Skip to main content

TechDocs Architecture

Basic (out-of-the-box)

When you deploy Backstage (with TechDocs enabled by default), you get a basic out-of-the box experience.

TechDocs Architecture diagram

Note: See below for our recommended deployment architecture which takes care of stability, scalability and speed. Also look at the HOW TO migrate guide.

When you open a TechDocs site in Backstage, the TechDocs Reader makes a request to techdocs-backend plugin with the entity ID and the path of the current page you are looking at. In response, it receives the static files (HTML, CSS, JSON, etc.) to render on the page in TechDocs/Backstage.

The static files consist of HTML, CSS and Images generated by MkDocs. We remove all the JavaScript before adding them to Backstage for security reasons. And there is an additional techdocs_metadata.json file that TechDocs needs to render a site. It's important that you use either techdocs-cli or techdocs-container to generate the docs for the expected output.

The TechDocs Reader then applies a list of "Transformers" (see Concepts) which modify the generated static HTML files for a number of use cases e.g. Remove certain headers, filter out some HTML tags, etc.

Currently, we use the Backstage server's (or techdocs-backend's) local file system to store the generated files. However, it's ideal to use an external storage system (e.g. AWS S3, GCS or Azure Blob Storage). Read more in using cloud storage.

This is how we recommend deploying TechDocs in a production environment.

TechDocs Architecture diagram

The key difference in the recommended deployment approach is where the docs are built.

We assume each entity lives in a repository somewhere (GitHub, GitLab, etc.). We recommend using a CI/CD pipeline with the repository that has a dedicated step/job to generate docs for TechDocs. The generated static files are then stored in a cloud storage solution of your choice.

Similar to how it is done in the Basic setup, the TechDocs Reader requests techdocs-backend plugin for the docs site. techdocs-backend then requests your configured storage solution for the necessary files and returns them to TechDocs Reader.

Depending on your chosen cloud storage provider and its real-world proximity to your backend server, there may be a comparably high amount of latency when loading TechDocs sites using this deployment approach. If you encounter this, you can optionally configure the techdocs-backend to cache responses in a cache store supported by Backstage.

Security consideration

Our biggest security concern is managing the access to the docs in the cloud storage. We also want to have only one security solution for all different types of storage (GCS, AWS, custom SFTP server, etc.) Restricting access to the storage and only allowing techdocs-backend to fetch files is a good way to achieve this.

This would also allow us to use the access control management Backstage when that is ready. Track progress here.

In theory, you can directly enable TechDocs Reader to read from your storage. But, you will have to think about how to do it without the docs being public and how access to user groups is managed.

For cloud storage access tokens, techdocs-backend only needs a token with Read permissions. But in your CI/CD system, there needs to be a token with Write permissions to publish the generated docs site files.


Q: Why do you have separate "basic" and "recommended" deployment approaches?

A: The basic or out-of-the-box setup is what you get when you create a new app or do a git clone of the Backstage repository. We want the first experience to just work magically so that you can have your first experience with TechDocs which is smooth. However, if you decide to deploy Backstage/TechDocs for production use, the basic setup would work but there are going to be downsides as you scale with the number of documentation sites and sizes of them. So you would want to make sure the deployment is as stable as possible. Hence there is a recommended approach. There can be even more deployment approaches to TechDocs and we welcome such "Alternative" ideas from the community.

Q: Why don't you recommend techdocs-backend local filesystem to serve static files?

A: It makes scaling a Backstage instance harder. Think about the case where we have distributed Backstage deployments (e.g. multiple Kubernetes pods of your Backstage app). Using a separate/central file storage system for TechDocs is necessary to make sure sites are persistent when the servers/pods are restarted and avoid duplicating sites per instance. By having an external storage, we are making it easier to do some operations like delete a docs site or wipe its contents.

Q: Why aren't docs built on the fly i.e. when users visits a page, generate docs site in real-time?

A: Generating the content from Markdown on the fly is not optimal. Storage solutions act as a cache for the generated static content. TechDocs is also currently built on MkDocs which does not allow us to generate docs per-page, so we would have to build all docs for a entity on every request.

Q. Can you use the techdocs plugin without the techdocs-backend plugin?

A: techdocs and techdocs-backend plugins are designed to be used together, like any other Backstage plugin with a frontend and its backend (catalog, scaffolder, etc.). If you set your Backstage instance to generate docs on the server, techdocs-backend will be responsible for managing the whole build process, making sure it's scalable. It is responsible for securely communicating with the cloud storage provider, for both fetching static generated sites and publishing the updates. There are other planned features like an authentication layer for users to determine whether they have the permission to view a particular docs site. There are a handful of features which are extremely hard to develop without a tightly integrated backend in place. Hence, support for techdocs without techdocs-backend is limited and challenging to develop.