admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: remove hardcoded local deployment secrets

Browse Source 
Co-authored-by: Velik <hongochai10@users.noreply.github.com>
This commit is contained in:
Cursor Agent
2026-02-23 12:11:58 +00:00
parent 22dcc97ba9
commit 547902b407
7 changed files with 275 additions and 354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
deployments/local/.env
View File

@@ -1,108 +1,63 @@
# =============================================================================
# GoodGo Platform - Shared Environment Variables
# =============================================================================
# EN: This file contains shared configuration for all services
# VI: File này chứa cấu hình chung cho tất cả các services
# =============================================================================
# EN: Default sanitized local environment values.
# VI: Giá trị môi trường local mặc định đã làm sạch.
# NOTE: Replace placeholders before running docker compose.
# Environment / Môi Trường
ASPNETCORE_ENVIRONMENT=Development
NODE_ENV=development
LOG_LEVEL=Information
API_VERSION=v1
# =============================================================================
# DATABASE / CƠ SỞ DỮ LIỆU - Neon PostgreSQL
# =============================================================================
# EN: Each service can have its own database or share with schema isolation
# VI: Mỗi service có thể có database riêng hoặc dùng chung với schema isolation
# IAM Service Database
IAM_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=iam_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
# Storage Service Database (if separate)
STORAGE_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=storage_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
# Social Service Database (if separate)
SOCIAL_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=social_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
# Wallet Service Database
WALLET_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=wallet_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
# =============================================================================
# REDIS CACHE / BỘ NHỚ ĐỆM REDIS
# =============================================================================
# EN: External Redis server shared by all services
# VI: Redis server bên ngoài dùng chung cho tất cả services
REDIS_HOST=167.114.174.113
REDIS_PORT=6379
REDIS_PASSWORD=Velik@2026
REDIS_DATABASE=0
# =============================================================================
# JWT AUTHENTICATION / XÁC THỰC JWT
# =============================================================================
# EN: Shared JWT configuration - MUST be identical across all services
# VI: Cấu hình JWT chung - PHẢI giống nhau trên tất cả services
JWT_SECRET=goodgo-iam-service-secret-key-32chars!
JWT_SECRET=replace-with-min-32-char-secret
JWT_REFRESH_SECRET=replace-with-min-32-char-secret
JWT_ID_SECRET=replace-with-min-32-char-secret
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
JWT_ID_EXPIRES_IN=1h
JWT_ISSUER=goodgo-platform
JWT_AUDIENCE=goodgo-services
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
JWT_REFRESH_TOKEN_EXPIRY_DAYS=7
# Legacy format (for Node.js services)
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
JWT_REFRESH_SECRET=goodgo-iam-service-secret-key-32chars!
JWT_ID_SECRET=goodgo-iam-service-secret-key-32chars!
JWT_ID_EXPIRES_IN=1h
ENCRYPTION_KEY=replace-with-64-char-hex-key
# =============================================================================
# ENCRYPTION / MÃ HÓA
# =============================================================================
ENCRYPTION_KEY=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=replace-with-redis-password
REDIS_DATABASE=0
REDIS_CONNECTION_STRING=redis:6379,password=replace-with-redis-password
# =============================================================================
# API CONFIGURATION / CẤU HÌNH API
# =============================================================================
API_VERSION=v1
MINIO_ENDPOINT=minio:9000
MINIO_ACCESS_KEY=replace-with-minio-access-key
MINIO_SECRET_KEY=replace-with-minio-secret-key
RABBITMQ_USERNAME=guest
RABBITMQ_PASSWORD=replace-with-rabbitmq-password
FEATURE_SWAGGER_ENABLED=true
FEATURE_DETAILED_ERRORS=true
CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost
# =============================================================================
# OBSERVABILITY / QUAN SÁT
# =============================================================================
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317
TRACING_ENABLED=false
JAEGER_ENDPOINT=http://jaeger:14268/api/traces
METRICS_ENABLED=true
# Logging
LOG_LEVEL=Information
# Seq (optional)
SEQ_URL=http://localhost:5341
