{"id":50445301,"url":"https://github.com/bel7phegor/shopnow-backend","last_synced_at":"2026-05-31T21:02:42.080Z","repository":{"id":359757570,"uuid":"1228683654","full_name":"Bel7phegor/shopnow-backend","owner":"Bel7phegor","description":"Java Spring Boot microservices backend with API Gateway, Eureka discovery, Keycloak OAuth2, PostgreSQL, Docker, Kubernetes (EKS), and full CI/CD automation.","archived":false,"fork":false,"pushed_at":"2026-05-23T09:29:20.000Z","size":140,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-23T11:18:48.788Z","etag":null,"topics":["api-gateway","aws","ci-cd-pipeline","devops","docker","java","keycloak","microservices","spring-boot"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Bel7phegor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-04T09:08:52.000Z","updated_at":"2026-05-23T09:29:23.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Bel7phegor/shopnow-backend","commit_stats":null,"previous_names":["bel7phegor/shopnow-backend"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Bel7phegor/shopnow-backend","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bel7phegor%2Fshopnow-backend","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bel7phegor%2Fshopnow-backend/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bel7phegor%2Fshopnow-backend/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bel7phegor%2Fshopnow-backend/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Bel7phegor","download_url":"https://codeload.github.com/Bel7phegor/shopnow-backend/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bel7phegor%2Fshopnow-backend/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33748607,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","aws","ci-cd-pipeline","devops","docker","java","keycloak","microservices","spring-boot"],"created_at":"2026-05-31T21:02:36.959Z","updated_at":"2026-05-31T21:02:42.075Z","avatar_url":"https://github.com/Bel7phegor.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ShopNow Backend: Java Spring Boot Microservices with AWS Infrastructure \u0026 DevSecOps Pipeline\n\nEnterprise-grade Spring Boot microservices backend deployed on AWS with production-ready CI/CD automation, Docker containerization, and comprehensive security scanning across development and production environments.\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eTable of Contents\u003c/strong\u003e\u003c/summary\u003e\n\n- [ShopNow Backend: Java Spring Boot Microservices with AWS Infrastructure \\\u0026 DevSecOps Pipeline](#shopnow-backend-java-spring-boot-microservices-with-aws-infrastructure--devsecops-pipeline)\n  - [1. System Architecture](#1-system-architecture)\n  - [2. Microservices Overview](#2-microservices-overview)\n    - [API Gateway](#api-gateway)\n    - [Discovery Server (Eureka)](#discovery-server-eureka)\n    - [Config Server](#config-server)\n    - [Product Service](#product-service)\n    - [User Service](#user-service)\n    - [Shopping Cart Service](#shopping-cart-service)\n  - [3. Multi-Environment Strategy](#3-multi-environment-strategy)\n    - [Development Environment](#development-environment)\n    - [Production Environment (EKS/K8s - via shopnow-infa)](#production-environment-eksk8s---via-shopnow-infa)\n    - [Environment-Specific Configuration](#environment-specific-configuration)\n  - [4. Network \\\u0026 Security](#4-network--security)\n    - [Development Environment (EC2)](#development-environment-ec2)\n    - [Production Environment (EKS)](#production-environment-eks)\n  - [5. Repository Structure \\\u0026 Build Management](#5-repository-structure--build-management)\n    - [Docker Image Management](#docker-image-management)\n  - [6. Docker Microservices](#6-docker-microservices)\n    - [Local Development with Docker Compose](#local-development-with-docker-compose)\n  - [7. Tech Stack](#7-tech-stack)\n    - [Backend Framework](#backend-framework)\n    - [Service Architecture](#service-architecture)\n    - [Data Access](#data-access)\n    - [Containerization \\\u0026 DevOps](#containerization--devops)\n    - [Security \\\u0026 Scanning](#security--scanning)\n    - [API Documentation](#api-documentation)\n  - [8. API Documentation](#8-api-documentation)\n    - [Available Endpoints](#available-endpoints)\n    - [Swagger UI](#swagger-ui)\n    - [Postman Collection](#postman-collection)\n  - [9. Monitoring \\\u0026 Operations](#9-monitoring--operations)\n    - [Local Logging](#local-logging)\n    - [Production Monitoring (EKS)](#production-monitoring-eks)\n    - [Service Dependencies](#service-dependencies)\n  - [10. Contact Information](#10-contact-information)\n\n\u003c/details\u003e\n\n---\n\n## 1. System Architecture\n\nThe backend is built with a distributed microservices architecture on AWS:\n\n* **API Gateway:** Spring Cloud Gateway routes all requests to appropriate microservices, handles OAuth2/OIDC authentication via Keycloak.