Code Room
System designMediumsd-g059
Subject Reverse proxyLevel Mid–Senior~35 minCommon in Distributed systems interviewsIndustries Technology, Software development

Question

Design a TLS-terminating reverse proxy / ingress edge for a SaaS that serves thousands of customer custom domains (vanity domains like app.customer.com) with per-domain certificates, auto-renewed. It terminates TLS, then forwards to internal services over mTLS. Explain certificate storage and selection at handshake time, how you handle 10k+ certs without bloating memory, and how you forward client identity safely to the backend.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.