Blomstra, development services & scalable managed Flarum

meezaan

matteocontrini Thank you for sharing your concerns and your experience with Cloudflare.

I personally cannot say that I have experienced a major problem with Cloudflare over the last few years, but I too have have seen slow speeds on occasion for specific kinds of content (almost always audio files). I'm also aware that they sometimes route traffic via less busy PoPs, and this can be seen quite often when icmp latency jumps from 50 ms to 120 ms, for instance. But then they also run an AnyCast network, so this change in latency can be expected, within reason.

But I have also had many a positive experience with Cloudflare on large websites with enterprise plans. On the lower tiers, they are pretty good as a CDN (I'm currently using Cloudflare for a site where they're serving cached traffic at about 19 TB a month for us without any slowdowns in speed - and there are users from over 120 countries) - most of the other services that would be useful are billed on a metered basis, which isn't particularly helpful, I must admit.

I have a very specific view on WAFs and DDoS protection (probably not the best place to share that view), and I don't think we would necessarily look at Cloudflare to mitigate issues of that nature. Most good WAF providers would only do this well with enterprise pricing (enterprise here mostly means excessive 😄 ). I'd be very interested in learning about some of the issues you have had (perhaps we can connect outside of this discussion thread) - in particular, how you were able to detect which PoPs they were routing your traffic through. I've had my fair share of other providers in both the CDN and WAF arena - Incapsula, Akamai, Sucuri, Key, CloudFront, Bunny, Beluga - to name a few of them, and they all have pros and cons.

But suffice to say Cloudflare is a choice we are making at this point in time and that doesn't mean we won't consider another provider in the future. We will be monitoring how Cloudflare works for us. Ultimately, whichever provider can help us provide the best experience is the one we would use.

tankerkiller125

meezaan in particular, how you were able to detect which PoPs they were routing your traffic through.

You can do this by adding /cdn-cgi/trace to the end of the domain. Cloudflare will list a bunch of information there. There is also a Chrome extension that does this automatically for you.

matteocontrini

meezaan thanks for the reply, I get your position of course 🙂

What @tankerkiller125 said is what I meant. I'll only add the fact that when they route you to a distant POP it's often not visible through traceroutes. You still get routed (at the IP level) to a nearby datacenter but then the response is handled by another POP.

There's a high change you don't understand Italian but on my forum there have been a lot of reports in the past few days about weird routing decisions that affect performance: Argentina, Japan, Brazil, USA, etc.

We're probably going off topic, maybe some posts could be split in a new discussion if there's more to discuss 🙂

[deleted]

meezaan great response 👍

meezaan

Thank you @tankerkiller125 - this is good to know, but it only mentions the data center you would hit and that would theoretically almost always be the one AnyCast DNS routes you to (of course how that's Brazil I don't understand 😆 - it appears to be a someCast type model).

@matteocontrini that's interesting - so the routing to Brazil was only temporary, but still, as you say, Brazil is a long way away from Italy! I can't imagine traceroute would ever be accurate with CloudFlare (it would defeat a major part of their service) but them showing Brazil is not great.

I know that they route enterprise customers through different ISPs in certain parts of the world, but still, even the free or pro tier doing a world tour is quite unnecessary!

Anyhow, we will keep an eye on it. Thank you for sharing the details.

tankerkiller125

meezaan (of course how that's Brazil I don't understand 😆 - it appears to be a someCast type model).

Imperva has a decent quickstart guide on AnyCast, essentially the goal is whichever server responds the fastest and with the least hops. It is of course much more complex then this (SysAdmin/Network+ Certified person here) but the quick overview explains it well enough. https://www.imperva.com/blog/how-anycast-works/

@matteocontrini As for why Brazil would be selected, most likely there is a routing issue going on within the Italian ISPs networks or Cloudflare itself has a routing issue going on. It of course never hurts to reach out to Cloudflare support to see if it's something on their end. If it's not on their end then most likely it's something wrong with the ISPs themselves.

matteocontrini

tankerkiller125 It of course never hurts to reach out to Cloudflare support to see if it's something on their end

Well, it hurts, unfortunately 😂 they kept denying the issue because they tested with webpagetest.org and they saw no issues (I'm serious), then they finally escalated the ticket and the final response was:

Similar to what I said, our Engineering Team replied "We do not guarantee specific locations where requests will be served from.
We reserve the right to re-route traffic if needed. At this time the requests from this ASN for this zone are going to the datacenter at Milan. " Please check again, thanks.

FYI: When re-routing traffic is needed, we will do it upon Free and Pro customers first.

