Files
jigoong a587be08bd feat: MinIO integration — bucket finance, API service upload, Nginx routing
- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks
  (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite)
- 03-apiservice: integrate MinIO minio-python SDK for file upload
  - requirements.txt: add minio==7.2.11
  - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL
  - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file()
  - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket
  - docker-compose.yml: pass MinIO env vars to container
  - .env.example: document MinIO vars
- 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section
- 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide
- CLAUDE.md: project context (servers, SSH, paths, service distribution)
- document-obsidiant/: initial Obsidian docs for all services
2026-05-20 17:42:39 +07:00

203 lines
4.9 KiB
Markdown

---
tags:
- project/sriphat
- infrastructure
- nginx
- keycloak
- postgresql
created: 2026-05-07
status: active
folder: 01-infra
---
# Infrastructure Layer (01-infra)
> **Docker Compose:** `01-infra/docker-compose.yml`
> **Env File:** `.env.global`
## Services ใน Layer นี้
| Container | Image | Port | หน้าที่ |
|-----------|-------|------|--------|
| `nginx-proxy-manager` | nginx:latest | `8020:80` | Reverse proxy + Subpath routing |
| `keycloak` | quay.io/keycloak/keycloak:23.0 | `8085:8080` | SSO / Identity Provider |
| `postgres` | postgres:15-alpine | `5435:5432` | ฐานข้อมูลหลัก (Keycloak + API Service) |
| `redis` | redis:7.2-bookworm | internal | Cache / Message broker สำหรับ Airflow |
| `dozzle` | amir20/dozzle:latest | `9999:8080` | Docker log monitoring |
---
## Nginx Proxy Manager
**Image:** `nginx:latest`
### Subpath Routing Table
| Service | Subpath | Backend |
|---------|---------|---------|
| API Service | `/apiservice` | `apiservice:8040` |
| Supabase Studio | `/supabase` | `sdp-studio:3000` |
| Supabase Kong API | `/supabase-api` | `sdp-kong:8000` |
| Keycloak | `/keycloak` | `keycloak:8080` |
| Superset | `/superset` | `superset:8088` |
| Airflow | `/airflow` | `airflow-apiserver:8080` |
| Dozzle | `/dozzle` | `dozzle:8080` |
| MinIO API | `/minio` | `minio:9000` |
| MinIO Console | `/minio-console` | `minio:9001` |
**Config directory:** `01-infra/nginx-configs/`
### การตั้งค่า Nginx
```nginx
# เพิ่ม config ผ่าน Custom Nginx Configuration ใน Proxy Host
# หรือ mount file ไปที่ /etc/nginx/conf.d/default.conf
```
---
## Keycloak (SSO)
**Image:** `quay.io/keycloak/keycloak:23.0`
**URL:** `http://localhost:8085/keycloak` หรือ `https://ai.sriphat.com/keycloak`
### Configuration
```yaml
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/${KEYCLOAK_DB_NAME}
KC_HTTP_RELATIVE_PATH: "/keycloak"
KC_HOSTNAME_PATH: "/keycloak"
KC_PROXY: edge
KC_HTTP_ENABLED: "true"
```
### Keycloak SSO Clients ที่ต้องสร้าง
| Client ID | Service | Protocol |
|-----------|---------|---------|
| `apiservice` | API Service | OIDC |
| `superset-client` | Apache Superset | OIDC |
| `minio-client` | MinIO | OIDC |
| `airflow-client` | Apache Airflow | OIDC |
### ขั้นตอนตั้งค่า Keycloak หลัง Deploy
1. เข้า Admin Console: `/keycloak/admin`
2. สร้าง Realm: `sriphat`
3. สร้าง Clients สำหรับแต่ละ service
4. เชื่อมต่อ LDAP/AD ของโรงพยาบาล (optional)
5. สร้าง Groups และ Roles
6. Map roles ให้กับ users
---
## PostgreSQL (Infra DB)
**Image:** `postgres:15-alpine`
**Port:** `5435` (host) → `5432` (container)
### Databases ใน PostgreSQL นี้
| Database | เจ้าของ |
|----------|--------|
| `postgres` | Default + API Service |
| `keycloak` | Keycloak |
| `superset` | Apache Superset |
| `airflow` | Apache Airflow |
### Init Scripts
**Path:** `01-infra/init/`
| File | หน้าที่ |
|------|--------|
| `00-create-keycloak-database.sql` | สร้าง database สำหรับ Keycloak |
| `03-create-airflow-databases.sql` | สร้าง database สำหรับ Airflow |
### Connection String
```
Host: postgres (internal) / 192.168.100.9 (external)
Port: 5432 (internal) / 5435 (external)
User: ${DB_USER}
Password: ${DB_PASSWORD}
Database: postgres
```
---
## Redis
**Image:** `redis:7.2-bookworm`
**Port:** `6379` (internal only)
ใช้เป็น:
- Celery broker สำหรับ Apache Airflow
- Message queue
```
URL: redis://:@redis:6379/0
```
---
## Dozzle (Log Monitoring)
**Image:** `amir20/dozzle:latest`
**URL:** `http://localhost:9999/dozzle` หรือ `https://ai.sriphat.com/dozzle`
### Features
- ดู Docker container logs แบบ real-time
- รองรับ Remote Agent (เชื่อมต่อ server อื่น)
- Filter และ search logs
### Remote Agent Configuration
```bash
# ใน .env.global
DOZZLE_REMOTE_AGENT=192.168.100.9:7007
```
Server ที่ monitor:
- Main server (local)
- `192.168.100.9` — Airflow + MinIO + OpenMetadata server
**Setup Guide:** `REMOTE_HOSTS_DOZZLE_SETUP.md` — คู่มือตั้งค่า Dozzle agent บน remote server
---
## Environment Variables (.env.global)
```bash
# Project
PROJECT_NAME=sriphat-data
DOMAIN=sriphat.local
TZ=Asia/Bangkok
# Database
DB_HOST=postgres
DB_PORT=5432
DB_PORT_EXPOSE=5435
DB_USER=postgres
DB_PASSWORD=<secret>
DB_NAME=postgres
# Keycloak
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=<secret>
KEYCLOAK_DB_NAME=keycloak
# Dozzle
DOZZLE_PORT=9999
DOZZLE_BASE=/dozzle
DOZZLE_HOSTNAME=Sriphat Main Server
DOZZLE_REMOTE_AGENT=192.168.100.9:7007
```
## Related
- [[00-Project-Overview]]
- [[07-Security-Strategy]]
- [[08-Operations-Runbook]]