CDNLBCDNUS-EEU-WAP-SEUS-WAppAppAppDBDB
Product — Networking

Networking that
just works.

Global load balancing, automatic SSL, DDoS mitigation, private networking, and edge caching. Included on every plan. Zero configuration.

Start for free Read the docs
40+
Edge locations
Auto
SSL certificates
Always on
DDoS protection
0 config
Required
Included

Everything built in. Nothing to bolt on.

No Cloudflare in front. No nginx to configure. No cert-manager to debug.

Global load balancing

Traffic distributed across all healthy instances using weighted round-robin. Automatic failover across regions. No configuration needed.

Automatic SSL

Every domain gets a Let's Encrypt certificate provisioned in under 60 seconds. Auto-renewed 30 days before expiry. Wildcard domains supported.

DDoS mitigation

Network-level DDoS protection is always on at the edge. Volumetric attacks absorbed before they reach your instances. No action required.

Private networking

All services in a project share an encrypted private network. Internal traffic never touches the public internet. Reference services by name: api.internal:8080.

Edge caching / CDN

Static assets cached at 40+ edge locations. Cacheable API responses with configurable TTLs. Purge by path or globally with rf cdn purge.

WebSocket support

Persistent connections with no timeout. Sticky sessions enabled by default. Scale WebSocket apps across multiple instances with Redis pub/sub.

HTTP/3 & gRPC

HTTP/3 (QUIC) enabled on all web services for faster connections. gRPC services with native health checking and load balancing.

WAF & rate limiting

Built-in web application firewall rules. Per-path rate limiting at the load balancer level. Geo-blocking and bot protection.

Custom domains

Unlimited custom domains with automatic SSL. CNAME or A record. Wildcard support. Assign domains per environment — production, staging, preview.

Workflow

Domains and SSL in one command.

terminal
$ rf domains add myapp.com
Domain added
SSL certificate provisioned (Let's Encrypt)
Add DNS: CNAME myapp.com → my-app.raidframe.app
$ rf domains verify myapp.com
DNS configured correctly
SSL certificate active (expires 2026-06-14)
Traffic routing to: web (production)
$ rf cdn purge /api/products
Purged at 42 edge locations
$ rf cdn stats
Requests: 482,301 (24h)
Cache hit: 80.7%
Bandwidth saved: 10.0 GB
Step 01

Add your domain

One command. SSL provisioned in under 60 seconds. Wildcard domains, apex domains (A record), and subdomains all supported.

Step 02

Traffic routes automatically

Requests hit the nearest edge location, then route to the nearest healthy instance. Multi-region failover is automatic.

Step 03

Cache at the edge

Static assets cached at 40+ locations. Configure per-path TTLs for API responses. Purge instantly from the CLI.

Step 04

Monitor everything

Request rates, cache hit ratios, bandwidth, latency percentiles. All visible in rf metrics and the dashboard.

Configuration

Fine-tune when you need to.

Defaults work for 90% of apps. Customize when you have specific requirements.

raidframe.yaml
services:
api:
load_balancer:
algorithm: least_connections
sticky_sessions: true
rate_limit:
requests_per_second: 100
burst: 200
cdn:
enabled: true
cache_static: true
cache_rules:
- path: "/api/products"
ttl: 60s
waf:
block_sql_injection: true
block_xss: true
geo_block: ["CN", "RU"]
domains:
- myapp.com
- www.myapp.com

Load balancer algorithms

Round-robin (default), least connections, or IP hash. Sticky sessions for WebSocket and stateful apps.

Per-path rate limiting

Protect login endpoints at 5 req/s while allowing product pages at 500 req/s. Rate limiting happens at the edge before hitting your app.

CDN cache rules

Cache static assets automatically. Add per-path TTLs for API responses. Vary by headers (Accept, Accept-Language) for content negotiation.

WAF rules

Block SQL injection, XSS, and common attacks. Geo-blocking by country code. Bot detection. All configurable in YAML or CLI.

Firewall / IP allowlists

Restrict access to specific IP ranges per service. Block known bad actors. Combine with rate limiting for defense in depth.

Security

Private by default.

Internal services are never exposed. Only web services get public URLs.

# Internal service discovery — automatic
web → api.internal:8080 (private)
api → pg-main.internal:5432 (private)
api → redis-cache.internal:6379 (private)
worker → api.internal:8080 (private)
# Only web services get public URLs
web → https://myapp.com (public)

Frequently asked questions

Is SSL included?

Yes. Every domain gets automatic SSL via Let's Encrypt. Custom domains get certificates provisioned in under 60 seconds. Auto-renewed.

How does DDoS protection work?

Network-level mitigation is always on at the edge. Volumetric attacks are absorbed before they reach your instances. No configuration.

Do you support custom domains?

Yes. Unlimited custom domains with automatic SSL. CNAME or A record. Wildcard domains supported. Assign per environment.

Is there a CDN?

Yes. Global edge caching at 40+ locations. Static assets cached automatically. Per-path TTLs for API responses. Purge via CLI.

Can services communicate privately?

Yes. All services share an encrypted private network. Internal traffic never touches the public internet. Use service.internal hostnames.

Do I need Cloudflare in front?

No. RaidFrame includes load balancing, SSL, CDN, DDoS protection, and WAF. Adding Cloudflare is unnecessary and adds latency.

Explore more

Product

Compute

Auto-scaling containers

Product

Databases

PostgreSQL, Redis, Vector DB

Guide

WebSocket Hosting

Sticky sessions, scaling

Article

Zero Downtime Deploys

Rolling updates explained

Networking that just works.

SSL, load balancing, and DDoS protection included on every plan.

Start for free View pricing