feat: MinIO integration — bucket finance, API service upload, Nginx routing
- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite) - 03-apiservice: integrate MinIO minio-python SDK for file upload - requirements.txt: add minio==7.2.11 - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file() - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket - docker-compose.yml: pass MinIO env vars to container - .env.example: document MinIO vars - 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section - 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide - CLAUDE.md: project context (servers, SSH, paths, service distribution) - document-obsidiant/: initial Obsidian docs for all services
This commit is contained in:
@@ -0,0 +1,243 @@
|
||||
---
|
||||
tags:
|
||||
- project/sriphat
|
||||
- superset
|
||||
- analytics
|
||||
- bi
|
||||
- dashboard
|
||||
created: 2026-05-07
|
||||
status: active
|
||||
folder: 06-analytics
|
||||
---
|
||||
|
||||
# Apache Superset — Analytics Layer (06-analytics)
|
||||
|
||||
> **Docker Compose:** `06-analytics/docker-compose.yml`
|
||||
> **Env File:** `.env` (global)
|
||||
|
||||
## Overview
|
||||
|
||||
Apache Superset ใช้เป็น Business Intelligence (BI) platform สำหรับ:
|
||||
- สร้าง Dashboard และ Visualization
|
||||
- เชื่อมต่อกับ PostgreSQL Data Warehouse
|
||||
- **Embedded Superset SDK** — embed dashboard ใน applications อื่นโดยไม่ต้อง login
|
||||
- สร้าง Report สำหรับผู้บริหารและแพทย์
|
||||
|
||||
> **SSO Keycloak:** ยังอยู่ในแผน ยังไม่ได้ implement
|
||||
|
||||
---
|
||||
|
||||
## Container
|
||||
|
||||
| รายการ | ค่า |
|
||||
|--------|-----|
|
||||
| **Container** | `superset` |
|
||||
| **Image** | Build จาก `Dockerfile` ใน `06-analytics/` |
|
||||
| **Port** | `8088:8088` |
|
||||
| **URL** | `http://localhost:8088` หรือ `https://ai.sriphat.com/superset` |
|
||||
| **Network** | `shared_data_network` |
|
||||
|
||||
---
|
||||
|
||||
## Configuration
|
||||
|
||||
### Database Connection (Superset metadata)
|
||||
|
||||
Superset เก็บ metadata ใน PostgreSQL (Infra):
|
||||
|
||||
```
|
||||
Database: superset
|
||||
Host: ${DB_HOST}
|
||||
Port: 5432
|
||||
User: ${DB_USER}
|
||||
Password: ${DB_PASSWORD}
|
||||
```
|
||||
|
||||
### Superset Config File
|
||||
|
||||
**Path:** `06-analytics/superset_config.py`
|
||||
|
||||
```python
|
||||
SECRET_KEY = os.environ.get('SUPERSET_SECRET_KEY')
|
||||
ENABLE_PROXY_FIX = True
|
||||
PUBLIC_ROLE_LIKE = "Gamma"
|
||||
GUEST_ROLE_NAME = "Gamma"
|
||||
|
||||
# CSRF
|
||||
WTF_CSRF_ENABLED = False
|
||||
WTF_CSRF_TIME_LIMIT = None
|
||||
|
||||
# CORS — อนุญาตทุก origin (ปรับ production ให้ restrictive กว่านี้)
|
||||
ENABLE_CORS = True
|
||||
CORS_OPTIONS = {
|
||||
'supports_credentials': True,
|
||||
'allow_headers': ['*'],
|
||||
'resources': ['*'],
|
||||
'origins': ['*']
|
||||
}
|
||||
|
||||
SESSION_COOKIE_SAMESITE = "Lax"
|
||||
SESSION_COOKIE_SECURE = False
|
||||
|
||||
# Embedded Superset SDK
|
||||
FEATURE_FLAGS = {"EMBEDDED_SUPERSET": True}
|
||||
EMBEDDED_SUPERSET = True
|
||||
TALISMAN_ENABLED = False
|
||||
ENABLE_TEMPLATE_PROCESSING = True
|
||||
LOGO_TARGET_PATH = '/superset/welcome/'
|
||||
|
||||
# Guest Token (สำหรับ embedded dashboard ไม่ต้อง login)
|
||||
GUEST_TOKEN_JWT_SECRET = '<secret>'
|
||||
GUEST_TOKEN_JWT_EXP_SECONDS = 300 # 5 นาที
|
||||
GUEST_TOKEN_JWT_ALGORITHM = "HS256"
|
||||
|
||||
# Domain whitelist สำหรับ embed
|
||||
EMBEDDED_SDK_HOST_WHITELIST = [
|
||||
"https://ai.sriphat.com",
|
||||
"http://localhost:8800",
|
||||
"http://127.0.0.1:8800"
|
||||
]
|
||||
```
|
||||
|
||||
> **หมายเหตุ:** Keycloak SSO ยังไม่ได้ integrate — ปัจจุบันใช้ Username/Password login + Embedded SDK สำหรับ embed dashboard ใน applications อื่น
