1M daily users = roughly 12 RPS average, 50-200 RPS peak depending on time-of-day skew. The hard part isn't raw throughput — CDNs handle that — it's consistent perf across global users, low ops overhead, fast time-to-deploy, and resilience under spikes.

Architecture layers

User → CDN (edge cache + edge SSR) → Origin (SSR / API) → Database / Cache

Edge / CDN

• Static assets (JS, CSS, images): hashed URLs, Cache-Control: public, max-age=31536000, immutable.
• HTML for public pages: SSG → CDN edge cache; sub-100ms TTFB worldwide.
• HTML for personalized pages: SSR at the edge (Cloudflare Workers, Vercel Edge) with cookie-aware logic; can still cache per cookie-group.
• API for public data: edge cache with short TTL + stale-while-revalidate.
• Images: CDN-served, on-the-fly resized (Cloudflare Images / Imgix / Cloudinary), AVIF/WebP.

Origin

• Stateless servers behind a load balancer; autoscale on CPU + queue depth.
• Multi-region if SSR for global users (otherwise edge SSR handles geo).
• Connection pooling for DB.
• Background workers for non-realtime tasks (email, analytics aggregation).
• Health checks for fast failover.

Data layer

• Primary DB with read replicas per region.
• Redis for cache + session + rate limit counters.
• Search engine (Elasticsearch, Meilisearch) for autocomplete.
• Object storage (S3) for uploads.

Frontend specifics

Bundle

• Per-route code splitting (automatic in Next/Remix).
• Initial bundle budget: <200KB compressed for content sites, <400KB for dashboards.
• size-limit in CI to enforce.
• Tree-shaking, modular imports.

Rendering

• Marketing pages: SSG.
• Product/catalog: ISR with tag-based invalidation on data change.
• Personalized (logged in): SSR.
• App / dashboard: CSR with SSR-rendered shell.

Caching

• HTTP: long max-age + immutable on assets.
• Service worker: pre-cache app shell, runtime cache for API.
• App-level: React Query / SWR for dedup + cache.

Images

• AVIF / WebP via CDN image service.
• srcset + sizes for responsive.
• Lazy-load below fold, preload LCP image.

Resilience

• Circuit breakers on origin → external dependencies.
• Retries with jitter for transient failures.
• Graceful degradation: read-only mode if write path is down.
• Static fallback HTML for outages.

Observability

• RUM (web-vitals → analytics) sampled at 1-10% of users.
• Error monitoring (Sentry, Datadog).
• Synthetic checks (Lighthouse CI per PR, scheduled WebPageTest).
• Alerting on rate-of-change (LCP regress >10% week/week, error rate doubled).

Deployment

• Atomic deploys (immutable build artifacts).
• Canary / progressive rollout: 1% → 10% → 100% with health gates.
• One-click rollback.
• Feature flags for risky changes (kill-switch without deploy).
• Blue/green or rolling for zero-downtime.

Cost

• CDN cache hit ratio target: >95% for static, >70% for HTML.
• Origin compute: autoscale + spot instances where possible.
• Image optimization: pay once at upload, serve forever.
• Cap third-party tags: each adds bytes + RPS to user devices.

Per-route considerations

• /checkout must be highly reliable: simpler bundle, fewer third parties, more retries, idempotency keys.
• /search: aggressive client-side cache, edge cache short-TTL, debounced input + abort.
• Auth pages: minimal JS, fastest possible TTFB (login is on the critical funnel).
• Marketing: SSG + aggressive image opt + minimal client JS.

Scaling specific concerns

Spikes (launch, virality)

• Pre-warm CDN for known popular URLs.
• Origin should handle 3-5x typical peak without degradation.
• Backoff + jitter on retries to prevent thundering herd.
• Static fallback page if origin can't keep up.

Regional latency

• Edge SSR / SSG keeps perf consistent worldwide.
• Multi-region read replicas for SSR routes.
• Sampling RUM by geo to find slow markets.

Browser diversity

• Test matrix includes Safari (especially iOS), Chrome Android, Firefox.
• Don't ship polyfills for browsers you don't support.
• Progressive enhancement for old browsers (still works, less features).

Team-level

• Bundle budget enforced in CI, owned by perf champion / platform team.
• Architecture Decision Records for significant choices.
• Sunset policy for feature flags (max 90 days).
• Periodic perf audit (quarterly).
• Capacity planning before known traffic events.

What NOT to do

• Single-region SSR for global users → slow TTFB outside the region.
• CSR for content pages → bad SEO + slow LCP.
• Mega vendor chunk → single dep update invalidates the world.
• Long-cached HTML + frequently changing assets → version mismatch.
• Storing tokens in localStorage → XSS = game over.
• No CI guards → regressions creep in.
• No error monitoring → invisible failures.

Mental model

Edge-first + cache-everything + observe-everything + scale-stateless. At 1M DAU the math is forgiving (most ops can handle it), but the experience depends on getting cache strategy, image optimization, and observability right. The architecture is less about extreme scale and more about consistency, resilience, and ops simplicity.