I have a question: why do we need two proxy servers? Could we do everything only with Traefik or only with Openresty?
The FSS also has local PostgreSQL 11 service turned off if we wanted to forgo using AWS RDS for the database, but we don't want to lose data if something goes wrong. For all intents and purposes we are designing the FSS so you could run everything on one server if you wanted
❤️ the local PostgreSQL is an awesome touch! I just had this idea: it could be a local read only replica of the AWS DB if the network is fast enough. Does that make sense?
Let's call that Forem in a Box.
I sense Hooli and Silicon Valley vibes here :D
Monitoring is not a thing outside of "uhhhhh I think forem.dev is down" being posted on our Slack.
The short answer is that Traefik doesn't have a mature caching solution. They just added caching supportsix days ago and it doesn't support cache purging.
We could make Nginx do TLS termination, http to https redirection and security headers easily but that means managing the Let's Encrypt certs with something like certbot. Traefik handles the Let's Encrypt cert lifecycle pretty well and it was pretty easy to configure.
A bigger picture answer is I want the FSS to be flexible with each component in the stack. If we were running N number of Forems in a SaaS like setup, it would be ideal to pull Traefik and Nginx (or HAProxy, Varnish or Envoy) off of the FSS and run them as their own cluster above each Forem deployment.
As for a read only PostgreSQL replica... I don't have the mental fortitude for that kind of yak shave just yet. ;)
I have a question: why do we need two proxy servers? Could we do everything only with Traefik or only with Openresty?
❤️ the local PostgreSQL is an awesome touch! I just had this idea: it could be a local read only replica of the AWS DB if the network is fast enough. Does that make sense?
I sense Hooli and Silicon Valley vibes here :D
I feel like I've been called out here :P
The short answer is that Traefik doesn't have a mature caching solution. They just added caching support six days ago and it doesn't support cache purging.
We could make Nginx do TLS termination, http to https redirection and security headers easily but that means managing the Let's Encrypt certs with something like certbot. Traefik handles the Let's Encrypt cert lifecycle pretty well and it was pretty easy to configure.
A bigger picture answer is I want the FSS to be flexible with each component in the stack. If we were running N number of Forems in a SaaS like setup, it would be ideal to pull Traefik and Nginx (or HAProxy, Varnish or Envoy) off of the FSS and run them as their own cluster above each Forem deployment.
As for a read only PostgreSQL replica... I don't have the mental fortitude for that kind of yak shave just yet. ;)
ahaha that's definitely for the future future. We can make PostgreSQL do magic things with foreign data wrappers