Technical architecture, system design principles, and infrastructure details for the primary application server
- Microservices Architecture: Each service runs in its own container
- Centralized Authentication: Authentik provides SSO for all services
- Automated TLS: Caddy handles automatic HTTPS certificates
- Persistent Storage: External Docker volumes ensure data persistence
- Automated Backups: Restic backs up to multiple cloud providers
All services connect through a shared Docker network named caddy, allowing:
- Inter-service communication using container names
- Isolation from the host network
- Centralized traffic routing through Caddy
- Authentik: Enterprise-grade identity provider with SSO capabilities
- PostgreSQL database backend
- Redis for caching and sessions
- Worker processes for background tasks
- Paperless-ngx: Digital document management system
- OCR processing via Gotenberg and Apache Tika
- PostgreSQL database storage
- Redis message broker
- Paperless-AI: AI-powered document analysis addon
- n8n: Workflow automation platform
- Syncthing: File synchronization
- MetaMCP: Model Context Protocol server management
- Code-Server: VS Code in the browser
- Jupyter: Interactive Python notebooks
- CyberChef: Data transformation toolkit
- Ollama: Local LLM inference
- Qdrant: Vector database for embeddings
- Whisper: Speech-to-text transcription
- Stirling-PDF: PDF manipulation tools
- Microbin: Secure paste service
- Pingvin-Share: File sharing platform
- Mealie: Recipe management
- Homebox: Home inventory system
- Karakeep: Bookmark management with Meilisearch
- Grafana: Metrics visualization
- InfluxDB: Time-series database
- Dozzle: Container log viewer
- Seq: Structured log aggregation
- Beszel: System monitoring
- Ghost: Blogging platform
- Baserow: No-code database
- Headless Chrome: Browser automation
## Required volumes (create before first run)
docker volume create caddy_data
docker volume create influxdb_data
docker volume create grafana_data
docker volume create auth-db
docker volume create auth-redis
docker volume create mealie_data
docker volume create paperless-db
docker volume create paperless-broker
docker volume create n8n-data
./qdrant: Vector database storage./ollama: LLM model storage./meili: Meilisearch data./paperless/export: Document exports- Various service-specific directories
-
Document Export: Paperless documents are exported before backup
-
Restic Snapshots: Incremental backups to cloud storage
-
Multiple Destinations:
- Backblaze B2 (primary)
- Hetzner Storage Box (secondary)
## Run complete backup
sudo -E ./backup.sh
## Manual backup to specific destination
sudo -E resticprofile -c profile.yaml -n backblaze backup
sudo -E resticprofile -c profile.yaml -n hetzner backup
- Large model files (Ollama)
- Temporary data
- Cache directories
- System logs
## Update all services
docker-compose pull
docker-compose up -d
## View service status
docker-compose ps
## Check service logs
docker logs <container-name>
## Access service shell
docker exec -it <container-name> sh
- Services use Docker labels for automatic configuration
- External services configured in
caddy/etc/Caddyfile
- Reload after changes:
./reload-caddy.sh
- Define service in
docker-compose.yml
- Add Caddy labels for reverse proxy:
- Create necessary volumes
- Configure environment variables in
.env
- Deploy:
docker-compose up -d service-namelabels:
caddy: service.speicher.family
caddy.reverse_proxy: "{{upstreams 8080}}"
- Use external volumes for persistent data
- Configure health checks
- Set resource limits if needed
- Document service-specific maintenance
- Add to backup exclusions if appropriate
The server implements a comprehensive MCP infrastructure for AI knowledge integration:
- MCP Proxy: SSE-based proxy bridging stdio MCP servers to HTTP
- MetaMCP: PostgreSQL-backed aggregator for unified AI context
- Custom MCP Servers: Integration with Todoist, Wiki.js, Karakeep, Paperless-ngx, n8n
For detailed MCP operations and management, see the Services Documentation.
Lucille4 uses Docker label-based configuration with lucaslorentz/caddy-docker-proxy:
labels:
caddy: service.speicher.family
caddy.reverse_proxy: "{{upstreams 8080}}"
This eliminates the need for manual Caddyfile entries for most services.