PhantomDave
diff --git a/‎.env‎
Lines changed: 10 additions & 0 deletions b/‎.env‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.env.example‎
Lines changed: 10 additions & 0 deletions b/‎.env.example‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-tailscale.yml‎
Lines changed: 15 additions & 9 deletions b/‎.github/workflows/deploy-tailscale.yml‎
Lines changed: 15 additions & 9 deletions
diff --git a/‎DOCKER.md‎
Lines changed: 150 additions & 0 deletions b/‎DOCKER.md‎
Lines changed: 150 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 5 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎PhantomDave.BankTracking.Api/appsettings.Docker.json‎
Lines changed: 19 additions & 0 deletions b/‎PhantomDave.BankTracking.Api/appsettings.Docker.json‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎compose.dev.yaml‎
Lines changed: 26 additions & 0 deletions b/‎compose.dev.yaml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎compose.yaml‎
Lines changed: 57 additions & 22 deletions b/‎compose.yaml‎
Lines changed: 57 additions & 22 deletions
@@ -0,0 +1,10 @@
+# Database Configuration
+POSTGRES_USER=bankuser
+POSTGRES_PASSWORD=bankpassword
+POSTGRES_DB=bankdb
+
+# JWT Configuration
+JWT_SECRET=ujaisdhfuisadhbfdiashiudashiudhjasiuhfidasuhjdfiusahdiuashfiusadhuidhsjauifhasuihdiusahdiusahiudhsaui
+
+# Backend Configuration
+ASPNETCORE_ENVIRONMENT=Docker
@@ -0,0 +1,10 @@
+# Database Configuration
+POSTGRES_USER=bankuser
+POSTGRES_PASSWORD=bankpassword
+POSTGRES_DB=bankdb
+
+# JWT Configuration
+JWT_SECRET=ujaisdhfuisadhbfdiashiudashiudhjasiuhfidasuhjdfiusahdiuashfiusadhuidhsjauifhasuihdiusahdiusahiudhsaui
+
+# Backend Configuration
+ASPNETCORE_ENVIRONMENT=Docker
@@ -18,7 +18,7 @@ jobs:
       contents: read
     env:
       TAILSCALE_TARGET: ${{ secrets.TAILSCALE_SSH_TARGET }}
-      TAILSCALE_DEPLOY_COMMAND: ${{ secrets.TAILSCALE_DEPLOY_COMMAND }}
+      DEPLOY_DIR: /opt/banktracker
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -70,24 +70,30 @@ jobs:
             echo "Missing required secret: TAILSCALE_SSH_TARGET" >&2
             exit 1
           fi
-          if [ -z "$TAILSCALE_DEPLOY_COMMAND" ]; then
-            echo "Missing required secret: TAILSCALE_DEPLOY_COMMAND" >&2
-            exit 1
-          fi
 
       - name: Test Tailscale connectivity
         run: |
           echo "Testing connection to target host..."
           tailscale ssh "${{ steps.prepare.outputs.target }}" "echo 'Connected successfully' && whoami"
 
-      - name: Deploy through Tailscale SSH
+      - name: Pull latest code
+        run: |
+          echo "📥 Pulling latest changes..."
+          tailscale ssh "${{ steps.prepare.outputs.target }}" "cd $DEPLOY_DIR && git pull origin main"
+
+      - name: Deploy with Docker Compose
         run: |
           echo "🚀 Starting deployment..."
-          tailscale ssh "${{ steps.prepare.outputs.target }}" "${TAILSCALE_DEPLOY_COMMAND}"
+          tailscale ssh "${{ steps.prepare.outputs.target }}" "cd $DEPLOY_DIR && docker compose down && docker compose up -d --build"
           echo "✅ Deployment completed"
 
