DEV Community

Himanshu Gupta
Himanshu Gupta

Posted on

Converting a Monolithic App to Microservice-Based Architecture

#node #microservices #monolithic #beginners

Summary: Converting a Monolithic App to Microservice-Based Architecture

This Blog focuses on the challenges and practical approach to converting a monolithic application into a microservice-based architecture, especially from the perspective of scalability, security, and efficient client consumption. The presenter uses Instagram as a real-world example to explain the concepts clearly.

Core Concepts and Challenges

  • Monolithic App Issues:

    • Difficult to scale individual modules (e.g., Likes, Comments).
    • Increasing server and database resources for one feature impacts the entire app and increases cost unnecessarily.
    • Large teams face dependency conflicts, risking downtime if one component fails.

  • Naïve Microservice Approach:

    • Simply splitting models (e.g., Authentication, Posts, Comments) into separate microservices and deploying them on different servers is not sufficient.
    • The real challenge lies in:
    • Ensuring security of each microservice.
    • Implementing rate limiting to prevent abuse.
    • Managing inter-service communication.
    • Handling client consumption efficiently without exposing internal services.

Practical Implementation Steps

  • Division of Services:

    • Split the monolithic app into smaller services (Auth, Users, Posts, Comments, Likes, Notifications).
    • Each microservice may even use different types of databases based on needs (e.g., Redis for Auth, NoSQL for Posts).

  • Client Consumption Problem:

    • Clients (mobile or web apps) require aggregated data from multiple services (e.g., user info, posts, comments).
    • Hitting each microservice individually from the client is inefficient and insecure.
    • Rate limiting and authentication become difficult when multiple endpoints are exposed.

  • API Gateway as a Central Entry Point:

    • Introduce an API Gateway that acts as the single public endpoint.
    • Clients only know and access the API Gateway, not individual microservices.
    • The gateway routes requests internally to the right microservice based on URL paths or request type.
    • All rate limiting, authentication, and security checks are implemented here.

  • Token-Based Authentication:

    • Use JWT tokens to authenticate users.
    • When a user logs in, the auth service issues a token.
    • The API Gateway verifies this token on every request.
    • After verification, the gateway injects user details (e.g., user ID) as headers before forwarding requests to microservices.
    • This avoids each microservice needing to verify tokens independently.

  • Security Measures:

    • Use asymmetric encryption (RSA algorithm) for JWT token signing:
    • Private key used to sign tokens.
    • Public key shared to verify tokens, enhancing security.
    • Microservices accept requests only from the API Gateway (inbound network rules).
    • Prevent direct access to microservices from outside sources.

Technology Choices (Not Prescriptive)

  • API Gateway can be provided by cloud platforms (AWS, etc.) or custom-built.
  • Backend server implementations can use Node.js, Go, Rust, or any preferred language based on team expertise and performance needs.
  • The presenter prefers Fastify on Node.js for speed but acknowledges alternatives.

Summary Table: Key Components and Their Roles

Component Role/Function
Monolithic App Single large app where all features are tightly coupled
Microservices Small, independent services (Auth, Posts, Comments, Likes) with own databases
API Gateway Single public endpoint that routes, authenticates, rate-limits, and aggregates microservice calls
JWT Tokens Used for authenticating users and passing user info securely
RSA Algorithm Used for signing/verifying tokens with private/public key pair
Security Rules Restrict microservice access to only API Gateway; prevent direct external hits

Key Insights

  • Simply splitting a monolithic app into microservices is not enough; the architecture must ensure security, scalability, and efficient client interaction.
  • An API Gateway is essential to hide internal microservices and manage requests, authentication, and rate limiting centrally.
  • JWT with RSA encryption provides secure, scalable authentication across microservices without sharing secret keys.
  • Network-level security (inbound/outbound rules) is critical to restrict access among services and prevent unauthorized use.
  • This architecture improves scalability (e.g., scale only “likes” service if needed), reduces costs, and allows larger teams to work independently without causing system-wide failures.

Conclusion

The Blog offers a practical and structured approach to microservice migration from a monolithic app using real-world examples and best practices. It highlights security, efficient client consumption, and scalability as core pillars of modern microservice architecture. The presenter encourages feedback and further discussion on the topic.

Top comments (0)