Two async functions - one listens on port 80, and forwards requests into the business logic; one listens on port 443 (grabbing a certificate from Let’s Encrypt if it doesn’t have an up-to-date one in the cache), decrypts the SSL, and forwards requests into the business logic.
Before I gave up and wrote my own software I tried various combinations of nginx, varnish, hitch, haproxy, squid, traefik, and I’m sure more that I’m forgetting. Most of them worked ok in most cases (and I’m still happily using `varnish -> nginx -> app server` for other parts of the site) -- but for one reason or another they each had issues handling tens of thousands of requests per second on a tiny potato of a server D: (If any of them worked then yes I would go ahead and use them - but it wouldn’t stop me feeling bad about needing to have a whole extra reverse-proxy layer just because my web framework doesn’t know how to close idle TCP connections :P)
(Incidentally if somebody knows of a CDN or cloud service that’ll serve ~3Gbps of NSFW content for <$800/mo, I would be more than happy to quit writing my own software to run on hand-managed bare-metal servers :P)
Cloudflare R2 might work well for you for serving the image files themselves, there's a per-request fee ($0.36/million GETs) but no bandwidth fees. AFAIK there's no restriction on NSFW content on any Cloudflare service, as long as it's legal.
Disclaimer: I work for CF, but not on a team related to R2. I'm just speaking as a CF enthusiast here.
Interesting~ Last time I spoke to somebody from CF we were too big for the regular plans and too small for the “call us on the phone and we’ll discuss a custom contract” plan, but it has been a couple of years so maybe worth looking at the newer services :)
I'd say R2's definitely worth a look, since it works quite well standalone (without other CF services). If the public pricing works well for you, there's no real benefit to an Enterprise contract or anything; the product should Just Work and arbitrarily scale.
All of the code is here: https://github.com/shish/shm-cached/blob/main/src/tcp.rs
Two async functions - one listens on port 80, and forwards requests into the business logic; one listens on port 443 (grabbing a certificate from Let’s Encrypt if it doesn’t have an up-to-date one in the cache), decrypts the SSL, and forwards requests into the business logic.
Before I gave up and wrote my own software I tried various combinations of nginx, varnish, hitch, haproxy, squid, traefik, and I’m sure more that I’m forgetting. Most of them worked ok in most cases (and I’m still happily using `varnish -> nginx -> app server` for other parts of the site) -- but for one reason or another they each had issues handling tens of thousands of requests per second on a tiny potato of a server D: (If any of them worked then yes I would go ahead and use them - but it wouldn’t stop me feeling bad about needing to have a whole extra reverse-proxy layer just because my web framework doesn’t know how to close idle TCP connections :P)
(Incidentally if somebody knows of a CDN or cloud service that’ll serve ~3Gbps of NSFW content for <$800/mo, I would be more than happy to quit writing my own software to run on hand-managed bare-metal servers :P)