feat: MinIO integration — bucket finance, API service upload, Nginx routing

- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks
  (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite)
- 03-apiservice: integrate MinIO minio-python SDK for file upload
  - requirements.txt: add minio==7.2.11
  - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL
  - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file()
  - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket
  - docker-compose.yml: pass MinIO env vars to container
  - .env.example: document MinIO vars
- 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section
- 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide
- CLAUDE.md: project context (servers, SSH, paths, service distribution)
- document-obsidiant/: initial Obsidian docs for all services
This commit is contained in:
jigoong
2026-05-20 17:42:39 +07:00
parent 9dcf24eeb7
commit a587be08bd
20 changed files with 2601 additions and 13 deletions

View File

@@ -343,6 +343,57 @@ server {
# proxy_request_buffering off;
# }
# =============================================
# MinIO Object Storage (Server 2: 192.168.100.9)
# =============================================
# MinIO S3 API — port 9000
# Path MUST be stripped before passing to MinIO
location /minio/ {
proxy_pass http://192.168.100.9:9000/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
client_max_body_size 1G;
proxy_request_buffering off;
proxy_buffering off;
}
# MinIO Console UI — port 9001 (NOT 9000!)
# Path MUST be stripped: /minio-console/foo → /foo
location /minio-console/ {
rewrite ^/minio-console/(.*) /$1 break;
proxy_pass http://192.168.100.9:9001;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# WebSocket support (Console uses WebSocket for real-time updates)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
chunked_transfer_encoding off;
}
# Redirect /minio-console → /minio-console/
location = /minio-console {
return 301 $scheme://$http_host/minio-console/;
}
#listen 443 ssl; # managed by sriphat
#ssl_certificate /etc/letsencrypt/live/ai.bda.co.th/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/ai.bda.co.th/privkey.pem; # managed by Certbot