🌐 EdgeHit Controller

EdgeHit Controller acts as the central control plane of the CDN network.
It stores configuration objects for Load Proxy nodes and exposes a web console for operators to manage and monitor the CDN cluster.

🚪 Public-Facing Services

These services listen on 0.0.0.0 and are exposed to external clients (e.g., managed LoadProxy nodes) for real-time configuration and telemetry syncing.

Component	Port(s)	Role / Description
Redis Server	`9001`	Stores LoadProxy configuration and system-wide settings
ClickHouse Server	`8443`	Stores traffic data for billing and analytics
Web Dashboard Server	`80 / 443`	Web-based management interface for administrators and operators

🔏 Host-Only Administrative Services

These services are bound to 127.0.0.1 and are used by internal tools or developers for diagnostics, troubleshooting, and low-level access.

Component	Port(s)	Role / Description
ClickHouse Client	`19000`	CLI access to ClickHouse for querying analytics data
Redis Client (default instance)	`16379`	Queries system-wide config values such as the latest config `HEAD` reference
Redis Client (config_db instance)	`16380`	Retrieves LoadProxy configuration (NGINX config, BIND9-style DNS zone files) from `config_db` instance
PostgreSQL Client	`15432`	Queries PostgreSQL for configuration records defined via the web dashboard

Note

🔒 Services bound to 127.0.0.1 are only accessible locally for security purposes.

🖥️ Web Dashboard Server

The Web Dashboard is the core component of the EdgeHit Controller platform.
It provides a web-based console for both customers and administrators to manage domains, origin servers, and other configuration elements.

Supports Role-Based Access Control (RBAC), allowing user accounts to be assigned roles with scoped permissions, such as viewer, editor, or admin
Enables multi-tenant access and configuration isolation per customer or team

⬆️ Redis Master Server

Redis is a high-performance, in-memory key-value database. Within the EdgeHit platform, Redis is deployed in a master/slave architecture to facilitate low-latency configuration synchronization across distributed LoadProxy nodes.

The system provisions two distinct Redis server instances, each encapsulated in its own Docker container, tailored for specific roles within the CDN control plane.

config_db Instance
Exposed on 0.0.0.0:9001, enabling external access over TLS with x.509 certificate-based client authentication.

Security Note

TLS with mutual authentication (x.509) ensures both encryption and identity verification of clients.
- Locally accessible on 127.0.0.1:16380 for administrative access using redis-cli.
- Implements Redis-native PSK (Pre-Shared Key) authentication as an additional access control layer.
- Queried by LoadProxy nodes to fetch and synchronize the latest configuration state.
- Serves as the centralized configuration data store, enabling consistent state management across the CDN network.
default Instance
Locally accessible on 127.0.0.1:16379 for administrative access using redis-cli.
Not exposed to the public — available only on internal loopback interface
Not exposed externally, ensuring that only internal processes can interact with this instance.
Utilized by EdgeHit backend services, including the Web Dashboard, to resolve the currently active configuration version.
Secured with Redis-native PSK authentication, maintaining consistent security posture even for internal components.
Maintains a dedicated key-value entry serving as a HEAD reference, analogous to Git, which points to the latest deployed configuration object.

💹 Clickhouse Server

ClickHouse is a high-performance, column-oriented database management system (DBMS) optimized for real-time analytics on large-scale datasets. Within the EdgeHit Controller control plane, it serves as the core component for per-domain request tracking and customer billing computation.

🔗 Access Details:
The ClickHouse server in EdgeHit Controller listens on port 8443 for public requests. PSK based authentication is needed for Database Access

🔄 Data Ingestion Flow:

Managed LoadProxy nodes are configured to parse NGINX access logs and forward structured request data to the ClickHouse server.
Each log entry is decomposed into distinct fields, which are then mapped to corresponding columns in the ClickHouse schema to support downstream billing logic and usage analytics.

🛠️ Administrative Access:

For remote management and interactive queries, web-based ClickHouse clients such as Tabix can connect securely over HTTPS on port 8443.
Additionally, a local administrative interface is exposed at 127.0.0.1:19000, enabling CLI-based diagnostics and manual query execution by system operators.

📅 Postgres Server

PostgreSQL is a robust, open-source Relational Database Management System (RDBMS). Within the EdgeHit Controller platform, it is used to persist all web dashboard configuration data submitted by administrators or customers.

These configurations are then used to generate underlying system definitions, which are transmitted to managed LoadProxy nodes for deployment and enforcement.

Security Note

The PostgreSQL CLI interface is bound to 127.0.0.1:15432 and is restricted to local access only, ensuring that no external entities can directly access the database.

🛠️ Remote Administration (Test Environments):
To facilitate database access in controlled environments (e.g., development, testing, staging), a web-based SQL administration tool such as Adminer is deployed.

📊 Node Exporter

EdgeHit implements a monitoring & observability stack using Node Exporter, Prometheus, and Grafana to provide real-time observability.

Node Exporter runs as a containerized service on EdgeHit Controller and exposes system metrics such as CPU usage, I/O statistics, filesystem status, and network performance.
The Node Exporter instance listens on port 9100, serving metrics over HTTPS.
To protect access, the exporter is secured using Pre-Shared Key (PSK)–based HTTP authentication, configured natively within the Node Exporter service.

Metrics collected by Node Exporter are scraped by Prometheus, which aggregates and stores the time-series data. This data is then visualized in Grafana dashboards for operational monitoring and alerting.