Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Performance degredation after switching from nginx containers in k8s to s3+cloudfront #391

Closed
jgmize opened this issue Aug 6, 2017 · 6 comments
Closed

Performance degredation after switching from nginx containers in k8s to s3+cloudfront #391

jgmize opened this issue Aug 6, 2017 · 6 comments
Assignees
@jgmize

Comments

@jgmize
Copy link
Contributor

jgmize commented Aug 6, 2017

mdn/viewsourceconf#198
@jgmize jgmize changed the title mdn/viewsouceconf#198 Performance degredation after switching from nginx containers in k8s to s3+cloudfront Performance degredation after switching from nginx containers in k8s to s3+cloudfront Aug 6, 2017
@bookshelfdave
Copy link
Contributor

Setting custom response headers is tricky with Cloudfront and S3, a Lambda@Edge function is needed.

I created the following viewer-response trigger on the stage.viewsourceconf.org Cloudfront distribution:

'use strict';
exports.handler = (event, context, callback) => {
    const response = event.Records[0].cf.response;
    const headers = response.headers;
    headers["Strict-Transport-Security"] = [{'key': 'Strict-Transport-Security', 'value':'max-age=31536000'}];
    headers['Content-Security-Policy']   = [{'key': 'Content-Security-Policy',   'value': "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; form-action 'self' https://www.mozilla.org; connect-src 'self' https://www.mozilla.org https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://air.mozilla.org https://www.google.com/maps/; child-src 'self' https://air.mozilla.org https://www.google.com/maps/"}];
    headers['X-Content-Type-Options']    = [{'key': 'X-Content-Type-Options',    'value': "nosniff"}];
    headers['X-Frame-Options']           = [{'key': 'X-Frame-Options',           'value': "DENY"}];
    headers['X-XSS-Protection']          = [{'key': 'X-XSS-Protection',          'value': "1; mode=block"}];
    callback(null, response);
};

@jgmize
Copy link
Contributor Author

jgmize commented Aug 7, 2017

it would be interesting to compare the s3+cloudfront+lambda@edge implementation vs the equivalent google storage+functions+CDN at some point: https://firebase.google.com/docs/hosting/functions

@jgmize
Copy link
Contributor Author

jgmize commented Aug 7, 2017

It would also be interesting if the assumption of performance & operational benefits relative to our previous nginx+k8s set up turned out to be invalid.

@bookshelfdave
Copy link
Contributor

  • S3/Cloudfront is simple and efficient for serving static content distributed through a CDN, however it's somewhat inflexible as we can't set custom HTTP headers without using something like the this lambda function.
  • While hosting on nginx+K8s is more flexible, we still have to deploy in multiple regions for our traditional latency-based Route53 traffic policies to be effective. Do we front these static sites with Cloudfront as well?

@bookshelfdave
Copy link
Contributor

I'd say we should consider these trade offs when deploying a new site:

  • for quick-hit deployments, S3+Cloudfront is quick to setup and deploy, but inflexible.
  • for longer-term deployments, nginx+K8s offers greater flexibility, but perhaps requires more work up front.

@bookshelfdave bookshelfdave removed their assignment Aug 8, 2017
@jgmize jgmize self-assigned this Aug 10, 2017
@bookshelfdave bookshelfdave mentioned this issue Aug 11, 2017
Closed
This was referenced Aug 17, 2017
Closed
Closed
@jgmize
Copy link
Contributor Author

jgmize commented Aug 17, 2017

tracking switch back to nginx in mdn/viewsourceconf#211

@jgmize jgmize closed this as completed Aug 17, 2017
This was referenced Nov 13, 2017
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgmize jgmize

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bookshelfdave @jgmize