format=json secret/documenso/database)
DB_PASSWORD=$(echo "$DB_SECRETS" | jq -r '.data.data.password')

# Генерируем NEXTAUTH_SECRET
NEXTAUTH_SECRET=$(openssl rand -base64 32)

# Создаем .env файл
cat > "$ENV_FILE" << EOL
# Database
DB_PASSWORD=$DB_PASSWORD

# NextAuth
NEXTAUTH_SECRET=$NEXTAUTH_SECRET

# SMTP
SMTP_HOST=$SMTP_HOST
SMTP_PORT=$SMTP_PORT
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_NAME=$SMTP_FROM_NAME
SMTP_FROM_ADDRESS=$SMTP_FROM_ADDRESS

# OIDC (будет настроено позже в Authentik)
AUTHENTIK_OIDC_CLIENT_ID=
AUTHENTIK_OIDC_CLIENT_SECRET=
AUTHENTIK_OIDC_ISSUER=
EOL

echo "✅ .env файл создан: $ENV_FILE"
echo "📧 SMTP настроен: $SMTP_HOST:$SMTP_PORT"
EOF

chmod +x scripts/generate-env.sh && cd /opt/03-business/documenso && ./scripts/generate-env.sh
clear
cd /opt/03-business/documenso && cat > scripts/generate-env.sh << 'EOF'
#!/bin/bash

# Скрипт для генерации .env файла из Vault
set -e

ENV_FILE="/opt/03-business/documenso/.env"

echo "🔐 Получение секретов из Vault..."

# Получаем SMTP секреты через прямой docker exec
SMTP_SECRETS=$(docker exec -i vault vault kv get -format=json secret/documenso/smtp 2>/dev/null)
SMTP_HOST=$(echo "$SMTP_SECRETS" | jq -r '.data.data.host')
SMTP_PORT=$(echo "$SMTP_SECRETS" | jq -r '.data.data.port')
SMTP_FROM_ADDRESS=$(echo "$SMTP_SECRETS" | jq -r '.data.data.from_address')
SMTP_FROM_NAME=$(echo "$SMTP_SECRETS" | jq -r '.data.data.from_name')

# Получаем Database секреты
DB_SECRETS=$(docker exec -i vault vault kv get -format=json secret/documenso/database 2>/dev/null)
DB_PASSWORD=$(echo "$DB_SECRETS" | jq -r '.data.data.password')

# Генерируем NEXTAUTH_SECRET
NEXTAUTH_SECRET=$(openssl rand -base64 32)

# Создаем .env файл
cat > "$ENV_FILE" << EOL
# Database
DB_PASSWORD=$DB_PASSWORD

# NextAuth
NEXTAUTH_SECRET=$NEXTAUTH_SECRET

# SMTP
SMTP_HOST=$SMTP_HOST
SMTP_PORT=$SMTP_PORT
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_NAME=$SMTP_FROM_NAME
SMTP_FROM_ADDRESS=$SMTP_FROM_ADDRESS

# OIDC (будет настроено позже в Authentik)
AUTHENTIK_OIDC_CLIENT_ID=
AUTHENTIK_OIDC_CLIENT_SECRET=
AUTHENTIK_OIDC_ISSUER=
EOL

echo "✅ .env файл создан: $ENV_FILE"
echo "📧 SMTP настроен: $SMTP_HOST:$SMTP_PORT"
EOF

chmod +x scripts/generate-env.sh && ./scripts/generate-env.sh
cat .env && docker compose up -d
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # OIDC для Authentik SSO
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware для защиты роутов сотрудников
      - "traefik.http.routers.documenso.middlewares=documenso-auth"
      - "traefik.http.middlewares.documenso-auth.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik"
      - "traefik.http.middlewares.documenso-auth.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.documenso-auth.forwardauth.authResponseHeaders=Set-Cookie,Authentik-Username,Authentik-Groups,Authentik-Email,Authentik-Name,Authentik-Uid"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose up -d
clear
docker ps | grep documenso && docker logs documenso --tail 20
cd /opt/03-business/documenso && cat >> .env << 'EOF'

# Prisma Database URLs
NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
EOF

echo "✅ Добавлены Prisma переменные" && cat .env
docker compose down && docker compose up -d && sleep 10 && docker logs documenso --tail 30
clear
cd /opt/03-business/documenso && DB_PASSWORD="temp_password_123" && cat > .env << EOF
# Database
DB_PASSWORD=$DB_PASSWORD

# NextAuth
NEXTAUTH_SECRET=Nezgf+B/OiYVd/2hgS0kgawTFe6LnfEaJsE0FlzBSE8=

# SMTP
SMTP_HOST=aiimpress-com0e.mail.protection.outlook.com
SMTP_PORT=25
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_NAME=AI Impress Documenso
SMTP_FROM_ADDRESS=noreply@ai-impress.com

# OIDC (будет настроено позже в Authentik)
AUTHENTIK_OIDC_CLIENT_ID=
AUTHENTIK_OIDC_CLIENT_SECRET=
AUTHENTIK_OIDC_ISSUER=

# Prisma Database URLs
NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:$DB_PASSWORD@postgres-main:5432/documenso
NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:$DB_PASSWORD@postgres-main:5432/documenso
EOF

