luceos Based on the prognoses of our hosting infrastructure, we can now safely upgrade the entry level "Seedling" plan from 20 to 50 active users.

"Active users" is the number of members and guests active on your community in the past fifteen minutes.

Can you share more details how these limits are enforced? Is it some resources limit that is sufficient for 50 users but may slow down for 100-200 users, or you actually count these users somehow (how?)?

      rob006 we measure the volume via a Flarum customization and compare that against the overall traffic volume on the network tiering level. Bots, guests and member traffic is identified from within the Flarum layer.

      We do not enforce the "active users" limitation, we hold onto soft limitation. There are obviously some sensible resource limitations in place to protect our auto-scalable stack but these - under normal circumstances - do not affect the performance or availability of your community. Once you continuously or repeatedly reach our limits you will be informed through email and the dashboard. A single occurrence of over-usage on "active users", as such, won't bring your forum down.

      I will write some more about how our stack works and how we founded the company later on, feel free to follow along.

        As promised some technical insight into how things are done at Blomstra.

        Flarum

        First off, let's touch on the subject of what a Flarum community instance is and where it differs from the default installation.

        The skeleton

        When you run composer create-project flarum/flarum -s beta it effectively downloads the files from the flarum/flarum repository - also known as "the skeleton" and do a composer install directly afterwards.

        The skeleton offers flarum/core (our framework) as dependency, but also all bundled extensions like flarum/tags and flarum/approval.

        Everything now installed, aside from vendor can be modified to your liking. At Blomstra we have a fully customised skeleton, it includes many small tweaks in the form of local extenders. Local extenders behave like extensions but are activated from the root extend.php in your installation (or skeleton).

        Some of the changes we made are:

        • Overriding the session handler to use the database instead of a file based handler. Due to our horizontal scalability we need all web nodes to read from the same session storage.
        • Overriding the default Flarum file storage to use a cloud bucket. This impacts avatars, but also compiled assets like javascript and stylesheets to use one identical version.
        • Setting our default mail provider settings, without them showing up in the Flarum admin area. While still allowing users to set their own configuration.

        All these changes are so specific to our usecase it doesn't make sense to overcomplicate things by forcing us to use extensions.

        Docker

        In containerization you typically create an isolated snapshot (called image) in order to create multiple "mini virtual machines" (called containers). Doing so enables horizontal scalability - the ability to deal with in- and decreasing traffic to your application by adding and removing containers autonomously.

        Because we use kubernetes, we need to create a docker image of a fully functional Flarum installation. Kubernetes is awesome, because like Flarum it's open source, configurations can be (almost fully) carried over to any other (cloud) hosting provider and it's very mature. Our CI/CD - short for "continuous integration" and "continuous deployment" - takes care of generating the image for our kubernetes cluster(s). Once this image has been completed it will be pushed towards a registry; a registry shared inside our kubernetes cluster which then updates all our Flarum communities.

        Because we use images we initially start out with a fixed set of extensions. These are all triaged for use on our platform. We're already looking at options to allow customisations through local extenders and packages/extensions without interfering reducing the quality of our service.

          luceos Overriding the session handler to use the database instead of a file based handler. Due to our horizontal scalability we need all web nodes to read from the same session storage.
          Overriding the default Flarum file storage to use a cloud bucket. This impacts avatars, but also compiled assets like javascript and stylesheets to use one identical version.

          Any chance the code for these two things could be made public? 🙂 I think they could also fit well in a page in the Flarum docs about horizontal scalability, since by default Flarum is not ready for it... Thanks

              The "assets in s3" issue is on the milestone for stable. Not as sure about the session driver but if there isn't an issue for it, there should be.

                matteocontrini yeah sure; that is our intent.

