5d06ad791f
🐳 Docker Deployment Infrastructure Complete Portainer stacks with Traefik reverse proxy integration for zero-downtime deployments ## Stack Files Created ### 1. Staging Stack (docker/portainer-stack-staging.yml) **Services** (4 containers): - `postgres-staging`: PostgreSQL 15 (db.t3.medium equivalent) - `redis-staging`: Redis 7 with 512MB cache - `backend-staging`: NestJS API (1 instance) - `frontend-staging`: Next.js app (1 instance) **Domains**: - Frontend: `staging.xpeditis.com` - Backend API: `api-staging.xpeditis.com` **Features**: - HTTP → HTTPS redirect - Let's Encrypt SSL certificates - Health checks on all services - Security headers (HSTS, XSS protection, frame deny) - Rate limiting via Traefik - Sandbox carrier APIs - Sentry monitoring (10% sampling) ### 2. Production Stack (docker/portainer-stack-production.yml) **Services** (6 containers for High Availability): - `postgres-prod`: PostgreSQL 15 with automated backups - `redis-prod`: Redis 7 with persistence (1GB cache) - `backend-prod-1` & `backend-prod-2`: NestJS API (2 instances, load balanced) - `frontend-prod-1` & `frontend-prod-2`: Next.js app (2 instances, load balanced) **Domains**: - Frontend: `xpeditis.com` + `www.xpeditis.com` (auto-redirect to non-www) - Backend API: `api.xpeditis.com` **Features**: - **Zero-downtime deployments** (rolling updates with 2 instances) - **Load balancing** with sticky sessions - **Strict security headers** (HSTS 2 years, CSP, force TLS) - **Resource limits** (CPU, memory) - **Production carrier APIs** (Maersk, MSC, CMA CGM, Hapag-Lloyd, ONE) - **Enhanced monitoring** (Sentry + Google Analytics) - **WWW redirect** (www → non-www) - **Rate limiting** (stricter than staging) ### 3. Environment Files - `docker/.env.staging.example`: Template for staging environment variables - `docker/.env.production.example`: Template for production environment variables **Variables** (30+ required): - Database credentials (PostgreSQL, Redis) - JWT secrets (256-512 bits) - AWS configuration (S3, SES, region) - Carrier API keys (Maersk, MSC, CMA CGM, etc.) - Monitoring (Sentry DSN, Google Analytics) - Email service configuration ### 4. Deployment Guide (docker/PORTAINER_DEPLOYMENT_GUIDE.md) **Comprehensive 400+ line guide** covering: - Prerequisites (server, Traefik, DNS, Docker images) - Step-by-step Portainer deployment - Environment variables configuration - SSL/TLS certificate verification - Health check validation - Troubleshooting (5 common issues with solutions) - Rolling updates (zero-downtime) - Monitoring setup (Portainer, Sentry, logs) - Security best practices (12 recommendations) - Backup procedures ## 🏗️ Architecture Highlights ### High Availability (Production) ``` Traefik Load Balancer ├── frontend-prod-1 ──┐ └── frontend-prod-2 ──┼── Sticky Sessions │ ├── backend-prod-1 ───┤ └── backend-prod-2 ───┘ │ ├── postgres-prod (Single instance with backups) └── redis-prod (Persistence enabled) ``` ### Traefik Labels Integration - **HTTPS Routing**: Host-based routing with SSL termination - **HTTP Redirect**: Automatic HTTP → HTTPS (permanent 301) - **Security Middleware**: Custom headers, HSTS, XSS protection - **Compression**: Gzip compression for responses - **Rate Limiting**: Traefik-level + application-level - **Health Checks**: Automatic container removal if unhealthy - **Sticky Sessions**: Cookie-based session affinity ### Network Architecture - **Internal Network**: `xpeditis_internal_staging` / `xpeditis_internal_prod` (isolated) - **Traefik Network**: `traefik_network` (external, shared with Traefik) - **Database/Redis**: Only accessible from internal network - **Frontend/Backend**: Connected to both networks (internal + Traefik) ## 📊 