echo "✅ .env файл обновлен с реальными значениями" && docker compose down && docker compose up -d && sleep 10 && docker logs documenso --tail 20
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware для защиты роутов сотрудников
      - "traefik.http.routers.documenso.middlewares=documenso-auth"
      - "traefik.http.middlewares.documenso-auth.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik"
      - "traefik.http.middlewares.documenso-auth.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.documenso-auth.forwardauth.authResponseHeaders=Set-Cookie,Authentik-Username,Authentik-Groups,Authentik-Email,Authentik-Name,Authentik-Uid"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 10 && docker logs documenso --tail 20
docker exec -i postgres-main psql -U aimpress_admin -d documenso -c "
GRANT ALL PRIVILEGES ON SCHEMA public TO documenso_user;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO documenso_user;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO documenso_user;
ALTER USER documenso_user CREATEDB;
"
docker compose restart && sleep 15 && docker logs documenso --tail 30
clear
curl -s http://localhost:3000/api/health | jq . && echo "====" && curl -s http://localhost:3000/api/certificate-status | jq .
curl -s -H "Host: sign.ai-impress.com" http://localhost | head -20
curl -s -k -H "Host: sign.ai-impress.com" https://localhost | head -20 || echo "HTTPS проверка не удалась, но это нормально для локального теста"
docker exec -i authentik-proxy authentik-cli outpost list || echo "Нужно настроить Authentik для домена sign.ai-impress.com"
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO (будет настроено позже)
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware временно отключен для тестирования
      # - "traefik.http.routers.documenso.middlewares=documenso-auth"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Authentik middleware временно отключен"
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO (будет настроено позже)
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware временно отключен для тестирования
      # - "traefik.http.routers.documenso.middlewares=documenso-auth"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Authentik middleware временно отключен"
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO (будет настроено позже)
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware временно отключен для тестирования
      # - "traefik.http.routers.documenso.middlewares=documenso-auth"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Authentik middleware временно отключен"
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO (будет настроено позже)
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware временно отключен для тестирования
      # - "traefik.http.routers.documenso.middlewares=documenso-auth"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Authentik middleware временно отключен"
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO (будет настроено позже)
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware временно отключен для тестирования
      # - "traefik.http.routers.documenso.middlewares=documenso-auth"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && \
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO (будет настроено позже)
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware временно отключен для тестирования
      # - "traefik.http.routers.documenso.middlewares=documenso-auth"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Authentik middleware временно отключен"
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Докер композ перезапущен"
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)'
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && \
sleep 5 && \
echo "✅ Докер композ перезапущен"

clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - AUTHENTIK_OIDC_CLIENT_ID=${AUTHENTIK_OIDC_CLIENT_ID}
      - AUTHENTIK_OIDC_CLIENT_SECRET=${AUTHENTIK_OIDC_CLIENT_SECRET}
      - AUTHENTIK_OIDC_ISSUER=${AUTHENTIK_OIDC_ISSUER}
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)'
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Documenso перезапущен и доступен по адресу https://sign.ai-impress.com"
docker network ls | grep traefik-public || docker network create traefik-public
docker network ls | grep database-internal || docker network create database-internal
clear
docker inspect documenso | jq -r '.[0].NetworkSettings.Networks | keys[]' && echo "====" && curl -s -k -H "Host: sign.ai-impress.com" https://localhost | grep -o "<title>.*</title>" || echo "Проверка HTML не удалась, но это может быть нормально"
docker logs documenso --tail 10
cd /opt/00-infrastructure/vault && docker compose exec vault vault kv put secret/documenso/oidc   client_id="nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG"   client_secret="vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3"   issuer="https://auth.ai-impress.com/application/o/documenso/"
cd /opt/03-business/documenso && cat > .env << 'EOF'
# Database
DB_PASSWORD=temp_password_123

# NextAuth
NEXTAUTH_SECRET=Nezgf+B/OiYVd/2hgS0kgawTFe6LnfEaJsE0FlzBSE8=

# SMTP
SMTP_HOST=aiimpress-com0e.mail.protection.outlook.com
SMTP_PORT=25
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_NAME=AI Impress Documenso
SMTP_FROM_ADDRESS=noreply@ai-impress.com

# OIDC для Authentik SSO
AUTHENTIK_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
AUTHENTIK_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
AUTHENTIK_OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/

# Prisma Database URLs
NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:temp_password_123@postgres-main:5432/documenso
NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:temp_password_123@postgres-main:5432/documenso
EOF

