Skip to content

Drupal CMS

Amy Farrell edited this page Jan 5, 2025 · 8 revisions

Part of USAGov Architecture patterns

The Drupal CMS runs Drupal plus some additional services in order to build the static assets for the Public static web site.

C4Context
  title Drupal CMS diagram
  Boundary(internet, "Internet", "the web") {
    Person(DrupalUser, "Content editor, site admin, etc.")
    System(GSAAuth, "GSA Auth")
    Person(AnonUser, "Anonymous user")
    Boundary(cloud_gov_boundary, "Cloud.gov", "") {
      Boundary(usagov_boundary, "USAgov org boundary", "") {
        Container(cms_app, "CMS", "drupal, nginx")
        ContainerDb(s3_storage, "S3 storage", "static web assets")
        ContainerDb(rds_database, "RDS", "Drupal data", "mySQL")
      }
    }
  }
  Rel(DrupalUser, cms_app, "HTTPS", "GET,HEAD,POST,PATCH")
  Rel(AnonUser, cms_app, "HTTPS", "GET,HEAD")
  Rel(DrupalUser, GSAAuth, "HTTPS")
  Rel(cms_app, s3_storage, "HTTPS/TLS", "read/write")
  Rel(cms_app, rds_database, "TLS", "read/write")
  UpdateRelStyle(DrupalUser, cms_app, $offsetX="-20", $offsetY="-180")
  UpdateRelStyle(AnonUser, cms_app, $offsetX="-90", $offsetY="-90")
  UpdateElementStyle(AnonUser, $bgColor="gray")
  UpdateElementStyle(s3_storage, $bgColor="yellow", $fontColor="black")
  UpdateLayoutConfig($c4ShapeInRow="2")

Loading

The CMS app includes

  • Drupal, drush
  • nginx
  • shell scripts
    • Run drupal/tome to generate static HTML
    • Assemble static HTML plus other assets
    • Copy all to S3 (aws-s3)
  • Cron (via s6 overlay)

GSA Auth

GSA Auth provides authentication. There is an implicit communication between the CMS app and GSA Auth, but this is all mediated by the web client (represented here as "Drupal user").

Key connections to other systems

  • S3 storage is the same as the S3 storage used by the Public static web site. The CMS app writes to this S3 bucket and the WWW app reads from it.
  • The WAF app sits between the public internet and the CMS.
  • The CMS app uses the Egress proxy to send APM data to New Relic
  • A log drain connects the CMS app to the Log shipper.

Implementation notes

  • Docker image. We use a base linux image and explicitly add most of what's needed. This is our most complex build, with two intermediate containers (composer and node) used to build assets for the final cms container.
  • Dockerfile: Dockerfile-cms
  • Source files for image:
  • Part of the build for local development