Services

Service Catalog

Eight independent services make up the Zelly platform. Each has its own git repo, Dockerfile, and deployment target.

fastify-nova

backend-api-fastify-nova
git: zelly-in/backend-api-fastify-nova
ECS Fargate port 3000

Core API. Entry point for all storefront requests, Shopify webhook processing, order management, catalog, and analytics event publishing. Authenticates requests with Firebase Admin SDK.

Responsibilities

Key environment variables

VariableSourceNotes
DB_HOSTSecrets Manager / .envAurora endpoint
DB_NAMEhardcoded in composeastro_primary
DB_HOST_CUSTOMERsame as DB_HOSTSame Aurora, different schema
CUSTOMER_DB_NAMEhardcoded in composeecom_store_front
REDIS_HOSTinject / ElastiCache endpointBullMQ broker
CLICKHOUSE_HOSTinject / ClickHouse EC2http://<ip>:8123
JWT_SECRETSecrets Manager
RAZORPAY_KEY_IDSecrets Manager
SLACK_WEBHOOK_URLSecrets ManagerAlerts channel

Special file requirement

!
service-account-creds-private.json must exist at the root of the repo before building the Docker image. It is copied in at build time via COPY service-account-creds-private.json ./. Get it from 1Password. This file is gitignored — never commit it.

BullMQ queues produced

store-events              # consumed by events-consumer → ClickHouse
SHOPIFY_WEBHOOK           # consumed by fastify-nova's own worker
SHOPIFY_SETTINGS_PUSH
SHOPIFY_SETTINGS_FETCH
SHOPIFY_CATALOG_SYNC

customer-panel-neptune

customer-panel-neptune
git: zelly-in/customer-panel-neptune
ECS Fargate port 5174

Customer authentication and session service. Handles customer login, signup, SSO flows, and session management for storefronts. Reads/writes the ecom_store_front Aurora schema.

Key environment variables

VariableSourceNotes
DB_HOSTSecrets Manager / .envAurora endpoint
DB_NAMEhardcoded in composeecom_store_front
JWT_SECRETSecrets Manager
COOKIE_SECRETSecrets Manager
SESSION_COOKIE_DOMAINService .envDomain scope for session cookies
EXTERNAL_ADDRESS_API_KEYService .envThird-party address validation

internal-admin-panel-orion / backend

internal-admin-panel-orion/backend
git: zelly-in/internal-admin-panel-orion (backend/ subdirectory)
ECS Fargate port 3022

NestJS backend for internal staff. Powers the Orion admin frontend. Reads astro_primary for tenant/order data and backoffice for analytics aggregates. Uses BullMQ via Redis for async tasks.

Key environment variables

VariableSourceNotes
DB_HOSTSecrets Manager / .envAurora endpoint
DB_DATABASEhardcoded in composeastro_primary
ANALYTICS_DB_HOSTsame as DB_HOSTSame Aurora, different schema
ANALYTICS_DB_DATABASEhardcoded in composebackoffice
REDIS_HOSTinject / ElastiCache endpoint
JWT_SECRET_KEYSecrets Manager
CORS_ORIGINSSecrets ManagerAllowed origins for browser CORS

internal-admin-panel-orion / frontend

internal-admin-panel-orion/frontend
git: zelly-in/internal-admin-panel-orion (frontend/ subdirectory)
Cloudflare Pages

React + Vite SPA for internal staff. Deployed to Cloudflare Pages. Talks to orion-backend ALB over HTTPS. Not in ECS/Terraform scope.

Local dev note

Runs as a Vite dev server in docker-compose on port 5175, proxied through Caddy at http://zelly-admin.test. Caddy rewrites the Host header to localhost to bypass Vite 5+ host allowlist checks.

store-events-consumer

store-events-consumer
git: zelly-in/store-events-consumer
ECS Fargate No ALB

BullMQ worker. Consumes jobs from the store-events Redis queue and batch-inserts them into ClickHouse. Buffers up to 500 events or 3 seconds, whichever comes first.

Key environment variables

VariableSourceNotes
REDIS_HOSTinjected by compose / ElastiCacheBullMQ connection
CLICKHOUSE_HOSTinjected by compose / ClickHouse EC2http://<ip>:8123
CLICKHOUSE_USERservice .envdefault
CLICKHOUSE_DATABASEservice .envanalytics
CLICKHOUSE_TABLEservice .envstore_events
i
This service replaced a previous Kafka-based consumer. The queue name store-events is produced by fastify-nova and consumed here.

storefront-astro-titan

storefront-astro-titan
git: zelly-in/storefront-astro-titan
ECS Fargate NLB · on-demand TLS

Astro SSR storefront. Each merchant has a custom domain; Caddy runs as a sidecar container in the same ECS task and handles on-demand TLS via Let's Encrypt. Certificates are persisted on EFS so they survive task restarts.

How on-demand TLS works

  1. A new merchant domain hits Caddy for the first time.
  2. Caddy calls http://localhost:4321/allow-cert?domain={host} before requesting a cert.
  3. That endpoint in Astro calls CORE_API_URL/validate_tenant_domain/{domain} on fastify-nova.
  4. If fastify-nova confirms the domain belongs to a tenant, Caddy requests the ACME cert from Let's Encrypt.
  5. Cert is stored on EFS and reused on subsequent requests.

Key environment variables

VariableSourceNotes
CORE_API_URLSecrets Manager / injected by composefastify-nova base URL
AUTH_API_URLSecrets Manager / injected by composecustomer-panel base URL
STOREFRONT_API_BEARER_TOKENSecrets ManagerShared secret for API calls

seller-panel-react-atlas

seller-panel-react-atlas
git: zelly-in/seller-panel-react-atlas
Cloudflare Pages

React + Vite SPA for merchant sellers. Deployed to Cloudflare Pages. Talks to fastify-nova ALB over HTTPS. Not in ECS/Terraform scope.

Local dev note

Runs as a Vite dev server in docker-compose on port 5173, proxied through Caddy at http://zelly-seller.test. VITE_API_BASE_URL is set to http://fastify-nova:3000 via a .env.local written by the docker-compose command.

zelly-checkout

zelly-checkout
git: zelly-in/zelly-checkout
Cloudflare Workers

Cloudflare Worker handling the checkout and payment flow at the edge. Already deployed and managed separately — not in Terraform scope. Does not run in docker-compose local dev.