4.7 KiB
4.7 KiB
Synology Snapshot Admin Deployment Checklist
This checklist is the POC-ready version with concrete values.
1. Target paths
- Project root:
/volume1/projects/data_feed - Launch script:
/volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh - Local DB:
/volume1/projects/data_feed/outputs/snapshot_admin/snapshot_admin.db - Local seed JSON:
/volume1/projects/data_feed/GatherTradingData.json - PID file:
/volume1/projects/data_feed/Temp/snapshot_admin.pid - Log file:
/volume1/projects/data_feed/Temp/snapshot_admin.log
See also: docs/SYNOLOGY_SNAPSHOT_ADMIN_DEPLOYMENT_CHECKLIST_FILLED.md
and docs/SYNOLOGY_SNAPSHOT_ADMIN_FIREWALL_PROXY_TABLE.md
2. Service account
- Preferred: dedicated DSM local user
snapshot-admin - Fallback for first POC:
root - Required permission: read/write access to
/volume1/projects/data_feed
3. Environment variables
Set these before the Task Scheduler task runs.
SNAPSHOT_ADMIN_AUTH_USER=snapshot-adminSNAPSHOT_ADMIN_AUTH_PASSWORD=<strong-password>SNAPSHOT_ADMIN_HOST=127.0.0.1SNAPSHOT_ADMIN_PORT=8787SNAPSHOT_ADMIN_ALLOW_REMOTE=0SNAPSHOT_ADMIN_PID_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.pidSNAPSHOT_ADMIN_LOG_FILE=/volume1/projects/data_feed/Temp/snapshot_admin.logSNAPSHOT_ADMIN_STATE_URL=http://127.0.0.1:8787/api/stateSNAPSHOT_ADMIN_PUBLIC_STATE_URL=https://admin.example.com/api/state
4. Task Scheduler tasks
Boot task
- Name:
snapshot-admin-start - Trigger:
Boot-up - User:
snapshot-adminorroot - Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh start
Healthcheck task
- Name:
snapshot-admin-healthcheck - Trigger:
Scheduled Task - Interval: every 5 minutes
- User: same as boot task
- Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh healthcheck
Restart task
- Name:
snapshot-admin-restart - Trigger: manual only
- User: same as boot task
- Command:
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh restart
5. Reverse proxy
- DSM path:
Control Panel > Login Portal > Advanced > Reverse Proxy - Rule name:
snapshot-admin - Source:
- Protocol:
HTTPS - Hostname:
admin.example.com - Port:
443 - Path:
/
- Protocol:
- Destination:
- Protocol:
HTTP - Hostname:
127.0.0.1 - Port:
8787
- Protocol:
- TLS certificate: certificate matching
admin.example.com
6. Firewall
- Allow inbound
443/TCP - Block inbound
8787/TCPfrom WAN - If needed, allowlist office/VPN CIDRs only
7. Verification order
- Start the service.
- Confirm
bash /volume1/projects/data_feed/tools/run_snapshot_admin_synology.sh healthcheckprintshealthcheck ok. - Confirm local
curl -i http://127.0.0.1:8787/api/state.- Expect
200 OK. - Expect JSON with
version.app = snapshot-admin-web-v7.
- Expect
- Confirm external
curl -i https://admin.example.com/api/statereturns401.- Expect
WWW-Authenticate: Basic.
- Expect
- Confirm authenticated
curl -u 'snapshot-admin:<password>' https://admin.example.com/api/statereturns200.- Expect the same
version.appvalue as the local endpoint.
- Expect the same
- Confirm
curl -i https://admin.example.com/tablesafter Basic Auth.- Expect
200 OKand the Tabler grid page.
- Expect
- Open browser
https://admin.example.com/.- Expect Basic Auth prompt, then UI render.
- Open browser
https://admin.example.com/tables.- Expect Basic Auth prompt, then grid render.
- Restart the task or NAS.
- Repeat steps 2-8 and confirm the response pattern is unchanged.
7b. Evidence rule
- Do not mark
WBS-7.9complete until the external401/200curl pair, both browser screenshots, and the reverse proxy rule screenshot are archived together. - Loopback-only smoke tests are useful, but they do not replace the NAS-side live verification.
7c. One-page field run sheet
For a compact field execution order, use docs/SYNOLOGY_SNAPSHOT_ADMIN_FINAL_EXECUTION_ONE_PAGER.md.
8. Completion wording
Use the following text only after evidence is collected:
WBS-7.9 실배포 검증 완료: Synology NAS에서
tools/run_snapshot_admin_synology.sh기반 서비스가127.0.0.1:8787에 정상 기동되고, DSM Reverse ProxyHTTPS:443 -> HTTP 127.0.0.1:8787경유 외부 접속이 Basic Auth와 함께200 OK로 확인되었으며, 미인증 요청은401 Unauthorized로 차단되었다./및/tables렌더링과 재시작 후 지속성도 확인되었고, 증빙은docs/SYNOLOGY_SNAPSHOT_ADMIN_EVIDENCE_TEMPLATE.md양식으로 보관되었다.