np-dms/lcbp3
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

260131:1706 Update Infrastructure 2
Some checks failed
Spec Validation / validate-markdown (push) Has been cancelled
Details
Spec Validation / validate-diagrams (push) Has been cancelled
Details
Spec Validation / check-todos (push) Has been cancelled
Details

Browse Source
This commit is contained in:
admin
2026-01-31 17:06:32 +07:00
parent 9e8bd25e1d
commit fe0f8aade7
4 changed files with 17 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
specs/08-infrastructure/Infrastructure Setup.md
View File

@@ -6,18 +6,11 @@
--- ---
## Server Role Overview ## Overview
| Component | QNAP TS-473A | ASUSTOR AS5403T | > 📖 **ดูรายละเอียด Server Roles และ Service Distribution ได้ที่:** [README.md](README.md#-hardware-infrastructure)
| :-------------------- | :---------------------------- | :--------------------------- | >
| **Redis/Cache** | ✅ Primary (Section 1) | ❌ Not deployed | > เอกสารนี้มุ่งเน้นการตั้งค่า Technical Configuration สำหรับแต่ละ Service
| **Database** | ✅ Primary MariaDB (Section 2) | ❌ Not deployed |
| **Backend Service** | ✅ NestJS API (Section 3) | ❌ Not deployed |
| **Monitoring** | ❌ Exporters only | ✅ Prometheus/Grafana |
| **Backup Target** | ❌ Source only | ✅ Backup storage (Section 5) |
| **Disaster Recovery** | ✅ Recovery target | ✅ Backup source (Section 7) |
> 📖 See [monitoring.md](monitoring.md) for ASUSTOR-specific monitoring setup
--- ---

55
specs/08-infrastructure/แผนผัง Network.md → specs/08-infrastructure/Network_daigram.md
View File

@@ -2,30 +2,7 @@
แผนผังนี้แสดงการแบ่งส่วนเครือข่าย (VLANs), การเชื่อมต่อ Firewall (ACLs) และบทบาทของ Server ทั้งสองตัว (QNAP: Application, ASUSTOR: Infrastructure) แผนผังนี้แสดงการแบ่งส่วนเครือข่าย (VLANs), การเชื่อมต่อ Firewall (ACLs) และบทบาทของ Server ทั้งสองตัว (QNAP: Application, ASUSTOR: Infrastructure)
--- > 📖 **ดูรายละเอียด Server Roles และ Service Distribution ได้ที่:** [README.md](README.md#-hardware-infrastructure)
## 1. ภาพรวมการแบ่งบทบาท Server
```
┌──────────────────────────────────────────────────────────────────────────────┐
│ LCBP3-DMS INFRASTRUCTURE │
├────────────────────────────────┬─────────────────────────────────────────────┤
│ QNAP TS-473A │ ASUSTOR AS5403T │
│ (Application & Database) │ (Infrastructure & Backup) │
├────────────────────────────────┼─────────────────────────────────────────────┤
│ ✔ Application Runtime │ ✔ File Storage (NFS/SMB) │
│ ✔ API / Web (NestJS, Next.js) │ ✔ Backup Target (Restic/Borg) │
│ ✔ Database (MariaDB Primary) │ ✔ Docker Infra (Registry, Portainer) │
│ ✔ High CPU / RAM usage │ ✔ Monitoring (Prometheus, Grafana) │
│ ✔ Worker / Queue (Redis) │ ✔ Log Aggregation (Loki) │
│ ✔ API Gateway (NPM) │ ✔ Uptime Monitoring (Uptime Kuma) │
│ ✖ ไม่เก็บ backup ระยะยาว │ ✖ ไม่รัน App logic หนัก │
├────────────────────────────────┼─────────────────────────────────────────────┤
│ Container: Container Station │ Container: Portainer │
│ IP: 192.168.10.8 │ IP: 192.168.10.9 │
│ Storage: 4TB×4 RAID5 + 1TB SSD │ Storage: 6TB×3 RAID5 + 1TB SSD │
└────────────────────────────────┴─────────────────────────────────────────────┘
```
--- ---
@@ -291,35 +268,9 @@ graph TD
--- ---
## 8. Container Service Distribution ## 6. Container Service Distribution
### QNAP (192.168.10.8) - Application Services > 📖 **ดูรายละเอียด Container Services, Ports, และ Domain Mapping ได้ที่:** [README.md](README.md#-domain-mapping-npm-proxy)
| Container | Port | Domain | Network |
| :------------ | :--- | :------------------ | :------ |
| npm | 81 | npm.np-dms.work | lcbp3 |
| frontend | 3000 | lcbp3.np-dms.work | lcbp3 |
| backend | 3000 | backend.np-dms.work | lcbp3 |
| mariadb | 3306 | (internal) | lcbp3 |
| cache (redis) | 6379 | (internal) | lcbp3 |
| search (es) | 9200 | (internal) | lcbp3 |
| gitea | 3000 | git.np-dms.work | lcbp3 |
| n8n | 5678 | n8n.np-dms.work | lcbp3 |
| pma | 80 | pma.np-dms.work | lcbp3 |
### ASUSTOR (192.168.10.9) - Infrastructure Services
| Container | Port | Domain | Network |
| :------------ | :--- | :--------------------- | :------ |
| portainer | 9443 | portainer.np-dms.work | lcbp3 |
| prometheus | 9090 | prometheus.np-dms.work | lcbp3 |
| grafana | 3000 | grafana.np-dms.work | lcbp3 |
| uptime-kuma | 3001 | uptime.np-dms.work | lcbp3 |
| registry | 5000 | registry.np-dms.work | lcbp3 |
| node-exporter | 9100 | (internal) | lcbp3 |
| cadvisor | 8080 | (internal) | lcbp3 |
| loki | 3100 | (internal) | lcbp3 |
| restic/borg | N/A | (scheduled job) | host |
--- ---

