A production-ready microservices architecture built with NestJS, gRPC, PostgreSQL, Redis, and Kong API Gateway. This project demonstrates a scalable, maintainable microservices pattern with proper service communication, authentication, rate limiting, and comprehensive monitoring capabilities.
- ποΈ Architecture Overview
- π Features
- π Prerequisites
- β‘ Quick Start
- π§ Configuration
- π‘ API Endpoints
- π§ͺ Development
- π Monitoring & Health Checks
- π Security Features
- π Deployment
- π Documentation
- π οΈ Troubleshooting
- π€ Contributing
- π License
graph TB Client[Client Applications] --> Kong[Kong API Gateway<br/>Port: 8000] Kong --> Auth[Auth Service<br/>Port: 9001] Kong --> Post[Post Service<br/>Port: 9002] Auth --> PostgreSQL[(PostgreSQL<br/>Port: 5432)] Post --> PostgreSQL Auth --> Redis[(Redis<br/>Port: 6379)] Post --> Redis Auth -.->|gRPC| Post Post -.->|gRPC| Auth βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β Kong Gateway β β Auth Service β β Post Service β β (API Gateway) βββββΊβ (Port: 9001) βββββΊβ (Port: 9002) β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β β β β β β βΌ βΌ βΌ βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β PostgreSQL β β Redis β β Monitoring β β (Database) β β (Cache) β β (Health) β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ - π Auth Service: User authentication, authorization, and JWT token management
- π Post Service: Blog post management with user integration
- π Kong API Gateway: Centralized API routing and management
- ποΈ PostgreSQL: Primary database for data persistence
- β‘ Redis: Caching layer for performance optimization
- π gRPC Communication: High-performance inter-service communication
- π JWT Authentication: Secure token-based authentication
- π₯ Role-based Authorization: ADMIN and USER role support
- π‘οΈ Rate Limiting: Kong-based API rate limiting with configurable thresholds
- π Soft Delete: Audit trails for data integrity
- π Pagination: Efficient data pagination
- π Search & Filtering: Advanced search capabilities
- π Health Monitoring: Built-in health checks
- π API Documentation: Swagger/OpenAPI documentation
- π³ Docker Support: Containerized deployment
- π Database Migrations: Automated schema management
- π§ͺ Test Coverage: Comprehensive unit and integration tests
Before you begin, ensure you have the following installed:
- π³ Docker & Docker Compose: For containerized deployment
- π’ Node.js >= 18.0.0: For local development
- π¦ npm >= 9.0.0: Package manager
- π Git: Version control
- RAM: Minimum 4GB (8GB recommended)
- Storage: At least 2GB free space
- OS: Windows, macOS, or Linux
git clone https://github.com/your-username/nestjs-microservices.git cd nestjs-microservicesThe project includes pre-configured environment files for Docker deployment:
# Application Configuration NODE_ENV="local" APP_NAME="@backendworks/auth" APP_CORS_ORIGINS="*" APP_DEBUG=true # HTTP Server Configuration HTTP_ENABLE=true HTTP_HOST="0.0.0.0" HTTP_PORT=9001 HTTP_VERSIONING_ENABLE=true HTTP_VERSION=1 # Database Configuration DATABASE_URL="postgresql://admin:master123@localhost:5432/postgres?schema=public" # JWT Configuration ACCESS_TOKEN_SECRET_KEY="EAJYjNJUnRGJ6uq1YfGw4NG1pd1z102J" ACCESS_TOKEN_EXPIRED="1d" REFRESH_TOKEN_SECRET_KEY="LcnlpiuHIJ6eS51u1mcOdk0P49r2Crwu" REFRESH_TOKEN_EXPIRED="7d" # Redis Configuration REDIS_URL="redis://localhost:6379" REDIS_KEY_PREFIX="auth:" REDIS_TTL=3600 # gRPC Configuration GRPC_URL="0.0.0.0:50051" GRPC_PACKAGE="auth"# Application Configuration NODE_ENV="local" APP_NAME="@backendworks/post" APP_CORS_ORIGINS="*" APP_DEBUG=true # HTTP Server Configuration HTTP_ENABLE=true HTTP_HOST="0.0.0.0" HTTP_PORT=9002 HTTP_VERSIONING_ENABLE=true HTTP_VERSION=1 # Database Configuration DATABASE_URL="postgresql://admin:master123@localhost:5432/postgres?schema=public" # JWT Configuration ACCESS_TOKEN_SECRET_KEY="EAJYjNJUnRGJ6uq1YfGw4NG1pd1z102J" ACCESS_TOKEN_EXPIRED="1d" REFRESH_TOKEN_SECRET_KEY="LcnlpiuHIJ6eS51u1mcOdk0P49r2Crwu" REFRESH_TOKEN_EXPIRED="7d" # Redis Configuration REDIS_URL="redis://localhost:6379" REDIS_KEY_PREFIX="post:" REDIS_TTL=3600 # gRPC Configuration GRPC_URL="0.0.0.0:50052" GRPC_PACKAGE="post" GRPC_AUTH_URL="0.0.0.0:50051" GRPC_AUTH_PACKAGE="auth"# Start all services with Docker Compose docker-compose up -d # View logs