echo "✅ .env файл обновлен с OIDC настройками"
docker compose down && docker compose up -d && sleep 10 && docker logs documenso --tail 15
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO
      - AUTHENTIK_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
      - AUTHENTIK_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
      - AUTHENTIK_OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware для защиты
      - "traefik.http.routers.documenso.middlewares=documenso-auth"
      - "traefik.http.middlewares.documenso-auth.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik"
      - "traefik.http.middlewares.documenso-auth.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.documenso-auth.forwardauth.authResponseHeaders=Set-Cookie,Authentik-Username,Authentik-Groups,Authentik-Email,Authentik-Name,Authentik-Uid"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Authentik middleware включен! Теперь проверьте https://sign.ai-impress.com"
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для Authentik SSO
      - AUTHENTIK_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
      - AUTHENTIK_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
      - AUTHENTIK_OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)'
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware для защиты
      - "traefik.http.routers.documenso.middlewares=documenso-auth"
      - "traefik.http.middlewares.documenso-auth.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik"
      - "traefik.http.middlewares.documenso-auth.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.documenso-auth.forwardauth.authResponseHeaders=Set-Cookie,Authentik-Username,Authentik-Groups,Authentik-Email,Authentik-Name,Authentik-Uid"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Authentik middleware включен! Теперь проверьте https://sign.ai-impress.com"
docker ps | grep documenso
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC временно отключен для тестирования Proxy
      # - AUTHENTIK_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
      # - AUTHENTIK_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
      # - AUTHENTIK_OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)'
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware для защиты
      - "traefik.http.routers.documenso.middlewares=documenso-auth"
      - "traefik.http.middlewares.documenso-auth.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik"
      - "traefik.http.middlewares.documenso-auth.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.documenso-auth.forwardauth.authResponseHeaders=Set-Cookie,Authentik-Username,Authentik-Groups,Authentik-Email,Authentik-Name,Authentik-Uid"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ OIDC отключен, Proxy-защита Authentik активна. Проверьте https://sign.ai-impress.com"
clear
docker logs documenso --tail 50
cd /opt/03-business/documenso
sed -i '/forwardauth/d' docker-compose.yml
sed -i '/middlewares=documenso-auth/d' docker-compose.yml
docker compose down
docker compose up -d
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # Authentik OIDC
      - AUTHENTIK_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
      - AUTHENTIK_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
      - AUTHENTIK_OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)'
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down -v && docker compose up -d && sleep 5 && echo "✅ Documenso перезапущен с чистым OIDC (Authentik SSO). Проверяй https://sign.ai-impress.com/signin"
docker compose down && docker compose up -d
clear
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # Authentik OIDC SSO
      - AUTHENTIK_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
      - AUTHENTIK_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
      - AUTHENTIK_OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)'
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down -v && docker compose up -d && sleep 5 && echo "✅ Documenso перезапущен с Authentik OIDC. Проверь https://sign.ai-impress.com/signin — должна появиться кнопка «Sign in with Authentik»"
clear
docker exec -it documenso printenv | grep AUTHENTIK
https://auth.ai-impress.com/application/o/documenso/.well-known/openid-configuration
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # ✅ OIDC provider for Authentik
      - OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
      - OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
      - OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)'
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down -v && docker compose up -d && sleep 5 && echo "✅ Documenso перезапущен с корректными OIDC_* переменными. Проверь https://sign.ai-impress.com/signin — кнопка SSO должна появиться."
clear
docker exec -it documenso env | grep DATABASE_URL
docker exec -it documenso npx prisma migrate deploy
docker exec -it documenso find / -type f -name "schema.prisma" 2>/dev/null | head -n 10
docker exec -it documenso npx prisma db push --schema=/app/packages/prisma/schema.prisma
npm i @prisma/client@latest   
cd
npm i @prisma/client@latest   
docker exec -it documenso node -e "
import { hash } from 'bcryptjs';
import { PrismaClient } from '@documenso/prisma';
const prisma = new PrismaClient();
(async () => {
  const password = await hash('Cfvjqktyrj123qwe123!', 10);
  await prisma.user.create({
    data: {
      name: 'Vadym Samoilenko',
      email: 'v.samoilenko@ai-impress.com',
      password,
      emailVerified: new Date()
    }
  });
  console.log('✅ Admin user created: admin@ai-impress.com / Admin123!');
  process.exit(0);
})();
"
clear
docker exec -it postgres-main psql -U documenso_user -d documenso -c \
docker exec -it documenso node -e "
import bcrypt from 'bcryptjs';
import { PrismaClient } from '@documenso/prisma';
const prisma = new PrismaClient();
(async () => {
  const password = await bcrypt.hash('Cfvjqktyrj123qwe123!', 10);
  await prisma.user.update({
    where: { email: 'v.samoilenko@ai-impress.com' },
    data: { password }
  });
  console.log('✅ Password updated successfully for v.samoilenko@ai-impress.com');
  process.exit(0);
})();
"
docker exec -it postgres-main psql -U documenso_user -d documenso -c "UPDATE \"User\" SET password = '\$2a\$10\$mL6D3mYVwXkV1TPwzEoYZOKp3o1K8b5R9M4mT6.ywP0czWqgKoSdi' WHERE email = 'v.samoilenko@ai-impress.com';"
docker exec -it postgres-main psql -U documenso_user -d documenso -c "UPDATE \"User\" SET password = '\$2b\$10\$oS2RzSrjW3XKpFoyR4lU7OBlCjDxl6uBLw7ZVZnP7yAKJ5LeL5guG' WHERE email = 'v.samoilenko@ai-impress.com';"
clear
docker exec -it postgres-main psql -U documenso_user -d documenso -c 'DELETE FROM "User";'
docker exec -it postgres-main psql -U documenso_user -d documenso -c "INSERT INTO \"User\" (name, email, \"emailVerified\", password) VALUES ('Admin', 'admin@ai-impress.com', NOW(), '\$2b\$10\$oS2RzSrjW3XKpFoyR4lU7OBlCjDxl6uBLw7ZVZnP7yAKJ5LeL5guG');"
docker logs documenso --tail 200
docker exec -it postgres-main psql -U documenso_user -d documenso -c "DELETE FROM \"User\" WHERE email='admin@ai-impress.com' OR email='v.samoilenko@ai-impress.com';"
docker exec -it postgres-main psql -U documenso_user -d documenso -c 'SELECT id, email FROM "User";'
docker exec -it postgres-main psql -U documenso_user -d documenso -c "INSERT INTO \"User\" (name, email, \"emailVerified\", password) VALUES ('Admin', 'admin@ai-impress.com', NOW(), '\$2b\$10\$oS2RzSrjW3XKpFoyR4lU7OBlCjDxl6uBLw7ZVZnP7yAKJ5LeL5guG');"
docker logs documenso --tail 200
docker exec -it postgres-main psql -U documenso_user -d documenso -c 'TRUNCATE TABLE "User", "Account", "Session", "VerificationToken" RESTART IDENTITY CASCADE;'
docker exec -it postgres-main psql -U documenso_user -d documenso -c 'SELECT COUNT(*) FROM "User";'
clear
cd /opt/03-business/documenso && cat > docker-compose.yml
cat docker-compose.yml 
cd /opt/03-business/documenso && cat > docker-compose.yml << 'EOF'
version: '3.8'

services:
  documenso:
    image: documenso/documenso:latest
    container_name: documenso
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      - DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
      - NEXT_PUBLIC_DISABLE_SIGNUP=false
      - NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
      - NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
      # Prisma variables
      - NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
      # OIDC для сотрудников
      - AUTHENTIK_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
      - AUTHENTIK_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
      - AUTHENTIK_OIDC_ISSUER=https://auth.ai-impress.com/application/o/documenso/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documenso.rule=Host(\`sign.ai-impress.com\`)"
      - "traefik.http.routers.documenso.tls=true"
      - "traefik.http.services.documenso.loadbalancer.server.port=3000"
      # Authentik middleware отключен - клиенты регистрируются напрямую
    volumes:
      - ./data:/data

