# Docker Deployment Guide

This guide explains how to deploy the Overseas Appointment System using Docker.

## Prerequisites

- Docker Engine 20.10+
- Docker Compose 2.0+
- At least 2GB RAM available
- Ports 80, 443, 3000, 3306, 6379 available

## Quick Start (Development)

1. Start MySQL and Redis services:
```bash
docker-compose -f docker-compose.dev.yml up -d
```

2. Run the backend locally:
```bash
cd backend
npm install
npm run dev
```

## Production Deployment

### 1. Configure Environment

Copy and edit the production environment file:
```bash
cp .env.production .env
```

Update the following values in `.env`:
- `DB_PASSWORD` - Strong database password
- `MYSQL_ROOT_PASSWORD` - MySQL root password
- `REDIS_PASSWORD` - Redis password (optional)
- `JWT_SECRET` - Generate with: `openssl rand -base64 64`
- `WECHAT_APP_ID` - Your WeChat App ID
- `WECHAT_APP_SECRET` - Your WeChat App Secret

### 2. SSL Certificates (Optional but Recommended)

Place your SSL certificates in `docker/nginx/ssl/`:
- `fullchain.pem` - Full certificate chain
- `privkey.pem` - Private key

Then uncomment the SSL configuration in `docker/nginx/conf.d/default.conf`.

### 3. Start Services

```bash
# Build and start all services
docker-compose up -d --build

# View logs
docker-compose logs -f

# Check service status
docker-compose ps
```

### 4. Initialize Database

Run database migrations:
```bash
docker-compose exec api node src/migrations/001-create-tables.js
```

Run seeders (optional):
```bash
docker-compose exec api node src/seeders/001-seed-categories.js
docker-compose exec api node src/seeders/002-seed-admin.js
```

## Service URLs

| Service | URL |
|---------|-----|
| API | http://localhost:3000 |
| API (via Nginx) | http://localhost/api |
| Health Check | http://localhost/health |
| API Documentation | http://localhost/api-docs |

## Database Backup

### Manual Backup
```bash
docker-compose exec mysql mysqldump -u app_user -p overseas_appointment > backup.sql
```

### Using Backup Script
```bash
# Make script executable
chmod +x docker/scripts/backup-database.sh

# Run backup
docker-compose exec api /app/docker/scripts/backup-database.sh
```

### Automated Backups (Cron)
Add to crontab:
```bash
# Daily backup at 2 AM
0 2 * * * cd /path/to/project && docker-compose exec -T api /app/docker/scripts/backup-database.sh >> /var/log/backup.log 2>&1
```

## Database Restore

```bash
# Using restore script
docker-compose exec api /app/docker/scripts/restore-database.sh /backups/mysql/backup_file.sql.gz

# Manual restore
gunzip -c backup.sql.gz | docker-compose exec -T mysql mysql -u app_user -p overseas_appointment
```

## Scaling

To scale the API service horizontally:

1. Update `docker/nginx/nginx.conf` upstream configuration
2. Run multiple API instances:
```bash
docker-compose up -d --scale api=3
```

## Monitoring

### Health Check
```bash
curl http://localhost/health
```

### View Logs
```bash
# All services
docker-compose logs -f

# Specific service
docker-compose logs -f api
docker-compose logs -f mysql
docker-compose logs -f redis
docker-compose logs -f nginx
```

### Resource Usage
```bash
docker stats
```

## Troubleshooting

### API won't start
1. Check database connection: `docker-compose logs mysql`
2. Check Redis connection: `docker-compose logs redis`
3. Verify environment variables: `docker-compose config`

### Database connection refused
1. Wait for MySQL to be ready (check health status)
2. Verify credentials in `.env`
3. Check MySQL logs: `docker-compose logs mysql`

### Redis connection issues
1. Check Redis is running: `docker-compose ps redis`
2. Test connection: `docker-compose exec redis redis-cli ping`

## Maintenance

### Update Application
```bash
# Pull latest changes
git pull

# Rebuild and restart
docker-compose up -d --build api
```

### Clean Up
```bash
# Stop all services
docker-compose down

# Remove volumes (WARNING: deletes data)
docker-compose down -v

# Remove unused images
docker image prune -f
```

## Security Recommendations

1. Always use strong passwords in production
2. Enable SSL/TLS for HTTPS
3. Restrict database access to internal network
4. Regularly update Docker images
5. Enable firewall rules to limit exposed ports
6. Use Docker secrets for sensitive data in production