Our great sponsors
-
ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
Openresty with a few Nginx modules and Lua scripts can go a long way for many use-cases mentioned:
- ModSecurity for WAF: https://github.com/SpiderLabs/ModSecurity
- L7 Rate limiting: https://github.com/openresty/lua-resty-limit-traffic
- Cache: https://github.com/ledgetech/ledge . Or use varnish which gives you VCL for high configurability
- CDN: https://github.com/taythebot/lightpath . This project seems to be a WIP which you can use as a starting point for your needs. You will also need to find good enough "edge" locations for your CDN.
Similarly, HAProxy does a lot of stuff with the correct config and is also extensible using Lua:
-
Openresty with a few Nginx modules and Lua scripts can go a long way for many use-cases mentioned:
- ModSecurity for WAF: https://github.com/SpiderLabs/ModSecurity
- L7 Rate limiting: https://github.com/openresty/lua-resty-limit-traffic
- Cache: https://github.com/ledgetech/ledge . Or use varnish which gives you VCL for high configurability
- CDN: https://github.com/taythebot/lightpath . This project seems to be a WIP which you can use as a starting point for your needs. You will also need to find good enough "edge" locations for your CDN.
Similarly, HAProxy does a lot of stuff with the correct config and is also extensible using Lua:
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
ledge
An RFC compliant and ESI capable HTTP cache for Nginx / OpenResty, backed by Redis (by ledgetech)
Openresty with a few Nginx modules and Lua scripts can go a long way for many use-cases mentioned:
- ModSecurity for WAF: https://github.com/SpiderLabs/ModSecurity
- L7 Rate limiting: https://github.com/openresty/lua-resty-limit-traffic
- Cache: https://github.com/ledgetech/ledge . Or use varnish which gives you VCL for high configurability
- CDN: https://github.com/taythebot/lightpath . This project seems to be a WIP which you can use as a starting point for your needs. You will also need to find good enough "edge" locations for your CDN.
Similarly, HAProxy does a lot of stuff with the correct config and is also extensible using Lua:
-
Openresty with a few Nginx modules and Lua scripts can go a long way for many use-cases mentioned:
- ModSecurity for WAF: https://github.com/SpiderLabs/ModSecurity
- L7 Rate limiting: https://github.com/openresty/lua-resty-limit-traffic
- Cache: https://github.com/ledgetech/ledge . Or use varnish which gives you VCL for high configurability
- CDN: https://github.com/taythebot/lightpath . This project seems to be a WIP which you can use as a starting point for your needs. You will also need to find good enough "edge" locations for your CDN.
Similarly, HAProxy does a lot of stuff with the correct config and is also extensible using Lua:
-
- L7 DDoS protection: https://github.com/mora9715/haproxy_ddos_protector
You can run your own authoritative DNS server using either djbdns or nsd. Or use AWS Route 53.
Ultimately, it will involve (a lot of) glue code/config depending on what solution you go ahead with. Building your own DDOS protection and CDN can be operationally expensive as you may need to negotiate good rates with your ISP/VPS/Cloud for network bandwidth. It will also involve devops bandwidth in building for both low latency and availability. It will also involve keeping in sync with security fixes and the state of the art in terms of bot protection, etc. If this use case is not a core part of your business, it will be better to bite the bullet and go ahead with a 3rd party solution like Cloudflare / Cloudfront + WAF / Google Cloud Armor / Fastly
-
Even the Worker runtime is open-source now: https://github.com/cloudflare/workerd
-
It has some small latency but only when resources are spread across many different infos. If you can constrain your resources to a single DHT traversal, it's pretty quick. I run several services that stream from BitTorrent on demand, using https://github.com/anacrolix/torrent which are surprisingly quick to start. However it does choke up when you try to start many different resources at once, which multiplies horizontally the number of DHT traversals, and per-torrent related overhead to get started.
It is solvable, but any solution that spreads resources out across many different targets in the DHT is slow. Basically anything that was inspired by BitTorrent, but isn't BitTorrent itself does this, because they get overly excited by deduplication of data.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
