Request Access

Docs → CORA Cloud

Hosting & Infrastructure

CORA Cloud

High-availability hosting architecture for CORA sites — Cloudflare at the edge, DigitalOcean as primary, AWS as passive failover.

On this page

Architecture overview

CORA Cloud is designed for reliability and predictable performance — the priorities that matter most when students, staff, and parents depend on a site daily.

Traffic flow:

Client DNS → Cloudflare Edge (WAF / CDN / Polish) → Cloudflare Load Balancer → DigitalOcean Primary (active) | AWS Failover (passive)

Cloudflare handles protection, CDN delivery, image optimization, and load balancing. Traffic defaults to DigitalOcean. If DigitalOcean fails a health check, Cloudflare automatically routes to the AWS passive cluster.

Traffic layer — Cloudflare

  • Cloudflare for SaaS — custom hostname support for client domains
  • Polish — automatic WebP conversion and metadata stripping
  • Load Balancer — Pool A (DigitalOcean, 100% weight, active) / Pool B (AWS, 0% weight, activates on Pool A health check failure)
  • WAF — web application firewall
  • Workers — used by CORA Compliance and CORA Custom Redirects

Primary region — DigitalOcean

  • Compute: 2× Droplets (8GB / 4vCPU) behind a DigitalOcean Load Balancer
  • Database: 1× Managed MySQL (2GB / 1vCPU) with daily backups
  • Object Storage: DigitalOcean Spaces or Cloudflare R2 for all uploaded media

Failover region — AWS

  • Compute: 1× EC2 t3.medium — running but idle
  • Mode: CORA_MODE=READ_ONLY during failover — logins and writes disabled
  • Database: 1× RDS db.t3.small — overwritten nightly from DigitalOcean

ℹ️ The AWS cluster is a cold standby. It activates automatically via Cloudflare but operates read-only — designed for uptime, not full write capability.

Data strategy

Media files

All uploads go to shared object storage (DO Spaces or Cloudflare R2). Both clusters connect to the same bucket — no sync required.

Database sync

A cron job on the AWS instance runs nightly at 2:00 AM: connects to the DigitalOcean database, runs mysqldump, and pipes the output into AWS RDS. The failover database stays within 24 hours of the primary at all times.

Infrastructure as code

All environments are provisioned with Terraform. A master module defines the standard architecture. Creating a new client environment:

  1. Create a client_name.tfvars file
  2. Run terraform apply
  3. DigitalOcean, AWS, and Cloudflare are provisioned automatically in ~10 minutes

Updating the master module propagates to all client environments in a single apply run — manageable by a single engineer across 50+ sites.

← Back to Docs

Ready to make shit happen?

Everything you need to get started, go deeper, and get the most out of your CORA-powered site.