- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite) - 03-apiservice: integrate MinIO minio-python SDK for file upload - requirements.txt: add minio==7.2.11 - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file() - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket - docker-compose.yml: pass MinIO env vars to container - .env.example: document MinIO vars - 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section - 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide - CLAUDE.md: project context (servers, SSH, paths, service distribution) - document-obsidiant/: initial Obsidian docs for all services
233 lines
6.1 KiB
Markdown
233 lines
6.1 KiB
Markdown
---
|
|
tags:
|
|
- project/sriphat
|
|
- supabase
|
|
- postgresql
|
|
- baas
|
|
created: 2026-05-07
|
|
status: active
|
|
folder: 02-supabase
|
|
---
|
|
|
|
# Supabase Layer (02-supabase)
|
|
|
|
> **Docker Compose:** `02-supabase/docker-compose.yml`
|
|
> **Env File:** `02-supabase/.env`
|
|
|
|
Supabase เป็น Backend-as-a-Service (BaaS) แบบ self-hosted ที่รวม PostgreSQL, Auth, Realtime, Storage และ Edge Functions ไว้ในที่เดียว
|
|
|
|
## Services
|
|
|
|
| Container | Image | Port | หน้าที่ |
|
|
|-----------|-------|------|--------|
|
|
| `sdp-supabase-studio` | supabase/studio:2026.02.16 | `3010:3000` | Web UI สำหรับจัดการ database |
|
|
| `sdp-supabase-kong` | kong:2.8.1 | `8100:8000`, `8444:8443` | API Gateway (routing ทุก request) |
|
|
| `sdp-supabase-auth` | supabase/gotrue:v2.186.0 | internal | Authentication service |
|
|
| `sdp-supabase-rest` | postgrest/postgrest:v12.2.3 | internal | Auto-generated REST API จาก PostgreSQL |
|
|
| `sdp-realtime-dev` | supabase/realtime:v2.76.5 | internal | WebSocket realtime subscriptions |
|
|
| `sdp-supabase-storage` | supabase/storage-api:v1.37.8 | internal | File storage |
|
|
| `sdp-supabase-imgproxy` | darthsim/imgproxy:v3.30.1 | internal | Image transformation |
|
|
| `sdp-supabase-meta` | supabase/postgres-meta:v0.95.2 | internal | PostgreSQL metadata API |
|
|
| `sdp-supabase-edge-functions` | supabase/edge-runtime:v1.70.3 | internal | Deno edge functions |
|
|
| `sdp-supabase-analytics` | supabase/logflare:1.31.2 | internal | Log analytics (Logflare) |
|
|
| `sdp-supabase-db` | supabase/postgres:15.8.1.085 | `5434:5432` | PostgreSQL database หลัก |
|
|
| `sdp-supabase-vector` | timberio/vector:0.53.0-alpine | internal | Log collector |
|
|
| `sdp-supabase-pooler` | supabase/supavisor:2.7.4 | `6544:6543` | Connection pooler (PgBouncer-like) |
|
|
|
|
---
|
|
|
|
## สถาปัตยกรรม Supabase
|
|
|
|
```
|
|
Client / API Service
|
|
│
|
|
▼
|
|
sdp-supabase-kong (API Gateway: port 8100)
|
|
│
|
|
┌────┼────────────────────┐
|
|
│ │ │
|
|
▼ ▼ ▼
|
|
Auth REST API Realtime
|
|
GoTrue PostgREST Supabase Realtime
|
|
│ │ │
|
|
└────┴────────────────────┘
|
|
│
|
|
▼
|
|
sdp-supabase-db (PostgreSQL 15)
|
|
│
|
|
sdp-supabase-pooler
|
|
(Supavisor: port 6544)
|
|
```
|
|
|
|
---
|
|
|
|
## PostgreSQL Database (sdp-supabase-db)
|
|
|
|
**Image:** `supabase/postgres:15.8.1.085`
|
|
**Port:** `5434` (host)
|
|
|
|
### Init SQL Files
|
|
|
|
| File | หน้าที่ |
|
|
|------|--------|
|
|
| `volumes/db/realtime.sql` | Setup replication สำหรับ Realtime |
|
|
| `volumes/db/webhooks.sql` | Database webhook functions |
|
|
| `volumes/db/roles.sql` | PostgreSQL roles setup |
|
|
| `volumes/db/jwt.sql` | JWT helper functions |
|
|
| `volumes/db/_supabase.sql` | Internal Supabase schema |
|
|
| `volumes/db/logs.sql` | Logging tables |
|
|
| `volumes/db/pooler.sql` | Connection pooler config |
|