\n* **Service Discovery:** Eureka server enables automatic service registration and discovery for inter-service communication.\n* **Config Server:** Centralized configuration management for all microservices (dev/prod environment variables).\n* **Microservices:** Independent Spring Boot services (Product, User, Shopping Cart) with separate databases.\n* **Authentication:** Keycloak handles OAuth2/OpenID Connect with role-based access control (RBAC).\n* **Database:** PostgreSQL for relational data, MySQL for Keycloak state.\n* **Container Registry:** AWS ECR stores multi-service Docker images.\n* **Logging \u0026 Monitoring:** AWS CloudWatch aggregates logs from all containerized services.\n\n--- \n\n## 2. Microservices Overview\n\n### API Gateway\n- **Purpose:** Single entry point for all frontend requests\n- **Responsibilities:** Request routing, OAuth2 token validation, rate limiting\n- **Port:** 5860\n- **Stack:** Spring Cloud Gateway, Spring Security, Keycloak Integration\n- **Dockerfile:** [api-gateway/Dockerfile](./api-gateway/Dockerfile)\n\n### Discovery Server (Eureka)\n- **Purpose:** Service registry for dynamic service discovery\n- **Responsibilities:** Registers all microservices, health checks, load balancing\n- **Port:** 8761\n- **Stack:** Spring Cloud Netflix Eureka\n- **Dockerfile:** [discovery-server/Dockerfile](./discovery-server/Dockerfile)\n\n### Config Server\n- **Purpose:** Centralized configuration management\n- **Responsibilities:** Provides environment-specific configs to all services\n- **Port:** 5859\n- **Stack:** Spring Cloud Config Server\n- **Dockerfile:** [config-server/Dockerfile](./config-server/Dockerfile)\n\n### Product Service\n- **Purpose:** Product catalog management\n- **Responsibilities:** CRUD operations for products, inventory management\n- **Port:** 5861\n- **Database:** PostgreSQL\n- **Stack:** Spring Boot Data JPA, OpenFeign for inter-service calls\n- **Dockerfile:** [product-service/Dockerfile](./product-service/Dockerfile)\n\n### User Service\n- **Purpose:** User account management\n- **Responsibilities:** User registration, profile management, authentication integration\n- **Port:** 5865\n- **Database:** PostgreSQL\n- **Stack:** Spring Boot Data JPA, Spring Security\n- **Dockerfile:** [user-service/Dockerfile](./user-service/Dockerfile)\n\n### Shopping Cart Service\n- **Purpose:** Shopping cart operations\n- **Responsibilities:** Add/remove items, cart persistence, order preparation\n- **Port:** 5863\n- **Database:** PostgreSQL\n- **Stack:** Spring Boot Data JPA, Feign clients to Product/User services\n- **Dockerfile:** [shopping-cart-service/Dockerfile](./shopping-cart-service/Dockerfile)\n\n---\n\n## 3. Multi-Environment Strategy\n\n### Development Environment\n\n- **Trigger:** Manual docker-compose deployment\n- **Configuration:** All services in single docker-compose stack\n- **Database:** PostgreSQL container (single instance)\n- **Authentication:** Keycloak container with MySQL backend\n- **CloudWatch Logs:** `/ec2-docker/api`, `/ec2-docker/products`, `/ec2-docker/cart`, `/ec2-docker/user`\n- **Port Range:** 5859-5865 on localhost\n- **Features:** All services running, fast iteration, less strict security\n\n### Production Environment (EKS/K8s - via shopnow-infa)\n\n- **Deployment:** Kubernetes manifests on AWS EKS\n- **Database:** AWS RDS PostgreSQL (managed, high-availability)\n- **Authentication:** Keycloak deployed on EKS with RDS backend\n- **CloudWatch Logs:** `/prod/api-gateway`, `/prod/product-service`, `/prod/user-service`, `/prod/cart-service`\n- **Replica Count:** 2-3 pods per service for HA\n- **Resources:** CPU/Memory limits enforced\n- **Features:** Full