0

I am building a web app with a couple of friends (as a hobby).
We were wondering how to deploy the application and manage 2 environments:

  1. For future customers
  2. For us, the developers, and other business staff

I was thinking at first creating 2 domains: app.example and app-demo.example,
but I don't want customers to find the app-demo.example app.

This led to to wonder, how does big companies manage their environments DNS?
How can Facebook limit the access for the different deployed versions?

And what are the guidelines to choose a pattern to manage the different live environments?

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
itaied
  • 6,827
  • 13
  • 51
  • 86
  • "but I don't want customers to find the app-demo.example app." This is security by obscurity, and it will not work. Either protect it with authentication (at the HTTP or the application layer) so that noone but you can see what is behind, or just develop internally on local servers not accessible from outside (or available through a VPN or something). Note that you do not need a separate domain, `demo.app.example` will work as well, as long as you protect it the same way with authentification. – Patrick Mevzek Oct 03 '18 at 21:31
  • I want to keep the sub-domains for other services, `auth.app.example`, `shipment.app.example`. Using a host to serve the static content (like `firebase`) where I don't serve them thru a server, how can I add an auth phase to the `dev` environment? – itaied Oct 03 '18 at 21:37
  • "I want to keep the sub-domains for other services" you can nest as deep as needed: `auth.demo.app.example`, `shipment.demo.app.example`, etc... which also makes a nice easy setup: you just configure the suffix (`app.example` in production vs `demo.app.example` or `dev.app.example` in development) once and then all "relative" links will work by just putting at the beginning what is needed. – Patrick Mevzek Oct 03 '18 at 23:14
  • Authentication is a basic HTTP feature if you do not handle it in application. Any webserver can be configured to do it. I can not parse the meaning of "I want to keep the sub-domains for other services... where I don't serve them thru a server ". Obviously you have a webserver somewhere if you speak HTTP... – Patrick Mevzek Oct 03 '18 at 23:15
  • Sorry my previous comment is wrong, I wanted to say instead the following. I can not parse the meaning of "Using a host to serve the static content ... where I don't serve them thru a server". How do you serve the content then if it is not with a webserver? – Patrick Mevzek Oct 03 '18 at 23:27
  • Well of course there is a web server, I just don't handle it and thus can't "block" the whole application for authenticated user only (the developers in the case of `dev` env). `Firebase` offer a hosting solution, where I just push the static pages (index.html + js) and it handles the rest. I have authentication in other parts of the app – itaied Oct 04 '18 at 04:30
  • "I have authentication in other parts of the app" so I really do not understand why you just not authenticate access to `demo.app.example` and your problem is solved. Since you do not seem to agree, I will now let others provide other answers. – Patrick Mevzek Oct 04 '18 at 04:58

0 Answers0