• Okhtay Sattari
• >Projects
• >TuranDocker: An infrastructure operating system for microservices

TuranDocker Infrastructure Platform
An infrastructure operating system for microservices

(October 2025 - Present)

TuranDocker is a production-grade, self-contained, secure microservice infrastructure platform built entirely on Docker Compose, with Docker Swarm adaptability for future orchestration needs.

It provides a fully containerized environment that integrates databases, messaging systems, gateways, runtimes, observability, monitoring, and application services into a cohesive, reproducible, and operationally safe platform.

Designed not as “just Docker files,” but as a complete infrastructure operating model, TuranDocker enables complex distributed systems to run reliably across multiple business domains (systems) and their internal microservices (apps) with strong isolation, strict security boundaries, deterministic deployment, and zero external infrastructure dependencies beyond Docker itself.

Its primary goals are:

• Secure multi-system architecture (e.g. bilgi, academy, commerce, etc.)
• System-level and app-level isolation
• Zero infrastructure dependency beyond Docker + Linux
• Safe long-term scalability without architectural rewrites
• Production-first observability and failure detection
• Strict secret isolation and file-level security
• Deterministic startup with full verification phases
• TLS-enforced communication across all services
• Strong operational safety through health checks and validation pipelines

🏗 Core Architectural Philosophy

Most Docker setups are either:

• too simple (good for demos, not production), or
• too complex and tightly coupled (hard to maintain and scale).

TuranDocker takes a different approach:

TuranDocker follows a System → App → Resource Ownership Model

Instead of treating infrastructure as shared global services, every business domain is treated as an independent system, and every microservice inside that domain is treated as an isolated app.

Example:

    System: bilgi

    Apps:
        - core
        - interaction
        - realtime
        - payment
        - ai

This enables two levels of isolation: System-Level and App-Level

Also it follows these principles:

• Separation of concerns (DB, messaging, observability, infrastructure, apps, ...)
• Security by default (TLS + strict secrets)
• Deterministic and reproducible startup pipelines with idempotent initialization scripts
• Self-verifying systems (fail-fast validation everywhere)
• Infrastructure as code (fully versioned)

The result is an infrastructure that behaves predictably across environments—from local development to VPS deployment.

The infrastructure is split into five independent layers:

• 🗄️ Database Layer
• 📨 Messaging Layer
• 🌐 Edge + Traffic Layer
• 📊 Observaility Layer
• 🧩 Apps Layer

🧩 System-Level Isolation

Each system owns its own isolated infrastructure namespace.

Example:

    System: bilgi

Resources:

• PostgreSQL → bilgi
• MySQL → bilgi
• MongoDB → bilgi
• Redis → bilgi:*
• Kafka → bilgi.*
• RabbitMQ → /bilgi
• Search → bilgi-*

This guarantees:

• no cross-system leakage
• predictable naming
• safe onboarding of new systems
• independent scaling
• operational clarity

Adding a new system should never require redesign.

Only:

    new secrets 
    new validation/initiation scripts
    new DNS
    new app deployment

⚙ App-Level Isolation Inside Each System

Inside every system, each microservice gets its own isolated access boundaries.

Example:

    System: bilgi

    Apps:
        - core
        - interaction
        - realtime

This means:

PostgreSQL / MySQL

System DB + App DB Strategy

    bilgi                → system DB
    bilgi_core           → app DB
    bilgi_payment        → app DB
    bilgi_ai             → app DB

Rules:

• system service owns parent DB (Cross-app auditing, global system config, and metadata)
• app service owns child DB
• app gets read/write to its own DB
• system user may receive controlled read access to child DB
• no sibling app access allowed
• verification scripts prove permissions after initialization

This allows:

    core ≠ payment ≠ ai

without permission leakage. This is true app isolation—not just naming convention.

MongoDB

Mongo uses the same ownership model.

