Nginx
Mastodon
Our great sponsors
Nginx | Mastodon | |
---|---|---|
97 | 1,224 | |
20,165 | 45,874 | |
1.2% | 0.8% | |
8.9 | 10.0 | |
3 days ago | 1 day ago | |
C | Ruby | |
- | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Nginx
-
How to securely reverse-proxy ASP.NET Core web apps
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
- Ask HN: Is nginx.org (the domain-name itself) gone?
-
Freenginx: Core Nginx Developer Announces Fork of Popular Web Server
> I actually don't understand why I am seeing arguments like this all the time.
Have a look at:
https://github.com/nginx/nginx/blob/master/src/http/modules/...
It's got the whole checklist: nginx idiosyncratic module system, inline parsing, custom utf conversion, buffer preallocation and adjustments, linked lists, comments about side effects of custom allocator, and probably other things.
It's not easy to deal with source like that and any serious improvement to that area would effectively be a rewrite anyway.
Since anything doing work in nginx is a module anyway, it wouldn't even have to be a full rewrite in one go.
-
The Internet is Maintained by 1 Software Developer
According to this article, nGinx is being used to serve 34% of all websites in the world. I checked out who's contributing to nGinx, and just like I thought, the project has 8,208 commits, and 5,366 of those commits was made by 2 software developers; igorsoev and mdounin.
- [06/52] Accessible Kubernetes with Terraform and DigitalOcean
- Freenginx.org
-
Performance benchmark of PHP runtimes
Nginx + Roadrunner (fcgi mode)
-
Web CGI programs aren't particularly slow these days
Apache’s mod_fastcgi’s last commit was 2 weeks ago:
https://svn.apache.org/viewvc/httpd/httpd/trunk/
It’s a fork of what you linked (and was more popular afaik back when fastcgi was state of the art, and apache was the undisputed champion of web servers).
These days, nginx has more market share than apache, and its fastcgi module is one of the more recently updated ones in its source tree (5 months vs multiple years):
https://github.com/nginx/nginx/tree/master/src/http/modules
If I was going to build an embedded web server, I’d start with nostd rust, probably with though axum + tokio, since thats already memory safe-ish.
If I needed fastcgi for some reason (dynamically loadable endpoints, or os-level isolation), there are at least four implementations of fastcgi for it. No idea if any are decent though.
-
Five Apache projects you probably didn't know about
APISIX is an API Gateway. It builds upon OpenResty, a Lua layer built on top of the famous nginx reverse-proxy. APISIX adds abstractions to the mix, e.g., Route, Service, Upstream, and offers a plugin-based architecture.
-
Nginx is Probably Fine
I suppose you could read the code. https://github.com/nginx/nginx
Mastodon
-
Open source at Fastly is getting opener
Through the Fast Forward program, we give free services and support to open source projects and the nonprofits that support them. We support many of the world’s top programming languages (like Python, Rust, Ruby, and the wonderful Scratch), foundational technologies (cURL, the Linux kernel, Kubernetes, OpenStreetMap), and projects that make the internet better and more fun for everyone (Inkscape, Mastodon, Electronic Frontier Foundation, Terms of Service; Didn’t Read).
-
Bluesky announces data federation for self hosters
Mastodon DMs have absolutely no privacy: https://github.com/mastodon/mastodon/issues/18079
For a decentralized protocol doing things right is much more important than doing things fast, it is very difficult (and in a lot of cases impossible) to break backwards compatibility.
- External OpenID Connect Account Takeover by Email Change
-
Ask HN: Best practice for posting links to large Mastodon threads?
Postmortem on what happened here: https://news.ycombinator.com/edit?id=39305884
The v1 API of Mastodon limits the size of the tree that it will expand for users who are not logged into the server: https://github.com/mastodon/mastodon/blob/main/app/controllers/api/v1/statuses_controller.rb . I am guessing that this or some similar limit applies to threads being returned to unauthenticated users of the web UI. It just arbitrarily stops expanding the replies at some point, including the main thread from the OP.
