9.2 KiB
9.2 KiB
Sriphat Data Platform - Deployment Guide
📋 Architecture Overview
┌─────────────────────────────────────────────────────────────┐
│ Nginx Proxy Manager │
│ (Gateway + SSL + Domain Routing) │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────┼─────────────────────┬─────────┐
│ │ │ │
┌───────▼────────┐ ┌────────▼────────┐ ┌───────▼────────┐│
│ Keycloak │ │ API Service │ │ Superset ││
│ (SSO) │ │ (FastAPI) │ │ (BI) ││
└────────────────┘ └─────────────────┘ └────────────────┘│
│ │ │ │
└─────────────────────┼─────────────────────┘ ┌────▼────┐
│ │Supabase │
┌─────────▼─────────┐ │ (BaaS) │
│ PostgreSQL │ └─────────┘
│ (Data Warehouse) │
└───────────────────┘
│
┌─────────▼─────────┐
│ Airbyte │
│ (Data Ingestion) │
└───────────────────┘
🚀 Quick Start
Prerequisites
- Docker & Docker Compose installed
- Minimum 8GB RAM
- 50GB disk space
Step 1: Clone & Configure
cd e:\git3\sriphat-dataplatform
# Review and update credentials in .env.global
notepad .env.global
Step 2: Start All Services
# On Linux/Mac
bash start-all.sh
# On Windows (PowerShell)
bash start-all.sh
# OR manually:
# 1. cd 00-network && bash create-network.sh
# 2. cd ../01-infra && docker compose --env-file ../.env.global up -d
# 3. cd ../02-supabase && bash setup.sh && docker compose up -d
# 4. Wait 30 seconds for PostgreSQL
# 5. cd ../03-apiservice && docker compose --env-file ../.env.global up --build -d
# 6. cd ../04-ingestion && docker compose --env-file ../.env.global up -d
# 7. cd ../06-analytics && docker compose --env-file ../.env.global up -d
Step 3: Verify Services
docker ps
You should see:
- nginx-proxy-manager
- keycloak
- postgres
- apiservice
- supabase-studio, supabase-kong, supabase-auth, supabase-db, supabase-rest, supabase-realtime, supabase-storage
- airbyte-webapp, airbyte-server, airbyte-worker, airbyte-temporal
- superset
🔑 Access Points
| Service | URL | Default Credentials |
|---|---|---|
| Nginx Proxy Manager | http://localhost:8021 | admin@example.com / changeme |
| Keycloak Admin | http://localhost:8080 | See KEYCLOAK_ADMIN in .env.global |
| Supabase Studio | http://localhost:3010 | See 02-supabase/.env |
| Supabase API | http://localhost:8100 | API Keys in 02-supabase/.env |
| Airbyte | http://localhost:8000 | No auth (setup via Nginx) |
| API Service | Configure via Nginx | See ADMIN_USERNAME in .env.global |
| Superset | Configure via Nginx | See SUPERSET_ADMIN_USERNAME in .env.global |
📝 Post-Installation Setup
1. Configure Nginx Proxy Manager
- Access http://localhost:8021
- Login with default credentials (change on first login)
- Add Proxy Hosts:
API Service:
- Domain:
api.sriphat.local(or your domain) - Forward Hostname:
apiservice - Forward Port:
8000 - Custom locations:
- Location:
/apiservice - Forward Hostname:
apiservice - Forward Port:
8000
- Location:
Keycloak:
- Domain:
auth.sriphat.local - Forward Hostname:
keycloak - Forward Port:
8080
Superset:
- Domain:
bi.sriphat.local - Forward Hostname:
superset - Forward Port:
8088
Airbyte:
- Domain:
etl.sriphat.local - Forward Hostname:
airbyte-proxy - Forward Port:
8000
Supabase:
- Domain:
supabase.sriphat.local - Forward Hostname:
supabase-kong - Forward Port:
8000 - Additional: Studio at
supabase-studio.sriphat.local→supabase-studio:3000
2. Setup Keycloak SSO
- Access Keycloak admin console
- Create new Realm:
sriphat - Create Clients:
- superset-client (for Superset OAuth)
- apiservice-client (for API Service)
- Configure OIDC settings
- Create Users and assign roles
3. Initialize API Service