                Blomstra not just wants to be the companion to the Flarum Foundation (similar to Aquia - Drupal) by contributing financially, but also by sharing our knowledge and experience openly. The above post is just one step into that direction 👍

                  5 days later

                  Time for a new update. The local extenders I mentioned before luceos can be added by enriching the skeleton (flarum/flarum) - the thing where your extend.php is located. To do so you can update your composer.json by adding a new key (on the same level as require) called autoload with the following entries:

                     "autoload": {
        "psr-4": {
            "App\\": "app/"
        }
    },

                  Run composer dumpautoload after changing the file to enact the change.

                  If autoload is the last entry before the ending }, make sure to remove the ,. Composer will complain if the json file is invalid. Usually this is the cause.

                  You are now able to store php classes in the app, next to public and storage.

                  One of the things we do this for is to enable a session driver that uses redis or the database. Flarum by default uses a file based session driver; when you want to allow visitors to hit all web nodes you need to share those sessions between the nodes. File based sessions are only stored on that node (unless you mount that directory on a shared disk, but that limits where you can host those web nodes).

                  In order to override that we can do the following:

                  app\Session\OverrideSessionHandler.php

                  <?php

namespace App\Session;

use Flarum\Extend\ExtenderInterface;
use Flarum\Extension\Extension;
use Illuminate\Contracts\Container\Container;
use Illuminate\Database\ConnectionInterface;
use Illuminate\Session\DatabaseSessionHandler;

class OverrideSessionHandler implements ExtenderInterface
{
    public function extend(Container $container, Extension $extension = null)
    {
        $container->extend('session.handler', function ($_, $container) {
            $config = $container->make('config');

            return new DatabaseSessionHandler(
                $container->make(ConnectionInterface::class),
                'sessions',
                $config['session.lifetime']
            );
        });
    }
}

                  And in extend.php:

                  return [
    // ...
    new App\Session\OverrideSessionHandler,
];

                  That's it 😉

                  Do let me know if you tried this out and what you think of it 👍

                  I totally forgot about one thing, you need the sessions table. So here goes part 2 😉

                  Create a directory called resources/migrations in your flarum directory. And store this file in it:

                  0000_00_00_000000_sessions_table.php

                  <?php

use Flarum\Database\Migration;
use Illuminate\Database\Schema\Blueprint;

return Migration::createTable(
    'sessions',
    function (Blueprint $table) {
            $table->string('id')->primary();
            $table->unsignedInteger('user_id')->nullable()->index();
            $table->string('ip_address', 45)->nullable();
            $table->text('user_agent')->nullable();
            $table->text('payload');
            $table->integer('last_activity')->index();

            $table->foreign('user_id')
                ->references('id')
                ->on('users')
                ->onDelete('cascade');
    }
);

                  This change to the database sadly isn't automatically picked up by Flarum, so we need a command to run the migration:

                  app/Console/MigrateCommand:

                  <?php

namespace App\Console;

use Flarum\Console\AbstractCommand;
use Flarum\Extension\ExtensionManager;
use Flarum\Foundation\Paths;
use Illuminate\Contracts\Container\Container;
use Illuminate\Filesystem\FilesystemAdapter;
use League\Flysystem\Adapter\Local;
use League\Flysystem\Filesystem;

class MigrateCommand extends AbstractCommand
{
    /**
     * @var Container
     */
    protected $container;

    /**
     * @param Container $container
     */
    public function __construct(Container $container)
    {
        $this->container = $container;

        parent::__construct();
    }

    /**
     * Fire the command.
     */
    protected function fire()
    {
        /** @var ExtensionManager $manager */
        $manager = $this->container->make(ExtensionManager::class);
        $migrator = $manager->getMigrator();
        $migrator->setOutput($this->output);

        /** @var Paths $paths */
        $paths = $this->container->make(Paths::class);

