--- tags: 交接 --- # 交接 ## 環境配置 ### 測試環境 ```plantuml @startuml card Store_pilot as "總部" { card IDC as "97" { node PWA as "POS前端PWA server" { node Pilot as "Test [測試版本]" } } frame SC as "SC server" { database SC_DB } frame rpi1 as "97、99"{ node api as "SC API" } node tablet as "POS平板" node dock as "POS Dock(轉接桌上設備使用)" { node 62 node 132 } node devices as "掃描槍、印表機、EDC刷卡機、錢箱、客顯" SC_DB -- api tablet .[#green,plain,thickness=2]d. dock :移動模式/桌上模式 切換 dock -d- devices tablet <-[#blue,plain,thickness=2]-> rpi1 cloud member_api as "會員API" cloud PaymentRouter rpi1 -- member_api rpi1 -- PaymentRouter :"若要使用需另做修復(PR規格有變更)" Pilot -> tablet } @enduml ``` ### 正式環境 ```plantuml @startuml card IDC as "IDC" { node PWA as "POS前端PWA server" { node Pilot as "Pilot [先行版本]" node Production as "Production [正式版本]" } Pilot -[hidden]u- Production } card Store_pilot as "Pilot門市" { frame SC as "SC server" { database SC_DB } frame rpi1 as "SC API (樹梅派)" node tablet as "POS平板" node dock as "POS Dock(轉接桌上設備使用)" node devices as "掃描槍、印表機、EDC刷卡機、錢箱、客顯" SC_DB -- rpi1 tablet .[#green,plain,thickness=2]d. dock :移動模式/桌上模式 切換 dock -d- devices tablet <-[#blue,plain,thickness=2]-> rpi1 } cloud member_api as "會員API" cloud PaymentRouter rpi1 -- member_api rpi1 -- PaymentRouter :"若要使用需另做修復(PR規格有變更)" Pilot -> tablet card Store_production as "一般門市" { card a as "配置同Pilot門市" } Production -> Store_production @enduml ``` ### 廠商POS機配置(未測試) ```plantuml @startuml card IDC as "IDC" { node PWA as "POS前端PWA server" { node Pilot as "Pilot [先行版本]" node Production as "Production [正式版本]" } Pilot -[hidden]u- Production } card Store_pilot as "Pilot門市" { frame SC as "SC server" { database SC_DB node rpi1 as "SC API (虛擬機)" } node TM as "POS機" { node client as "POS client" node dock as"POS dock" client -- dock } node devices as "掃描槍、印表機、EDC刷卡機、錢箱、客顯" SC_DB -- rpi1 dock -d- devices client <-[#blue,plain,thickness=2]-> rpi1 } cloud member_api as "會員API" cloud PaymentRouter rpi1 -- member_api rpi1 -- PaymentRouter :"若要使用需另做修復(PR規格有變更)" Pilot -> client card Store_production as "一般門市" { card a as "配置同Pilot門市" } Production -> Store_production @enduml ``` ### 技術配置 - [PWA Server](https://hackmd.io/@tk3c-mpos/BkZfu5Ebc): -- Linux -- Nginx -- uWSGI - PWA 前端: -- Vue -- TypeScript - API: -- Linux -- Nginx -- Java -- Tomee -- Oracle - Dock -- Linux -- Python - 維運工具 -- Python ## 設備安裝 [參考](https://hackmd.io/kWwLXqkCTmyh7LjVZFj6SA?view#Previous-Setup-and-installation-documents) - 平板裝置管理後台 -- 正式區admin: IDC/tk3c/admin -- 正式區config: IDC/tk3c/config -- 測試區admin: 97/tk3c/admin -- 測試區config: 97/tk3c/config - [設定流程](https://hackmd.io/d0AyPmyRRlCCQXKRgB5jlg?view#Mobile-device) ## 門市支援 ### 監控 97/sandbox/dashboard/ IDC/sandbox/dashboard/ ### 門市Device IP查詢 - [10399](http://10.253.2.250/POLICE/index.htm) - 樹梅派 245 - Printer ## 進度規劃表 ### 進行中項目 - 待pilot run - POS Dock硬體連接([Dock開發文件](https://hackmd.io/@tk3c-mpos/ryYoCmSRu/https%3A%2F%2Fhackmd.io%2F%40tk3c-mpos%2FB16lfjsAu)) - 測試中 - EDC多卡機連接([卡機連接](https://hackmd.io/Q98eQZOMRdiHvAa_qHzuRQ?view#%E5%8D%A1%E6%A9%9F%E9%80%A3%E6%8E%A5)) - 開發中 - 顧客顯示器([開發文件](https://hackmd.io/@tk3c-mpos/r19r3ikJc)) ## 待執行項目 - [ ] SC API從樹梅派搬移至SC server(需要開虛擬機) - [ ] POS系統轉移至市售POS機器 - [ ] 系統轉移測試 - [ ] POS前端RWD - [ ] CA ExpireDate - [ ] tk3c_mpos_server.crt 