in real-time docker-compose logs -f # Stop services docker-compose down# Run database migrations for Auth Service docker-compose exec auth-service npm run prisma:migrate # Run database migrations for Post Service docker-compose exec post-service npm run prisma:migrate # Generate Prisma client docker-compose exec auth-service npm run prisma:generate docker-compose exec post-service npm run prisma:generate# Check all services are running docker-compose ps # Test Kong API Gateway curl http://localhost:8000/auth # Should return auth service info curl http://localhost:8000/post # Should return post service info # Check rate limiting headers curl -I http://localhost:8000/auth | grep RateLimit # Verify health endpoints curl http://localhost:9001/health curl http://localhost:9002/healthThe Kong API Gateway is configured with rate limiting plugins to protect against abuse:
# kong/config.yml plugins: - name: rate-limiting route: auth-routes config: minute: 100 hour: 1000 day: 10000 policy: local hide_client_headers: false fault_tolerant: true - name: rate-limiting route: post-routes config: minute: 200 hour: 2000 day: 20000 policy: local hide_client_headers: false fault_tolerant: true - name: rate-limiting config: minute: 300 hour: 3000 day: 30000 policy: local hide_client_headers: false fault_tolerant: trueRate Limiting Headers:
X-RateLimit-Limit-Minute: Maximum requests per minuteX-RateLimit-Remaining-Minute: Remaining requests in current minuteRateLimit-Reset: Seconds until rate limit window resets
Testing Rate Limits:
# Test rate limiting for i in {1..105}; do curl -s -w "Request $i: %{http_code}\n" -o /dev/null http://localhost:8000/auth done # Expected: First 100 requests return 200, subsequent requests return 429- gRPC: High-performance binary protocol for inter-service communication
- HTTP: RESTful APIs for external clients
- Authentication: JWT tokens for service-to-service communication
- URL:
http://localhost:8000 - Admin API:
http://localhost:8001 - Auth Service:
http://localhost:8000/auth(Rate limit: 100/min, 1000/hour, 10000/day) - Post Service:
http://localhost:8000/post(Rate limit: 200/min, 2000/hour, 20000/day) - Global Rate Limit: 300/min, 3000/hour, 30000/day
POST /auth/login # User login POST /auth/signup # User registration GET /auth/refresh # Refresh access tokenGET /auth/user/profile # Get user profile (protected) PUT /auth/user/profile # Update user profile (protected) GET /auth/admin/user # List users (admin only) DELETE /auth/admin/user/:id # Delete user (admin only)GET /post/post # List posts (paginated) POST /post/post # Create post (protected) PUT /post/post/:id # Update post (protected) DELETE /post/post/batch # Bulk delete posts (protected)- HTTP API:
http://localhost:9001 - gRPC:
localhost:50051 - Health Check:
http://localhost:9001/health - API Docs:
http://localhost:9001/docs
- HTTP API:
http://localhost:9002 - gRPC:
localhost:50052 - Health Check:
http://localhost:9002/health - API Docs:
http://localhost:9002/docs
- PostgreSQL:
localhost:5432 - Redis:
localhost:6379
# Start individual services cd auth && npm run dev cd post && npm run dev # Run tests cd auth && npm test cd post && npm test # Database operations npm run prisma:generate npm run prisma:migrate npm run prisma:studio# Build and start services docker-compose up --build # View service logs docker-compose logs -f auth-service docker-compose logs -f post-service # Access service shells docker-compose exec auth-service sh docker-compose exec post-service sh# Access PostgreSQL docker-compose exec postgres psql -U admin -d postgres # Access Redis docker-compose exec redis redis-cli # Run migrations docker-compose exec auth-service npm run prisma:migrate docker-compose exec post-service npm run prisma:migrate # Open Prisma Studio docker-compose exec auth-service npm run prisma:studio docker-compose exec post-service npm run prisma:studio- Auth Service:
http://localhost:9001/health - Post Service:
http://localhost:9002/health - Kong Gateway:
http://localhost:8001/status - Kong Health Check:
curl http://localhost:8000/auth(should return service response)
All services include Docker health checks for container orchestration:
- Auth Service: HTTP health check on port 9001
- Post Service: HTTP health check on port 9002
- PostgreSQL: Database connectivity check