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

docker compose down && docker compose up -d && sleep 5 && echo "✅ Настроен OIDC для сотрудников, клиенты регистрируются напрямую"
clear
cd /opt/03-business/documenso && docker compose down
cat docker-compose.yml | head -40
nano docker-compose.yml
docker compose down
docker exec -it postgres-main psql -U documenso_user -d documenso
docker compose up -d
docker ps | grep documenso
clear
docker logs documenso --tail 50
docker logs documenso | grep -i error
docker logs documenso --follow
docker exec documenso printenv | grep -E "(DATABASE_URL|NEXTAUTH|SMTP)"
ls -la | grep env
cat .env
vault kv get secret/documenso/smtp
VAULT_TOKEN=hvs.jYguDdf2IzobXG8b9QWyATV8 vault kv get secret/documenso/smtp
nano .env
nano docker-compose.yml
docker compose down && docker compose up -d
clear
docker logs documenso --tail 100
docker exec -it postgres-main psql -U documenso_user -d documenso -c "SELECT datname, datconnlimit FROM pg_database WHERE datname = 'documenso';"
docker exec -it postgres-main psql -U documenso_user -d documenso -c "SELECT id, email, name FROM \"User\";"
docker exec -it postgres-main psql -U documenso_user -d documenso
clear
docker logs documenso --follow
docker exec -it postgres-main psql -U documenso_user -d documenso -c "SELECT email, password FROM \"User\" WHERE email = 'admin@ai-impress.com';"
docker exec -it postgres-main psql -U documenso_user -d documenso -c "DELETE FROM \"User\" WHERE email IN ('admin@ai-impress.com', 'v.samoilenko@ai-impress.com');"
docker exec -it postgres-main psql -U documenso_user -d documenso -c "SELECT * FROM \"EmailDomain\";"
docker exec -it postgres-main psql -U documenso_user -d documenso -c "SELECT * FROM \"SiteSettings\";"
docker exec -it postgres-main psql -U documenso_user -d documenso
clear
docker exec -it postgres-main psql -U documenso_user -d documenso -c "SELECT * FROM \"Account\";"
sudo docker compose -f /root/outline-compose.yml logs outline | grep -i redis
sudo docker compose -f /root/outline-compose.yml exec outline env | grep REDIS_URL
clear
sudo docker compose -f /root/outline-compose.yml logs outline --tail=50
# Проверяем конфигурацию Redis
sudo docker exec redis-main redis-cli config get requirepass
# Проверяем переменные окружения у других сервисов, которые работают с Redis
sudo docker exec n8n-shared env | grep REDIS
# Тестируем подключение к Redis с паролем
sudo docker exec redis-main redis-cli -a bIBCAifqurwLL3qo1gE7kTSJKcxCvlgq ping
clear
sudo cat /root/outline-compose.yml | grep -A 10 -B 10 REDIS_URL
sudo sed -i 's|REDIS_URL: redis://:bIBCAifqurwLL3qo1gE7kTSJKcxCvlgq@redis-main:6379|REDIS_URL: redis://default:bIBCAifqurwLL3qo1gE7kTSJKcxCvlgq@redis-main:6379|g' /root/outline-compose.yml
sudo docker compose -f /root/outline-compose.yml up -d outline
sudo docker compose -f /root/outline-compose.yml ps outline
clar
clear
sudo docker compose -f /root/outline-compose.yml logs outline --tail=20
sudo docker compose -f /root/outline-compose.yml ps outline
sleep 30 && sudo docker compose -f /root/outline-compose.yml ps outline
sudo docker inspect outline --format='{{json .State.Health}}' | jq '.'
clear
sudo docker compose -f /root/outline-compose.yml logs outline --tail=30
curl -f https://wiki.ai-impress.com || echo "HTTP check failed"
curl -I https://wiki.ai-impress.com
# Проверяем основные пути
curl -I https://wiki.ai-impress.com/auth/sso
curl -I https://wiki.ai-impress.com/auth/oidc
clear
sudo docker compose -f /root/outline-compose.yml logs outline | grep -E "(error|ERROR|fail|FAIL|exception|Exception)" | tail -20
sudo docker compose -f /root/outline-compose.yml logs outline | grep -i "database\|postgres\|migration" | tail -10
# Проверяем текущие OIDC настройки в конфиге
sudo cat /root/outline-compose.yml | grep OIDC
# Добавляем переменную для включения OIDC как основного метода аутентификации
sudo sed -i '/OIDC_DISPLAY_NAME: Authentik SSO/a\      OIDC_AUTH_HTTP_METHOD: post' /root/outline-compose.yml
sudo docker compose -f /root/outline-compose.yml up -d outline
sudo docker compose -f /root/outline-compose.yml logs outline --tail=15
# Проверяем, есть ли таблицы в базе данных Outline
sudo docker exec postgres-main psql -U outline_user -d outline -c "\dt"
sudo docker exec postgres-main psql -U outline_user -d outline -c "SELECT COUNT(*) as user_count FROM users;"
sudo docker exec postgres-main psql -U outline_user -d outline -c "SELECT id, name, domain FROM teams;"
clear
# Добавляем переменную для принудительного использования OIDC
sudo sed -i '/OIDC_DISPLAY_NAME: Authentik SSO/a\      OIDC_AUTH_HTTP_METHOD: post' /root/outline-compose.yml
sudo sed -i '/OIDC_AUTH_HTTP_METHOD: post/a\      OIDC_AUTH_ENABLED: "true"' /root/outline-compose.yml
sudo docker compose -f /root/outline-compose.yml up -d outline
# Смотрим на текущие OIDC настройки
sudo cat /root/outline-compose.yml | grep -A 15 "OIDC_"
# Создаем временный файл для исправления конфига
sudo cp /root/outline-compose.yml /root/outline-compose.yml.backup
# Удаляем дублирующиеся строки
sudo sed -i '/OIDC_AUTH_HTTP_METHOD: post/d' /root/outline-compose.yml
sudo sed -i '/OIDC_AUTH_ENABLED: "true"/d' /root/outline-compose.yml
# Добавляем правильные настройки один раз после OIDC_DISPLAY_NAME
sudo sed -i '/OIDC_DISPLAY_NAME: Authentik SSO/a\      OIDC_AUTH_HTTP_METHOD: post\n      OIDC_AUTH_ENABLED: "true"' /root/outline-compose.yml
sudo docker compose -f /root/outline-compose.yml up -d outline
sudo docker compose -f /root/outline-compose.yml ps outline
clear
sudo docker logs traefik | grep outline | tail -5
sleep 10 && sudo docker compose -f /root/outline-compose.yml logs outline --tail=10
clear
# Проверяем Traefik сервисы
sudo docker exec traefik traefik service list | grep outline
# Проверяем Traefik роутеры
sudo docker exec traefik traefik router list | grep outline
sudo cat /root/outline-compose.yml | grep -A 10 "labels:"
# Проверяем логи Traefik на предмет ошибок маршрутизации
sudo docker logs traefik --tail=20 | grep -i outline
# Или проверим доступность Outline напрямую через localhost
sudo docker exec outline wget -q -O - http://localhost:3000/ || echo "Direct access failed"
sudo docker compose -f /root/outline-compose.yml ps outline
# Проверяем процессы внутри контейнера Outline
sudo docker exec outline ps aux
