# Architecture
ApisCP uses a variety of services managed directly by ApisCP with minimal configuration. The diagram and table summarize components and relevant documentation for each segment.
| Service Group | Service | Role |
|---|---|---|
| ApisCP | ||
| Apache | UI | |
| apnscpd | Privileged communication | |
| Horizon | Job runner | |
| Proxy | Frontend panel proxy (optional) | |
| Redis | Temporary storage | |
| BoxFS (filesystem) | ||
| OverlayFS | Account segregation and copy-up | |
| haproxy | SSL/TLS termination | |
| Dovecot | IMAP/POP3 | |
| Postfix | SMTP | |
| PostSRSd | Sender-rewriting scheme | |
| Pigeonhole | IMAP sieve language | |
| rspamd | Spam filter, policy milter, DKIM (optional) | |
| SpamAssassin | Spam filter (optional) | |
| Redis | Temporary storage for rspamd | |
| Maildrop | Local delivery agent | |
| Authlib | LDA delivery translation | |
| Majordomo | Mailing lists | |
| Apache (HTTP) | ||
| Apache | HTTP server, high-performance configuration | |
| PHP-FPM | PHP service workers | |
| Passenger | Polyglottal language launcher | |
| Pagespeed | HTML rendering optimizer | |
| mod_cache | Output cache | |
| Web application firewall | ||
| Evasive | Brute-force protection | |
| Fortification | Privilege separation framework | |
| ModSec | Malware protection | |
| ClamAV | Malware scanner | |
| Firewall | ||
| Rampart | Threat deterrent, firewall | |
| Resource enforcement | ||
| cgroups | Per-account resource limitations | |
| Statistics | ||
| TimescaleDB | Long-term server + account statistics | |
| Argos (monitoring) | ||
| Monit | Service monitoring | |
| ntfy | Defect alerts | |
| Services | ||
| MySQL | Panel frontend data, web apps | |
| OpenSSH | SSH server | |
| PostgreSQL | Account metadata, mail routing, statistics storage | |
| rsyslog | Logging | |
| vsftpd | FTP server |