# Access admin UI
# http://api.sriphat.local/apiservice/admin/
# Create API Client
# 1. Go to ApiClient menu
# 2. Create new client (e.g., "mobile-app")
# Generate API Key
curl -X POST "http://api.sriphat.local/apiservice/admin/api-keys/generate?client_id=1&permissions=feed.checkpoint:write&name=production-key" \
-H "Cookie: session=<your-admin-session>"
# Test API
curl -X POST "http://api.sriphat.local/apiservice/api/v1/feed/checkpoint" \
-H "Authorization: Bearer <api-key>" \
-H "Content-Type: application/json" \
-d '[{"id":1,"hn":123,"vn":456,"location":"OPD","type":"Scan","timestamp_in":"2026-02-16T10:00:00","timestamp_out":null,"waiting_time":null,"bu":"SRIPHAT"}]'
4. Configure Airbyte Sources
- Access Airbyte UI
- Setup Sources:
- SQL Server (HIS Database)
- Oracle (Lab System)
- REST API endpoints
- Setup Destination:
- PostgreSQL (host:
postgres, database:postgres, schemas:raw_data)
- PostgreSQL (host:
- Create Connections and schedule syncs
5. Setup Superset Dashboards
- Access Superset
- Add Database Connection:
- PostgreSQL:
postgresql://postgres:password@postgres:5432/postgres
- PostgreSQL:
- Create Datasets from
analyticsschema - Build Dashboards
🔒 Security Checklist
- Change all default passwords in
.env.global - Enable SSL in Nginx Proxy Manager (Let's Encrypt)
- Configure Keycloak with hospital LDAP/AD
- Enable Row-Level Security (RLS) in PostgreSQL
- Restrict network access (firewall rules)
- Setup backup strategy for PostgreSQL data
- Enable audit logging in all services
- Configure session timeouts
🛠️ Maintenance
View Logs
# All services
docker compose -f 01-infra/docker-compose.yml logs -f
# Specific service
docker logs -f apiservice
docker logs -f keycloak
docker logs -f superset
Backup Database
docker exec postgres pg_dump -U postgres postgres > backup_$(date +%Y%m%d).sql
Restore Database
docker exec -i postgres psql -U postgres postgres < backup_20260216.sql
Update Services
# Stop all
bash stop-all.sh
# Pull latest images
docker compose -f 01-infra/docker-compose.yml pull
docker compose -f 04-ingestion/docker-compose.yml pull
docker compose -f 06-analytics/docker-compose.yml pull
# Rebuild API service
cd 03-apiservice
docker compose --env-file ../.env.global build
# Start all
cd ..
bash start-all.sh
🐛 Troubleshooting
PostgreSQL connection issues
# Check if PostgreSQL is ready
docker exec postgres pg_isready -U postgres
# Check schemas
docker exec postgres psql -U postgres -c "\dn"
Keycloak not starting
# Check logs
docker logs keycloak
# Ensure PostgreSQL is ready first
docker restart keycloak
API Service can't connect to DB
# Verify network
docker network inspect shared_data_network
# Check environment variables
docker exec apiservice env | grep DB_
Airbyte worker issues
# Ensure Docker socket is mounted
docker exec airbyte-worker ls -la /var/run/docker.sock
# Check Temporal
docker logs airbyte-temporal
📊 Monitoring
Resource Usage
docker stats
Health Checks
# PostgreSQL
curl http://localhost:5432 || echo "PostgreSQL internal only - OK"
# Nginx Proxy Manager
curl -I http://localhost:81
# Keycloak
curl -I http://localhost:8080
# API Service (via network)
docker exec nginx-proxy-manager curl -I http://apiservice:8000/apiservice/docs
🔄 Scaling
Increase API Service Workers
Edit 03-apiservice/Dockerfile:
CMD ["gunicorn","-k","uvicorn.workers.UvicornWorker","app.main:app","--bind","0.0.0.0:8000","--workers","4"]
Add Read Replicas (PostgreSQL)
- Configure streaming replication
- Update connection strings for read-only queries
📞 Support
For issues:
- Check logs:
docker logs <container-name> - Verify network:
docker network inspect shared_data_network - Review configuration:
.env.global - Restart specific service:
docker restart <container-name>