Infrastructure & Core Settings
This section documents the underlying architecture of the BizOSaaS platform and the technical settings required to maintain the 6-container production stack.
Service Discovery & Networking
The platform uses an internal Docker bridge network (bizosaas-network) to facilitate communication between services:
- web:
http://bizosaas-web:3000 - ai-service:
http://bizosaas-ai-service:8000 - redis:
redis://bizosaas-redis:6379 - postgres:
postgresql://bizosaas-postgres:5432
🔐 Secret Management (Infisical)
We use Infisical Cloud for centralized secret injection.
- Tokens: The
INFISICAL_TOKENmust be injected into theweb,ai-service, andworkerscontainers. - Host: All services are configured to communicate with
https://app.infisical.com. - Logic: Secrets are fetched at runtime during the
startup.mjs(web) ormaininitialization (workers/AI) and injected intoprocess.env.
🗄️ Database Strategy (Multi-tenancy)
The platform implements Row Level Security (RLS) to enforce strict isolation between tenants.
- Tenant ID: Every table (Users, Content, CRM) contains a
tenant_idfield. - Validation: Middleware ensures that the authenticated user's
tenant_idmatches the data being requested. - Migrations: Database preparation and schema synchronization are handled automatically by the
apps/web/scripts/startup.mjsscript during deployment.
⚡ Redis & Workers
- Connection Pooling: Due to version differences in
ioredis, workers use a centralized connection health manager (apps/workers/src/health.ts). - Lazy Initialization: To prevent connection timeouts during bulk starts, workers initialize their Redis clients lazily upon first job receipt.
🛠️ Common Settings
| Variable | Purpose | Location |
|---|---|---|
DATABASE_URL | Primary Postgres Connection | .env / Traefik |
REDIS_URL | BullMQ & Cache Connection | infrastructure/docker-compose.yml |
BETTER_AUTH_SECRET | Authentication encryption key | Infisical |
PAYLOAD_SECRET | CMS encryption key | Infisical |