Skip to content

Network Architecture Overview

Jump to bottom Edit New page
RocketQuack edited this page Mar 2, 2026 · 1 revision

Network Architecture Overview

This page explains the default network flow in frappe_docker, especially when you run an external reverse proxy in front of the internal frontend NGINX container.

Key idea

  • External reverse proxy (Traefik/Caddy/Nginx Proxy Manager/NGINX) terminates TLS and routes traffic.
  • Internal frontend service is still NGINX and remains the main entrypoint inside the frappe_network.
  • frontend routes regular HTTP traffic to backend and Socket.IO traffic to websocket.

High-level traffic flow

flowchart LR
  U[Browser] -->|HTTPS :443| P[External Reverse Proxy]

  subgraph HOST[Docker Host]
    direction LR

    subgraph NET[frappe_network]
      direction LR

      FE[frontend<br/>Internal NGINX<br/>:8080]
      BE[backend<br/>Gunicorn / Frappe<br/>:8000]
      WS[websocket<br/>Node - Socket.IO<br/>:9000]

      RC[(redis-cache)]
      RQ[(redis-queue)]
      DB[(MariaDB / Postgres)]
    end
  end

  P -->|HTTP → :8080| FE
  FE -->|/api, /app, /assets| BE
  FE -->|/socket.io| WS

  BE --> RC
  BE --> RQ
  WS --> RQ
  BE --> DB

  classDef client fill:#eef2ff,stroke:#4f46e5,stroke-width:1.2px,color:#111827;
  classDef proxy  fill:#f1f5f9,stroke:#334155,stroke-width:1.2px,color:#0f172a;

  classDef svc    fill:#ecfeff,stroke:#0891b2,stroke-width:1.2px,color:#0f172a;
  classDef store  fill:#fff7ed,stroke:#c2410c,stroke-width:1.2px,color:#7c2d12;

  style HOST fill:#f8fafc,stroke:#94a3b8,stroke-width:1.2px;
  style NET  fill:#fefce8,stroke:#eab308,stroke-width:1.2px;

  class U client;
  class P proxy;
  class FE,BE,WS svc;
  class RC,RQ,DB store;
Loading

Request + WebSocket sequence

sequenceDiagram
    autonumber
    actor B as Browser
    participant P as External Reverse Proxy
    participant F as frontend<br/>Internal NGINX :8080
    participant A as backend<br/>Gunicorn / Frappe :8000
    participant S as websocket<br/>Node - Socket.IO :9000

    rect rgb(248,250,252)
      Note over B,P: HTTPS ingress
      B->>P: HTTPS request<br/>Host: erp.example.com<br/>Port: 443
    end

    rect rgb(254,252,232)
      Note over P,F: Forward to Docker network
      P->>F: HTTP proxy<br/>to :8080
    end

    rect rgb(236,254,255)
      Note over F,A: App/API path
      F->>A: /api, /app, /assets<br/>HTTP request
      A-->>F: HTTP response
    end

    P-->>B: Response (HTML/JSON/assets)<br/>via frontend

    rect rgb(236,254,255)
      Note over B,S: Realtime / WebSocket
      B->>P: WebSocket upgrade<br/>GET /socket.io
      P->>F: Forward Upgrade + Connection<br/>headers
      F->>S: Proxy /socket.io<br/>to :9000
      S-->>B: Realtime events
    end
Loading
Add a custom footer

Clone this wiki locally