# Проверяем слушающие порты
sudo docker exec outline netstat -tlnp
# Проверяем последние ошибки в логах
sudo docker compose -f /root/outline-compose.yml logs outline | tail -20
clear
# Проверяем из хоста доступность порта контейнера
sudo docker port outline
# Или проверяем через curl из хоста
sudo docker exec outline curl -f http://localhost:3000/ || echo "Curl failed"
# Проверим статус контейнера подробнее
sudo docker inspect outline | grep -A 10 "State"
# Проверяем доступность порта через nc (должен быть в образе)
sudo docker exec outline sh -c "nc -z localhost 3000 && echo 'Port 3000 is open' || echo 'Port 3000 is closed'"
# Проверим полные логи на наличие ошибок инициализации
sudo docker compose -f /root/outline-compose.yml logs outline --since=5m | grep -v "lifecycle.*info" | grep -v "plugins.*info"
# Перезапускаем и смотрим логи в реальном времени
sudo docker compose -f /root/outline-compose.yml restart outline
sudo docker compose -f /root/outline-compose.yml logs outline -f --tail=0
clear
# Проверим доступность OIDC endpoints
curl -I "https://auth.ai-impress.com/application/o/outline-wiki/.well-known/openid-configuration"
# Восстанавливаем OIDC настройки
sudo cp /root/outline-compose.yml.backup /root/outline-compose.yml
# Проверим, может быть проблема в том, что Outline требует HTTPS даже для health check
sudo docker compose -f /root/outline-compose.yml up -d outline
clear
# Восстанавливаем чистый конфиг из backup
sudo cp /root/outline-compose.yml.backup /root/outline-compose.yml
# Удаляем все дублирующиеся OIDC настройки и добавляем только нужные
sudo sed -i '/OIDC_AUTH_HTTP_METHOD/d' /root/outline-compose.yml
sudo sed -i '/OIDC_AUTH_ENABLED/d' /root/outline-compose.yml
# Добавляем debug логирование после OIDC_SCOPES
sudo sed -i '/OIDC_SCOPES: openid profile email/a\      DEBUG: "outline:*"' /root/outline-compose.yml
# Перезапускаем
sudo docker compose -f /root/outline-compose.yml up -d outline
# Проверяем логи с debug информацией
sleep 10
sudo docker compose -f /root/outline-compose.yml logs outline --tail=30
clear
sudo sed -i '/DEBUG: "outline:*"/a\      LOG_LEVEL: debug' /root/outline-compose.yml
sudo docker compose -f /root/outline-compose.yml up -d outline
sleep 10
sudo docker compose -f /root/outline-compose.yml logs outline --tail=50
sudo docker images | grep outline
sudo docker compose -f /root/outline-compose.yml down
sudo docker compose -f /root/outline-compose.yml up -d outline
sleep 15
sudo docker compose -f /root/outline-compose.yml ps outline
sudo docker compose -f /root/outline-compose.yml logs outline --tail=20
clear
# Создаем временный конфиг без OIDC
sudo cp /root/outline-compose.yml /root/outline-compose.yml.no-oidc
# Комментируем все OIDC настройки
sudo sed -i 's/^      OIDC_/#      OIDC_/g' /root/outline-compose.yml.no-oidc
# Запускаем без OIDC
sudo docker compose -f /root/outline-compose.yml.no-oidc up -d outline
# Проверяем
sleep 15
sudo docker compose -f /root/outline-compose.yml.no-oidc ps outline
# Проверяем порт
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Восстанавливаем оригинальный конфиг
sudo cp /root/outline-compose.yml.backup /root/outline-compose.yml
# Проверяем базовые OIDC настройки (только CLIENT_ID и CLIENT_SECRET)
sudo sed -i '/OIDC_CLIENT_SECRET:.*/a\      # OIDC_AUTH_URI: https://auth.ai-impress.com/application/o/authorize/' /root/outline-compose.yml
sudo sed -i 's/OIDC_AUTH_URI:/# OIDC_AUTH_URI:/g' /root/outline-compose.yml
sudo sed -i 's/OIDC_TOKEN_URI:/# OIDC_TOKEN_URI:/g' /root/outline-compose.yml
sudo sed -i 's/OIDC_USERINFO_URI:/# OIDC_USERINFO_URI:/g' /root/outline-compose.yml
sudo sed -i 's/OIDC_LOGOUT_URI:/# OIDC_LOGOUT_URI:/g' /root/outline-compose.yml
sudo sed -i 's/OIDC_USERNAME_CLAIM:/# OIDC_USERNAME_CLAIM:/g' /root/outline-compose.yml
sudo sed -i 's/OIDC_DISPLAY_NAME:/# OIDC_DISPLAY_NAME:/g' /root/outline-compose.yml
sudo sed -i 's/OIDC_SCOPES:/# OIDC_SCOPES:/g' /root/outline-compose.yml
# Запускаем с минимальными OIDC настройками
sudo docker compose -f /root/outline-compose.yml up -d outline
sleep 10
sudo docker compose -f /root/outline-compose.yml ps outline
sudo cp /root/outline-compose.yml.backup /root/outline-compose.yml.clean
sudo sed -i '/OIDC_AUTH_URI:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_TOKEN_URI:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_USERINFO_URI:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_LOGOUT_URI:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_USERNAME_CLAIM:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_DISPLAY_NAME:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_SCOPES:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_AUTH_HTTP_METHOD:/d' /root/outline-compose.yml.clean
sudo sed -i '/OIDC_AUTH_ENABLED:/d' /root/outline-compose.yml.clean
sudo sed -i '/DEBUG:/d' /root/outline-compose.yml.clean
sudo sed -i '/LOG_LEVEL:/d' /root/outline-compose.yml.clean
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker compose -f /root/outline-compose.yml.clean ps outline
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Добавляем OIDC_AUTH_URI
sudo sed -i '/OIDC_CLIENT_SECRET:.*/a\      OIDC_AUTH_URI: https://auth.ai-impress.com/application/o/authorize/' /root/outline-compose.yml.clean
# Перезапускаем и проверяем
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Добавляем OIDC_TOKEN_URI
sudo sed -i '/OIDC_AUTH_URI:.*/a\      OIDC_TOKEN_URI: https://auth.ai-impress.com/application/o/token/' /root/outline-compose.yml.clean
# Перезапускаем и проверяем
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Добавляем OIDC_USERINFO_URI
sudo sed -i '/OIDC_TOKEN_URI:.*/a\      OIDC_USERINFO_URI: https://auth.ai-impress.com/application/o/userinfo/' /root/outline-compose.yml.clean
# Перезапускаем и проверяем
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Добавляем OIDC_LOGOUT_URI
sudo sed -i '/OIDC_USERINFO_URI:.*/a\      OIDC_LOGOUT_URI: https://auth.ai-impress.com/application/o/outline-wiki/end-session/' /root/outline-compose.yml.clean
# Перезапускаем и проверяем
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Добавляем OIDC_USERNAME_CLAIM
sudo sed -i '/OIDC_LOGOUT_URI:.*/a\      OIDC_USERNAME_CLAIM: preferred_username' /root/outline-compose.yml.clean
