Deployment Guide
Overview
Section titled “Overview”Semua backend services di-deploy ke Fly.io (region Singapore). Frontend clients di-deploy ke Vercel. Setiap service punya Dockerfile multi-stage sendiri dan di-build via GitHub Actions.
Backend: Fly.io
Section titled “Backend: Fly.io”Prerequisites
Section titled “Prerequisites”# Install flyctlbrew install flyctl
# Loginflyctl auth loginDeploy Service Baru
Section titled “Deploy Service Baru”Contoh untuk auth-api:
cd waqfuel-auth-api
# Launch app (pertama kali)flyctl launch --no-deploy --name waqfuel-auth-api-prod --region sin
# Set secrets (env vars sensitif)flyctl secrets set \ DATABASE_URL="postgresql://..." \ JWT_PRIVATE_KEY="$(cat keys/private.pem)" \ JWT_PUBLIC_KEY="$(cat keys/public.pem)" \ JWT_KEY_ID="key-prod-001" \ SUPER_ADMIN_EMAIL="admin@waqfuel.com" \ SUPER_ADMIN_PASSWORD="..." \ RESEND_API_KEY="re_..." \ GRPC_REFERENCE="waqfuel-reference-api-prod.internal:50050" \ GRPC_NOTIF="waqfuel-notif-api-prod.internal:50052"
# Deployflyctl deployDockerfile Pattern
Section titled “Dockerfile Pattern”Semua services menggunakan multi-stage Docker build yang serupa:
# Stage 1: Build dependencies (cached)FROM rust:1.80-slim AS builderWORKDIR /appRUN apt-get update && apt-get install -y protobuf-compiler pkg-config libssl-devCOPY Cargo.toml Cargo.lock ./RUN mkdir src && echo "fn main() {}" > src/main.rsRUN cargo build --releaseRUN rm -f target/release/deps/service_name*
# Stage 2: Build appCOPY . .RUN cargo build --release
# Stage 3: RuntimeFROM debian:bookworm-slimRUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*COPY --from=builder /app/target/release/service_name /usr/local/bin/EXPOSE 8080 50051CMD ["service_name"]Fly.io Internal Networking
Section titled “Fly.io Internal Networking”Services berkomunikasi via Fly private networking. Setiap app bisa diakses oleh app lain di organisasi yang sama via DNS internal:
<app-name>.internal:<port>Contoh konfigurasi gRPC endpoints di production:
| Caller | Target | Address |
|---|---|---|
| auth-api | reference-api gRPC | waqfuel-reference-api-prod.internal:50050 |
| auth-api | notif-api gRPC | waqfuel-notif-api-prod.internal:50052 |
| main-api | auth-api gRPC | waqfuel-auth-api-prod.internal:50051 |
| main-api | auth-api JWKS | https://auth.waqfuel.com/.well-known/jwks.json |
fly.toml Contoh
Section titled “fly.toml Contoh”app = "waqfuel-auth-api-prod"primary_region = "sin"
[build] dockerfile = "Dockerfile"
[http_service] internal_port = 8080 force_https = true auto_stop_machines = "stop" auto_start_machines = true min_machines_running = 0
[services] protocol = "tcp" internal_port = 50051
[[vm]] size = "shared-cpu-1x" memory = "512mb"Frontend: Vercel
Section titled “Frontend: Vercel”Platform Client
Section titled “Platform Client”cd waqfuel-platform-client
# Install Vercel CLInpm i -g vercel
# Deployvercel --prodEnvironment variables di Vercel dashboard:
NEXT_PUBLIC_AUTH_API_URL=https://auth.waqfuel.comNEXT_PUBLIC_MAIN_API_URL=https://api.waqfuel.comNEXT_PUBLIC_REFERENCE_API_URL=https://ref.waqfuel.comPublic Website
Section titled “Public Website”cd waqfuel-webvercel --prodDatabase Migrations
Section titled “Database Migrations”Migrations dijalankan sebelum deploy (bukan di container startup). Jalankan dari local machine atau CI:
# Install sqlx-clicargo install sqlx-cli --features postgres
# Auth API migrationscd waqfuel-auth-apiDATABASE_URL="postgresql://..." sqlx migrate run
# Main API migrationscd waqfuel-main-apiDATABASE_URL="postgresql://..." sqlx migrate runMonitoring
Section titled “Monitoring”Health Checks
Section titled “Health Checks”# Auth APIcurl https://auth.waqfuel.com/health
# Main API — response includes DB + gRPC statuscurl https://api.waqfuel.com/healthFly.io Logs
Section titled “Fly.io Logs”flyctl logs --app waqfuel-auth-api-prodflyctl logs --app waqfuel-main-api-prodMetrics
Section titled “Metrics”flyctl status --app waqfuel-auth-api-prodflyctl machine status --app waqfuel-auth-api-prod