2026 Web Infrastructure Guide

CMS &
Content Infrastructure

When designing a web service,
four approaches to decide how to manage and deliver content

Monolithic CMSHeadless CMSSaaS EmbedOps Strategy
Use ← → keys or swipe to navigate
1 / 20

CMS Through Two Comparison Axes

First look at how the structure is split, then look at who operates it

Monolithic CMS vs Headless CMS

Architecture axis: how content management and presentation (HTML generation) are split

Monolithic CMS

[CMS+Theme] → HTML → Browser

One system handles both content management and presentation (HTML generation).

Examples
WordPress, Drupal, TYPO3

Headless CMS

[CMS] → API(JSON) → [Frontend] → HTML → Browser

Content is managed through APIs, while presentation (HTML generation) is implemented by a separate frontend.

Examples
Contentful, Sanity, Strapi
VS

SaaS Embed vs Self-hosted

Operating axis: delegate a feature to an external SaaS or run it yourself

SaaS Embed

[Frontend] → SDK/Script → [SaaS Provider] → Feature

Delegate features like comments, search, or analytics to an external service via script or SDK.

Examples
Disqus, Algolia, Google Analytics

Self-hosted

[Frontend] → API → [Self-hosted Service] → Feature

Install open-source tools or services on your own infrastructure and operate them directly.

Examples
Matomo, Meilisearch, Plausible
VS

The two axes are independent, so they can be combined in different ways

Monolithic + SaaS

A website-first CMS with comments, search, or analytics delegated to external SaaS tools

Monolithic + Self-hosted

Drupal or TYPO3 installed and operated on your own infrastructure

Headless + SaaS

Contentful or Sanity combined with Next.js or Astro for fast delivery

Headless + Self-hosted

Strapi, Directus, or Payload operated directly for stronger data control

Monolithic vs Headless answers a structure question, while SaaS vs Self-hosted answers an operating-ownership question.

2 / 20

Architecture Pattern Comparison

Scan the four patterns at once and see when each should be your first candidate

Monolithic

One system handles both content management and presentation (HTML generation).

Strong fit for website-first operations

Headless

Content is managed through APIs while presentation is built in a separate frontend.

Strong fit for multi-channel delivery

Hybrid

Keep some pages in the existing CMS while moving selected areas to a separate frontend.

Useful when migration risk must be spread out

Embed

Delegate features like comments, search, or analytics to separate services.

Useful when only a specific feature must be added quickly
AspectMonolithicHeadlessHybridEmbed
Presentation (HTML generation)CMS generates HTML directlySeparate frontend generates HTMLGeneration split by route or surfaceInternal services answer feature requests
Key advantageSimple build, integrated backofficeMulti-channel expansion, frontend freedomGradual separation, lower migration riskFast feature adoption, selective separation
Cache strategyHTML/static asset CDNAPI + ISR/Edge cachePer-route cache splitPer-feature cache and queue operations
When to consider firstWhen the website is the main channelWhen web, app, and API must move togetherWhen you want to improve only part of an existing CMSWhen comments/search/analytics need a fast add-on
How to read this table

Start by checking who generates HTML, then compare cache strategy and operating complexity to narrow the candidates quickly.

3 / 20

Monolithic CMS

Traditional structure with content management and presentation coupled

A structure where the content backoffice (admin UI) and presentation (templates/themes) are coupled in one system. Frontend and backend are essentially bound together, with functionality extended through themes and plugins.

Strengths

+Non-developers (marketers/operators) can directly manage pages and content quickly
+Fast feature expansion through theme/plugin ecosystems (SEO, analytics, eCommerce)
+Optimized for quick website-centric builds and operations

Weaknesses

-As the system grows, plugin/theme dependencies increase; updates, security patches, and performance tuning become operational burdens
-Limited freedom in choosing frontend technology (bound to template engine)
-Hard to handle multi-channel (app, voice, IoT); API-first design is constrained
Best scenario:When website is the primary channel, operators are non-developers, and fast build/operation is top priority
4 / 20