# Перезапускаем и проверяем
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Добавляем OIDC_DISPLAY_NAME
sudo sed -i '/OIDC_USERNAME_CLAIM:.*/a\      OIDC_DISPLAY_NAME: Authentik SSO' /root/outline-compose.yml.clean
# Перезапускаем и проверяем
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Добавляем OIDC_SCOPES
sudo sed -i '/OIDC_DISPLAY_NAME:.*/a\      OIDC_SCOPES: openid profile email' /root/outline-compose.yml.clean
# Перезапускаем и проверяем
sudo docker compose -f /root/outline-compose.yml.clean up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
clear
# Создаем финальный конфиг со всеми OIDC настройками
sudo cp /root/outline-compose.yml.clean /root/outline-compose.yml.final
# Проверяем синтаксис YAML
sudo python3 -c "import yaml; yaml.safe_load(open('/root/outline-compose.yml.final'))" && echo "YAML syntax OK" || echo "YAML syntax ERROR"
# Запускаем с полным конфигом
sudo docker compose -f /root/outline-compose.yml.final up -d outline
sleep 10
sudo docker exec outline sh -c "timeout 5 bash -c 'until echo > /dev/tcp/localhost/3000; do sleep 0.5; done' && echo 'Port 3000 open' || echo 'Port 3000 closed'"
# Заменяем оригинальный конфиг исправленным
sudo cp /root/outline-compose.yml.final /root/outline-compose.yml
# Перезапускаем с исправленным конфигом
sudo docker compose -f /root/outline-compose.yml up -d outline
# Проверяем статус
sleep 10
sudo docker compose -f /root/outline-compose.yml ps outline
# Проверяем доступность через браузер
curl -I https://wiki.ai-impress.com
# Проверяем стандартные пути аутентификации
curl -I "https://wiki.ai-impress.com/auth/sso"
curl -I "https://wiki.ai-impress.com/auth/oidc" 
sudo docker logs traefik --tail=20 | grep -i outline
# Проверим доступность напрямую к контейнеру
sudo docker exec outline wget -q -O - http://localhost:3000/auth/sso 2>/dev/null || echo "Direct access failed"
# Или проверим через curl из хоста к порту контейнера
OUTLINE_IP=$(sudo docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' outline)
curl -I http://$OUTLINE_IP:3000/ || echo "Direct container access failed"
clear
# Получаем правильный IP адрес
sudo docker inspect outline | grep IPAddress
# Проверяем в какой сети находится Outline
sudo docker inspect outline | grep -A 5 Networks
# Проверяем доступность из другой сети
sudo docker run --rm --network traefik-public curlimages/curl curl -I http://outline:3000/ || echo "Access from traefik network failed"
# Проверяем логи Outline на наличие ошибок инициализации
sudo docker compose -f /root/outline-compose.yml logs outline | grep -E "(error|Error|ERROR|fatal|Fatal)" | tail -10
sudo cat /root/outline-compose.yml | grep "URL:"
# Проверим сервисы Traefik
sudo docker exec traefik traefik service list
# Или посмотрим конфигурацию через API
curl -s http://localhost:8080/api/http/services | jq '.' | grep -A 10 -B 10 outline
clear
# Проверим сервисы через Traefik API
curl -s http://localhost:8080/api/http/services | jq -r 'keys[]' | grep outline || echo "Outline service not found"
# Проверим роутеры
curl -s http://localhost:8080/api/http/routers | jq -r 'keys[]' | grep outline || echo "Outline router not found"
# Проверим лейблы
sudo docker inspect outline | jq -r '.[0].Config.Labels'
# Проверим сети
sudo docker inspect outline | jq -r '.[0].NetworkSettings.Networks | keys[]'
# Проверим текущий конфиг Outline
sudo cat /root/outline-compose.yml | grep -A 15 "labels:"
# Удаляем старый контейнер
sudo docker compose -f /root/outline-compose.yml down
# Запускаем с правильным конфигом
sudo docker compose -f /root/outline-compose.yml up -d outline
# Проверяем лейблы
sudo docker inspect outline | jq -r '.[0].Config.Labels' | grep compose
# Проверяем Traefik
sleep 10
curl -s http://localhost:8080/api/http/services | jq -r 'keys[]' | grep outline || echo "Outline service not found"
sudo docker compose -f /root/outline-compose.yml up -d outline --force-recreate
# Смотрим логи Traefik на предмет ошибок
sudo docker logs traefik --tail=20 | grep -i error
# Принудительно перезапускаем Traefik
sudo docker restart traefik
# Ждём и проверяем
sleep 15
curl -s http://localhost:8080/api/http/services | jq -r 'keys[]' | grep outline || echo "Outline service still not found"
clear
# Ищем бекапы Outline
find /root /opt /home -name "*outline*backup*" -o -name "*outline*old*" -o -name "*outline*.bak*" 2>/dev/null
# Или проверяем историю конфигов
ls -la /root/ | grep outline
# Или посмотрим есть ли git история
cd /root && git log --oneline -10 | grep outline || echo "No git history"
# Проверим в текущей директории
ls -la | grep outline
# Или поищем в домашней директории
find ~ -name "*outline*" 2>/dev/null
# Проверим историю команд с outline
history | grep outline | head -10
clear
# Проверим подключенные диски
df -h | grep -E "(backup|mnt)"
# Ищем бекапы Outline
find /mnt /backup /var/backups -name "*outline*" -type f 2>/dev/null
# Или поищем по шаблону
sudo find / -name "*outline*backup*" -o -name "*outline*.bak*" -o -name "*outline*old*" 2>/dev/null | head -20
# Проверим стандартные места для бекапов
ls -la /mnt/backups/ 2>/dev/null | grep outline
ls -la /backup/ 2>/dev/null | grep outline
# Ищем дампы базы данных
find /mnt /backup -name "*outline*.sql" -o -name "*outline*.dump" 2>/dev/null
# Проверим есть ли бекапы docker volumes
find /mnt /backup -name "*outline*data*" -type d 2>/dev/null
sudo cp /root/outline-compose.yml.backup /root/outline-compose.yml
sudo docker compose -f /root/outline-compose.yml up -d outline --force-recreate
sudo sed -i '27d' /root/outline-compose.yml
sudo docker compose -f /root/outline-compose.yml up -d outline --force-recreate
sudo tar -xzf /mnt/backups/outline/outline-20251030-190937.tar.gz -C /tmp/
sudo cp /tmp/outline/outline-compose.yml /root/outline-compose.yml
ls -la /tmp/outline/
find /tmp -name "*outline*" -type d 2>/dev/null
sudo tar -tzf /mnt/backups/outline/outline-20251030-190937.tar.gz | head -10
sudo tar -xzf /mnt/backups/outline/outline-20251030-030043.tar.gz -C /tmp/outline-300
sudo mkdir -p /tmp/outline-300 && sudo tar -xzf /mnt/backups/outline/outline-20251030-030043.tar.gz -C /tmp/outline-300
find /tmp/outline-300 -name "*.yml" -o -name "*.yaml" -o -name "*compose*" 2>/dev/null
sudo cat > /root/outline-compose.yml << 'EOF'
version: '3.8'