# =============================================================================
# FEATURE FLAGS / CỜ TÍNH NĂNG
# =============================================================================
FEATURE_SWAGGER_ENABLED=true
FEATURE_DETAILED_ERRORS=true
# =============================================================================
# RATE LIMITING / GIỚI HẠN TỐC ĐỘ
# =============================================================================
RATE_LIMIT_PERMITS_PER_MINUTE=100
RATE_LIMIT_QUEUE_LIMIT=10
# =============================================================================
# HEALTH CHECKS / KIỂM TRA SỨC KHỎE
# =============================================================================
HEALTHCHECK_TIMEOUT_SECONDS=5
# =============================================================================
# MINIO / OBJECT STORAGE
# =============================================================================
MINIO_ACCESS_KEY=minioadmin
MINIO_SECRET_KEY=minioadmin
STORAGE_PROVIDER=minio
STORAGE_DEFAULT_BUCKET=storage
IAM_DATABASE_URL=Host=your-neon-host;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require
STORAGE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=storage_service;Username=your-user;Password=your-password;SSL Mode=Require
MEMBERSHIP_DATABASE_URL=Host=your-neon-host;Port=5432;Database=membership_service;Username=your-user;Password=your-password;SSL Mode=Require
MERCHANT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=merchant_service;Username=your-user;Password=your-password;SSL Mode=Require
WALLET_DATABASE_URL=Host=your-neon-host;Port=5432;Database=wallet_service;Username=your-user;Password=your-password;SSL Mode=Require
CHAT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=chat_service;Username=your-user;Password=your-password;SSL Mode=Require
SOCIAL_DATABASE_URL=Host=your-neon-host;Port=5432;Database=social_service;Username=your-user;Password=your-password;SSL Mode=Require
MINING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mining_service;Username=your-user;Password=your-password;SSL Mode=Require
MISSION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mission_service;Username=your-user;Password=your-password;SSL Mode=Require
PROMOTION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=promotion_service;Username=your-user;Password=your-password;SSL Mode=Require
CATALOG_DATABASE_URL=Host=your-neon-host;Port=5432;Database=catalog_service;Username=your-user;Password=your-password;SSL Mode=Require
ORDER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=order_service;Username=your-user;Password=your-password;SSL Mode=Require
INVENTORY_DATABASE_URL=Host=your-neon-host;Port=5432;Database=inventory_service;Username=your-user;Password=your-password;SSL Mode=Require
FNB_ENGINE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=fnb_engine;Username=your-user;Password=your-password;SSL Mode=Require
BOOKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=booking_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_MANAGER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_manager_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_ANALYTICS_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_analytics_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_SERVING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_serving_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_BILLING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_billing_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_TRACKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_tracking_service;Username=your-user;Password=your-password;SSL Mode=Require

126
deployments/local/.env.local
View File

@@ -1,80 +1,62 @@
# =============================================================================
# GoodGo Platform - Local Development Environment
# =============================================================================
# =============================================================================
# AUTHENTICATION - Shared across all services
# =============================================================================
JWT_SECRET=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693
JWT_REFRESH_SECRET=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
# ID Token (OIDC)
JWT_ID_SECRET=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693
JWT_ID_EXPIRES_IN=1h
# Data Encryption (AES-256-GCM)
ENCRYPTION_KEY=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693
# =============================================================================
# SHARED INFRASTRUCTURE
# =============================================================================
# Redis Configuration
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
# Neon PostgreSQL - IAM Service Database
DATABASE_URL=postgresql://neondb_owner:npg_Ssfy6HKO0cXI@ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech/iam-service?sslmode=require&channel_binding=require
