admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deployments): Update local environment configuration for IAM service and Redis integration

Browse Source 
- Modified local `.env` and `.env.local` files to include external Redis configuration and IAM service database connection details.
- Updated `docker-compose.yml` to disable local Redis service in favor of an external Redis instance.
- Added JWT configuration parameters for the IAM service, enhancing security and token management.
- Revised example environment file to reflect new configuration options for external services.
- Enhanced documentation to clarify setup instructions for local development with external dependencies.
This commit is contained in:
Ho Ngoc Hai
2026-01-13 01:03:33 +07:00
parent 4a1a0ef79c
commit 71a5d8d4ed
10 changed files with 832 additions and 938 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
deployments/local/.env
View File

@@ -15,12 +15,24 @@ JWT_ID_EXPIRES_IN=1h
# ENCRYPTION
ENCRYPTION_KEY='460d261122522a6da8df4b9116a55d97432102a524cf055c04118265f0e51693'
# INFRA
REDIS_HOST=redis
# INFRA - External Redis
REDIS_HOST=167.114.174.113
REDIS_PORT=6379
REDIS_PASSWORD=Velik@2026
DATABASE_URL='postgresql://neondb_owner:npg_Ssfy6HKO0cXI@ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech/iam-service?sslmode=require&channel_binding=require'
# OBSERVABILITY
TRACING_ENABLED=false
JAEGER_ENDPOINT=http://jaeger:14268/api/traces
METRICS_ENABLED=true
# IAM SERVICE .NET
IAM_NET_DATABASE_URL='Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=iam_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require'
REDIS_EXTERNAL_HOST=167.114.174.113
REDIS_EXTERNAL_PORT=6379
REDIS_EXTERNAL_PASSWORD=Velik@2026
REDIS_EXTERNAL_DATABASE=0
JWT_ISSUER=goodgo-platform
JWT_AUDIENCE=goodgo-services
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
JWT_REFRESH_TOKEN_EXPIRY_DAYS=7

19
deployments/local/.env.local
View File

@@ -59,3 +59,22 @@ METRICS_ENABLED=true
EMAIL_FROM=noreply@goodgo.vn
REDIS_URL=redis://redis:6379
# =============================================================================
# IAM SERVICE .NET CONFIGURATION
# =============================================================================
# Neon PostgreSQL for IAM .NET Service
IAM_NET_DATABASE_URL="Host=ep-holy-glitter-a4hongg7-pooler.us-east-1.aws.neon.tech;Port=5432;Database=iam_service;Username=neondb_owner;Password=npg_Ssfy6HKO0cXI;SSL Mode=Require"
# External Redis
REDIS_EXTERNAL_HOST=167.114.174.113
REDIS_EXTERNAL_PORT=6379
REDIS_EXTERNAL_PASSWORD=Velik@2026
REDIS_EXTERNAL_DATABASE=0
# JWT Configuration for .NET Service
JWT_ISSUER=goodgo-platform
JWT_AUDIENCE=goodgo-services
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
JWT_REFRESH_TOKEN_EXPIRY_DAYS=7