147
specs/08-infrastructure/README.md
View File

@@ -6,7 +6,7 @@
> 🌐 **Domain:** `*.np-dms.work` (IP: 159.192.126.103) > 🌐 **Domain:** `*.np-dms.work` (IP: 159.192.126.103)
> 🔒 **Network:** `lcbp3` (Docker External Network) > 🔒 **Network:** `lcbp3` (Docker External Network)
> 📄 **Version:** v1.8.0 (aligned with 01-02-architecture.md) > 📄 **Version:** v1.8.0 (aligned with 01-02-architecture.md)
dckr_pat_VzAvAsjeHB3TORZ7vX0kSABIeKI
--- ---
## 🏢 Hardware Infrastructure ## 🏢 Hardware Infrastructure
@@ -61,144 +61,15 @@
--- ---
## 🔄 Data Flow Architecture ## 🔄 Architecture Diagrams
``` > 📊 **ดู Diagrams แบบ Interactive (Mermaid) ได้ที่:** [Network_daigram.md](Network_daigram.md)
┌──────────────┐ >
│ User │ > เอกสารนี้รวม Diagrams หลักไว้ได้แก่:
└──────┬───────┘ > - **Data Flow Diagram** - การไหลของข้อมูลระหว่าง Services
│ HTTPS (443) > - **Docker Management View** - การจัดการ Containers ผ่าน Portainer
> - **Security Zones Diagram** - การแบ่ง Security Zones (Public, App, Data, Infra)
┌──────────────────────────────────────────────────────────────┐ > - **Network Flow Diagram** - การเชื่อมต่อ VLANs และ Firewall Rules
│ QNAP TS-473A │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Nginx Proxy Manager (NPM) │ │
│ │ SSL Termination + Round Robin LB │ │
│ └───────────────────────┬─────────────────────────────────┘ │
│ │ │
│ ┌───────────────────────▼─────────────────────────────────┐ │
│ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │
│ │ │ Next.js │───▶│ NestJS │ │ NestJS │ │ │
│ │ │ (Frontend) │ │ (Replica 1)│ │ (Replica 2)│ │ │
│ │ └──────────────┘ └──────┬───────┘ └──────┬──────┘ │ │
│ │ │ │ │ │
│ │ ┌────────────────────────┼─────────────────┼ │ │
│ │ ▼ ▼ ▼ │ │
│ │ ┌──────────┐ ┌────────────┐ ┌─────────────┐ │ │
│ │ │ MariaDB │ │ Redis │ │Elasticsearch│ │ │
│ │ │(Primary) | │ (Persist.) │ │ (Search) │ │ │
│ │ └────┬─────┘ └────────────┘ └─────────────┘ │ │
│ └───────┼─────────────────────────────────────────────────┘ │
│ │ │
└──────────┼───────────────────────────────────────────────────┘
│ Local Dump -> Restic Pull (Cross-Server)
┌──────────────────────────────────────────────────────────────┐
│ ASUSTOR AS5403T │
│ ┌──────────────────────────────────────────────────────────┐│
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ││
│ │ │ Backup │ │ Registry │ │ Uptime │ ││
│ │ │ (Restic) │ │ (Docker) │ │ Kuma │ ││
│ │ └──────────┘ └──────────┘ └──────────┘ ││
│ │ ││
│ │ ┌──────────┐ ┌────────────┐ ┌──────────┐ ││
│ │ │Prometheus│ ──▶│ Grafana │ │ Loki │ ││
│ │ │(Metrics) │ │(Dashboard) │ │ (Logs) │ ││
│ │ └──────────┘ └────────────┘ └──────────┘ ││
│ │ ││
│ │ ┌───────────────────────────────────────────┐ ││
│ │ │ NFS / SMB Shared Storage │ ││
│ │ │ (Backup Volume) │ ││
│ │ └───────────────────────────────────────────┘ ││
│ └──────────────────────────────────────────────────────────┘│
└──────────────────────────────────────────────────────────────┘
```
---
## 🖥️ Docker Management Architecture
```
