Closed Bug 631370 Opened 15 years ago Closed 14 years ago

set up SSL CDN for developer.mozilla.org

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
All
Other
Type:
task
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: groovecoder, Assigned: nmaul)

References

Details

(Whiteboard: [pending review])

developer-cdn.mozilla.org/media should mirror developer.mozilla.org/media
Assignee: server-ops → jeremy.orem+bugs
The CDN doesn't support SSL. Is that okay?
(In reply to comment #1) > The CDN doesn't support SSL. Is that okay? That should be fine; https traffic is low so it can still hit the main server. I'll figure out how to adjust the media url's between http and https.
Just had a thought on this - how should staging sites use this? Can the CDN first mirror developer.mozilla.org/media and then try developer-stage9.mozilla.org/media so we can see the CDN in-use with staging media?
Blocks: 623472
Summary: setup CDN for developer.mozilla.org → set up CDN for developer.mozilla.org
You won't be able to use the same CDN url for both stage and prod. If you want to test out another domain in staging we typically set up a production domain on the CDN and a fake CDN domain for staging on our staging servers.
We'll wait on the CDN for now. We're going to have static.*.mozilla.net for static files that should help our performance enough for now.
Severity: normal → minor
I saw Shyam working on this. Shyam feel free to assign back if you were working on something else.
Assignee: jeremy.orem+bugs → shyam
Jeremy, I wasn't doing this for prod, but I could grab it, I guess. What's needed?
(In reply to comment #7) > Jeremy, > > I wasn't doing this for prod, but I could grab it, I guess. > > What's needed? We'll skip the CDN for prod for now if we have the static host. CDN would be nice but isn't mandatory.
Luke, this has been on the backburner for a while. Do you still need this? Can you ping me on IRC with what you need? I was just going to add STATIC_URL = "http://developer.mozilla.org/" to settings_local.py. will that suffice?
There are a couple issues, IIRC. 1. Our CDN doesn't support HTTPS, and MDN is served exclusively over HTTPS. 2. We want to use developer.mozilla.net as the MEDIA_URL so it will be cookie-free domain.
(In reply to comment #10) > There are a couple issues, IIRC. > > 1. Our CDN doesn't support HTTPS, and MDN is served exclusively over HTTPS. Okay. And if you'd like to use developer.mozilla.net, we'd probably have to get an SSL cert for that + setup a new VIP on Zeus. > 2. We want to use developer.mozilla.net as the MEDIA_URL so it will be > cookie-free domain. Sure. We could just setup a VIP on Zeus, https only, with this new cert and have it just point to devmo and have it serve static files. Will that suffice?
AFAIK, we set up static.developer.mozilla.net, register that with our CDN so it will reverse proxy, and then change our MEDIA_URL to static.developer.mozilla.net. However you all want to "set up static.developer.mozilla.net" is fine with me ;)
Over to jake, thanks!
Summary: set up CDN for developer.mozilla.org → set up SSL CDN for developer.mozilla.org
(In reply to comment #13) > Over to jake, thanks! Bah, fail. I never re-assigned this :| Doing so now. Thanks, Jake!
Assignee: shyam → nmaul
We actually do have an SSL CDN option now, but it is more expensive and has a longer setup time (a couple weeks, due to SSL certificate shenanigans). You would want to get this approved (via mrz) first. A non-SSL CDN is less complicated and cheaper... generally I can have this up and ready to use in a couple days (at least with Edgecast). Either way, it would look basically like this: developer.mozilla.org - main site (obviously) static.developer.mozilla.net - Apache host we control- might just be an alias for the main site, or can be a separate/unrelated thing. Doesn't matter which... it's generally easier to just add it as a CNAME in DNS, plus a ServerAlias in Apache, but it might be more flexible for some things if it's totally separate. I would start with an alias and work from there. This is the name that the CDN will use as it's "origin" (aka: where the cdn pulls content from). static-cdn.developer.mozilla.net - this is the actual CDN property, and is what you'd set up in STATIC_URL or MEDIA_URL or what-have-you. Requests here go to the CDN, and the CDN either serves them from cache, or pulls content from static.developer.mozilla.net, caches it, and serves that. It's also possible to just use the main site (developer.mozilla.org) as the CDN origin- however, it a bit more complicated to split it off later if you decide it needs to be separate. Also, it's sometimes nice to be able to set up special mod_rewrite rules or other handling for CDN traffic- if the CDN uses a specific site for the origin that is otherwise not used, this is easier.
Status: NEW → ASSIGNED
Pretty significant costs for SSL CDN. What do we hope to gain?
This isn't a priority right now so we shouldn't worry too much more about it. This bug was spawned from a generic "Improve performance" bug. If/when the MDN Demo Studio picks up we might benefit from an SSL CDN. For now we can do with what we have; maybe add a regular CDN only.
The concern with a non-SSL CDN is just that it'll annoy users on some browsers, due to mixed secure/non-secure content- you get broken locks, warnings, etc. Generally it's considered better to go all the way one way or the other. Having said that, are you sure you still want to try a non-SSL CDN?
we can use a protocol-relative MEDIA_URL to avoid the mixed content stuff. I'll bring it up at this week's MDN meeting. we want to promote the demo studio more so this might be more important as more and bigger demo media are served from the site.
Whiteboard: [pending review]
Did anything come of last week's MDN meeting?
(In reply to comment #20) > Did anything come of last week's MDN meeting? no, I'll bring it up today.
Any update here?
whew. still nothing new. I'm adding it to our wiki page RIGHT NOW!
we'll review performance numbers for the next couple weeks before we decide to set up a CDN
Any progress on this?
Thanks for checking, but still nothing new. When we host demo files from mozillademos.org we will want to set up CDN for that domain. AFAIK we have no performance problems serving the demos from our network, but IT can probably check on that better than we can. How is the load on the developer.mozilla.org servers? Can you tell if the demo requests to developer.mozilla.org/media/uploads/demos/* are taxing the servers too much?
There aren't any load problems on the prod dekiwiki cluster that I can see. Network usage is less than 1mbps on each of the 3 servers, CPU load is under 2 (and they all have 4+ cores), and none are in swap. No significant I/O wait problems. Are we expecting load from the demos to increase dramatically at some point?
not expecting it. if we get to the point that our demo's are just THAT popular, it will be a Good Problem To Have™ :)
If or when we're ready for CDN on mozillademos.org, we can tackle that in a separate bug. It sounds like we're probably not going to go all-out on an SSL CDN for developer.mozilla.org, at least for a while. As a last resort before WONTFIX'ing this bug, here's one more idea: We can set things up to use the default Edgecast CDN name, instead of something in the mozilla.(org|com) family. We do this for AMO's stage site: https://addons.allizom.org/en-US/firefox/ references static content at: https://gs1.adn.edgecastcdn.net/801237/addons-cdn.allizom.org Then we just set that in settings_local.py as the value to STATIC_URL. We could do something like this for MDN if you're codebase is set up to behave like this. There's no good way to use this style of setup for the whole site, though, so it's only really useful for static content unless we pay the extra to go all the way and do 'developer-cdn.mozilla.org' or something. I think the only cost is the bandwidth used on it... no cert or initial setup costs. mrz, is this any more feasible, financially? I don't know how the SSL CDN costs break down.
Going to WONTFIX this for now. Please re-open if/when we're ready to try the idea in comment 29, or if a full CDN setup becomes more feasible. Thanks!
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.