        $migrator->run($paths->base . '/resources/migrations');
    }
    
    protected function configure()
    {
        $this
            ->setName('local:migrate')
            ->setDescription('Run outstanding local migrations');
    }

    protected function localDisk()
    {
        $driver = new Local(app(Paths::class)->base);
        $filesystem = new Filesystem($driver);

        return new FilesystemAdapter($filesystem);
    }
}

                  Now register this command in your extend.php:

                  return [
    // ...
    (new Flarum\Extend\Console)->command(App\Console\MigrateCommand::class),
];

                  Now run php flarum local:migrate to create your sessions table 😉

                    8 days later

                    Oh look we brought back TTFB (time to first byte) to under 100ms 🥳

                    https://demo.blomstra.community/d/3982-sed-delectus-animi-dolore

                    This applies to guests and is implemented using a basic response caching mechanism. A cache warmer is added that re-uses the fof/sitemap code to pull in the latest pages of all content into the cache. We've also added the ability to cache assets directly when they are flushed. All of this to bring the best performance.

                      luceos 👍

                      About performance, are you sure about using Cloudflare? On my websites I'm in the process of switching away for 2 reasons:

                      • many of my users are reporting that performance is often bad. Cloudflare seems to be having serious problems with capacity lately, and to solve that they sometimes route users to POPs that are very far from the client. My users are reporting that from Italy they're often sent to the West Coast, sometimes Brazil, Japan or South Africa, with latency in the order fo seconds. Support says it's normal and that they do this even if you're a paying customer (and I am). This is not acceptable to me...
                      • L7 DDoS is a joke... Unless you pay for the more advanced bot protection it simply doesn't work. I've had my forum attacked and Cloudflare happily passed through tens of thousands of requests per second. Some of my friends reported the same thing. You can do something with CF firewall rules, but otherwise they won't protect you. Support says it's normal if the requests are not detected as an attack.

                      This is not my decision but I personally don't think that Cloudflare is a good choice when performance is a goal, there are much better CDNs out there, definitely not free but at least they work, they provider L3/L4 protection while most HTTP flood attacks can be handled through rate limiting.

                      Sorry for the wall of text and if this seems off topic, but I hope it helps 😃

                          matteocontrini Thank you for sharing your concerns and your experience with Cloudflare.

                          I personally cannot say that I have experienced a major problem with Cloudflare over the last few years, but I too have have seen slow speeds on occasion for specific kinds of content (almost always audio files). I'm also aware that they sometimes route traffic via less busy PoPs, and this can be seen quite often when icmp latency jumps from 50 ms to 120 ms, for instance. But then they also run an AnyCast network, so this change in latency can be expected, within reason.

                          But I have also had many a positive experience with Cloudflare on large websites with enterprise plans. On the lower tiers, they are pretty good as a CDN (I'm currently using Cloudflare for a site where they're serving cached traffic at about 19 TB a month for us without any slowdowns in speed - and there are users from over 120 countries) - most of the other services that would be useful are billed on a metered basis, which isn't particularly helpful, I must admit.

                          I have a very specific view on WAFs and DDoS protection (probably not the best place to share that view), and I don't think we would necessarily look at Cloudflare to mitigate issues of that nature. Most good WAF providers would only do this well with enterprise pricing (enterprise here mostly means excessive 😄 ). I'd be very interested in learning about some of the issues you have had (perhaps we can connect outside of this discussion thread) - in particular, how you were able to detect which PoPs they were routing your traffic through. I've had my fair share of other providers in both the CDN and WAF arena - Incapsula, Akamai, Sucuri, Key, CloudFront, Bunny, Beluga - to name a few of them, and they all have pros and cons.

                          But suffice to say Cloudflare is a choice we are making at this point in time and that doesn't mean we won't consider another provider in the future. We will be monitoring how Cloudflare works for us. Ultimately, whichever provider can help us provide the best experience is the one we would use.

                              meezaan in particular, how you were able to detect which PoPs they were routing your traffic through.

                              You can do this by adding /cdn-cgi/trace to the end of the domain. Cloudflare will list a bunch of information there. There is also a Chrome extension that does this automatically for you.

