feat(infra): parameterize secrets, add Caddy reverse proxy for domain

All hardcoded passwords/keys replaced with env vars so .env controls everything in both dev and production: - DB_PASSWORD, DB_CONNECTION_STRING, JWT_KEY - CORS_ORIGIN_*, ASPNETCORE_ENVIRONMENT - All ZarinPal/Kavenegar/Snappfood secrets New files for tomorrow's domain setup: - Caddyfile → routes all subdomains with auto TLS - docker-compose.caddy.yml → adds Caddy service to the stack .env.example now has clear TODAY (IP) vs TOMORROW (domain) sections. Fixed hardcoded ZarinPal MerchantId in docker-compose.full.yml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 18:54:55 +03:30
parent 0a33497d40
commit 88a9f96108
6 changed files with 207 additions and 81 deletions
@@ -0,0 +1,43 @@
+# Meezi — Caddy reverse proxy
+#
+# Set DOMAIN and ACME_EMAIL in your .env, then:
+#   docker compose -f docker-compose.yml -f docker-compose.admin.yml -f docker-compose.caddy.yml up -d
+#
+# Caddy auto-provisions Let's Encrypt TLS — no certbot needed.
+# Domains needed in DNS (all → same server IP):
+#   meezi.ir, app.meezi.ir, api.meezi.ir,
+#   finder.meezi.ir, admin.meezi.ir, admin-api.meezi.ir
+
+{
+    email {$ACME_EMAIL}
+}
+
+# ── Marketing website ────────────────────────────────────────────────────────
+{$DOMAIN} {
+    reverse_proxy website:3000
+}
+
+# ── Cafe owner dashboard ─────────────────────────────────────────────────────
+app.{$DOMAIN} {
+    reverse_proxy web:3000
+}
+
+# ── Main API ─────────────────────────────────────────────────────────────────
+api.{$DOMAIN} {
+    reverse_proxy api:8080
+}
+
+# ── Finder (public discovery) ────────────────────────────────────────────────
+finder.{$DOMAIN} {
+    reverse_proxy finder:3000
+}
+
+# ── Super-Admin panel ────────────────────────────────────────────────────────
+admin.{$DOMAIN} {
+    reverse_proxy admin-web:3000
+}
+
+# ── Super-Admin API ──────────────────────────────────────────────────────────
+admin-api.{$DOMAIN} {
+    reverse_proxy admin-api:8080
+}