Architecture

Dreambau runs as a multi-service self-hosted platform on Kubernetes (k3s), fronted by Traefik ingress and automated TLS.

Platform Layers

  • Edge and routing: Traefik ingress, host-based routing, HTTPS termination
  • Certificate management: cert-manager with Let’s Encrypt issuer
  • Application layer: Cap, NocoDB, n8n, Novu, Invoice Ninja, AFFiNE, and others
  • Data layer: MySQL, PostgreSQL, MongoDB, Redis, and object storage paths
  • Automation layer: scheduled jobs for backup, certificate health, and service tasks

Request Flow

  1. Client reaches a public domain such as cap.dreambau.com.
  2. Traefik receives the request and matches host rules.
  3. cert-manager-provisioned TLS certificate is presented.
  4. Traffic is forwarded to the target service.
  5. Application resolves dependencies through in-cluster service DNS.

Reliability Principles

  • Each service keeps isolated manifests and deployment scripts.
  • Stateful components use PVC-backed storage.
  • Operational scripts are standardized for repeatability.
  • Changes are applied incrementally and verified immediately.