# AfterDark Systems - Infrastructure Architecture

## Production Environment Overview

**Host:** Oracle Cloud Infrastructure (OCI)
**IP:** 129.153.158.177
**OS:** Oracle Linux 8

---

## System Architecture

```
┌─────────────────────────────────────────────────────────────────────┐
│                        INTERNET / CLIENTS                            │
└────────────────────────────┬────────────────────────────────────────┘
                             │
                    ┌────────▼────────┐
                    │   Oracle DNS    │
                    │  ns1-4.p201.*   │
                    └────────┬────────┘
                             │
                    ┌────────▼─────────────────────────────────────┐
                    │         Caddy Reverse Proxy                  │
                    │    (Docker: afterdark-caddy)                 │
                    │  • Automatic SSL/TLS (Let's Encrypt)         │
                    │  • HTTP/2, HTTP/3 Support                    │
                    │  • Multi-domain routing                      │
                    └──┬────────┬───────────┬──────────┬──────────┘
                       │        │           │          │
        ┌──────────────┘        │           │          └─────────────┐
        │                       │           │                        │
   ┌────▼─────┐         ┌──────▼──────┐   │              ┌─────────▼────────┐
   │DNSScience│         │ DomainShots │   │              │    n8n Workflows │
   │   .io    │         │    .ai      │   │              │  (n8nWorkflo.ws) │
   │          │         │             │   │              │                  │
   │ Port:    │         │ Port: 5055  │   │              │ Port: 5678       │
   │ 5000     │         │ (planned)   │   │              │                  │
   └────┬─────┘         └──────┬──────┘   │              └─────────┬────────┘
        │                      │           │                        │
        │                      │           │                        │
        └──────────────┬───────┴───────────┴────────────────────────┘
                       │
        ┌──────────────▼──────────────────────────────────────────┐
        │              PostgreSQL Databases                        │
        │               (Local Installation)                       │
        │  ┌──────────────────────────────────────────┐           │
        │  │ • dnsscience     (Port: 5432)            │           │
        │  │ • domainshots    (planned)               │           │
        │  │ • n8n            (workflow metadata)     │           │
        │  └──────────────────────────────────────────┘           │
        │  • Streaming replication ready                          │
        │  • Automated backups                                    │
        └─────────────────────────────────────────────────────────┘
```

---

## Service Breakdown

### 1. **DNSScience.io** - Threat Intelligence Platform

**Tech Stack:**
- Python Flask API (Gunicorn, 4 workers)
- PostgreSQL (13 tables, 500K+ domains)
- Redis (caching, task queue)
- 13 Background daemons
- DarkAPI.io integration (unlimited threat feeds)

**Features:**
- Domain reputation analysis
- Threat feed ingestion (15+ sources)
- DNS monitoring and change detection
- Real-time domain scoring
- API with token authentication

**Domains Tracked:** 500,000+
**Threat Feeds:** 15+ (via DarkAPI)
**Uptime:** 24/7 automated monitoring

---

### 2. **DomainShots.ai** - Competitive Intelligence Platform (v3.0)

**Tech Stack:**
- Python Flask API (Gunicorn, 4 workers)
- PostgreSQL (22 tables)
- Playwright (headless browser automation)
- Fal.ai (AI vision analysis)
- PIL/Pillow (image processing)

**Features:**
- Real-time website screenshots (desktop, mobile, tablet)
- AI-powered visual change detection
- Competitor tracking and monitoring
- Automated alerts (email, webhook, Slack)
- Watch lists with scheduled captures (hourly to yearly)
- Visual diff generation with pixel-level comparison
- API tokens with rate limiting (4 tiers)

**Capture Frequencies:** Hourly, 2h, 6h, 8h, 12h, 18h, Daily, Weekly, Monthly, Yearly
**AI Categories:** Layout, Content, Pricing, Design, Features, Navigation
**Status:** Built (v3.0), pending production deployment

---

### 3. **n8nWorkflo.ws** - Workflow Automation

**Tech Stack:**
- n8n (Node.js workflow automation)
- PostgreSQL (workflow storage)
- Docker containerized
- MCP server integration

**Features:**
- Visual workflow builder
- 400+ integrations
- Template marketplace
- API endpoint triggers
- Scheduled executions

**Workflows:** Custom automation pipelines
**Integration:** Connected to DNSScience + DomainShots

---

## Infrastructure Components

### Reverse Proxy Layer (Caddy)

```
Managed Domains:
├── dnsscience.io          → localhost:5000
├── www.dnsscience.io      → localhost:5000
├── domainshots.ai         → localhost:5055 (planned)
├── www.domainshots.ai     → localhost:5055 (planned)
├── n8nworkflo.ws          → localhost:5678
└── www.n8nworkflo.ws      → localhost:5678

Features:
• Automatic SSL certificate management
• HTTP → HTTPS redirects (308 Permanent)
• CORS header management
• Health check monitoring
• JSON access logging
```

### Database Layer

```
PostgreSQL Instance:
├── Version: 13.x
├── Authentication: Password + md5
├── Connections: Pooled (5-20 per service)
└── Storage: OCI Block Storage

Databases:
├── dnsscience (Production)
│   ├── 13 tables
│   ├── 500K+ domains
│   └── Real-time threat data
│
├── domainshots (Planned)
│   ├── 22 tables
│   ├── Screenshots, comparisons, competitors
│   └── AI analysis results
│
└── n8n (Workflows)
    ├── Workflow definitions
    ├── Execution history
    └── Credentials (encrypted)
```

