Scott.Idem/OSIT-AE-Docker-Env
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update README and CHEATSHEET to reflect final correct architecture

Browse Source 
- Traffic diagram corrected: both app and api route through ae_web_dev
- Removed outdated 'two options' scaling section for ae_app
- Added port reference table to CHEATSHEET
- Scaling section simplified: change replicas, done, home nginx never changes
- localhost link corrected from 3001 to 8888 (LAN HTTP via ae_web_dev)
This commit is contained in:
Scott Idem
2026-03-10 18:24:31 -04:00
parent 57ec65144d
commit 1aa4186f4a
2 changed files with 43 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@@ -9,24 +9,30 @@ Understanding this prevents configuration mistakes.
```
External Internet
Home Server Nginx (reverse proxy)
Home Server Nginx (SSL termination, domain routing)
↓ ↓
workstation:443 workstation:5060
(ae_web_dev HTTPS) (ae_web_dev API gateway)
workstation:3001 workstation:5060
(AE_APP_GATEWAY_PORT) (AE_API_GATEWAY_PORT)
↓ ↓
ae_web_dev (Docker nginx, port 80)
↓ ↓
svelte_backend fastapi_backend
(Docker DNS) (Docker DNS)
(Docker DNS round-robin) (Docker DNS round-robin)
↓ ↓
ae_app replicas ae_api replicas
(round-robin) (round-robin)
```
**Both ae_app and ae_api can scale via Docker DNS round-robin** when home server
nginx routes through `ae_web_dev`. This is the recommended topology.
**Key points:**
- Home server nginx terminates SSL and routes by domain name to one of two stable ports. It never needs to know about replicas.
- `ae_web_dev` is the internal load balancer. It routes by `server_name` to the correct upstream, and Docker DNS automatically round-robins across all replicas.
- SSL is terminated at the home server. Internal traffic (home server → workstation → containers) is plain HTTP — no internal certs needed.
- To scale, change `AE_APP_REPLICAS` or `AE_API_REPLICAS` in `.env` and run `docker compose up -d`. Home server nginx never changes.
Alternatively, ae_app can be reached directly via host port range (`3001-3006`),
but this requires manually updating the home server nginx upstream for each replica.
See the Scaling section in CHEATSHEET.md.
**Host ports exposed by ae_web_dev:**
- `:3001` — App gateway (SvelteKit)
- `:5060` — API gateway (FastAPI)
- `:8888` — LAN HTTP (direct local access without going through home server)
- `:443` — commented out; SSL terminates at home server, not internally
---