search

Edge-Based PaaS

hashtag
Goal

Build a low-cost, fault-tolerant, ultra-fast PaaS platform where users deploy applications from their local devices using a CLI. The platform exposes these apps globally via appname.mydomain.com, using a custom-built reverse proxy + tunneling infrastructure.

hashtag
🌐 High-Level Components

hashtag
1. User Device + CLI Agent (Edge)

  • Deploys app locally (e.g., container or static site)

  • Runs a persistent CLI agent

  • Connects to the nearest Gateway Node

  • Maintains a long-lived encrypted tunnel (WebSocket or QUIC)

hashtag
2. Tunnel Gateway Nodes (Cloud)

  • Deployed in multiple regions (e.g., India, US, EU)

  • Maintains persistent tunnels to devices

  • Handles high-speed traffic proxying (minimal I/O)

  • Fully stateless: pulls routing info from registry (or caches locally)

hashtag
3. Global Ingress Proxy (Cloud)

  • Accepts incoming traffic to *.mydomain.com

  • Extracts subdomain (e.g., app1)

  • Queries the Global Agent Registry

  • Proxies request to correct the Gateway Node

hashtag
4. Global Agent Registry (Cloud)

  • Maps app domains to device agent tunnel IDs and status

  • Keeps track of device heartbeats and tunnel status

  • Exposes API to the ingress layer and admin tools

hashtag
5. Control Plane (Cloud)

  • User and app metadata

  • Domain registration

  • Token management

  • TLS certificate provisioning (automated via ACME)

hashtag
🌐 Deployment Breakdown

hashtag
📢 Cloud Components

Component

Cloud Role

Global Ingress Proxy

TLS termination, subdomain routing

Gateway Nodes

Multiplex tunnels, forward traffic

Agent Registry

App-to-tunnel mapping service

Control Plane

Auth, metadata, fallback coordination

hashtag
🌄 Edge Components

Component

Edge Role

CLI Agent

Deploy app locally, connect tunnel

User Device

Host app container/site

hashtag
⚖️ Fault Tolerance Strategy

  • Gateway Nodes are deployed across 3+ regions with Anycast or Global Load Balancer

  • CLI Agent auto-reconnects to the nearest healthy node

  • Agent Registry supports multi-region read replicas

  • Gateway-to-tunnel routing is cached with a TTL for resiliency

  • Optional: Backup app snapshots can run in edge micro VMs for critical apps

hashtag
⚖️ Performance Design

Layer

Optimizations

Gateway Nodes

In-memory routing, no disk I/O

Registry API

Redis or Dragonfly cache, async writes

Tunnels

QUIC or WebSocket with multiplexed streams

TLS

Preloaded certs, wildcard for subdomains

hashtag
✨ Future Enhancements

  • Dynamic load shifting if the agent disconnects

  • Edge node backup if the user device is down

  • Web UI for monitoring the tunnel and app status

  • Pricing layer with usage tracking

  • Secure token auth per agent/app

PreviousMVP Phase 1NextUnderstanding TLS ClientHello and SNI

Last updated