On-prem deployment

Architecture

[LB] --- HTTPS --→ [Unimoni API × N]
                    ↓
              [Postgres HA (primary + replicas)]
                    ↓
              [Prometheus-compatible TSDB × N]
                    ↓
              [Storage: SAN / NFS / Cloud blob]

Minimal stack

• 2× Unimoni API (active/active behind the LB)
• 1× Postgres primary + 1× read replica
• 1× Prometheus-compatible TSDB
• 1× Cabinet (Next.js prod build)

HA

• Postgres: streaming replication + automatic failover (Patroni / managed)
• TSDB: a clustered mode (select / store / insert split apart)
• API: stateless, any number behind the LB

TLS

A terminator (nginx/caddy/HAProxy) in front of the API. The mTLS listener (:8443) goes directly — for agents, TLS termination must happen on the API itself (CA-cert validation requires it).