|
||||
|
||||
### Environment Variables
|
||||
|
||||
```bash
|
||||
SUPERSET_SECRET_KEY=${SUPERSET_SECRET_KEY}
|
||||
DATABASE_DIALECT=postgresql
|
||||
DATABASE_HOST=${DB_HOST}
|
||||
DATABASE_PORT=5432
|
||||
DATABASE_DB=superset
|
||||
DATABASE_USER=${DB_USER}
|
||||
DATABASE_PASSWORD=${DB_PASSWORD}
|
||||
SUPERSET_LOAD_EXAMPLES=no
|
||||
SUPERSET_BIND_ADDRESS=0.0.0.0
|
||||
SUPERSET_PORT=8088
|
||||
TZ=Asia/Bangkok
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Startup Process
|
||||
|
||||
เมื่อ container เริ่มทำงาน จะรันคำสั่งต่อไปนี้โดยอัตโนมัติ:
|
||||
|
||||
```bash
|
||||
# 1. Migrate database
|
||||
superset db upgrade
|
||||
|
||||
# 2. Create admin user
|
||||
superset fab create-admin \
|
||||
--username ${SUPERSET_ADMIN_USERNAME} \
|
||||
--firstname Admin \
|
||||
--lastname User \
|
||||
--email admin@sriphat.local \
|
||||
--password ${SUPERSET_ADMIN_PASSWORD}
|
||||
|
||||
# 3. Initialize Superset
|
||||
superset init
|
||||
|
||||
# 4. Start Gunicorn server
|
||||
gunicorn --bind 0.0.0.0:8088 \
|
||||
--workers 4 \
|
||||
--timeout 120 \
|
||||
'superset.app:create_app()'
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Data Sources ที่ Connect ได้
|
||||
|
||||
### PostgreSQL Data Warehouse (Infra)
|
||||
|
||||
```
|
||||
postgresql://postgres:<password>@postgres:5432/postgres
|
||||
```
|
||||
|
||||
**Schemas ที่แนะนำให้ expose:**
|
||||
- `analytics` — ข้อมูลที่ transform แล้ว (read-only สำหรับ BI)
|
||||
- `operationbi` — ข้อมูล Operation BI
|
||||
|
||||
### Supabase PostgreSQL
|
||||
|
||||
```
|
||||
postgresql://postgres:<password>@sdp-supabase-db:5432/postgres
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Dashboard ที่ควรสร้าง
|
||||
|
||||
| Dashboard | ข้อมูล | ผู้ใช้ |
|
||||
|-----------|--------|--------|
|
||||
| OPD Waiting Time | `RawWaitingTime`, `RawOpdCheckpoint` | ผู้บริหาร, พยาบาล |
|
||||
| Patient Flow | HIS data จาก Airbyte | แพทย์, ผู้บริหาร |
|
||||
| Finance Overview | Excel จาก Finance | CFO, ผู้บริหาร |
|
||||
| Department KPIs | Aggregated data | หัวหน้าแผนก |
|
||||
|
||||
---
|
||||
|
||||
## Security (Row-Level Security)
|
||||
|
||||
ตั้งค่า RLS ใน Superset เพื่อจำกัดข้อมูล:
|
||||
|
||||
```sql
|
||||
-- ตัวอย่าง: แพทย์เห็นเฉพาะผู้ป่วยของตัวเอง
|
||||
-- ใน Superset: Security → Row Level Security → Add Rule
|
||||
-- Filter: department = '{{current_username}}'
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Volume Mounts
|
||||
|
||||
```
|
||||
06-analytics/
|
||||
├── data/superset_home/ # Superset config + cache
|
||||
└── superset_config.py # Custom configuration
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Build & Deploy
|
||||
|
||||
```bash
|
||||
cd 06-analytics
|
||||
|
||||
# Build image (มี custom Dockerfile สำหรับเพิ่ม packages)
|
||||
docker compose --env-file ../.env.global build
|
||||
|
||||
# Start
|
||||
docker compose --env-file ../.env.global up -d
|
||||
|
||||
# View logs
|
||||
docker logs superset -f
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Development Version (06-analytics-dev)
|
||||
|
||||
มี docker-compose สำหรับ development แยกต่างหาก:
|
||||
- **Path:** `06-analytics-dev/docker-compose.yml`
|
||||
- ใช้สำหรับทดสอบ config ก่อน deploy production
|
||||
|
||||
---
|
||||
|
||||
## Access
|
||||
|
||||
| รายการ | ค่า |
|
||||
|--------|-----|
|
||||
| URL | `http://localhost:8088` |
|
||||
| Admin Username | ค่าจาก `SUPERSET_ADMIN_USERNAME` |
|
||||
| Admin Password | ค่าจาก `SUPERSET_ADMIN_PASSWORD` |
|
||||
|
||||
---
|
||||
|
||||
## Related
|
||||
|
||||
- [[00-Project-Overview]]
|
||||
- [[01-Infrastructure]] (Keycloak SSO)
|
||||
- [[02-Supabase]] (Data Source)
|
||||
- [[07-Security-Strategy]]
|
||||
Reference in New Issue
Block a user