services:
  outline:
    image: outlinewiki/outline:latest
    container_name: outline
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    environment:
      URL: https://wiki.ai-impress.com
      PORT: 3000
      DATABASE_URL: postgres://outline_user:1iBwiuyB6mANxYQM0vG7iPd6zp8A0PkL@postgres-main:5432/outline
      PGSSLMODE: disable
      REDIS_URL: redis://default:bIBCAifqurwLL3qo1gE7kTSJKcxCvlgq@redis-main:6379
      SECRET_KEY: b4d15eaa5d1a77ff3c9fc39d56057e2fa995a62fb4d3729aa1ff8be9adddd7a3
      UTILS_SECRET: c48f9339f8e0a29f418c0f7e26c378081ad5f48617a3076695f97c0004d91f74
    labels:
      - traefik.enable=true
      - traefik.http.routers.outline.rule=Host(`wiki.ai-impress.com`)
      - traefik.http.routers.outline.entrypoints=websecure
      - traefik.http.routers.outline.tls=true
      - traefik.http.routers.outline.tls.certresolver=letsencrypt
      - traefik.http.services.outline.loadbalancer.server.port=3000

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

ls -la /opt/03-business/outline/
cp /opt/03-business/outline/docker-compose.yml.backup /opt/03-business/outline/docker-compose.yml
cd /opt/03-business/outline && sudo docker compose up -d outline --force-recreate
sudo docker stop outline && sudo docker rm outline
sudo docker compose up -d outline
sudo docker compose ps outline
curl -I https://wiki.ai-impress.com
sudo docker compose logs outline --tail=10
cat /opt/03-business/outline/.env
cat /opt/03-business/outline/docker-compose.yml
cp /opt/03-business/outline/docker-compose.yml /opt/03-business/outline/docker-compose.yml.backup2
cat > /opt/03-business/outline/docker-compose.yml << 'EOF'
version: '3.8'

services:
  outline:
    image: outlinewiki/outline:latest
    container_name: outline
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    env_file:
      - .env
    volumes:
      - outline-data:/var/lib/outline/data
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-public"
      - "traefik.http.routers.outline.rule=Host(\`wiki.ai-impress.com\`)"
      - "traefik.http.routers.outline.entrypoints=websecure"
      - "traefik.http.routers.outline.tls.certresolver=cloudflare"
      - "traefik.http.services.outline.loadbalancer.server.port=3000"

volumes:
  outline-data:

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

sudo docker compose up -d outline --force-recreate
cat > /opt/03-business/outline/docker-compose.yml << 'EOF'
version: '3.8'

services:
  outline:
    image: outlinewiki/outline:latest
    container_name: outline
    restart: unless-stopped
    networks:
      - traefik-public
      - database-internal
    env_file:
      - .env
    volumes:
      - outline-data:/var/lib/outline/data
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-public"
      - "traefik.http.routers.outline.rule=Host(`wiki.ai-impress.com`)"
      - "traefik.http.routers.outline.entrypoints=websecure"
      - "traefik.http.routers.outline.tls.certresolver=cloudflare"
      - "traefik.http.services.outline.loadbalancer.server.port=3000"

volumes:
  outline-data:

networks:
  traefik-public:
    external: true
  database-internal:
    external: true
EOF

sudo docker compose up -d outline --force-recreate
sudo docker compose ps outline && sudo docker compose logs outline --tail=5
clear
sudo docker exec postgres-main psql -U aimpress_admin -c "SELECT usename FROM pg_user WHERE usename = 'outline_user';"
sed -i 's|DATABASE_URL=postgres://outline_user:1Ldt9mhOYpswiAxntVkE9RAHfAMY0ZVf@postgres-main:5432/outline|DATABASE_URL=postgres://outline_user:1iBwiuyB6mANxYQM0vG7iPd6zp8A0PkL@postgres-main:5432/outline|g' /opt/03-business/outline/.env
sudo docker compose up -d outline --force-recreate
sudo docker compose ps outline && sudo docker compose logs outline --tail=5
curl -I https://wiki.ai-impress.com
clear
sed -i '/^OIDC_/d' /opt/03-business/outline/.env && cat >> /opt/03-business/outline/.env << 'EOF'

