# Synology Snapshot Admin Deployment Checklist - Filled Example This is the deployment-ready example for the current repo state. Replace only the hostname, certificate name, and strong password if your NAS uses different values. ## 1. Target paths - Project root: `/volume1/projects/data_feed` - Launch script: `/volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh` - Local DB: `/volume1/projects/data_feed/src/quant_engine/snapshot_admin.db` - Local seed JSON: `/volume1/projects/data_feed/GatherTradingData.json` - PID file: `/volume1/projects/data_feed/Temp/snapshot_admin.pid` - Log file: `/volume1/projects/data_feed/Temp/snapshot_admin.log` ## 2. Service account - Preferred DSM user: `snapshot-admin` - Fallback for first POC: `root` - Folder access: read/write on `/volume1/projects/data_feed` ## 3. Environment variables ```bash SNAPSHOT_ADMIN_AUTH_USER=snapshot-admin SNAPSHOT_ADMIN_AUTH_PASSWORD= SNAPSHOT_ADMIN_HOST=127.0.0.1 SNAPSHOT_ADMIN_PORT=8787 SNAPSHOT_ADMIN_ALLOW_REMOTE=0 SNAPSHOT_ADMIN_PID_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.pid SNAPSHOT_ADMIN_LOG_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.log SNAPSHOT_ADMIN_STATE_URL=http://127.0.0.1:8787/api/state SNAPSHOT_ADMIN_PUBLIC_STATE_URL=https://admin.example.com/api/state ``` ## 4. Task Scheduler ### Boot task - Name: `snapshot-admin-start` - User: `snapshot-admin` - Trigger: `Boot-up` - Command: ```bash bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh start ``` ### Healthcheck task - Name: `snapshot-admin-healthcheck` - User: `snapshot-admin` - Trigger: every 5 minutes - Command: ```bash bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh healthcheck ``` ### Manual restart task - Name: `snapshot-admin-restart` - User: `snapshot-admin` - Trigger: manual - Command: ```bash bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh restart ``` ## 5. Reverse proxy - DSM path: `Control Panel > Login Portal > Advanced > Reverse Proxy` - Rule name: `snapshot-admin` - Source protocol: `HTTPS` - Source hostname: `admin.example.com` - Source port: `443` - Source path: `/` - Destination protocol: `HTTP` - Destination hostname: `127.0.0.1` - Destination port: `8787` - TLS certificate: `admin.example.com` certificate ## 6. Firewall - Allow inbound `443/TCP` - Block inbound `8787/TCP` from WAN - Allowlist only trusted office/VPN ranges if needed ## 7. Verification commands ```bash curl -i http://127.0.0.1:8787/api/state curl -i https://admin.example.com/api/state curl -u 'snapshot-admin:' https://admin.example.com/api/state curl -I https://admin.example.com/ curl -I https://admin.example.com/tables ``` ## 7b. Final preflight Use [`docs/SYNOLOGY_SNAPSHOT_ADMIN_FINAL_PREFLIGHT_10.md`](C:/Temp/data_feed/docs/SYNOLOGY_SNAPSHOT_ADMIN_FINAL_PREFLIGHT_10.md) immediately before you mark the deployment complete. ## 8. Completion wording Use this exact wording when evidence is complete: > WBS-7.9 실배포 검증 완료: Synology NAS에서 `tools/run_snapshot_admin_synology.sh` 기반 서비스가 `127.0.0.1:8787`에 정상 기동되고, DSM Reverse Proxy `HTTPS:443 -> HTTP 127.0.0.1:8787` 경유 외부 접속이 Basic Auth와 함께 `200 OK`로 확인되었으며, 미인증 요청은 `401 Unauthorized`로 차단되었다. `/` 및 `/tables` 렌더링과 재시작 후 지속성도 확인되었고, 증빙은 `docs/SYNOLOGY_SNAPSHOT_ADMIN_EVIDENCE_TEMPLATE.md` 양식으로 보관되었다. ## 9. What to replace - `admin.example.com` if your public hostname differs - `` with your generated password - TLS certificate name if the DSM certificate uses another label