digraph { subgraph cluster_pki { label="PKI" ca [label="CA Key", shape=note] subgraph cluster_pki_crl { label="CRL Infrastructure(Optional)" crl_listener [label="http://my.crl", shape=triangle,rank=0] crl -> crl_listener [label="Static file"] } } subgraph cluster_0 { label="Master docker compose" web_app [label="Web app", shape=box] db [label="Postgres", shape=box] redis [label="Redis", shape=box] replikey [label="Replikey", shape=box] replikey -> db [label="SNI Routing",color=orange] replikey -> redis [label="SNI Routing",color=orange] server_cert [label="Server cert", shape=note] server_key [label="Server key", shape=note] server_key -> server_cert [label="Private key"] web_app -> db web_app -> redis ca_cert [label="CA cert", shape=note] server_cert -> replikey [label="Authenticate"] ca_cert -> replikey [label="Trust"] listen_master_web [label=":80", shape=triangle,rank=0] listen_master_replikey [label=":6443", shape=triangle,rank=0] replikey -> listen_master_replikey [label="Listen",dir=back] web_app -> listen_master_web [label="Listen"] } subgraph cluster_1 { label="Slave docker compose" db_slave [label="Postgres", shape=box] redis_slave [label="Redis", shape=box] replikey_slave_db [label="Replikey DB Client", shape=box] replikey_slave_redis [label="Replikey Redis Client", shape=box] db_slave -> replikey_slave_db [label="Plain TCP",color=orange] redis_slave -> replikey_slave_redis [label="Plain TCP",color=orange] client_cert [label="Client cert", shape=note] client_key [label="Client key", shape=note] client_key -> client_cert [label="Private key"] ca_cert_slave [label="CA cert", shape=note] client_cert -> replikey_slave_db [label="Authenticate"] ca_cert_slave -> replikey_slave_db [label="Trust"] client_cert -> replikey_slave_redis [label="Authenticate"] ca_cert_slave -> replikey_slave_redis [label="Trust"] } replikey_slave_db -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green] replikey_slave_redis -> listen_master_replikey [label="TLS with SNI",constraint=false,color=green] }