Monolithic CMS Products

License, strengths, and operational considerations

WordPressGPL (open source)
+Largest theme/plugin ecosystem
Code/content ownership, rich migration options
Official site ↗
DrupalGPL (open source)
+Structured content, API-first support
"No vendor lock-in" stated, upgrade expertise needed
Official site ↗
JoomlaGPL (open source)
+Extension/Template-based expansion
Self-hosting focus, ops responsibility on team
Official site ↗
TYPO3GPL (open source)
+Multi-site / multi-language ops
Enterprise-oriented, association/community governance
Official site ↗
UmbracoMIT (core free)
+.NET-based ASP.NET Core CMS
Core free, TCO varies with managed/cloud add-ons
Official site ↗
Adobe Experience ManagerCommercial (enterprise)
+Large-org WCM + DAM integration
Requires commercial contract + expert ops, high entry barrier
Official site ↗
5 / 20

Headless CMS

Modern structure delivering content via API

Separates content storage/management (backend) from presentation (frontend), delivering content via REST/GraphQL to any channel. Frontend tech stack (React, Vue, Astro, etc.) is freely selectable.

SaaS (vendor-managed)

-Vendor handles infrastructure, updates, security patches
-Fast start, ready to use immediately
-Usage/seat-based costs + vendor dependency

Self-hosted (open source)

-Full control over code and data, data sovereignty
-Team owns ops, security, and scaling responsibility
-Convert to fixed costs (infra + staff) long-term
Key strength:Supports web, app, voice, IoT simultaneously via API
Vendor risk:Content model/GraphQL schema lock-in; API request/document/bandwidth/seat-based costs can spike at growth inflection points
6 / 20

Headless CMS Products

SaaS vs Self-hosted comparison

Pricing: Free / Lite / Premium plans
Export: API/CLI export (space import/export)
Leading SaaS Headless CMS
Official site ↗
SanitySaaS + Open-source Studio
Pricing: $15/seat/month (Growth)
Export: CLI/Export API for data export
Studio (editor) is open-source, data on Sanity cloud
Official site ↗
StrapiSelf-host + Cloud
Pricing: Self-hosted Growth $45/month
Export: Official CLI export/import/transfer
Most popular open-source Headless CMS
Official site ↗
DirectusHeadless on top of DB
Pricing: Self-host free if revenue < $5M (BSL 1.1)
Export: CSV/JSON/XML/YAML export
Unique: turns any existing DB into a CMS
Official site ↗
PayloadApp-embedded (MIT)
Pricing: Fully free, open-source, self-host
Export: Next.js native CMS installed inside app
Manage app and CMS in one codebase
Official site ↗
7 / 20

SaaS (Cloud) vs Self-hosted

How will you operate your CMS?

This is a different axis from Monolithic vs Headless. Both Monolithic and Headless CMS can be operated as SaaS (cloud) or Self-hosted (self-installed). Cloud vendors (AWS, GCP, Azure) also provide tools to deploy these open-source CMS products on their infrastructure.

Decision Criteria
Priority 1Ops Staff & Data Sovereignty
Do you have developers or server administrators?
Do you need to own and control your data directly?
Priority 2Usage-based Cost
How much will SaaS pricing increase as usage grows?
Which is cheaper: infra + ops staff, or SaaS monthly fees?

Self-hosted

When you have devs / server admins
Pros
+Full data control
+No usage-based fees long-term
+Full customization freedom
Cons
-You own deployment, updates, security patches
-Ops staff cost required
-You design scaling and backup

SaaS / Cloud

When you have no ops staff
Pros
+No infrastructure management
+Start immediately
+Updates, security, backup automated
Cons
-Monthly fees based on usage/seats/bandwidth
-Data stored on vendor servers
-Costs can spike at scale
VS
Without dedicated ops staff, paying monthly for SaaS/Cloud is often cheaper overall. Hiring a developer or learning server management typically costs far more than a SaaS subscription.
8 / 20

SaaS Embed

Delegate features to external services, embed via script

Delegate features like comments, search, analytics, and auth to external SaaS, embedding them via JS/SDK. Fastest to integrate, but security, privacy, and performance control costs grow over time.

