rwadurian

Commit Graph

Author	SHA1	Message	Date
hailin	b25a893d37	docs(config): update .env.example files for production deployment - Update all .env.example files with production topology documentation - Add network configuration for Server A (119.145.15.38/192.168.1.100) and Server B (192.168.1.111) - Document service ports and connection URLs for all microservices - Add architecture diagrams in comments for easy reference - Include security notes and key generation commands Files updated: - backend/services/.env.example (main config) - backend/services/identity-service/.env.example - backend/services/mpc-service/.env.example - backend/services/blockchain-service/.env.example - backend/mpc-system/.env.example - backend/api-gateway/.env.example - backend/infrastructure/.env.example 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-07 04:55:21 -08:00
hailin	746cd8e35e	fix(api-gateway): add Grafana 10+ CORS configuration for reverse proxy access 添加 Grafana 10+ 的 CORS/跨域配置，解决通过 Nginx 反向代理访问时的 "origin not allowed" 错误。 Changes: - docker-compose.monitoring.yml: 添加 Grafana 安全配置 - GF_SECURITY_ALLOW_EMBEDDING=true: 允许嵌入和反向代理访问 - GF_SECURITY_COOKIE_SAMESITE=none: 允许跨域 Cookie - GF_SECURITY_COOKIE_SECURE=true: HTTPS 下安全传输 Cookie - GF_AUTH_ANONYMOUS_ENABLED=false: 保持安全性，禁用匿名访问 - .env.example: 添加重启提示说明 - 强调修改 GRAFANA_ROOT_URL 后必须重启监控服务 - README.md: 新增 "Grafana 通过 Nginx/域名访问配置" 章节 - 详细说明配置步骤 - 提供验证方法 - 列出常见错误和解决方案问题根因: Grafana 10+ 引入了更严格的安全策略，要求显式配置 CORS 相关参数才能通过反向代理访问。仅配置 GF_SERVER_ROOT_URL 不足以解决跨域问题。 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-04 22:23:04 -08:00
hailin	b94cf57b08	docs(api-gateway): enhance GRAFANA_ROOT_URL configuration documentation - Added critical warning about GRAFANA_ROOT_URL matching actual access URL - Documented common "origin not allowed" error and its cause - Provided clear examples for local vs production deployment - Added security tip for generating Grafana password This fixes the 403 Forbidden error when accessing Grafana via domain while GRAFANA_ROOT_URL is set to localhost. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-04 22:07:22 -08:00
hailin	a748cf07f0	docs(api-gateway): clarify Kong database configuration details - Added Kong database configuration section to README.md - Documented that Kong database username and database name are hardcoded as 'kong' - Clarified that only password is configurable via KONG_PG_PASSWORD - Added security warnings about changing password in production - Updated .env.example with detailed comments about Kong database config 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-04 21:53:10 -08:00
hailin	2556fea841	refactor: separate configuration from code following 12-Factor App principles - Created .env.example files with comprehensive security warnings - Removed hardcoded IP addresses and credentials from docker-compose files - Made database passwords mandatory (fail-fast on missing config) - Removed Chinese mirror sources from all Dockerfiles - Enhanced deploy.sh scripts with .env validation and auto-creation - Added comprehensive README.md deployment guides - Changed ALLOWED_IPS default to enable cross-server deployment - Updated all docker-compose files to use environment variables 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-04 21:46:35 -08:00

5 Commits