# =============================================================================
# PLATFORM CONFIGURATION
# =============================================================================
# EN: Local override file template (sanitized). Keep values aligned with .env.
# VI: Template local override (đã làm sạch). Giữ giá trị đồng bộ với .env.
ASPNETCORE_ENVIRONMENT=Development
NODE_ENV=development
LOG_LEVEL=debug
LOG_LEVEL=Information
API_VERSION=v1
# CORS - Allowed origins
CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost
# =============================================================================
# OBSERVABILITY
# =============================================================================
# Distributed Tracing
TRACING_ENABLED=false
JAEGER_ENDPOINT=http://jaeger:14268/api/traces
# Prometheus Metrics
METRICS_ENABLED=true
# =============================================================================
# EXTERNAL SERVICES (Optional)
# =============================================================================
# Email Configuration
EMAIL_FROM=noreply@goodgo.vn
REDIS_URL=redis://redis:6379
# =============================================================================
# IAM SERVICE .NET CONFIGURATION
# =============================================================================
# Neon PostgreSQL for IAM .NET Service
IAM_NET_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=iam_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
# External Redis
REDIS_EXTERNAL_HOST=167.114.174.113
REDIS_EXTERNAL_PORT=6379
REDIS_EXTERNAL_PASSWORD=Velik@2026
REDIS_EXTERNAL_DATABASE=0
# JWT Configuration for .NET Service
JWT_SECRET=replace-with-min-32-char-secret
JWT_REFRESH_SECRET=replace-with-min-32-char-secret
JWT_ID_SECRET=replace-with-min-32-char-secret
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
JWT_ID_EXPIRES_IN=1h
JWT_ISSUER=goodgo-platform
JWT_AUDIENCE=goodgo-services
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
JWT_REFRESH_TOKEN_EXPIRY_DAYS=7
ENCRYPTION_KEY=replace-with-64-char-hex-key
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=replace-with-redis-password
REDIS_DATABASE=0
REDIS_CONNECTION_STRING=redis:6379,password=replace-with-redis-password
MINIO_ENDPOINT=minio:9000
MINIO_ACCESS_KEY=replace-with-minio-access-key
MINIO_SECRET_KEY=replace-with-minio-secret-key
RABBITMQ_USERNAME=guest
RABBITMQ_PASSWORD=replace-with-rabbitmq-password
FEATURE_SWAGGER_ENABLED=true
FEATURE_DETAILED_ERRORS=true
CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost
TRACING_ENABLED=false
JAEGER_ENDPOINT=http://jaeger:14268/api/traces
METRICS_ENABLED=true
SEQ_URL=http://localhost:5341
IAM_DATABASE_URL=Host=your-neon-host;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require
STORAGE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=storage_service;Username=your-user;Password=your-password;SSL Mode=Require
MEMBERSHIP_DATABASE_URL=Host=your-neon-host;Port=5432;Database=membership_service;Username=your-user;Password=your-password;SSL Mode=Require
MERCHANT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=merchant_service;Username=your-user;Password=your-password;SSL Mode=Require
WALLET_DATABASE_URL=Host=your-neon-host;Port=5432;Database=wallet_service;Username=your-user;Password=your-password;SSL Mode=Require
CHAT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=chat_service;Username=your-user;Password=your-password;SSL Mode=Require
SOCIAL_DATABASE_URL=Host=your-neon-host;Port=5432;Database=social_service;Username=your-user;Password=your-password;SSL Mode=Require
MINING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mining_service;Username=your-user;Password=your-password;SSL Mode=Require
MISSION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mission_service;Username=your-user;Password=your-password;SSL Mode=Require
PROMOTION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=promotion_service;Username=your-user;Password=your-password;SSL Mode=Require
CATALOG_DATABASE_URL=Host=your-neon-host;Port=5432;Database=catalog_service;Username=your-user;Password=your-password;SSL Mode=Require
ORDER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=order_service;Username=your-user;Password=your-password;SSL Mode=Require
INVENTORY_DATABASE_URL=Host=your-neon-host;Port=5432;Database=inventory_service;Username=your-user;Password=your-password;SSL Mode=Require
FNB_ENGINE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=fnb_engine;Username=your-user;Password=your-password;SSL Mode=Require
BOOKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=booking_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_MANAGER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_manager_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_ANALYTICS_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_analytics_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_SERVING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_serving_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_BILLING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_billing_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_TRACKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_tracking_service;Username=your-user;Password=your-password;SSL Mode=Require

9
deployments/local/README.md
View File

@@ -6,8 +6,12 @@ Docker Compose configuration for running the GoodGo platform locally.
