Infrastructure

How the front end is arranged

A restrained description of the public web layer: HTTPS termination, path handling, static content and the routing boundary behind it.

Entry layer

HTTPS first

The public surface is served over standard HTTPS with a regular certificate and a small static site. That keeps the host externally legible and avoids the appearance of a bare, unfinished endpoint.

  • Conventional certificate handling
  • Ordinary static pages at the public root
  • Redirect from HTTP to HTTPS
  • No application complexity at the cover layer
Public HTTPSEnabled
CertificateManaged
Static contentServed directly
Routing boundary

Selective path forwarding

The normal site remains public, while a less obvious path can be handled differently. This keeps public content and non-public request handling separated at the web-server layer.

  • Specific path handling rather than blanket proxying
  • Method restrictions where appropriate
  • Loopback-only upstream listeners behind the front end
  • A cleaner audit trail for changes
Root pagesStatic
Special pathHandled separately
Upstream bindLoopback
Operations

Easy to inspect

The site is intentionally light on moving parts. Changes can be verified with ordinary Nginx and certificate checks, and the static assets are simple enough to replace without dragging in a build chain.

  • Flat static files
  • No dependency-heavy front-end framework
  • Compatible with direct file deployment
  • Readable source and predictable page structure
Build toolsNot required
DeploymentFile copy
VerificationNginx + curl