.

backend/api-gateway/.env

@@ -0,0 +1,109 @@
+# =============================================================================
+# API Gateway (Kong) - Production Environment Configuration
+# =============================================================================
+#
+# Deployment: Server A (192.168.1.100)
+# Role: API gateway with rate limiting, authentication, and routing
+#
+# Architecture:
+# ┌─────────────────────────────────────────────────────────────────────────┐
+# │ Internet (https://rwaapi.szaiai.com)                                    │
+# └─────────────────────────────────────────────────────────────────────────┘
+#                                    │
+#                                    ▼
+# ┌─────────────────────────────────────────────────────────────────────────┐
+# │ Server A - 119.145.15.38 (Public) / 192.168.1.100 (Internal)            │
+# │   ├── nginx (port 80/443) - SSL termination, reverse proxy             │
+# │   ├── Kong (port 8000)    - API gateway, routing, rate limiting        │
+# │   └── Kong Admin (8001)   - Admin API (internal only)                  │
+# └─────────────────────────────────────────────────────────────────────────┘
+#                                    │
+#                                    ▼
+# ┌─────────────────────────────────────────────────────────────────────────┐
+# │ Server B - 192.168.1.111 (Internal Only)                                │
+# │   └── Microservices (identity:3000, wallet:3001, mpc:3006, etc.)        │
+# └─────────────────────────────────────────────────────────────────────────┘
+#
+# Setup Instructions:
+#   1. Copy this file: cp .env.example .env
+#   2. Update values according to your deployment environment
+#   3. Update kong.yml service URLs to point to 192.168.1.111
+#   4. Start services: ./deploy.sh up
+#
+# IMPORTANT: In production, change all default passwords and secrets!
+# =============================================================================
+
+# =============================================================================
+# Network Configuration
+# =============================================================================
+# Public domain for the API
+PUBLIC_DOMAIN=rwaapi.szaiai.com
+
+# Server A: Gateway server (this server)
+GATEWAY_SERVER_PUBLIC_IP=119.145.15.38
+GATEWAY_SERVER_INTERNAL_IP=192.168.1.100
+
+# Server B: Backend services server
+BACKEND_SERVER_IP=192.168.1.111
+
+# =============================================================================
+# Kong Database Configuration
+# =============================================================================
+# PostgreSQL password for Kong database
+# NOTE: Kong uses hardcoded database username 'kong' and database name 'kong'
+#       Only the password is configurable via this variable
+# SECURITY: Change this in production!
+# Example command to generate: openssl rand -base64 32
+KONG_PG_PASSWORD=kong_password
+
+# =============================================================================
+# Kong Admin GUI Configuration
+# =============================================================================
+# Admin GUI URL - Update to match your deployment domain
+# For production with nginx reverse proxy:
+#   https://admin.rwaapi.szaiai.com or internal only access
+# SECURITY: Consider not exposing admin GUI publicly!
+KONG_ADMIN_GUI_URL=http://192.168.1.100:8002
+
+# =============================================================================
+# Monitoring Stack Configuration (Optional)
+# =============================================================================
+# Grafana Admin Password
+# SECURITY: Change this in production!
+# Example command to generate: openssl rand -base64 24
+GRAFANA_ADMIN_PASSWORD=admin123
+
+# Grafana Root URL - CRITICAL: Must match the actual URL users access Grafana from
+# IMPORTANT: This affects CORS, redirects, and authentication!
+#
+# For your deployment with nginx SSL:
+#   GRAFANA_ROOT_URL=https://monitor.szaiai.com
+#
+# Common mistake: Setting localhost when accessing via domain causes "origin not allowed" error!
+# After changing this value, you MUST restart monitoring services:
+#   ./deploy.sh monitoring down && ./deploy.sh monitoring up
+GRAFANA_ROOT_URL=https://monitor.szaiai.com
+
+# Docker network name for monitoring services
+# Note: This should match the network created by docker-compose.yml
+NETWORK_NAME=api-gateway_rwa-network
+
+# =============================================================================
+# Kong Upstream Service URLs (for kong.yml configuration)
+# =============================================================================
+# These are reference values - actual configuration is in kong.yml
+# All services run on Server B (192.168.1.111):
+#
+# identity-service:    http://192.168.1.111:3000
+# wallet-service:      http://192.168.1.111:3001
+# backup-service:      http://192.168.1.111:3002
+# planting-service:    http://192.168.1.111:3003
+# referral-service:    http://192.168.1.111:3004
+# reward-service:      http://192.168.1.111:3005
+# mpc-service:         http://192.168.1.111:3006
+# leaderboard-service: http://192.168.1.111:3007
+# reporting-service:   http://192.168.1.111:3008
+# authorization-service: http://192.168.1.111:3009
+# admin-service:       http://192.168.1.111:3010
+# presence-service:    http://192.168.1.111:3011
+# blockchain-service:  http://192.168.1.111:3012