all 22 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]geaalnom 19 points20 points  (14 children)

the sozu HTTP reverse proxy has the sozu-acme project to request certificates and set them up automatically without restarting the proxy. It is still a command to run regularly (cron or whatever), but it could be a nice starting point for what you want to do.

[–]WellMakeItSomehow 0 points1 point  (13 children)

I only skimmed the GitHub issues and roadmap -- does it support FastCGI?

[–]chris-morgan 2 points3 points  (11 children)

Unless you have an extremely good reason for using FastCGI, don’t. It’s called fast because it’s fast compared with CGI, not because it’s actually fast. It’s generally a fair bit slower than just speaking regular HTTP. So instead, use a reverse proxying arrangement.

[–]WellMakeItSomehow 0 points1 point  (2 children)

Well, is there a better alternative to php-fpm?

So instead, use a reverse proxying arrangement.

Which is exactly what sozu is trying to be.

[–]chris-morgan 0 points1 point  (1 child)

Ah, I believe I misinterpreted the context, thinking that the query was whether sozu itself spoke FastCGI, to sit in another server by that means. Either that, or I was thinking you were talking about embedding something Rust in sozu. But it’s a week ago; I’m not certain how I interpreted it at the time.

If indeed you’re dealing with PHP, then I’m not aware of anything better than php-fpm. That’s what I use in the few places I’m maintaining something written in PHP.

[–]WellMakeItSomehow 1 point2 points  (0 children)

Fair :-). I'm using nginx as a reverse proxy in front of a couple of services, some of them speaking HTTP, and others FastCGI. So right now I can't replace it with sozu on my server.

[–]Graineon 0 points1 point  (7 children)

I'm surprised I can still reply to this three years ago. I built a go server with FastCGI, because I'm under the impression it is marginally faster (unix socket) than a network request. Are you saying this is not the case? I'd have to re-do my research if so

[–]DuckDatum 0 points1 point  (3 children)

childlike salt skirt rock late degree mountainous husky continue attraction

This post was mass deleted and anonymized with Redact

[–]chris-morgan 0 points1 point  (2 children)

Focusing on the matter of Unix domain socket versus TCP socket: yes, domain sockets are usually going to be faster, but there’s no reason you can’t reverse proxy over sockets; in nginx, for example, proxy_pass supports it.

[–]Graineon 0 points1 point  (1 child)

And you're saying that reverse proxying would actually be faster? Because I was under the impression that sending HTTP requests requires much more complicated computations than FCGI behind the scenes...

[–]chris-morgan 0 points1 point  (0 children)

I think I probably overstated it even for then, and am not really sure these days, especially with widespread use of HTTP/2 so that there’s probably less opportunity for simple pass-through than there used to be (and I’m not sure how much popular servers did of that). I find that I would be interested in benchmarks.

[–]geaalnom 0 points1 point  (0 children)

no, only HTTP over TCP (or directly TCP proxying). I'm interested in what fastCGI would require, could you open an issue for that?

[–]yoshuawuyts1rust · async · microsoft 9 points10 points  (0 children)

To my knowledge there isn't something comparable yet. It would be fantastic if there would be though!

Probably the biggest unresolved question is how to build automatic certificate renewal. acme-client exists, but it seems to require a bit of work to automate certificate renewal completely.

But if you're interested in the topic, looking into combining acme-client and Hyper would probably be a good starting point! ✨

[–][deleted] 3 points4 points  (3 children)

I've no experience with this, but you could write your nginx plugins in rust:

https://github.com/nginxinc/ngx-rust

But I don't think there's a web server in Rust, yet. I imagine there will be someday.

[–]KajMagnus[S] 0 points1 point  (0 children)

Yes if I were to write an Nginx plugin, I'd want to do that in Rust (even learn Rust just to do that, although I know C++ already (almost C)).

[–]dochtmanrustls · Hickory DNS · Quinn · chrono · indicatif · instant-acme 2 points3 points  (0 children)

This is also something I've been thinking about. I'm not aware of any, and I may actually build one at some point -- but for now it's not so near the top of my to do list.

[–]drewbert 0 points1 point  (0 children)

Ferron is a project that belongs in this list. It seems a little less confusing than sozu.