Comments
Disqus
Universal JS embed, traffic-based billing
Search
Algolia
Billed per search request/record
Web Analytics
Google Analytics 4
gtag.js deployment, free
Product Analytics
Amplitude / Mixpanel
Event-based tracking, MAU billing
Support
Intercom
Seat + usage-based hybrid billing
Payments
Stripe
2.9% + $0.30 per charge
Auth
Auth0
Free 25K MAU, then MAU-based billing
Feature Flags
LaunchDarkly
Free 1K contexts/month
What to watch when using SaaS Embed

These are the operating concerns that usually come with embedding third-party SaaS features.

Security
3rd-party JS supply chain risk — mitigate with CSP/SRI
Performance
External script loading impacts page performance
Cost
Usage-based costs (sessions/events/requests/records) scale non-linearly at growth
9 / 20

Decision Framework

Who is responsible for what

Approach
Ownership
Tradeoff
Best for
Monolithic CMS
Features, ops, security, performance tuning all in one system
Complexity grows as customizations accumulate
Website-centric, non-developer ops, fast build priority
Headless CMS
CMS handles content modeling, auth, workflows; team handles frontend, perf, deployment
Requires frontend development capability
Multi-channel, API-first, frontend freedom needed
SaaS Embed
Feature domain delegated to vendor; team owns security, privacy, performance control
3rd-party JS security, cost, and perf management required
Fast feature adoption, small team, early stage
Self-hosted
Team owns control and data sovereignty, plus deployment, observability, backup, updates
Requires DevOps capability
Data regulations, privacy requirements, long-term cost control
The choice is not good product vs bad product. It is about where to draw the line between what your team wants to control and what to delegate.
10 / 20

Practical Recipes

Recommended stacks by situation

Teams with limited dev and IT ops staff

Marketing / Brand sitesLimited ops capacity
SaaS/Cloud Monolithic CMS

A practical setup where page building starts fast, while the vendor handles server ops, security patches, and updates.

High regulation / data sensitivity domains

FinanceHealthcareB2B SaaS
Headless (or Monolithic) + self-hosted analytics/observability

Minimize external data transmission. Run PostHog, Sentry self-hosted on internal network

Long-term lock-in minimization

StartupsGrowth stage
Design for replaceability from day one

Regular content export pipeline (CLI backup) · Isolate SaaS Embed with CSP/SRI · Confirm billing units (MAU/events/requests/records) upfront

Whatever structure you choose, the key is aligning responsibility distribution with your team's capabilities and control scope.
11 / 20

Hybrid and Gradual Transition

In practice, teams often mix structures and migrate step by step

The comparison on slides 2 and 3 is meant to explain the conceptual axes. In real services, teams rarely switch everything at once. They usually separate only the parts that need it first.

Hybrid

The existing CMS keeps serving the basic pages.
Only demanding surfaces such as search, campaign pages, or high-performance landing pages move to a separate frontend.

Gradual migration

You can keep the current system while replacing high-risk areas step by step.
This gives both operators and developers time to adapt.

Feature reclaim

A team may start quickly with SaaS Embed, then later reclaim the feature into Self-hosted infrastructure when cost or security pressure grows.
In other words, the structure is a strategy that changes with the growth stage.
The key is not choosing a perfect structure on day one, but drawing boundaries so that separation or reclaim is possible later.
12 / 20

Publish → Cache Invalidation Flow

When does the screen update after publishing in a CMS?

"Why doesn't the page update immediately after editing?" The answer is almost always the cache. Even if you fix the DB, the CDN or frontend may still serve old results.

Cache Invalidation
Discarding the stored old result
Regeneration
Rebuilding the page with fresh data
Revalidation
Checking whether the cache is still valid on the next request
1
Editor publishes content
2
CMS fires Webhook
3
Revalidation Worker receives it
4
CDN invalidation request → old cache removed
5
Next.js revalidateTag called
6
Next request generates fresh HTML/JSON
7
User receives up-to-date screen
CDN invalidation alone leaves app cache stale; app revalidation alone leaves CDN stale. Both must be designed together.
13 / 20

CMS Data Model

Design covers not just content but also roles, revisions, and audit logs

A CMS DB is not a simple post storage. It must handle who can edit, when content was published, and whether rollback to a past version is possible.

