Infrastructure
Architecture Diagram
Internet Traffic │ ▼Cloudflare (Edge — Global PoPs) ├── DNS (authoritative) ├── WAF rules (OWASP + custom) ├── DDoS protection (always-on) ├── Rate limiting (IP-based, form endpoints) ├── Bot management (Turnstile challenges) └── R2 object storage (media assets) │ ▼Vercel (Compute — Edge Network) ├── apps/www → brettjohnson.xyz ├── apps/api → api.brettjohnson.xyz ├── apps/docs → docs.brettjohnson.xyz ├── apps/book → book.brettjohnson.xyz ├── apps/media → media.brettjohnson.xyz ├── apps/podcast → podcast.brettjohnson.xyz └── apps/training → training.brettjohnson.xyz │ ├── Supabase (PostgreSQL) — leads, media kit requests ├── Upstash (Redis) — rate limits, session cache └── Resend (Email) — transactional notificationsDNS Configuration
All DNS records managed in Cloudflare (proxied unless noted).
| Record | Type | Proxy | Purpose |
|---|---|---|---|
brettjohnson.xyz | CNAME | ✓ | Main site |
www | CNAME | ✓ | www redirect |
api | CNAME | ✓ | API app |
docs | CNAME | ✓ | Docs site |
book | CNAME | ✓ | Booking portal |
media | CNAME | ✓ | Media assets CDN |
staging | CNAME | ✓ | Staging environment |
Vercel Project Setup
Each apps/* directory is a separate Vercel project linked to the monorepo.
| Setting | Value |
|---|---|
| Root Directory | apps/www (adjust per project) |
| Build Command | pnpm build |
| Install Command | pnpm install --frozen-lockfile |
| Node.js Version | 20.x |
| Framework | Next.js (auto) / Astro (for docs) |
Preview deployments enabled on all branches; production from main only.
Cloudflare R2 — Media Storage
Bucket: brettjohnson-media
brettjohnson-media/├── headshots/ # High-res press photos├── logos/ # Brand logo variants├── media-kit/ # Press one-sheets, PDFs├── speaking-reel/ # Video reels└── podcast-artwork/ # Cover artAccess: public read via media.brettjohnson.xyz. Media kit downloads use signed URLs (1-hour TTL).
Security Configuration
HTTP Security Headers
Configured in next.config.ts:
const securityHeaders = [ { key: 'X-DNS-Prefetch-Control', value: 'on' }, { key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubDomains; preload' }, { key: 'X-Frame-Options', value: 'SAMEORIGIN' }, { key: 'X-Content-Type-Options', value: 'nosniff' }, { key: 'Referrer-Policy', value: 'origin-when-cross-origin' }, { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' }, { key: 'Content-Security-Policy', value: cspHeader.replace(/\n/g, ''), },];Target grade: A+ on securityheaders.com.
Monitoring
| Tool | Purpose |
|---|---|
| Sentry | JS error tracking |
| Vercel Analytics | Core Web Vitals |
| Axiom | Log aggregation |
| Plausible | Privacy-first analytics |
| Better Uptime | Uptime monitoring + alerts |
| Cloudflare Analytics | Traffic + threat overview |