The SteemSports app (MVP) is nearing completion, and today I'd like to show you our production setup.
Before I continue, let me say that LetsEncrypt is pretty friggin awesome. Its my first time using it, and I'm hooked :)
I'm hoping that the image here tells the whole story. To recap, every point of the journey has SSL or is secured. Direct request attempts to haproxy or app instances will fail. Furthermore, app instances are no longer available to the public internet (they are only exposed to the haproxy cluster on the local network).
A nice thing about this setup is scalability. If one or more HAProxy load balancers go down, no sweat.
If one or more of the app instances go down, a user will experience at most a 2 second downtime it takes for HAProxy to drop the dead node. Nodes that come back (trough automated service recovery) are automatically added to the HAProxy cluster after a minute.
And lastly, deployments of new versions of the app are done in a sequential mode, which means that there are always app nodes online, offering zero downtime deployments.
Oh, and one more thing. When a new version of the app is deployed, it auto-updates itself in a browser, so user doesn't even have to refresh. (courtesy of Meteor)
2016, what a time to be alive...
Areas of improvement:
- implement database replication, currently its SPOF
- rent less crappy (read cheap) servers
- multi-datacenter deployment for redundancy (someday)
Don't miss out on the next post - follow me.
SteemSports | steemtools | steem.li | witness