-      - name: Post-deployment verification (optional)
+      - name: Post-deployment verification
         if: success()
         run: |
           echo "Verifying deployment..."
-          tailscale ssh "${{ steps.prepare.outputs.target }}" "systemctl status your-app || echo 'Status command not available'"
+          echo "Checking Docker containers..."
+          tailscale ssh "${{ steps.prepare.outputs.target }}" "cd $DEPLOY_DIR && docker compose ps"
+          echo "Checking backend health..."
+          tailscale ssh "${{ steps.prepare.outputs.target }}" "curl -f http://localhost:5095/graphql?sdl || echo 'Backend not yet ready'"
+          echo "Checking frontend..."
+          tailscale ssh "${{ steps.prepare.outputs.target }}" "curl -f http://localhost:80 || echo 'Frontend not yet ready'"
@@ -0,0 +1,150 @@
+# Docker Deployment Guide
+
+## Overview
+
+This application uses Docker Compose to orchestrate three services:
+- **Database**: PostgreSQL 18
+- **Backend**: .NET 9 GraphQL API
+- **Frontend**: Angular application served via Nginx
+
+All services are connected via a custom bridge network called `banktracking-network`.
+
+## Quick Start
+
+1. **Copy the environment file**:
+   ```bash
+   cp .env.example .env
+   ```
+
+2. **Update the JWT secret** in `.env`:
+   ```
+   JWT_SECRET=your_secure_random_string_here
+   ```
+
+3. **Build and start all services**:
+   ```bash
+   docker compose up -d --build
+   ```
+
+4. **Access the application**:
+   - Frontend: http://localhost
+   - Backend API: http://localhost:5095/graphql
+   - Database: localhost:5432
+
+## Configuration Files
+
+### Backend
+- `appsettings.json` - Base configuration
+- `appsettings.Development.json` - Local development (localhost database)
+- `appsettings.Docker.json` - Container environment (uses service names)
+
+The backend automatically uses `appsettings.Docker.json` when running in containers because `ASPNETCORE_ENVIRONMENT=Docker`.
+
+### Frontend
+- `environment.development.ts` - Local development
+- `environment.production.ts` - Production build (proxies GraphQL through Nginx)
+
+The frontend production build uses `/graphql` which is proxied to the backend service via Nginx.
+
+## Network Architecture
+
+```
+┌─────────────────────────────────────────────────────┐
+│         banktracking-network (bridge)               │
+│                                                     │
+│  ┌──────────┐      ┌──────────┐      ┌──────────┐ │
+│  │ database │◄─────┤ backend  │◄─────┤ frontend │ │
+│  │  :5432   │      │  :5095   │      │   :80    │ │
+│  └────┬─────┘      └────┬─────┘      └────┬─────┘ │
+│       │                 │                  │       │
+└───────┼─────────────────┼──────────────────┼───────┘
+        │                 │                  │
+   Host:5432        Host:5095           Host:80
+```
+
+## Service Management
+
+### Start services
+```bash
+docker compose up -d
+```
+
+### Stop services
+```bash
+docker compose down
+```
+
+### View logs
+```bash
+# All services
+docker compose logs -f
+
+# Specific service
+docker compose logs -f backend
+docker compose logs -f frontend
+docker compose logs -f database
+```
+
+### Rebuild after code changes
+```bash
+docker compose up -d --build
+```
+
+### Clean everything (including volumes)
+```bash
+docker compose down -v
+```
+
+## Health Checks
+
+All services include health checks:
+- **Database**: `pg_isready` check every 10s
+- **Backend**: GraphQL schema endpoint check every 30s
+- **Frontend**: HTTP check every 30s
+
+Services wait for their dependencies to be healthy before starting.
+
+## Environment Variables
+
+You can override configuration via environment variables:
+
+```bash
+# In .env file or export
+JWT_SECRET=your_production_secret
+POSTGRES_PASSWORD=your_secure_password
+```
+
+The backend accepts these environment overrides:
+- `ConnectionStrings__DefaultConnection`
+- `Jwt__Secret`
+- `Jwt__Issuer`
+- `Jwt__Audience`
+- `Jwt__ExpiryMinutes`
+
+## Production Deployment
+
+For production:
+
+1. **Update secrets**: Change all default passwords and JWT secret
+2. **Use secrets management**: Consider Docker secrets or external secret management
+3. **Enable HTTPS**: Add SSL certificates and update Nginx config
+4. **Remove port mappings**: Only expose frontend (port 80/443)
+5. **Set resource limits**: Add memory and CPU limits to services
+6. **Use external database**: Point to a managed PostgreSQL instance
+7. **Enable monitoring**: Add logging and monitoring solutions
+
+## Troubleshooting
+
+### Backend can't connect to database
+- Check database health: `docker compose ps`
+- Verify network: `docker network inspect banktracking-network`
+- Check connection string in backend logs
+
+### Frontend can't reach backend
+- Check backend health: `curl http://localhost:5095/graphql?sdl`
+- Verify Nginx proxy config in `frontend/nginx.conf`
+- Check browser console for CORS errors
+
+### Port already in use
+- Change port mappings in `compose.yaml`
+- Or stop conflicting services
@@ -22,13 +22,16 @@ WORKDIR /app
 
 COPY --from=publish /app/publish .
 
