- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite) - 03-apiservice: integrate MinIO minio-python SDK for file upload - requirements.txt: add minio==7.2.11 - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file() - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket - docker-compose.yml: pass MinIO env vars to container - .env.example: document MinIO vars - 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section - 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide - CLAUDE.md: project context (servers, SSH, paths, service distribution) - document-obsidiant/: initial Obsidian docs for all services
203 lines
4.9 KiB
Markdown
203 lines
4.9 KiB
Markdown
---
|
|
tags:
|
|
- project/sriphat
|
|
- infrastructure
|
|
- nginx
|
|
- keycloak
|
|
- postgresql
|
|
created: 2026-05-07
|
|
status: active
|
|
folder: 01-infra
|
|
---
|
|
|
|
# Infrastructure Layer (01-infra)
|
|
|
|
> **Docker Compose:** `01-infra/docker-compose.yml`
|
|
> **Env File:** `.env.global`
|
|
|
|
## Services ใน Layer นี้
|
|
|
|
| Container | Image | Port | หน้าที่ |
|
|
|-----------|-------|------|--------|
|
|
| `nginx-proxy-manager` | nginx:latest | `8020:80` | Reverse proxy + Subpath routing |
|
|
| `keycloak` | quay.io/keycloak/keycloak:23.0 | `8085:8080` | SSO / Identity Provider |
|
|
| `postgres` | postgres:15-alpine | `5435:5432` | ฐานข้อมูลหลัก (Keycloak + API Service) |
|
|
| `redis` | redis:7.2-bookworm | internal | Cache / Message broker สำหรับ Airflow |
|
|
| `dozzle` | amir20/dozzle:latest | `9999:8080` | Docker log monitoring |
|
|
|
|
---
|
|
|
|
## Nginx Proxy Manager
|
|
|
|
**Image:** `nginx:latest`
|
|
|
|
### Subpath Routing Table
|
|
|
|
| Service | Subpath | Backend |
|
|
|---------|---------|---------|
|
|
| API Service | `/apiservice` | `apiservice:8040` |
|
|
| Supabase Studio | `/supabase` | `sdp-studio:3000` |
|
|
| Supabase Kong API | `/supabase-api` | `sdp-kong:8000` |
|
|
| Keycloak | `/keycloak` | `keycloak:8080` |
|
|
| Superset | `/superset` | `superset:8088` |
|
|
| Airflow | `/airflow` | `airflow-apiserver:8080` |
|
|
| Dozzle | `/dozzle` | `dozzle:8080` |
|
|
| MinIO API | `/minio` | `minio:9000` |
|
|
| MinIO Console | `/minio-console` | `minio:9001` |
|
|
|
|
**Config directory:** `01-infra/nginx-configs/`
|
|
|
|
### การตั้งค่า Nginx
|
|
|
|
```nginx
|
|
# เพิ่ม config ผ่าน Custom Nginx Configuration ใน Proxy Host
|
|
# หรือ mount file ไปที่ /etc/nginx/conf.d/default.conf
|
|
```
|
|
|
|
---
|
|
|
|
## Keycloak (SSO)
|
|
|
|
**Image:** `quay.io/keycloak/keycloak:23.0`
|
|
**URL:** `http://localhost:8085/keycloak` หรือ `https://ai.sriphat.com/keycloak`
|
|
|
|
### Configuration
|
|
|
|
```yaml
|
|
KC_DB: postgres
|
|
KC_DB_URL: jdbc:postgresql://postgres:5432/${KEYCLOAK_DB_NAME}
|
|
KC_HTTP_RELATIVE_PATH: "/keycloak"
|
|
KC_HOSTNAME_PATH: "/keycloak"
|
|
KC_PROXY: edge
|
|
KC_HTTP_ENABLED: "true"
|
|
```
|
|
|
|
### Keycloak SSO Clients ที่ต้องสร้าง
|
|
|
|
| Client ID | Service | Protocol |
