hailin
/
gcx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

infra: move Kong to gateway server, fix MinIO internal path 

- infrastructure/kong/: Kong declarative config for gateway server
  All service URLs use http://192.168.1.222:PORT (internal server)
  admin-service gets extended timeouts (300s) for large uploads
- docker-compose.yml: admin-service uses MINIO_ENDPOINT=192.168.1.200:9200
  Plain HTTP via Nginx internal proxy (no SSL, no extra_hosts needed)

New upload path:
  Browser → Nginx:443 → Kong:48080 (local) → admin-service(LAN) → MinIO:9200(local)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-03-07 03:41:45 -08:00
parent 9e07efc54c
commit 099c1fe49c
3 changed files with 318 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
backend/docker-compose.yml
View File

@ -353,16 +353,14 @@ services:
- DB_USERNAME=genex
- DB_PASSWORD=${DB_PASSWORD}
- DB_NAME=genex
- MINIO_ENDPOINT=oss.gogenex.com # Use domain; extra_hosts maps it to 192.168.1.200 (gateway LAN IP) inside container
- MINIO_PORT=443
- MINIO_USE_SSL=true
- MINIO_ENDPOINT=192.168.1.200 # MinIO on gateway — internal HTTP proxy (Nginx :9200 → MinIO:9100, no SSL)
- MINIO_PORT=9200
- MINIO_USE_SSL=false
- MINIO_ACCESS_KEY=genex-admin
- MINIO_SECRET_KEY=genex-minio-secret
- MINIO_BUCKET=app-releases
- OSS_BASE_URL=https://oss.gogenex.com # Public download base URL for app packages
- JWT_ACCESS_SECRET=dev-access-secret-change-in-production
extra_hosts:
- "oss.gogenex.com:192.168.1.200" # Bypass public DNS; route MinIO via gateway LAN IP (port 443 Nginx → localhost:9100)
depends_on:
postgres:
condition: service_healthy

26
infrastructure/kong/docker-compose.yml Normal file
View File

@ -0,0 +1,26 @@
services:
kong:
image: kong:3.6-ubuntu
container_name: genex-kong
restart: unless-stopped
environment:
KONG_DATABASE: "off"
KONG_DECLARATIVE_CONFIG: /etc/kong/kong.yml
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_PROXY_LISTEN: "0.0.0.0:8080"
KONG_ADMIN_LISTEN: "127.0.0.1:8001"
# Large file upload support
KONG_NGINX_PROXY_PROXY_REQUEST_BUFFERING: "off"
KONG_NGINX_PROXY_CLIENT_MAX_BODY_SIZE: "500m"
volumes:
- ./kong.yml:/etc/kong/kong.yml:ro
ports:
- "127.0.0.1:48080:8080"
healthcheck:
test: ["CMD", "kong", "health"]
interval: 10s
timeout: 5s
retries: 5