1:N authors
1:N revisions
1:N comments
USER
id (PK)
email
password_hash
status (active/disabled)
last_login_at

Connected to posts, comments, and audit logs

CONTENT
id (PK)
type (Article/Page/Block)
slug
status (draft/review/published/archived)
author_id (FK)
published_revision_id (FK)

Linked to revisions, tags, and media

REVISION
id (PK)
content_id (FK)
revision_no
editor_id (FK)
snapshot (jsonb)
change_note

A full snapshot copy of a past version

COMMENT
id (PK)
content_id (FK)
author_id (FK, nullable)
status (pending/approved/rejected/spam)
ip_hash

Goes through approval queue for XSS/spam defense

Also design: ROLE, PERMISSION, USER_ROLE, MEDIA, TAXONOMY, AUDIT_LOG

Storing Revision.snapshot as jsonb absorbs schema drift between past and present, enabling transactional rollback.
14 / 20

Role-Based Access Control (RBAC)

Who can do what

Role
"Who is this person?" — admin, author, regular user
Permission
"What can this person do?" — create post, publish, delete
RBAC
Bundling permissions by role
Resource/ActionGuestUserAuthor+PublisherAdmin
Content read (public)
Content create (draft)Optional✅(own)✅(any)
Content edit✅(own)✅(any)
Content publish
Content rollback✅(granted)
Comment create
Comment approve/delete✅(granted)
User/Role management
Fine-grained permissions increase stability but also complexity. Start with just own/any distinction.
15 / 20

Content Workflow

Draft → Review → Publish → Rollback

Authors and approvers can be different people. A workflow manages the create-review-publish process consistently.

Draft
Publisher
Draft created. Not yet public.
Review
Publisher → Admin
Review requested. Awaiting approval.
Published
Admin
Approved. Visible to users.
Rollback
Admin
Update published_revision_id to past version. Transaction + audit log required.
Comment Approval Queue
Comment.status: pending → approved/rejected/spam. Moderation queue protects against XSS and spam.
Admin UI: session + CSRF token. Public API / mobile: OAuth 2.0 or short-lived JWT is the most common pattern.
16 / 20

Security Checklist

CMS has a wide attack surface: user input, permissions, scripts, media

The checklist is not a memorization list. It is a question checklist: "Is this input dangerous?", "Are permissions too broad?", "Can I trust this external script?"

XSS
Malicious scripts executing in another user's browser
CSRF
Tricking a logged-in user into sending unwanted requests
CSP
Rules telling the browser which scripts are allowed to run
SRI
Hash-based verification that external files haven't been tampered with
AreaCheckLevel
AuthenticationPassword hashing, MFA (optional), login attempt limitingcritical
Authorization (RBAC)scope (own/any), admin function separationcritical
XSSOutput encoding, HTML Sanitization, editor allowed-tag restrictioncritical
CSRFCSRF token / Origin check on state-changing requestshigh
CSPStrict script-src with nonce/hash, block inline scriptshigh
SRIApply integrity attribute to external scriptshigh
Secret MgmtSeparate DB/token keys via Secret Manager, no secrets in codecritical
Audit LogAlways log publish, rollback, and permission changeshigh
17 / 20

Core Implementation Patterns

What system moves at what moment

REST API Key Endpoints
Public Read
GET /api/content?type=Article&status=published
GET /api/content/:id
Create/Edit (Auth required)
POST /api/content (create draft)
PATCH /api/content/:id (edit draft)
POST /api/content/:id/submit (request review)
Publish/Rollback (Permission required)
POST /api/content/:id/publish
POST /api/content/:id/rollback { revisionId }
Media
POST /api/media/presign (issue presigned URL)
POST /api/media/complete (confirm metadata)
Publish Transaction — 5 Steps
1Lock content row with FOR UPDATE (check status)
2Create new revision (snapshot jsonb)
3Set content.status = 'published', update published_revision_id
4Record publish event in audit_log
5Enqueue cache invalidation event (Outbox pattern recommended)
Presigned URL Media Upload Flow
1Browser → POST /api/media/presign
2API → returns {uploadUrl, key}
3Browser → PUT directly to S3
4Browser → POST /api/media/complete
5API → creates MEDIA row
18 / 20

