"Web Development to Deployment and Operations (8/8) — HTTPS, domains, environment separation, and Sentry: the final safety layer for public services"

A service is not truly in operation just because it runs. It also needs a trustworthy address, a secure connection, separated environments, and visible failures.

Key Takeaways

  • A domain is the human-readable service address, while DNS is the system that maps that address to actual infrastructure.
  • HTTPS is not only encryption. It also supports authenticity, integrity, browser trust, and modern session behavior.
  • If development, staging, and production are not clearly separated, authentication, API calls, and monitoring data start contaminating each other.
  • Tools such as Sentry turn hidden failures into observable signals with environment and release context.

1. Why domains and DNS are the starting point of operations

Users remember domain names, not IP addresses. But the deeper reason domains matter is that they define service boundaries.

They let a team express clear roles such as:

  • example.com for production
  • staging.example.com for pre-release verification
  • api.example.com for backend traffic

AWS Route 53 documentation describes Route 53 as a DNS web service. Operationally, that means the domain layer is not cosmetic. It is part of real traffic control.

2. Why HTTPS is a default, not an optional extra

The difference between HTTP and HTTPS is much bigger than a lock icon in the browser.

Encryption

Traffic between browser and server is protected in transit rather than sent as plain text.

Server authenticity

Certificates help the browser verify that it is talking to the intended server.

Integrity and browser policy alignment

Modern login flows, secure cookies, payment handling, and personal data collection all assume HTTPS. Many browser security behaviors now depend on it.

So HTTPS is not a side feature. It is part of the basic operating contract for public services.

3. Why environment separation matters so much

Small projects often blur development and production settings because it feels faster at first. Later, that shortcut becomes expensive.

Mixed environment variables

If test keys and production keys are not separated cleanly, a deploy may succeed while the service talks to the wrong external system.

Auth callback confusion

OAuth redirect URIs, cookie domains, and frontend/backend base URLs are especially sensitive to environment boundaries.

Noisy or misleading monitoring

If local errors, staging errors, and real production errors flow into the same bucket, teams lose the ability to judge urgency correctly.

Sentry's environment configuration exists for exactly this reason. The environment label is not metadata trivia. It is part of operating clarity.

4. What Sentry actually helps solve

Sentry is easy to describe as "an error dashboard," but that description is too small.

Its real operational value is that it helps answer questions such as:

  • which release introduced the issue
  • which environment is affected
  • which URL, browser, and stack trace were involved
  • whether the failure is happening in frontend, backend, or both

The dangerous post-deploy state is not only "there is an error." It is "there is an error and nobody can see its shape." Sentry reduces that blindness.

5. A minimum pre-launch checklist

Before calling a service operationally ready, the following checkpoints matter:

Domain layout

Production, staging, and API endpoints should have clearly separated roles.

HTTPS coverage

Certificates should be valid, and login plus cookie behavior should be tested under real HTTPS conditions.

Environment-variable separation

Development, staging, and production credentials should be isolated.

Error tracking

Sentry or an equivalent system should record environment, release, and basic runtime failures.

Boundary consistency

Frontend URLs, backend URLs, auth callbacks, and external service endpoints should all match the intended environment.

These checks do not remove all risk, but they eliminate many of the most common "it deployed, but it is not truly operable" failures.

6. Closing the series

This series started with the gap between local success and production reality. It moved through Docker, API boundaries, authentication, build systems, server architecture, and finally the trust and observability layers that make public operation sustainable.

The core lesson is not about memorizing tool names. It is about understanding what each layer is responsible for, where boundaries fail, and how to observe those failures early enough to respond.

Writing code is only the beginning. A service becomes real when deployment and operations are understood as part of the product.

References

  • AWS Docs, What is Amazon Route 53? — https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html
  • AWS Docs, Getting started with Route 53 — https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html
  • AWS Docs, Routing traffic to an Amazon EC2 instance — https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-ec2-instance.html
  • Sentry Docs, Environments — https://docs.sentry.io/platforms/javascript/guides/nextjs/configuration/environments/
  • Sentry Docs, Data Collected — https://docs.sentry.io/platforms/javascript/guides/nextjs/data-management/data-collected/

This is Part 8 of the Web Development to Deployment and Operations series.

