diff --git a/deployments/local/.env b/deployments/local/.env index 829c19cd..0a3dc451 100644 --- a/deployments/local/.env +++ b/deployments/local/.env @@ -1,108 +1,63 @@ -# ============================================================================= -# GoodGo Platform - Shared Environment Variables -# ============================================================================= -# EN: This file contains shared configuration for all services -# VI: File này chứa cấu hình chung cho tất cả các services -# ============================================================================= +# EN: Default sanitized local environment values. +# VI: Giá trị môi trường local mặc định đã làm sạch. +# NOTE: Replace placeholders before running docker compose. -# Environment / Môi Trường ASPNETCORE_ENVIRONMENT=Development NODE_ENV=development +LOG_LEVEL=Information +API_VERSION=v1 -# ============================================================================= -# DATABASE / CƠ SỞ DỮ LIỆU - Neon PostgreSQL -# ============================================================================= -# EN: Each service can have its own database or share with schema isolation -# VI: Mỗi service có thể có database riêng hoặc dùng chung với schema isolation - -# IAM Service Database -IAM_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=iam_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require" - -# Storage Service Database (if separate) -STORAGE_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=storage_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require" - -# Social Service Database (if separate) -SOCIAL_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=social_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require" - -# Wallet Service Database -WALLET_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=wallet_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require" - -# ============================================================================= -# REDIS CACHE / BỘ NHỚ ĐỆM REDIS -# ============================================================================= -# EN: External Redis server shared by all services -# VI: Redis server bên ngoài dùng chung cho tất cả services - -REDIS_HOST=167.114.174.113 -REDIS_PORT=6379 -REDIS_PASSWORD=Velik@2026 -REDIS_DATABASE=0 - -# ============================================================================= -# JWT AUTHENTICATION / XÁC THỰC JWT -# ============================================================================= -# EN: Shared JWT configuration - MUST be identical across all services -# VI: Cấu hình JWT chung - PHẢI giống nhau trên tất cả services - -JWT_SECRET=goodgo-iam-service-secret-key-32chars! +JWT_SECRET=replace-with-min-32-char-secret +JWT_REFRESH_SECRET=replace-with-min-32-char-secret +JWT_ID_SECRET=replace-with-min-32-char-secret +JWT_EXPIRES_IN=15m +JWT_REFRESH_EXPIRES_IN=7d +JWT_ID_EXPIRES_IN=1h JWT_ISSUER=goodgo-platform JWT_AUDIENCE=goodgo-services JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15 JWT_REFRESH_TOKEN_EXPIRY_DAYS=7 -# Legacy format (for Node.js services) -JWT_EXPIRES_IN=15m -JWT_REFRESH_EXPIRES_IN=7d -JWT_REFRESH_SECRET=goodgo-iam-service-secret-key-32chars! -JWT_ID_SECRET=goodgo-iam-service-secret-key-32chars! -JWT_ID_EXPIRES_IN=1h +ENCRYPTION_KEY=replace-with-64-char-hex-key -# ============================================================================= -# ENCRYPTION / MÃ HÓA -# ============================================================================= -ENCRYPTION_KEY=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693 +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=replace-with-redis-password +REDIS_DATABASE=0 +REDIS_CONNECTION_STRING=redis:6379,password=replace-with-redis-password -# ============================================================================= -# API CONFIGURATION / CẤU HÌNH API -# ============================================================================= -API_VERSION=v1 +MINIO_ENDPOINT=minio:9000 +MINIO_ACCESS_KEY=replace-with-minio-access-key +MINIO_SECRET_KEY=replace-with-minio-secret-key + +RABBITMQ_USERNAME=guest +RABBITMQ_PASSWORD=replace-with-rabbitmq-password + +FEATURE_SWAGGER_ENABLED=true +FEATURE_DETAILED_ERRORS=true CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost - -# ============================================================================= -# OBSERVABILITY / QUAN SÁT -# ============================================================================= -OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317 TRACING_ENABLED=false JAEGER_ENDPOINT=http://jaeger:14268/api/traces METRICS_ENABLED=true - -# Logging -LOG_LEVEL=Information - -# Seq (optional) SEQ_URL=http://localhost:5341 -# ============================================================================= -# FEATURE FLAGS / CỜ TÍNH NĂNG -# ============================================================================= -FEATURE_SWAGGER_ENABLED=true -FEATURE_DETAILED_ERRORS=true - -# ============================================================================= -# RATE