security scanning, auto-scaling, rolling updates, zero-downtime deployments\n\n### Environment-Specific Configuration\n\n| Aspect | Development | Production |\n|--------|-------------|-----------|\n| **Deployment** | Docker Compose | Kubernetes (EKS) |\n| **Database** | PostgreSQL Container | AWS RDS PostgreSQL |\n| **Keycloak** | Container (MySQL) | EKS Pod (RDS MySQL) |\n| **Service Discovery** | Eureka Container | Kubernetes DNS |\n| **Logging** | CloudWatch (optional) | CloudWatch (required) |\n| **Replicas** | 1 per service | 2-3 per service |\n| **Resource Limits** | None | CPU/Memory enforced |\n| **Auto-scaling** | Manual | Horizontal Pod Autoscaler |\n| **Deployment Time** | 2-5 minutes | 10-15 minutes |\n| **Rollback** | Manual | Kubernetes instant rollback |\n\n---\n\n## 4. Network \u0026 Security\n\nInfrastructure provisioned via Terraform [shopnow-infa](https://github.com/Bel7phegor/shopnow-infa):\n\n### Development Environment (EC2)\n\n* **VPC CIDR:** 10.0.0.0/16\n* **Public Subnets:** Bastion EC2 + NAT Gateway\n* **Private Subnets:** Backend runner EC2 (Docker containers)\n* **Single NAT Gateway:** Cost-optimized for dev\n\n**Security Groups:**\n- Bastion SG: SSH (22) from VPC only\n- Backend Runner SG: ECR pull, GitHub API, frontend ALB ingress\n\n### Production Environment (EKS)\n\n* **VPC CIDR:** 10.0.0.0/16\n* **Multi-AZ Public Subnets:** NAT Gateways (one per AZ)\n* **Multi-AZ Private Subnets:** EKS worker nodes, RDS\n* **Network Load Balancer (NLB):** Routes to API Gateway service\n* **Service-to-Service:** Kubernetes NetworkPolicy for pod-to-pod isolation\n\n**Security Groups (EKS):**\n- EKS Control Plane SG: Ingress from nodes (443) \u0026 bastion\n- EKS Worker Nodes SG: Node-to-node, bastion access, NLB ingress (80, 443, 30000-32767)\n- RDS SG: PostgreSQL (5432) from EKS nodes only\n\n**Database Security:**\n- PostgreSQL: Private subnet, RDS security group isolation\n- Keycloak MySQL: Private subnet, RDS managed\n- Encryption: RDS encryption enabled\n- Backups: Automated daily snapshots (30-day retention)\n\n**SSL/TLS Encryption:**\n- AWS Certificate Manager (ACM) manages SSL certificates\n- TLS 1.2+ enforced\n- NLB listener: 80 (HTTP redirect) → 443 (HTTPS)\n\n---\n\n## 5. Repository Structure \u0026 Build Management\n\n### Docker Image Management\n\n**Multi-stage Build Pattern (each service):**\n\n```dockerfile\n# Stage 1: Build\nFROM openjdk:17.0.1-jdk-slim AS builder\n  ├─ ./mvnw clean package\n  └─ Creates target/*.war\n\n# Stage 2: Runtime\nFROM openjdk:17.0.1-jdk-slim\n  ├─ Copy WAR from builder\n  ├─ Run java -jar\n  └─ Output: ~400MB optimized image\n```\n\n**Image Tagging Strategy:**\n- Dev: `shopnow-backend-api-gateway:dev_${SHA}`, `:latest`\n- Prod: `shopnow-backend-api-gateway:${VERSION}_${SHA}`, `:latest`\n- Registry: AWS ECR (private repository)\n\n---\n\n## 6. Docker Microservices\n\n### Local Development with Docker Compose\n\n**Services Running:**\n- api-gateway (5860)\n- product-service (5861)\n- shopping-cart-service (5863)\n- user-service (5865)\n- discovery-server (8761)\n- config-server (5859)\n- PostgreSQL (6543 → 5432)\n- Keycloak (8080)\n- Keycloak MySQL (internal)\n\n**Environment Variables (docker-compose):**\n```yaml\nSPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/postgres\nSPRING_DATASOURCE_USERNAME: postgres\nSPRING_DATASOURCE_PASSWORD: admin\nKEYCLOAK_ADMIN: admin\nKEYCLOAK_ADMIN_PASSWORD: admin\n```\n\n**CloudWatch Logging (Local):**\n- Log Group: `/ec2-docker/api`, `/ec2-docker/products`, etc.\n- Log Driver: `awslogs` (requires AWS credentials)\n\n---\n\n## 7. Tech Stack\n\n### Backend Framework\n\n- **Spring Boot 3.1.7:** REST API framework\n- **Spring Cloud:** Microservices orchestration (Gateway, Eureka, Config, OpenFeign)\n- **Spring Data JPA:** ORM for database operations\n- **Spring Security:** Authentication \u0026 authorization\n- **Spring Boot Actuator:** Health checks \u0026 metrics\n\n### Service Architecture\n\n- **API Gateway:** Spring Cloud Gateway with rate limiting\n- **Service Discovery:** Netflix Eureka (automatic registration)\n- **Config Management:** Spring Cloud Config Server\n- **Inter-Service Communication:** OpenFeign (declarative HTTP client)\n- **OAuth2/OIDC:** Keycloak integration for secure authentication\n\n### Data