HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kvalekseev

no profile record

comments

kvalekseev
·5 lat temu·discuss
It's standard way to connect things in UNIX and provides better performance. For example postgresql tcp+ssl is 175% slower than socket https://momjian.us/main/blogs/pgblog/2012.html#June_6_2012
kvalekseev
·5 lat temu·discuss
From HAProxy mailing list about http_buffer_request option https://www.mail-archive.com/[email protected]/msg23074.h...

> In fact, with some app-servers (e.g. most Ruby/Rack servers, most Python servers, ...) the recommended setup is to put a fully buffering webserver in front. Due to it's design, HAProxy can not fill this role in all cases with arbitrarily large requests.

A year ago I was evaluating recent version of HAProxy as buffering web server and successfully run slowloris attack against it. Thus switching from NGINX is not a straightforward operation and your blog post should mention http-buffer-request option and slow client problem.
kvalekseev
·5 lat temu·discuss
HAProxy is a beautiful tool but it doesn't buffer requests that is why NGINX is recommended in front of gunicorn otherwise it's suspectible to slowloris attack. So either cloubhouse can be easily DDOS'd right now or they have some tricky setup that prevents slow post reqests reaching gunicorn. In the blog post they don't mention that problem while recommend others to try and replace NGINX with HAPRoxy.
kvalekseev
·6 lat temu·discuss
I wrote https://github.com/kalekseev/django-extra-checks that do exactly this using builtin django checks framework, it has a couple of drawbacks though: 1) Django checks doesn't provide a good way to disable checks for some lines. 2) Parsing AST is quite slow and django check runs on every dev server reload.