Networking Configuration¶

Guide to network setup, domain routing, and Traefik configuration for the Portugal Odyssey platform.

Overview¶

The platform uses Traefik as a reverse proxy and load balancer, handling: - Domain-based routing - SSL/TLS termination (Let's Encrypt) - Load balancing - Security headers - Rate limiting

Dual Domain Support¶

The platform supports two primary domains simultaneously: - portugalodyssey.pt (primary domain) - portugalodissey.pt (secondary domain)

Both domains work identically, with services automatically detecting which domain was used and using the appropriate domain for API calls. See Dual Domain Support for detailed information.

Domain Structure¶

Environment Domains¶

Environment	Domain Pattern	Example
Development	`*.dev.codecomedy.dev`	`public-fo-dev.portugalodyssey.pt`
Qualification	`*.po.codecomedy.dev`	`public-fo-qual.portugalodyssey.pt`
Production	`*.portugalodyssey.pt`	`www.portugalodyssey.pt`

Service URL Mapping¶

Note: All services support both portugalodyssey.pt and portugalodissey.pt domains. The URLs listed below are for the primary domain (portugalodyssey.pt). For the secondary domain, replace portugalodyssey.pt with portugalodissey.pt (e.g., qual.portugalodissey.pt, api-qual.portugalodissey.pt).

Frontend Applications¶

Application	Qualification URL	Production URL
Public Platform	`qual.portugalodyssey.pt`	`www.portugalodyssey.pt`
Admin Backoffice	`admin-qual.portugalodyssey.pt`	`admin.portugalodyssey.pt`
Partner Console	`console-qual.portugalodyssey.pt`	`console.portugalodyssey.pt`

Backend Services¶

Service	Qualification URL	Production URL
API Gateway	`api-qual.portugalodyssey.pt`	`api.portugalodyssey.pt`
Auth Service	`auth-qual.portugalodyssey.pt`	`auth.portugalodyssey.pt`
Payment Service	`payment-qual.portugalodyssey.pt`	`payment.portugalodyssey.pt`
Notification Service	`notification-qual.portugalodyssey.pt`	`notification.portugalodyssey.pt`
File Service	`files-qual.portugalodyssey.pt`	`files.portugalodyssey.pt`
CMS API	`cms-qual.portugalodyssey.pt`	`cms.portugalodyssey.pt`

Administrative Consoles¶

Component	URL	Access
Traefik Dashboard	`traefik.portugalodyssey.pt`	Admin
Keycloak Admin	`sso-qual.portugalodyssey.pt` / `sso.portugalodyssey.pt`	Admin
RabbitMQ Management	`rabbitmq.portugalodyssey.pt`	Admin
Database Viewer	`db.portugalodyssey.pt`	Admin

Docker Networks¶

Development Networks¶

po-traefik-public - Traefik public network
po-postgres-network - PostgreSQL network
po-redis-network - Redis network
po-rabbitmq-network - RabbitMQ network
po-internal - Internal service communication

Qualification/Production Networks¶

traefik-public - Shared Traefik network (external)
po-shared-network - Shared infrastructure network
po-internal-qual - Qualification internal network
po-internal-prod - Production internal network

Traefik Configuration¶

SSL/TLS¶

Traefik automatically manages SSL certificates via Let's Encrypt:

Email: contact@portugalodyssey.pt
Challenge: HTTP-01 challenge
Storage: /acme.json

Middleware¶

Security Headers:

default-headers:
  headers:
    frameDeny: true
    sslRedirect: true
    browserXssFilter: true
    contentTypeNosniff: true
    forceSTSHeader: true
    stsIncludeSubdomains: true
    stsPreload: true
    stsSeconds: 31536000

Compression:

compression:
  compress: true

Rate Limiting:

rate-limit:
  average: 100
  burst: 50

Network Isolation¶

Qualification vs Production¶

Qualification and Production run on the same VPS but are isolated:

Separate Docker networks - po-internal-qual vs po-internal-prod
Separate databases - Environment-specific PostgreSQL instances
Separate RabbitMQ virtual hosts - portugal_odyssey_qual vs portugal_odyssey_prod
Shared Traefik - Routes based on domain

Creating Networks¶

Development¶

make networks

Qualification/Production¶

Networks are created automatically by Docker Compose, but Traefik network must exist:

# On VPS
docker network create traefik-public

Troubleshooting¶

Service Not Accessible¶

Check Traefik Routing

# View Traefik dashboard
curl http://localhost:8080/api/http/routers

Verify Domain Configuration

# Check service labels
docker inspect po-service-name-qual | grep traefik

Check Network Connectivity

docker exec po-service-name-qual ping postgres

SSL Certificate Issues¶

Check Certificate Status

# View Traefik logs
docker logs traefik | grep acme

Verify DNS
```
dig qual.portugalodyssey.pt
```
Check Let's Encrypt Rate Limits
Let's Encrypt has rate limits (50 certs/week/domain)
Use staging endpoint for testing