148
deployments/local/docker-compose.yml
View File

@@ -27,24 +27,24 @@ services:
# SHARED INFRASTRUCTURE
# ===========================================================================
# Redis - Shared cache and session store
redis:
image: redis:7-alpine
container_name: redis-cache-local
command: redis-server /etc/redis/redis.conf
ports:
- "${REDIS_PORT:-6379}:6379"
volumes:
- redis_data:/data
- ../../infra/databases/redis/redis.conf:/etc/redis/redis.conf
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
networks:
- microservices-network
restart: unless-stopped
# Redis - DISABLED (using external Redis 167.114.174.113)
# redis:
# image: redis:7-alpine
# container_name: redis-cache-local
# command: redis-server /etc/redis/redis.conf
# ports:
# - "${REDIS_PORT:-6379}:6379"
# volumes:
# - redis_data:/data
# - ../../infra/databases/redis/redis.conf:/etc/redis/redis.conf
# healthcheck:
# test: ["CMD", "redis-cli", "ping"]
# interval: 5s
# timeout: 3s
# retries: 5
# networks:
# - microservices-network
# restart: unless-stopped
# Traefik - API Gateway and Reverse Proxy
traefik:
@@ -81,59 +81,6 @@ services:
# BACKEND SERVICES
# ===========================================================================
# IAM Service - Identity and Access Management
iam-service:
build:
context: ../..
dockerfile: services/iam-service/Dockerfile
container_name: iam-service-local
env_file:
- .env.local
environment:
# Service-specific
- PORT=5001
- SERVICE_NAME=iam-service
- API_VERSION=${API_VERSION:-v1}
# Shared from .env.local (explicit for clarity)
- NODE_ENV=${NODE_ENV:-development}
- LOG_LEVEL=${LOG_LEVEL:-debug}
- DATABASE_URL=${DATABASE_URL}
- REDIS_HOST=${REDIS_HOST:-redis}
- REDIS_PORT=${REDIS_PORT:-6379}
- JWT_SECRET=${JWT_SECRET}
- JWT_EXPIRES_IN=${JWT_EXPIRES_IN:-15m}
- JWT_REFRESH_SECRET=${JWT_REFRESH_SECRET}
- JWT_REFRESH_EXPIRES_IN=${JWT_REFRESH_EXPIRES_IN:-7d}
- ENCRYPTION_KEY=${ENCRYPTION_KEY}
- CORS_ORIGIN=${CORS_ORIGIN}
- TRACING_ENABLED=${TRACING_ENABLED:-false}
- JAEGER_ENDPOINT=${JAEGER_ENDPOINT}
ports:
- "5001:5001"
depends_on:
redis:
condition: service_healthy
traefik:
condition: service_started
networks:
- microservices-network
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5001/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
labels:
# Traefik service discovery
- "traefik.enable=true"
- "traefik.http.routers.iam-service.rule=PathPrefix(`/api/v1/auth`) || PathPrefix(`/api/v1/users`) || PathPrefix(`/api/v1/identity`) || PathPrefix(`/api/v1/access`) || PathPrefix(`/api/v1/governance`) || PathPrefix(`/api/v1/rbac`) || PathPrefix(`/api/v1/mfa`) || PathPrefix(`/api/v1/sessions`)"
- "traefik.http.routers.iam-service.entrypoints=web"
- "traefik.http.services.iam-service.loadbalancer.server.port=5001"
- "traefik.http.services.iam-service.loadbalancer.healthcheck.path=/health"
- "traefik.http.services.iam-service.loadbalancer.healthcheck.interval=10s"
# Storage Service .NET - File Storage Management
storage-service:
build:
@@ -154,8 +101,6 @@ services:
ports:
- "5002:8080"
depends_on:
redis:
condition: service_healthy
minio:
condition: service_healthy
traefik:
@@ -213,8 +158,6 @@ services:
ports:
- "5003:8080"
depends_on:
redis:
condition: service_healthy
traefik:
condition: service_started
networks:
@@ -234,6 +177,57 @@ services:
- "traefik.http.services.social-service.loadbalancer.healthcheck.path=/health/live"
- "traefik.http.services.social-service.loadbalancer.healthcheck.interval=10s"
# IAM Service .NET - Identity and Access Management (Duende IdentityServer)
iam-service-net:
image: goodgo/iam-service-net:latest
container_name: iam-service-net-local
env_file:
- .env.local
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://+:8080
# EN: Database - Neon PostgreSQL (from .env)
# VI: Cơ sở dữ liệu - Neon PostgreSQL (từ .env)
- ConnectionStrings__DefaultConnection=${IAM_NET_DATABASE_URL}
# EN: Redis Cache (external)
# VI: Cache Redis (bên ngoài)
- Redis__Host=${REDIS_EXTERNAL_HOST}
- Redis__Port=${REDIS_EXTERNAL_PORT}
- Redis__Password=${REDIS_EXTERNAL_PASSWORD}
- Redis__Database=${REDIS_EXTERNAL_DATABASE}
# EN: JWT Configuration
# VI: Cấu hình JWT
- Jwt__Secret=${JWT_SECRET}
- Jwt__Issuer=${JWT_ISSUER:-goodgo-platform}
- Jwt__Audience=${JWT_AUDIENCE:-goodgo-services}
- Jwt__AccessTokenExpiryMinutes=${JWT_ACCESS_TOKEN_EXPIRY_MINUTES:-15}
- Jwt__RefreshTokenExpiryDays=${JWT_REFRESH_TOKEN_EXPIRY_DAYS:-7}
# EN: Features
# VI: Tính năng
- Features__SwaggerEnabled=true
- Features__DetailedErrors=true
ports:
- "5001:8080"
depends_on:
traefik:
condition: service_started
networks:
- microservices-network
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
labels:
- "traefik.enable=true"
- "traefik.http.routers.iam-service-net.rule=PathPrefix(`/api/v1/iam`) || PathPrefix(`/api/v1/auth`) || PathPrefix(`/api/v1/users`)"
- "traefik.http.routers.iam-service-net.entrypoints=web"
- "traefik.http.services.iam-service-net.loadbalancer.server.port=8080"
- "traefik.http.services.iam-service-net.loadbalancer.healthcheck.path=/health/live"
- "traefik.http.services.iam-service-net.loadbalancer.healthcheck.interval=10s"
# ===========================================================================
# FRONTEND APPLICATIONS (Temporarily disabled)
# ===========================================================================
@@ -335,8 +329,8 @@ services:
# VOLUMES
# =============================================================================
volumes:
redis_data:
driver: local
# redis_data:
# driver: local
minio_data:
driver: local
# prometheus_data:

20
deployments/local/env.local.example
View File

@@ -66,6 +66,26 @@ JAEGER_ENDPOINT=http://jaeger:14268/api/traces
# Prometheus Metrics (exposed by each service at /metrics)
METRICS_ENABLED=true
# =============================================================================
# IAM SERVICE .NET CONFIGURATION
# =============================================================================
# Neon PostgreSQL for IAM .NET Service
# Get from https://console.neon.tech
IAM_NET_DATABASE_URL=Host=your-neon-host.neon.tech;Port=5432;Database=iam_service;Username=your-user;Password=your-password;SSL Mode=Require
# External Redis (if using external Redis instead of local container)
REDIS_EXTERNAL_HOST=redis
REDIS_EXTERNAL_PORT=6379
REDIS_EXTERNAL_PASSWORD=
REDIS_EXTERNAL_DATABASE=0
# JWT Configuration for .NET Service
JWT_ISSUER=goodgo-platform
JWT_AUDIENCE=goodgo-services
JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15
JWT_REFRESH_TOKEN_EXPIRY_DAYS=7
# =============================================================================
# EXTERNAL SERVICES (Optional)
# =============================================================================