This is happening with most ISPs in my country and they reach Cloudflare via different routes (public peerings, private peerings, transits), so it seems that Cloudflare simply works like that. I don't really see how they could do this on purpose though, it doesn't make any sense... it's clear however that enterprise customers are not affected by this behaviour.

meezaan

Thank you @matteocontrini @tankerkiller125.

This was going to be my next question, around Vodafone being part of the problem, but I didn't want to take the Blomstra thread further off track (I've attempted to build a DNS service myself once to compare geoDNS and AnyCast DNS so I have some basic idea about how this works).

But to go back to the original concern from @matteocontrini, let me clarify Blomstra's use of Cloudflare (or any other provider for that matter).

We primarily use it only as a CDN to host static assets - so avatars, etc. which go on an S3 bucket would sit behind a CDN.

If a customer chooses to use a vanity name on one of our domains for their community, like blomstra.community (so, for example - somename.blomstra.community), we would route that via Cloudflare by default, but can turn it off should the customer be averse to using Cloudflare.

If a customer chooses to use an external hostname of their choice, like www.somecommunity.org, they will simply be pointing that domain at our load balancer(s).

So Cloudflare is not necessarily part of the architecture, and WAF like capability is not something we are adding to the mix for the time being.

luceos

We're making great progress! A couple of things we did:

Write a websocket extension (blomstra/realtime) that works perfectly on our scalable environment. In addition to the default pusher functionality, it also allows you to enable a typing indicator (number of people currently replying to a discussion) and enables websockets for members and guests alike. We are currently not considering open sourcing this extension as it is extremely attuned to our hosting stack.
Write an extension that allows our community administrators easy access to extension readme's from within the admin area (blomstra/readme). This extension is a candidate to be open sourced later on this year.
Go over the whole process of deploying a new community. As we rely heavily on Continuous Integration and Deployment, we need to ensure all steps are as faultless as we can make it.
Enable scheduled tasks (cronjobs) and introduced queue workers dedicated to each community.
Fix an issue with the database session storage.
Added more payments methods in addition to card payments. SEPA and Bacs direct debit are now also supported.
Fix an issue with storing compiled css for night mode.
Link "Get Help" in admin area to our helpdesk and display our current build number for easier debugging.
And much, much more..

As you can see, we're really making sure to enter our early access stage by offering well tested and feature rich communities. Our current schedule is to start deploying our own test communities the next one or two weeks. After that we're hoping to start on-boarding our first early access customers!

luceos

Almost a week gone by and 🤯 lots happened!

I mistakenly charged our own bank account for 10.000 euro 🙈 Were flagged for breaching the Stripe terms (can't charge yourself), reached the SEPA limit and had the scare of a lifetime. Everything is back to normal again though. All of this was instigated by wanting to test deploying communities without being charged ourselves, so I applied a balance in the Stripe dashboard. Who would have thought the customer is then charged for that balance 🙉
According to plan we deployed our first couple of testing communities. Discovered several bugs in both the website and the community that were easily solved.
Refactored the whole website by adding better navigation. To allow for more pages like terms of use and privacy information. There now is a story page as well as a dedicated pricing and extension page.
Added the first batch of languages for our communities to use.
Started capturing Stripe webhooks on our website and dealing with them properly.
Improved our logic to temporarily persist the admin password of a new community and invalidating them from our system after 24 hours. This allows you or a team member to retrieve the admin password after a community has been created.
And many more things that the others took care of 😎

We now provide 86 extensions to managed Flarum communities through our platform 🚀 We will vouch for their maintenance by assisting their maintainers; either by contributing to their source, through financial means or by forking and republishing.

luceos

Wow, those couple of days flew by! We hit some roadblocks but resolved them quite fast. As we're all building this next to other obligations sometimes progress isn't that fast. Nevertheless we just deployed a new community in under 10 minutes 🥳 This includes setting up DNS, CDN, actually deploying Flarum, a websocket server, queue worker and a cronjob/scheduled task worker.

We're extremely close to onboarding our first customers 👏

luceos

Wow 12 days flew by! But hey, we are currently on-boarding our first real active community 🥳

luceos

A couple of updates:

We have set up the Dutch Verified Community under Blomstra (https://flarum.nl); something that @JasperVriends and I will be running. A great way to test our stack, stability and performance.
In the meantime we started onboarding our first paying customer 🥳. The migration of the website is planned for next week. During our preparations we discovered additional issues we quickly patched. Everything is now readied up!

