Architecture¶

Infrastructure Overview¶

MDU runs on a single Hetzner dedicated server (PRD: 46.225.189.32) with Docker containers for all services.

                    Internet
                       |
                   [ Nginx ]
                   /   |   \
                  /    |    \
    [3dplim:3000] [mdu-api:3001] [static sites]
         |              |            |
    Next.js SSR    Express API    app / admin / early-adopt
         |              |
    +---------+    +---------+
    |         |    |         |
[Postgres] [Redis] [MinIO]  [STL Pipeline:8090]
  pgvector           S3       FastAPI + trimesh
                              |
                         [Langflow:7860]
                         [Ollama:11434]
                         [Base Builder]
                         [Blender Worker]

Docker Containers¶

All containers managed via Docker Compose at /opt/3dplim/docker-compose.yml:

Container	Port	Purpose
`app`	3000	Next.js 16 SSR (3dplim)
`postgres`	5432	PostgreSQL 16 + pgvector
`redis`	6379	Rate limiting, caching
`minio`	9000/9001	S3-compatible object storage
`blender-worker`	-	Background Blender jobs
`meilisearch`	7700	Full-text search

Additional standalone Docker containers:

Container	Port	Purpose
`mdu-stl-pipeline`	8090	STL export microservice
`mdu-langflow`	7860	Langflow AI flow manager
`mdu-base-builder`	-	build123d base generation
`mdu-trimesh-mcp`	-	MCP mesh tools

Systemd Services¶

Service	What it runs
`mdu-api.service`	Express backend (port 3001)
`ollama.service`	Local LLM inference (port 11434)

Nginx Routing¶

All traffic enters via nginx on port 443 (SSL). Key routing rules:

minidreamuniverse.com
  /                    → static landing page (/var/www/mdu-landing/)
  /api/auth/send-otp   → mdu-api (port 3001)
  /api/auth/verify-otp  → mdu-api
  /api/auth/google*     → mdu-api
  /api/generate-model   → mdu-api
  /api/stl-*            → mdu-api
  /api/auth/            → 3dplim (NextAuth)
  /api/webhooks/stripe  → 3dplim
  /api/webhooks/mdu-stripe → mdu-api
  /api/ (catch-all)     → 3dplim

app.minidreamuniverse.com    → /opt/miniature-forge/ (static)
admin.minidreamuniverse.com  → /opt/agenthub-mdu/dist/ (static)
early-adopt.minidreamuniverse.com → /opt/earl-adopt-dream/dist/ (static)
docs.minidreamuniverse.com   → /opt/mdu-docs/site/ (static)

Database¶

PostgreSQL 16 with pgvector extension, running in Docker. Two databases:

`3dplim` (Next.js app)¶

Managed by Prisma ORM.

`mdu_api` (mdu-api backend)¶

Key tables:

Table	Purpose
`profiles`	User accounts (email, name, plan)
`model_generations`	3D model generation records
`rpg_maps`	RPG map generation records
`galleries`	User galleries
`invitations`	Referral invites
`otp_codes`	Email OTP codes
`subscriptions`	Stripe subscription state
`rag_documents`	pgvector RAG embeddings
`pipeline_jobs`	Admin pipeline tracking
`agent_registry`	Registered AI agents
`waitlist`	Beta waitlist

Connection¶

Docker bridge network: 172.18.0.2:5432
Pool: max 20 connections, 30s idle timeout
Parameterized queries only (no SQL injection)

MinIO Object Storage¶

S3-compatible storage at port 9000:

Bucket	Purpose
`mdu-assets`	Generated models, bases, thumbnails
`reference-images`	User-uploaded reference images
`rpg-map-images`	Generated RPG maps

All buckets have public read access. Served via nginx proxy at /api/assets/.

Security Layers¶

Nginx — SSL termination, rate limiting, security headers
CORS — Origin whitelist (12 domains)
JWT Auth — HMAC-SHA256, access + refresh tokens
Row-level security — WHERE user_id = $userId on all queries
SSRF prevention — Domain allowlist on proxy endpoints
Stripe webhook verification — Signature validation + event dedup
Helmet — HSTS, X-Frame-Options, X-Content-Type-Options