690420:2332 Refactor QNAP service

2026-04-20 23:32:30 +07:00
parent 2e89761b0f
commit e2753e4eac
13 changed files with 1569 additions and 13 deletions
@@ -61,7 +61,7 @@ services:
          cpus: '0.5'
          memory: 512M
    env_file:
-      - .env
+      - /share/np-dms/app/.env
    environment:
      TZ: 'Asia/Bangkok'
      NODE_ENV: 'production'
@@ -142,7 +142,7 @@ services:
          cpus: '0.25'
          memory: 512M
    env_file:
-      - .env
+      - /share/np-dms/app/.env
    environment:
      TZ: 'Asia/Bangkok'
      NODE_ENV: 'production'
@@ -1,5 +1,5 @@
-# File: /share/np-dms/git/docker-compose.yml
-# DMS Container v1.8.6 — Application: git, Service: gitea
+# File: /share/np-dms/gitea/docker-compose.yml
+# DMS Container v1.8.6 — Application name: lcbp3-git, Service: gitea

 x-restart: &restart_policy
  restart: unless-stopped
@@ -21,8 +21,17 @@ networks:
 services:
  gitea:
    <<: [*restart_policy, *default_logging]
-    image: gitea/gitea:latest-rootless
+    image: gitea/gitea:1.26.0-rootless
    container_name: gitea
+    # M4: container hardening (Gitea rootless runs as 'git' user)
+    # user: '1000:1000'
+    # tmpfs:
+    #   - /tmp:rw,noexec,nosuid,size=256m
+    #   - /var/run/gitea:rw,size=128m
+    # security_opt:
+    #   - no-new-privileges:true
+    # cap_drop:
+    #   - ALL
    deploy:
      resources:
        limits:
@@ -31,10 +40,8 @@ services:
        reservations:
          cpus: '0.25'
          memory: 512M
-    security_opt:
-      - no-new-privileges:true
    env_file:
-      - .env
+      - /share/np-dms/gitea/.env
    environment:
      # ---- File ownership in QNAP ----
      USER_UID: '1000'
@@ -78,13 +85,13 @@ services:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
-      - '3003:3000' # HTTP (ไปหลัง NPM)
-      - '2222:22' # SSH สำหรับ git clone/push
+      - '3003:3000' # HTTP (to NPM)
+      - '2222:22' # SSH for git clone/push
    networks:
      - lcbp3
      - giteanet
    healthcheck:
-      test: ['CMD', 'wget', '--spider', '-q', 'http://localhost:3000/api/healthz']
+      test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/healthz']
      interval: 30s
      timeout: 10s
      retries: 3
@@ -0,0 +1,56 @@
+# File: /share/np-dms/monitoring/docker-compose.yml (QNAP)
+# เฉพาะ exporters เท่านั้น - metrics ถูก scrape โดย Prometheus บน ASUSTOR
+# Application name lcbp3-monitoring-exporter
+version: '3.8'
+
+networks:
+  lcbp3:
+    external: true
+
+services:
+  node-exporter:
+    image: prom/node-exporter:v1.7.0
+    container_name: node-exporter
+    restart: unless-stopped
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.sysfs=/host/sys'
+      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
+    ports:
+      - "9100:9100"
+    networks:
+      - lcbp3
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.47.2
+    container_name: cadvisor
+    restart: unless-stopped
+    privileged: true
+    ports:
+      - "8088:8080"
+    networks:
+      - lcbp3
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+
+  mysqld-exporter:
+    image: prom/mysqld-exporter:v0.15.0
+    container_name: mysqld-exporter
+    restart: unless-stopped
+    user: root
+    command:
+      - '--config.my-cnf=/etc/mysql/my.cnf'
+    ports:
+      - "9104:9104"
+    networks:
+      - lcbp3
+    volumes:
+      - "/share/np-dms/monitoring/mysqld-exporter/.my.cnf:/etc/mysql/my.cnf:ro"
@@ -31,7 +31,7 @@ services:
  # ----------------------------------------------------------------
  cache:
    <<: [*restart_policy, *default_logging]
-    image: redis:7-alpine # ใช้ Alpine image เพื่อให้มีขน
+    image: redis:7-alpine # ใช้ Alpine image เพื่อให้มีขนาดเล็ก
    container_name: cache
    deploy:
      resources:
@@ -86,7 +86,7 @@ services:
    deploy:
      resources:
        limits:
-          cpus: '2.0' # Elasticsearch ใช้ CPU และ Memory ค่อนข้างห
+          cpus: '2.0' # Elasticsearch ใช้ CPU และ Memory ค่อนข้างหนัก
          memory: 4G
        reservations:
          cpus: '0.5'