If a thread is truncated, users expect it to expand automatically and autoscroll when you hit the bottom. In my desktop browser, that does not occur, and there is no indication that there is more to see. This is the situation of the web interface as of Mastodon version 4.2.5.
The issue is very sensitive to observer conditions. If you are logged into the server, the behavior is different. If you use a Mastodon app instead of the web, the behavior might be different. As the tree expands, the cutoffs become different. If you look at the thread on a different Mastodon server, the tree is different because every server has its own view of the Fediverse.
HN needs a best practice for linking to Mastodon threads in a way that provides a consistent experience to HN readers. The average Mastodon server would be crushed by hundreds of HN readers grabbing the entirety of a huge thread all at once, so this might involve some thread-unroll-and-cache service. I tried https://mastoreader.io/ but it did not solve the problem.
Alternately, we push changes into the Mastodon web UI to warn users when they need to click to see more and assume that people will get used to the navigation.
Suggestions?
-
CVE-2024-23832 Mastodon Vulnerability: Remote user impersonation and takeover
Fixed in Mastodon v4.2.5 https://github.com/mastodon/mastodon/releases/tag/v4.2.5
-
Unity's Open-Source Double Standard: The Ban of VLC
>You can defeat the Affero clause by putting the software behind a proxy, for example
Could someone elaborate on this? This is NOT my understanding of the license, and it seems absurd considering e.g. Mastodon is AGPL but the standard install requires a reverse proxy[1]. If using a proxy defeats Affero, why would the Mastodon team do this? Are they stupid?
[1] https://github.com/mastodon/mastodon/blob/main/dist/nginx.co...
-
You Can't Follow Me
Mastodon is free and open-source. Go ahead and add the flag:
https://github.com/mastodon/mastodon/blob/main/CONTRIBUTING....
- Change Referer value to something generic such as "urn:activitypub:Mastodon"
-
Welcome to the public domain, Steamboat Willie
Didn't say anything about freedom of speech. And again: I'm not the one to talk to. I don't have any strong feelings on the topic, but if you do, you should take it somewhere that people who can do something about it will see.
I tried to find an existing discussion to help get you started, but couldn't. You can start one here: https://github.com/mastodon/mastodon/issues
It's easy to sit here on Hacker News and say "they should just..."
Coming up with a standard for an international project will be a long, noisy discussion. You'll tread on internecine conflicts you had no idea about. Old wounds from past related discussions will come out. People will soapbox.
This is why I have no interest in discussing it. It probably won't go anywhere in a place where it actually could. It definitely won't here.
-
Mastodon with Docker rootless, compose, and Nginx reverse proxy
I've written down how I set up my Mastodon server here. This includes some topics that seem not well covered currently:
- use nginx reverse proxy with the official nginx.conf [1], but with some changes needed for compatibility with docker
- use rootless docker, for security, together with bind mounts, for maintainability
- use compose, with some modifications to the official docker-compose.yml [2] that make life easier and are compatible with the reverse proxy
[1]: https://github.com/mastodon/mastodon/blob/main/dist/nginx.co...
[2]: https://github.com/mastodon/mastodon/blob/main/docker-compos...
What are some alternatives?
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
diaspora* - A privacy-aware, distributed, open source social network.
envoy - Cloud-native high-performance edge/middle/service proxy
Misskey - 🌎 An interplanetary microblogging platform 🚀
Squid - Squid Web Proxy Cache
Lemmy - 🐀 A link aggregator and forum for the fediverse
nestjs-monorepo-microservices-proxy - Example of how to implement a Nestjs monorepo with no shared folder
Friendica - Friendica Communications Platform
Hiawatha - Hiawatha is an open source webserver with security, easy to use and lightweight as the three key features. Hiawatha supports among others (Fast)CGI, IPv6, URL rewriting and reverse proxy. It has security features no other webserver has, like blocking SQL injections, XSS and CSRF attacks and exploit attempts. The built-in monitoring tool makes it perfect for large scale deployments.
GNU social - GNU social is social communication software for both public and private communications.
YARP - A toolkit for developing high-performance HTTP reverse proxy applications.
nostr - a truly censorship-resistant alternative to Twitter that has a chance of working