Skip to content

The eclean infrastructure map

This page provides an overview of all of the components that make up the eclean infrastructure. Engineers working on our systems must understand our infrastructure settings in order to make decisions about debugging, deployment, and system design.

See below for graphics and descriptions of our important infrastructure components, their relationships, and how they all contribute to the delivery of our services. Consistent updates ensure that this documentation reflects our current infrastructure status.

Security Reminder

While this diagram provides a high-level overview, some security-sensitive information has been intentionally omitted. For further information about infrastructure, please visit our secure internal documentation or contact the infrastructure team.

Infrastructure Overview

This section gives a high-level overview of our infrastructure components and how they interact together. The redesigned figure below displays the basic services and their relationships, along with extra information.

graph LR
    %% External Traffic Sources
    DirectTraffic((Direct IP Traffic<br>All other ports)) --> |Bypasses Cloudflare|DDOS
    WebTraffic((Web Traffic<br>Ports 80/443)) --> CF[Cloudflare]

    %% Security Layers
    subgraph CF_IPs[Cloudflare IPs Whitelisted]
        CF --> |Ports 80/443|DDOS[RoyaleHosting<br>DDOS Protection]
    end

    %% Main Infrastructure
    subgraph Server[RoyaleHosting Server]
        NGINX[Nginx]
        subgraph Containers[Podman]
            APP[Application Stack]
            DB[(Database)]
        end
    end

    %% Main Flow
    DDOS --> NGINX
    NGINX --> APP
    APP --> DB

    %% Position Direct Traffic outside CF_IPs subgraph
    DirectTraffic ~~~ CF_IPs

Dealing With Web Traffic

Before accessing our DDOS protection, all web traffic, HTTP or HTTPS, is routed through Cloudflare. We can't bypass Cloudflare for web traffic by utilising our server's IP address because only Cloudflare's IPv4 addresses are whitelisted for accessing ports 80 (HTTP) and 443 (HTTPS). All other traffic, including SSH and FTP, is routed straight to RoyaleHosting's DDOS protection.

The architectural diagram above uses the Mermaid syntax to demonstrate how data flows and what structural linkages exist in the eclean system. A description of the parts and what they do follows:

Sources of Traffic

Our system handles two basic sorts of traffic:

  • Web Traffic: This includes all HTTP and HTTPS queries that must go through Cloudflare due to IP whitelisting. This ensures that online traffic is safe and manageable.
  • Direct IP data: Any non-web traffic that gets directly to our server's IP address without passing via Cloudflare.

Integration with Cloudflare

Cloudflare manages all web data and ensures its safety and efficiency by:

  • Protecting against Layer 7-specific DDoS assaults.
  • Limiting the rate to prevent abuse.
  • We are protecting ourselves against DNS-related risks by implementing secure DNS responses.
  • SSL/TLS security protects data while it is being transmitted.
  • Using IP whitelisting to control who can access domains ensures that only those who are authorised can visit these locations.

DDOS Protection from RoyaleHosting

RoyaleHosting has a comprehensive security system in place to protect both web and non-web traffic:

  • Layer 3-7 traffic that is not web traffic, such as SSH and FTP, is completely secure.
  • Cloudflare provides Layer 3-4 protection to web data that it proxies.
  • IP whitelisting is used for web ports to ensure that only traffic passing via Cloudflare can access them.
  • Real-time threat detection and mitigation technologies are in place, allowing potential security concerns to be addressed swiftly.

Architecture of the RoyaleHosting server

Our architecture is based on the RoyaleHosting Server, which hosts both apps and databases. It is put together as follows:

  • Nginx is a fast web server that also serves as a reverse proxy, routing requests to the appropriate application containers and ensuring basic content delivery.
  • Containers by Podman:
    • Application stack: This is where the primary business code is stored and dynamic content is sent. Containerising apps makes them safer and easier to scale.
    • Database: This is required to store and retrieve data, and it plays a critical function in ensuring that data is consistent and correct throughout our system.

Cloudflare and RoyaleHosting DDOS Protection ensure that (mainly) only clean, safe data from the Internet reaches the server. Nginx on the server routes traffic to either the application stack for processing or to static content. The application stack communicates with the database to get or put data as needed. This concludes the request cycle.