Skip to main content

Full Stack Web Application

Deploy a secure, high-availability full stack application using Substrate AI Enterprise features.

Architecture Overview

This reference architecture demonstrates a classic 3-tier web application running in a secure Virtual Private Cloud (VPC).

Components

  1. Global CDN: Caches static assets (images, CSS, JS) at the edge for low latency.
  2. WAAP (Web App & API Protection): Filters malicious traffic (SQL injection, XSS) before it reaches your infrastructure.
  3. Load Balancer: Distributes incoming HTTP/S traffic across multiple healthy virtual instances.
  4. Virtual Private Cloud (VPC): Isolates your network environment.
    • Public Subnet: Hosts the Load Balancer, accessible from the internet.
    • Private App Subnets: Hosts the application logic on Virtual Instances. these instances have NO public IPs and are only accessible via the Load Balancer or a Bastion host.
    • Database Subnet: Securely hosts the database with persistent block storage volumes.

Implementation Steps

1. Network Setup

  • Create a VPC (10.0.0.0/16).
  • Create a Public Subnet (10.0.1.0/24) and a Private Subnet (10.0.2.0/24).
  • Configure a Gateway for the public subnet.

2. Compute

  • Launch two Virtual Instances (e.g., General Purpose - 4 vCPU) in the Private Subnet.
  • Install your web server (Nginx/Apache) and application code.
  • Configure Security Groups to allow traffic only from the Load Balancer security group on port 80/443.

3. Load Balancing

  • Deploy an Application Load Balancer in the Public Subnet.
  • Create a target group pointing to your two private instances.
  • Enable health checks to ensure traffic only goes to healthy nodes.

4. Security

  • Enable WAAP on the Load Balancer to block OWASP Top 10 threats.
  • Configure DDoS Protection limits.