OIDC_CLIENT_ID=F5mafsWDAxaG443fMbpzmxFvAv2JsNx95ijHNhBo
OIDC_CLIENT_SECRET=YX6ZKDjMFXnzOYgUDmagaA20Od6Ylwvqz36J4BNybsMTPS9QTKG0sih9abz5VFZUDNx8MOAFdnCh47MqUphMFxgezVtBQdgj7B9tINhc3x5Eo8EgzJNTba0tOStpDQBu
OIDC_AUTH_URI=https://auth.ai-impress.com/application/o/authorize/
OIDC_TOKEN_URI=https://auth.ai-impress.com/application/o/token/
OIDC_USERINFO_URI=https://auth.ai-impress.com/application/o/userinfo/
OIDC_LOGOUT_URI=https://auth.ai-impress.com/application/o/outline-wiki/end-session/
OIDC_USERNAME_CLAIM=preferred_username
OIDC_DISPLAY_NAME=Authentik SSO
OIDC_SCOPES=openid profile email
EOF

sudo docker compose up -d outline --force-recreate
sudo docker compose logs outline --tail=20
curl -I https://wiki.ai-impress.com
clear
sudo docker exec outline env | grep OIDC
sed -i 's/OIDC_CLIENT_ID=F5mafsWDAxaG443fMbpzmxFvAv2JsNx95ijHNhBo/OIDC_CLIENT_ID=Sw4aPDfHRibNMBhUn6AnNQnAe3XwgtaiPyoH5RGL/g' /opt/03-business/outline/.env
sudo docker compose up -d outline --force-recreate
sudo docker compose logs outline --tail=20
curl -I https://wiki.ai-impress.com
curl -s "https://auth.ai-impress.com/application/o/outline-wiki/.well-known/openid-configuration" | jq '.'
cat /opt/03-business/outline/.env | grep OIDC
clear
sudo docker compose logs outline | grep -i "error\|fail\|auth" | tail -10
sed -i 's|OIDC_CLIENT_SECRET=.*|OIDC_CLIENT_SECRET=deijBvXUXWlG2n1izTywDLmshJqXmnYNygCh0twIoGFnhFThPCtC9DaB0hIgP93XM5eRj7j1cxws7lgQy26tAbvEoQECSJF3SL8M6X9LafAJ70nmaSAVyZqbJmfEFgrl|g' /opt/03-business/outline/.env
sudo docker compose up -d outline --force-recreate
curl -I https://wiki.ai-impress.com
clear
curl -I https://wiki.ai-impress.com
docker exec -it postgres-main psql -U aimpress_admin
clear
docker exec -it vault vault kv put secret/wikijs/database password='sT9pLqV2!kG4wJ7aC1rE'
docker exec -it -e VAULT_TOKEN="hvs.jYguDdf2IzobXG8b9QWyATV8" vault vault kv put secret/wikijs/database password='sT9pLqV2!kG4wJ7aC1rE'
mkdir -p /opt/03-business/wikijs
cd /opt/03-business/wikijs
nano docker-compose.yml
docker-compose up -d
docker logs wikijs
clear
docker exec -it postgres-main psql -U aimpress_admin
docker-compose -f /opt/03-business/wikijs/docker-compose.yml restart wikijs
cd
docker-compose -f /opt/03-business/wikijs/docker-compose.yml restart wiki
docker logs wikijs
clear
docker exec -it wikijs sh
docker-compose -f /opt/03-business/wikijs/docker-compose.yml stop wiki
sudo nano /var/lib/docker/volumes/wikijs_data/_data/config.yml
sudo find /var/lib/docker/volumes -name "config.yml" | grep wiki
docker exec -it postgres-main psql -U aimpress_admin
docker-compose -f /opt/03-business/wikijs/docker-compose.yml restart wiki
docker exec -it postgres-main psql -U aimpress_admin
docker-compose -f /opt/03-business/wikijs/docker-compose.yml restart wiki
docker compose restart authentik
clear
docker restart authentik-server authentik-worker authentik-redis authentik-postgres
ls /tmp/outline-updates/
cd /tmp
ls
health
sudo systemctl status ssh
cd /mnt
ls
cd psql-data/
ls -la
sudo chown -R ubuntu:ubuntu /mnt/psql-data/n8n-mcp
sudo chown -R ubuntu:ubuntu /mnt/psql-data/pgdata
ls -la /mnt/psql-data
cd
ls -ld ~ ~/.ssh ~/.ssh/authorized_keys
chmod 755 /home/ubuntu
ls -ld ~ ~/.ssh ~/.ssh/authorized_keys
/opt/05-backups/scripts/admin.sh status
/opt/05-backups/scripts/admin.sh
/opt/05-backups/scripts/admin.sh health
docker logs authentik-server --tail 50 | grep -i 'client_id\|oauth\|odoo'
docker exec authentik-server ak provider list | grep -i odoo
clear
docker exec authentik-server curl -s http://localhost:9000/api/v3/providers/oauth2/ -H "Authorization: Bearer $(docker exec authentik-server cat /authentik-data/.env | grep AUTHENTIK_SECRET_KEY | cut -d= -f2)" | jq '.results[] | {name: .name, client_id: .client_id}'
cat /opt/03-business/odoo/.env
nano /opt/03-business/odoo/.env
