Skip to main content

Web Hosting Guidelines

Introduction

Our web solution is available for self-hosting. The following guidelines outline how to set up a secure and scalable hosting solution.

Server Requirements

To host the application, a performant server capable of running a Docker container with a Node.js web server is necessary. This server should be tested, monitored, and adjusted based on site traffic.

  • CPU:

    • Minimum: 2 cores
    • Recommended: 4 cores or more (for improved performance and scalability)

  • RAM:

    • Minimum: 4 GB
    • Recommended: 8 GB or more (depending on load and concurrent users)

Server specifications should reflect expected traffic and allow for auto-scaling if needed. Although a CDN will handle most of the traffic based on customer-configured cache headers (in Zapp), certain requests will be managed directly by the origin server, such as:

  • User login status and actions (e.g., login, logout)
  • Entitlement checks
  • Player page requests (excluding streaming, which communicates directly with the streaming provider)
  • Favorites management
  • "Continue watching" status

For monitoring, we recommend providing Applicaster with read-only access to server logs.

CDN Requirements

To ensure optimized content delivery, configure the CDN as follows:

  • Cookie Header Changes: The CDN must invalidate the cache if cookie headers change to serve users content aligned with their entitlements and viewing history.

  • User Country Code Changes: Invalidate the cache if the user’s country code changes to serve region-appropriate content. By default, AWS CloudFront-Viewer-Country is supported.

  • URL Query Parameter Changes: Any URL query parameter changes should break the cache, including those for asset URLs (e.g., JS and CSS files), to ensure the correct content version is delivered.

  • Cache Control Headers: The CDN must respect cache-control headers from the origin server.

  • HTTP Methods: Ensure GET, POST, and OPTIONS methods are permitted.

  • Custom Cache Invalidation: Specific customer needs may require unique caching rules. In these cases, an appendix with custom settings will be added to this document.

Security

  • SSL/TLS Support: The CDN must support SSL/TLS to ensure secure data transmission.
  • DDoS Protection: The CDN should offer Distributed Denial of Service (DDoS) protection to maintain uninterrupted service.

Redis Configuration

For a high-traffic site, we recommend the following Redis configuration, which can be adjusted as necessary:

  • CPU: 4 vCPUs
  • Memory: 13 GiB (depends on the number of users and JWT size; by default, we store unique user keys for 1 month)
  • Network Performance: Optimized for high throughput

Redis will be used for:

  • Caching: Caches Zapp configuration JSONs and content feeds.
  • User Data: Stores users’ JWTs. Note: Clearing Redis will log out all users.

We recommend using a SaaS provider for Redis to minimize maintenance and scaling issues. Ensure the Redis instance is in the same region as the server origin for optimal performance.

We support both TLS (Transport Layer Security) and non-TLS connections. To enable TLS, add REDIS_TLS=true as an environment variable in your deployment.

Staging Environment

We recommend setting up a staging environment mirroring the production environment. This provides a secure space for testing changes and evaluating performance before production deployment.

To ensure that SEO bots don’t track the staging environment, set NO_INDEX=true as an environment variable in your staging deployment.