Series overview: Series index

๋Œ“๊ธ€

๋Œ“๊ธ€ ์“ฐ๊ธฐ

์ด ๋ธ”๋กœ๊ทธ์˜ ์ธ๊ธฐ ๊ฒŒ์‹œ๋ฌผ

Agent Memory Engine (2/10) — Building an AI Agent Memory System with SQLite Alone

← 1/10 SQLite Memory Engine f… ๐Ÿ“š Series Index 3/10 memcore Completed → A memory engine that runs without daemons, without dependencies, anywhere ํ•ต์‹ฌ ์š”์•ฝ This post covers how to design an AI agent memory engine (memcore) on a single-file SQLite backend. - Structure: 25 modules, ~6,464 lines, 22 DB tables - Principles: no daemon, single-file portability, no required external dependencies, host-agnostic - Core techniques: 4-layer hybrid search (topic · vector · FTS5 · LIKE), U-tag dialectic-based confidence evolution, ingestion-layer bias rejection rules What This Post Covers One approach to building AI agent memory without a server or cloud vector DB. Specifically: (1) the limitations of text-file-based memory, (2) vector DB alternatives compared and selection criteria, (3) how to layer search tiers, (4) how to evolve confidence scores over time, and (5) how to block biased memory accumulation at the ingestion stage. Design Principles: Why Single-File SQLite Text-file-based ...
Read more »

"ML Foundations (9/9) — PyTorch vs TensorFlow, and the Road to Local LLMs"

์ด๋ฏธ์ง€
← 8/9 Deep Learning Architec… ๐Ÿ“š Series Index (series end) The final part. So far we've focused on models. Now we focus on the tools that actually run them . We'll lay out the philosophical difference between PyTorch and TensorFlow, and trace how Hugging Face transformers , llama.cpp , MLX , and Ollama built the bridge to running large language models on your own machine. By the end you should have the full mental model of "download a pretrained LLM and serve it locally." 0. Learning Objectives Explain the eager-vs-graph difference between PyTorch and TensorFlow. Explain, in graph terms, how autograd automates the backward pass. Use Hugging Face transformers ' AutoModel , AutoTokenizer , and pipeline abstractions. Describe llama.cpp's GGUF quantization, INT4 inference, and CPU-first flow. Describe Apple MLX's use of unified memory and how it differs from PyTorch. Run a local LLM with Ollama and call it through an OpenAI-compatible API. ...
Read more »

"RAG Core Study (14/26) — Evaluation Sets with RAGAS & DeepEval"

์ด๋ฏธ์ง€
Series overview: Series index ๐Ÿ“š Series Index Without an evaluation set, every RAG improvement is a story, not evidence. RAG systems fail in more than one place: retrieval, context selection, answer generation, and grounding. That means "looks better" is not a metric. Part 14 explains how to build a golden dataset , how RAGAS and DeepEval fit into the workflow, and why teams must separate retrieval quality from answer quality if they want tuning decisions to hold up. 0. Prerequisites Part 13 reranking — system quality now depends on multi-stage ranking. Part 1 grounding — a correct-looking answer is not enough. Part 12 Hybrid — multiple retrieval settings need comparison on fixed data. 1. Learning Objectives Build a small but useful golden dataset for RAG. Distinguish retrieval metrics from answer metrics . Use RAGAS and DeepEval in the right roles. Avoid the common traps in judge-model-based evaluation. 2. ํ•ต์‹ฌ ์š”์•ฝ An evaluation set for RAG is ...
Read more »

"ML Foundations (8/9) — Deep Learning Architectures: CNN, RNN, Attention"

