layar baru antrean klinik dan masuk

2026-01-08 12:44:40 +07:00
parent 96b10b9e75
commit 2d3d589fe6
18 changed files with 3253 additions and 69 deletions
@@ -0,0 +1,371 @@
+# Checklist Perubahan Domain
+
+Ketika mengubah domain aplikasi, ikuti checklist berikut:
+
+## 1. File Environment (.env)
+
+**Ubah `AUTH_ORIGIN` sesuai domain baru:**
+
+### Development:
+```env
+AUTH_ORIGIN="https://antrean.dev.rssa.id"
+```
+
+### Production:
+```env
+AUTH_ORIGIN="https://antrean.rssa.id"
+```
+
+**Lokasi:** `.env` (atau `.env.development` / `.env.production`)
+
+---
+
+## 2. Keycloak Configuration
+
+**Di Keycloak Admin Console → Clients → [Your Client] → Settings:**
+
+### Valid Redirect URIs:
+Tambahkan:
+- `https://antrean.dev.rssa.id/api/auth/keycloak-callback` (development)
+- `https://antrean.rssa.id/api/auth/keycloak-callback` (production)
+
+### Valid Post Logout Redirect URIs:
+Tambahkan:
+- `https://antrean.dev.rssa.id/LoginPage*` (development)
+- `https://antrean.rssa.id/LoginPage*` (production)
+
+### Web Origins:
+Tambahkan:
+- `https://antrean.dev.rssa.id` (development)
+- `https://antrean.rssa.id` (production)
+
+**Catatan:** Gunakan wildcard `*` untuk post logout redirect agar bisa handle query parameters.
+
+---
+
+## 3. nuxt.config.ts (Opsional)
+
+**Jika menggunakan IP address untuk development:**
+
+```typescript
+devServer: {
+  port: 3000,
+  host: '0.0.0.0'  // atau IP address jika perlu
+}
+```
+
+**Untuk production dengan domain, biasanya tidak perlu diubah.**
+
+---
+
+## 4. Kubernetes Configuration
+
+### 4.1. ConfigMap (untuk non-sensitive environment variables)
+
+**Buat atau update ConfigMap:**
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: antrean-config
+  namespace: default  # atau namespace Anda
+data:
+  AUTH_ORIGIN: "https://antrean.rssa.id"  # atau https://antrean.dev.rssa.id untuk dev
+  KEYCLOAK_ISSUER: "https://auth.rssa.top/realms/sandbox"
+  KEYCLOAK_CLIENT_ID: "akbar-test"
+```
+
+**Atau gunakan kubectl:**
+```bash
+kubectl create configmap antrean-config \
+  --from-literal=AUTH_ORIGIN=https://antrean.rssa.id \
+  --from-literal=KEYCLOAK_ISSUER=https://auth.rssa.top/realms/sandbox \
+  --from-literal=KEYCLOAK_CLIENT_ID=akbar-test \
+  -n <your-namespace>
+```
+
+### 4.2. Secret (untuk sensitive data)
+
+**Buat Secret untuk credentials:**
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: antrean-secrets
+  namespace: default
+type: Opaque
+stringData:
+  KEYCLOAK_CLIENT_SECRET: "your-secret-here"
+  NUXT_AUTH_SECRET: "your-super-secret-string-of-at-least-32-characters"
+```
+
+**Atau gunakan kubectl:**
+```bash
+kubectl create secret generic antrean-secrets \
+  --from-literal=KEYCLOAK_CLIENT_SECRET=your-secret \
+  --from-literal=NUXT_AUTH_SECRET=your-auth-secret \
+  -n <your-namespace>
+```
+
+### 4.3. Ingress (untuk domain routing)
+
+**Update Ingress dengan domain baru:**
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: antrean-ingress
+  namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"  # atau issuer Anda
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx  # atau ingress class Anda
+  tls:
+  - hosts:
+    - antrean.rssa.id
+    - antrean.dev.rssa.id
+    secretName: antrean-tls-secret
+  rules:
+  - host: antrean.rssa.id
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: antrean-service
+            port:
+              number: 3000
+  - host: antrean.dev.rssa.id
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: antrean-dev-service
+            port:
+              number: 3000
+```
+
+### 4.4. Deployment (update environment variables)
+
+**Update Deployment untuk menggunakan ConfigMap dan Secret:**
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: antrean-app
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: antrean
+  template:
+    metadata:
+      labels:
+        app: antrean
+    spec:
+      containers:
+      - name: antrean
+        image: your-registry/antrean:latest
+        ports:
+        - containerPort: 3000
+        env:
+        # Dari ConfigMap
+        - name: AUTH_ORIGIN
+          valueFrom:
+            configMapKeyRef:
+              name: antrean-config
+              key: AUTH_ORIGIN
+        - name: KEYCLOAK_ISSUER
+          valueFrom:
+            configMapKeyRef:
+              name: antrean-config
+              key: KEYCLOAK_ISSUER
+        - name: KEYCLOAK_CLIENT_ID
+          valueFrom:
+            configMapKeyRef:
+              name: antrean-config
+              key: KEYCLOAK_CLIENT_ID
+        # Dari Secret
+        - name: KEYCLOAK_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: antrean-secrets
+              key: KEYCLOAK_CLIENT_SECRET
+        - name: NUXT_AUTH_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: antrean-secrets
+              key: NUXT_AUTH_SECRET
+        envFrom:
+        # Atau load semua dari ConfigMap (opsional)
+        # - configMapRef:
+        #     name: antrean-config
+```
+
+**Atau update dengan kubectl:**
+```bash
+kubectl set env deployment/antrean-app \
+  AUTH_ORIGIN=https://antrean.rssa.id \
+  --from=configmap/antrean-config \
+  -n <your-namespace>
+```
+
+### 4.5. Service (biasanya tidak perlu diubah)
+
+Service biasanya tidak perlu diubah karena hanya routing internal.