```bash
# Setup environment
cp env.local.example .env
cp env.local.example .env.local
# Update all placeholder secrets/connection strings in both files
# before starting the stack.
# Start platform
docker-compose up -d
@@ -31,8 +35,9 @@ For detailed documentation, see:
## Files
- `docker-compose.yml` - Service orchestration
- `env.local.example` - Environment variables template
- `.env.local` - Your local environment (git-ignored)
- `env.local.example` - Sanitized environment variables template
- `.env` - Docker Compose interpolation file (fill with real values)
- `.env.local` - Local override file (fill with real values)
## Common Commands

104
deployments/local/docker-compose.yml
View File

@@ -74,14 +74,14 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=storage_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${STORAGE_DATABASE_URL}
# EN: Storage - External MinIO
# VI: Storage - MinIO bên ngoài
- Storage__Provider=minio
- Storage__DefaultBucket=goodgo
- Storage__MinIO__Endpoint=167.114.174.113:9000
- Storage__MinIO__AccessKey=minioadmin
- Storage__MinIO__SecretKey=Velik@2026
- Storage__MinIO__Endpoint=${MINIO_ENDPOINT}
- Storage__MinIO__AccessKey=${MINIO_ACCESS_KEY}
- Storage__MinIO__SecretKey=${MINIO_SECRET_KEY}
- Storage__MinIO__UseSSL=false
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
@@ -89,9 +89,9 @@ services:
- IamService__ServiceName=storage-service
# EN: Redis Cache
# VI: Cache Redis
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
ports:
- "5002:8080"
depends_on:
@@ -129,7 +129,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=membership_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${MEMBERSHIP_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -170,7 +170,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=merchant_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${MERCHANT_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -273,7 +273,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=wallet_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${WALLET_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -319,10 +319,10 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=chat_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${CHAT_DATABASE_URL}
# EN: Redis for SignalR Backplane
# VI: Redis cho SignalR Backplane
- ConnectionStrings__Redis=167.114.174.113:6379,password=Velik@2026
- ConnectionStrings__Redis=${REDIS_CONNECTION_STRING}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -381,7 +381,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=social_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${SOCIAL_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -393,9 +393,9 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis Cache
# VI: Cache Redis
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
ports:
- "5009:8080"
depends_on:
@@ -432,7 +432,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=mining_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${MINING_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -444,9 +444,9 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis Cache
# VI: Cache Redis
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
ports:
- "5006:8080"
depends_on:
@@ -490,7 +490,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=mission_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${MISSION_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -502,9 +502,9 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis Cache
# VI: Cache Redis
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
ports:
- "5007:8080"
depends_on:
@@ -541,7 +541,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=promotion_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${PROMOTION_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -596,7 +596,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=catalog_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${CATALOG_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -644,7 +644,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=order_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${ORDER_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -697,7 +697,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=inventory_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${INVENTORY_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -745,7 +745,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=fnb_engine;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${FNB_ENGINE_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -757,7 +757,7 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis for SignalR (Kitchen Display)
# VI: Redis cho SignalR (Màn hình bếp)
- ConnectionStrings__Redis=167.114.174.113:6379,password=Velik@2026
- ConnectionStrings__Redis=${REDIS_CONNECTION_STRING}
ports:
- "5019:8080"
depends_on:
@@ -803,7 +803,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=booking_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${BOOKING_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -858,7 +858,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_manager_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${ADS_MANAGER_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -870,9 +870,9 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis Cache
# VI: Cache Redis
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
ports:
- "5011:8080"
depends_on:
@@ -909,7 +909,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_analytics_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${ADS_ANALYTICS_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -921,9 +921,9 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis Cache
# VI: Cache Redis
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
ports:
- "5015:8080"
depends_on:
@@ -960,7 +960,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_serving_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${ADS_SERVING_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -972,15 +972,15 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis Cache (required for RTB)
# VI: Cache Redis (bắt buộc cho RTB)
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
# EN: RabbitMQ for event publishing
# VI: RabbitMQ để publish sự kiện
- RabbitMQ__Host=rabbitmq
- RabbitMQ__Port=5672
- RabbitMQ__Username=guest
- RabbitMQ__Password=guest
- RabbitMQ__Username=${RABBITMQ_USERNAME}
- RabbitMQ__Password=${RABBITMQ_PASSWORD}
ports:
- "5012:8080"
depends_on:
@@ -1024,7 +1024,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_billing_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${ADS_BILLING_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -1082,7 +1082,7 @@ services:
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL
# VI: Cơ sở dữ liệu - Neon PostgreSQL
- ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_tracking_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require
- ConnectionStrings__DefaultConnection=${ADS_TRACKING_DATABASE_URL}
# EN: IAM Service Communication
# VI: Giao tiếp IAM Service
- IamService__BaseUrl=http://iam-service-net:8080
@@ -1094,15 +1094,15 @@ services:
- Jwt__RequireHttpsMetadata=false
# EN: Redis Cache (for high-volume event buffering)
# VI: Cache Redis (cho buffering sự kiện lưu lượng cao)
- Redis__Host=167.114.174.113
- Redis__Port=6379
- Redis__Password=Velik@2026
- Redis__Host=${REDIS_HOST}
- Redis__Port=${REDIS_PORT}
- Redis__Password=${REDIS_PASSWORD}
# EN: RabbitMQ for event publishing
# VI: RabbitMQ để publish sự kiện
- RabbitMQ__Host=rabbitmq
- RabbitMQ__Port=5672
- RabbitMQ__Username=guest
- RabbitMQ__Password=guest
- RabbitMQ__Username=${RABBITMQ_USERNAME}
- RabbitMQ__Password=${RABBITMQ_PASSWORD}
ports:
- "5014:8080"
depends_on:

203
deployments/local/env.local.example
View File

