Web

Reading some discussions between developers or software architects, one might think that the smallest web application today requires a distributed infrastructure, a Kubernetes cluster, and several specialized cloud services.

Yet many web services (including those that receive several thousand visitors per day) can work perfectly well with a much simpler architecture.

Here is a hands-on account of the infrastructure I use for my production projects, some of which exceed 5,000 daily visitors, and which I also applied for years during a cybersecurity competition with more than 250 on-site participants.

It is sometimes convenient to have a domain distributed over two or more machines. This technique, as old as DNS, is interesting to spread the load between multiple hosts, or to provide a bit of high availability. Indeed, if a host becomes inaccessible, at least half of the requests will continue to be successful.

However, since TLS connections have become the norm, and certificates should be renewed automatically, it could be hard to control the validation and the distribution.

I will present you a technique which, with the help of a finely configured web server, allows to get a different certificate on each machine, but usable for the same subdomain.