From 97cc41f489aa8c576c65d4d964c4023babdac927 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 23 Feb 2026 16:49:59 +0700 Subject: [PATCH] 260223:1649 20260223:1700 Refactor specs/ #2 --- .../docker-compose-lcbp3-db.yml | 86 +++++++++++++++++ .../docker-compose-lcbp3-git.yml | 88 +++++++++++++++++ .../docker-compose-lcbp3-n8n.yml | 75 +++++++++++++++ .../docker-compose-npm.yml | 94 +++++++++++++++++++ 4 files changed, 343 insertions(+) create mode 100644 specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-db.yml create mode 100644 specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-git.yml create mode 100644 specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-n8n.yml create mode 100644 specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-npm.yml diff --git a/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-db.yml b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-db.yml new file mode 100644 index 0000000..f7bbdcf --- /dev/null +++ b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-db.yml @@ -0,0 +1,86 @@ +# File: share/nap-dms/mariadb/docker-compose-lcbp3-db.yml +# DMS Container v1_8_0 : ย้าย folder ไปที่ share/nap-dms/ +# Application name: lcbp3-db, Servive: mariadb, pma +x-restart: &restart_policy + restart: unless-stopped + +x-logging: &default_logging + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "5" + +services: + mariadb: + <<: [*restart_policy, *default_logging] + image: mariadb:11.8 + container_name: mariadb + stdin_open: true + tty: true + deploy: + resources: + limits: + cpus: "2.0" + memory: 4G + reservations: + cpus: "0.5" + memory: 1G + environment: + MYSQL_ROOT_PASSWORD: "Center#2025" + MYSQL_DATABASE: "lcbp3" + MYSQL_USER: "center" + MYSQL_PASSWORD: "Center#2025" + TZ: "Asia/Bangkok" + ports: + - "3306:3306" + networks: + - lcbp3 + volumes: + - "/share/np-dms/mariadb/data:/var/lib/mysql" + - "/share/np-dms/mariadb/my.cnf:/etc/mysql/conf.d/my.cnf:ro" + - "/share/np-dms/mariadb/init:/docker-entrypoint-initdb.d:ro" + - "/share/dms-data/mariadb/backup:/backup" + healthcheck: + test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 30s + + pma: + <<: [*restart_policy, *default_logging] + image: phpmyadmin:5-apache + container_name: pma + stdin_open: true + tty: true + deploy: + resources: + limits: + cpus: "0.25" + memory: 256M + environment: + TZ: "Asia/Bangkok" + PMA_HOST: "mariadb" + PMA_PORT: "3306" + PMA_ABSOLUTE_URI: "https://pma.np-dms.work/" + UPLOAD_LIMIT: "1G" + MEMORY_LIMIT: "512M" + ports: + - "89:80" + networks: + - lcbp3 + # expose: + # - "80" + volumes: + - "/share/np-dms/pma/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php:ro" + - "/share/np-dms/pma/zzz-custom.ini:/usr/local/etc/php/conf.d/zzz-custom.ini:ro" + - "/share/np-dms/pma/tmp:/var/lib/phpmyadmin/tmp:rw" + - "/share/dms-data/logs/pma:/var/log/apache2" + depends_on: + mariadb: + condition: service_healthy + +networks: + lcbp3: + external: true diff --git a/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-git.yml b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-git.yml new file mode 100644 index 0000000..594ef34 --- /dev/null +++ b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-git.yml @@ -0,0 +1,88 @@ +# File: share/np-dms/git/docker-compose-lcbp3-git.yml +# DMS Container v1_8_0 : แยก service และ folder +# Application name: git, Servive:gitea +networks: + lcbp3: + external: true + giteanet: + external: true + name: gitnet + +services: + gitea: + image: gitea/gitea:latest-rootless + container_name: gitea + restart: always + stdin_open: true + tty: true + environment: + # ---- File ownership in QNAP ---- + USER_UID: "1000" + USER_GID: "1000" + TZ: Asia/Bangkok + # ---- Server / Reverse proxy (NPM) ---- + GITEA__server__ROOT_URL: https://git.np-dms.work/ + GITEA__server__DOMAIN: git.np-dms.work + GITEA__server__SSH_DOMAIN: git.np-dms.work + GITEA__server__START_SSH_SERVER: "true" + GITEA__server__SSH_PORT: "22" + GITEA__server__SSH_LISTEN_PORT: "22" + GITEA__server__LFS_START_SERVER: "true" + GITEA__server__HTTP_ADDR: "0.0.0.0" + GITEA__server__HTTP_PORT: "3000" + GITEA__server__TRUSTED_PROXIES: "127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" + # --- การตั้งค่าฐานข้อมูล + GITEA__database__DB_TYPE: mysql + GITEA__database__HOST: mariadb:3306 + GITEA__database__NAME: "gitea" + GITEA__database__USER: "gitea" + GITEA__database__PASSWD: "Center#2025" + # --- repos + GITEA__repository__ROOT: /var/lib/gitea/git/repositories + DISABLE_HTTP_GIT: "false" + ENABLE_BASIC_AUTHENTICATION: "true" + # --- Enable Package Registry --- + GITEA__packages__ENABLED: "true" + GITEA__packages__REGISTRY__ENABLED: "true" + GITEA__packages__REGISTRY__STORAGE_TYPE: local + GITEA__packages__REGISTRY__STORAGE_PATH: /data/registry + # Optional: lock install after setup (เปลี่ยนเป็น true เมื่อจบ onboarding) + GITEA__security__INSTALL_LOCK: "true" + volumes: + - /share/np-dms/gitea/backup:/backup + - /share/np-dms/gitea/etc:/etc/gitea + - /share/np-dms/gitea/lib:/var/lib/gitea + # ให้ repo root ใช้จาก /share/dms-data/gitea_repos + - /share/np-dms/gitea/gitea_repos:/var/lib/gitea/git/repositories + - /share/np-dms/gitea/gitea_registry:/data/registry + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3003:3000" # HTTP (ไปหลัง NPM) + - "2222:22" # SSH สำหรับ git clone/push + networks: + - lcbp3 + - giteanet + +# networks: +# gitea_net: +# driver: bridge +# name: git_gitea_net +# networks: [gitea_net] +# chown -R 1000:1000 /share/Container/gitea/ +# [/share/Container/git] # ls -l /share/Container/gitea/etc/app.ini +# [/share/Container/git] # setfacl -R -m u:1000:rwx /share/Container/gitea/ +# [/share/Container/git] # setfacl -R -m u:70:rwx /share/Container/git/postgres/ +# getfacl /share/Container/git/etc/app.ini +# chown -R 1000:1000 /share/Container/gitea/ +# ล้าง +# setfacl -R -b /share/Container/gitea/ +# +# chgrp -R administrators /share/Container/gitea/ +# chown -R 1000:1000 /share/Container/gitea/etc /share/Container/gitea/lib /share/Container/gitea/backup +# setfacl -m u:1000:rwx -m g:1000:rwx /share/Container/gitea/etc /share/Container/gitea/lib /share/Container/gitea/backup + +# CREATE DATABASE gitea CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci'; +# CREATE USER 'gitea'@'%' IDENTIFIED BY 'Center#2025'; +# GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'%'; +# FLUSH PRIVILEGES; diff --git a/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-n8n.yml b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-n8n.yml new file mode 100644 index 0000000..78585a4 --- /dev/null +++ b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-lcbp3-n8n.yml @@ -0,0 +1,75 @@ +# File: share/np-dms/n8n/docker-compose-lcbp3-n8n.yml +# DMS Container v1_8_0 แยก service และ folder, Application name:n8n service n8n +x-restart: &restart_policy + restart: unless-stopped + +x-logging: &default_logging + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "5" +services: + n8n: + <<: [*restart_policy, *default_logging] + image: n8nio/n8n:1.78.0 + container_name: n8n + stdin_open: true + tty: true + deploy: + resources: + limits: + cpus: "1.5" + memory: 2G + reservations: + cpus: "0.25" + memory: 512M + environment: + TZ: "Asia/Bangkok" + NODE_ENV: "production" + # N8N_PATH: "/n8n/" + N8N_PUBLIC_URL: "https://n8n.np-dms.work/" + WEBHOOK_URL: "https://n8n.np-dms.work/" + N8N_EDITOR_BASE_URL: "https://n8n.np-dms.work/" + N8N_PROTOCOL: "https" + N8N_HOST: "n8n.np-dms.work" + N8N_PORT: 5678 + N8N_PROXY_HOPS: "1" + N8N_DIAGNOSTICS_ENABLED: 'false' + N8N_SECURE_COOKIE: 'true' + N8N_ENCRYPTION_KEY: "9AAIB7Da9DW1qAhJE5/Bz4SnbQjeAngI" + N8N_BASIC_AUTH_ACTIVE: 'true' + N8N_BASIC_AUTH_USER: admin + N8N_BASIC_AUTH_PASSWORD: Center#2025 + N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: 'true' + GENERIC_TIMEZONE: "Asia/Bangkok" + # DB: MySQL/MariaDB removed in n8n v1.x — now using SQLite (default) + # Data is persisted in /home/node/.n8n (mounted volume below) + DB_TYPE: sqlite + + ports: + - "5678:5678" + networks: + lcbp3: {} + volumes: + - "/share/np-dms/n8n:/home/node/.n8n" + - "/share/np-dms/n8n/cache:/home/node/.cache" + - "/share/np-dms/n8n/scripts:/scripts" + - "/share/np-dms/n8n/data:/data" + - "/var/run/docker.sock:/var/run/docker.sock" + + healthcheck: + test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5678/healthz || exit 1"] + interval: 30s + timeout: 10s + start_period: 60s + retries: 5 + +networks: + lcbp3: + external: true + +# สำหรับ n8n volumes +# chown -R 1000:1000 /share/Container/n8n +# chmod -R 755 /share/Container/n8n + diff --git a/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-npm.yml b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-npm.yml new file mode 100644 index 0000000..9ebc8c7 --- /dev/null +++ b/specs/04-Infrastructure-OPS/04-00-docker-compose/docker-compose-npm.yml @@ -0,0 +1,94 @@ +# File: share/np-dms/npm/docker-compose-npm.yml +# DMS Container v1_8_0 : ย้าย folder ไปที่ share/np-dms/ +# Application name: lcbp3-npm, Servive:npm +x-restart: &restart_policy + restart: unless-stopped + +x-logging: &default_logging + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "5" +services: + npm: + <<: [*restart_policy, *default_logging] + image: jc21/nginx-proxy-manager:latest + container_name: npm + stdin_open: true + tty: true + deploy: + resources: + limits: + cpus: "1.0" # 50% CPU + memory: 512M + ports: + - "80:80" # HTTP + - "443:443" # HTTPS + - "81:81" # NPM Admin UI + environment: + TZ: "Asia/Bangkok" + DB_MYSQL_HOST: "mariadb" + DB_MYSQL_PORT: 3306 + DB_MYSQL_USER: "npm" + DB_MYSQL_PASSWORD: "npm" + DB_MYSQL_NAME: "npm" + # Uncomment this if IPv6 is not enabled on your host + DISABLE_IPV6: "true" + networks: + - lcbp3 + - giteanet + volumes: + - "/share/np-dms/npm/data:/data" + - "/share/dms-data/logs/npm:/data/logs" # <-- เพิ่ม logging volume + - "/share/np-dms/npm/letsencrypt:/etc/letsencrypt" + - "/share/np-dms/npm/custom:/data/nginx/custom" # <-- สำคัญสำหรับ http_top.conf + # - "/share/Container/lcbp3/npm/landing:/data/landing:ro" + landing: + image: nginx:1.27-alpine + container_name: landing + restart: unless-stopped + volumes: + - "/share/np-dms/npm/landing:/usr/share/nginx/html:ro" + networks: + - lcbp3 +networks: + lcbp3: + external: true + giteanet: + external: true + name: gitnet + +# docker exec -it npm id +# chown -R 0:0 /share/Container/npm +# setfacl -R -m u:0:rwx /share/Container/npm +# ค่าเริ่มต้นคือ:Email: admin@example.com Password: changeme + +# Note: Configurations +# Domain Names | Forward Hostname | IP Forward Port | Cache Assets | Block Common Exploits | Websockets | Force SSL | HTTP/2 | SupportHSTS Enabled | +# backend.np-dms.work | backend | 3000 | [ ] | [x] | [ ] | [x] | [x] | [ ] | +# lcbp3.np-dms.work | frontend | 3000 | [x] | [x] | [x] | [x] | [x] | [ ] | +# db.np-dms.work | mariadb | 3306 | [x] | [x] | [x] | [x] | [x] | [ ] | +# git.np-dms.work | gitea | 3000 | [x] | [x] | [x] | [x] | [x] | [ ] | +# n8n.np-dms.work | n8n | 5678 | [x] | [x] | [x] | [x] | [x] | [ ] | +# npm.np-dms.work | npm | 81 | [ ] | [x] | [x] | [x] | [x] | [ ] | +# pma.np-dms.work | pma | 80 | [x] | [x] | [ ] | [x] | [x] | [ ] | +# np-dms.work, | localhost | 80 | [x] | [x] | [ ] | [x] | [x] | [ ] | +# www.np-dms.work | | | | | | | | | + +# Note: The 'landing' service has been removed in this version. +# landing: +# image: nginx:1.27-alpine +# container_name: lcbp3_landing +# restart: unless-stopped +# volumes: +# - "/share/Container/lcbp3/npm/landing:/usr/share/nginx/html:ro" +# networks: +# - lcbp3 + +# Note: Add mariadb service is expected to be defined in a separate docker-compose file. +# Create database and user for NPM in the mariadb container: +# CREATE DATABASE npm; +# CREATE USER 'npm'@'%' IDENTIFIED BY 'npm'; +# GRANT ALL PRIVILEGES ON npm.* TO 'npm'@'%'; +# FLUSH PRIVILEGES;