+# Copy all appsettings files
+COPY PhantomDave.BankTracking.Api/appsettings*.json ./
+
 EXPOSE 5095
 
-ENV ASPNETCORE_ENVIRONMENT=Development
+ENV ASPNETCORE_ENVIRONMENT=Docker
 ENV ASPNETCORE_URLS=http://+:5095
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-  CMD dotnet /app/PhantomDave.BankTracking.Api.dll || exit 1
+  CMD curl -f http://localhost:5095/graphql?sdl || exit 1
 
 ENTRYPOINT ["dotnet", "PhantomDave.BankTracking.Api.dll"]
 
@@ -0,0 +1,19 @@
+{
+  "ConnectionStrings": {
+    "DefaultConnection": "Host=database;Port=5432;Database=bankdb;Username=bankuser;Password=bankpassword"
+  },
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning",
+      "Microsoft.EntityFrameworkCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*",
+  "Jwt": {
+    "Secret": "docker_secret_key_change_in_production_via_env_vars",
+    "Issuer": "PhantomDave.BankTracking",
+    "Audience": "PhantomDave.BankTracking.Client",
+    "ExpiryMinutes": 60
+  }
+}
@@ -0,0 +1,26 @@
+# Development Docker Compose
+# Use this for local development where backend runs on host
+
+services:
+  database:
+    image: postgres:18-alpine
+    container_name: banktracking-database-dev
+    environment:
+      POSTGRES_USER: bankuser
+      POSTGRES_PASSWORD: bankpassword
+      POSTGRES_DB: bankdb
+    ports:
+      - "5432:5432"
+    volumes:
+      - db_data_dev:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U bankuser -d bankdb"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+    restart: unless-stopped
+
+volumes:
+  db_data_dev:
+    name: banktracking-db-data-dev
@@ -1,28 +1,7 @@
 services:
-  backend:
-    profiles:
-      - "containerized"
-    image: banktrackingapplication
-    build:
-      context: .
-      dockerfile: Dockerfile
-    ports: 
-      - "5095:5095"
-  
-  frontend:
-    profiles:
-      - "containerized"
-    image: banktrackingfrontend
-    build:
-      context: ./frontend
-      dockerfile: Dockerfile
-    ports:
-      - "4200:4200"
-    depends_on:
-      - backend
-
   database:
     image: postgres:18-alpine
+    container_name: banktracking-database
     environment:
       POSTGRES_USER: bankuser
       POSTGRES_PASSWORD: bankpassword
@@ -31,13 +10,69 @@
       - "5432:5432"
     volumes:
       - db_data:/var/lib/postgresql/data
+    networks:
+      - banktracking-network
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U bankuser -d bankdb"]
       interval: 10s
       timeout: 5s
       retries: 5
       start_period: 10s
+    restart: unless-stopped
+
+  backend:
+    image: banktrackingapplication
+    container_name: banktracking-backend
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports: 
+      - "5095:5095"
+    environment:
+      - ASPNETCORE_ENVIRONMENT=Docker
+      - ASPNETCORE_URLS=http://+:5095
+      - ConnectionStrings__DefaultConnection=Host=database;Port=5432;Database=bankdb;Username=bankuser;Password=bankpassword
+      - Jwt__Secret=${JWT_SECRET:-docker_secret_key_change_in_production_via_env_vars}
+    depends_on:
+      database:
+        condition: service_healthy
+    networks:
+      - banktracking-network
+    # healthcheck:
+    #   test: ["CMD-SHELL", "curl -f http://localhost:5095/graphql?sdl || exit 1"]
+    #   interval: 10s
+    #   timeout: 10s
+    #   retries: 3
+    #   start_period: 5s
+    restart: unless-stopped
+  
+  frontend:
+    image: banktrackingfrontend
+    container_name: banktracking-frontend
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile
+    ports:
+      - "80:4200"
+    # depends_on:
+      # backend:
+        # condition: service_healthy
+    networks:
+      - banktracking-network
+    # healthcheck:
+    #   test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:4200 || exit 1"]
+    #   interval: 30s
+    #   timeout: 10s
+    #   retries: 3
+    #   start_period: 10s
+    restart: unless-stopped
+
+networks:
+  banktracking-network:
+    driver: bridge
+    name: banktracking-network
 
 volumes:
   db_data:
+    name: banktracking-db-data