Resource Allocation ### Staging (Single Instances) - PostgreSQL: 2 vCPU, 4GB RAM - Redis: 0.5 vCPU, 512MB cache - Backend: 1 vCPU, 1GB RAM - Frontend: 1 vCPU, 1GB RAM - **Total**: ~4 vCPU, ~6.5GB RAM ### Production (High Availability) - PostgreSQL: 2 vCPU, 4GB RAM (limits) - Redis: 1 vCPU, 1.5GB RAM (limits) - Backend x2: 2 vCPU, 2GB RAM each (4 vCPU, 4GB total) - Frontend x2: 2 vCPU, 2GB RAM each (4 vCPU, 4GB total) - **Total**: ~13 vCPU, ~17GB RAM ## 🔒 Security Features 1. **SSL/TLS**: Let's Encrypt certificates with auto-renewal 2. **HSTS**: Strict-Transport-Security (1 year staging, 2 years production) 3. **Security Headers**: XSS protection, frame deny, content-type nosniff 4. **Rate Limiting**: Traefik (50-100 req/min) + Application-level 5. **Secrets Management**: Environment variables, never hardcoded 6. **Network Isolation**: Services communicate only via internal network 7. **Health Checks**: Automatic restart on failure 8. **Resource Limits**: Prevent resource exhaustion attacks ## 🚀 Deployment Process 1. **Prerequisites**: Traefik + DNS configured 2. **Build Images**: Docker build + push to registry 3. **Configure Environment**: Copy .env.example, fill secrets 4. **Deploy Stack**: Portainer UI → Add Stack → Deploy 5. **Verify**: Health checks, SSL, DNS, logs 6. **Monitor**: Sentry + Portainer stats ## 📦 Files Summary ``` docker/ ├── portainer-stack-staging.yml (250 lines) - 4 services ├── portainer-stack-production.yml (450 lines) - 6 services ├── .env.staging.example (80 lines) ├── .env.production.example (100 lines) └── PORTAINER_DEPLOYMENT_GUIDE.md (400+ lines) ``` Total: 5 files, ~1,280 lines of infrastructure-as-code ## 🎯 Next Steps 1. Build Docker images (frontend + backend) 2. Push to Docker registry (Docker Hub / GHCR) 3. Configure DNS (staging + production domains) 4. Deploy Traefik (if not already done) 5. Copy .env files and fill secrets 6. Deploy staging stack via Portainer 7. Test staging thoroughly 8. Deploy production stack 9. Setup monitoring (Sentry, Uptime Robot) ## 🔗 Related Documentation - [DEPLOYMENT.md](../DEPLOYMENT.md) - General deployment guide - [ARCHITECTURE.md](../ARCHITECTURE.md) - System architecture - [PHASE4_SUMMARY.md](../PHASE4_SUMMARY.md) - Phase 4 completion status 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .claude | ||
| .github | ||
| apps | ||
| docker | ||
| infra/postgres | ||
| postman | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc | ||
| ARCHITECTURE.md | ||
| CLAUDE.md | ||
| COMPLETION-REPORT.md | ||
| DEPLOYMENT.md | ||
| docker-compose.yml | ||
| elementmissingphase2.md | ||
| GUIDE_TESTS_POSTMAN.md | ||
| IMPLEMENTATION_SUMMARY.md | ||
| INDEX.md | ||
| INSTALLATION-COMPLETE.md | ||
| INSTALLATION-STEPS.md | ||
| NEXT-STEPS.md | ||
| package.json | ||
| PHASE2_AUTHENTICATION_SUMMARY.md | ||
| PHASE2_BACKEND_COMPLETE.md | ||
| PHASE2_COMPLETE_FINAL.md | ||
| PHASE2_COMPLETE.md | ||
| PHASE2_FINAL_PAGES.md | ||
| PHASE2_FRONTEND_PROGRESS.md | ||
| PHASE3_COMPLETE.md | ||
| PHASE4_REMAINING_TASKS.md | ||
| PHASE4_SUMMARY.md | ||
| PHASE-1-PROGRESS.md | ||
| PHASE-1-WEEK5-COMPLETE.md | ||
| PRD.md | ||
| PROGRESS.md | ||
| QUICK-START.md | ||
| README.md | ||
| READY.md | ||
| RESUME_FRANCAIS.md | ||
| SESSION_SUMMARY.md | ||
| SPRINT-0-COMPLETE.md | ||
| SPRINT-0-FINAL.md | ||
| SPRINT-0-SUMMARY.md | ||
| START-HERE.md | ||
| TEST_COVERAGE_REPORT.md | ||
| TEST_EXECUTION_GUIDE.md | ||
| TODO.md | ||
| WINDOWS-INSTALLATION.md | ||
Xpeditis - Maritime Freight Booking Platform
Xpeditis is a B2B SaaS platform for freight forwarders to search, compare, and book maritime freight in real-time.
⭐ START HERE ⭐
New to the project? Read START-HERE.md - Get running in 10 minutes!