289
infrastructure/kong/kong.yml Normal file
View File

@ -0,0 +1,289 @@
_format_version: "3.0"
# ============================================================
# Genex Kong API Gateway - Gateway Server Configuration
# Deployed on: 154.84.135.121 (gateway server)
# Microservices: http://192.168.1.222:PORT (internal server)
# ============================================================
services:
# --- auth-service (NestJS :3010) ---
- name: auth-service
url: http://192.168.1.222:4010
routes:
- name: auth-routes
paths:
- /api/v1/auth
strip_path: false
# --- user-service (NestJS :3001) ---
- name: user-service
url: http://192.168.1.222:4001
routes:
- name: user-routes
paths:
- /api/v1/users
strip_path: false
- name: wallet-routes
paths:
- /api/v1/wallet
strip_path: false
- name: message-routes
paths:
- /api/v1/messages
strip_path: false
- name: admin-user-routes
paths:
- /api/v1/admin/users
strip_path: false
- name: admin-dashboard-routes
paths:
- /api/v1/admin/dashboard
strip_path: false
- name: admin-system-routes
paths:
- /api/v1/admin/system
strip_path: false
# --- telemetry-service (NestJS :3011) ---
- name: telemetry-service
url: http://192.168.1.222:4011
routes:
- name: telemetry-routes
paths:
- /api/v1/telemetry
strip_path: false
- name: admin-telemetry-routes
paths:
- /api/v1/admin/telemetry
strip_path: false
# --- admin-service (NestJS :3012) ---
- name: admin-service
url: http://192.168.1.222:4012
connect_timeout: 300000
write_timeout: 300000
read_timeout: 300000
routes:
- name: app-version-routes
paths:
- /api/v1/app/version
strip_path: false
- name: admin-version-routes
paths:
- /api/v1/admin/versions
strip_path: false
# --- referral-service (NestJS :3013) ---
- name: referral-service
url: http://192.168.1.222:4013
routes:
- name: referral-routes
paths:
- /api/v1/referral
strip_path: false
# --- issuer-service (NestJS :3002) ---
- name: issuer-service
url: http://192.168.1.222:4002
routes:
- name: coupon-routes
paths:
- /api/v1/coupons
strip_path: false
- name: issuer-routes
paths:
- /api/v1/issuers
strip_path: false
- name: issuer-me-routes
paths:
- /api/v1/issuers/me
strip_path: false
- name: redemption-routes
paths:
- /api/v1/redemptions
strip_path: false
- name: coupon-batch-routes
paths:
- /api/v1/coupons/batch
strip_path: false
- name: admin-issuer-routes
paths:
- /api/v1/admin/issuers
strip_path: false
- name: admin-coupon-routes
paths:
- /api/v1/admin/coupons
strip_path: false
- name: admin-analytics-routes
paths:
- /api/v1/admin/analytics
strip_path: false
- name: admin-merchant-routes
paths:
- /api/v1/admin/merchant
strip_path: false
# --- trading-service (Go :3003) ---
- name: trading-service
url: http://192.168.1.222:4003
routes:
- name: trade-routes
paths:
- /api/v1/trades
strip_path: false
- name: trades-my-routes
paths:
- /api/v1/trades/my
strip_path: false
- name: trades-coupon-transfer-routes
paths:
- /api/v1/trades/coupons
strip_path: false
- name: market-maker-routes
paths:
- /api/v1/mm
strip_path: false
- name: admin-trade-routes
paths:
- /api/v1/admin/trades
strip_path: false
- name: admin-mm-routes
paths:
- /api/v1/admin/mm
strip_path: false
# --- clearing-service (NestJS :3004) ---
- name: clearing-service
url: http://192.168.1.222:4004
routes:
- name: payment-routes
paths:
- /api/v1/payments
strip_path: false
- name: admin-finance-routes
paths:
- /api/v1/admin/finance
strip_path: false
- name: admin-reports-routes
paths:
- /api/v1/admin/reports
strip_path: false
# --- compliance-service (NestJS :3005) ---
- name: compliance-service
url: http://192.168.1.222:4005
routes:
- name: compliance-routes
paths:
- /api/v1/compliance
strip_path: false
- name: dispute-routes
paths:
- /api/v1/disputes
strip_path: false
- name: admin-risk-routes
paths:
- /api/v1/admin/risk
strip_path: false
- name: admin-compliance-routes
paths:
- /api/v1/admin/compliance
strip_path: false
- name: admin-dispute-routes
paths:
- /api/v1/admin/disputes
strip_path: false
- name: admin-insurance-routes
paths:
- /api/v1/admin/insurance
strip_path: false
# --- ai-service (NestJS :3006) ---
- name: ai-service
url: http://192.168.1.222:4006
routes:
- name: ai-routes
paths:
- /api/v1/ai
strip_path: false
# --- notification-service (NestJS :3008) ---
- name: notification-service
url: http://192.168.1.222:4008
routes:
- name: notification-routes
paths:
- /api/v1/notifications
strip_path: false
- name: announcement-routes
paths:
- /api/v1/announcements
strip_path: false
- name: device-token-routes
paths:
- /api/v1/device-tokens
strip_path: false
- name: admin-notification-routes
paths:
- /api/v1/admin/notifications
strip_path: false
- name: admin-announcement-routes
paths:
- /api/v1/admin/announcements
strip_path: false
- name: admin-user-tag-routes
paths:
- /api/v1/admin/user-tags
strip_path: false
# --- chain-indexer (Go :3009) ---
- name: chain-indexer
url: http://192.168.1.222:4009
routes:
- name: chain-routes
paths:
- /api/v1/chain
strip_path: false
- name: admin-chain-routes
paths:
- /api/v1/admin/chain
strip_path: false
# --- translate-service (Go :3007) ---
- name: translate-service
url: http://192.168.1.222:4007
routes:
- name: translate-routes
paths:
- /api/v1/translate
strip_path: false
plugins:
- name: cors
config:
origins:
- "*"
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Authorization
- Content-Type
- X-Requested-With
exposed_headers:
- X-Auth-Token
credentials: true
max_age: 3600
- name: rate-limiting
config:
minute: 100
policy: local
fault_tolerant: true
hide_client_headers: false