@@ -1,139 +1,96 @@
# =============================================================================
# GoodGo Platform - Shared Environment Variables (EXAMPLE)
# GoodGo Platform - Local Environment Template
# =============================================================================
# This file contains SHARED configuration for all services in the platform.
# Service-specific configs (DATABASE_URL, PORT, SERVICE_NAME) are defined in
# docker-compose.yml for each service.
# EN: Copy this file to both `.env` and `.env.local` before running docker compose.
# VI: Sao chép file này thành cả `.env` và `.env.local` trước khi chạy docker compose.
#
# SETUP: Copy this file to .env.local and fill in your actual values
# Command: cp env.local.example .env.local
# cp env.local.example .env
# cp env.local.example .env.local
#
# EN: Never commit real credentials.
# VI: Không commit thông tin nhạy cảm thật.
# =============================================================================
# =============================================================================
# AUTHENTICATION - Shared across all services
# =============================================================================
# CRITICAL: These secrets MUST be identical across all services for JWT validation
# Generate secure secrets: openssl rand -base64 32
JWT_SECRET=your-super-secret-jwt-key-min-32-characters-change-me
JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters-change-me
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
# ID Token (OIDC)
JWT_ID_SECRET=your-super-secret-id-key-min-32-characters-change-me
JWT_ID_EXPIRES_IN=1h
# Data Encryption (AES-256-GCM)
# Required for encrypting sensitive data at rest (MFA secrets, etc.)
# Generate: openssl rand -hex 32
ENCRYPTION_KEY=your-32-byte-hex-encryption-key-must-be-64-chars
# =============================================================================
# SHARED INFRASTRUCTURE
# =============================================================================
# Redis Configuration (shared cache/session store)
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
# Neon PostgreSQL (get from https://console.neon.tech)
# Each service can have its own database, or share with schema isolation
# Format: postgresql://user:password@host/database?sslmode=require
DATABASE_URL=postgresql://username:password@host.neon.tech/database?sslmode=require
# =============================================================================
# PLATFORM CONFIGURATION
# =============================================================================
# -----------------------------------------------------------------------------
# Runtime
# -----------------------------------------------------------------------------
ASPNETCORE_ENVIRONMENT=Development
NODE_ENV=development
LOG_LEVEL=debug
LOG_LEVEL=Information
API_VERSION=v1
# CORS - Allowed origins for all services
CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost
# =============================================================================
# OBSERVABILITY
# =============================================================================
# Distributed Tracing
TRACING_ENABLED=false
JAEGER_ENDPOINT=http://jaeger:14268/api/traces
# Prometheus Metrics (exposed by each service at /metrics)
METRICS_ENABLED=true
# =============================================================================
# IAM SERVICE .NET CONFIGURATION
# =============================================================================
# Neon PostgreSQL for IAM .NET Service
# Get from https://console.neon.tech
IAM_NET_DATABASE_URL=Host=your-neon-host.neon.tech;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require
# External Redis (if using external Redis instead of local container)
REDIS_EXTERNAL_HOST=redis
REDIS_EXTERNAL_PORT=6379
REDIS_EXTERNAL_PASSWORD=
REDIS_EXTERNAL_DATABASE=0
# JWT Configuration for .NET Service
# -----------------------------------------------------------------------------
# JWT / Auth (shared across services)
# -----------------------------------------------------------------------------
JWT_SECRET=replace-with-min-32-char-secret
JWT_REFRESH_SECRET=replace-with-min-32-char-secret
