Infrastructure Architecture
Infrastructure Architecture
Trystpilot deploys to Vercel (frontend + API routes) with a PostgreSQL database hosted on
Railway or Supabase. Static assets are served from Vercel’s Edge Network CDN. The Cloudflare
proxy layer sits in front for DDoS mitigation and additional WAF rules. Secrets are managed
via Vercel environment variables (never committed). CI/CD runs on GitHub Actions with the
pr-commit-comments.yml workflow already in place.
graph TD
subgraph "DNS / Proxy Layer"
CF_DNS["Cloudflare DNS\n+ WAF + DDoS protection"]
end
subgraph "CDN / Delivery"
VE["Vercel Edge Network\n(global CDN, static assets)"]
end
subgraph "Compute (Vercel)"
FN["Serverless Functions\n(API routes — Node.js 20)"]
EM["Edge Middleware\n(rate limit, headers)"]
end
subgraph "Data Layer"
PG[(PostgreSQL\nRailway / Supabase)]
Redis[(Upstash Redis\nrate limiting — planned)]
end
subgraph "External Services"
HC["hCaptcha API"]
CF_Analytics["Cloudflare Analytics\nBeacon"]
VA["Vercel Analytics"]
end
subgraph "CI/CD"
GH["GitHub Actions\n(.github/workflows/)"]
GH -->|deploy preview| VE
GH -->|deploy prod| VE
end
Internet --> CF_DNS --> VE
VE --> EM --> FN
FN --> PG
FN --> Redis
FN --> HC
VE --> CF_Analytics
VE --> VA
Environment Separation
| Environment | URL | Trigger |
|---|---|---|
| Production | trystpilot.xyz | Merge to main |
| Preview | *.vercel.app | PR opened / updated |
| Development | localhost:3000 | Local npm run dev |
Secret Management
All secrets injected via Vercel Environment Variables per environment. Reference:
.env.example — canonical list of required vars. Never committed to git.
| Variable | Scope |
|---|---|
DATABASE_URL | Production + Preview |
ADMIN_SECRET | Production only |
NEXT_PUBLIC_CF_ANALYTICS_TOKEN | All |
UPSTASH_REDIS_REST_URL | Production + Preview (planned) |
HCAPTCHA_SECRET | Production + Preview (planned) |
Scalability Considerations
- Vercel auto-scales serverless functions — no manual provisioning
- Database connection pool (
lib/db/client.ts) limits max connections to prevent PG exhaustion - Upstash Redis provides global, low-latency rate limiting without sticky sessions
- Static profile pages can be ISR-cached at the edge once traffic warrants it