Fedora + Cloudflare Repository Platform

This repository houses the production infrastructure that powers Michael J Wright’s digital archive. Fedora 6 provides the preservation back-end, Cloudflare delivers the public experience, and the surrounding automation keeps the stack reliable for curators, developers, and partner institutions.

1. System Overview

Layer	Purpose	Key Services
Content & Metadata	Preservation-grade storage for photography, writing, and research artefacts	Fedora 6 (Tomcat), PostgreSQL
Delivery Edge	Secure public access, API proxying, documentation	Cloudflare Worker, Cloudflare Pages, Cloudflare Tunnel
Operations	Monitoring, automation, onboarding	Grafana, Prometheus, Zero Trust (planned), `/docs` hub

Authoritative domains

Public & documentation: https://data.michaeljwright.com.au
Fedora tunnel endpoint: https://fcrepo.michaeljwright.com.au
Branch alias (for internal previews): https://main.fedora-frontend.pages.dev
Curators add and describe new works using secure proxy tools (no direct server access needed).
Developers build integrations against the Worker-protected API endpoints.
Partners retrieve syndicated exports for downstream collections and exhibitions.
Visitors experience the public storytelling site at https://michaeljwright.com.au, which consumes the data curated here.

Stakeholder Roles

Role	Responsibilities	Access Path
Archive Curator	Create/curate Fedora resources, maintain metadata quality, manage version history	Uses Worker-backed tools or ingestion scripts with curator credentials
Digital Producer	Plan releases, coordinate partner feeds, oversee roadmap & checklists	References documentation hub and Grafana dashboards
Developer / Integrator	Extend APIs, build ingestion tooling, maintain Worker and tunnel	Works in this repository, Cloudflare dashboard, and automation scripts
Partner Institution	Consume scheduled exports or API endpoints	Receives exports, uses Worker endpoints with scoped credentials
Public Audience	Explore storytelling front-end, browse curated narratives	Visits `https://michaeljwright.com.au` (separate web project)

2. Quick Start

# Prerequisites: Docker Desktop + Compose, Node 18+, Cloudflare Wrangler CLI

git clone git@github.com:Rob142857/fedoraMJWArtist.git
cd fedoraDockerCloudflare

npm install                 # installs wrangler + build tooling
cp .env.example .env        # add strong secrets before first deploy

pwsh -ExecutionPolicy Bypass -File .\quickstartdockerandcloudflared.ps1 -ForceRestartTunnel

The PowerShell script ensures Docker Desktop is running, starts the Compose stack, and verifies the Cloudflare Tunnel.

Collection Structure (Ready for Curation)

The repository is initialized with the following collection hierarchy:

/fcrepo/rest/
├── paintings/
│   ├── coastal-studies/
│   ├── desert-series/
│   ├── blue-mountains-landscapes/
│   ├── urban-fragments/
│   └── abstract-compositions/
├── drawings/
│   ├── sketches/
│   ├── prints/
│   └── mixed-media/
├── sculptures/
│   ├── bronze-works/
│   ├── wood-carvings/
│   └── installations/
├── photographs/
│   ├── nature-studies/
│   ├── native-flora/
│   ├── urban-fragments/
│   └── portrait-studies/
├── poems/
│   ├── winter-sonnets/
│   ├── nature-poetry/
│   └── urban-meditations/
└── notebooks/
    ├── outback-journals/
    ├── sketchbooks/
    └── travel-writing/

Access Points:

Local curator access: http://localhost:8080/fcrepo/rest/
- Username: curator1
- Password: (set in .env as FEDORA_CURATOR_PASSWORD)
Public API: https://api.data.michaeljwright.com.au/fcrepo/rest/
Direct tunnel: https://fcrepo.michaeljwright.com.au/fcrepo/rest/

For Curators: See docs/curators-guide.md for complete workflow documentation.

