Lewati ke isi

Akses Terbatas — implement.gcgscola.id

URL: https://implement.gcgscola.id
Tier: implementor — go-live, config guides, UAT klien (mkdocs-internal.yml)
Auth: Cloudflare Access (Zero Trust) — partner implementor + GCG

Domain SSOT, QA, dan audit pindah ke https://dev-docs.gcgscola.id (tim GCG only).

1. Arsitektur

Browser → Cloudflare (Access login) → nginx origin (Let's Encrypt) → /var/www/implement.gcgscola.id/
  • Origin SSL: Let's Encrypt via certbot di server (implement.gcgscola.id)
  • Edge auth: Cloudflare Access — pengguna harus login sebelum request sampai ke origin
  • Portal publik (docs.gcgscola.id) tetap tanpa auth dan tidak berisi konten tier ini

2. Setup Cloudflare Access (dashboard)

  1. Login Cloudflare Zero Trust
  2. AccessApplicationsAdd an application
  3. Tipe: Self-hosted
  4. Application domain:
  5. Subdomain: implement
  6. Domain: gcgscola.id
  7. Path: kosong (seluruh site)
  8. Identity providers: Google Workspace (@gcgscola.id) dan/atau email OTP
  9. Policy — Allow:
  10. Rule name: GCG team + implementors
  11. Action: Allow
  12. Include (contoh):
    • Emails ending in @gcgscola.id
    • Emails in list (partner implementor per klien)
    • Google Groups: [email protected] (jika dipakai)
  13. Policy — Block (default): semua lainnya → deny
  14. Simpan → uji incognito: harus muncul halaman login Cloudflare sebelum docs

SSL/TLS Cloudflare

  • SSL/TLS mode: Full (strict) — origin sudah punya sertifikat Let's Encrypt
  • Always Use HTTPS: ON

3. Deploy konten (server)

cd /home/scola/odoo/scola-fe-v2
./scripts/build-docs.sh internal --install

Deploy path: /var/www/implement.gcgscola.id

4. Nginx + SSL (origin)

Pertama kali:

sudo cp /home/scola/odoo/config/nginx/implement.gcgscola.id.http-only.conf \
  /etc/nginx/sites-enabled/implement.gcgscola.id
sudo nginx -t && sudo systemctl reload nginx
sudo certbot --nginx -d implement.gcgscola.id
curl -I https://implement.gcgscola.id

Template HTTPS: config/nginx/implement.gcgscola.id.conf

5. Checklist go-live tier implementor

  • [ ] DNS implement.gcgscola.id → origin (Cloudflare proxy ON)
  • [ ] ./scripts/build-docs.sh internal --install
  • [ ] Nginx vhost + certbot SSL aktif
  • [ ] Cloudflare Access policy aktif (uji incognito)
  • [ ] Cloudflare SSL mode Full (strict)
  • [ ] Tab Implementator, Domain Teknis, Audit tidak ada di docs.gcgscola.id

6. Troubleshooting

Gejala Penyebab Solusi
404 dari Cloudflare Nginx vhost belum ada Aktifkan vhost + deploy static
525 SSL handshake Origin tanpa sertifikat Jalankan certbot
Docs tampil tanpa login Access belum dipasang Tambah application di Zero Trust
Link canonical salah site_url MkDocs Pastikan mkdocs-internal.ymlhttps://implement.gcgscola.id

Lihat juga: docs-site-deployment.md