LIMITING / GIỚI HẠN TỐC ĐỘ -# ============================================================================= -RATE_LIMIT_PERMITS_PER_MINUTE=100 -RATE_LIMIT_QUEUE_LIMIT=10 - -# ============================================================================= -# HEALTH CHECKS / KIỂM TRA SỨC KHỎE -# ============================================================================= -HEALTHCHECK_TIMEOUT_SECONDS=5 - -# ============================================================================= -# MINIO / OBJECT STORAGE -# ============================================================================= -MINIO_ACCESS_KEY=minioadmin -MINIO_SECRET_KEY=minioadmin -STORAGE_PROVIDER=minio -STORAGE_DEFAULT_BUCKET=storage +IAM_DATABASE_URL=Host=your-neon-host;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require +STORAGE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=storage_service;Username=your-user;Password=your-password;SSL Mode=Require +MEMBERSHIP_DATABASE_URL=Host=your-neon-host;Port=5432;Database=membership_service;Username=your-user;Password=your-password;SSL Mode=Require +MERCHANT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=merchant_service;Username=your-user;Password=your-password;SSL Mode=Require +WALLET_DATABASE_URL=Host=your-neon-host;Port=5432;Database=wallet_service;Username=your-user;Password=your-password;SSL Mode=Require +CHAT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=chat_service;Username=your-user;Password=your-password;SSL Mode=Require +SOCIAL_DATABASE_URL=Host=your-neon-host;Port=5432;Database=social_service;Username=your-user;Password=your-password;SSL Mode=Require +MINING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mining_service;Username=your-user;Password=your-password;SSL Mode=Require +MISSION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mission_service;Username=your-user;Password=your-password;SSL Mode=Require +PROMOTION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=promotion_service;Username=your-user;Password=your-password;SSL Mode=Require +CATALOG_DATABASE_URL=Host=your-neon-host;Port=5432;Database=catalog_service;Username=your-user;Password=your-password;SSL Mode=Require +ORDER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=order_service;Username=your-user;Password=your-password;SSL Mode=Require +INVENTORY_DATABASE_URL=Host=your-neon-host;Port=5432;Database=inventory_service;Username=your-user;Password=your-password;SSL Mode=Require +FNB_ENGINE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=fnb_engine;Username=your-user;Password=your-password;SSL Mode=Require +BOOKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=booking_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_MANAGER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_manager_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_ANALYTICS_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_analytics_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_SERVING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_serving_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_BILLING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_billing_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_TRACKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_tracking_service;Username=your-user;Password=your-password;SSL Mode=Require diff --git a/deployments/local/.env.local b/deployments/local/.env.local index eaeb915c..1d62322b 100644 --- a/deployments/local/.env.local +++ b/deployments/local/.env.local @@ -1,80 +1,62 @@ -# ============================================================================= -# GoodGo Platform - Local Development Environment -# ============================================================================= - -# ============================================================================= -# AUTHENTICATION - Shared across all services -# ============================================================================= -JWT_SECRET=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693 -JWT_REFRESH_SECRET=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693 -JWT_EXPIRES_IN=15m -JWT_REFRESH_EXPIRES_IN=7d - -# ID Token (OIDC) -JWT_ID_SECRET=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693 -JWT_ID_EXPIRES_IN=1h - -# Data Encryption (AES-256-GCM) -ENCRYPTION_KEY=460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693 - -# ============================================================================= -# SHARED INFRASTRUCTURE -# ============================================================================= - -# Redis Configuration -REDIS_HOST=redis -REDIS_PORT=6379 -REDIS_PASSWORD= - -# Neon PostgreSQL - IAM Service Database -DATABASE_URL=postgresql://neondb_owner:npg_Ssfy6HKO0cXI@ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech/iam-service?sslmode=require&channel_binding=require - -# ============================================================================= -# PLATFORM CONFIGURATION -# ============================================================================= +# EN: Local override file template (sanitized). Keep values aligned with .env. +# VI: Template local override (đã làm sạch). Giữ giá trị đồng bộ với .env. +ASPNETCORE_ENVIRONMENT=Development NODE_ENV=development -LOG_LEVEL=debug +LOG_LEVEL=Information API_VERSION=v1 -# CORS - Allowed origins -CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost - -# ============================================================================= -# OBSERVABILITY -# ============================================================================= - -# Distributed Tracing -TRACING_ENABLED=false -JAEGER_ENDPOINT=http://jaeger:14268/api/traces - -# Prometheus Metrics -METRICS_ENABLED=true - -# ============================================================================= -# EXTERNAL SERVICES (Optional) -# ============================================================================= - -# Email Configuration -EMAIL_FROM=noreply@goodgo.vn - -REDIS_URL=redis://redis:6379 - -# ============================================================================= -# IAM SERVICE .NET CONFIGURATION -# ============================================================================= - -# Neon PostgreSQL for IAM .NET Service -IAM_NET_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=iam_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require" - -# External Redis -REDIS_EXTERNAL_HOST=167.114.174.113 -REDIS_EXTERNAL_PORT=6379 -REDIS_EXTERNAL_PASSWORD=Velik@2026 -REDIS_EXTERNAL_DATABASE=0 - -# JWT Configuration for .NET Service +JWT_SECRET=replace-with-min-32-char-secret +JWT_REFRESH_SECRET=replace-with-min-32-char-secret +JWT_ID_SECRET=replace-with-min-32-char-secret +JWT_EXPIRES_IN=15m +JWT_REFRESH_EXPIRES_IN=7d +JWT_ID_EXPIRES_IN=1h JWT_ISSUER=goodgo-platform JWT_AUDIENCE=goodgo-services JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15 JWT_REFRESH_TOKEN_EXPIRY_DAYS=7 + +ENCRYPTION_KEY=replace-with-64-char-hex-key + +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=replace-with-redis-password +REDIS_DATABASE=0 +REDIS_CONNECTION_STRING=redis:6379,password=replace-with-redis-password + +MINIO_ENDPOINT=minio:9000 +MINIO_ACCESS_KEY=replace-with-minio-access-key +MINIO_SECRET_KEY=replace-with-minio-secret-key + +RABBITMQ_USERNAME=guest +RABBITMQ_PASSWORD=replace-with-rabbitmq-password + +FEATURE_SWAGGER_ENABLED=true +FEATURE_DETAILED_ERRORS=true +CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost +TRACING_ENABLED=false +JAEGER_ENDPOINT=http://jaeger:14268/api/traces +METRICS_ENABLED=true +SEQ_URL=http://localhost:5341 + +IAM_DATABASE_URL=Host=your-neon-host;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require +STORAGE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=storage_service;Username=your-user;Password=your-password;SSL Mode=Require +MEMBERSHIP_DATABASE_URL=Host=your-neon-host;Port=5432;Database=membership_service;Username=your-user;Password=your-password;SSL Mode=Require +MERCHANT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=merchant_service;Username=your-user;Password=your-password;SSL Mode=Require +WALLET_DATABASE_URL=Host=your-neon-host;Port=5432;Database=wallet_service;Username=your-user;Password=your-password;SSL Mode=Require +CHAT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=chat_service;Username=your-user;Password=your-password;SSL Mode=Require +SOCIAL_DATABASE_URL=Host=your-neon-host;Port=5432;Database=social_service;Username=your-user;Password=your-password;SSL Mode=Require +MINING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mining_service;Username=your-user;Password=your-password;SSL Mode=Require +MISSION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mission_service;Username=your-user;Password=your-password;SSL Mode=Require +PROMOTION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=promotion_service;Username=your-user;Password=your-password;SSL Mode=Require +CATALOG_DATABASE_URL=Host=your-neon-host;Port=5432;Database=catalog_service;Username=your-user;Password=your-password;SSL Mode=Require +ORDER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=order_service;Username=your-user;Password=your-password;SSL Mode=Require +INVENTORY_DATABASE_URL=Host=your-neon-host;Port=5432;Database=inventory_service;Username=your-user;Password=your-password;SSL Mode=Require +FNB_ENGINE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=fnb_engine;Username=your-user;Password=your-password;SSL Mode=Require +BOOKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=booking_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_MANAGER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_manager_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_ANALYTICS_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_analytics_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_SERVING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_serving_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_BILLING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_billing_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_TRACKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_tracking_service;Username=your-user;Password=your-password;SSL