JWT_ID_SECRET=replace-with-min-32-char-secret
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
JWT_ID_EXPIRES_IN=1h
JWT_ISSUER=goodgo-platform
JWT_AUDIENCE=goodgo-services
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
JWT_REFRESH_TOKEN_EXPIRY_DAYS=7
# =============================================================================
# EXTERNAL SERVICES (Optional)
# =============================================================================
# -----------------------------------------------------------------------------
# Security / Encryption
# -----------------------------------------------------------------------------
ENCRYPTION_KEY=replace-with-64-char-hex-key
# Email Configuration
EMAIL_FROM=noreply@goodgo.vn
# EMAIL_HOST=smtp.gmail.com
# EMAIL_PORT=587
# EMAIL_USER=your-email@gmail.com
# EMAIL_PASSWORD=your-app-password
# -----------------------------------------------------------------------------
# Redis
# -----------------------------------------------------------------------------
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=replace-with-redis-password
REDIS_DATABASE=0
REDIS_CONNECTION_STRING=redis:6379,password=replace-with-redis-password
# =============================================================================
# NOTES
# =============================================================================
#
# Service-Specific Configurations:
# ---------------------------------
# The following are defined PER SERVICE in docker-compose.yml:
# - PORT: Unique port for each service (5001, 5002, 5003, etc.)
# - SERVICE_NAME: Service identifier (iam-service, user-service, etc.)
# - DATABASE_URL: Can override for service-specific database
#
# Traefik API Gateway:
# --------------------
# - Configuration: infra/traefik/
# - Services auto-discovered via Docker labels
# - Access services: http://localhost/api/v1/{service-name}
# - Dashboard: http://localhost:8080
#
# Database Strategy:
# ------------------
# - Each service can have its own Neon database (microservices pattern)
# - Or share database with schema isolation
# - Get database URLs from: https://console.neon.tech
# - Use connection pooling for better performance
#
# Security:
# ---------
# - NEVER commit .env.local to git (it's in .gitignore)
# - Rotate JWT secrets regularly in production
# - Use strong, unique secrets (min 32 characters)
# - Enable SSL/TLS in production (Traefik handles this)
#
# Quick Start:
# ------------
# 1. Copy this file: cp env.local.example .env.local
# 2. Update JWT_SECRET and JWT_REFRESH_SECRET with secure values
# 3. Update DATABASE_URL with your Neon PostgreSQL connection string
# 4. Start platform: docker-compose up -d
#
# =============================================================================
# -----------------------------------------------------------------------------
# MinIO / Object storage
# -----------------------------------------------------------------------------
MINIO_ENDPOINT=minio:9000
MINIO_ACCESS_KEY=replace-with-minio-access-key
MINIO_SECRET_KEY=replace-with-minio-secret-key
# -----------------------------------------------------------------------------
# RabbitMQ
# -----------------------------------------------------------------------------
RABBITMQ_USERNAME=guest
RABBITMQ_PASSWORD=replace-with-rabbitmq-password
# -----------------------------------------------------------------------------
# IAM feature flags / misc
# -----------------------------------------------------------------------------
FEATURE_SWAGGER_ENABLED=true
FEATURE_DETAILED_ERRORS=true
CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost
TRACING_ENABLED=false
JAEGER_ENDPOINT=http://jaeger:14268/api/traces
METRICS_ENABLED=true
SEQ_URL=http://localhost:5341
# -----------------------------------------------------------------------------
# Service database connection strings
# -----------------------------------------------------------------------------
IAM_DATABASE_URL=Host=your-neon-host;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require
STORAGE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=storage_service;Username=your-user;Password=your-password;SSL Mode=Require
