# ============================================================================= # MPC-System Production Deployment - Central Services # ============================================================================= # Purpose: Deploy central infrastructure (Message Router, Session Coordinator, Account) # Server Parties are deployed separately on different machines/locations # # Usage: # ./deploy.sh prod up # Start central services # ./deploy.sh prod down # Stop central services # # External Ports (must be accessible from server-parties): # 50051 - Message Router gRPC (for party connections) # 50052 - Session Coordinator gRPC (for party connections) # 4000 - Account Service HTTP API (for backend integration) # 8081 - Session Coordinator HTTP API (for backend integration) # 8082 - Message Router HTTP API (health checks) # # Architecture: # Server Parties (NAT-friendly) --> Message Router (Public) --> Session Coordinator # --> PostgreSQL (Internal) # ============================================================================= services: # ============================================ # Infrastructure Services (Internal Only) # ============================================ postgres: image: postgres:15-alpine container_name: mpc-postgres environment: TZ: Asia/Shanghai POSTGRES_DB: mpc_system POSTGRES_USER: ${POSTGRES_USER:-mpc_user} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set in .env} volumes: - postgres-data:/var/lib/postgresql/data - ./migrations:/docker-entrypoint-initdb.d:ro healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-mpc_user} -d mpc_system"] interval: 10s timeout: 5s retries: 5 start_period: 30s networks: - mpc-internal restart: unless-stopped # ============================================ # Message Router - Public gRPC Endpoint # Server Parties connect here from anywhere # ============================================ message-router: build: context: . dockerfile: services/message-router/Dockerfile container_name: mpc-message-router ports: - "${MESSAGE_ROUTER_GRPC_PORT:-50051}:50051" # gRPC for party connections (PUBLIC) - "${MESSAGE_ROUTER_HTTP_PORT:-8082}:8080" # HTTP for health checks environment: TZ: Asia/Shanghai MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable depends_on: postgres: condition: service_healthy healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-internal restart: unless-stopped # ============================================ # Session Coordinator - Public gRPC Endpoint # ============================================ session-coordinator: build: context: . dockerfile: services/session-coordinator/Dockerfile container_name: mpc-session-coordinator ports: - "${SESSION_COORDINATOR_GRPC_PORT:-50052}:50051" # gRPC for party connections (PUBLIC) - "${SESSION_COORDINATOR_HTTP_PORT:-8081}:8080" # HTTP API environment: TZ: Asia/Shanghai MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable MPC_JWT_SECRET_KEY: ${JWT_SECRET_KEY} MPC_JWT_ISSUER: mpc-system MESSAGE_ROUTER_ADDR: message-router:50051 depends_on: postgres: condition: service_healthy message-router: condition: service_healthy healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-internal restart: unless-stopped # ============================================ # Account Service - External API Entry Point # ============================================ account-service: build: context: . dockerfile: services/account/Dockerfile container_name: mpc-account-service ports: - "${ACCOUNT_SERVICE_PORT:-4000}:8080" # HTTP API for external access environment: TZ: Asia/Shanghai MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable MPC_COORDINATOR_URL: session-coordinator:50051 MPC_JWT_SECRET_KEY: ${JWT_SECRET_KEY} MPC_API_KEY: ${MPC_API_KEY} ALLOWED_IPS: ${ALLOWED_IPS:-} depends_on: postgres: condition: service_healthy session-coordinator: condition: service_healthy healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-internal restart: unless-stopped # ============================================ # Server Party API - User Share Generation # (Optional: only needed if generating user shares) # ============================================ server-party-api: build: context: . dockerfile: services/server-party-api/Dockerfile container_name: mpc-server-party-api ports: - "${SERVER_PARTY_API_PORT:-8083}:8080" environment: TZ: Asia/Shanghai MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} SESSION_COORDINATOR_ADDR: session-coordinator:50051 MESSAGE_ROUTER_ADDR: message-router:50051 MPC_CRYPTO_MASTER_KEY: ${CRYPTO_MASTER_KEY} MPC_API_KEY: ${MPC_API_KEY} depends_on: session-coordinator: condition: service_healthy message-router: condition: service_healthy healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-internal restart: unless-stopped # ============================================ # Networks # ============================================ networks: mpc-internal: driver: bridge # ============================================ # Volumes # ============================================ volumes: postgres-data: driver: local