# Fabricate architecture
Organizations with an Enterprise license can host their own instance of Fabricate.
Fabricate is deployed as a Docker-compatible container service and can run on any cloud provider, including:
* Amazon Web Services (AWS)
* Microsoft Azure
* Google Cloud Platform (GCP)
* A custom virtual private server (VPS)
* A bare-metal server
For information on how to deploy a self-hosted instance, go to [Deploying and managing a self-hosted instance](/fabricate/self-hosting-fabricate/deploying-and-managing-a-self-hosted-instance.md).
## Architecture diagram
The following diagram shows the key components and requests flow within the Tonic Fabricate application:
Diagram of the Fabricate architecture
## Fabricate components
### Web container
Fabricate's web container with the main application powers the main REST API and the web console.
This container is exposed to the internet using a selected load balancer.
### pdf-sidecar
Fabricate offloads all PDF generation tasks to a separate isolated pdf-sidecar container that does not have network access.
### Application worker
The Fabricate worker container processes off-loaded background and scheduled tasks.
### PostgreSQL application database
Fabricate uses PostgreSQL version 16 or higher for its application database.
The main database stores:
* Accounts
* Workspaces
* Users,
* Database connection details
* Data Agent chat history and messages
### Redis database
Fabricate uses Redis version 7 or higher as a temporary cache store and as a queue for tasks.
### SMTP server
Fabricate requires an external SMTP email service for sending user invitations, password resets, and other emails.
You can:
* Use Amazon Simple Email Service (Amazon SES).
* Create a new mailbox for Fabricate within your organization.
* Use another email provider.
### LLM provider
Fabricate's features, especially the Data Agent, depend on AI.
To use them, you must configure at least one of the following supported LLM providers:
* Amazon Bedrock
* Anthropic
* Azure AI Foundry
### Load balancer
The HTTP/s load balancer terminates HTTPS (TLS) for clients.
You configure it with a certificate from your cloud provider or another CA. The load balancer:
completes the **TLS** handshake, forwards traffic to Fabricate's application container, and exposes the application to the internet.
For example:
* Amazon ALB
* Caddy / Traefik / Nginx / Envoy
{% hint style="info" %}
NOTE: Exposing the application container directly to the internet is not recommended and considered insecure.
{% endhint %}
### Optional: Cloud storage
Generated data such as datasets and PDF files, and so on are stored locally or in configured Amazon S3-compatible object storage, such as:
* Amazon S3
* Google Cloud Storage
* Azure Blob Storage
* Backblaze B2
* Cloudflare R2
* Other Amazon S3-compatible storage
### Optional: Authentication provider
By default, users can create a Fabricate accounts directly in the Fabricate application.
To use an external single sign-on (SSO) or Oauth2 provider, select a built-in integration or connect your own provider.
Fabricate supports any OIDC provider that supports the Authorization Code Flow mode.
For more information on using SSO in Fabricate, go to [Single sign-on (SSO)](/fabricate/fabricate-accounts-and-users/managing-account-users/single-sign-on-sso.md).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.tonic.ai/fabricate/self-hosting-fabricate/fabricate-architecture.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.