Re: Technical committee acting in gross violation of the Debian constitution
Hi,
Marco d'Itri:
> On Dec 04, Matthias Urlichs <matthias@urlichs.de> wrote:
>
> > If you can run a CGI inside a chroot/container/whatever, you can run a
> > small web server on a local port / Unix socket, and reverse-proxy it,
> > just as easily.
> While using many more times the resources.
Which "many more" are you talking about? Setting up a chroot and starting
an external program has the same cost. Thus, a CGI script is more expensive
than a FastCGI process or a small web app (Python Flask or whatever) as
soon as the second request for a resource it serves arrives.
> You obviously have no idea of the challenges of providing secure web
> hosting for non-trivial quantities of web sites.
You obviously assume that the users' app servers need to actually
run before they're able to serve requests.
This assumption is incorrect.
I start the app server and its container via socket activation. (In most
cases, unfortunately, this is a simple php5-fpm server.) I then stop it
after a few seconds of inactivity (or with an LRU list, based on how much
server memory is left). Problem solved.
… at least in principle; socket activation still isn't exactly common,
so this solution still requires a couple of hacks to work, and I really
should submit some patches. :-/ But it works.
--
-- Matthias Urlichs
Reply to: