pos-system/deployments/local/docker-compose.yml

version: '3.8'

# =============================================================================
# GoodGo Platform - Local Development Environment
# =============================================================================
# 
# Prerequisites:
# 1. Copy env.local.example to .env.local and configure values
# 2. Ensure Docker and Docker Compose are installed
# 3. Get Neon PostgreSQL URL from https://console.neon.tech
#
# Start: docker-compose up -d
# Stop: docker-compose down
# Logs: docker-compose logs -f [service-name]
#
# Access Points:
# - Traefik Dashboard: http://localhost:8080
# - IAM Service: http://localhost/api/v1/auth (backward compatible)
# - IAM Service: http://localhost/api/v1/identity, /api/v1/access, /api/v1/governance
# - Web Admin: http://admin.localhost
# - Web Client: http://localhost
#
# =============================================================================

services:
  # ===========================================================================
  # SHARED INFRASTRUCTURE
  # ===========================================================================

  # Redis - DISABLED (using external Redis 167.114.174.113)
  # redis:
  #   image: redis:7-alpine
  #   container_name: redis-cache-local
  #   command: redis-server /etc/redis/redis.conf
  #   ports:
  #     - "${REDIS_PORT:-6379}:6379"
  #   volumes:
  #     - redis_data:/data
  #     - ../../infra/databases/redis/redis.conf:/etc/redis/redis.conf
  #   healthcheck:
  #     test: ["CMD", "redis-cli", "ping"]
  #     interval: 5s
  #     timeout: 3s
  #     retries: 5
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

  # Traefik - API Gateway and Reverse Proxy
  traefik:
    image: traefik:v3.3
    container_name: traefik-local
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=goodgo-network"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--log.level=${LOG_LEVEL:-INFO}"
      - "--accesslog=true"
    ports:
      - "80:80"       # HTTP
      - "8080:8080"   # Dashboard
    volumes:
      # EN: Use actual Docker Desktop socket path (not symlink)
      # VI: Sử dụng đường dẫn socket thực của Docker Desktop (không phải symlink)
      - ${HOME}/.docker/run/docker.sock:/var/run/docker.sock:ro
      - ../../infra/traefik:/etc/traefik:ro
    networks:
      - microservices-network
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.traefik-dashboard.entrypoints=web"
      - "traefik.http.routers.traefik-dashboard.service=api@internal"

  # ===========================================================================
  # BACKEND SERVICES
  # ===========================================================================

  # Storage Service .NET - File Storage Management
  storage-service:
    build:
      context: ../..
      dockerfile: services/storage-service-net/Dockerfile
    container_name: storage-service-local
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ConnectionStrings__DefaultConnection=${STORAGE_DATABASE_URL:-Host=localhost;Port=5432;Database=storage_db;Username=postgres;Password=postgres}
      - Storage__Provider=${STORAGE_PROVIDER:-minio}
      - Storage__DefaultBucket=${STORAGE_DEFAULT_BUCKET:-storage}
      - Storage__MinIO__Endpoint=minio:9000
      - Storage__MinIO__AccessKey=${MINIO_ACCESS_KEY:-minioadmin}
      - Storage__MinIO__SecretKey=${MINIO_SECRET_KEY:-minioadmin}
      - Storage__MinIO__UseSSL=false
      - IamService__BaseUrl=http://iam-service:5001
      - IamService__ServiceName=storage-service
    ports:
      - "5002:8080"
    depends_on:
      minio:
        condition: service_healthy
      traefik:
        condition: service_started
    networks:
      - microservices-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.storage-service.rule=PathPrefix(`/api/v1/files`) || PathPrefix(`/api/v1/quota`)"
      - "traefik.http.routers.storage-service.entrypoints=web"
      - "traefik.http.services.storage-service.loadbalancer.server.port=8080"
      - "traefik.http.services.storage-service.loadbalancer.healthcheck.path=/health/live"
      - "traefik.http.services.storage-service.loadbalancer.healthcheck.interval=10s"

  # MinIO - S3-compatible Object Storage
  minio:
    image: minio/minio:latest
    container_name: minio-local
    command: server /data --console-address ":9001"
    environment:
      MINIO_ROOT_USER: ${MINIO_ACCESS_KEY:-minioadmin}
      MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY:-minioadmin}
    ports:
      - "9000:9000"  # API port
      - "9001:9001"  # Console port
    volumes:
      - minio_data:/data
    networks:
      - microservices-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 10s
      timeout: 5s
      retries: 5

  # Social Service .NET - Social Graph Management
  social-service:
    build:
      context: ../..
      dockerfile: services/social-service-net/Dockerfile
    container_name: social-service-local
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ConnectionStrings__DefaultConnection=${SOCIAL_DATABASE_URL:-Host=localhost;Port=5432;Database=social_db;Username=postgres;Password=postgres}
      - IamService__BaseUrl=http://iam-service:5001
      - IamService__ServiceName=social-service
    ports:
      - "5003:8080"
    depends_on:
      traefik:
        condition: service_started
    networks:
      - microservices-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.social-service.rule=PathPrefix(`/api/v1/relationships`) || PathPrefix(`/api/v1/blocks`)"
      - "traefik.http.routers.social-service.entrypoints=web"
      - "traefik.http.services.social-service.loadbalancer.server.port=8080"
      - "traefik.http.services.social-service.loadbalancer.healthcheck.path=/health/live"
      - "traefik.http.services.social-service.loadbalancer.healthcheck.interval=10s"

  # IAM Service .NET - Identity and Access Management (Duende IdentityServer)
  iam-service-net:
    image: goodgo/iam-service-net:latest
    container_name: iam-service-net-local
    env_file:
      - .env.local
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=http://+:8080
      # EN: Database - Neon PostgreSQL (from .env)
      # VI: Cơ sở dữ liệu - Neon PostgreSQL (từ .env)
      - ConnectionStrings__DefaultConnection=${IAM_NET_DATABASE_URL}
      # EN: Redis Cache (external)
      # VI: Cache Redis (bên ngoài)
      - Redis__Host=${REDIS_EXTERNAL_HOST}
      - Redis__Port=${REDIS_EXTERNAL_PORT}
      - Redis__Password=${REDIS_EXTERNAL_PASSWORD}
      - Redis__Database=${REDIS_EXTERNAL_DATABASE}
      # EN: JWT Configuration
      # VI: Cấu hình JWT
      - Jwt__Secret=${JWT_SECRET}
      - Jwt__Issuer=${JWT_ISSUER:-goodgo-platform}
      - Jwt__Audience=${JWT_AUDIENCE:-goodgo-services}
      - Jwt__AccessTokenExpiryMinutes=${JWT_ACCESS_TOKEN_EXPIRY_MINUTES:-15}
      - Jwt__RefreshTokenExpiryDays=${JWT_REFRESH_TOKEN_EXPIRY_DAYS:-7}
      # EN: Features
      # VI: Tính năng
      - Features__SwaggerEnabled=true
      - Features__DetailedErrors=true
    ports:
      - "5001:8080"
    depends_on:
      traefik:
        condition: service_started
    networks:
      - microservices-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.iam-service-net.rule=PathPrefix(`/api/v1/iam`) || PathPrefix(`/api/v1/auth`) || PathPrefix(`/api/v1/users`)"
      - "traefik.http.routers.iam-service-net.entrypoints=web"
      - "traefik.http.services.iam-service-net.loadbalancer.server.port=8080"
      - "traefik.http.services.iam-service-net.loadbalancer.healthcheck.path=/health/live"
      - "traefik.http.services.iam-service-net.loadbalancer.healthcheck.interval=10s"

  # ===========================================================================
  # FRONTEND APPLICATIONS (Temporarily disabled)
  # ===========================================================================
  # Uncomment when needed for development

  # # Web Admin - Admin Dashboard (Next.js)
  # web-admin:
  #   build:
  #     context: ../..
  #     dockerfile: apps/web-admin/Dockerfile
  #   container_name: web-admin-local
  #   environment:
  #     - NODE_ENV=${NODE_ENV:-development}
  #     - NEXT_PUBLIC_API_URL=http://localhost/api/v1
  #   ports:
  #     - "3000:3000"
  #   depends_on:
  #     - iam-service
  #     - traefik
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped
  #   labels:
  #     # Traefik service discovery
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.web-admin.rule=Host(`admin.localhost`)"
  #     - "traefik.http.routers.web-admin.entrypoints=web"
  #     - "traefik.http.services.web-admin.loadbalancer.server.port=3000"

  # # Web Client - Client Application (Next.js)
  # web-client:
  #   build:
  #     context: ../..
  #     dockerfile: apps/web-client/Dockerfile
  #   container_name: web-client-local
  #   environment:
  #     - NODE_ENV=${NODE_ENV:-development}
  #     - NEXT_PUBLIC_API_URL=http://localhost/api/v1
  #   ports:
  #     - "3001:3000"
  #   depends_on:
  #     - iam-service
  #     - traefik
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped
  #   labels:
  #     # Traefik service discovery
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.web-client.rule=Host(`localhost`)"
  #     - "traefik.http.routers.web-client.entrypoints=web"
  #     - "traefik.http.services.web-client.loadbalancer.server.port=3000"

  # ===========================================================================
  # OBSERVABILITY (Optional - Uncomment to enable)
  # ===========================================================================

  # Jaeger - Distributed Tracing
  # jaeger:
  #   image: jaegertracing/all-in-one:1.47
  #   container_name: jaeger-local
  #   ports:
  #     - "16686:16686"  # UI
  #     - "14268:14268"  # Collector
  #   environment:
  #     - COLLECTOR_OTLP_ENABLED=true
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

  # Prometheus - Metrics Collection
  # prometheus:
  #   image: prom/prometheus:latest
  #   container_name: prometheus-local
  #   ports:
  #     - "9090:9090"
  #   volumes:
  #     - ../../infra/observability/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
  #     - prometheus_data:/prometheus
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

  # Grafana - Metrics Visualization
  # grafana:
  #   image: grafana/grafana:latest
  #   container_name: grafana-local
  #   ports:
  #     - "3001:3000"
  #   environment:
  #     - GF_SECURITY_ADMIN_PASSWORD=admin
  #   volumes:
  #     - grafana_data:/var/lib/grafana
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

# =============================================================================
# VOLUMES
# =============================================================================
volumes:
  # redis_data:
  #   driver: local
  minio_data:
    driver: local
  # prometheus_data:
  #   driver: local
  # grafana_data:
  #   driver: local

# =============================================================================
# NETWORKS
# =============================================================================
networks:
  microservices-network:
    driver: bridge
    name: goodgo-network