Readit News logoReadit News
kvalekseev commented on Reining in the thundering herd: Getting to 80% CPU utilization with Django   blog.clubhouse.com/reinin... · Posted by u/domino
JanMa · 5 years ago
Interesting to read that they are using Unix sockets to send traffic to their backend processes. I know that it's easily done when using HaProxy but I have never read about people using it. I guess the fact that they are not using docker or another container runtime makes sockets rather simple to use.
kvalekseev · 5 years ago
It's standard way to connect things in UNIX and provides better performance. For example postgresql tcp+ssl is 175% slower than socket https://momjian.us/main/blogs/pgblog/2012.html#June_6_2012
kvalekseev commented on Reining in the thundering herd: Getting to 80% CPU utilization with Django   blog.clubhouse.com/reinin... · Posted by u/domino
lddemi · 5 years ago
1. HAProxy does support request buffering https://cbonte.github.io/haproxy-dconv/2.2/configuration.htm...

2. our load balancer buffers requests as well

kvalekseev · 5 years ago
From HAProxy mailing list about http_buffer_request option https://www.mail-archive.com/haproxy@formilux.org/msg23074.h...

> In fact, with some app-servers (e.g. most Ruby/Rack servers, most Python servers, ...) the recommended setup is to put a fully buffering webserver in front. Due to it's design, HAProxy can not fill this role in all cases with arbitrarily large requests.

A year ago I was evaluating recent version of HAProxy as buffering web server and successfully run slowloris attack against it. Thus switching from NGINX is not a straightforward operation and your blog post should mention http-buffer-request option and slow client problem.

kvalekseev commented on Reining in the thundering herd: Getting to 80% CPU utilization with Django   blog.clubhouse.com/reinin... · Posted by u/domino
kvalekseev · 5 years ago
HAProxy is a beautiful tool but it doesn't buffer requests that is why NGINX is recommended in front of gunicorn otherwise it's suspectible to slowloris attack. So either cloubhouse can be easily DDOS'd right now or they have some tricky setup that prevents slow post reqests reaching gunicorn. In the blog post they don't mention that problem while recommend others to try and replace NGINX with HAPRoxy.
kvalekseev commented on Show HN: A Django code review bot for GitHub pull requests   django.doctor/?show-hn... · Posted by u/rikatee
rzodkiew · 5 years ago
I'm probably old fashioned, but I don't understand why would I want something like that as a web-service, rather than something I can run locally (like all the js linters or rubocop).
kvalekseev · 5 years ago
I wrote https://github.com/kalekseev/django-extra-checks that do exactly this using builtin django checks framework, it has a couple of drawbacks though: 1) Django checks doesn't provide a good way to disable checks for some lines. 2) Parsing AST is quite slow and django check runs on every dev server reload.
k

u/kvalekseev

KarmaCake day11November 6, 2020View Original