diff --git a/specs/08-infrastructure/Infrastructure Setup.md b/specs/08-infrastructure/Infrastructure Setup.md index a22f8be..805959c 100644 --- a/specs/08-infrastructure/Infrastructure Setup.md +++ b/specs/08-infrastructure/Infrastructure Setup.md @@ -6,18 +6,11 @@ --- -## Server Role Overview +## Overview -| Component | QNAP TS-473A | ASUSTOR AS5403T | -| :-------------------- | :---------------------------- | :--------------------------- | -| **Redis/Cache** | ✅ Primary (Section 1) | ❌ Not deployed | -| **Database** | ✅ Primary MariaDB (Section 2) | ❌ Not deployed | -| **Backend Service** | ✅ NestJS API (Section 3) | ❌ Not deployed | -| **Monitoring** | ❌ Exporters only | ✅ Prometheus/Grafana | -| **Backup Target** | ❌ Source only | ✅ Backup storage (Section 5) | -| **Disaster Recovery** | ✅ Recovery target | ✅ Backup source (Section 7) | - -> 📖 See [monitoring.md](monitoring.md) for ASUSTOR-specific monitoring setup +> 📖 **ดูรายละเอียด Server Roles และ Service Distribution ได้ที่:** [README.md](README.md#-hardware-infrastructure) +> +> เอกสารนี้มุ่งเน้นการตั้งค่า Technical Configuration สำหรับแต่ละ Service --- diff --git a/specs/08-infrastructure/แผนผัง Network.md b/specs/08-infrastructure/Network_daigram.md similarity index 75% rename from specs/08-infrastructure/แผนผัง Network.md rename to specs/08-infrastructure/Network_daigram.md index e8abb34..af38728 100644 --- a/specs/08-infrastructure/แผนผัง Network.md +++ b/specs/08-infrastructure/Network_daigram.md @@ -2,30 +2,7 @@ แผนผังนี้แสดงการแบ่งส่วนเครือข่าย (VLANs), การเชื่อมต่อ Firewall (ACLs) และบทบาทของ Server ทั้งสองตัว (QNAP: Application, ASUSTOR: Infrastructure) ---- - -## 1. ภาพรวมการแบ่งบทบาท Server - -``` -┌──────────────────────────────────────────────────────────────────────────────┐ -│ LCBP3-DMS INFRASTRUCTURE │ -├────────────────────────────────┬─────────────────────────────────────────────┤ -│ QNAP TS-473A │ ASUSTOR AS5403T │ -│ (Application & Database) │ (Infrastructure & Backup) │ -├────────────────────────────────┼─────────────────────────────────────────────┤ -│ ✔ Application Runtime │ ✔ File Storage (NFS/SMB) │ -│ ✔ API / Web (NestJS, Next.js) │ ✔ Backup Target (Restic/Borg) │ -│ ✔ Database (MariaDB Primary) │ ✔ Docker Infra (Registry, Portainer) │ -│ ✔ High CPU / RAM usage │ ✔ Monitoring (Prometheus, Grafana) │ -│ ✔ Worker / Queue (Redis) │ ✔ Log Aggregation (Loki) │ -│ ✔ API Gateway (NPM) │ ✔ Uptime Monitoring (Uptime Kuma) │ -│ ✖ ไม่เก็บ backup ระยะยาว │ ✖ ไม่รัน App logic หนัก │ -├────────────────────────────────┼─────────────────────────────────────────────┤ -│ Container: Container Station │ Container: Portainer │ -│ IP: 192.168.10.8 │ IP: 192.168.10.9 │ -│ Storage: 4TB×4 RAID5 + 1TB SSD │ Storage: 6TB×3 RAID5 + 1TB SSD │ -└────────────────────────────────┴─────────────────────────────────────────────┘ -``` +> 📖 **ดูรายละเอียด Server Roles และ Service Distribution ได้ที่:** [README.md](README.md#-hardware-infrastructure) --- @@ -291,35 +268,9 @@ graph TD --- -## 8. Container Service Distribution +## 6. Container Service Distribution -### QNAP (192.168.10.8) - Application Services - -| Container | Port | Domain | Network | -| :------------ | :--- | :------------------ | :------ | -| npm | 81 | npm.np-dms.work | lcbp3 | -| frontend | 3000 | lcbp3.np-dms.work | lcbp3 | -| backend | 3000 | backend.np-dms.work | lcbp3 | -| mariadb | 3306 | (internal) | lcbp3 | -| cache (redis) | 6379 | (internal) | lcbp3 | -| search (es) | 9200 | (internal) | lcbp3 | -| gitea | 3000 | git.np-dms.work | lcbp3 | -| n8n | 5678 | n8n.np-dms.work | lcbp3 | -| pma | 80 | pma.np-dms.work | lcbp3 | - -### ASUSTOR (192.168.10.9) - Infrastructure Services - -| Container | Port | Domain | Network | -| :------------ | :--- | :--------------------- | :------ | -| portainer | 9443 | portainer.np-dms.work | lcbp3 | -| prometheus | 9090 | prometheus.np-dms.work | lcbp3 | -| grafana | 3000 | grafana.np-dms.work | lcbp3 | -| uptime-kuma | 3001 | uptime.np-dms.work | lcbp3 | -| registry | 5000 | registry.np-dms.work | lcbp3 | -| node-exporter | 9100 | (internal) | lcbp3 | -| cadvisor | 8080 | (internal) | lcbp3 | -| loki | 3100 | (internal) | lcbp3 | -| restic/borg | N/A | (scheduled job) | host | +> 📖 **ดูรายละเอียด Container Services, Ports, และ Domain Mapping ได้ที่:** [README.md](README.md#-domain-mapping-npm-proxy) --- diff --git a/specs/08-infrastructure/README.md b/specs/08-infrastructure/README.md index 49909af..2d8ef4a 100644 --- a/specs/08-infrastructure/README.md +++ b/specs/08-infrastructure/README.md @@ -6,7 +6,7 @@ > 🌐 **Domain:** `*.np-dms.work` (IP: 159.192.126.103) > 🔒 **Network:** `lcbp3` (Docker External Network) > 📄 **Version:** v1.8.0 (aligned with 01-02-architecture.md) - +dckr_pat_VzAvAsjeHB3TORZ7vX0kSABIeKI --- ## 🏢 Hardware Infrastructure @@ -61,144 +61,15 @@ --- -## 🔄 Data Flow Architecture +## 🔄 Architecture Diagrams -``` -┌──────────────┐ -│ User │ -└──────┬───────┘ - │ HTTPS (443) - ▼ -┌──────────────────────────────────────────────────────────────┐ -│ QNAP TS-473A │ -│ ┌─────────────────────────────────────────────────────────┐ │ -│ │ Nginx Proxy Manager (NPM) │ │ -│ │ SSL Termination + Round Robin LB │ │ -│ └───────────────────────┬─────────────────────────────────┘ │ -│ │ │ -│ ┌───────────────────────▼─────────────────────────────────┐ │ -│ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ -│ │ │ Next.js │───▶│ NestJS │ │ NestJS │ │ │ -│ │ │ (Frontend) │ │ (Replica 1)│ │ (Replica 2)│ │ │ -│ │ └──────────────┘ └──────┬───────┘ └──────┬──────┘ │ │ -│ │ │ │ │ │ -│ │ ┌────────────────────────┼─────────────────┼ │ │ -│ │ ▼ ▼ ▼ │ │ -│ │ ┌──────────┐ ┌────────────┐ ┌─────────────┐ │ │ -│ │ │ MariaDB │ │ Redis │ │Elasticsearch│ │ │ -│ │ │(Primary) | │ (Persist.) │ │ (Search) │ │ │ -│ │ └────┬─────┘ └────────────┘ └─────────────┘ │ │ -│ └───────┼─────────────────────────────────────────────────┘ │ -│ │ │ -└──────────┼───────────────────────────────────────────────────┘ - │ Local Dump -> Restic Pull (Cross-Server) - ▼ -┌──────────────────────────────────────────────────────────────┐ -│ ASUSTOR AS5403T │ -│ ┌──────────────────────────────────────────────────────────┐│ -│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ││ -│ │ │ Backup │ │ Registry │ │ Uptime │ ││ -│ │ │ (Restic) │ │ (Docker) │ │ Kuma │ ││ -│ │ └──────────┘ └──────────┘ └──────────┘ ││ -│ │ ││ -│ │ ┌──────────┐ ┌────────────┐ ┌──────────┐ ││ -│ │ │Prometheus│ ──▶│ Grafana │ │ Loki │ ││ -│ │ │(Metrics) │ │(Dashboard) │ │ (Logs) │ ││ -│ │ └──────────┘ └────────────┘ └──────────┘ ││ -│ │ ││ -│ │ ┌───────────────────────────────────────────┐ ││ -│ │ │ NFS / SMB Shared Storage │ ││ -│ │ │ (Backup Volume) │ ││ -│ │ └───────────────────────────────────────────┘ ││ -│ └──────────────────────────────────────────────────────────┘│ -└──────────────────────────────────────────────────────────────┘ -``` - ---- - -## 🖥️ Docker Management Architecture - -``` -┌─────────────────────────────────────────────────────────────────────────┐ -│ Portainer (ASUSTOR) │ -│ https://portainer.np-dms.work │ -├─────────────────────────────────────────────────────────────────────────┤ -│ │ -│ ┌─────────────────────────────┐ ┌─────────────────────────────┐ │ -│ │ Manage Infra Stack │ │ Remote Docker Endpoint │ │ -│ │ (Local - ASUSTOR) │ │ (QNAP App Stack) │ │ -│ ├─────────────────────────────┤ ├─────────────────────────────┤ │ -│ │ • Registry │ │ • Next.js (Frontend) │ │ -│ │ • Prometheus │ │ • NestJS (Backend) │ │ -│ │ • Grafana │ │ • MariaDB │ │ -│ │ • Uptime