Mode=Require diff --git a/deployments/local/README.md b/deployments/local/README.md index ad3d7e12..5bd3adb6 100644 --- a/deployments/local/README.md +++ b/deployments/local/README.md @@ -6,8 +6,12 @@ Docker Compose configuration for running the GoodGo platform locally. ```bash # Setup environment +cp env.local.example .env cp env.local.example .env.local +# Update all placeholder secrets/connection strings in both files +# before starting the stack. + # Start platform docker-compose up -d @@ -31,8 +35,9 @@ For detailed documentation, see: ## Files - `docker-compose.yml` - Service orchestration -- `env.local.example` - Environment variables template -- `.env.local` - Your local environment (git-ignored) +- `env.local.example` - Sanitized environment variables template +- `.env` - Docker Compose interpolation file (fill with real values) +- `.env.local` - Local override file (fill with real values) ## Common Commands diff --git a/deployments/local/docker-compose.yml b/deployments/local/docker-compose.yml index 74cf2d74..31ab6600 100644 --- a/deployments/local/docker-compose.yml +++ b/deployments/local/docker-compose.yml @@ -74,14 +74,14 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=storage_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${STORAGE_DATABASE_URL} # EN: Storage - External MinIO # VI: Storage - MinIO bên ngoài - Storage__Provider=minio - Storage__DefaultBucket=goodgo - - Storage__MinIO__Endpoint=167.114.174.113:9000 - - Storage__MinIO__AccessKey=minioadmin - - Storage__MinIO__SecretKey=Velik@2026 + - Storage__MinIO__Endpoint=${MINIO_ENDPOINT} + - Storage__MinIO__AccessKey=${MINIO_ACCESS_KEY} + - Storage__MinIO__SecretKey=${MINIO_SECRET_KEY} - Storage__MinIO__UseSSL=false # EN: IAM Service Communication # VI: Giao tiếp IAM Service @@ -89,9 +89,9 @@ services: - IamService__ServiceName=storage-service # EN: Redis Cache # VI: Cache Redis - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} ports: - "5002:8080" depends_on: @@ -129,7 +129,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=membership_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${MEMBERSHIP_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -170,7 +170,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=merchant_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${MERCHANT_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -273,7 +273,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=wallet_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${WALLET_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -319,10 +319,10 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=chat_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${CHAT_DATABASE_URL} # EN: Redis for SignalR Backplane # VI: Redis cho SignalR Backplane - - ConnectionStrings__Redis=167.114.174.113:6379,password=Velik@2026 + - ConnectionStrings__Redis=${REDIS_CONNECTION_STRING} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -381,7 +381,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=social_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${SOCIAL_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -393,9 +393,9 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis Cache # VI: Cache Redis - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} ports: - "5009:8080" depends_on: @@ -432,7 +432,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=mining_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${MINING_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -444,9 +444,9 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis Cache # VI: Cache Redis - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} ports: - "5006:8080" depends_on: @@ -490,7 +490,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=mission_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${MISSION_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -502,9 +502,9 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis Cache # VI: Cache Redis - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} ports: - "5007:8080" depends_on: @@ -541,7 +541,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=promotion_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${PROMOTION_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -596,7 +596,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=catalog_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${CATALOG_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -644,7 +644,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=order_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${ORDER_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -697,7 +697,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=inventory_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${INVENTORY_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -745,7 +745,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=fnb_engine;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${FNB_ENGINE_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -757,7 +757,7 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis for SignalR (Kitchen Display) # VI: Redis cho SignalR (Màn hình bếp) - - ConnectionStrings__Redis=167.114.174.113:6379,password=Velik@2026 + - ConnectionStrings__Redis=${REDIS_CONNECTION_STRING} ports: - "5019:8080" depends_on: @@ -803,7 +803,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Database=booking_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${BOOKING_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -858,7 +858,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_manager_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${ADS_MANAGER_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -870,9 +870,9 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis Cache # VI: Cache Redis - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} ports: - "5011:8080" depends_on: @@ -909,7 +909,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_analytics_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${ADS_ANALYTICS_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -921,9 +921,9 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis Cache # VI: Cache Redis - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} ports: - "5015:8080" depends_on: @@ -960,7 +960,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_serving_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${ADS_SERVING_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -972,15 +972,15 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis Cache (required for RTB) # VI: Cache Redis (bắt buộc cho RTB) - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} # EN: RabbitMQ for event publishing # VI: RabbitMQ để publish sự kiện - RabbitMQ__Host=rabbitmq - RabbitMQ__Port=5672 - - RabbitMQ__Username=guest - - RabbitMQ__Password=guest + - RabbitMQ__Username=${RABBITMQ_USERNAME} + - RabbitMQ__Password=${RABBITMQ_PASSWORD} ports: - "5012:8080" depends_on: @@ -1024,7 +1024,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_billing_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${ADS_BILLING_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -1082,7 +1082,7 @@ services: - ASPNETCORE_URLS=http://+:8080 # EN: Database - Neon PostgreSQL # VI: Cơ sở dữ liệu - Neon PostgreSQL - - ConnectionStrings__DefaultConnection=Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=ads_tracking_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require + - ConnectionStrings__DefaultConnection=${ADS_TRACKING_DATABASE_URL} # EN: IAM Service Communication # VI: Giao tiếp IAM Service - IamService__BaseUrl=http://iam-service-net:8080 @@ -1094,15 +1094,15 @@ services: - Jwt__RequireHttpsMetadata=false # EN: Redis Cache (for high-volume event buffering) # VI: Cache Redis (cho buffering sự kiện lưu lượng cao) - - Redis__Host=167.114.174.113 - - Redis__Port=6379 - - Redis__Password=Velik@2026 + - Redis__Host=${REDIS_HOST} + - Redis__Port=${REDIS_PORT} + - Redis__Password=${REDIS_PASSWORD} # EN: RabbitMQ for event publishing # VI: RabbitMQ để publish sự kiện - RabbitMQ__Host=rabbitmq - RabbitMQ__Port=5672 - - RabbitMQ__Username=guest - - RabbitMQ__Password=guest + - RabbitMQ__Username=${RABBITMQ_USERNAME} + - RabbitMQ__Password=${RABBITMQ_PASSWORD} ports: - "5014:8080" depends_on: diff --git a/deployments/local/env.local.example b/deployments/local/env.local.example index 9bb85cca..75fd76a0 100644 --- a/deployments/local/env.local.example +++ b/deployments/local/env.local.example @@ -1,139 +1,96 @@ # ============================================================================= -# GoodGo Platform - Shared Environment Variables (EXAMPLE) +# GoodGo Platform - Local Environment Template # ============================================================================= -# This file contains SHARED configuration for all services in the platform. -# Service-specific configs (DATABASE_URL, PORT, SERVICE_NAME) are defined in -# docker-compose.yml for each service. +# EN: Copy this file to both `.env` and `.env.local` before running docker compose. +# VI: Sao chép file này thành cả `.env` và `.env.local` trước khi chạy docker compose. # -# SETUP: Copy this file to .env.local and fill in your actual values -# Command: cp env.local.example .env.local +# cp env.local.example .env +# cp env.local.example .env.local # +# EN: Never commit real credentials. +# VI: Không commit thông tin nhạy cảm thật. # ============================================================================= -# ============================================================================= -# AUTHENTICATION - Shared across all services -# ============================================================================= -# CRITICAL: These secrets MUST be identical across all services for JWT validation -# Generate secure secrets: openssl rand -base64 32 - -JWT_SECRET=your-super-secret-jwt-key-min-32-characters-change-me -JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters-change-me -JWT_EXPIRES_IN=15m -JWT_REFRESH_EXPIRES_IN=7d - -# ID Token (OIDC) -JWT_ID_SECRET=your-super-secret-id-key-min-32-characters-change-me -JWT_ID_EXPIRES_IN=1h - -# Data Encryption (AES-256-GCM) -# Required for encrypting sensitive data at rest (MFA secrets, etc.) -# Generate: openssl rand -hex 32 -ENCRYPTION_KEY=your-32-byte-hex-encryption-key-must-be-64-chars - -# ============================================================================= -# SHARED INFRASTRUCTURE -# ============================================================================= - -# Redis Configuration (shared cache/session store) -REDIS_HOST=redis -REDIS_PORT=6379 -REDIS_PASSWORD= - -# Neon PostgreSQL (get from https://console.neon.tech) -# Each service can have its own database, or share with schema isolation -# Format: postgresql://user:password@host/database?sslmode=require -DATABASE_URL=postgresql://username:password@host.neon.tech/database?sslmode=require - -# ============================================================================= -# PLATFORM CONFIGURATION -# ============================================================================= - +# ----------------------------------------------------------------------------- +# Runtime +# ----------------------------------------------------------------------------- +ASPNETCORE_ENVIRONMENT=Development NODE_ENV=development -LOG_LEVEL=debug +LOG_LEVEL=Information API_VERSION=v1 -# CORS - Allowed origins for all services -CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost - -# ============================================================================= -# OBSERVABILITY -# ============================================================================= - -# Distributed Tracing -TRACING_ENABLED=false -JAEGER_ENDPOINT=http://jaeger:14268/api/traces - -# Prometheus Metrics (exposed by each service at /metrics) -METRICS_ENABLED=true - -# ============================================================================= -# IAM SERVICE .NET CONFIGURATION -# ============================================================================= - -# Neon PostgreSQL for IAM .NET Service -# Get from https://console.neon.tech -IAM_NET_DATABASE_URL=Host=your-neon-host.neon.tech;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require - -# External Redis (if using external Redis instead of local container) -REDIS_EXTERNAL_HOST=redis -REDIS_EXTERNAL_PORT=6379 -REDIS_EXTERNAL_PASSWORD= -REDIS_EXTERNAL_DATABASE=0 - -# JWT Configuration for .NET Service +# ----------------------------------------------------------------------------- +# JWT / Auth (shared across services) +# ----------------------------------------------------------------------------- +JWT_SECRET=replace-with-min-32-char-secret +JWT_REFRESH_SECRET=replace-with-min-32-char-secret +JWT_ID_SECRET=replace-with-min-32-char-secret +JWT_EXPIRES_IN=15m +JWT_REFRESH_EXPIRES_IN=7d +JWT_ID_EXPIRES_IN=1h JWT_ISSUER=goodgo-platform JWT_AUDIENCE=goodgo-services JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15 JWT_REFRESH_TOKEN_EXPIRY_DAYS=7 -# ============================================================================= -# EXTERNAL SERVICES (Optional) -# ============================================================================= +# ----------------------------------------------------------------------------- +# Security / Encryption +# ----------------------------------------------------------------------------- +ENCRYPTION_KEY=replace-with-64-char-hex-key -# Email Configuration -EMAIL_FROM=noreply@goodgo.vn -# EMAIL_HOST=smtp.gmail.com -# EMAIL_PORT=587 -# EMAIL_USER=your-email@gmail.com -# EMAIL_PASSWORD=your-app-password +# ----------------------------------------------------------------------------- +# Redis +# ----------------------------------------------------------------------------- +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=replace-with-redis-password +REDIS_DATABASE=0 +REDIS_CONNECTION_STRING=redis:6379,password=replace-with-redis-password -# ============================================================================= -# NOTES -# ============================================================================= -# -# Service-Specific Configurations: -# --------------------------------- -# The following are defined PER SERVICE in docker-compose.yml: -# - PORT: Unique port for each service (5001, 5002, 5003, etc.) -# - SERVICE_NAME: Service identifier (iam-service, user-service, etc.) -# - DATABASE_URL: Can override for service-specific database -# -# Traefik API Gateway: -# -------------------- -# - Configuration: infra/traefik/ -# - Services auto-discovered via Docker labels -# - Access services: http://localhost/api/v1/{service-name} -# - Dashboard: http://localhost:8080 -# -# Database Strategy: -# ------------------ -# - Each service can have its own Neon database (microservices pattern) -# - Or share database with schema isolation -# - Get