Skip to content

Infrastructure Documentation

Infrastructure configuration, cloud services, and network management documentation.

Available Guides

Cloud Services

  • AWS Overview - AWS account structure and IAM
  • Organization structure
  • Account management
  • IAM Identity Center
  • App subdomain architecture discussions

DNS and CDN

Security

  • SSL Certificates - Certbot and Let's Encrypt
  • Cloudflare API integration
  • Auto-renewal configuration
  • Wildcard certificate setup

Network

  • Firewall Configuration - Firewall rules and tags
  • Digital Ocean firewall setup
  • Tag-based rules
  • Load balancer configuration

Infrastructure Overview

Cloud Providers

  • Digital Ocean: Primary infrastructure (London datacenter)
  • AWS: Identity management and future services
  • Cloudflare: DNS and CDN

Network Architecture

Internet
    |
Cloudflare (CDN/WAF)
    |
Load Balancer (Digital Ocean)
    |
    ├─ Webserver 1 ────┐
    ├─ Webserver 2     │
    ├─ Webserver 3     ├─> NFS (Shared Storage)
    └─ Webserver 4 ────┘
         |
         ├─> RabbitMQ (Message Queue)
         ├─> MongoDB (NoSQL Database)
         ├─> MariaDB (SQL Database)
         ├─> Redis (Cache)
         └─> Websocket Server
                |
                ├─> Scheduler
                └─> Gantt PDF

Security Layers

  1. Cloudflare: DDoS protection, WAF
  2. Firewall: Digital Ocean firewall with tag-based rules
  3. Bastion: SSH gateway for server access
  4. Application: Authentication, authorization, input validation

SSL/TLS

  • Wildcard certificate: *.methodgrid.com
  • Provider: Let's Encrypt
  • Renewal: Automated via Certbot
  • DNS validation: Cloudflare API

Best Practices

Firewall Rules

  • Use tags instead of hardcoded IPs when possible
  • Document all manual rule exceptions
  • Regular audit of firewall rules
  • Principle of least privilege

SSL Certificates

  • Stagger renewal checks across webservers
  • Monitor certificate expiration
  • Test renewal process regularly
  • Keep Cloudflare API token secure

DNS Management

  • All changes via Cloudflare
  • Document DNS records
  • Export DNS configuration regularly
  • Use appropriate TTL values

Disaster Recovery

Data Center Failure

Current limitation: Single UK data center (Digital Ocean London)

Mitigation strategies: - S3 backups in separate region - Regular backup testing - Documented restoration procedures

Service Degradation

  1. Check Cloudflare status
  2. Verify load balancer health
  3. Check individual server status
  4. Review firewall rules
  5. Escalate if needed
Last modified by: Unknown