infra: docker compose deployment

Author: rabbull

docker-compose.yml

@@ -0,0 +1,141 @@
+services:
+  mongo:
+    image: mongo:8.0
+    container_name: ezclaim-mongo
+    restart: unless-stopped
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGO_ROOT_USERNAME:-ezclaim}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD}
+    volumes:
+      - mongo_data:/data/db
+    healthcheck:
+      test: ["CMD", "mongosh", "--quiet", "--eval", "db.adminCommand('ping')"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - backend
+
+  redpanda:
+    image: docker.redpanda.com/redpandadata/redpanda:latest
+    container_name: ezclaim-redpanda
+    restart: unless-stopped
+    command:
+      - redpanda
+      - start
+      - --overprovisioned
+      - --smp
+      - "1"
+      - --memory
+      - 1G
+      - --reserve-memory
+      - 0M
+      - --node-id
+      - "0"
+      - --check=false
+      - --kafka-addr
+      - PLAINTEXT://0.0.0.0:9092
+      - --advertise-kafka-addr
+      - PLAINTEXT://redpanda:9092
+    ports:
+      - "4902:9092"
+      - "4644:9644"
+    healthcheck:
+      test: ["CMD", "bash", "-lc", "curl -fsS http://127.0.0.1:9644/v1/status/ready >/dev/null"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 15s
+    networks:
+      - backend
+
+  minio:
+    image: minio/minio:latest
+    container_name: ezclaim-minio
+    restart: unless-stopped
+    command: ["server", "/data", "--console-address", ":9001"]
+    environment:
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-ezclaim}
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
+    volumes:
+      - minio_data:/data
+      - ./infra/minio/cors.xml:/config/cors.xml:ro
+    ports:
+      - "4900:9000"
+      - "4901:9001"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://127.0.0.1:9000/minio/health/live"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - backend
+
+  minio-setup:
+    image: minio/mc:latest
+    container_name: ezclaim-minio-setup
+    depends_on:
+      minio:
+        condition: service_healthy
+    restart: "no"
+    environment:
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-ezclaim}
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
+      APP_OBJECTSTORE_BUCKET: ${APP_OBJECTSTORE_BUCKET:-ezclaim-prod}
+    entrypoint: >
+      /bin/sh -c '
+        set -euo pipefail;
+        mc alias set local http://minio:9000 "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD";
+        mc mb -p local/"$APP_OBJECTSTORE_BUCKET" || true;
+        mc cors set local/"$APP_OBJECTSTORE_BUCKET" /config/cors.xml;
+      '
+    volumes:
+      - ./infra/minio/cors.xml:/config/cors.xml:ro
+    networks:
+      - backend
+
+  ezclaim:
+    image: eclipse-temurin:24-jre
+    container_name: ezclaim-app
+    restart: unless-stopped
+    depends_on:
+      mongo:
+        condition: service_healthy
+      redpanda:
+        condition: service_healthy
+      minio:
+        condition: service_healthy
+    working_dir: /app
+    command: ["java", "-jar", "/app/ezclaim-server.jar"]
+    volumes:
+      - ./target/ezclaim-server.jar:/app/ezclaim-server.jar:ro
+    environment:
+      SPRING_PROFILES_ACTIVE: prod
+      SPRING_DATA_MONGODB_URI: mongodb://${MONGO_ROOT_USERNAME:-ezclaim}:${MONGO_ROOT_PASSWORD}@mongo:27017/ezclaim?authSource=admin
+      KAFKA_BOOTSTRAP_SERVERS: redpanda:9092
+      APP_OBJECTSTORE_ENDPOINT: https://ezclaim-static.liuzisen.com
+      APP_OBJECTSTORE_REGION: ${APP_OBJECTSTORE_REGION:-us-east-1}
+      APP_OBJECTSTORE_ACCESS_KEY: ${MINIO_ROOT_USER:-ezclaim}
+      APP_OBJECTSTORE_SECRET_KEY: ${MINIO_ROOT_PASSWORD}
+      APP_OBJECTSTORE_BUCKET: ${APP_OBJECTSTORE_BUCKET:-ezclaim-prod}
+      APP_OBJECTSTORE_PATH_STYLE: "true"
+      APP_OBJECTSTORE_ENSURE_BUCKET: "false"
+      APP_JWT_SECRET: ${APP_JWT_SECRET}
+      APP_JWT_TTL: ${APP_JWT_TTL:-PT12H}
+    ports:
+      - "4080:8080"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://127.0.0.1:8080/actuator/health"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+    networks:
+      - backend
+
+volumes:
+  mongo_data:
+  minio_data:
+
+networks:
+  backend:
+    driver: bridge

infra/minio/cors.json

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+  <CORSRule>
+    <AllowedOrigin>http://localhost:3000</AllowedOrigin>
+    <AllowedOrigin>http://127.0.0.1:3000</AllowedOrigin>
+    <AllowedOrigin>http://localhost:3001</AllowedOrigin>
+    <AllowedOrigin>http://127.0.0.1:3001</AllowedOrigin>
+    <AllowedOrigin>https://ezclaim.liuzisen.com</AllowedOrigin>
+    <AllowedOrigin>https://ezclaim-web.liuzisen.com</AllowedOrigin>
+    <AllowedOrigin>https://ezclaim-admin.liuzisen.com</AllowedOrigin>
+    <AllowedMethod>GET</AllowedMethod>
+    <AllowedMethod>PUT</AllowedMethod>
+    <AllowedMethod>POST</AllowedMethod>
+    <AllowedMethod>HEAD</AllowedMethod>
+    <AllowedHeader>*</AllowedHeader>
+    <ExposeHeader>ETag</ExposeHeader>
+    <MaxAgeSeconds>3000</MaxAgeSeconds>
+  </CORSRule>
+</CORSConfiguration>

