110 lines
6.1 KiB
Bash
110 lines
6.1 KiB
Bash
# =============================================================================
|
|
# API Gateway (Kong) - Production Environment Configuration
|
|
# =============================================================================
|
|
#
|
|
# Deployment: Server A (192.168.1.100)
|
|
# Role: API gateway with rate limiting, authentication, and routing
|
|
#
|
|
# Architecture:
|
|
# ┌─────────────────────────────────────────────────────────────────────────┐
|
|
# │ Internet (https://rwaapi.szaiai.com) │
|
|
# └─────────────────────────────────────────────────────────────────────────┘
|
|
# │
|
|
# ▼
|
|
# ┌─────────────────────────────────────────────────────────────────────────┐
|
|
# │ Server A - 119.145.15.38 (Public) / 192.168.1.100 (Internal) │
|
|
# │ ├── nginx (port 80/443) - SSL termination, reverse proxy │
|
|
# │ ├── Kong (port 8000) - API gateway, routing, rate limiting │
|
|
# │ └── Kong Admin (8001) - Admin API (internal only) │
|
|
# └─────────────────────────────────────────────────────────────────────────┘
|
|
# │
|
|
# ▼
|
|
# ┌─────────────────────────────────────────────────────────────────────────┐
|
|
# │ Server B - 192.168.1.111 (Internal Only) │
|
|
# │ └── Microservices (identity:3000, wallet:3001, mpc:3006, etc.) │
|
|
# └─────────────────────────────────────────────────────────────────────────┘
|
|
#
|
|
# Setup Instructions:
|
|
# 1. Copy this file: cp .env.example .env
|
|
# 2. Update values according to your deployment environment
|
|
# 3. Update kong.yml service URLs to point to 192.168.1.111
|
|
# 4. Start services: ./deploy.sh up
|
|
#
|
|
# IMPORTANT: In production, change all default passwords and secrets!
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# Network Configuration
|
|
# =============================================================================
|
|
# Public domain for the API
|
|
PUBLIC_DOMAIN=rwaapi.szaiai.com
|
|
|
|
# Server A: Gateway server (this server)
|
|
GATEWAY_SERVER_PUBLIC_IP=119.145.15.38
|
|
GATEWAY_SERVER_INTERNAL_IP=192.168.1.100
|
|
|
|
# Server B: Backend services server
|
|
BACKEND_SERVER_IP=192.168.1.111
|
|
|
|
# =============================================================================
|
|
# Kong Database Configuration
|
|
# =============================================================================
|
|
# PostgreSQL password for Kong database
|
|
# NOTE: Kong uses hardcoded database username 'kong' and database name 'kong'
|
|
# Only the password is configurable via this variable
|
|
# SECURITY: Change this in production!
|
|
# Example command to generate: openssl rand -base64 32
|
|
KONG_PG_PASSWORD=kong_password
|
|
|
|
# =============================================================================
|
|
# Kong Admin GUI Configuration
|
|
# =============================================================================
|
|
# Admin GUI URL - Update to match your deployment domain
|
|
# For production with nginx reverse proxy:
|
|
# https://admin.rwaapi.szaiai.com or internal only access
|
|
# SECURITY: Consider not exposing admin GUI publicly!
|
|
KONG_ADMIN_GUI_URL=http://192.168.1.100:8002
|
|
|
|
# =============================================================================
|
|
# Monitoring Stack Configuration (Optional)
|
|
# =============================================================================
|
|
# Grafana Admin Password
|
|
# SECURITY: Change this in production!
|
|
# Example command to generate: openssl rand -base64 24
|
|
GRAFANA_ADMIN_PASSWORD=admin123
|
|
|
|
# Grafana Root URL - CRITICAL: Must match the actual URL users access Grafana from
|
|
# IMPORTANT: This affects CORS, redirects, and authentication!
|
|
#
|
|
# For your deployment with nginx SSL:
|
|
# GRAFANA_ROOT_URL=https://monitor.szaiai.com
|
|
#
|
|
# Common mistake: Setting localhost when accessing via domain causes "origin not allowed" error!
|
|
# After changing this value, you MUST restart monitoring services:
|
|
# ./deploy.sh monitoring down && ./deploy.sh monitoring up
|
|
GRAFANA_ROOT_URL=https://monitor.szaiai.com
|
|
|
|
# Docker network name for monitoring services
|
|
# Note: This should match the network created by docker-compose.yml
|
|
NETWORK_NAME=api-gateway_rwa-network
|
|
|
|
# =============================================================================
|
|
# Kong Upstream Service URLs (for kong.yml configuration)
|
|
# =============================================================================
|
|
# These are reference values - actual configuration is in kong.yml
|
|
# All services run on Server B (192.168.1.111):
|
|
#
|
|
# identity-service: http://192.168.1.111:3000
|
|
# wallet-service: http://192.168.1.111:3001
|
|
# backup-service: http://192.168.1.111:3002
|
|
# planting-service: http://192.168.1.111:3003
|
|
# referral-service: http://192.168.1.111:3004
|
|
# reward-service: http://192.168.1.111:3005
|
|
# mpc-service: http://192.168.1.111:3006
|
|
# leaderboard-service: http://192.168.1.111:3007
|
|
# reporting-service: http://192.168.1.111:3008
|
|
# authorization-service: http://192.168.1.111:3009
|
|
# admin-service: http://192.168.1.111:3010
|
|
# presence-service: http://192.168.1.111:3011
|
|
# blockchain-service: http://192.168.1.111:3012
|