์ด๋ฏธ์ง€
← 7/9 Deep Learning Training ๐Ÿ“š Series Index 9/9 PyTorch vs TensorFlow → What did we keep adding on top of an MLP? Vision went CNN, sequences went RNN/LSTM, and eventually both converged on Attention and the Transformer. Each architecture is easier to remember if you read it as what it gave up to gain something else . This part is the one-line summary of the decisive inflection points: LeNet → AlexNet → ResNet → LSTM → Attention → Transformer. 0. Learning Objectives Explain why CNN's convolution, pooling, and weight sharing match images so well. Trace what got unblocked from LeNet → AlexNet → VGG → ResNet as depth grew. State BPTT for RNNs and the vanishing/exploding gradient problem. Write the LSTM gate equations (forget, input, output) with intuition. Write the attention formula in query/key/value form and the scaled dot-product variant. State the precise reasons Transformers replaced RNNs (parallelism + long-range dependencies). 1. ํ•ต์‹ฌ ์š”์•ฝ CNN : weight sharin...
Read more »

"ML Foundations (7/9) — Deep Learning Training: Optimizers, Regularization, Initialization"

← 6/9 Neural Networks ๐Ÿ“š Series Index 8/9 Deep Learning Architec… → Building an MLP, as we did in Part 6, is not the same as getting it to train well . The right optimizer, regularization, initialization, and learning rate — when these line up, deep networks converge. When they don't, the network refuses to learn at all. This part is the catalog of those crafts, with formulas, paper citations, and code in one place. 0. Learning Objectives Compare and write the update rules for SGD, Momentum, Nesterov, and Adam. Explain how Dropout, BatchNorm, and LayerNorm work and where they belong in a model. Derive the variance formulas for Xavier and He initialization and match them to activations. Implement step, cosine, and warmup learning-rate schedules in PyTorch. Explain why gradient clipping is effectively required for RNNs and Transformers. Diagnose the most common training failures (NaN, plateau, overfitting) and apply first-line fixes. 1. ํ•ต์‹ฌ ์š”์•ฝ SGD : \(w \leftarro...
Read more »

OpenClaw to Hermes Migration (2/13) — What to Preserve, Partially Port, or Discard

← 1/13 Current Structure Inve… ๐Ÿ“š Series Index 3/13 What Moves to Hermes → A code review record classifying operational scripts into three tiers: preserve, partial-preserve, and discard. What This Post Covers An asset classification framework (preserve / partial-preserve / discard) for migrating a legacy agent system to a successor A concrete case applying the Strangler Fig + Subset Migration strategy to a memory pipeline Classification results evaluated across LOC, external dependencies, and replaceability axes A method for slimming down a bloated single file (1,310 LOC) using the migration as a natural entry point Problem Definition: Port Everything or Cut Deep? The OpenClaw inventory comprises multiple agents, multiple scheduler/daemon processes, and multiple operational scripts. When moving to the successor system, Hermes, the choice is not binary. A full port carries accumulated technical debt along with it; a minimal port discards hard-won domain logic. Code-revie...
Read more »

AI Agents I Built (5/7) — Building an Automated Blogger API Publishing System

← 4/7 My Life Organizer Agent ๐Ÿ“š Series Index 6/7 Dual → Designing a Markdown-Based Auto-Publish Pipeline with Blogger API v3 + OAuth 2.0 Key Summary Blogger API v3 + OAuth 2.0 enables a pipeline that converts Markdown files into publishable HTML posts blogger_publish.py handles the full flow — frontmatter parsing → body cleanup → HTML conversion → CSS injection → API post — in a single script For bulk publishing, quota management (delay, retry, TOC suppression) is the critical design concern Platform Selection Criteria API access is mandatory for AI agent-driven content publishing. A comparison of platforms: Platform API Cost AdSense Decision WordPress.com REST API Paid plan required Paid only Cost overhead Ghost REST API Self-hosted or paid Manual setup Ops overhead Blogger v3 API Free Native integration Adopted Blogger is free, exposes a REST API, and integrates natively with AdSense. For personal blog automation, this combination i...
Read more »