Show HN: Jonline, AGPLv3 Social Network Built with Rust, Flutter, React, gRPC (github.com)

55 points by pseudocomposer ↗ HN
I have two instances that I'd love to see HN hug to death at https://jonline.io (to which I manually deploy) and https://getj.online (which is deployed to for any commit to main on GitHub). They're both running (side by side, in their own namespaces) on a bare minimum 2GB/50GB DigitalOcean droplet using DOKS (DigitalOcean Kubernetes). The configurations are in: https://github.com/JonLatane/jonline/tree/main/deploys/k8s

So far this is a solo endeavor, but with my recent CI integrations and consolidations of things within the codebase, it's pretty much ready for anyone who wants to contribute to do so. I've labeled some "good first issues" if anyone is interested in contributing: https://github.com/JonLatane/jonline/issues

A few more tech details are available within the app itself, at https://jonline.io/about_jonline or https://getj.online/about_jonline.

Edit: Hug of death is in full effect! I think it's the CPU required for all the TLS stuff being done. I can't even `kubectl logs` to get more information.

I should really be limiting the resources of my containers, etc. as I'm obviously running way beyond what my rinky-dink single server is really meant for. If you're interested, let me know!

CPU/Load/Memory graphs in case y'all are curious (yes, I know I'm already using most of that poor server's memory!): https://imgur.com/7xGpvRI

28 comments

[ 3.2 ms ] story [ 67.7 ms ] thread
Neither link works:

    Secure Connection Failed
    
    An error occurred during a connection to jonline.io. PR_END_OF_FILE_ERROR
    
    Error code: PR_END_OF_FILE_ERROR
    
    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
The "Hacker News Hug of Death" is now 1 concurrent user at a time.

What a time to be alive :)

Yup, the SSL stuff, along with the actual DB, file, and other stuff, has brought that poor server to its knees :'(
Be careful what you wish for!

Dead for me

Apparently “dogshit easy to deploy to your K8s cluster” but not as easy to scale. XD
(comment deleted)
It's pretty easy to scale, but scaling nearly anything costs more money than I have to spend on a hobby project :) I'm paying about $25/mo out-of-pocket to run both those domains. It would probably have lasted a good bit longer with external Postgres and S3/MinIO services, more instances, and/or a beefier server behind them. But all those things cost money :) Bear in mind, this is basically the cheapest "run your own server" price point I could find.

Looks like the CPU load of all the TLS/HTTPS stuff is what's doing it in now.

>Looks like the CPU load of all the TLS/HTTPS stuff is what's doing it in now.

Your landing page should be serving static cached HTML from S3/Cloudflare (or Varnish, even). There's no reason your app server should be handling that load at all.

Excellent suggestion! I've typically done this in the past; however, targeting Kubernetes deployments, having a single point of ingress has been a major factor of keeping costs down. But no doubt, multi-ingress would speed things up. There's also a whole Media subsection of the app that uses an internal S3 instance, which would obviously be more efficiently served from its own ingress/egress.

If you have some ideas for how I could handle automatically rolling out updated HTML/JS to such a CDN from the K8s cluster, I'd definitely be interested. PRs/code would be best, but even just walking me through any good solutions you know would be immense :)

Take a look at Cloudflare: https://developers.cloudflare.com/cache/

It's completely agnostic to your setup. Just point your domain to their nameservers, define the routes you want cached, and that's it.

There's also an API where you can do your invalidations on deploy: https://developers.cloudflare.com/workers/learning/how-the-c...

Yes, I use Cloudflare for the website for https://beatscratch.io. However, I want to have a TLS-secured gRPC server also available on the same domain, which means using Cert-Manager, which is definitely easier if your DNS provider also does your Kubernetes service. I've been hopeful that I can keep all the things behind a single ingress and ideally served from a single Rust binary, but I'd love to see folks submit better solutions :)
>However, I want to have a TLS-secured gRPC server also available on the same domain

Now this is getting into opinion, but I don't believe gRPC was ever intended to talk to browsers. And with TLS termination in the mix, are you really even saving anything versus just translating to HTTP(S) and Gzipping for the clients?

A typical setup is Backend -> protobuff grpc -> GQL/Auth server -> HTTPS -> client

With the backend and GQL server in a VPC, so no need for TLS.

Yeah, I’m just eliminating the GQL server as it’s a bit redundant :)

I’d argue that for what I want to do (single ingress everything), gRPC’s various language-specific frameworks handle TLS better than most (obviously not all) HTTP frameworks. Most HTTP frameworks just expect you to put them unsecured behind a separate ingress to do the TLS.

For instance, as we can see with my own deploy here, Tonic (the Rust gRPC server) has handled TLS much better than Rocket (the Rust HTTP server).

(comment deleted)
(comment deleted)
clearly the right language for a social network is to start in RoR and then spend a decade porting to Scala
First thoughts.

Deployment should focus on non-cloud deployments as a first class citizen.

Cloud is 100x more expensive on bandwidth and it is much easier to make a non-cloud product work in the cloud then make a cloud product work outside of the cloud.

I'd suggest moving to k3s and testing deployments on raspberry pis or one of the x64 based SBCs.

Or maybe work on deployments to vpses.

Making it easy with cloud should still also be a primary goal, just avoid making it hard to reduce costs by moving to rented dedicated servers or rented vpses. Some communities will need the 99% reduction.

My hope is that, being easy to deploy to Kubernetes, it should be easy to deploy to your own server! Or at least, as easy as Kubernetes is to deploy. The backend dev instructions are also enough that it should be easy to set it up on your own hardware without Kubernetes. (You’d still need Docker to run MinIO though.) Of course, the challenge in either case is keeping up-to-date TLS certs, but you could always use Certbot!
I do get the value in all this decentralised social media stuff, but people have demonstrated time and again our ability to be disgusting.

How do these platforms handle communities that pop up that actively plan for say the eradication of certain religious groups?

How does the Apache web server plan for such communities? How does PhpBB, or PostgresQL?

The software is apolitical. Enabling speech always comes with enabling shitty speech, and that's a problem with humanity, not the tools enabling speech.

For comparison, how does tcp/ip/http handle that?

Anyone can set up a forum and host it. You are relying as always on points of centralisation, like domain names and hosting companies as a way to take down illegal content. If it is illegal enough, like CP, terror etc. police will cooperate internationally and infiltrate it. FBI has seized so many BTC it isn’t funny and it doesn’t get more decentralised than that.

So, as others are saying, the point of this being a protocol and app is that I’m not trying to assert control over that. If someone wants to use my platform to run a racist cesspool, I absolutely encourage legislatures to stop them, and search engines to delist them. But I don’t really see a way to prevent it on my end as the creator of an open platform. That said, I did implement visibility and moderation as core features, in the hopes that good administrators will shut down any cesspool activity on their site, and social and legal measures can take the job of further enforcement.
For op, love the product/platform you're working on. Like a lot of us here, I tinker too. I appreciate the joy and hard work that goes into it.

My question was more tangential/philosophical, and not something for you to fix of course.