While nginx is (and is likely to remain) a popular reverse
proxy, it is a commercial open core project nowadays which I
haven't used in production in over a decade (since I used a Ruby
reverse proxy, instead). Furthermore, nginx|haproxy|etc. is
another dependency sysadmins need to configure and maintain in
addition to our daemons (and varnish).
Since our Perl code already needs to deal with IMAP scraper
bots, it might as well deal with HTTP(S) ones as well :P
Notable advantages of PublicInbox::PsgiRproxy over nginx for
HTTPS termination include:
* Response buffering is lazy by default. That is, whereas (last
I checked) nginx either (a) buffers a response body in full
before sending it or (b) doesn't buffer at all. (a) is safe
for reducing backend contention but increases latency, whereas
(b) allows slow clients to bottleneck fast backends.
PublicInbox::PsgiRproxy defaults to writing to the client
immediately (unbuffered), but starts buffering when a client
can't keep up with the backend.
* Perl configuration allows easier development of custom modules
("Plack middleware" in our case) for inspection of requests in
Perl. It gives the PSGI env a way to detect reused connections
and the $env->{'psgix.io'} handle can be used for TCP/TLS
fingerprinting of suspected bots.
* Trailers following chunked requests are supported (but mapped to
headers for the backend). Response trailers are not yet
supported since browsers (even bloated "modern" ones) can't
seem to handle them.
This PSGI reverse proxy has been fronting https://public-inbox.org
and the https://yhbt.net/lore/ mirror for over a month, now.
projects / thirdparty / public-inbox.git / commit