MEMBERSHIP_DATABASE_URL=Host=your-neon-host;Port=5432;Database=membership_service;Username=your-user;Password=your-password;SSL Mode=Require
MERCHANT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=merchant_service;Username=your-user;Password=your-password;SSL Mode=Require
WALLET_DATABASE_URL=Host=your-neon-host;Port=5432;Database=wallet_service;Username=your-user;Password=your-password;SSL Mode=Require
CHAT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=chat_service;Username=your-user;Password=your-password;SSL Mode=Require
SOCIAL_DATABASE_URL=Host=your-neon-host;Port=5432;Database=social_service;Username=your-user;Password=your-password;SSL Mode=Require
MINING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mining_service;Username=your-user;Password=your-password;SSL Mode=Require
MISSION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mission_service;Username=your-user;Password=your-password;SSL Mode=Require
PROMOTION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=promotion_service;Username=your-user;Password=your-password;SSL Mode=Require
CATALOG_DATABASE_URL=Host=your-neon-host;Port=5432;Database=catalog_service;Username=your-user;Password=your-password;SSL Mode=Require
ORDER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=order_service;Username=your-user;Password=your-password;SSL Mode=Require
INVENTORY_DATABASE_URL=Host=your-neon-host;Port=5432;Database=inventory_service;Username=your-user;Password=your-password;SSL Mode=Require
FNB_ENGINE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=fnb_engine;Username=your-user;Password=your-password;SSL Mode=Require
BOOKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=booking_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_MANAGER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_manager_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_ANALYTICS_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_analytics_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_SERVING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_serving_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_BILLING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_billing_service;Username=your-user;Password=your-password;SSL Mode=Require
ADS_TRACKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_tracking_service;Username=your-user;Password=your-password;SSL Mode=Require

25
docs/en/guides/local-deployment.md
View File

@@ -6,8 +6,9 @@ This directory contains Docker Compose configuration for running the entire Good
```bash
# 1. Setup environment variables
cp env.local.example .env
cp env.local.example .env.local
# Edit .env.local with your values (JWT_SECRET, DATABASE_URL, etc.)
# Edit both files with your values (JWT_SECRET, service DB URLs, Redis, etc.)
# 2. Start all services
docker-compose up -d
@@ -49,7 +50,7 @@ docker-compose logs -f
## Environment Configuration
Environment variables are managed in `.env.local`:
Environment variables are managed in `.env` and `.env.local`:
### Required Variables
@@ -57,9 +58,12 @@ Environment variables are managed in `.env.local`:
# Authentication (MUST be same across all services)
JWT_SECRET=your-super-secret-jwt-key-min-32-characters
JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters
JWT_ID_SECRET=your-super-secret-id-key-min-32-characters
# Database (Neon PostgreSQL)
DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require
# IAM + service databases (Neon PostgreSQL)
IAM_DATABASE_URL=Host=...;Port=5432;Database=iam_service;Username=...;Password=...;SSL Mode=Require
STORAGE_DATABASE_URL=Host=...;Port=5432;Database=storage_service;Username=...;Password=...;SSL Mode=Require
ORDER_DATABASE_URL=Host=...;Port=5432;Database=order_service;Username=...;Password=...;SSL Mode=Require
```
### Optional Variables
@@ -68,6 +72,7 @@ DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require
# Redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=replace-with-redis-password
# Observability
TRACING_ENABLED=false
@@ -75,6 +80,12 @@ JAEGER_ENDPOINT=http://jaeger:14268/api/traces
# CORS
CORS_ORIGIN=http://localhost:3000,http://localhost:3001
# Object storage and messaging
MINIO_ENDPOINT=minio:9000
MINIO_ACCESS_KEY=...
