Files
sriphat-dataplatform/document-obsidiant/2026-SRI-PJ-001 Sriphat AI Transformation/02-Supabase.md
jigoong a587be08bd feat: MinIO integration — bucket finance, API service upload, Nginx routing
- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks
  (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite)
- 03-apiservice: integrate MinIO minio-python SDK for file upload
  - requirements.txt: add minio==7.2.11
  - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL
  - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file()
  - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket
  - docker-compose.yml: pass MinIO env vars to container
  - .env.example: document MinIO vars
- 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section
- 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide
- CLAUDE.md: project context (servers, SSH, paths, service distribution)
- document-obsidiant/: initial Obsidian docs for all services
2026-05-20 17:42:39 +07:00

233 lines
6.1 KiB
Markdown

---
tags:
- project/sriphat
- supabase
- postgresql
- baas
created: 2026-05-07
status: active
folder: 02-supabase
---
# Supabase Layer (02-supabase)
> **Docker Compose:** `02-supabase/docker-compose.yml`
> **Env File:** `02-supabase/.env`
Supabase เป็น Backend-as-a-Service (BaaS) แบบ self-hosted ที่รวม PostgreSQL, Auth, Realtime, Storage และ Edge Functions ไว้ในที่เดียว
## Services
| Container | Image | Port | หน้าที่ |
|-----------|-------|------|--------|
| `sdp-supabase-studio` | supabase/studio:2026.02.16 | `3010:3000` | Web UI สำหรับจัดการ database |
| `sdp-supabase-kong` | kong:2.8.1 | `8100:8000`, `8444:8443` | API Gateway (routing ทุก request) |
| `sdp-supabase-auth` | supabase/gotrue:v2.186.0 | internal | Authentication service |
| `sdp-supabase-rest` | postgrest/postgrest:v12.2.3 | internal | Auto-generated REST API จาก PostgreSQL |
| `sdp-realtime-dev` | supabase/realtime:v2.76.5 | internal | WebSocket realtime subscriptions |
| `sdp-supabase-storage` | supabase/storage-api:v1.37.8 | internal | File storage |
| `sdp-supabase-imgproxy` | darthsim/imgproxy:v3.30.1 | internal | Image transformation |
| `sdp-supabase-meta` | supabase/postgres-meta:v0.95.2 | internal | PostgreSQL metadata API |
| `sdp-supabase-edge-functions` | supabase/edge-runtime:v1.70.3 | internal | Deno edge functions |
| `sdp-supabase-analytics` | supabase/logflare:1.31.2 | internal | Log analytics (Logflare) |
| `sdp-supabase-db` | supabase/postgres:15.8.1.085 | `5434:5432` | PostgreSQL database หลัก |
| `sdp-supabase-vector` | timberio/vector:0.53.0-alpine | internal | Log collector |
| `sdp-supabase-pooler` | supabase/supavisor:2.7.4 | `6544:6543` | Connection pooler (PgBouncer-like) |
---
## สถาปัตยกรรม Supabase
```
Client / API Service
sdp-supabase-kong (API Gateway: port 8100)
┌────┼────────────────────┐
│ │ │
▼ ▼ ▼
Auth REST API Realtime
GoTrue PostgREST Supabase Realtime
│ │ │
└────┴────────────────────┘
sdp-supabase-db (PostgreSQL 15)
sdp-supabase-pooler
(Supavisor: port 6544)
```
---
## PostgreSQL Database (sdp-supabase-db)
**Image:** `supabase/postgres:15.8.1.085`
**Port:** `5434` (host)
### Init SQL Files
| File | หน้าที่ |
|------|--------|
| `volumes/db/realtime.sql` | Setup replication สำหรับ Realtime |
