Managed by Tech Lead

This directory contains the production deployment configuration and scripts for the Brick system with JWT-based authentication.

brick-deployment/          # Tech Lead's Domain
├── docker-compose.yml     # Production orchestration
├── scripts/               # Deployment scripts
├── configs/               # Environment configurations
└── docs/                  # Deployment documentation

The Brick system includes stateless JWT-based authentication with the following components:

• brick-auth: JWT authentication service (stateless)
• brick-gateway: Authentication middleware and protection
• brick-hub: Frontend with login and protected routes

• brick-admin / brickadminpass (Admin role)
• brick / brickpass (User role)

• Owns: ../brick-hub/
• Focus: Vue.js application, UI/UX, components, authentication UI
• Deploys: Individual container for development
• Commands:

  cd ../brick-hub
  npm run dev          # Local development
  docker build .       # Build container

• Own: ../brick-clock/
• Focus: APIs, business logic
• Deploy: Individual services for development

• Owns: ../brick-auth/
• Focus: JWT authentication, user management, security
• Deploys: Authentication service

• Owns: ../brick-gateway/
• Focus: Reverse proxy, SSL, load balancing, authentication middleware
• Deploys: Gateway configuration with auth protection

• Owns: brick-deployment/
• Focus: Production orchestration, environment management, security
• Deploys: Complete system in production

cd brick-deployment
./scripts/deploy.sh staging

cd brick-deployment
./scripts/deploy.sh production

• All team repositories are up to date
• Environment configurations are correct
• JWT_SECRET is set in environment files
• SSL certificates are in place
• Monitoring is configured
• Backup strategy is in place
• Authentication endpoints are tested

• Purpose: Testing and validation
• Configuration: configs/staging.env
• Features: Debug enabled, detailed logging
• Auth: Test JWT secret, shorter token expiry

• Purpose: Live system
• Configuration: configs/production.env
• Features: Optimized performance, security enabled
• Auth: Secure JWT secret, proper token expiry

# All services
docker-compose logs -f

# Specific service
docker-compose logs -f hub
docker-compose logs -f gateway
docker-compose logs -f clock
docker-compose logs -f auth

./scripts/health-check.sh

• SSL certificates must be in ./certs/
• Environment variables are loaded from config files
• JWT_SECRET must be changed in production
• Production uses secure passwords and configurations
• Rate limiting enabled in production
• CORS properly configured
• Authentication endpoints protected
• Protected routes require valid JWT tokens

# Scale specific service
docker-compose up -d --scale clock=3

Configured in docker-compose.yml for each service.

1. Port conflicts: Check if ports 17000-17003 are available
2. SSL issues: Verify certificates are in ./certs/
3. Authentication issues: Check JWT_SECRET and auth service logs
4. Service startup: Check logs with docker-compose logs

# Test auth service directly
curl -X POST http://localhost:17001/login \
  -H "Content-Type: application/json" \
  -d '{"username":"brick-admin","password":"brickadminpass"}'

# Test protected endpoint
curl -H "Authorization: Bearer <token>" \
  http://localhost:17000/api/clock/status

# Check auth service logs
docker-compose logs auth

# Stop current deployment
docker-compose down

# Restore from backup
./scripts/restore.sh <backup-name>

# Restart services
docker-compose up -d

1. Login: User authenticates via /api/auth/login
2. Token: JWT token returned and stored in frontend
3. Protection: Gateway validates tokens for protected endpoints
4. Access: Valid tokens allow access to clock/NTP APIs
5. Validation: Frontend validates tokens on startup

• Architecture Overview
• Deployment Guide
• Troubleshooting Guide
• Authentication Integration