I need a scalable and cost effective architecture for a web design service. (multiple clients). I'm following the architecture below. I would like to know the shortcomings of it.
Background: Nuxt.js based server rendered application that is fronted by nginx reverse proxy.
The app container and the proxy containers are deployed onto AWS ECS instances. The proxy containers are registered to an ALB (application load balancer) via listeners that map from a dynamic container port to a static ELB port.
So, suppose we have two clients: www.client-1.com and www-client-2.com
When a request is made to www.client-1.com, the request is 301 redirected (with masking) to PORT 80 of the ALB. When the request hits ALB:80 it maps to instance_ip:3322 (where 3322 is a dynamic container port) via the listener-for-client-1 that is configured. And the response is sent back to the client.
When a request is made to www.client-2.com, the request is 301 redirected (with masking) to PORT 81 of the ALB. When the request hits ALB:81 it maps to instance_ip:3855 (where 3855 is a dynamic container port) via the listener-for-client-2 that is configured.
As you can see, this model allows me to share an elb across multiple clients. This model is tested and working for me.
Thanks!
Domain masking is always a terrible idea. Problems are inevitable, particularly when the browser is expected to access a non-standard port.
But none of this is necessary. ALB supports multiple applications (customers) on a single balancer.
You can now create Application Load Balancer rules that route incoming traffic based on the domain name specified in the Host header. Requests to api.example.com can be sent to one target group, requests to mobile.example.com to another, and all others (by way of a default rule) can be sent to a third.
https://aws.amazon.com/blogs/aws/new-host-based-routing-support-for-aws-application-load-balancers/
Despite the fact that this example uses subdomains (of http://example.com), ALB has no restrictions requiring that the domains be related. You can attach 26 different SSL certificates to a single ALB and route, by hostname, from the standard ports 80 and 443 to unique backend targets for each request Host header -- up to 100 rules per balancer.