Example:

    User: bilgi
    DB: bilgi

    User: bilgi_interaction
    DB: bilgi_interaction

    User: bilgi_realtime
    DB: bilgi_realtime

Rules:

• system user → owns system DB (Cross-app auditing, global system config, and metadata)
• app user → read/write only own DB
• system user → optional read-only access to child DBs
• no sibling app access allowed
• verification scripts prove permissions after initialization

This is true app isolation—not just naming convention.

Redis

Redis uses:

    system:*                  → Global Governance: Global feature flags, infrastructure health logs, and node coordination
    bilgi:system:*            → System Governance: System-wide audit counters or cross-service orchestration locks
    bilgi:core:*              → App Governance
    bilgi:interaction:*       → App Governance
    bilgi:realtime:*          → App Governance
    bilgi:payment:*           → App Governance
    bilgi:ai:*                → App Governance

via key prefixes.

Since Redis has weaker native isolation, application-level namespace enforcement is used.

This keeps:

• queues
• sessions
• cache
• rate limits

cleanly separated.

RabbitMQ

RabbitMQ service follows a high-discipline architecture centered on system Isolation and predictable topology.

Each system (e.g. bilgi) operates within a dedicated vHost, creating a hard logical boundary that prevents cross-system data leakage.

    vhost: /bilgi

Access is governed by distinct roles—Admin (Cluster), Ops (Topology Owner), and App (Runtime User)—enforced via SCRAM-SHA-256 and regex-based ACLs.

A system-level user (e.g. bilgi) acts as the primary monitoring agent for the vHost. It is granted monitoring tags to oversee the health of the messaging plane without possessing permission to read or write to specific application queues, maintaining a "separation of duties."

Application permissions are restricted via regex (e.g., ^bilgi\.core\..*), physically preventing services from accessing sibling queues.

    bilgi.core.user.account

Rules:

• per-system vhost isolation
• app-level queue ownership
• restricted permissions per user

This prevents accidental queue access across services.

Kafka

Kafka service follows the strongest ownership model.

Example topics:

    bilgi.chat.message
    bilgi.notification.intent
    bilgi.audit.logs

Each topic has:

• explicit owner
• read/write policy
• ACL enforcement

cleanly separated.

Example:

    Owner:
        bilgi_realtime

Rules:

READ: Only owner service can consume.

WRITE: Can be:

    OWNER_ONLY
       or
    OPEN

Examples:

    notification.intent → OPEN
    chat.message → OWNER_ONLY

This creates real message ownership boundaries.

Initiation script implements this with:

• SCRAM users
• topic creation
• ACL generation
• verification

This is significantly stronger than standard shared Kafka setups.

🔐 Security Model

Security is not optional. It is enforced by default. Internal services are not publicly exposed (localhost bindings where needed).

TLS Everywhere

TLS is enforced across all services. All critical services use encrypted internal transport:

• PostgreSQL
• MySQL
• MongoDB
• Kafka
• RabbitMQ
• Elasticsearch
• Traefik

Examples:

    ssl=on
    requireTLS
    require-secure-transport=ON
    keystore + truststore
    CA verification

No insecure production traffic is assumed. Security is treated as a first-class concern, not an afterthought. For example, Kafka uses SCRAM authentication and Keystore / truststore validation.

Docker Secrets

Passwords are never stored inside Compose YAML or environment file. Instead secrets are stored outside the project (/opt/turan/secrets). Also strict file permission checks are applied (e.g., 0600, 0640).

Docker secrets feature is used for:

• root passwords
• per-system passwords
• per-app passwords
• TLS credentials
• keystore passwords

This ensures least exposure, auditable secret ownership, secure VPS operations.

Least Privilege Access

Every user gets only required permissions. admin is never used for convenience. Always, minimum required privilege is used and this policy is enforced across databases, Kafka, RabbitMQ and observability tools.

