Files
QuantEngineByItz/docs/SYNOLOGY_SNAPSHOT_ADMIN_DEPLOYMENT_CHECKLIST_FILLED.md
T

3.6 KiB

Synology Snapshot Admin Deployment Checklist - Filled Example

This is the deployment-ready example for the current repo state. Replace only the hostname, certificate name, and strong password if your NAS uses different values.

1. Target paths

  • Project root: /volume1/projects/data_feed
  • Launch script: /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh
  • Local DB: /volume1/projects/data_feed/src/quant_engine/snapshot_admin.db
  • Local seed JSON: /volume1/projects/data_feed/GatherTradingData.json
  • PID file: /volume1/projects/data_feed/Temp/snapshot_admin.pid
  • Log file: /volume1/projects/data_feed/Temp/snapshot_admin.log

2. Service account

  • Preferred DSM user: snapshot-admin
  • Fallback for first POC: root
  • Folder access: read/write on /volume1/projects/data_feed

3. Environment variables

SNAPSHOT_ADMIN_AUTH_USER=snapshot-admin
SNAPSHOT_ADMIN_AUTH_PASSWORD=<strong-password>
SNAPSHOT_ADMIN_HOST=127.0.0.1
SNAPSHOT_ADMIN_PORT=8787
SNAPSHOT_ADMIN_ALLOW_REMOTE=0
SNAPSHOT_ADMIN_PID_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.pid
SNAPSHOT_ADMIN_LOG_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.log
SNAPSHOT_ADMIN_STATE_URL=http://127.0.0.1:8787/api/state
SNAPSHOT_ADMIN_PUBLIC_STATE_URL=https://admin.example.com/api/state

4. Task Scheduler

Boot task

  • Name: snapshot-admin-start
  • User: snapshot-admin
  • Trigger: Boot-up
  • Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh start

Healthcheck task

  • Name: snapshot-admin-healthcheck
  • User: snapshot-admin
  • Trigger: every 5 minutes
  • Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh healthcheck

Manual restart task

  • Name: snapshot-admin-restart
  • User: snapshot-admin
  • Trigger: manual
  • Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh restart

5. Reverse proxy

  • DSM path: Control Panel > Login Portal > Advanced > Reverse Proxy
  • Rule name: snapshot-admin
  • Source protocol: HTTPS
  • Source hostname: admin.example.com
  • Source port: 443
  • Source path: /
  • Destination protocol: HTTP
  • Destination hostname: 127.0.0.1
  • Destination port: 8787
  • TLS certificate: admin.example.com certificate

6. Firewall

  • Allow inbound 443/TCP
  • Block inbound 8787/TCP from WAN
  • Allowlist only trusted office/VPN ranges if needed

7. Verification commands

curl -i http://127.0.0.1:8787/api/state
curl -i https://admin.example.com/api/state
curl -u 'snapshot-admin:<strong-password>' https://admin.example.com/api/state
curl -I https://admin.example.com/
curl -I https://admin.example.com/tables

7b. Final preflight

Use docs/SYNOLOGY_SNAPSHOT_ADMIN_FINAL_PREFLIGHT_10.md immediately before you mark the deployment complete.

8. Completion wording

Use this exact wording when evidence is complete:

WBS-7.9 실배포 검증 완료: Synology NAS에서 tools/run_snapshot_admin_synology.sh 기반 서비스가 127.0.0.1:8787에 정상 기동되고, DSM Reverse Proxy HTTPS:443 -> HTTP 127.0.0.1:8787 경유 외부 접속이 Basic Auth와 함께 200 OK로 확인되었으며, 미인증 요청은 401 Unauthorized로 차단되었다. //tables 렌더링과 재시작 후 지속성도 확인되었고, 증빙은 docs/SYNOLOGY_SNAPSHOT_ADMIN_EVIDENCE_TEMPLATE.md 양식으로 보관되었다.

9. What to replace

  • admin.example.com if your public hostname differs
  • <strong-password> with your generated password
  • TLS certificate name if the DSM certificate uses another label