Skip to content

Architecture patterns

Amy Farrell edited this page Jan 5, 2025 · 9 revisions

These descriptions cover some of the techniques we're using to provide web services. They're meant to provide a conceptual overview. These are not complete or exact diagrams of what we've actually deployed.

Public static web site

Drupal CMS

  • Audiences:
    • Content team
    • Contact center (via API)
  • Purpose: maintain content for Public static web site
  • Drupal CMS diagram

WAF

  • Audience: any external web client
  • Purpose:
    • Route web traffic to appropriate app (based on hostname and/or path)
    • Forbid some traffic
    • Serve "redirects" for requests to decommissioned domains

API poller

We can use the API poller pattern when the data will vary over time, but will be the same for every visitor within a given timeframe.

  • Audience: general public
  • Purpose: Retrieve data from an API server and summarize it for use in a web page or web application
    • Authenticate securely with the API server
    • Limit the number of API requests we make, compared with on-demand queries
    • Refresh data at a regular rate, independent of updates to the Public static site
    • API Poller diagram

A note about crons

To come

API proxy

Not yet implemented!

In order to use data from external web services "on the fly," we'll need a server to handle the connection to the external service.

  • Audience: general public
  • Purpose: Retrieve data from an API server for use in a web page or web application
    • Authenticate securely with the API server
    • Cache results as appropriate, to limit the number of API requests made
    • API requests may be user-specific and on-demand
    • API proxy diagram

Egress proxy

We deploy apps (except for the egress proxy) into cloud.gov spaces that disallow outgoing traffic beyond trusted IP ranges. If an app needs to communicate with an external service, we route that traffic through an Egress proxy server that's configured with an allowlist of expected domains.

  • Audience: N/A
  • Purpose: Allow a process on one of our apps to communicate with an external service, for example:
    • Calling an external API
    • Sending log data to New Relic
  • Egress proxy diagram

Log shipper

To come

Redirects

To come

Dev, stage, and production environments