This website requires JavaScript.
Explore
Help
Register
Sign In
marcel
/
familienarchiv
Watch
1
Star
0
Fork
0
You've already forked familienarchiv
Code
Issues
115
Pull Requests
Actions
Packages
Projects
Releases
Wiki
Activity
Files
b4e6e4ca2a8a3aed6c38b507a40b6667d7b234e6
familienarchiv
/
docs
/
architecture
/
c4
/
l2-containers.puml
Marcel
67004737f6
Some checks failed
CI / Unit & Component Tests (pull_request)
Successful in 5m45s
Details
CI / OCR Service Tests (pull_request)
Successful in 36s
Details
CI / Backend Unit Tests (pull_request)
Failing after 23m49s
Details
CI / fail2ban Regex (pull_request)
Successful in 2m13s
Details
CI / Compose Bucket Idempotency (pull_request)
Successful in 1m46s
Details
fix(observability): define obs_glitchtip_worker Container in C4 diagram
...
Co-Authored-By: Claude Sonnet 4.6 <
noreply@anthropic.com
>
2026-05-15 04:43:09 +02:00
4.9 KiB
Raw
Blame
History
Container Diagram: Familienarchiv
Container Diagram: Familienarchiv
Familienarchiv (Docker Compose)
[system]
Observability Stack (docker-compose.observability.yml)
[system]
«container»
Web
Frontend
[SvelteKit
/
Node
adapter
/
port
3000]
Server-side
rendered
UI.
Handles
auth
session
cookies,
document
search
and
viewer,
transcription
editor,
annotation
layer,
family
tree
(Stammbaum),
stories
(Geschichten),
activity
feed
(Chronik),
enrichment
workflow,
and
admin
panel.
«container»
API
Backend
[Spring
Boot
4
/
Java
21
/
Jetty
/
port
8080]
REST
API.
Implements
document
management,
search,
user
auth,
file
upload/download,
transcription,
OCR
orchestration,
and
SSE
notifications.
Trusts
X-Forwarded-*
headers
from
Caddy.
«container»
OCR
Service
[Python
FastAPI
/
port
8000]
Handwritten
text
recognition
(HTR)
and
OCR
microservice.
Single-node
by
design
—
see
ADR-001.
Reachable
only
on
the
internal
Docker
network;
no
external
port
exposed.
«container»
Relational
Database
[PostgreSQL
16]
Stores
document
metadata,
persons,
users,
permission
groups,
tags,
transcription
blocks,
audit
log,
and
Spring
Session
data.
«container»
Object
Storage
[MinIO
(S3-compatible)]
Stores
the
actual
document
files
(PDFs,
scans).
Backend
uses
a
bucket-scoped
service
account
(archiv-app),
not
MinIO
root.
«container»
Bucket
/
Service-Account
Init
[MinIO
Client
(mc)]
One-shot
container
on
startup.
Idempotent:
creates
the
archive
bucket,
the
archiv-app
service
account,
and
attaches
the
readwrite
policy.
«container»
Prometheus
[prom/prometheus:v3.4.0]
Scrapes
metrics
from
backend
management
port
8081
(/actuator/prometheus),
node-exporter,
and
cAdvisor.
Retention:
30
days.
«container»
Node
Exporter
[prom/node-exporter:v1.9.0]
Host-level
CPU,
memory,
disk,
and
network
metrics.
«container»
cAdvisor
[gcr.io/cadvisor/cadvisor:v0.52.1]
Per-container
resource
metrics.
«container»
Loki
[grafana/loki:3.4.2]
Stores
log
streams
from
all
containers.
«container»
Promtail
[grafana/promtail:3.4.2]
Ships
Docker
container
logs
to
Loki
via
Docker
SD.
«container»
Tempo
[grafana/tempo:2.7.2]
Distributed
trace
storage.
OTLP
gRPC
receiver
on
port
4317
(archiv-net).
Grafana
queries
traces
on
port
3200
(obs-net).
All
ports
internal
only.
«container»
Grafana
[grafana/grafana-oss:11.6.1]
Unified
observability
UI
—
dashboards,
logs,
traces.
Datasources
(Prometheus,
Loki,
Tempo)
and
three
dashboards
are
auto-provisioned.
«container»
GlitchTip
[glitchtip/glitchtip:v4]
Sentry-compatible
error
tracker
—
web
process.
Receives
frontend
+
backend
error
events,
groups
by
fingerprint,
provides
issue
UI
with
stack
traces.
«container»
GlitchTip
Worker
[glitchtip/glitchtip:v4]
Celery
+
beat
worker
—
async
event
ingestion,
notifications,
cleanup.
«container»
Redis
[redis:7-alpine]
Celery
task
queue
for
GlitchTip
async
workers.
«person»
User
Admin
or
family
member
«external_system»
Email
Service
SMTP
server.
Delivers
notification
and
password-reset
emails.
«container»
Reverse
Proxy
[Caddy
2
(host-installed)]
TLS
termination
(auto
Let's
Encrypt).
Routes
/api/*
to
backend:8080,
everything
else
to
frontend:3000.
Responds
404
on
/actuator/*
and
adds
HSTS,
X-Content-Type-Options,
Referrer-Policy
headers.
HTTPS
[TLS
1.2/1.3]
Reverse
proxies
non-/api
requests
[HTTP
/
loopback:3000]
Reverse
proxies
/api/
*
[HTTP
/
loopback:8080]
API
requests
with
Basic
Auth
token
[HTTP
/
REST
/
JSON]
SSE
notifications
(server-sent
events)
[HTTP
/
SSE
—
fronted
by
Caddy]
Reads
and
writes
metadata
and
sessions
[JDBC
/
SQL]
Uploads
and
streams
document
files
using
archiv-app
service
account
[HTTP
/
S3
API
(AWS
SDK
v2)]
OCR
job
requests
with
presigned
MinIO
URL
[HTTP
/
REST
/
JSON]
Sends
notification
and
password-reset
emails
(optional)
[SMTP]
Fetches
PDF
via
presigned
URL
[HTTP
/
S3
presigned]
Bootstraps
bucket
+
service
account
on
startup
[MinIO
Client
CLI]
Pushes
log
streams
[HTTP/Loki
push
API]
Sends
distributed
traces
via
OTLP
[gRPC
/
OTLP
/
port
4317
(archiv-net)]
Queries
metrics
[HTTP
9090]
Queries
logs
[HTTP
3100]
Queries
traces
[HTTP
3200]
Stores
error
events
in
glitchtip
DB
[PostgreSQL
/
archiv-net]
Processes
Celery
tasks
[Redis
/
obs-net]
Reference in New Issue
View Git Blame
Copy Permalink
67004737f6