🗄️ Database Layer (docker-compose.db.yml)

The Database Layer provides the persistent storage foundation of the platform. It is designed for strong isolation, secure access control, deterministic initialization, and production-grade operational safety. Supported services include:

• PostgreSQL (SSL enforced, SCRAM authentication)
  Used for:
  • transactional workloads
  • relational domain data
  • strongly consistent business operations
• MySQL (TLS-only connections)
  Used for:
  • legacy compatibility
  • traditional relational workloads
  • existing production systems requiring MySQL compatibility
• MongoDB (TLS required, role-based access)
  Used for:
  • flexible document storage
  • high-write workloads
  • event-heavy and realtime systems
• Redis (password-protected, append-only persistence)
  Used for:
  • caching
  • queues
  • pub/sub
  • ephemeral high-speed workloads
  • sessions
• Elasticsearch (optional)
• Kibana (optional administrative UI)

Key Platform Guarantees

Across all database services:

• TLS/SSL is enforced
• Docker secrets are used for credential management
• plaintext passwords are avoided
• health checks ensure readiness before usage
• resource limits (CPU/memory) protect VPS stability
• deterministic initialization ensures verified access

This makes the database layer secure, reproducible, and operationally reliable.

📨 Messaging Layer (docker-compose.msg.yml)

The Messaging Layer provides asynchronous communication, event delivery, background processing, and service decoupling across the platform. It is designed for reliability, strict isolation, deterministic initialization, and secure event-driven architecture. Supported services include:

• RabbitMQ
• Apache Kafka (KRaft mode)

Both systems are initialized with strict access control, TLS enforcement, and repeatable provisioning before application services are allowed to start.

🐇 RabbitMQ

RabbitMQ is used for:

• background jobs
• command delivery
• retry workflows
• delayed processing
• failure isolation
• application-level asynchronous tasks

RabbitMQ security model:

• TLS-secured communication
• isolated users per system
• isolated virtual hosts where required
• strict permission boundaries
• management UI for operational visibility

🏛 Apache Kafka

Kafka is used for:

• event streaming
• domain event propagation
• audit logs
• realtime communication pipelines
• service ownership boundaries
• scalable distributed event-driven architecture

Kafka is one of the most advanced parts of TuranDocker. Kafka is configured with:

• SCRAM-SHA-512 authentication
• TLS encryption
• Cluster ID persistence
• Strict ACL-based authorization
• least-privilege topic ownership

This prevents the most common production failures caused by weak Kafka defaults.

🛠️ RabbitMQ Topology & Routing Standard

Every application component is provisioned with a standardized, self-healing exchange-queue structure:

• Exchanges: Each app uses a Direct Exchange (e.g., bilgi.core) for primary routing and a specialized DLX Exchange (bilgi.core.dlx) for error handling.
• Routing Keys: Semantic keys (e.g., user.account) ensure messages are routed with precision to the correct functional queue.
• The Reliability Trio: Every logical message path consists of:
  • Main Queue: Target for standard processing via the primary routing key.
  • Retry Queue: A holding pen with x-message-ttl (e.g., 60s) that automatically requeues messages to the Main Queue after a delay.
  • DLQ (Dead Letter Queue): The final destination for "poison messages," isolated for manual forensic analysis.

This configuration ensures that messaging structures are idempotent, self-verifying, and strictly isolated before the first application starts.

🛠️ Kafka Engineering Highlights

Kafka setup is one of the most advanced parts of the project:

• Fully configured in KRaft mode (no Zookeeper)
• Automated:
  • Cluster ID generation & persistence
  • Storage formatting
  • SCRAM user provisioning
  • ACL management
• Runtime config templating system
• Strict SSL + permission validation before startup

This eliminates common Kafka pitfalls such as:

• inconsistent cluster IDs
• broken authentication setups
• permission misconfigurations

🌐 Edge + Traffic Layer (docker-compose.inf.yml)

TuranDocker supports both Modern Runtime Patterns and Classic Runtime Patterns, allowing the platform to run both modern microservices and legacy production workloads within the same infrastructure model. This eliminates the need for separate operational strategies for old and new systems.

