marcel/familienarchiv
1
0
Fork 0
Code Issues 112 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
2eff1ab14c06f9ecb18b575862a1f3794dca3fb3
familienarchiv/docs/architecture/c4/l2-containers.puml
Marcel de08ffe989
All checks were successful
CI / Unit & Component Tests (pull_request) Successful in 3m22s
Details
CI / OCR Service Tests (pull_request) Successful in 17s
Details
CI / Backend Unit Tests (pull_request) Successful in 4m32s
Details
CI / fail2ban Regex (pull_request) Successful in 38s
Details
CI / Compose Bucket Idempotency (pull_request) Successful in 56s
Details
devops(observability): add Tempo for distributed trace storage (OTLP receiver) 
Closes #575

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 03:01:22 +02:00

3.8 KiB
Raw Blame History

Container Diagram: FamilienarchivContainer Diagram: FamilienarchivFamilienarchiv (Docker Compose)[system]Observability Stack (docker-compose.observability.yml / archiv-net)[system]«container»Web Frontend[SvelteKit / Node adapter / port3000] Server-side rendered UI.Handles auth sessioncookies, document searchand viewer, transcriptioneditor, annotation layer,family tree (Stammbaum),stories (Geschichten),activity feed (Chronik),enrichment workflow, andadmin panel.«container»API Backend[Spring Boot 4 / Java 21 / Jetty /port 8080] REST API. Implementsdocument management,search, user auth, fileupload/download,transcription, OCRorchestration, and SSEnotifications. TrustsX-Forwarded-* headers fromCaddy.«container»OCR Service[Python FastAPI / port 8000] Handwritten textrecognition (HTR) and OCRmicroservice. Single-nodeby design â€” see ADR-001.Reachable only on theinternal Docker network; noexternal port exposed.«container»Relational Database[PostgreSQL 16] Stores document metadata,persons, users, permissiongroups, tags, transcriptionblocks, audit log, and SpringSession data.«container»Object Storage[MinIO (S3-compatible)] Stores the actual documentfiles (PDFs, scans). Backenduses a bucket-scopedservice account(archiv-app), not MinIO root.«container»Bucket /Service-Account Init[MinIO Client (mc)] One-shot container onstartup. Idempotent:creates the archive bucket,the archiv-app serviceaccount, and attaches thereadwrite policy.«container»Prometheus[prom/prometheus] Scrapes metrics frombackend management port8081(/actuator/prometheus).Retention and alert rulesTBD â€” see issue #581.«container»Loki[grafana/loki:3.4.2] Stores log streams from allcontainers.«container»Promtail[grafana/promtail:3.4.2] Ships Docker container logsto Loki via Docker SD«container»Tempo[grafana/tempo:2.7.2] Distributed trace storage.OTLP gRPC receiver on port4317 (archiv-net). Grafanaqueries traces on port 3200(obs-net). All ports internalonly.«container»Grafana[grafana/grafana] Dashboards and alerting UI.Data sources: Prometheus+ Loki + Tempo. WiringTBD â€” see issue #581.«person»User Admin or family member«external_system»Email Service SMTP server. Deliversnotification andpassword-reset emails.«container»Reverse Proxy[Caddy 2 (host-installed)] TLS termination (auto Let'sEncrypt). Routes /api/* tobackend:8080, everythingelse to frontend:3000.Responds 404 on/actuator/* and adds HSTS,X-Content-Type-Options,Referrer-Policy headers.HTTPS[TLS 1.2/1.3]Reverse proxiesnon-/api requests[HTTP / loopback:3000]Reverse proxies /api/*[HTTP / loopback:8080]API requests withBasic Auth token[HTTP / REST / JSON]SSE notifications(server-sent events)[HTTP / SSE â€” frontedby Caddy]Reads and writesmetadata andsessions[JDBC / SQL]Uploads and streamsdocument files usingarchiv-app serviceaccount[HTTP / S3 API (AWSSDK v2)]OCR job requestswith presigned MinIOURL[HTTP / REST / JSON]Sends notificationand password-resetemails (optional)[SMTP]Fetches PDF viapresigned URL[HTTP / S3 presigned]Bootstraps bucket +service account onstartup[MinIO Client CLI]Pushes log streams[HTTP/Loki push API]Sends distributedtraces via OTLP[gRPC / OTLP / port 4317(archiv-net)]
Reference in New Issue View Git Blame Copy Permalink