Why separate frontend and backend on different subdomains?
Clean separation of concerns, independent deployment and scaling, different security and CORS policies, CDN-friendly frontend, and cookie scoping per subdomain. Common setup: api.yourdomain.com for backend, app.yourdomain.com for frontend.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Setting Up Subdomains for Frontend and Backend api and app Separation
Set sameSite: 'none' (allows cross-site cookies), secure: true (required with sameSite none, HTTPS only), domain: '.yourdomain.com' (shares cookie across all subdomains), and httpOnly: true. This lets the frontend on app.yourdomain.com send cookies to the backend on api.yourdomain.com.
Create separate server blocks for each subdomain: one with server_name api.yourdomain.com and proxy_pass to Node.js, another with server_name app.yourdomain.com and root pointing to the frontend build. Add a redirect from yourdomain.com to app.yourdomain.com.
Run sudo certbot --nginx -d api.yourdomain.com -d app.yourdomain.com -d yourdomain.com -d www.yourdomain.com to get a single SAN certificate for all domains. Or run certbot separately for each subdomain to get individual certificates.
Still have questions?
Browse all our FAQs or reach out to our support team
