Behind the scenes: How we host Ars Technica

[FTL]

pushing servers to the limit and even breaking them once or twice

I'm curious about that breaking part. Do you mean that they just couldn't handle the load and worked fine once it went away, or they actually permanently malfunctioned?

 

[tristan9]

That will let me do some trickery where we fork the request inside Cloudflare

Ah that’s a good approach indeed; we do something similar in other places internally, so that shouldn’t be too hard to backport

Because of that, it's really easy to shim it in... if the header exists, the CSRF check method uses that header

if only Safari on iOS had adopted it before… sigh…

 

[digitalpoint]

if only Safari on iOS had adopted it before… sigh…

Agreed, but at least they support it now finally. Even if they supported it a long time ago, you probably wouldn't want to completely do away with CSRF though because simply removing it would make XenForo not work with:

• Internet Explorer (any version)
• Firefox from 2 years ago
• Samsung Internet before 2020
• etc...

While Safari is the last to the party, it's a recent enough addition to some other browsers that you couldn't just do away with CSRF completely. So best to use Sec-Fetch-Site when you can and fallback to CSRF when you can't (and when Safari finally implemented it doesn't affect that need).

 

[Slavik]

Do you mean that they just couldn't handle the load and worked fine once it went away, or they actually permanently malfunctioned?

Yea, we effectively DDoSed ourself with a mix of massive loading and intentionally poorly made queries to see how long it would take various setups to fall over and then recover, and what, if any, intervention was needed by us.

 

[FTL]

Yea, we effectively DDoSed ourself with a mix of massive loading and intentionally poorly made queries to see how long it would take various setups to fall over and then recover, and what, if any, intervention was needed by us.

I'd love to have seen that.

 

[JustinHawk]

Good luck with that last one then! If the sheet itself isn’t too sensitive, do you plan on sharing it somewhere?

The issue was sorted. Sorry, cannot share due to business requirements, its specific for a case scenario.

For pageviews/viewcount in my case scenario I am going to log the URL in separate server, where a code in nodejs would run which is going to fetch the details from Google Analytics and then directly update in xenForo DB. In this way i can update stats at every 5-30 min interval.

In this way It would be like this:

User-> CF Request for Cache Update |-> Apache/Nginx -> PHP Process -> DB
                                   |-> Queue (Different VPS) -> Google Analytics -> DB

Its going to contain a lot more logic than above simple explanation.

 

[tristan9]

Too bad, but understandable

 

[fly]

Forgot to circle back to this, but they released part 2.

How we host Ars Technica in the cloud, part two: The software

A deep dive into the applications and functions that keep Ars humming along in the cloud.

arstechnica.com

edit: Also, for those that find AWS compute pricing too expensive, check out https://github.com/LeanerCloud/AutoSpotting. As long as your workload is stateless, you can save a TON of money.

 

[eva2000]

Also, for those that find AWS compute pricing too expensive, check out https://github.com/LeanerCloud/AutoSpotting. As long as your workload is stateless, you can save a TON of money.

Nice tool to take advantage of AWS spot instance pricing, though it doesn't help for the AWS egress pricing which is definitely a larger part of the cost I'd imagine.

 

[fly]

Nice tool to take advantage of AWS spot instance pricing, though it doesn't help for the AWS egress pricing which is definitely a larger part of the cost I'd imagine.

Nope! And although I'm an AWS consultant, that's why I always attempt to get all my clients to use Cloudflare rather than CloudFront. Technically, you could probably also use a Lightsail reverse proxy to save on bandwidth costs too, but I've never had to go down that road.