Deploying on-site

Enterprise customers have the option to run the atfinity application in their own infrastructure. This guide explains how to do this and what the necessary requirements are.

General Architecture

atfinity is a client-server single page web application. This means atfinity broadly consists of a web server, serving a web frontend, and an API backend, with which the browser running this frontend communicates.

Backend Architecture

The whole backend can be deployed as either a one, two or three tier architecture:

  1. All in one publicly or internally available CORE server (application, storage and, if needed, the digital form tool, DFT)

  2. A publicly or internally available CORE server and a specially protected storage server (two tier)

  3. A publicly or internally available CORE server and a publicly available public server running the digital form tool, DFT (three tier)

This diagram details containers and communication between them:

Required setup

The atfinity backend is available as a collection of Docker containers and one or two Docker Compose files binding these together. If you choose to run the Digital Form Tool separately, there is a second Docker Compose file for its web server, too.

Required Services

atfinity services will communicate with a MariaDB database and an NFS file storage to permanently store data. In addition, atfinity uses a ephemeral Redis to cache certain data for a short period of time. This means, you will have to install and provide the following services:

CORE Server

  • Docker (~20.10)

  • Docker Compose (~1.29)

  • Redis (~6.2)

DATA Server

  • MariaDB (~10.4.18)

  • NFS File Storage

DFT Server

  • Docker (~20.10)

  • Docker Compose (~1.29)

For performance, it is critical to make sure these servers have enough resources to run the required services and the application.

Firewalls

atfinity is able to handle various firewalls between the components. It is critical though, that transport between the tiers is possible and of good performance. The above diagram and the respective documentations of used tools, gives an overview of needed ports.

Approximate Port Map (Adapt for your circumstances)

From / To

CORE

OUTSIDE

CORE

-

443 (actual communication), 80 (let's encrypt setup)

DATA

3306 (SQL), 111+2049 (NFS)

-

DFT

11681 (atfinity API)

443 (actual communication), 80 (let's encrypt setup)

We are happy to assist you, but since the spectrum of firewalls and other tools is huge, ultimately it’s within the clients responsibility to make sure tiers are configured correctly.

CDN and Security Tools (e.g. CloudFlare)

atfinity is able to handle a wide range of CDN and security tools in front of its components. Note, however, that atfinity works best if content is not cached, as almost no transferred data stays valid for more than a minute. We therefore recommend to disable all caches and only use security, not performance, tools of your infrastructure tooling in combination with atfinity.