| `volumes/db/webhooks.sql` | Database webhook functions |
| `volumes/db/roles.sql` | PostgreSQL roles setup |
| `volumes/db/jwt.sql` | JWT helper functions |
| `volumes/db/_supabase.sql` | Internal Supabase schema |
| `volumes/db/logs.sql` | Logging tables |
| `volumes/db/pooler.sql` | Connection pooler config |
### Connection Strings
```
# Direct Connection
postgresql://postgres:<password>@sdp-supabase-db:5432/postgres
# Via Pooler (Transaction mode)
postgresql://postgres.tenant:<password>@sdp-supabase-pooler:6543/postgres
# External (from host)
postgresql://postgres:<password>@192.168.100.9:5434/postgres
```
---
## Kong API Gateway
**Image:** `kong:2.8.1`
**Port:** `8100` (HTTP), `8444` (HTTPS)
Kong ทำหน้าที่ route requests ไปยัง services ต่างๆ:
```
/auth/v1/* → sdp-supabase-auth (GoTrue)
/rest/v1/* → sdp-supabase-rest (PostgREST)
/realtime/v1/ → sdp-realtime (WebSocket)
/storage/v1/* → sdp-supabase-storage
/functions/v1/*→ sdp-supabase-edge-functions
/meta/* → sdp-supabase-meta
```
**Kong Config:** `volumes/api/kong.yml`
---
## Supavisor (Connection Pooler)
**Image:** `supabase/supavisor:2.7.4`
**Port:** `6544` (transaction mode pooler)
```bash
# Transaction mode (ใช้สำหรับ serverless/edge functions)
postgresql://postgres.sriphat:<password>@sdp-supabase-pooler:6543/postgres
POOLER_TENANT_ID: sriphat
POOLER_DEFAULT_POOL_SIZE: <from env>
POOLER_MAX_CLIENT_CONN: <from env>
```
---
## Authentication (GoTrue)
**Image:** `supabase/gotrue:v2.186.0`
### Features ที่เปิดใช้
| Feature | ค่า |
|---------|-----|
| Email Signup | `${ENABLE_EMAIL_SIGNUP}` |
| Anonymous Users | `${ENABLE_ANONYMOUS_USERS}` |
| Email Autoconfirm | `${ENABLE_EMAIL_AUTOCONFIRM}` |
| Phone Signup | `${ENABLE_PHONE_SIGNUP}` |
### JWT Configuration
```
JWT_SECRET: <จาก env>
JWT_EXPIRY: <จาก env>
JWT_AUD: authenticated
JWT_DEFAULT_GROUP: authenticated
```
---
## Storage
**Image:** `supabase/storage-api:v1.37.8`
**Data path:** `volumes/storage/`
```
FILE_SIZE_LIMIT: 52428800 (50MB)
STORAGE_BACKEND: file
ENABLE_IMAGE_TRANSFORMATION: true
```
---
## Supabase Studio
**URL:** `http://localhost:3010` หรือ `https://ai.sriphat.com/supabase`
**Image:** `supabase/studio:2026.02.16-sha-26c615c`
Studio เชื่อมต่อผ่าน:
- PostgreSQL Meta API (`sdp-meta:8080`)
- Kong API (`sdp-kong:8000`)
- Logflare (`sdp-analytics:4000`)
**Snippets path:** `volumes/snippets/`
**Functions path:** `volumes/functions/`
---
## Environment Variables (สำคัญ)
```bash
# PostgreSQL
POSTGRES_HOST=sdp-supabase-db
POSTGRES_PORT=5432
POSTGRES_DB=postgres
POSTGRES_PASSWORD=<secret>
# JWT
JWT_SECRET=<long-random-string>
JWT_EXPIRY=3600
# API Keys
ANON_KEY=<jwt-anon-key>
SERVICE_ROLE_KEY=<jwt-service-role-key>
# Studio
STUDIO_DEFAULT_ORGANIZATION=Sriphat Hospital
STUDIO_DEFAULT_PROJECT=DataPlatform
SUPABASE_PUBLIC_URL=https://ai.sriphat.com/supabase-api
# Logflare
LOGFLARE_PUBLIC_ACCESS_TOKEN=<token>
LOGFLARE_PRIVATE_ACCESS_TOKEN=<token>
```
---
## การใช้งาน Supabase จาก API Service
```python
# ใน 03-apiservice
SUPABASE_DB_HOST=sdp-supabase-db
SUPABASE_DB_PORT=5432
SUPABASE_DB_USER=postgres.1
SUPABASE_DB_NAME=postgres
SUPABASE_API_URL=http://sdp-kong:8000
SUPABASE_API_KEY=<anon-or-service-role-key>
```
---
## Related
- [[00-Project-Overview]]
- [[03-API-Service]]
- [[07-Security-Strategy]]