By architecture, I meansystem architecture
In a broad sense, it covers all system construction scenarios such as business architecture, operation and maintenance architecture, organizational architecture, etc. In this paper, we refer specifically to the general developers who are mainly concerned with thedevelopment framework
。
There are many theories about architecture, everyone has their own understanding, I believe that many people in the actual use of a variety of problems and confusion, this paper puts aside the dogma, from the evolution of an actual project to see what is the architecture.
Project Background
Before we start, let's understand the background of the project. The project was originally developed for a Southeast Asian company's gallery, providing image licensing services, regular projects. Can not help the local business environment, mixed, black and white means endless, there are several other projects either by DDOS, or traffic hijacking, or inexplicably appeared in violation of the contents of the company's suffering, and this time, simply a heavy bounty, looking for the pick of the beam of wisdom. This is not, by the author of a flexible employment in the country's friends uncovered the list, a few years before returning to China, which happened in the middle of all kinds of is another story.
In any case, although the project looks small, in addition to the content of the business itself, server and data security must also be considered.
basic version
Obviously, users browsing a website need asite
If you use front-end and back-end separation you also have to haveapi-server
。
To prevent malicious users from uploading offending content, all images are uploaded by administrators to the gallery bed for exampleAWS-S3 (public read private write mode)
。
S3 Synchronized
Although the basic version guarantees data security on the business side, the two servers (S3 and site/api, i.e., the red node) are directly exposed to the public, so hackers can easily locate them and launch an attack.S3 is a reliable cloud service, so there is no need to worry about it too much, but the alarmed A side requires that administrators do not have direct access to S3, so as to prevent the hackers from sniffing into the management side.
So, add a new transit node between the management and S3minio
The images are uploaded to minio and then synchronized to S3, so the risk of exposure on the admin side is greatly reduced.
Note that the issue of site/api exposure has not been resolved at this point, as will be discussed later.
Member's Edition
Immediately a new requirement came out, Party A asked to join the paid membership model, but not to show any account information about the company (it seems that Party A is really afraid to hide themselves completely).
To have a membership system, you have to have an account module first, to prevent malicious registration, plus email verification can be.
Charges can not reflect the company's account number is more troublesome, the conventional go bank water certainly can not, the third party or even shell payment will always be traced to the remaining options are only cryptocurrency, fortunately cryptocurrency in the local is widely used.
Cryptocurrency transactions are generally asynchronous, so a timer has to be designed to get the latest transaction records from the chain at regular intervals and synchronize them to the account center for processing.
The dotted line in the figure indicates that the connection is to an internal service.
CMS version
In addition to managing images, administrators need to manage the site itself, such as ad placement, layout adjustments, and membership strategies. So newCMS-Service
。
Of course, in the future, there will be a need for other non-CMS site management functions such as member management, system monitoring, etc., unified to theadmin-site
Service to the management side.
CQRS Edition
Now, merge the image management together into the site management and apply it to each serviceCQRS
model, clarifying the business boundary and laying a good foundation for subsequent business expansion.
Note that admin-site doubles as site-command and album-command.
IM version
In order to improve the quality of service, Party A's boss asked to add online customer service, customer requests the first time to feedback, while some other news (such as customer orders, picture contract expiration, etc.), the administrator can also be the first time to receive.
It would have to be more than just a live chat system, it would have to have a message push feature.
Considering the local 9 to 5 lazy working condition, it is not realistic to want the administrator to stay in front of the computer all the time, then customer messages and system messages are easy to miss.
Luckily, there's a chat app that everyone can't live without -- theTelegram
This thing is similar to WeChat in China, but opens up a lot of interfaces and protocols so that third-party systems can easily access it. For example, we can use itsTelegram-Bot
When a client sends a message, the IM service not only pushes it to the administrator in real time, but also pushes it to Telegram-Bot, which in turn pushes the message to Telegram, so the administrator, who is immersed in the beauty channel, can know the pending feedback message in time.
Cloudflare edition
The main functions of the system have basically been realized, but the security issue that Party A has been longing for has in turn become more serious with the expansion of the functions. As mentioned before, the nodes directly exposed to users have the highest risk level, followed by the nodes used by administrators, which in turn affects the entire system internally.
Building a security system on your own is too costly and strong, fortunately there are free lunches on the market, such as theCloudflare
。
Cloudflare is a globally renowned web service provider that offers services related to protecting, optimizing, and accelerating websites. At least the following services can be considered in this project:
- Source IP Hiding
- Bots - Automatically block malicious crawlers
- Turnstile - man-machine verification
- S3 domain rewritten to this site's domain (cname resolution done)
Administrators are also required to install on the devices they are usingVPN
, minimizing risk.
As you can see, the red and yellow line blocks in the diagram are gone, and the whole system is unlikely to be breached from the outside as long as there are no internal problems.
CI/CD version
There is one more loophole, says A meaningfully. He was referring to the process of deploying from the local development/testing machine to the production environment, where there is also a direct connection from the local device to the online node. Although the servers are now hidden deep enough that direct logins are unlikely to be detected, for security reasons, Party A still requires the use of a springboard machine to transit each time.
For the task of frequent posting, the springboard transit is really a bit of a hassle, you can use theCI/CD
Programs that automate deployment, both easily and securely.
Architecture, which is both a noun and a verb, an entity and a change, is both an idea and an implementation. But it is certainly not a set of templates -- if all houses were alike, there would be no architects.
Throughout the project, the A's were downright paranoid about safety, and many of the demands seemed unreasonable, but a smart you might be able to see something :)