MINIO_SECRET_KEY=...
RABBITMQ_PASSWORD=...
```
## Common Commands
@@ -192,8 +203,8 @@ docker-compose up -d service-name
### Database Connection Issues
```bash
# Verify DATABASE_URL in .env.local
cat .env.local | grep DATABASE_URL
# Verify IAM_DATABASE_URL in .env/.env.local
cat .env | grep IAM_DATABASE_URL
# Test connection from service
docker-compose exec iam-service sh
@@ -288,7 +299,7 @@ docker-compose down -v && docker-compose up -d
### Security Checklist
- Change default `JWT_SECRET` (min 32 characters)
- Use environment-specific `.env.local` (never commit)
- Use environment-specific `.env` / `.env.local` with real secrets (never commit real values)
- Verify CORS origins match your frontend URLs
- Enable HTTPS in production (not needed for local)

25
docs/vi/guides/local-deployment.md
View File

@@ -6,8 +6,9 @@ Thư mục này chứa cấu hình Docker Compose để chạy toàn bộ nền
```bash
# 1. Thiết lập biến môi trường
cp env.local.example .env
cp env.local.example .env.local
# Chỉnh sửa .env.local với các giá trị của bạn (JWT_SECRET, DATABASE_URL, etc.)
# Chỉnh sửa cả 2 file với các giá trị của bạn (JWT_SECRET, DB URL từng service, Redis, v.v.)
# 2. Khởi động tất cả services
docker-compose up -d
@@ -49,7 +50,7 @@ docker-compose logs -f
## Cấu Hình Môi Trường
Biến môi trường được quản lý trong `.env.local`:
Biến môi trường được quản lý trong `.env``.env.local`:
### Biến Bắt Buộc
@@ -57,9 +58,12 @@ Biến môi trường được quản lý trong `.env.local`:
# Xác thực (PHẢI giống nhau cho tất cả services)
JWT_SECRET=your-super-secret-jwt-key-min-32-characters
JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters
JWT_ID_SECRET=your-super-secret-id-key-min-32-characters
# Database (Neon PostgreSQL)
DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require
# IAM + database từng service (Neon PostgreSQL)
IAM_DATABASE_URL=Host=...;Port=5432;Database=iam_service;Username=...;Password=...;SSL Mode=Require
STORAGE_DATABASE_URL=Host=...;Port=5432;Database=storage_service;Username=...;Password=...;SSL Mode=Require
ORDER_DATABASE_URL=Host=...;Port=5432;Database=order_service;Username=...;Password=...;SSL Mode=Require
```
### Biến Tùy Chọn
@@ -68,6 +72,7 @@ DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require
# Redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=replace-with-redis-password
# Observability
TRACING_ENABLED=false
@@ -75,6 +80,12 @@ JAEGER_ENDPOINT=http://jaeger:14268/api/traces
# CORS
CORS_ORIGIN=http://localhost:3000,http://localhost:3001
# Object storage và messaging
MINIO_ENDPOINT=minio:9000
MINIO_ACCESS_KEY=...
MINIO_SECRET_KEY=...
RABBITMQ_PASSWORD=...
```
## Các Lệnh Thường Dùng
@@ -192,8 +203,8 @@ docker-compose up -d service-name
### Vấn Đề Kết Nối Database
```bash
# Xác minh DATABASE_URL trong .env.local
cat .env.local | grep DATABASE_URL
# Xác minh IAM_DATABASE_URL trong .env/.env.local
cat .env | grep IAM_DATABASE_URL
# Test connection từ service
docker-compose exec iam-service sh
@@ -286,7 +297,7 @@ docker-compose down -v && docker-compose up -d
### Security Checklist
- Thay đổi `JWT_SECRET` mặc định (tối thiểu 32 ký tự)
- Sử dụng `.env.local` riêng cho từng môi trường (không commit)
- Sử dụng `.env` / `.env.local` theo từng môi trường, không commit secret thật
- Xác minh CORS origins khớp với frontend URLs
- Bật HTTPS trong production (không cần cho local)