# =============================================================================
# API Gateway (Kong) - Production Environment Configuration
# =============================================================================
#
# Deployment: Server A (192.168.1.100)
# Role: API gateway with rate limiting, authentication, and routing
#
# Architecture:
# ┌─────────────────────────────────────────────────────────────────────────┐
# │ Internet (https://rwaapi.szaiai.com)                                    │
# └─────────────────────────────────────────────────────────────────────────┘
#                                    │
#                                    ▼
# ┌─────────────────────────────────────────────────────────────────────────┐
# │ Server A - 119.145.15.38 (Public) / 192.168.1.100 (Internal)            │
# │   ├── nginx (port 80/443) - SSL termination, reverse proxy             │
# │   ├── Kong (port 8000)    - API gateway, routing, rate limiting        │
# │   └── Kong Admin (8001)   - Admin API (internal only)                  │
# └─────────────────────────────────────────────────────────────────────────┘
#                                    │
#                                    ▼
# ┌─────────────────────────────────────────────────────────────────────────┐
# │ Server B - 192.168.1.111 (Internal Only)                                │
# │   └── Microservices (identity:3000, wallet:3001, mpc:3006, etc.)        │
# └─────────────────────────────────────────────────────────────────────────┘
#
# Setup Instructions:
#   1. Copy this file: cp .env.example .env
#   2. Update values according to your deployment environment
#   3. Update kong.yml service URLs to point to 192.168.1.111
#   4. Start services: ./deploy.sh up
#
# IMPORTANT: In production, change all default passwords and secrets!
# =============================================================================

# =============================================================================
# Network Configuration
# =============================================================================
# Public domain for the API
PUBLIC_DOMAIN=rwaapi.szaiai.com

# Server A: Gateway server (this server)
GATEWAY_SERVER_PUBLIC_IP=119.145.15.38
GATEWAY_SERVER_INTERNAL_IP=192.168.1.100

# Server B: Backend services server
BACKEND_SERVER_IP=192.168.1.111

# =============================================================================
# Kong Database Configuration
# =============================================================================
# PostgreSQL password for Kong database
# NOTE: Kong uses hardcoded database username 'kong' and database name 'kong'
#       Only the password is configurable via this variable
# SECURITY: Change this in production!
# Example command to generate: openssl rand -base64 32
KONG_PG_PASSWORD=kong_password

# =============================================================================
# Kong Admin GUI Configuration
# =============================================================================
# Admin GUI URL - Update to match your deployment domain
# For production with nginx reverse proxy:
#   https://admin.rwaapi.szaiai.com or internal only access
# SECURITY: Consider not exposing admin GUI publicly!
KONG_ADMIN_GUI_URL=http://192.168.1.100:8002

# =============================================================================
# Monitoring Stack Configuration (Optional)
# =============================================================================
# Grafana Admin Password
# SECURITY: Change this in production!
# Example command to generate: openssl rand -base64 24
GRAFANA_ADMIN_PASSWORD=admin123

# Grafana Root URL - CRITICAL: Must match the actual URL users access Grafana from
# IMPORTANT: This affects CORS, redirects, and authentication!
#
# For your deployment with nginx SSL:
#   GRAFANA_ROOT_URL=https://monitor.szaiai.com
#
# Common mistake: Setting localhost when accessing via domain causes "origin not allowed" error!
# After changing this value, you MUST restart monitoring services:
#   ./deploy.sh monitoring down && ./deploy.sh monitoring up
GRAFANA_ROOT_URL=https://monitor.szaiai.com

# Docker network name for monitoring services
# Note: This should match the network created by docker-compose.yml
NETWORK_NAME=api-gateway_rwa-network

# =============================================================================
# Kong Upstream Service URLs (for kong.yml configuration)
# =============================================================================
# These are reference values - actual configuration is in kong.yml
# All services run on Server B (192.168.1.111):
#
# identity-service:    http://192.168.1.111:3000
# wallet-service:      http://192.168.1.111:3001
# backup-service:      http://192.168.1.111:3002
# planting-service:    http://192.168.1.111:3003
# referral-service:    http://192.168.1.111:3004
# reward-service:      http://192.168.1.111:3005
# mpc-service:         http://192.168.1.111:3006
# leaderboard-service: http://192.168.1.111:3007
# reporting-service:   http://192.168.1.111:3008
# authorization-service: http://192.168.1.111:3009
# admin-service:       http://192.168.1.111:3010
# presence-service:    http://192.168.1.111:3011
# blockchain-service:  http://192.168.1.111:3012