AgentSkillsCN

lacajita-deployment

La Cajita TV 部署与运维的技能。适用于处理 Nginx、Docker、systemd、SSL、Cloudflare、CI/CD,或任何基础设施与部署相关的工作时使用。

SKILL.md
--- frontmatter
name: lacajita-deployment
description: Skill para deployment y operaciones de La Cajita TV. Usar cuando se trabaje con Nginx, Docker, systemd, SSL, Cloudflare, CI/CD, o cualquier tarea de infraestructura y despliegue.
license: MIT

La Cajita TV - Deployment Skill

Guía para deployment, infraestructura y operaciones.

Arquitectura de Producción

code
Usuario (Web/Mobile)
        │
        │ HTTPS
        ▼
  Cloudflare (CDN + WAF + SSL)
        │
        │ HTTP (puerto 80)
        ▼
    Nginx (Reverse Proxy)
        │
        ├─────────────────────────────────┐
        │                                 │
        ▼                                 ▼
   Frontend SPA                      FastAPI Backend
   /dist (estático)                  Puerto 8000/8001

Servidores

ServicioURLPuerto
Frontend Adminhttps://caja.segrd.com80 → Nginx
API Mobilehttps://caja.segrd.com/api80 → 8000
API Adminhttps://caja.segrd.com/api80 → 8001
Sajet (alternativo)https://b5f8a23e7d06c2de5ef515ae93e16016.sajet.us80/443

Nginx

Configuración Principal

bash
# Archivo de configuración
/etc/nginx/sites-available/lacajita
/etc/nginx/sites-enabled/lacajita -> ../sites-available/lacajita

# Validar configuración
nginx -t

# Recargar
systemctl reload nginx

# Reiniciar
systemctl restart nginx

# Ver logs
tail -f /var/log/nginx/error.log
tail -f /var/log/nginx/access.log

Estructura de Rutas

nginx
server {
    listen 80;
    server_name caja.segrd.com;
    
    # Frontend SPA
    root /opt/adm-caja-unified/fastapi-playlists/Lacajita/Adm-Caj/dist;
    location / {
        try_files $uri $uri/ /index.html;
    }
    
    # API Backend (quita /api)
    location /api/ {
        rewrite ^/api/(.*)$ /$1 break;
        proxy_pass http://127.0.0.1:8001;
    }
    
    # Imágenes estáticas
    location /img/ {
        alias /opt/adm-caja-unified/fastapi-playlists/img/;
        expires 30d;
    }
}

Servicios Systemd

API Admin (puerto 8001)

bash
# Estado
systemctl status lacajita-api

# Reiniciar
systemctl restart lacajita-api

# Ver logs
journalctl -u lacajita-api -f

API Mobile (puerto 8000)

bash
# Estado
systemctl status lacajita-mobile

# Reiniciar
systemctl restart lacajita-mobile

# Ver logs
journalctl -u lacajita-mobile -f

Crear Servicio Systemd

ini
# /etc/systemd/system/lacajita-api.service
[Unit]
Description=La Cajita TV API
After=network.target postgresql.service

[Service]
Type=simple
User=www-data
WorkingDirectory=/opt/adm-caja-unified/fastapi-playlists/Lacajita
ExecStart=/opt/adm-caja-unified/fastapi-playlists/Lacajita/venv/bin/uvicorn Api:app --host 127.0.0.1 --port 8001
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Build y Deploy

Frontend

bash
cd /opt/adm-caja-unified/fastapi-playlists/Lacajita/Adm-Caj

# Build
npm run build

# Resultado en /dist
ls -la dist/

Deploy Script

bash
# Script existente
/opt/adm-caja-unified/fastapi-playlists/Lacajita/deploy/build-and-deploy.sh

# O manual:
cd /opt/adm-caja-unified/fastapi-playlists/Lacajita/Adm-Caj
npm run build
systemctl reload nginx

Cloudflare

DNS

code
caja.segrd.com → Cloudflare Proxy → 24.199.80.16 (origen)

Configuración Recomendada

  • SSL: Full (strict) si hay cert en origen, Full si no
  • Always Use HTTPS: ON
  • Minimum TLS Version: 1.2
  • Auto Minify: HTML, CSS, JS
  • Caching Level: Standard

SSL/Certificados

Let's Encrypt (sajet.us)

bash
# Certificados existentes
ls /etc/letsencrypt/live/b5f8a23e7d06c2de5ef515ae93e16016.sajet.us/

# Renovar
certbot renew

# Nuevo certificado
certbot --nginx -d dominio.com

Para caja.segrd.com

SSL es manejado por Cloudflare (no necesita cert en origen).

Docker (Opcional)

docker-compose.yml

yaml
version: '3.8'
services:
  api:
    build: ./api
    ports:
      - "8001:8001"
    environment:
      - DATABASE_URL=postgresql://...
    depends_on:
      - db
      - redis
  
  db:
    image: postgres:15
    environment:
      POSTGRES_DB: lacajita_db
      POSTGRES_USER: lacajita_app
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
  
  redis:
    image: redis:7
    ports:
      - "6379:6379"

volumes:
  postgres_data:

Comandos Docker

bash
# Iniciar servicios
docker-compose up -d

# Ver logs
docker-compose logs -f api

# Rebuild
docker-compose build --no-cache api
docker-compose up -d

Health Checks

bash
# Frontend
curl -s -o /dev/null -w "%{http_code}" https://caja.segrd.com/

# API Admin
curl -s https://caja.segrd.com/api/health

# API Mobile
curl -s http://127.0.0.1:8000/health

# Nginx
systemctl status nginx

# PostgreSQL
pg_isready -h localhost -U lacajita_app

# Puertos
ss -tlnp | grep -E "(80|8000|8001)"

Troubleshooting

502 Bad Gateway

bash
# Verificar backend corriendo
ps aux | grep uvicorn

# Verificar puertos
ss -tlnp | grep 8001

# Ver logs nginx
tail -50 /var/log/nginx/error.log

# Reiniciar servicios
systemctl restart lacajita-api
systemctl restart nginx

Frontend no carga

bash
# Verificar build existe
ls -la /opt/adm-caja-unified/fastapi-playlists/Lacajita/Adm-Caj/dist/

# Rebuild
cd /opt/adm-caja-unified/fastapi-playlists/Lacajita/Adm-Caj
npm run build

# Verificar nginx config
nginx -t
systemctl reload nginx

API no responde

bash
# Ver logs
journalctl -u lacajita-api -n 100

# Reiniciar
systemctl restart lacajita-api

# Verificar base de datos
pg_isready -h localhost

Checklist de Deploy

  • Tests pasando
  • npm run build exitoso
  • Nginx config válida (nginx -t)
  • Servicios reiniciados
  • Health checks OK
  • Cloudflare cache purgado (si necesario)
  • Monitoreo Sentry revisado