交接

環境配置

測試環境

正式環境

廠商POS機配置(未測試)

技術配置

PWA Server:
– Linux
– Nginx
– uWSGI
PWA 前端:
– Vue
– TypeScript
API:
– Linux
– Nginx
– Java
– Tomee
– Oracle
Dock
– Linux
– Python
維運工具
– Python

設備安裝

參考

平板裝置管理後台
– 正式區admin: IDC/tk3c/admin
– 正式區config: IDC/tk3c/config
– 測試區admin: 97/tk3c/admin
– 測試區config: 97/tk3c/config
設定流程

門市支援

監控

97/sandbox/dashboard/
IDC/sandbox/dashboard/

門市Device IP查詢

10399
樹梅派 245
Printer

進度規劃表

進行中項目

待pilot run
- POS Dock硬體連接(Dock開發文件)
測試中
- EDC多卡機連接(卡機連接)
開發中
- 顧客顯示器(開發文件)

待執行項目

SC API從樹梅派搬移至SC server(需要開虛擬機)
POS系統轉移至市售POS機器
- 系統轉移測試
- POS前端RWD
CA ExpireDate
- tk3c_mpos_server.crt 2023/2/14
Dock門市版控設計(參考API版控方式)

改進項目

API Log清除排程

Nginx

nginx config file path:

測試: /etc/nginx/conf.d/tk3c.conf
正式: /etc/nginx/default/tk3c.conf






























































include ssl-params.conf;
ssl_certificate "/etc/pki/tk3c/tk3c_mpos_server.crt";
ssl_certificate_key "/etc/pki/tk3c/tk3c_mpos_server.key";

location /static/ {
    alias /opt/tk3c/static/;
}

// 行動POS系統設定管理
// https://10.1.62.97/tk3c/config
location /alt3/ {
    alias /opt/tk3c/lib/AdminLTE-3.0.2/;
}

// 行動POS Pilot
location = /mpospilot {
    alias /opt/tk3c/mpospilot/;
}
location /mpospilot/ {
    alias /opt/tk3c/mpospilot/;
}

// 行動POS 正式
location = /mpos {
    alias /opt/tk3c/mpos/;
}
location /mpos/ {
    alias /opt/tk3c/mpos/;
}

// 行動POS 啟用頁面
location /tk3c/ {
    uwsgi_param SCRIPT_NAME /tk3c;
    include uwsgi_params;
    uwsgi_pass unix:/run/uwsgi/tk3c.sock;
}

location /certs/ {
    alias /opt/tk3c/ssl/;
}

// 監控看板
location /dashboard/ {
    alias /opt/tk3c/dashboard/;
}

// api war檔放置區
// 舊版本可清除
location /builds/backend/api/ {
    alias /opt/tk3c/staging/war/;
    autoindex on;
    autoindex_localtime on;
}

// 客顯
location = /customerdisplay {
    alias /opt/tk3c/cstomerdisplay/;
}
location /customerdisplay/ {
    alias /opt/tk3c/customerdisplay/;
}

Certificate

CA列表:

Name	Expire	State	用途	設定路徑	CA檔案路徑	key
mpos_server	2022/10/31	使用中	門市API	API樹梅派 /etc/nginx/conf.d/tk3c.conf	/opt/tk3c/ssl/	mpos_ca.key
		使用中	MQTT	API樹梅派 /etc/mosquitto/conf.d/tk3c.conf	/opt/tk3c/ssl/	mpos_ca.key
tk3c_mpos_server	2023/2/14	使用中	PWA	IDC MPOS PWA server /etc/nginx/default.d/tk3c.conf	/opt/tk3c/ssl/	mpos_ca.key
tk3c-NPS2012-CA		棄用				root.tk3c-NPS2012.cer

Ref

self-signed certificates

CSR note

2 Root-CA require to be trusted on terminal device

path: /opt/tk3c/ssl/

tk3c-NPS2012-CA: for PWA server deployed in IDC, managed by 系統組(已不使用)
TK3C-MPOS: for API servers deployed in store

tk3c_mpos_server.cnf in 10.1.62.97 & git

PWA server使用憑證須符合IOS規範
https://support.apple.com/en-us/HT210176
https://support.apple.com/en-us/HT211025

API server’s certificate maintain required for new store deployment.

中繼憑證Re-sign(tk3c_mpos_server):

//key: tk3cmp0s
sudo openssl x509 -req -in tk3c_mpos_server.csr -CA tk3c_mpos_ca.pem -CAkey mpos_ca.key -CAserial tk3c_mpos_ca.srl -out tk3c_mpos_server.crt -days 397 -extfile tk3c_mpos_server.cnf -extensions v3_req

//copy to tmp -> tmp to goal path
cp -R /tmp/tk3c_mpos_server.crt /opt/tk3c/ssl
cp -R /tmp/tk3c_mpos_server.key /opt/tk3c/ssl

💡 MQTT CA檔案**mpos_sever.crt**改用**tk3c_mpos_server(不需要多簽CA)**

> $ cat /etc/mosquitto/conf.d/tk3c.conf
# tk3c setting

....

# extra listener setting for secured websockets
listener 9443
protocol websockets
cafile   /opt/tk3c/ssl/mpos_ca
keyfile  /opt/tk3c/ssl/mpos_server.key
# certfile /opt/tk3c/ssl/mpos_server.crt
certfile /opt/tk3c/ssl/**tk3c_mpos_server**.crt
require_certificate false

...

交接

環境配置

測試環境

正式環境

廠商POS機配置(未測試)

技術配置

設備安裝

門市支援

監控

門市Device IP查詢

進度規劃表

進行中項目

待執行項目

改進項目

Nginx

Certificate

CA列表:

2 Root-CA require to be trusted on terminal device

PWA server使用憑證須符合IOS規範

API server’s certificate maintain required for new store deployment.

Read more

POS客顯設計

MPOS開發SPEC

Dock 綁定

New POS