Make sure to create an account on https://blomstra.net to join the Seedling list. Once we go live we'll send out a nice discount promotion code.

luceos

luceos In the meantime we started onboarding our first paying customer 🥳. The migration of the website is planned for next week. During our preparations we discovered additional issues we quickly patched. Everything is now readied up!

Although we met with a couple of issues, we quickly resolved them:

the response cache acted up with the csrf tokens; this prevented people from signing up and logging in
the custom websocket extension did not update things at all, the typing indicator worked.

Aside from a couple of minor things the customer is now up and running completely on our infrastructure. We will be adding that website as our first showcase soon. In the coming period we continue improving everything while we onboard the next, early access customers.

luceos

We've received feedback from our first customer (mentioned luceos), @Fantomen of https://hockeybulletin.se wrote:

Incredibly hands on staff ready to spend hours helping out even though my community is comparably small.

In the future the absolute best hassle free solution for hosting a somewhat busy community.

Finally, the on boarding process was incredibly smooth with virtually no down time at all for my community; perhaps the most important aspect when changing the home for your community.

This recommendation will soon find its way onto our website. We are very close on sending out the lifetime discounts to the waiting list users, I'm stoked to hear what everyone else thinks once we are fully open for business!

Omnivorous

€1k per month for a forum with 1k members? 😱 God dang, is Flarum actually that resource intensive?

luceos

Omnivorous it's not 1k users, it's actually 1k concurrent users. That's guests and members (excluding bots) currently visiting your community 😉

We do not limit the number of posts, discussions, uses or whatever. We base pricing on how actively your community is being visited 😃

PS the only reason you see that plan is because we are onboarding a potential customer who needs this 🥳

luceos

A quick update while we're doing our best to onboard our second customer.

Added an option for communities to be boosted to twice their regular allowance temporarily. This allows our stack to be warmed up ahead of an expected increase of visitors to your community.
Fixed a ton of issues with our own websocket replacement.
Added a couple of new extensions (currently serving 91 extensions) that clients needed.
Make users on blomstra.net accept our policies.
Fixed a bug with auto-adding the trial on the first plan for plans that allow it (lowest only right now).
Started reading the stats from communities so that we identify issues and understand actual, real-time use.
Improved our logging and error reporting facilities, we can now see most (if not all) issues almost instantaneously.
Fix several times the issue with an Incomplete PHP class. I now completely understand the issue at hand and will PR a fix upstream to core soon ™️ , but also implement an even better solution in our stack by making our Blomstra skeleton more immutable.

A ton of other stuff was taken care of and my findings that improve Flarum in terms of scalability have been summarised in an actionable way.

Coming Thursday we'll see an increase of attention to the community of our first client. When this goes well and he's happy we'll start building a use case around that website for everyone to read up on.

I'm literally stoked about the amazing progress we've booked in building a stable and scalable solution for Flarum communities. Our knowledge of the software and our experience in hosting has helped achieve a very satisfying result and we've just started 😱 Now we will continuously identify how to further stabilize the stack, but also increase performance and the success ratios of our client communities.

luceos

One week flew by because things are moving so fast!

Let's summarize again:

Onboarding the second customer with 1k concurrent users (throughout the day) has proven to be a bit more challenging than anticipated due to some particularities with their database, but our expert team is gradually making process.
We had our first real, hard crash. Due to Linode deciding to upgrade our kubernetes control plane some services became unresponsive and my attempt to fix it threw the whole cluster out of its tranquil state for hours. Some tough lessons were learned, our first post mortem a fact.
We decided on a way to integrate third party premium extensions (blomstra premium extensions are always free for our customers). We will ask for an Extiverse API token whenever an admin wants to enable a premium extension and then check for an active subscription. This means that Blomstra will soon allow all premium extensions on its platform 🥳
Discovered a bug with us writing js files to our CDN; these files are written forum-<hash>.js, however we prefer to use forum.js?v=<hash> so that no other nodes are affected when one node recompiles the javascript. The cause was identified being fof/nightmode overriding the core Assets class.

Once the second customer is onboarded we plan to send out the promotion codes with lifetime discounts to the people on our waiting list and close that list. We will then allow these people to create their communities as a closed beta. Make sure to sign up now if you have an interest!

luceos

Blomstra now supports the ability to enable more than just our own premium extensions. In order to achieve this:

a simple first version of an extiverse php client was created to talk to the extiverse api: https://github.com/extiverse/php-client
our managed communities were modified to enrich the extensions information by using the extiverse client
the admin extensions pages for premium extensions were modified to provide additional information

More information can be read on the Blomstra Greenhouse: https://blomstra.community/d/29-using-premium-extensions.

« Previous Page Next Page »