Access\n\n- **ORM:** Spring Data JPA with Hibernate\n- **Database:** PostgreSQL (primary application data)\n- **Auth Store:** MySQL 5.7 (Keycloak state)\n- **Migrations:** Flyway/Liquibase ready\n\n### Containerization \u0026 DevOps\n\n- **Docker:** Multi-stage builds for all services\n- **Docker Compose:** Local development orchestration\n- **Container Registry:** AWS ECR (private)\n- **Orchestration:** Kubernetes (EKS) for production\n- **Terraform:** Infrastructure as Code via shopnow-infa\n\n### Security \u0026 Scanning\n\n- **OAuth2/OIDC:** Keycloak identity provider\n- **API Security:** Spring Security with JWT tokens\n- **Transport Security:** TLS 1.2+ with AWS ACM certificates\n- **Secret Management:** Environment variables + AWS Secrets Manager\n- **Vulnerability Scanning:** Can integrate Snyk/Trivy for CI/CD\n\n### API Documentation\n\n- **OpenAPI/Swagger:** SpringDoc OpenAPI starter (Springdoc-openapi)\n- **Endpoint:** `/swagger-ui.html` (auto-generated API docs)\n- **Postman Collection:** [Spring Boot Microservice.postman_collection.json](./Spring%20Boot%20Microservice.postman_collection.json)\n\n---\n\n## 8. API Documentation\n\n### Available Endpoints\n\n**API Gateway (5860):**\n- `GET /api/products` - List all products\n- `GET /api/products/{id}` - Get product details\n- `POST /api/products` - Create product (admin only)\n- `PUT /api/products/{id}` - Update product\n- `DELETE /api/products/{id}` - Delete product\n\n**User Service (5865):**\n- `POST /api/auth/register` - Register new user\n- `POST /api/auth/login` - User login\n- `GET /api/users/{id}` - Get user profile\n- `PUT /api/users/{id}` - Update user\n\n**Shopping Cart (5863):**\n- `GET /api/cart` - View cart\n- `POST /api/cart/add` - Add item to cart\n- `DELETE /api/cart/remove/{itemId}` - Remove item\n- `POST /api/cart/checkout` - Proceed to checkout\n\n### Swagger UI\n\n- **URL:** http://localhost:5860/swagger-ui.html\n- **Auto-generated documentation** for all microservices\n\n### Postman Collection\n\nImport [Spring Boot Microservice.postman_collection.json](./Spring%20Boot%20Microservice.postman_collection.json) into Postman:\n\n```bash\n# Environment variables to set:\n- base_url: http://localhost:5860\n- keycloak_url: http://localhost:8080\n- username: admin\n- password: admin\n```\n\n---\n\n## 9. Monitoring \u0026 Operations\n\n### Local Logging\n\n**CloudWatch Logs (docker-compose):**\n- Log Group: `/ec2-docker/api`, `/ec2-docker/products`, etc.\n- Requires AWS credentials in ~/.aws/credentials\n\n**Docker Logs:**\n```bash\ndocker-compose logs -f api-gateway\ndocker logs shopnow-backend-api-gateway-1 --tail 100\n```\n\n### Production Monitoring (EKS)\n\n**CloudWatch Logs:**\n- Log Group: `/prod/api-gateway`, `/prod/product-service`, etc.\n- Auto-collected from container stdout/stderr\n\n**Metrics:**\n- Pod CPU/Memory via Kubernetes metrics-server\n- Custom metrics via Spring Boot Actuator\n- ALB/NLB target health\n\n### Service Dependencies\n\n```\nAPI Gateway → Keycloak (OAuth2)\n           → Product Service → PostgreSQL\n           → User Service → PostgreSQL\n           → Cart Service → PostgreSQL \u0026 Product/User\n\nAll Services → Discovery Server (Eureka)\n            → Config Server\n            → PostgreSQL (shared database)\n```\n\n---\n\n## 10. Contact Information\n\n**Author:** Bel7phegor (Nguyễn An Phúc)\n\n- **Email:** [nguyenanphuc12032002@gmail.com](mailto:nguyenanphuc12032002@gmail.com)\n- **LinkedIn:** [linkedin.com/in/nguyen-an-phuc](https://www.linkedin.com/in/nguyen-an-phuc/)\n- **GitHub:** [@Bel7phegor](https://github.com/Bel7phegor)\n- **Portfolio:** [anphuc.site](https://anphuc.site)\n\n**Related Projects:**\n- Frontend: [shopnow-frontend](https://github.com/Bel7phegor/shopnow-frontend) (React)\n- Infrastructure: [shopnow-infa](https://github.com/Bel7phegor/shopnow-infa) (Terraform/AWS)\n---\n\n**Objective:** Build and maintain highly available, secure, and scalable microservices with automated deployment pipelines across development and production cloud environments.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbel7phegor%2Fshopnow-backend","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbel7phegor%2Fshopnow-backend","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbel7phegor%2Fshopnow-backend/lists"}