Diagram: Difference between revisions

Latest revision as of 05:43, 25 January 2026

Example

Example

Cloudflare » BlockDiagram

Cloudflare » BlockDiagram

Cloudflare » PlantUML

Cloudflare » PlantUML

Keycloak » SSO » LDAP

Keycloak » SSO » LDAP

MinIO » MC » Replicate

MinIO » MC » Replicate

Encrypt » E2E » JWE

Encrypt » E2E » JWE

References

References
Diagram » Kroki » Mermaid Diagram » Kroki » Helm Diagram » Kroki Diagram » Wiki	Mermaid » Chart » Play Mermaid » Chart » Edit

Diagram: Difference between revisions

Latest revision as of 05:43, 25 January 2026

Contents

Example

Cloudflare » BlockDiagram

Cloudflare » PlantUML

Keycloak » SSO » LDAP

MinIO » MC » Replicate

Encrypt » E2E » JWE

References

Navigation menu

@@ Line 1: / Line 1: @@
+==Example==
+{|class='wikitable mw-collapsible mw-collapsed'
+!scope='col' style='text-align:left'| Example
+|-
+|valign='top'|
+<kroki lang='blockdiag'>
+blockdiag {
+  Kroki -> generates -> "Block diagrams";
+  Kroki -> is -> "very easy!";
+  Kroki [color = "greenyellow"];
+  "Block diagrams" [color = "pink"];
+  "very easy!" [color = "orange"];
+}
+</kroki>
+|}
+==Cloudflare » BlockDiagram==
+{|class='wikitable mw-collapsible mw-collapsed'
+!scope='col' style='text-align:left'| Cloudflare » BlockDiagram
+|-
+|valign='top'|
+<kroki lang='blockdiag'>
+blockdiag {
+  Internet [shape = cloud, color = lightblue];
+  Cloudflare [label = "Cloudflare Edge\nArgo Tunnel", color = lightyellow];
+  AWS [label = "AWS Region", color = lightgray];
+  VPC [label = "VPC 10.0.0.0/16\nPrivate Network", color = palegreen];
+  IGW [label = "Internet Gateway", color = lightcyan];
+  Subnet [label = "Private Subnet\n10.0.1.0/24", color = honeydew];
+  SG [label = "Security Group\nInbound: 80, 443\nSSH: Denied", color = mistyrose];
+  PG [label = "Placement Group\nType: Spread or Cluster", color = lavender];
+  EC2A [label = "EC2 Instance 1\ncloudflared", color = white];
+  EC2B [label = "EC2 Instance 2\ncloudflared", color = white];
+  EC2C [label = "EC2 Instance 3\ncloudflared", color = white];
+  Internet -> Cloudflare [label = "HTTP / HTTPS"];
+  Cloudflare -> EC2A [label = "Zero Trust Access"];
+  Cloudflare -> EC2B;
+  Cloudflare -> EC2C;
+  AWS -> VPC;
+  VPC -> IGW;
+  VPC -> Subnet;
+  Subnet -> EC2A;
+  Subnet -> EC2B;
+  Subnet -> EC2C;
+  SG -> EC2A;
+  SG -> EC2B;
+  SG -> EC2C;
+  PG -> EC2A;
+  PG -> EC2B;
+  PG -> EC2C;
+  EC2A -> Cloudflare [style = dotted, label = "Outbound TLS"];
+  EC2B -> Cloudflare [style = dotted];
+  EC2C -> Cloudflare [style = dotted];
+}
+</kroki>
+|}
+==Cloudflare » PlantUML==
+{|class='wikitable mw-collapsible'
+!scope='col' style='text-align:left'| Cloudflare » PlantUML
+|-
+|valign='top'|
+<kroki lang='plantuml'>
+@startuml
+' Styling for Transparency and Layout
+skinparam backgroundColor transparent
+cloud Internet
+node "Cloudflare Edge\nArgo Tunnel" as CF
+package "AWS Region" {
+  package "VPC 10.0.0.0/16" {
+    package "Private Subnet 10.0.1.0/24" {
+      node "EC2 1\ncloudflared" as EC2A
+      node "EC2 2\ncloudflared" as EC2B
+      node "EC2 3\ncloudflared" as EC2C
+    }
+    node "Security Group\n80,443 only\nSSH denied" as SG
+    node "Placement Group\nSpread or Cluster" as PG
+  }
+}
+Internet --> CF
+CF --> EC2A
+CF --> EC2B
+CF --> EC2C
+SG --> EC2A
+SG --> EC2B
+SG --> EC2C
+PG --> EC2A
+PG --> EC2B
+PG --> EC2C
+@enduml
+</kroki>
+|}
+==Keycloak » SSO » LDAP==
+{|class='wikitable mw-collapsible'
+!scope='col' style='text-align:left'| Keycloak » SSO » LDAP
+|-
+|valign='top'|
+<kroki lang='plantuml'>
+@startuml
+' Styling for Transparency and Layout
+skinparam backgroundColor transparent
+skinparam actorStyle      awesome
+autonumber
+actor "User" as user
+participant "App (Jira/Wiki)" as app
+participant "Keycloak (OIDC)" as keycloak
+participant "LDAP (shahed.biz)" as ldap
+participant "Database (PostgreSQL)" as db