+
+### 4.6. Rollout/Restart Deployment
+
+**Setelah update ConfigMap/Secret, restart pods:**
+
+```bash
+# Method 1: Rolling restart
+kubectl rollout restart deployment/antrean-app -n <your-namespace>
+
+# Method 2: Delete pods (akan auto-recreate)
+kubectl delete pods -l app=antrean -n <your-namespace>
+
+# Method 3: Scale down then up
+kubectl scale deployment antrean-app --replicas=0 -n <your-namespace>
+kubectl scale deployment antrean-app --replicas=2 -n <your-namespace>
+```
+
+### 4.7. Verifikasi di Kubernetes
+
+```bash
+# Cek ConfigMap
+kubectl get configmap antrean-config -n <namespace> -o yaml
+
+# Cek Secret (values akan di-encode base64)
+kubectl get secret antrean-secrets -n <namespace> -o yaml
+
+# Cek Ingress
+kubectl get ingress antrean-ingress -n <namespace>
+
+# Cek pods environment
+kubectl exec -it <pod-name> -n <namespace> -- env | grep AUTH_ORIGIN
+
+# Cek logs
+kubectl logs -f deployment/antrean-app -n <namespace>
+```
+
+---
+
+## 5. Server/Deployment Configuration (Non-Kubernetes)
+
+### Nginx/Reverse Proxy (jika ada):
+- Update `server_name` dengan domain baru
+- Update SSL certificate untuk domain baru
+- Pastikan proxy_pass mengarah ke aplikasi yang benar
+
+### Docker (jika ada):
+- Update environment variables di docker-compose.yml atau Dockerfile
+- Update port mapping jika perlu
+
+---
+
+## 6. DNS Configuration
+
+- Pastikan domain sudah pointing ke IP server yang benar
+- Pastikan A record atau CNAME sudah dikonfigurasi
+- Tunggu DNS propagation (bisa beberapa menit sampai 24 jam)
+
+---
+
+## 7. SSL Certificate
+
+- Pastikan SSL certificate sudah diinstal untuk domain baru
+- Pastikan certificate valid dan tidak expired
+- Untuk production, gunakan Let's Encrypt atau certificate resmi
+
+---
+
+## 8. Restart Server/Deployment
+
+**PENTING:** Setelah mengubah `.env`:
+1. Stop server (Ctrl+C)
+2. Start server lagi (`npm run dev` atau `npm run build && npm start`)
+
+Environment variables hanya dimuat saat server start!
+
+---
+
+## 9. Verifikasi
+
+Setelah semua perubahan, verifikasi:
+
+1. **Cek log server saat login:**
+   ```
+   🔧 AUTH_ORIGIN from config: https://antrean.dev.rssa.id
+   🔗 Redirect URI being sent to Keycloak: https://antrean.dev.rssa.id/api/auth/keycloak-callback
+   ```
+
+2. **Test login flow:**
+   - Login harus redirect ke Keycloak
+   - Setelah login, harus kembali ke aplikasi
+   - Tidak ada error "Invalid redirect URI"
+
+3. **Test logout flow:**
+   - Logout harus redirect ke Keycloak
+   - Setelah logout, harus kembali ke login page
+   - Tidak ada error "Invalid redirect URI"
+
+---
+
+## File yang TIDAK Perlu Diubah
+
+✅ **Kode aplikasi** - Sudah menggunakan `config.public.authUrl` dari environment variable
+✅ **Server API handlers** - Sudah menggunakan `config.public.authUrl`
+✅ **Components** - Tidak ada hardcoded domain
+
+---
+
+## Contoh Konfigurasi Lengkap
+
+### Development (.env.development):
+```env
+AUTH_ORIGIN="https://antrean.dev.rssa.id"
+KEYCLOAK_CLIENT_ID="akbar-test"
+KEYCLOAK_CLIENT_SECRET="your-secret"
+KEYCLOAK_ISSUER="https://auth.rssa.top/realms/sandbox"
+NUXT_AUTH_SECRET="your-super-secret-string-of-at-least-32-characters"
+```
+
+### Production (.env.production):
+```env
+AUTH_ORIGIN="https://antrean.rssa.id"
+KEYCLOAK_CLIENT_ID="akbar-test"
+KEYCLOAK_CLIENT_SECRET="your-secret"
+KEYCLOAK_ISSUER="https://auth.rssa.top/realms/sandbox"
+NUXT_AUTH_SECRET="your-super-secret-string-of-at-least-32-characters"
+```
+
+---
+
+## Troubleshooting
+
+### Masih redirect ke domain lama?
+- ✅ Pastikan server sudah restart
+- ✅ Cek `.env` file sudah benar
+- ✅ Clear browser cache
+- ✅ Cek Keycloak configuration sudah benar
+
+### Error "Invalid redirect URI"?
+- ✅ Pastikan URI sudah ditambahkan di Keycloak
+- ✅ Pastikan format URI sama persis (dengan/tanpa trailing slash)
+- ✅ Pastikan menggunakan HTTPS jika domain menggunakan HTTPS
+
+### Session tidak tersimpan?
+- ✅ Pastikan cookie settings sesuai (secure: true untuk HTTPS)
+- ✅ Cek browser console untuk cookie errors
+- ✅ Pastikan domain di cookie sesuai dengan domain aplikasi
+