|
|
|
### Connection Strings
|
|
|
|
```
|
|
# Direct Connection
|
|
postgresql://postgres:<password>@sdp-supabase-db:5432/postgres
|
|
|
|
# Via Pooler (Transaction mode)
|
|
postgresql://postgres.tenant:<password>@sdp-supabase-pooler:6543/postgres
|
|
|
|
# External (from host)
|
|
postgresql://postgres:<password>@192.168.100.9:5434/postgres
|
|
```
|
|
|
|
---
|
|
|
|
## Kong API Gateway
|
|
|
|
**Image:** `kong:2.8.1`
|
|
**Port:** `8100` (HTTP), `8444` (HTTPS)
|
|
|
|
Kong ทำหน้าที่ route requests ไปยัง services ต่างๆ:
|
|
|
|
```
|
|
/auth/v1/* → sdp-supabase-auth (GoTrue)
|
|
/rest/v1/* → sdp-supabase-rest (PostgREST)
|
|
/realtime/v1/ → sdp-realtime (WebSocket)
|
|
/storage/v1/* → sdp-supabase-storage
|
|
/functions/v1/*→ sdp-supabase-edge-functions
|
|
/meta/* → sdp-supabase-meta
|
|
```
|
|
|
|
**Kong Config:** `volumes/api/kong.yml`
|
|
|
|
---
|
|
|
|
## Supavisor (Connection Pooler)
|
|
|
|
**Image:** `supabase/supavisor:2.7.4`
|
|
**Port:** `6544` (transaction mode pooler)
|
|
|
|
```bash
|
|
# Transaction mode (ใช้สำหรับ serverless/edge functions)
|
|
postgresql://postgres.sriphat:<password>@sdp-supabase-pooler:6543/postgres
|
|
|
|
POOLER_TENANT_ID: sriphat
|
|
POOLER_DEFAULT_POOL_SIZE: <from env>
|
|
POOLER_MAX_CLIENT_CONN: <from env>
|
|
```
|
|
|
|
---
|
|
|
|
## Authentication (GoTrue)
|
|
|
|
**Image:** `supabase/gotrue:v2.186.0`
|
|
|
|
### Features ที่เปิดใช้
|
|
|
|
| Feature | ค่า |
|
|
|---------|-----|
|
|
| Email Signup | `${ENABLE_EMAIL_SIGNUP}` |
|
|
| Anonymous Users | `${ENABLE_ANONYMOUS_USERS}` |
|
|
| Email Autoconfirm | `${ENABLE_EMAIL_AUTOCONFIRM}` |
|
|
| Phone Signup | `${ENABLE_PHONE_SIGNUP}` |
|
|
|
|
### JWT Configuration
|
|
|
|
```
|
|
JWT_SECRET: <จาก env>
|
|
JWT_EXPIRY: <จาก env>
|
|
JWT_AUD: authenticated
|
|
JWT_DEFAULT_GROUP: authenticated
|
|
```
|
|
|
|
---
|
|
|
|
## Storage
|
|
|
|
**Image:** `supabase/storage-api:v1.37.8`
|
|
**Data path:** `volumes/storage/`
|
|
|
|
```
|
|
FILE_SIZE_LIMIT: 52428800 (50MB)
|
|
STORAGE_BACKEND: file
|
|
ENABLE_IMAGE_TRANSFORMATION: true
|
|
```
|
|
|
|
---
|
|
|
|
## Supabase Studio
|
|
|
|
**URL:** `http://localhost:3010` หรือ `https://ai.sriphat.com/supabase`
|
|
**Image:** `supabase/studio:2026.02.16-sha-26c615c`
|
|
|
|
Studio เชื่อมต่อผ่าน:
|
|
- PostgreSQL Meta API (`sdp-meta:8080`)
|
|
- Kong API (`sdp-kong:8000`)
|
|
- Logflare (`sdp-analytics:4000`)
|
|
|
|
**Snippets path:** `volumes/snippets/`
|
|
**Functions path:** `volumes/functions/`
|
|
|
|
---
|
|
|
|
## Environment Variables (สำคัญ)
|
|
|
|
```bash
|
|
# PostgreSQL
|
|
POSTGRES_HOST=sdp-supabase-db
|
|
POSTGRES_PORT=5432
|
|
POSTGRES_DB=postgres
|
|
POSTGRES_PASSWORD=<secret>
|
|
|
|
# JWT
|
|
JWT_SECRET=<long-random-string>
|
|
JWT_EXPIRY=3600
|
|
|
|
# API Keys
|
|
ANON_KEY=<jwt-anon-key>
|
|
SERVICE_ROLE_KEY=<jwt-service-role-key>
|
|
|
|
# Studio
|
|
STUDIO_DEFAULT_ORGANIZATION=Sriphat Hospital
|
|
STUDIO_DEFAULT_PROJECT=DataPlatform
|
|
SUPABASE_PUBLIC_URL=https://ai.sriphat.com/supabase-api
|
|
|
|
# Logflare
|
|
LOGFLARE_PUBLIC_ACCESS_TOKEN=<token>
|
|
LOGFLARE_PRIVATE_ACCESS_TOKEN=<token>
|
|
```
|
|
|
|
---
|
|
|
|
## การใช้งาน Supabase จาก API Service
|
|
|
|
```python
|
|
# ใน 03-apiservice
|
|
SUPABASE_DB_HOST=sdp-supabase-db
|
|
SUPABASE_DB_PORT=5432
|
|
SUPABASE_DB_USER=postgres.1
|
|
SUPABASE_DB_NAME=postgres
|
|
|
|
SUPABASE_API_URL=http://sdp-kong:8000
|
|
SUPABASE_API_KEY=<anon-or-service-role-key>
|
|
```
|
|
|
|
---
|
|
|
|
## Related
|
|
|
|
- [[00-Project-Overview]]
|
|
- [[03-API-Service]]
|
|
- [[07-Security-Strategy]]
|