+== Management Flow (Admin) ==
+note over keycloak, ldap: Admin creates user in Keycloak UI
+keycloak -> ldap: LDAP ADD (uid=jdoe, ou=Jira, dc=shahed, dc=biz)
+ldap --> keycloak: Success
+== Authentication Flow (OIDC Web App) ==
+user -> app: Access Jira
+app -> user: Redirect to Keycloak Login
+user -> keycloak: Enter Credentials
+keycloak -> ldap: BIND (uid=jdoe) / Verify Credentials
+ldap --> keycloak: Success (OK)
+keycloak -> user: Issue OIDC Token (JWT)
+user -> app: Provide Token
+app -> app: Validate Token & Roles
+app --> user: Access Granted
+== Authentication Flow (Legacy/Database) ==
+user -> db: psql -h db.shahed.biz -U jdoe
+db -> ldap: LDAP BIND (uid=jdoe, ou=DBA, dc=shahed, dc=biz)
+ldap --> db: Success (OK)
+db --> user: Connection Established
+@enduml
+</kroki>
+|}
+==MinIO » MC » Replicate==
+{|class='wikitable mw-collapsible'
+!scope='col' style='text-align:left'| MinIO » MC » Replicate
+|-
+|valign='top'|
+<kroki lang='plantuml'>
+@startuml
+' Styling for Transparency and Layout
+skinparam backgroundColor transparent
+skinparam DefaultFontName Helvetica
+skinparam componentStyle  rectangle
+skinparam shadowing       false
+title MinIO Bucket Replication (Native Sync)
+node "On-Premise Data Center" {
+    database "Source MinIO" as LocalMinio {
+        folder "my-bucket (Source)" as SrcBucket
+    }
+}
+cloud "Public Cloud (AWS/GCS/Azure)" {
+    database "Destination S3" as CloudS3 {
+        folder "my-bucket (Replica)" as DestBucket
+    }
+}
+' The Replication Process
+SrcBucket -[#blue,bold]-> DestBucket : mc replicate (Metadata & Data)
+note bottom of SrcBucket
+  **1. Metadata Stored Locally**
+  - object.jpg (v1)
+  - Full path preserved
+end note
+note bottom of DestBucket
+  **2. Identical Structure**
+  - object.jpg (v1)
+  - **Native Visibility**:
+    Cloud services can read
+    files directly without MinIO.
+end note
+legend right
+  |= Feature |= mc replicate |
+  | Format | Native (Visible) |
+  | Disk Space | Consumed on Both |
+  | Use Case | DR / Cloud Bursting |
+end legend
+@enduml
+</kroki>
+|}
+==Encrypt » E2E » JWE==
+{|class='wikitable mw-collapsible mw-collapsed'
+!scope='col' style='text-align:left'| Encrypt » E2E » JWE
+|-
+|valign='top'|
+<kroki lang='mermaid'>
+sequenceDiagram
+    autonumber
+    participant FE as Frontend (Browser)
+    participant BE as Backend (API Server)
+    Note over BE: Backend owns EC key pair<br/>Private key stays server-side
+    FE->>BE: GET /public-key
+    BE-->>FE: EC Public Key (P-256)
+    Note over FE: Cache backend public key
+    FE->>FE: Create JSON payload
+    FE->>FE: Generate ephemeral EC key pair
+    FE->>FE: Derive shared secret (ECDH)
+    FE->>FE: Derive AES key (HKDF)
+    FE->>FE: Encrypt payload (AES-256-GCM)
+    FE->>FE: Build JWE (ECDH-ES + A256GCM)
+    FE->>BE: POST /api (JWE payload) over HTTPS
+    BE->>BE: Parse JWE
+    BE->>BE: Derive shared secret (ECDH)
+    BE->>BE: Decrypt payload (AES-256-GCM)
+    BE->>BE: Process request
+    BE->>BE: Encrypt response as JWE
+    BE-->>FE: JWE response over HTTPS
+    FE->>FE: Decrypt JWE response
+</kroki>
+|}
 ==References==
-{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0'
+{|class='wikitable mw-collapsible'
-!scope='col' style='text-align:left' colspan='3'|
+!scope='col' style='text-align:left' colspan='3'| References
-References
 |-
 |valign='top' style='width:33%'|
@@ Line 11: / Line 266: @@
 |valign='top' style='width:34%'|
+* [https://www.mermaidchart.com/play Mermaid » Chart » Play]
+* [https://mermaid.live/edit Mermaid » Chart » Edit]
 |valign='top' style='width:33%'|
 |}

Diagram: Difference between revisions

Latest revision as of 05:43, 25 January 2026

Example

Cloudflare » BlockDiagram

Cloudflare » PlantUML

Keycloak » SSO » LDAP

MinIO » MC » Replicate

Encrypt » E2E » JWE

References

Navigation menu

Search