digraph {
subgraph cluster_pki {
label="PKI"
ca [label="CA Key", shape=note]
subgraph cluster_pki_crl {
label="CRL Infrastructure(Optional)"
crl_listener [label="http://my.crl", shape=triangle,rank=0]
crl -> crl_listener [label="Static file"]
}
}
subgraph cluster_0 {
label="Master docker compose"
web_app [label="Web app", shape=box]
db [label="Postgres", shape=box]
redis [label="Redis", shape=box]
replikey [label="Replikey", shape=box]
replikey -> db [label="SNI Routing",color=orange]
replikey -> redis [label="SNI Routing",color=orange]
server_cert [label="Server cert", shape=note]
server_key [label="Server key", shape=note]
server_key -> server_cert [label="Private key"]
web_app -> db
web_app -> redis
ca_cert [label="CA cert", shape=note]
server_cert -> replikey [label="Authenticate"]
ca_cert -> replikey [label="Trust"]
listen_master_web [label=":80", shape=triangle,rank=0]
listen_master_replikey [label=":6443", shape=triangle,rank=0]
replikey -> listen_master_replikey [label="Listen",dir=back]
web_app -> listen_master_web [label="Listen"]
}
subgraph cluster_1 {
label="Slave docker compose"
db_slave [label="Postgres", shape=box]
redis_slave [label="Redis", shape=box]
replikey_slave_db [label="Replikey DB Client", shape=box]
replikey_slave_redis [label="Replikey Redis Client", shape=box]
db_slave -> replikey_slave_db [label="Plain TCP",color=orange]
redis_slave -> replikey_slave_redis [label="Plain TCP",color=orange]
client_cert [label="Client cert", shape=note]
client_key [label="Client key", shape=note]
client_key -> client_cert [label="Private key"]
ca_cert_slave [label="CA cert", shape=note]
client_cert -> replikey_slave_db [label="Authenticate"]
ca_cert_slave -> replikey_slave_db [label="Trust"]
client_cert -> replikey_slave_redis [label="Authenticate"]
ca_cert_slave -> replikey_slave_redis [label="Trust"]
}
replikey_slave_db -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green]
replikey_slave_redis -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green]
}