infra/minio/cors.xml

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Build the Spring Boot jar using a Dockerized Maven+JDK toolchain.
+# This script requires Docker and internet access for Maven dependencies.
+
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+IMAGE="maven:3.9-eclipse-temurin-24"
+
+echo "[build] Using image: $IMAGE"
+echo "[build] Project root: $ROOT_DIR"
+
+# Create a local Maven cache directory to speed up repeated builds
+mkdir -p "$ROOT_DIR/.m2"
+
+docker run --rm \
+  -v "$ROOT_DIR":/workspace \
+  -v "$ROOT_DIR/.m2":/root/.m2 \
+  -w /workspace \
+  "$IMAGE" \
+  mvn -B -e clean package
+
+echo "[build] Build completed. Jar(s) in target/"
+

scripts/build.sh

@@ -0,0 +1,28 @@
+package org.acssz.ezclaim.config;
+
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+@Configuration
+@EnableConfigurationProperties(CorsProperties.class)
+public class CorsConfig {
+
+  @Bean
+  public CorsConfigurationSource corsConfigurationSource(CorsProperties props) {
+    CorsConfiguration cfg = new CorsConfiguration();
+    cfg.setAllowedOrigins(props.getAllowedOrigins());
+    cfg.setAllowedMethods(props.getAllowedMethods());
+    cfg.setAllowedHeaders(props.getAllowedHeaders());
+    cfg.setExposedHeaders(props.getExposedHeaders());
+    cfg.setAllowCredentials(props.isAllowCredentials());
+    cfg.setMaxAge(props.getMaxAge().toSeconds());
+
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", cfg);
+    return source;
+  }
+}

src/main/java/org/acssz/ezclaim/config/CorsConfig.java

@@ -0,0 +1,65 @@
+package org.acssz.ezclaim.config;
+
+import java.time.Duration;
+import java.util.List;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@ConfigurationProperties(prefix = "app.cors")
+public class CorsProperties {
+
+  private List<String> allowedOrigins = List.of();
+  private List<String> allowedMethods =
+      List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD");
+  private List<String> allowedHeaders = List.of("*");
+  private List<String> exposedHeaders = List.of();
+  private boolean allowCredentials = true;
+  private Duration maxAge = Duration.ofHours(1);
+
+  public List<String> getAllowedOrigins() {
+    return allowedOrigins;
+  }
+
+  public void setAllowedOrigins(List<String> allowedOrigins) {
+    this.allowedOrigins = allowedOrigins;
+  }
+
+  public List<String> getAllowedMethods() {
+    return allowedMethods;
+  }
+
+  public void setAllowedMethods(List<String> allowedMethods) {
+    this.allowedMethods = allowedMethods;
+  }
+
+  public List<String> getAllowedHeaders() {
+    return allowedHeaders;
+  }
+
+  public void setAllowedHeaders(List<String> allowedHeaders) {
+    this.allowedHeaders = allowedHeaders;
+  }
+
+  public List<String> getExposedHeaders() {
+    return exposedHeaders;
+  }
+
+  public void setExposedHeaders(List<String> exposedHeaders) {
+    this.exposedHeaders = exposedHeaders;
+  }
+
+  public boolean isAllowCredentials() {
+    return allowCredentials;
+  }
+
+  public void setAllowCredentials(boolean allowCredentials) {
+    this.allowCredentials = allowCredentials;
+  }
+
+  public Duration getMaxAge() {
+    return maxAge;
+  }
+
+  public void setMaxAge(Duration maxAge) {
+    this.maxAge = maxAge;
+  }
+}

src/main/java/org/acssz/ezclaim/config/CorsProperties.java

@@ -28,6 +28,14 @@ spring:
           content-type: application/json
 
 app:
+  cors:
+    allowed-origins:
+      - http://localhost:3000
+      - http://127.0.0.1:3000
+      - http://localhost:3001
+      - http://127.0.0.1:3001
+      - https://ezclaim-web.liuzisen.com
+      - https://ezclaim-admin.liuzisen.com
   objectstore:
     # For local dev against S3-compatible (Compose MinIO)
     endpoint: http://localhost:9000

src/main/java/org/acssz/ezclaim/config/DevCorsConfig.java

@@ -28,6 +28,11 @@ spring:
           content-type: application/json
 
 app:
+  cors:
+    allowed-origins:
+      - https://ezclaim.liuzisen.com
+      - https://ezclaim-web.liuzisen.com
+      - https://ezclaim-admin.liuzisen.com
   objectstore:
     # Leave endpoint unset for AWS S3; set to https://host:port for S3-compatible
     endpoint: ${APP_OBJECTSTORE_ENDPOINT:}