Modern Runtime Pattern

    Traefik → Service → App Container

It is used for:

• NestJS services
• FastAPI services
• Go services
• Python workers
• FrankenPHP worker mode
• Other container-native microservices

This model is optimized for horizontal scalability, container-native deployment, service isolation, high-performance API workloads.

Classic Runtime Pattern

    Traefik → Nginx → PHP-FPM

It is used for:

• Legacy PHP applications
• Older Laravel/Symfony projects
• Traditional server-rendered PHP systems
• Classic CMS-based applications

This preserves compatibility with existing production systems without forcing premature rewrites.

Traefik (Primary Edge Router)

Traefik acts as the primary ingress layer and secure front door of the platform. It handles:

• HTTPS termination
• Automatic Let's Encrypt certificate management
• Domain and host routing
• Middleware execution
• Service discovery
• Controlled service exposure rules

Examples:

    ms.turanbilgi.com
    core.turanbilgi.com
    interaction.turanbilgi.com
    realtime.turanbilgi.com

Traefik ensures that public traffic enters the platform through a secure, centralized, and observable edge layer.

Nginx

It is used for:

• Static websites
• Landing pages
• Web roots
• Classic PHP application handling via PHP-FPM
• Legacy application compatibility
• Reverse proxy specialization where needed

Example: ms.turanbilgi.com

Nginx provides operational flexibility for workloads that benefit from traditional web server behavior while remaining fully integrated into the platform architecture.

Optional API Gateways

Supported but profile-disabled:

• KrakenD
• Kong
• APISIX

This allows future evolution toward advanced gateway patterns such as:

• API aggregation
• Authentication centralization
• Rate limiting
• Developer portals
• Service mesh integration

without forcing unnecessary complexity during early infrastructure stages.

📊 Observability Layer (docker-compose.obs.yml)

Production systems fail. TuranDocker assumes that failure is normal—not exceptional. The Observability Layer exists to make failures visible, diagnosable, and recoverable. It provides monitoring, logs, tracing, alerting, and operational introspection across the entire platform.

📈 Metrics

Prometheus + Grafana

Prometheus and Grafana are used for:

• service health monitoring
• infrastructure visibility
• VPS resource analysis
• performance tracking
• operational dashboards

This provides real-time awareness of platform behavior.

📝 Logs

Loki + Logstash + Elasticsearch + Kibana

Loki, Logstash, Elasticsearch, and Kibana are used for:

• centralized log aggregation
• failure investigation
• production debugging
• historical operational visibility
• full-text log search

This removes the need to debug production issues by manually entering containers.

🔍 Distributed Tracing

Jaeger

Jaeger is used for:

• request flow tracing
• async failure debugging
• inter-service dependency visibility
• latency investigation

This is especially critical for event-driven microservice systems.

🐞 Error Tracking

GlitchTip

GlitchTip is used for:

• exception monitoring
• production error visibility
• Sentry-compatible workflows
• developer alerting

This ensures failures are surfaced immediately rather than discovered later.

🔄 Queue Monitoring

Bull Board

Bull Board is used for:

• background job inspection
• Redis queue visibility
• retry debugging
• failed job analysis

This is especially important for worker-heavy systems.

🧩 Application Layer (docker-compose.app.yml)

The Application Layer contains the actual business services of the platform. Microservices connect to the shared infrastructure via a unified network (turan-net).

Examples include:

• core services
• interaction services
• realtime services
• payment services
• AI services
• workers
• scheduled jobs

These services are intentionally lightweight because infrastructure concerns are centralized in shared platform layers.

🔗 Unified Connectivity Model (turan-net)

All application services connect through a shared internal Docker network: turan-net. This provides:

• secure internal communication
• service discovery
• infrastructure access
• network-level isolation from the public internet

Applications do not manage infrastructure independently. They consume platform services through controlled access models.