database URLs from: https://console.neon.tech -# - Use connection pooling for better performance -# -# Security: -# --------- -# - NEVER commit .env.local to git (it's in .gitignore) -# - Rotate JWT secrets regularly in production -# - Use strong, unique secrets (min 32 characters) -# - Enable SSL/TLS in production (Traefik handles this) -# -# Quick Start: -# ------------ -# 1. Copy this file: cp env.local.example .env.local -# 2. Update JWT_SECRET and JWT_REFRESH_SECRET with secure values -# 3. Update DATABASE_URL with your Neon PostgreSQL connection string -# 4. Start platform: docker-compose up -d -# -# ============================================================================= +# ----------------------------------------------------------------------------- +# MinIO / Object storage +# ----------------------------------------------------------------------------- +MINIO_ENDPOINT=minio:9000 +MINIO_ACCESS_KEY=replace-with-minio-access-key +MINIO_SECRET_KEY=replace-with-minio-secret-key + +# ----------------------------------------------------------------------------- +# RabbitMQ +# ----------------------------------------------------------------------------- +RABBITMQ_USERNAME=guest +RABBITMQ_PASSWORD=replace-with-rabbitmq-password + +# ----------------------------------------------------------------------------- +# IAM feature flags / misc +# ----------------------------------------------------------------------------- +FEATURE_SWAGGER_ENABLED=true +FEATURE_DETAILED_ERRORS=true +CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost +TRACING_ENABLED=false +JAEGER_ENDPOINT=http://jaeger:14268/api/traces +METRICS_ENABLED=true +SEQ_URL=http://localhost:5341 + +# ----------------------------------------------------------------------------- +# Service database connection strings +# ----------------------------------------------------------------------------- +IAM_DATABASE_URL=Host=your-neon-host;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require +STORAGE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=storage_service;Username=your-user;Password=your-password;SSL Mode=Require +MEMBERSHIP_DATABASE_URL=Host=your-neon-host;Port=5432;Database=membership_service;Username=your-user;Password=your-password;SSL Mode=Require +MERCHANT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=merchant_service;Username=your-user;Password=your-password;SSL Mode=Require +WALLET_DATABASE_URL=Host=your-neon-host;Port=5432;Database=wallet_service;Username=your-user;Password=your-password;SSL Mode=Require +CHAT_DATABASE_URL=Host=your-neon-host;Port=5432;Database=chat_service;Username=your-user;Password=your-password;SSL Mode=Require +SOCIAL_DATABASE_URL=Host=your-neon-host;Port=5432;Database=social_service;Username=your-user;Password=your-password;SSL Mode=Require +MINING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mining_service;Username=your-user;Password=your-password;SSL Mode=Require +MISSION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=mission_service;Username=your-user;Password=your-password;SSL Mode=Require +PROMOTION_DATABASE_URL=Host=your-neon-host;Port=5432;Database=promotion_service;Username=your-user;Password=your-password;SSL Mode=Require +CATALOG_DATABASE_URL=Host=your-neon-host;Port=5432;Database=catalog_service;Username=your-user;Password=your-password;SSL Mode=Require +ORDER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=order_service;Username=your-user;Password=your-password;SSL Mode=Require +INVENTORY_DATABASE_URL=Host=your-neon-host;Port=5432;Database=inventory_service;Username=your-user;Password=your-password;SSL Mode=Require +FNB_ENGINE_DATABASE_URL=Host=your-neon-host;Port=5432;Database=fnb_engine;Username=your-user;Password=your-password;SSL Mode=Require +BOOKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=booking_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_MANAGER_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_manager_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_ANALYTICS_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_analytics_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_SERVING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_serving_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_BILLING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_billing_service;Username=your-user;Password=your-password;SSL Mode=Require +ADS_TRACKING_DATABASE_URL=Host=your-neon-host;Port=5432;Database=ads_tracking_service;Username=your-user;Password=your-password;SSL Mode=Require diff --git a/docs/en/guides/local-deployment.md b/docs/en/guides/local-deployment.md index 69081d09..b7fd31b1 100644 --- a/docs/en/guides/local-deployment.md +++ b/docs/en/guides/local-deployment.md @@ -6,8 +6,9 @@ This directory contains Docker Compose configuration for running the entire Good ```bash # 1. Setup environment variables +cp env.local.example .env cp env.local.example .env.local -# Edit .env.local with your values (JWT_SECRET, DATABASE_URL, etc.) +# Edit both files with