2023/2/14 - [ ] Dock門市版控設計(參考API版控方式) ## 改進項目 - [ ] API Log清除排程 ## Nginx nginx config file path: - 測試: /etc/nginx/conf.d/tk3c.conf - 正式: /etc/nginx/default/tk3c.conf ```csharp= include ssl-params.conf; ssl_certificate "/etc/pki/tk3c/tk3c_mpos_server.crt"; ssl_certificate_key "/etc/pki/tk3c/tk3c_mpos_server.key"; location /static/ { alias /opt/tk3c/static/; } // 行動POS系統設定管理 // https://10.1.62.97/tk3c/config location /alt3/ { alias /opt/tk3c/lib/AdminLTE-3.0.2/; } // 行動POS Pilot location = /mpospilot { alias /opt/tk3c/mpospilot/; } location /mpospilot/ { alias /opt/tk3c/mpospilot/; } // 行動POS 正式 location = /mpos { alias /opt/tk3c/mpos/; } location /mpos/ { alias /opt/tk3c/mpos/; } // 行動POS 啟用頁面 location /tk3c/ { uwsgi_param SCRIPT_NAME /tk3c; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/tk3c.sock; } location /certs/ { alias /opt/tk3c/ssl/; } // 監控看板 location /dashboard/ { alias /opt/tk3c/dashboard/; } // api war檔放置區 // 舊版本可清除 location /builds/backend/api/ { alias /opt/tk3c/staging/war/; autoindex on; autoindex_localtime on; } // 客顯 location = /customerdisplay { alias /opt/tk3c/cstomerdisplay/; } location /customerdisplay/ { alias /opt/tk3c/customerdisplay/; } ``` ## Certificate ### CA列表: | Name | Expire | State | 用途 | 設定路徑 | CA檔案路徑 | key | | --- | --- | --- | --- | --- | --- | --- | | mpos_server | 2022/10/31 | 使用中 | 門市API | API樹梅派 /etc/nginx/conf.d/tk3c.conf | /opt/tk3c/ssl/ | mpos_ca.key | | | | 使用中 | MQTT | API樹梅派 /etc/mosquitto/conf.d/tk3c.conf | /opt/tk3c/ssl/ | mpos_ca.key | | tk3c_mpos_server | 2023/2/14 | 使用中 | PWA | IDC MPOS PWA server /etc/nginx/default.d/tk3c.conf | /opt/tk3c/ssl/ | mpos_ca.key | | tk3c-NPS2012-CA | | 棄用 | | | | root.tk3c-NPS2012.cer | - Ref **[self-signed certificates](http://172.16.9.53/IT_MPOS/mPOS/src/branch/master/BackEnd/scops/notes/self_signed_certificates.md)** [CSR note](http://172.16.9.53/IT_MPOS/mPOS/src/branch/master/BackEnd/scops/certs) ### 2 Root-CA require to be trusted on terminal device path: /opt/tk3c/ssl/ - tk3c-NPS2012-CA: for PWA server deployed in IDC, managed by 系統組(已不使用) - TK3C-MPOS: for API servers deployed in store > tk3c_mpos_server.cnf in 10.1.62.97 & git > ### PWA server使用憑證須符合IOS規範 - [https://support.apple.com/en-us/HT210176](https://support.apple.com/en-us/HT210176) - [https://support.apple.com/en-us/HT211025](https://support.apple.com/en-us/HT211025) ### API server’s certificate maintain required for new store deployment. 中繼憑證Re-sign(**tk3c_mpos_server**): ```jsx //key: tk3cmp0s sudo openssl x509 -req -in tk3c_mpos_server.csr -CA tk3c_mpos_ca.pem -CAkey mpos_ca.key -CAserial tk3c_mpos_ca.srl -out tk3c_mpos_server.crt -days 397 -extfile tk3c_mpos_server.cnf -extensions v3_req //copy to tmp -> tmp to goal path cp -R /tmp/tk3c_mpos_server.crt /opt/tk3c/ssl cp -R /tmp/tk3c_mpos_server.key /opt/tk3c/ssl ``` <aside> 💡 MQTT CA檔案**mpos_sever.crt**改用**tk3c_mpos_server(不需要多簽CA)** ```yaml > $ cat /etc/mosquitto/conf.d/tk3c.conf # tk3c setting .... # extra listener setting for secured websockets listener 9443 protocol websockets cafile /opt/tk3c/ssl/mpos_ca keyfile /opt/tk3c/ssl/mpos_server.key # certfile /opt/tk3c/ssl/mpos_server.crt certfile /opt/tk3c/ssl/**tk3c_mpos_server**.crt require_certificate false ... ``` </aside>