From e76adcbe8d587ff397e18f9d1e5e4c8d2902e6a9 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Sun, 7 Dec 2025 14:56:13 +0000
Subject: [PATCH] .

---
 backend/api-gateway/.env                  | 109 ++++++++++++++++++++++
 backend/api-gateway/deploy.sh             |   0
 backend/infrastructure/deploy.sh          |   0
 backend/mpc-system/scripts/deploy.sh      |   0
 frontend/admin-web/deploy.sh              |   0
 frontend/admin-web/scripts/deploy.sh      |   0
 frontend/mobile-upgrade/deploy.sh         |   0
 frontend/mobile-upgrade/scripts/deploy.sh |   0
 8 files changed, 109 insertions(+)
 create mode 100644 backend/api-gateway/.env
 mode change 100644 => 100755 backend/api-gateway/deploy.sh
 mode change 100644 => 100755 backend/infrastructure/deploy.sh
 mode change 100644 => 100755 backend/mpc-system/scripts/deploy.sh
 mode change 100644 => 100755 frontend/admin-web/deploy.sh
 mode change 100644 => 100755 frontend/admin-web/scripts/deploy.sh
 mode change 100644 => 100755 frontend/mobile-upgrade/deploy.sh
 mode change 100644 => 100755 frontend/mobile-upgrade/scripts/deploy.sh

diff --git a/backend/api-gateway/.env b/backend/api-gateway/.env
new file mode 100644
index 00000000..4d282f5a
--- /dev/null
+++ b/backend/api-gateway/.env
@@ -0,0 +1,109 @@
+# =============================================================================
+# API Gateway (Kong) - Production Environment Configuration
+# =============================================================================
+#
+# Deployment: Server A (192.168.1.100)
+# Role: API gateway with rate limiting, authentication, and routing
+#
+# Architecture:
+# ┌─────────────────────────────────────────────────────────────────────────┐
+# │ Internet (https://rwaapi.szaiai.com)                                    │
+# └─────────────────────────────────────────────────────────────────────────┘
+#                                    │
+#                                    ▼
+# ┌─────────────────────────────────────────────────────────────────────────┐
+# │ Server A - 119.145.15.38 (Public) / 192.168.1.100 (Internal)            │
+# │   ├── nginx (port 80/443) - SSL termination, reverse proxy             │
+# │   ├── Kong (port 8000)    - API gateway, routing, rate limiting        │
+# │   └── Kong Admin (8001)   - Admin API (internal only)                  │
+# └─────────────────────────────────────────────────────────────────────────┘
+#                                    │
+#                                    ▼
+# ┌─────────────────────────────────────────────────────────────────────────┐
+# │ Server B - 192.168.1.111 (Internal Only)                                │
+# │   └── Microservices (identity:3000, wallet:3001, mpc:3006, etc.)        │
+# └─────────────────────────────────────────────────────────────────────────┘
+#
+# Setup Instructions:
+#   1. Copy this file: cp .env.example .env
+#   2. Update values according to your deployment environment
+#   3. Update kong.yml service URLs to point to 192.168.1.111
+#   4. Start services: ./deploy.sh up
+#
+# IMPORTANT: In production, change all default passwords and secrets!
+# =============================================================================
+
+# =============================================================================
+# Network Configuration
+# =============================================================================
+# Public domain for the API
+PUBLIC_DOMAIN=rwaapi.szaiai.com
+
+# Server A: Gateway server (this server)
+GATEWAY_SERVER_PUBLIC_IP=119.145.15.38
+GATEWAY_SERVER_INTERNAL_IP=192.168.1.100
+
+# Server B: Backend services server
+BACKEND_SERVER_IP=192.168.1.111
+
+# =============================================================================
+# Kong Database Configuration
+# =============================================================================
+# PostgreSQL password for Kong database
+# NOTE: Kong uses hardcoded database username 'kong' and database name 'kong'
+#       Only the password is configurable via this variable
+# SECURITY: Change this in production!
+# Example command to generate: openssl rand -base64 32
+KONG_PG_PASSWORD=kong_password
+
+# =============================================================================
+# Kong Admin GUI Configuration
+# =============================================================================
+# Admin GUI URL - Update to match your deployment domain
+# For production with nginx reverse proxy:
+#   https://admin.rwaapi.szaiai.com or internal only access
+# SECURITY: Consider not exposing admin GUI publicly!
+KONG_ADMIN_GUI_URL=http://192.168.1.100:8002
+
+# =============================================================================
+# Monitoring Stack Configuration (Optional)
+# =============================================================================
+# Grafana Admin Password
+# SECURITY: Change this in production!
+# Example command to generate: openssl rand -base64 24
+GRAFANA_ADMIN_PASSWORD=admin123
+
+# Grafana Root URL - CRITICAL: Must match the actual URL users access Grafana from
+# IMPORTANT: This affects CORS, redirects, and authentication!
+#
+# For your deployment with nginx SSL:
+#   GRAFANA_ROOT_URL=https://monitor.szaiai.com
+#
+# Common mistake: Setting localhost when accessing via domain causes "origin not allowed" error!
+# After changing this value, you MUST restart monitoring services:
+#   ./deploy.sh monitoring down && ./deploy.sh monitoring up
+GRAFANA_ROOT_URL=https://monitor.szaiai.com
+
+# Docker network name for monitoring services
+# Note: This should match the network created by docker-compose.yml
+NETWORK_NAME=api-gateway_rwa-network
+
+# =============================================================================
+# Kong Upstream Service URLs (for kong.yml configuration)
+# =============================================================================
+# These are reference values - actual configuration is in kong.yml
+# All services run on Server B (192.168.1.111):
+#
+# identity-service:    http://192.168.1.111:3000
+# wallet-service:      http://192.168.1.111:3001
+# backup-service:      http://192.168.1.111:3002
+# planting-service:    http://192.168.1.111:3003
+# referral-service:    http://192.168.1.111:3004
+# reward-service:      http://192.168.1.111:3005
+# mpc-service:         http://192.168.1.111:3006
+# leaderboard-service: http://192.168.1.111:3007
+# reporting-service:   http://192.168.1.111:3008
+# authorization-service: http://192.168.1.111:3009
+# admin-service:       http://192.168.1.111:3010
+# presence-service:    http://192.168.1.111:3011
+# blockchain-service:  http://192.168.1.111:3012
diff --git a/backend/api-gateway/deploy.sh b/backend/api-gateway/deploy.sh
old mode 100644
new mode 100755
diff --git a/backend/infrastructure/deploy.sh b/backend/infrastructure/deploy.sh
old mode 100644
new mode 100755
diff --git a/backend/mpc-system/scripts/deploy.sh b/backend/mpc-system/scripts/deploy.sh
old mode 100644
new mode 100755
diff --git a/frontend/admin-web/deploy.sh b/frontend/admin-web/deploy.sh
old mode 100644
new mode 100755
diff --git a/frontend/admin-web/scripts/deploy.sh b/frontend/admin-web/scripts/deploy.sh
old mode 100644
new mode 100755
diff --git a/frontend/mobile-upgrade/deploy.sh b/frontend/mobile-upgrade/deploy.sh
old mode 100644
new mode 100755
diff --git a/frontend/mobile-upgrade/scripts/deploy.sh b/frontend/mobile-upgrade/scripts/deploy.sh
old mode 100644
new mode 100755