Akses Terbatas — dev-docs.gcgscola.id¶
URL: https://dev-docs.gcgscola.id
Tier: developer / QA / SSOT domain / audit (MkDocs mkdocs-developer.yml)
Auth: Cloudflare Access — hanya tim GCG (lebih ketat dari tier implementor)
1. Perbedaan tier¶
| Tier | URL | Siapa | Konten utama |
|---|---|---|---|
| End user | docs.gcgscola.id | Publik | Panduan guru, siswa, ortu |
| Implementor | implement.gcgscola.id | Partner + GCG | Go-live, config guides, UAT klien |
| Developer | dev-docs.gcgscola.id | GCG only | AI guidelines, QA, arsitektur, domain SSOT, audit |
2. Setup Cloudflare Access (dashboard)¶
- Cloudflare Zero Trust → Access → Applications → Add application
- Self-hosted →
dev-docs.gcgscola.id(path kosong) - Policy Allow — contoh:
- Emails ending in
@gcgscola.idsaja - (Opsional) Google Group
[email protected]/[email protected] - Default deny — partner implementor tidak perlu akses tier ini (mereka pakai
implement.gcgscola.id) - SSL/TLS: Full (strict)
Pisahkan policy dari implement
Buat application terpisah untuk implement.gcgscola.id dan dev-docs.gcgscola.id — jangan satu policy longgar untuk keduanya.
3. Deploy (server)¶
cd /home/scola/odoo/scola-fe-v2
./scripts/build-docs.sh developer --install
Path deploy: /var/www/dev-docs.gcgscola.id
4. Nginx + SSL (origin)¶
sudo cp /home/scola/odoo/config/nginx/dev-docs.gcgscola.id.http-only.conf \
/etc/nginx/sites-enabled/dev-docs.gcgscola.id
sudo nginx -t && sudo systemctl reload nginx
sudo certbot --nginx -d dev-docs.gcgscola.id
Template HTTPS: config/nginx/dev-docs.gcgscola.id.conf
DNS: record A / CNAME dev-docs → IP server, Cloudflare proxy ON.
5. Checklist¶
- [ ] DNS
dev-docs.gcgscola.idaktif - [ ]
./scripts/build-docs.sh developer --install - [ ] Nginx + certbot SSL
- [ ] Cloudflare Access — policy
@gcgscola.idonly - [ ] Uji incognito: partner email ditolak, email GCG lolos
Lihat juga: docs-site-deployment.md | Implementor access