[smokey_circles]

Proxies. It's always proxies :D

My personal favorite pattern with HTTP is using nginx as the DNS endpoint for several hosts (root_domain, api.root_domain, tool.root_domain etc).

Nginx will forward traffic based on the HTTP Host header in any given correctly formed HTTP request. This also works well for a load balancer. I think the hip thing for today's market is itsio? Same basic idea.

Another benefit of an application layer proxy is you can do application layer things, like telling a client to redirect from http to https and serving https using let's encrypt. Privacy for free (state actor caveats apply).

Your applications (then one behind nginx) do not need to use transit layer encryption (unless of course they're connected to nginx via untrusted networks, be sensible) which is a huge boost because nginx do a good job implementing all of that logic for you and it's nice to hand off responsibility to trusted entities that do the job well.

Unless it's log4j, apparently.