- Redis: Cache connectivity check
- JWT Tokens: Access and refresh token system
- Role-based Access: ADMIN and USER role support
- Password Hashing: bcrypt password security
- Token Validation: gRPC-based token validation
- CORS Protection: Cross-origin request handling
- Helmet Security: Security headers
- Input Validation: Request validation with class-validator
- Rate Limiting: Kong-based rate limiting with per-service thresholds
- API Gateway Security: Centralized security policies through Kong
- Network Isolation: Docker network isolation
- Environment Variables: Secure configuration management
- Health Checks: Service health monitoring
# Build production images docker-compose -f docker-compose.prod.yml up --build # Scale services docker-compose up --scale auth-service=3 --scale post-service=3Set production environment variables:
# Database DATABASE_URL=postgresql://user:pass@host:5432/db # Redis REDIS_URL=redis://host:6379 # JWT Secrets ACCESS_TOKEN_SECRET_KEY=your-production-secret REFRESH_TOKEN_SECRET_KEY=your-production-secret # Service URLs AUTH_SERVICE_URL=grpc://auth-service:50051# Run production migrations docker-compose exec auth-service npm run prisma:migrate:prod docker-compose exec post-service npm run prisma:migrate:prod- Auth Service: Authentication and user management
- Post Service: Post management and content
- Auth Service:
http://localhost:9001/docs - Post Service:
http://localhost:9002/docs
- gRPC Services: Protocol buffer definitions in
*/src/protos/ - Database Schema: Prisma schema files in
*/prisma/schema.prisma - Kong Configuration: API gateway config in
kong/config.yml
# Check service logs docker-compose logs auth-service docker-compose logs post-service # Check health status curl http://localhost:9001/health curl http://localhost:9002/health# Check PostgreSQL status docker-compose exec postgres pg_isready -U admin # Check Redis status docker-compose exec redis redis-cli ping# Check gRPC ports netstat -an | grep 50051 netstat -an | grep 50052# Check Kong status curl http://localhost:8001/status # Check Kong configuration curl http://localhost:8001/services curl http://localhost:8001/routes curl http://localhost:8001/plugins # Check rate limiting status curl -I http://localhost:8000/auth # Check headers for rate limit info # Restart Kong if needed docker-compose restart kong- Use
docker-compose logs -fto monitor service logs - Check health endpoints for service status
- Use Prisma Studio for database inspection:
npm run prisma:studio - Monitor Kong gateway logs for API routing issues
- Test rate limiting with the provided script:
./test-rate-limiting.sh
# Test all services are running curl http://localhost:8000/auth curl http://localhost:8000/post # Test rate limiting for i in {1..10}; do curl -s -w "Request $i: %{http_code}\n" -o /dev/null http://localhost:8000/auth done # Test health endpoints curl http://localhost:9001/health curl http://localhost:9002/health curl http://localhost:8001/status # Check service logs docker-compose logs auth-service --tail 20 docker-compose logs post-service --tail 20 docker-compose logs kong --tail 20We welcome contributions! Please follow these steps:
- π΄ Fork the repository
- πΏ Create a feature branch:
git checkout -b feature/amazing-feature - π» Make your changes and add tests
- π§ͺ Run tests:
npm test - π Commit your changes:
git commit -m 'Add amazing feature' - π€ Push to the branch:
git push origin feature/amazing-feature - π Open a Pull Request
- Follow the existing code structure and patterns
- Add tests for new functionality
- Update documentation for API changes
- Ensure all services start successfully
- Test inter-service communication
This project is licensed under the MIT License - see the LICENSE file for details.
- π Issues: Create an issue in the repository
- π Documentation: Check service-specific README files
- π Health Checks: Use health endpoints for service status
- π¬ Discussions: Use GitHub Discussions for questions
- π€ Contributions: Pull requests are welcome
- π‘ Feedback: Open issues for bugs or feature requests
- NestJS Team: For the excellent framework
- Prisma Team: For the database toolkit
- Kong Team: For the API gateway
- Docker Team: For containerization technology
Built with β€οΈ using NestJS, gRPC, and modern microservices patterns
