replikey/doc/architecture.gv

digraph {
    subgraph cluster_pki {
        label="PKI"
        ca [label="CA Key", shape=note]

        subgraph cluster_pki_crl {
            label="CRL Infrastructure(Optional)"
            crl_listener [label="http://my.crl", shape=triangle,rank=0]
            crl -> crl_listener [label="Static file"]
        }
    }

    subgraph cluster_0 {
        label="Master docker compose"
        web_app [label="Web app", shape=box]
        db [label="Postgres", shape=box]
        redis [label="Redis", shape=box]
        replikey [label="Replikey", shape=box]
        replikey -> db [label="SNI Routing",color=orange]
        replikey -> redis [label="SNI Routing",color=orange]
        server_cert [label="Server cert", shape=note]
        server_key [label="Server key", shape=note]
        server_key -> server_cert [label="Private key"]
        web_app -> db
        web_app -> redis

        ca_cert [label="CA cert", shape=note]

        server_cert -> replikey [label="Authenticate"]
        ca_cert -> replikey [label="Trust"]

        listen_master_web [label=":80", shape=triangle,rank=0]
        listen_master_replikey [label=":6443", shape=triangle,rank=0]
        replikey -> listen_master_replikey [label="Listen",dir=back]
        web_app -> listen_master_web [label="Listen"]
    }

    subgraph cluster_1 {
        label="Slave docker compose"
        db_slave [label="Postgres", shape=box]
        redis_slave [label="Redis", shape=box]
        replikey_slave_db [label="Replikey DB Client", shape=box]
        replikey_slave_redis [label="Replikey Redis Client", shape=box]
        db_slave -> replikey_slave_db [label="Plain TCP",color=orange]
        redis_slave -> replikey_slave_redis [label="Plain TCP",color=orange]
        client_cert [label="Client cert", shape=note]
        client_key [label="Client key", shape=note]
        client_key -> client_cert [label="Private key"]
        ca_cert_slave [label="CA cert", shape=note]

        client_cert -> replikey_slave_db [label="Authenticate"]
        ca_cert_slave -> replikey_slave_db [label="Trust"]
        client_cert -> replikey_slave_redis [label="Authenticate"]
        ca_cert_slave -> replikey_slave_redis [label="Trust"]

    }
    
    replikey_slave_db -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green]
    replikey_slave_redis -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green]
}
init Signed-off-by: eternal-flame-AD <yume@yumechi.jp> 2024-11-02 19:50:14 -05:00			`digraph {`
			`subgraph cluster_pki {`
			`label="PKI"`
			`ca [label="CA Key", shape=note]`

			`subgraph cluster_pki_crl {`
			`label="CRL Infrastructure(Optional)"`
			`crl_listener [label="http://my.crl", shape=triangle,rank=0]`
			`crl -> crl_listener [label="Static file"]`
			`}`
			`}`

			`subgraph cluster_0 {`
			`label="Master docker compose"`
			`web_app [label="Web app", shape=box]`
			`db [label="Postgres", shape=box]`
			`redis [label="Redis", shape=box]`
			`replikey [label="Replikey", shape=box]`
			`replikey -> db [label="SNI Routing",color=orange]`
			`replikey -> redis [label="SNI Routing",color=orange]`
			`server_cert [label="Server cert", shape=note]`
			`server_key [label="Server key", shape=note]`
			`server_key -> server_cert [label="Private key"]`
			`web_app -> db`
			`web_app -> redis`

			`ca_cert [label="CA cert", shape=note]`

			`server_cert -> replikey [label="Authenticate"]`
			`ca_cert -> replikey [label="Trust"]`

			`listen_master_web [label=":80", shape=triangle,rank=0]`
			`listen_master_replikey [label=":6443", shape=triangle,rank=0]`
			`replikey -> listen_master_replikey [label="Listen",dir=back]`
			`web_app -> listen_master_web [label="Listen"]`
			`}`

			`subgraph cluster_1 {`
			`label="Slave docker compose"`
			`db_slave [label="Postgres", shape=box]`
			`redis_slave [label="Redis", shape=box]`
			`replikey_slave_db [label="Replikey DB Client", shape=box]`
			`replikey_slave_redis [label="Replikey Redis Client", shape=box]`
			`db_slave -> replikey_slave_db [label="Plain TCP",color=orange]`
			`redis_slave -> replikey_slave_redis [label="Plain TCP",color=orange]`
			`client_cert [label="Client cert", shape=note]`
			`client_key [label="Client key", shape=note]`
			`client_key -> client_cert [label="Private key"]`
			`ca_cert_slave [label="CA cert", shape=note]`

			`client_cert -> replikey_slave_db [label="Authenticate"]`
			`ca_cert_slave -> replikey_slave_db [label="Trust"]`
			`client_cert -> replikey_slave_redis [label="Authenticate"]`
			`ca_cert_slave -> replikey_slave_redis [label="Trust"]`

			`}`

			`replikey_slave_db -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green]`
			`replikey_slave_redis -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green]`
			`}`