🚀 Quick Start
Prerequisites
- Node.js >= 20.0.0
- npm >= 10.0.0
- Docker & Docker Compose
- PostgreSQL 15+
- Redis 7+
Installation
# Install dependencies
npm install
# Start infrastructure (PostgreSQL + Redis)
docker-compose up -d
# Setup environment variables
cp apps/backend/.env.example apps/backend/.env
cp apps/frontend/.env.example apps/frontend/.env
# Run database migrations
npm run backend:migrate
# Start backend (development)
npm run backend:dev
# Start frontend (development)
npm run frontend:dev
Access Points
- Frontend: http://localhost:3000
- Backend API: http://localhost:4000
- API Documentation: http://localhost:4000/api/docs
📁 Project Structure
xpeditis/
├── apps/
│ ├── backend/ # NestJS API (Hexagonal Architecture)
│ │ └── src/
│ │ ├── domain/ # Pure business logic
│ │ ├── application/ # Controllers & DTOs
│ │ └── infrastructure/ # External adapters
│ └── frontend/ # Next.js 14 App Router
├── packages/
│ ├── shared-types/ # Shared TypeScript types
│ └── domain/ # Shared domain logic
└── infra/ # Infrastructure configs
🏗️ Architecture
This project follows Hexagonal Architecture (Ports & Adapters) principles:
- Domain Layer: Pure business logic, no external dependencies
- Application Layer: Use cases, controllers, DTOs
- Infrastructure Layer: Database, external APIs, cache, email, storage
See CLAUDE.md for detailed architecture guidelines.
🛠️ Development
Backend
npm run backend:dev # Start dev server
npm run backend:test # Run tests
npm run backend:test:watch # Run tests in watch mode
npm run backend:test:cov # Generate coverage report
npm run backend:lint # Lint code
npm run backend:build # Build for production
Frontend
npm run frontend:dev # Start dev server
npm run frontend:build # Build for production
npm run frontend:test # Run tests
npm run frontend:lint # Lint code
📚 Documentation
Getting Started
- QUICK-START.md ⚡ - Get running in 5 minutes
- INSTALLATION-STEPS.md 📦 - Detailed installation guide
- NEXT-STEPS.md 🚀 - What to do after setup
Architecture & Guidelines
- CLAUDE.md 🏗️ - Hexagonal architecture guidelines (complete)
- apps/backend/README.md - Backend documentation
- apps/frontend/README.md - Frontend documentation
Project Planning
- PRD.md 📋 - Product Requirements Document
- TODO.md 📅 - 30-week development roadmap
- SPRINT-0-FINAL.md ✅ - Sprint 0 completion report
- SPRINT-0-SUMMARY.md 📊 - Executive summary
API Documentation
- API Docs 📖 - OpenAPI/Swagger (when running)
🧪 Testing
# Run all tests
npm run test:all
# Run backend tests
npm run backend:test
# Run frontend tests
npm run frontend:test
# E2E tests (after implementation)
npm run test:e2e
🔒 Security
- All passwords hashed with bcrypt (12 rounds minimum)
- JWT tokens (access: 15min, refresh: 7 days)
- HTTPS/TLS 1.2+ enforced
- OWASP Top 10 protection
- Rate limiting on all endpoints
- CSRF protection
📊 Tech Stack
Backend
- Framework: NestJS 10+
- Language: TypeScript 5+
- Database: PostgreSQL 15+
- Cache: Redis 7+
- ORM: TypeORM
- Testing: Jest, Supertest
- API Docs: Swagger/OpenAPI
Frontend
- Framework: Next.js 14+ (App Router)
- Language: TypeScript 5+
- Styling: Tailwind CSS
- UI Components: shadcn/ui
- State: React Query (TanStack Query)
- Forms: React Hook Form + Zod
- Testing: Jest, React Testing Library, Playwright
🚢 Carrier Integrations
MVP supports the following maritime carriers:
- ✅ Maersk
- ✅ MSC
- ✅ CMA CGM
- ✅ Hapag-Lloyd
- ✅ ONE (Ocean Network Express)
📈 Monitoring & Logging
- Logging: Winston / Pino
- Error Tracking: Sentry
- APM: Application Performance Monitoring
- Metrics: Prometheus (planned)
🔧 Environment Variables
See .env.example files in each app for required environment variables.
🤝 Contributing
- Create a feature branch
- Make your changes
- Write tests
- Run linting and formatting
- Submit a pull request
📝 License
Proprietary - All rights reserved
👥 Team
Built with ❤️ by the Xpeditis team
For detailed implementation guidelines, see CLAUDE.md.