|
|
|-----------|---------|---------|
|
|
| `apiservice` | API Service | OIDC |
|
|
| `superset-client` | Apache Superset | OIDC |
|
|
| `minio-client` | MinIO | OIDC |
|
|
| `airflow-client` | Apache Airflow | OIDC |
|
|
|
|
### ขั้นตอนตั้งค่า Keycloak หลัง Deploy
|
|
|
|
1. เข้า Admin Console: `/keycloak/admin`
|
|
2. สร้าง Realm: `sriphat`
|
|
3. สร้าง Clients สำหรับแต่ละ service
|
|
4. เชื่อมต่อ LDAP/AD ของโรงพยาบาล (optional)
|
|
5. สร้าง Groups และ Roles
|
|
6. Map roles ให้กับ users
|
|
|
|
---
|
|
|
|
## PostgreSQL (Infra DB)
|
|
|
|
**Image:** `postgres:15-alpine`
|
|
**Port:** `5435` (host) → `5432` (container)
|
|
|
|
### Databases ใน PostgreSQL นี้
|
|
|
|
| Database | เจ้าของ |
|
|
|----------|--------|
|
|
| `postgres` | Default + API Service |
|
|
| `keycloak` | Keycloak |
|
|
| `superset` | Apache Superset |
|
|
| `airflow` | Apache Airflow |
|
|
|
|
### Init Scripts
|
|
|
|
**Path:** `01-infra/init/`
|
|
|
|
| File | หน้าที่ |
|
|
|------|--------|
|
|
| `00-create-keycloak-database.sql` | สร้าง database สำหรับ Keycloak |
|
|
| `03-create-airflow-databases.sql` | สร้าง database สำหรับ Airflow |
|
|
|
|
### Connection String
|
|
|
|
```
|
|
Host: postgres (internal) / 192.168.100.9 (external)
|
|
Port: 5432 (internal) / 5435 (external)
|
|
User: ${DB_USER}
|
|
Password: ${DB_PASSWORD}
|
|
Database: postgres
|
|
```
|
|
|
|
---
|
|
|
|
## Redis
|
|
|
|
**Image:** `redis:7.2-bookworm`
|
|
**Port:** `6379` (internal only)
|
|
|
|
ใช้เป็น:
|
|
- Celery broker สำหรับ Apache Airflow
|
|
- Message queue
|
|
|
|
```
|
|
URL: redis://:@redis:6379/0
|
|
```
|
|
|
|
---
|
|
|
|
## Dozzle (Log Monitoring)
|
|
|
|
**Image:** `amir20/dozzle:latest`
|
|
**URL:** `http://localhost:9999/dozzle` หรือ `https://ai.sriphat.com/dozzle`
|
|
|
|
### Features
|
|
- ดู Docker container logs แบบ real-time
|
|
- รองรับ Remote Agent (เชื่อมต่อ server อื่น)
|
|
- Filter และ search logs
|
|
|
|
### Remote Agent Configuration
|
|
|
|
```bash
|
|
# ใน .env.global
|
|
DOZZLE_REMOTE_AGENT=192.168.100.9:7007
|
|
```
|
|
|
|
Server ที่ monitor:
|
|
- Main server (local)
|
|
- `192.168.100.9` — Airflow + MinIO + OpenMetadata server
|
|
|
|
**Setup Guide:** `REMOTE_HOSTS_DOZZLE_SETUP.md` — คู่มือตั้งค่า Dozzle agent บน remote server
|
|
|
|
---
|
|
|
|
## Environment Variables (.env.global)
|
|
|
|
```bash
|
|
# Project
|
|
PROJECT_NAME=sriphat-data
|
|
DOMAIN=sriphat.local
|
|
TZ=Asia/Bangkok
|
|
|
|
# Database
|
|
DB_HOST=postgres
|
|
DB_PORT=5432
|
|
DB_PORT_EXPOSE=5435
|
|
DB_USER=postgres
|
|
DB_PASSWORD=<secret>
|
|
DB_NAME=postgres
|
|
|
|
# Keycloak
|
|
KEYCLOAK_ADMIN=admin
|
|
KEYCLOAK_ADMIN_PASSWORD=<secret>
|
|
KEYCLOAK_DB_NAME=keycloak
|
|
|
|
# Dozzle
|
|
DOZZLE_PORT=9999
|
|
DOZZLE_BASE=/dozzle
|
|
DOZZLE_HOSTNAME=Sriphat Main Server
|
|
DOZZLE_REMOTE_AGENT=192.168.100.9:7007
|
|
```
|
|
|
|
## Related
|
|
|
|
- [[00-Project-Overview]]
|
|
- [[07-Security-Strategy]]
|
|
- [[08-Operations-Runbook]]
|