### Background Processing

```
DNSScience Daemons (13):
├── domain_discovery_daemon      (New domain ingestion)
├── threat_feed_ingestion        (DarkAPI integration)
├── domain_analysis_daemon       (Risk scoring)
├── whois_update_daemon          (WHOIS data)
├── dns_monitoring_daemon        (DNS change detection)
├── reputation_scoring_daemon    (Real-time scoring)
└── ... (7 more specialized daemons)

Status: All daemons managed via daemon_manager.py
Monitoring: systemd + custom health checks
```

---

## Network & Security

### Firewall Configuration
```
Open Ports:
├── 80   (HTTP  → Caddy → 443 redirect)
├── 443  (HTTPS → Caddy)
└── 22   (SSH - key-based auth only)

Blocked:
├── 5000  (DNSScience - localhost only)
├── 5055  (DomainShots - localhost only)
├── 5432  (PostgreSQL - localhost only)
└── 5678  (n8n - localhost only)
```

### SSL/TLS
- Provider: Let's Encrypt (via Caddy)
- Auto-renewal: Yes
- Protocols: TLS 1.2, TLS 1.3
- HSTS: Enabled (max-age=31536000)

### Authentication
- API Tokens: SHA256 hashed, prefix-based
- Database: Password authentication
- SSH: Key-based only (no password auth)
- Rate Limiting: Per-tier quotas

---

## Monitoring & Observability

### Current Monitoring
```
Grafana Dashboard:  http://129.153.158.177:3333
Login: admin / dnsscience_admin_2026

Metrics Collected:
├── System Resources (Node Exporter)
│   ├── CPU usage
│   ├── Memory utilization (currently 62%)
│   ├── Disk I/O
│   └── Network traffic
│
├── Docker Containers (cAdvisor)
│   ├── Container CPU/Memory
│   ├── Network I/O per container
│   └── Container health status
│
└── Application Metrics
    ├── API response times
    ├── Database query performance
    └── Background daemon status

Scrape Interval: 15 seconds
Retention: 30 days
```

### Logging
```
Application Logs:
├── /var/log/dnsscience/        (DNSScience logs)
├── /var/log/domainshots/       (DomainShots logs - planned)
├── /var/log/caddy/             (Proxy access logs)
└── /var/log/n8n/               (Workflow execution logs)

Log Rotation: Daily
Retention: 30 days
Format: JSON structured logging
```

---

## Deployment Pipeline

### Current Process
```
Development → GitHub → Production

1. Local Development
   └── MacBook Pro (darwin 24.6.0)

2. Version Control
   └── GitHub (private repos)
       ├── dnsscience.io
       ├── domainshots.ai
       └── n8nworkflo.ws

3. Deployment
   ├── SCP/rsync to OCI
   ├── Systemd service management
   └── Zero-downtime restarts

4. Monitoring
   └── Grafana + Prometheus
```

---

## Performance Stats

### DNSScience.io
- **Uptime:** 99.9%
- **Domain Ingestion:** 30+ domains/minute
- **API Response Time:** <100ms (p95)
- **Database Queries:** <50ms (p95)
- **Threat Feed Updates:** Real-time

### DomainShots.ai (Projected)
- **Screenshot Generation:** ~30 seconds/capture
- **Visual Diff:** <5 seconds
- **AI Analysis:** ~10 seconds/comparison
- **Supported Frequencies:** 10 options (hourly to yearly)

### Infrastructure
- **CPU Usage:** ~30% average
- **Memory Usage:** 62% (38.6GB / 62GB)
- **Disk I/O:** Low-moderate
- **Network:** Minimal latency

---

## Technology Stack Summary

| Layer | Technology | Purpose |
|-------|------------|---------|
| **Proxy** | Caddy 2.x | Reverse proxy, SSL termination |
| **Backend** | Python 3.9 + Flask | API services |
| **App Server** | Gunicorn | WSGI server (4 workers) |
| **Database** | PostgreSQL 13 | Primary data store |
| **Caching** | Redis | Session cache, task queue |
| **Automation** | n8n | Workflow orchestration |
| **Screenshots** | Playwright | Headless browser automation |
| **AI/ML** | Fal.ai | Vision model API |
| **Monitoring** | Grafana + Prometheus | Metrics & dashboards |
| **Container** | Docker | Service isolation |
| **OS** | Oracle Linux 8 | Base operating system |
| **Cloud** | Oracle OCI | Infrastructure hosting |

---

## Scalability & Future Plans

### Horizontal Scaling Ready
- Stateless API design
- Database connection pooling
- Shared storage for screenshots (object storage)
- Load balancer ready

### Planned Enhancements
- [ ] Kubernetes migration for auto-scaling
- [ ] Multi-region deployment
- [ ] CDN integration (Bunny.net/Cloudflare)
- [ ] Redis Cluster for high availability
- [ ] PostgreSQL streaming replication
- [ ] Automated CI/CD pipeline

---

**Last Updated:** January 9, 2026
**Maintained By:** Ryan / AfterDark Systems
**Infrastructure:** Oracle Cloud (129.153.158.177)