3.6 KiB
3.6 KiB
Synology Snapshot Admin Deployment Checklist - Filled Example
This is the deployment-ready example for the current repo state. Replace only the hostname, certificate name, and strong password if your NAS uses different values.
1. Target paths
- Project root:
/volume1/projects/data_feed - Launch script:
/volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh - Local DB:
/volume1/projects/data_feed/src/quant_engine/snapshot_admin.db - Local seed JSON:
/volume1/projects/data_feed/GatherTradingData.json - PID file:
/volume1/projects/data_feed/Temp/snapshot_admin.pid - Log file:
/volume1/projects/data_feed/Temp/snapshot_admin.log
2. Service account
- Preferred DSM user:
snapshot-admin - Fallback for first POC:
root - Folder access: read/write on
/volume1/projects/data_feed
3. Environment variables
SNAPSHOT_ADMIN_AUTH_USER=snapshot-admin
SNAPSHOT_ADMIN_AUTH_PASSWORD=<strong-password>
SNAPSHOT_ADMIN_HOST=127.0.0.1
SNAPSHOT_ADMIN_PORT=8787
SNAPSHOT_ADMIN_ALLOW_REMOTE=0
SNAPSHOT_ADMIN_PID_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.pid
SNAPSHOT_ADMIN_LOG_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.log
SNAPSHOT_ADMIN_STATE_URL=http://127.0.0.1:8787/api/state
SNAPSHOT_ADMIN_PUBLIC_STATE_URL=https://admin.example.com/api/state
4. Task Scheduler
Boot task
- Name:
snapshot-admin-start - User:
snapshot-admin - Trigger:
Boot-up - Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh start
Healthcheck task
- Name:
snapshot-admin-healthcheck - User:
snapshot-admin - Trigger: every 5 minutes
- Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh healthcheck
Manual restart task
- Name:
snapshot-admin-restart - User:
snapshot-admin - Trigger: manual
- Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh restart
5. Reverse proxy
- DSM path:
Control Panel > Login Portal > Advanced > Reverse Proxy - Rule name:
snapshot-admin - Source protocol:
HTTPS - Source hostname:
admin.example.com - Source port:
443 - Source path:
/ - Destination protocol:
HTTP - Destination hostname:
127.0.0.1 - Destination port:
8787 - TLS certificate:
admin.example.comcertificate
6. Firewall
- Allow inbound
443/TCP - Block inbound
8787/TCPfrom WAN - Allowlist only trusted office/VPN ranges if needed
7. Verification commands
curl -i http://127.0.0.1:8787/api/state
curl -i https://admin.example.com/api/state
curl -u 'snapshot-admin:<strong-password>' https://admin.example.com/api/state
curl -I https://admin.example.com/
curl -I https://admin.example.com/tables
7b. Final preflight
Use docs/SYNOLOGY_SNAPSHOT_ADMIN_FINAL_PREFLIGHT_10.md
immediately before you mark the deployment complete.
8. Completion wording
Use this exact wording when evidence is complete:
WBS-7.9 실배포 검증 완료: Synology NAS에서
tools/run_snapshot_admin_synology.sh기반 서비스가127.0.0.1:8787에 정상 기동되고, DSM Reverse ProxyHTTPS:443 -> HTTP 127.0.0.1:8787경유 외부 접속이 Basic Auth와 함께200 OK로 확인되었으며, 미인증 요청은401 Unauthorized로 차단되었다./및/tables렌더링과 재시작 후 지속성도 확인되었고, 증빙은docs/SYNOLOGY_SNAPSHOT_ADMIN_EVIDENCE_TEMPLATE.md양식으로 보관되었다.
9. What to replace
admin.example.comif your public hostname differs<strong-password>with your generated password- TLS certificate name if the DSM certificate uses another label