your values (JWT_SECRET, service DB URLs, Redis, etc.) # 2. Start all services docker-compose up -d @@ -49,7 +50,7 @@ docker-compose logs -f ## Environment Configuration -Environment variables are managed in `.env.local`: +Environment variables are managed in `.env` and `.env.local`: ### Required Variables @@ -57,9 +58,12 @@ Environment variables are managed in `.env.local`: # Authentication (MUST be same across all services) JWT_SECRET=your-super-secret-jwt-key-min-32-characters JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters +JWT_ID_SECRET=your-super-secret-id-key-min-32-characters -# Database (Neon PostgreSQL) -DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require +# IAM + service databases (Neon PostgreSQL) +IAM_DATABASE_URL=Host=...;Port=5432;Database=iam_service;Username=...;Password=...;SSL Mode=Require +STORAGE_DATABASE_URL=Host=...;Port=5432;Database=storage_service;Username=...;Password=...;SSL Mode=Require +ORDER_DATABASE_URL=Host=...;Port=5432;Database=order_service;Username=...;Password=...;SSL Mode=Require ``` ### Optional Variables @@ -68,6 +72,7 @@ DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require # Redis REDIS_HOST=redis REDIS_PORT=6379 +REDIS_PASSWORD=replace-with-redis-password # Observability TRACING_ENABLED=false @@ -75,6 +80,12 @@ JAEGER_ENDPOINT=http://jaeger:14268/api/traces # CORS CORS_ORIGIN=http://localhost:3000,http://localhost:3001 + +# Object storage and messaging +MINIO_ENDPOINT=minio:9000 +MINIO_ACCESS_KEY=... +MINIO_SECRET_KEY=... +RABBITMQ_PASSWORD=... ``` ## Common Commands @@ -192,8 +203,8 @@ docker-compose up -d service-name ### Database Connection Issues ```bash -# Verify DATABASE_URL in .env.local -cat .env.local | grep DATABASE_URL +# Verify IAM_DATABASE_URL in .env/.env.local +cat .env | grep IAM_DATABASE_URL # Test connection from service docker-compose exec iam-service sh @@ -288,7 +299,7 @@ docker-compose down -v && docker-compose up -d ### Security Checklist - Change default `JWT_SECRET` (min 32 characters) -- Use environment-specific `.env.local` (never commit) +- Use environment-specific `.env` / `.env.local` with real secrets (never commit real values) - Verify CORS origins match your frontend URLs - Enable HTTPS in production (not needed for local) diff --git a/docs/vi/guides/local-deployment.md b/docs/vi/guides/local-deployment.md index 32d110a6..7b29972e 100644 --- a/docs/vi/guides/local-deployment.md +++ b/docs/vi/guides/local-deployment.md @@ -6,8 +6,9 @@ Thư mục này chứa cấu hình Docker Compose để chạy toàn bộ nền ```bash # 1. Thiết lập biến môi trường +cp env.local.example .env cp env.local.example .env.local -# Chỉnh sửa .env.local với các giá trị của bạn (JWT_SECRET, DATABASE_URL, etc.) +# Chỉnh sửa cả 2 file với các giá trị của bạn (JWT_SECRET, DB URL từng service, Redis, v.v.) # 2. Khởi động tất cả services docker-compose up -d @@ -49,7 +50,7 @@ docker-compose logs -f ## Cấu Hình Môi Trường -Biến môi trường được quản lý trong `.env.local`: +Biến môi trường được quản lý trong `.env` và `.env.local`: ### Biến Bắt Buộc @@ -57,9 +58,12 @@ Biến môi trường được quản lý trong `.env.local`: # Xác thực (PHẢI giống nhau cho tất cả services) JWT_SECRET=your-super-secret-jwt-key-min-32-characters JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters +JWT_ID_SECRET=your-super-secret-id-key-min-32-characters -# Database (Neon PostgreSQL) -DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require +# IAM + database từng service (Neon PostgreSQL) +IAM_DATABASE_URL=Host=...;Port=5432;Database=iam_service;Username=...;Password=...;SSL Mode=Require +STORAGE_DATABASE_URL=Host=...;Port=5432;Database=storage_service;Username=...;Password=...;SSL Mode=Require +ORDER_DATABASE_URL=Host=...;Port=5432;Database=order_service;Username=...;Password=...;SSL Mode=Require ``` ### Biến Tùy Chọn @@ -68,6 +72,7 @@ DATABASE_URL=postgresql://user:pass@host.neon.tech/db?sslmode=require # Redis REDIS_HOST=redis REDIS_PORT=6379 +REDIS_PASSWORD=replace-with-redis-password # Observability TRACING_ENABLED=false @@ -75,6 +80,12 @@ JAEGER_ENDPOINT=http://jaeger:14268/api/traces # CORS CORS_ORIGIN=http://localhost:3000,http://localhost:3001 + +# Object storage và messaging +MINIO_ENDPOINT=minio:9000 +MINIO_ACCESS_KEY=... +MINIO_SECRET_KEY=... +RABBITMQ_PASSWORD=... ``` ## Các Lệnh Thường Dùng @@ -192,8 +203,8 @@ docker-compose up -d service-name ### Vấn Đề Kết Nối Database ```bash -# Xác minh DATABASE_URL trong .env.local -cat .env.local | grep DATABASE_URL +# Xác minh IAM_DATABASE_URL trong .env/.env.local +cat .env | grep IAM_DATABASE_URL # Test connection từ service docker-compose exec iam-service sh @@ -286,7 +297,7 @@ docker-compose down -v && docker-compose up -d ### Security Checklist - Thay đổi `JWT_SECRET` mặc định (tối thiểu 32 ký tự) -- Sử dụng `.env.local` riêng cho từng môi trường (không commit) +- Sử dụng `.env` / `.env.local` theo từng môi trường, không commit secret thật - Xác minh CORS origins khớp với frontend URLs - Bật HTTPS trong production (không cần cho local)