marcel/familienarchiv
1
0
Fork 0
Code Issues 115 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f4c844002a45cd2ad8d9d90c09b53258de2eb55
familienarchiv/docs/architecture/c4/l2-containers.puml
Marcel e4df17f308
Some checks failed
CI / Unit & Component Tests (push) Failing after 7m31s
Details
CI / OCR Service Tests (push) Successful in 49s
Details
CI / Backend Unit Tests (push) Failing after 3m30s
Details
CI / Unit & Component Tests (pull_request) Failing after 6m55s
Details
CI / OCR Service Tests (pull_request) Successful in 51s
Details
CI / Backend Unit Tests (pull_request) Failing after 3m31s
Details
docs: retire overlay narrative; add Caddy to C4 L2 diagram 
- docs/infrastructure/production-compose.md: trimmed to VPS sizing,
  cost breakdown, and Hetzner ecosystem rationale. The inline
  compose spec (overlay + Hetzner OBS in prod) is retired; the
  live file is now docker-compose.prod.yml at the repo root and
  the Caddyfile lives at infra/caddy/Caddyfile. Observability
  stack is called out as a not-yet-deployed gap (issue #498).

- docs/architecture/c4/l2-containers.puml: adds Caddy as a named
  reverse-proxy container with the two port paths and notes the
  archiv-app service-account split on MinIO access.

Refs #497.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-10 22:00:21 +02:00

2.8 KiB
Raw Blame History

Container Diagram: FamilienarchivContainer Diagram: FamilienarchivFamilienarchiv (Docker Compose)[system]«container»Web Frontend[SvelteKit / Node adapter / port3000] Server-side rendered UI.Handles auth sessioncookies, document searchand viewer, transcriptioneditor, annotation layer,family tree (Stammbaum),stories (Geschichten),activity feed (Chronik),enrichment workflow, andadmin panel.«container»API Backend[Spring Boot 4 / Java 21 / Jetty /port 8080] REST API. Implementsdocument management,search, user auth, fileupload/download,transcription, OCRorchestration, and SSEnotifications. TrustsX-Forwarded-* headers fromCaddy.«container»OCR Service[Python FastAPI / port 8000] Handwritten textrecognition (HTR) and OCRmicroservice. Single-nodeby design â€” see ADR-001.Reachable only on theinternal Docker network; noexternal port exposed.«container»Relational Database[PostgreSQL 16] Stores document metadata,persons, users, permissiongroups, tags, transcriptionblocks, audit log, and SpringSession data.«container»Object Storage[MinIO (S3-compatible)] Stores the actual documentfiles (PDFs, scans). Backenduses a bucket-scopedservice account(archiv-app), not MinIO root.«container»Bucket /Service-Account Init[MinIO Client (mc)] One-shot container onstartup. Idempotent:creates the archive bucket,the archiv-app serviceaccount, and attaches thereadwrite policy.«person»User Admin or family member«external_system»Email Service SMTP server. Deliversnotification andpassword-reset emails.«container»Reverse Proxy[Caddy 2 (host-installed)] TLS termination (auto Let'sEncrypt). Routes /api/* tobackend:8080, everythingelse to frontend:3000.Responds 404 on/actuator/* and adds HSTS,X-Content-Type-Options,Referrer-Policy headers.HTTPS[TLS 1.2/1.3]Reverse proxiesnon-/api requests[HTTP / loopback:3000]Reverse proxies /api/*[HTTP / loopback:8080]API requests withBasic Auth token[HTTP / REST / JSON]SSE notifications(server-sent events)[HTTP / SSE â€” frontedby Caddy]Reads and writesmetadata andsessions[JDBC / SQL]Uploads and streamsdocument files usingarchiv-app serviceaccount[HTTP / S3 API (AWSSDK v2)]OCR job requestswith presigned MinIOURL[HTTP / REST / JSON]Sends notificationand password-resetemails (optional)[SMTP]Fetches PDF viapresigned URL[HTTP / S3 presigned]Bootstraps bucket +service account onstartup[MinIO Client CLI]
Reference in New Issue View Git Blame Copy Permalink