Ctrlk
Tonic.ai

Fabricate architecture

Organizations with an Enterprise license can host their own instance of Fabricate.

Fabricate is deployed as a Docker-compatible container service and can run on any cloud provider, including:

  • Amazon Web Services (AWS)

  • Microsoft Azure

  • Google Cloud Platform (GCP)

  • A custom virtual private server (VPS)

  • A bare-metal server

For information on how to deploy a self-hosted instance, go to Deploying and managing a self-hosted instance.

Architecture diagram

The following diagram shows the key components and requests flow within the Tonic Fabricate application:

Diagram of the Fabricate architecture

Fabricate components

Web container

Fabricate's web container with the main application powers the main REST API and the web console.

This container is exposed to the internet using a selected load balancer.

pdf-sidecar

Fabricate offloads all PDF generation tasks to a separate isolated pdf-sidecar container that does not have network access.

Application worker

The Fabricate worker container processes off-loaded background and scheduled tasks.

PostgreSQL application database

Fabricate uses PostgreSQL version 16 or higher for its application database.

The main database stores:

  • Accounts

  • Workspaces

  • Users,

  • Database connection details

  • Data Agent chat history and messages

Redis database

Fabricate uses Redis version 7 or higher as a temporary cache store and as a queue for tasks.

SMTP server

Fabricate requires an external SMTP email service for sending user invitations, password resets, and other emails.

You can:

  • Use Amazon Simple Email Service (Amazon SES).

  • Create a new mailbox for Fabricate within your organization.

  • Use another email provider.

LLM provider

Fabricate's features, especially the Data Agent, depend on AI.

To use them, you must configure at least one of the following supported LLM providers:

  • Amazon Bedrock

  • Anthropic

  • Azure AI Foundry

Load balancer

The HTTP/s load balancer terminates HTTPS (TLS) for clients.

You configure it with a certificate from your cloud provider or another CA. The load balancer:

completes the TLS handshake, forwards traffic to Fabricate's application container, and exposes the application to the internet.

For example:

  • Amazon ALB

  • Caddy / Traefik / Nginx / Envoy

NOTE: Exposing the application container directly to the internet is not recommended and considered insecure.

Optional: Cloud storage

Generated data such as datasets and PDF files, and so on are stored locally or in configured Amazon S3-compatible object storage, such as:

  • Amazon S3

  • Google Cloud Storage

  • Azure Blob Storage

  • Backblaze B2

  • Cloudflare R2

  • Other Amazon S3-compatible storage

Optional: Authentication provider

By default, users can create a Fabricate accounts directly in the Fabricate application.

To use an external single sign-on (SSO) or Oauth2 provider, select a built-in integration or connect your own provider.

Fabricate supports any OIDC provider that supports the Authorization Code Flow mode.

For more information on using SSO in Fabricate, go to Single sign-on (SSO).

Last updated

Was this helpful?