                                meezaan thanks for the reply, I get your position of course 🙂

                                What @tankerkiller125 said is what I meant. I'll only add the fact that when they route you to a distant POP it's often not visible through traceroutes. You still get routed (at the IP level) to a nearby datacenter but then the response is handled by another POP.

                                There's a high change you don't understand Italian but on my forum there have been a lot of reports in the past few days about weird routing decisions that affect performance: Argentina, Japan, Brazil, USA, etc.

                                We're probably going off topic, maybe some posts could be split in a new discussion if there's more to discuss 🙂

                                  Thank you @tankerkiller125 - this is good to know, but it only mentions the data center you would hit and that would theoretically almost always be the one AnyCast DNS routes you to (of course how that's Brazil I don't understand 😆 - it appears to be a someCast type model).

                                  @matteocontrini that's interesting - so the routing to Brazil was only temporary, but still, as you say, Brazil is a long way away from Italy! I can't imagine traceroute would ever be accurate with CloudFlare (it would defeat a major part of their service) but them showing Brazil is not great.

                                  I know that they route enterprise customers through different ISPs in certain parts of the world, but still, even the free or pro tier doing a world tour is quite unnecessary!

                                  Anyhow, we will keep an eye on it. Thank you for sharing the details.

                                    meezaan (of course how that's Brazil I don't understand 😆 - it appears to be a someCast type model).

                                    Imperva has a decent quickstart guide on AnyCast, essentially the goal is whichever server responds the fastest and with the least hops. It is of course much more complex then this (SysAdmin/Network+ Certified person here) but the quick overview explains it well enough. https://www.imperva.com/blog/how-anycast-works/

                                    @matteocontrini As for why Brazil would be selected, most likely there is a routing issue going on within the Italian ISPs networks or Cloudflare itself has a routing issue going on. It of course never hurts to reach out to Cloudflare support to see if it's something on their end. If it's not on their end then most likely it's something wrong with the ISPs themselves.

                                        tankerkiller125 It of course never hurts to reach out to Cloudflare support to see if it's something on their end

                                        Well, it hurts, unfortunately 😂 they kept denying the issue because they tested with webpagetest.org and they saw no issues (I'm serious), then they finally escalated the ticket and the final response was:

                                        Similar to what I said, our Engineering Team replied "We do not guarantee specific locations where requests will be served from.
                                        We reserve the right to re-route traffic if needed. At this time the requests from this ASN for this zone are going to the datacenter at Milan. " Please check again, thanks.

                                        FYI: When re-routing traffic is needed, we will do it upon Free and Pro customers first.

                                        This is happening with most ISPs in my country and they reach Cloudflare via different routes (public peerings, private peerings, transits), so it seems that Cloudflare simply works like that. I don't really see how they could do this on purpose though, it doesn't make any sense... it's clear however that enterprise customers are not affected by this behaviour.

                                          Thank you @matteocontrini @tankerkiller125.

                                          This was going to be my next question, around Vodafone being part of the problem, but I didn't want to take the Blomstra thread further off track (I've attempted to build a DNS service myself once to compare geoDNS and AnyCast DNS so I have some basic idea about how this works).

                                          But to go back to the original concern from @matteocontrini, let me clarify Blomstra's use of Cloudflare (or any other provider for that matter).

                                          We primarily use it only as a CDN to host static assets - so avatars, etc. which go on an S3 bucket would sit behind a CDN.

                                          If a customer chooses to use a vanity name on one of our domains for their community, like blomstra.community (so, for example - somename.blomstra.community), we would route that via Cloudflare by default, but can turn it off should the customer be averse to using Cloudflare.

                                          If a customer chooses to use an external hostname of their choice, like www.somecommunity.org, they will simply be pointing that domain at our load balancer(s).

                                          So Cloudflare is not necessarily part of the architecture, and WAF like capability is not something we are adding to the mix for the time being.