Deploy Worker & Pages

# Worker (API proxy)
npx wrangler secret put FEDORA_BASIC_AUTH   # paste "Basic base64(user:pass)"
npx wrangler deploy

# Documentation / frontend
npm run pages:deploy

3. Repository & API Architecture

Collections & Metadata
- Fedora containers mirror archival structure: Root → Collections → {Projects, Exhibitions, Writings}.
- Descriptive metadata uses Dublin Core + custom JSON-LD; technical EXIF/IPTC kept as RDF or JSON binaries.
- Derivative assets (JPEG/WebP) are stored alongside masters for quick delivery.
Ingestion Workflow (Planned)
- Manifest-driven uploader (CSV/JSON) posts binaries + metadata to Fedora REST.
- Fedora memento keeps automatic version history.
- WebAC or Worker enforcement separates curator, read-only, and public access paths.
Syndication APIs
- Cloudflare Worker emits JSON (metadata + signed asset URLs) and optional IIIF manifests.
- Responses are cached with ETags and stored in CDN edge.
- Search metadata will be mirrored into OpenSearch/Algolia for faceted discovery.
Public Site Integration
- michaeljwright.com.au consumes Worker endpoints (/api/v1/...).
- High-res images delivered via Worker signed links or IIIF.
- Editors access a secure Pages admin surface backed by the same API.
Partner Distribution
- Nightly exports (JSON, CSV, METS) and optional OAI-PMH feed.
- Webhooks / queues (e.g., Azure Service Bus) notify partners of new resources.
Governance & Operations
- Rotate Worker secrets quarterly, enforce HTTPS only, audit Cloudflare tunnel logs.
- Snapshot Fedora binaries + Postgres to offsite storage on a schedule.
- Prometheus + Grafana dashboards track ingest latency, Worker health, tunnel status.
- /docs captures metadata standards, runbooks, and onboarding guides.

4. Documentation Hub (`/docs`)

Run npm run build:docs to regenerate HTML artefacts from Markdown sources:

Markdown	Published URL	Primary Audience	Purpose
`docs/project-overview.md`	`/docs/project-overview.html`	Curators & stakeholders	Non-technical story of the archive within the broader project
`README.md`	`/docs/README.html`	Developers & operators	Platform overview, setup, and automation tooling
`PRODUCTION_CHECKLIST.md`	`/docs/PRODUCTION_CHECKLIST.html`	Producers & operations	Go-live checklist and handover steps
`docs/engagement-plan.md`	`/docs/engagement-plan.html`	Producers & partners	Stakeholder onboarding plan
`docs/development-roadmap.md`	`/docs/development-roadmap.html`	Project team	Roadmap, backlog, and status buckets
`docs/fedora-upgrade-guide.md`	`/docs/fedora-upgrade-guide.html`	Operations & developers	Fedora backend update runbook
`docs/ent365-install-guide.md`	`/docs/ent365-install-guide.html`	Operations	ENT365 host deployment checklist

npm run pages:deploy rebuilds documentation and publishes to Cloudflare Pages (custom domain + branch alias).

Audience tip:

Use the cards on the home page (/) for non-technical narratives, runbooks, and deployment checklists.
/docs/README.html remains focused on technical operators; the upcoming Grace Notes page will translate the project vision for curators and stakeholders.

5. Environment & Secrets

Variable	Location	Notes
`FEDORA_ADMIN_USERNAME`, `FEDORA_ADMIN_PASSWORD`	`.env`, injected into Tomcat	Primary Fedora admin
`FEDORA_SECONDARY_USERNAME`, `FEDORA_SECONDARY_PASSWORD`	`.env`	Secondary account (can be repurposed for Worker)
`FEDORA_BASIC_AUTH`	Cloudflare Worker secret	Base64 `user:pass` used for proxy authentication
`POSTGRES_*`	`.env`	Database credentials; rotate with backups

After editing .env, rerun the quickstart script to restart containers and reload Tomcat config.

6. Key Commands

# Verify docker services & tunnel
pwsh -ExecutionPolicy Bypass -File .\quickstartdockerandcloudflared.ps1 -ForceRestartTunnel

# Tail Worker logs
npx wrangler tail

# Deploy Worker + documentation
npx wrangler deploy
npm run pages:preview   # preview on https://main.fedora-frontend.pages.dev
npm run pages:deploy    # publish to https://data.michaeljwright.com.au

# Compose operations
docker compose ps
docker compose logs fcrepo
docker compose down

7. Support & Next Steps

Metadata schema finalisation (SHACL/JSON Schema).
Bulk ingestion tooling & audit logging.
Worker /api/v1 endpoints with pagination + search integration.
Partner export feeds (JSON, CSV, METS, OAI-PMH) and IIIF support.
Cloudflare Zero Trust for curator access and documentation portal.

Track progress in docs/development-roadmap.md and update /docs on each sprint.