Why large uploads are separated

A closer look at the Presigned URL pattern

Small text requests are usually fine for the application server to handle directly. Large files such as video are different. If the web server receives them directly, bandwidth, concurrent connections, and temporary storage pressure can all pile onto the app tier and trigger cascading failures.

Small text requests
Payloads are relatively small and processing time is short.
Even when the app server handles them directly, CPU, memory, and network cost stays limited.
Large media uploads
As files grow, upload time grows and connections stay occupied longer.
If the web server receives them directly, other requests can slow down too, so a separate path is usually safer.
Recommended path: Browser → CloudFront → S3
1Browser → POST /api/media/presign
2API → returns short-lived upload permission and key
3Browser(JS) → direct PUT/POST to the CloudFront upload endpoint
4CloudFront → forwards to the S3 origin
5Browser → POST /api/media/complete
6API → creates MEDIA row + stores metadata
Important implementation point

Here, "Browser → direct PUT to S3" does not mean a full-page HTML form submit. It means JavaScript in the browser performs an asynchronous upload with fetch/XHR. That makes it possible to show upload progress, retry failures, and register metadata after the file upload finishes.

19 / 20

Operations & Scalability Strategy

Cache, DB scaling, disaster recovery

Cache Strategy
Edge CDN + Cache-Control: Based on HTTP standard (RFC 9111)
ISR/SSG: Refresh pages without full rebuild; use revalidateTag for precision
Headless CMS CDN: Design purge policy + API rate limit together at publish time
CSP/SRI: Control third-party scripts — block inline, verify with integrity hash
DB Scaling
Read Replica: Route public queries (published) to replica — establish cache policy first
Sharding: For multi-tenant, shard by tenant_id — revisions/comments must move together
Media: Object storage (S3) instead of DB + presigned URL upload
Disaster Recovery Targets (Example)
ComponentRTORPO
Content DB1-4 hours5-15 min
Media Storage1-4 hours15-60 min
Cache/Search IndexMinutes to 1 hourRebuildable

These values are starting points. Adjust based on your team's operations policy and budget.

20 / 20
Lecture index
4 approaches to content management
OverviewOpen example
한국어English
All lecturesCMS & Content Infrastructure[email protected]@studiojin_devSubstack
Course Summary

CMS & Content Infrastructure

Compare Monolithic, Headless, SaaS Embed, and Self-hosted choices through a real service-ops lens.

A structural design course for beginners on where content lives, which features to outsource, and how cache and permissions shape the system.

Deliverable: a CMS decision matrix, an initial content model, and cache/permission operating checklists for your product.

Read course overviewLecture index

What this deck covers

  • Compare Monolithic, Headless, SaaS Embed, and Self-hosted through the lens of responsibility boundaries.
  • See content models, revisions, permissions, audit logs, and cache invalidation as one connected design problem.
  • Build a practical selection framework for different service contexts.
  • Draft a first-pass data model and ops checklist before implementation begins.

Chapter outline

0125m

Establish the architecture lenses

Separate Monolithic vs Headless from SaaS vs Self-hosted so the comparison becomes easier to reason about.

0235m

Read the core patterns and product groups

Go beyond pros and cons and learn when each pattern should become a first candidate.

0330m

Decision framework and combination recipes

Choose practical stack combinations based on team size, data sensitivity, ops strength, and cost shape.

0435m

Implementation essentials: data, permissions, cache

Connect revisions, RBAC, audit logs, and cache invalidation as implementation-level concerns.

0515m

Ops, security, and scale strategy

Review how moderation queues, large uploads, disaster recovery, and observability fit into the operating model.