- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite) - 03-apiservice: integrate MinIO minio-python SDK for file upload - requirements.txt: add minio==7.2.11 - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file() - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket - docker-compose.yml: pass MinIO env vars to container - .env.example: document MinIO vars - 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section - 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide - CLAUDE.md: project context (servers, SSH, paths, service distribution) - document-obsidiant/: initial Obsidian docs for all services
113 lines
5.8 KiB
Markdown
113 lines
5.8 KiB
Markdown
---
|
|
tags:
|
|
- project/sriphat
|
|
- dataplatform
|
|
- infrastructure
|
|
created: 2026-05-07
|
|
status: active
|
|
project: 2026-SRI-PJ-001
|
|
---
|
|
|
|
# Sriphat Data Platform — Project Overview
|
|
|
|
## ข้อมูลโครงการ
|
|
|
|
| รายการ | รายละเอียด |
|
|
|--------|-----------|
|
|
| **โครงการ** | Sriphat AI Transformation Data Platform |
|
|
| **รหัสโครงการ** | 2026-SRI-PJ-001 |
|
|
| **องค์กร** | โรงพยาบาลศรีพัฒน์ (Sriphat Hospital) |
|
|
| **Domain** | `ai.sriphat.com` / `sriphat.local` |
|
|
| **Server IP** | `192.168.100.9` |
|
|
| **Timezone** | Asia/Bangkok (UTC+7) |
|
|
|
|
## วัตถุประสงค์
|
|
|
|
สร้างระบบ **Modern Data Stack** สำหรับโรงพยาบาลศรีพัฒน์ โดยเน้น:
|
|
- **Security** — ระบบยืนยันตัวตนกลาง (SSO) ผ่าน Keycloak
|
|
- **Versatility** — รองรับข้อมูลหลายรูปแบบ (SQL Server, Oracle, REST API, Excel)
|
|
- **Single Sign-On** — ผู้ใช้ล็อกอินครั้งเดียวเข้าได้ทุก service
|
|
|
|
## Architecture Overview
|
|
|
|
```
|
|
┌──────────────────────────────────────────────────────────┐
|
|
│ Nginx Reverse Proxy │
|
|
│ (Gateway + SSL + Subpath Routing) │
|
|
│ ai.sriphat.com │
|
|
└──────────────────────────────────────────────────────────┘
|
|
│ │ │
|
|
┌──────▼──────┐ ┌──────▼──────┐ ┌────▼────────┐
|
|
│ Keycloak │ │ API Service │ │ Superset │
|
|
│ (SSO) │ │ (FastAPI) │ │ (BI) │
|
|
│ /keycloak │ │ /apiservice │ │ /superset │
|
|
└─────────────┘ └─────────────┘ └─────────────┘
|
|
│ │ │
|
|
└────────────────┼───────────────┘
|
|
│
|
|
┌─────────────┼──────────────┐
|
|
│ │ │
|
|
┌─────▼────┐ ┌─────▼─────┐ ┌────▼─────┐
|
|
│PostgreSQL│ │ Supabase │ │ MinIO │
|
|
│(Infra DB)│ │(BaaS/API) │ │(S3 Store)│
|
|
└──────────┘ └───────────┘ └──────────┘
|
|
│
|
|
┌──────▼──────┐
|
|
│ Airflow │
|
|
│ (Workflow) │
|
|
└─────────────┘
|
|
```
|
|
|
|
## Tech Stack (Layer Map)
|
|
|
|
| Layer | Tool | หน้าที่ |
|
|
|-------|------|--------|
|
|
| **Gateway** | Nginx | จัดการ Domain, SSL, Subpath routing |
|
|
| **Identity (SSO)** | Keycloak 23.0 | ยืนยันตัวตนกลาง (OIDC/OAuth2), รองรับ LDAP/AD |
|
|
| **Backend API** | FastAPI (Python) | Custom API endpoints, API Key management |
|
|
| **Database (Infra)** | PostgreSQL 15 | ฐานข้อมูลหลักสำหรับ Keycloak, API Service |
|
|
| **BaaS** | Supabase | PostgreSQL + Auth + Realtime + Storage + Edge Functions |
|
|
| **Workflow** | Apache Airflow 3.1.5 | DAG-based workflow orchestration (CeleryExecutor) |
|
|
| **Ingestion** | Airbyte | ETL จาก HIS, Oracle, REST API (ปัจจุบัน commented out) |
|
|
| **Analytics** | Apache Superset | Business Intelligence Dashboard |
|
|
| **Object Storage** | MinIO | S3-compatible storage, รองรับ ML/AI workflows |
|
|
| **Cache/Queue** | Redis 7.2 | Celery broker สำหรับ Airflow |
|
|
| **Monitoring** | Dozzle | Docker container log viewer |
|
|
|
|
## Docker Network
|
|
|
|
ทุก service ใช้ network ร่วมกันชื่อ `shared_data_network` (external)
|
|
|
|
```bash
|
|
docker network create shared_data_network
|
|
```
|
|
|
|
## Service Ports (Quick Reference)
|
|
|
|
| Service | Container Port | Host Port | URL |
|
|
|---------|---------------|-----------|-----|
|
|
| Nginx Proxy | 80 | 8020 | `http://localhost:8020` |
|
|
| Keycloak | 8080 | 8085 | `http://localhost:8085/keycloak` |
|
|
| PostgreSQL (Infra) | 5432 | 5435 | internal |
|
|
| Supabase Studio | 3000 | 3010 | `http://localhost:3010` |
|
|
| Supabase Kong API | 8000 | 8100 | `http://localhost:8100` |
|
|
| Supabase DB | 5432 | 5434 | internal |
|
|
| Supabase Pooler | 6543 | 6544 | internal |
|
|
| API Service | 8040 | 8040 | `http://localhost:8040/apiservice` |
|
|
| Airflow API Server | 8080 | 8200 | `http://localhost:8200` |
|
|
| Superset | 8088 | 8088 | `http://localhost:8088` |
|
|
| MinIO API | 9000 | 9000 | `http://localhost:9000` |
|
|
| MinIO Console | 9001 | 9001 | `http://localhost:9001` |
|
|
| Dozzle | 8080 | 9999 | `http://localhost:9999/dozzle` |
|
|
|
|
## Related Documents
|
|
|
|
- [[01-Infrastructure]] — Nginx, Keycloak, PostgreSQL, Redis, Dozzle
|
|
- [[02-Supabase]] — BaaS layer (PostgreSQL + Auth + Realtime + Storage)
|
|
- [[03-API-Service]] — FastAPI custom endpoints
|
|
- [[04-Airflow]] — Workflow orchestration
|
|
- [[05-Analytics-Superset]] — BI Dashboard
|
|
- [[06-MinIO]] — Object Storage
|
|
- [[07-Security-Strategy]] — Security model และ SSO
|
|
- [[08-Operations-Runbook]] — Deploy, Backup, Troubleshoot
|