Kuma │ │ • Redis │ │ -│ │ • Loki │ │ • Elasticsearch │ │ -│ │ • Backup (Restic) │ │ • NPM │ │ -│ │ • ClamAV │ │ • Gitea │ │ -│ │ • node-exporter │ │ • n8n │ │ -│ │ • cAdvisor │ │ • phpMyAdmin │ │ -│ └─────────────────────────────┘ └─────────────────────────────┘ │ -│ │ -└─────────────────────────────────────────────────────────────────────────┘ - -Container Station (QNAP): ใช้สำหรับ local UI management เท่านั้น -Portainer (ASUSTOR): ใช้เป็น centralized management ทั้ง 2 servers -``` - ---- - -## 🔐 Security Zones - -``` -┌─────────────────────────────────────────────────────────────────────────┐ -│ SECURITY ZONES │ -├─────────────────────────────────────────────────────────────────────────┤ -│ │ -│ ┌─────────────────────────────────────────────────────────────────┐ │ -│ │ 🌐 PUBLIC ZONE │ │ -│ │ ───────────────────────────────────────────────────────────── │ │ -│ │ • Nginx Proxy Manager (NPM) │ │ -│ │ • HTTPS (Port 443 only) │ │ -│ │ • SSL/TLS Termination │ │ -│ │ • Rate Limiting │ │ -│ └─────────────────────────────────────────────────────────────────┘ │ -│ │ │ -│ ▼ │ -│ ┌─────────────────────────────────────────────────────────────────┐ │ -│ │ 📱 APPLICATION ZONE (QNAP - VLAN 10) │ │ -│ │ ───────────────────────────────────────────────────────────── │ │ -│ │ • Next.js (Frontend) │ │ -│ │ • NestJS (Backend API) │ │ -│ │ • n8n Workflow │ │ -│ │ • Gitea │ │ -│ │ • Internal API communication only │ │ -│ └─────────────────────────────────────────────────────────────────┘ │ -│ │ │ -│ ▼ │ -│ ┌─────────────────────────────────────────────────────────────────┐ │ -│ │ 💾 DATA ZONE (QNAP - Internal Only) │ │ -│ │ ───────────────────────────────────────────────────────────── │ │ -│ │ • MariaDB (Primary Database) │ │ -│ │ • Redis (Cache/Queue) │ │ -│ │ • Elasticsearch (Search) │ │ -│ │ • No public access - Backend only │ │ -│ └─────────────────────────────────────────────────────────────────┘ │ -│ │ │ -│ ▼ │ -│ ┌─────────────────────────────────────────────────────────────────┐ │ -│ │ 🛠️ INFRASTRUCTURE ZONE (ASUSTOR - VLAN 10) │ │ -│ │ ───────────────────────────────────────────────────────────── │ │ -│ │ • Backup (Restic/Borg) │ │ -│ │ • Docker Registry │ │ -│ │ • Prometheus + Grafana │ │ -│ │ • Uptime Kuma │ │ -│ │ • Loki (Logs) │ │ -│ │ • NFS/SMB Storage │ │ -│ │ • Access via MGMT VLAN only │ │ -│ └─────────────────────────────────────────────────────────────────┘ │ -│ │ -└─────────────────────────────────────────────────────────────────────────┘ -``` +> 📊 **ดู Diagrams แบบ Interactive (Mermaid) ได้ที่:** [Network_daigram.md](Network_daigram.md) +> +> เอกสารนี้รวม Diagrams หลักไว้ได้แก่: +> - **Data Flow Diagram** - การไหลของข้อมูลระหว่าง Services +> - **Docker Management View** - การจัดการ Containers ผ่าน Portainer +> - **Security Zones Diagram** - การแบ่ง Security Zones (Public, App, Data, Infra) +> - **Network Flow Diagram** - การเชื่อมต่อ VLANs และ Firewall Rules --- diff --git a/specs/08-infrastructure/client_secret_1028957954367-93vi8kcnim3m28mnaqjbclasjvfrbbgo.apps.googleusercontent.com.json b/specs/08-infrastructure/client_secret_1028957954367-93vi8kcnim3m28mnaqjbclasjvfrbbgo.apps.googleusercontent.com.json new file mode 100644 index 0000000..79bf25e --- /dev/null +++ b/specs/08-infrastructure/client_secret_1028957954367-93vi8kcnim3m28mnaqjbclasjvfrbbgo.apps.googleusercontent.com.json @@ -0,0 +1 @@ +{"web":{"client_id":"1028957954367-93vi8kcnim3m28mnaqjbclasjvfrbbgo.apps.googleusercontent.com","project_id":"gen-lang-client-0716462124","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"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","redirect_uris":["https://np-dms.cloudflareaccess.com/cdn-cgi/access/callback"],"javascript_origins":["https://np-dms.cloudflareaccess.com"]}}