Beta 6: Server distribution

JoshAtticus · October 31, 2022, 2:52am

What is it?

Server distribution is where traffic to a website is distributed to multiple servers. This would allow traffic to be spread across multiple servers instead of directing it all to one server, and allows people to continue using Meower even when the main server goes down.

Message from earlier

“I would simply have a distribution system, like I suggested, where it attempts to connect to the closest server, but if that is down, or has more than ~70-80% load, it connects to the next closest and so on.”

Questions likely to be asked

Q: We need to make sure they share the same userbase and stuff though
A: It could simply have the sever the person is connected to stores the data, and then that is sent securely over HTTPS to other servers.

Q: Imagine this, you have an online friend you met when the main server was down on one server.
now you can no longer talk to him because you can’t access that server server
A: But that data is sent to the other servers. Unlike a bank, the internet allows you to send data in a matter of seconds.

Q: But can’t someone hijack that information?
A: Using HTTPS with websockets isn’t less secure, it’s used to send the data to the clients.

Q: What if someone sends fake data over to other servers?
A: It’s done by the servers, not the clients, a server would need to be compromised, and even still, there will not be a command to request data, the servers would send it, so the most they could do is create random user accounts, and possibly delete some.

Q: Yeah but you can impersonate a server and send fake data to a server.
A: Have you ever heard of PGP keys before? Or just only allowing requests from a server’s IP address. You cannot spoof an IP to websites either, unless the client is sending the IP, which will not happen in Beta 6. source

What needs to happen?

Well obviously, we’d need people to host more servers. I’m happy to host a server, meaning there would still be an alternate server, b̶u̶t̶ ̶y̶o̶u̶ ̶c̶a̶n̶ ̶a̶p̶p̶l̶y̶ ̶t̶o̶ ̶h̶o̶s̶t̶ ̶a̶ ̶s̶e̶r̶v̶e̶r̶ ̶h̶e̶r̶e̶.̶ As @tnix said, only approved people will be able to host a server.
We will also need this to be implemented into the Meower server, which could be done with Cloudflare load balancing.

Who needs to be involved?

A few people actaully
@MikeDEV
@Tnix
@zed
@Voxalice
And I would list everyone else on the RFC team, but it would take a lot of space!

Do you support this idea?

Please vote with the poll below instead of leaving a reply! You can also let me know your other ideas for this with a reply.

Yes
No

0 voters

JoshAtticus · October 31, 2022, 2:53am

That took a long time to write

AXEstudios · October 31, 2022, 2:59am

If this was a scratch suggestion the ST would probably be impressed

Tnix · October 31, 2022, 3:51am

This is already gonna happen. Beta 6 (0.6.0) is gonna have horizontal scaling in-mind.

What exactly is gonna happen?

We will have a VPN server that connects all the servers together, this will be hosted on a cloud provider for better reliability, and will use asymmetrical authentication and access control to secure this.
We will take authentication data out of the main server and put it in an authentication server, this makes sure we’re not sending any very sensitive data around other servers. The authentication server will basically just contain authentication data such as your hashed password, email, TOTP authenticators, WebAuthn authenticators, etc. When authenticating you’ll be provided with 2 tokens, one for the authentication server, and one for the main servers. The main server token will be added into the MongoDB database. All tokens will be hashed with SHA256 (peppered, salts won’t work) as well, to stop anyone being able to get the token by just seeing the database. The authentication server will also be hosted on a cloud provider.
We will setup a few replicated clusters, that will replicate MongoDB and Redis from Mike’s server (Mike’s server will be the master node). This means every server will have a full copy of the database and in-memory cache, also will receive pub/sub messages from Redis for live events.

How will the REST API work?
The REST API will just be load balanced using Cloudflare’s built in load balancer, it just needs to handle things on a per request basis, so not much more to say there.

How will Cloudlink work?
Cloudlink will be load balanced with Cloudflare’s load balancer just like the REST API, but is a bit more involved. User online statuses will be stored in the replicated Redis cluster, and messages that the API needs to send out to clients will be sent over Redis pub/sub to all of the Cloudlink servers, so then the Cloudlink servers can push the message onto their clients.

Who will be allowed to host a server?
Only the most trusted people can host a server. This includes top people in council and some others like Semisol, Semisol has helped a lot with Meower beta 6 (0.6.0) scaling.

JoshAtticus · October 31, 2022, 4:18am

Will I be able to host a server? I was looking forward to hosting one, and I remember someone saying I would be able to.

Tnix · October 31, 2022, 4:27am

Probably not, and the reason why is not because we don’t trust you, but that not many users use Meower to start with right now, so we don’t need that many servers, and we only really need one server for the Oceania region (that being my server).

Roblox888i · October 31, 2022, 1:07pm

Yes, and also when is beta 6 gonna realese

JoshAtticus · November 2, 2022, 1:55am

We don’t ask that

JoshAtticus · November 2, 2022, 1:57am

Aw, dang. Was looking forward to finally being able to do something useful for Meower, but I guess I won’t be needed.

zed · November 2, 2022, 3:45pm

It’s not really a matter of “Do you support this idea”.
Meower will eventually become too big to be handled by just one server, so having multiple servers is inevitable.

But as of right now, Meower on one server can support 1600+ users, so until we get into frequent problems, we’re good