How a Four‑Layer Cloud‑Native Architecture Powers Scalable Web, Mobile, and IoT Services

System Architecture Diagram:

Four‑Layer Architecture Design

Presentation Layer

Web front‑end built with HTML5, Vue, CSS3, compatible with major browsers. The presentation layer is fully decoupled from the data layer and communicates with the backend via cross‑origin requests.

APP: Native Android and iOS apps with HTTPS link optimization, anti‑hotlinking and DNS hijack handling.

WeChat Official Account / Mini‑Program: Certain business data are displayed via H5 on the official account; modules that control hardware devices are exposed through a WeChat mini‑program to improve user experience.

RESTful API: Business‑specific services are exposed through standard RESTful interfaces.

Communication Layer

Static content acceleration via Alibaba Cloud CDN.

Server load balancing using Alibaba Cloud SLB.

Data exchange over TCP, HTTP, HTTPS; TCP is implemented with Netty.

Service Layer

Core business functions are implemented as microservices on Spring Cloud.

Spring Cloud provides configuration management, service discovery, circuit breaking, intelligent routing, distributed session, and cluster state management for JVM‑based cloud applications.

Key components include:

Netflix Eureka : Service registry and discovery.

Netflix Hystrix : Circuit breaker for fault tolerance.

Netflix Zuul : Edge service for dynamic routing, monitoring, and security.

Netflix Archaius : Dynamic configuration API.

Spring Cloud Config : Centralized configuration server supporting local, Git, and SVN backends.

Spring Cloud Bus : Event/message bus for propagating state changes across the cluster.

Spring Cloud Sleuth : Distributed tracing with Zipkin/HTrace integration.

Spring Cloud Task : Management of short‑lived microservice tasks and scheduled jobs.

Data Layer

MongoDB – stores unstructured, weakly related data such as device sensor readings.

MySQL – stores transactional and strongly related data like orders and financial records.

HDSF – stores images, videos, and report files uploaded by monitoring devices.

Elasticsearch – part of the ELK stack for log storage and analysis.

Additional Components

Authentication System

Dual‑token JWT mechanism: accessToken for user authentication, refreshToken for obtaining a new accessToken after expiration.

Login flow diagrams illustrate token validation, token refresh, and complete token expiry scenarios.

Log System

Centralized log management using the ELK solution (Elasticsearch, Logstash, Kibana).

Session Management

Custom Netty session handling for monitoring, timeout, and reconnection.

DNS Hijack Mitigation

Addresses issues caused by LocalDNS caching and NAT forwarding by adopting HTTP DNS, which queries an HTTP web server directly, providing accurate IP resolution, better traffic steering, and extensibility.