┌─────────────────────────────────────────────────────────────────────────┐
│ Portainer (ASUSTOR) │
│ https://portainer.np-dms.work │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────┐ ┌─────────────────────────────┐ │
│ │ Manage Infra Stack │ │ Remote Docker Endpoint │ │
│ │ (Local - ASUSTOR) │ │ (QNAP App Stack) │ │
│ ├─────────────────────────────┤ ├─────────────────────────────┤ │
│ │ • Registry │ │ • Next.js (Frontend) │ │
│ │ • Prometheus │ │ • NestJS (Backend) │ │
│ │ • Grafana │ │ • MariaDB │ │
│ │ • Uptime Kuma │ │ • Redis │ │
│ │ • Loki │ │ • Elasticsearch │ │
│ │ • Backup (Restic) │ │ • NPM │ │
│ │ • ClamAV │ │ • Gitea │ │
│ │ • node-exporter │ │ • n8n │ │
│ │ • cAdvisor │ │ • phpMyAdmin │ │
│ └─────────────────────────────┘ └─────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Container Station (QNAP): ใช้สำหรับ local UI management เท่านั้น
Portainer (ASUSTOR): ใช้เป็น centralized management ทั้ง 2 servers
```
---
## 🔐 Security Zones
```
┌─────────────────────────────────────────────────────────────────────────┐
│ SECURITY ZONES │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────────────────┐ │
│ │ 🌐 PUBLIC ZONE │ │
│ │ ───────────────────────────────────────────────────────────── │ │
│ │ • Nginx Proxy Manager (NPM) │ │
│ │ • HTTPS (Port 443 only) │ │
│ │ • SSL/TLS Termination │ │
│ │ • Rate Limiting │ │
│ └─────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────┐ │
│ │ 📱 APPLICATION ZONE (QNAP - VLAN 10) │ │
│ │ ───────────────────────────────────────────────────────────── │ │
│ │ • Next.js (Frontend) │ │
│ │ • NestJS (Backend API) │ │
│ │ • n8n Workflow │ │
│ │ • Gitea │ │
│ │ • Internal API communication only │ │
│ └─────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────┐ │
│ │ 💾 DATA ZONE (QNAP - Internal Only) │ │
│ │ ───────────────────────────────────────────────────────────── │ │
│ │ • MariaDB (Primary Database) │ │
│ │ • Redis (Cache/Queue) │ │
│ │ • Elasticsearch (Search) │ │
│ │ • No public access - Backend only │ │
│ └─────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────┐ │
│ │ 🛠️ INFRASTRUCTURE ZONE (ASUSTOR - VLAN 10) │ │
│ │ ───────────────────────────────────────────────────────────── │ │
│ │ • Backup (Restic/Borg) │ │
│ │ • Docker Registry │ │
│ │ • Prometheus + Grafana │ │
│ │ • Uptime Kuma │ │
│ │ • Loki (Logs) │ │
│ │ • NFS/SMB Storage │ │
│ │ • Access via MGMT VLAN only │ │
│ └─────────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
```
--- ---

1
specs/08-infrastructure/client_secret_1028957954367-93vi8kcnim3m28mnaqjbclasjvfrbbgo.apps.googleusercontent.com.json Normal file
View File

@@ -0,0 +1 @@
{"web":{"client_id":"1028957954367-93vi8kcnim3m28mnaqjbclasjvfrbbgo.apps.googleusercontent.com","project_id":"gen-lang-client-0716462124","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"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","redirect_uris":["https://np-dms.cloudflareaccess.com/cdn-cgi/access/callback"],"javascript_origins":["https://np-dms.cloudflareaccess.com"]}}