🚀 Deterministic Initialization + Verification

This is one of TuranDocker’s strongest design decisions.Infrastructure is not considered “ready” because a container started. It is only ready after:

• users created
• roles applied
• permissions verified
• access tested
• health checks passed

The initialization scripts perform create, update, verify, and fail-fast. This eliminates it started but doesn't work which is the most common production failure. This is enterprise-grade operational behavior.

⚙ Orchestration System:

Instead of relying solely on Docker Compose startup order, TuranDocker introduces a script-driven orchestration layer that controls the full infrastructure lifecycle. This ensures deterministic deployment, predictable recovery, and repeatable production operations.

run.sh — Entry Point

The entire platform lifecycle is managed through a centralized execution entry point. This controls:

• VPS validation
• Environment verification
• Secret validation
• Database startup + initialization
• Messaging layer bootstrap
• Edge + traffic layer startup
• Observability layer deployment
• Application service deployment

This creates a single operational source of truth for infrastructure execution.

🔄 Execution Pipeline:

Each infrastructure layer follows a strict and repeatable lifecycle:

    Pre → Start → Init → Verify → Post

This ensures consistent deployment across all services.

1. Pre Scripts (*.pre.sh)

Used before containers start. Responsibilities include:

• validating required secrets
• checking file permissions
• preparing runtime directories
• generating dynamic runtime configuration

Examples:

• Kafka configuration generation via envsubst
• TLS file validation
• runtime path preparation

2. Compose Up

Services are started using Docker Compose. This includes:

• controlled startup order
• resource limits
• restart policies
• dependency sequencing
• healthcheck validation

A container is not trusted simply because it is running. Health checks must confirm operational readiness.

3. Init Scripts (*.init.sh)

Idempotent infrastructure initialization. These scripts safely support both first-time deployment and repeated execution. Examples include:

• Kafka users and ACL creation
• topic creation
• MongoDB users and databases
• PostgreSQL role creation
• RabbitMQ users, queues, and permissions

This guarantees deterministic state across deployments.

Verification Phase

After initialization, the system performs real access verification. This includes:

• login validation
• read/write permission testing
• connection verification
• ownership validation
• fail-fast detection of configuration errors

Example: A MongoDB user is not considered valid until authenticated read and write operations succeed.

This is significantly stronger than simple resource creation.

5. Post Scripts (*.post.sh)

Optional finalization steps. Examples include reporting, cleanup, final synchronization, deployment summaries, and operational alerts.

This orchestration model transforms Docker Compose from a container launcher into a true production infrastructure control system. That is one of the defining strengths of TuranDocker.

🧠 Why This Architecture Matters

Most Docker projects are containers first and architecture later. TuranDocker is the opposite: architecture first and containers second. It is not simply “Docker Compose”. It is an infrastructure operating model. It creates a clean separation between Infrastructure Platform vs Business Applications which makes the system:

• easier to maintain
• easier to scale
• easier to debug
• safer to operate
• simpler to onboard new services
• more predictable in production
• less risky in production

This is a major reason why TuranDocker behaves like a platform—not merely a Docker project. It is not just a deployment setup—it’s an infrastructure blueprint. It demonstrates:

• Real-world DevOps discipline
• Deep understanding of distributed systems
• Strong focus on security and correctness
• Ability to design scalable, maintainable environments

TuranDocker provides:

• Isolation
  System + App level
• Security
  TLS + Secrets + Least Privilege
• Reliability
  Health checks + deterministic verification
• Scalability
  Add new systems safely
• Observability
  Metrics + Logs + Tracing + Error tracking
• Operational Discipline
  Production-first infrastructure behavior

In One Sentence:
TuranDocker is a secure, isolated, production-grade infrastructure operating system for multi-domain microservice platforms built entirely on Docker Compose.

Use Cases:

• Microservices platforms
• Event-driven architectures
• Real-time systems (Kafka + WebSocket services)
• Secure VPS deployments

Key Takeaways:

• Fully reproducible infrastructure
• Strong separation between services
• Secure by default
• Idempotent and reliable bootstrapping
• Production-ready design principles