Platform overview
The platform section is for operators running their own Delphi deployment. A deployment is a small set of Docker Compose services running on dedicated cloud instances connected by a private network.
If you are bringing up a new deployment for the first time, start with Getting started. If you operate an existing deployment, jump to the service operations page for the role you are working on.
High-level diagram
Service types
Every deployment is built from the same nine services plus a bastion. They group into four roles by surface area:
| Role | Services | What they do | Network |
|---|---|---|---|
| Edge | TelPro, Web | Terminate the public internet — SIP, WebRTC, dashboard. | Public IP |
| App | API, Voice, Ops | Stateless application logic — call processing, REST/WS API, jobs, scaling. | Private only |
| Stateful | Database, Media, SigNoz | Persist data — Postgres + Redis, TTS audio, observability store. | Private, volumes |
| Egress / mgmt | Squid, Bastion | Outbound proxy for private VMs and SSH jump host. | Public IP |
| Service | What it does | Public | Stateful | Operations page |
|---|---|---|---|---|
| TelPro | Public-facing telephony gateway — Kamailio SIP, RTPEngine media, Janus WebRTC, coturn TURN. | Yes (static) | No | TelPro |
| Web | TelWeb dashboard (Next.js) behind Caddy with auto-HTTPS. Also reverse-proxies SigNoz. | Yes (static) | No | Web |
| API | TelAPI Fastify HTTP/WebSocket server. Multiple instances behind a managed load balancer with sticky sessions. | Via LB | No | API |
| Voice | Asterisk PBX (TelSys) plus the AI conversation engine (TelPhi). Horizontally scalable. | No | No | Voice |
| Database | PostgreSQL 17 and Redis 7 (with optional pgbouncer). Attached block storage at /mnt/data. | No | Yes | Database |
| Media | Caddy + media-upload — private HTTPS TTS audio cache. Optional but recommended. | No | Yes | Media |
| Ops | Scaler (autoscales API and Voice) and Tasker (background jobs, cron, DB backups, email). | No | No | Ops |
| SigNoz | OpenTelemetry backend (logs, metrics, traces). Static private IP 10.0.1.10. Public via Web/Caddy. | Via Web | Yes | SigNoz |
| Squid | HTTP/HTTPS forward proxy for every private VM that has no public IP — ECR pulls, AWS APIs, AI providers, SMTP relay. | Yes (private clients) | No | Squid |
| Bastion | SSH jump host. Only public path into the private network for operators. | Yes | No | — |
State and persistence
All services except Database, Media, and SigNoz are stateless — they can be destroyed and recreated without data loss. The three stateful services keep their data on attached block volumes. Postgres is the single source of truth; everything else is recoverable from it.
Scalability
API and Voice are horizontally scalable; TelPro, Web, Database, Media, SigNoz, Ops, and Squid run as a single instance per deployment. The Ops Scaler can drive cloud-provider APIs to add or remove API/Voice instances based on utilization.
Call paths in one minute
For the WebRTC variant, the browser opens WSS to Janus on TelPro, Janus bridges WebRTC ↔ SIP locally to Kamailio, and the rest of the path is the same. WebRTC clients fall back to coturn when direct UDP is blocked.
For outbound transfers, TelPhi asks TelSys to originate via ARI, Kamailio looks up the egress trunk for the original DID in Redis, and routes to the carrier — see TelPro operations.
Where the data lives
- PostgreSQL is the source of truth for tenants, conversations, calls, settings, and provider config. Consumed by TelAPI, TelWeb, TelPhi, and Tasker.
- Redis holds runtime state: Kamailio dialog and dispatcher state, TelAPI streams (browser ↔ ARI), Scaler/Tasker leader election, TTS-cache pointers.
- Media volume holds generated TTS audio bytes; the metadata for each blob lives in Postgres (
tts_media_cache). - SigNoz / ClickHouse holds logs, metrics, and traces. Operationally important but not mission-critical — losing it does not affect call processing.
What's in this section
- Getting started — bring up a brand-new deployment from zero in six steps.
- Configuration — the layered config model: bootstrap
.env, AWS SSM, AWS Secrets Manager,vars.yaml, and howfetch-env.shresolves them at boot. - Service operations — per-service runbook, configuration, and troubleshooting (tabbed pages per role). For first-boot mechanics, see Bootstrap and init.
- Observability — how logs, traces, metrics, health signals, dashboards, alerts, and call debugging flow through SigNoz.
- Security — internal Postgres + Redis TLS rollout and AWS IAM wiring.
- Feature flags — what each flag turns on or off across the stack and what changes when you flip one.
- Third-party version sources — every pinned upstream version (Kamailio, Asterisk, Postgres, etc.), the file it lives in, and the release-day refresh process.
- Release notes — v0.9.11 — product changelog for the current pinned release plus the Operator rollout checklist for deployments (see that page’s bottom section).