Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HTTP for Great Good
Search
Matt Robenolt
September 05, 2013
Programming
85
200k
HTTP for Great Good
Scaling Django with HTTP
DjangoCon US 2013
http://www.youtube.com/watch?v=HAjOQ09I1UY
Matt Robenolt
September 05, 2013
Tweet
Share
More Decks by Matt Robenolt
See All by Matt Robenolt
Everything is broken and I don't know why.
mattrobenolt
0
44
I am bad at my job.
mattrobenolt
0
220
Everything is broken, and I don't know why. Python edition.
mattrobenolt
1
210
Everything is broken, and I don't know why. Python edition.
mattrobenolt
2
600
Varnish: How We Do It
mattrobenolt
1
220
Everything is broken, and I don't know why.
mattrobenolt
7
1.5k
Cheating Your Way to Webscale
mattrobenolt
13
1.4k
Caching is Hard: Varnish @ Disqus
mattrobenolt
52
2.1M
Developing & Deploying "Large" Scale Web Applications
mattrobenolt
25
1.3k
Other Decks in Programming
See All in Programming
メルカリのリーダビリティチームが取り組む、AI時代のスケーラブルな品質文化
cloverrose
2
460
まだ間に合う!Claude Code元年をふりかえる
nogu66
5
930
AIの誤りが許されない業務システムにおいて“信頼されるAI” を目指す / building-trusted-ai-systems
yuya4
7
4.3k
Honoを使ったリモートMCPサーバでAIツールとの連携を加速させる!
tosuri13
1
110
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
momok47
0
170
Go コードベースの構成と AI コンテキスト定義
andpad
0
160
Pythonではじめるオープンデータ分析〜書籍の紹介と書籍で紹介しきれなかった事例の紹介〜
welliving
3
780
実は歴史的なアップデートだと思う AWS Interconnect - multicloud
maroon1st
0
310
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
ahuglajbclajep
4
750
HTTPプロトコル正しく理解していますか? 〜かわいい猫と共に学ぼう。ฅ^•ω•^ฅ ニャ〜
hekuchan
2
640
KIKI_MBSD Cybersecurity Challenges 2025
ikema
0
130
AI前提で考えるiOSアプリのモダナイズ設計
yuukiw00w
0
210
Featured
See All Featured
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
84
Six Lessons from altMBA
skipperchong
29
4.1k
So, you think you're a good person
axbom
PRO
1
1.9k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
58
41k
The Cult of Friendly URLs
andyhume
79
6.8k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
39
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Mind Mapping
helmedeiros
PRO
0
48
30 Presentation Tips
portentint
PRO
1
190
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
71k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Deep Space Network (abreviated)
tonyrice
0
34
Transcript
HTTP for Great Good Scaling Django with HTTP DjangoCon US
September 5th 2013 Matt Robenolt
Hello < me irl
Site Reliability Engineer
“DJANGO ALL THE THINGS!”
“...but
“...but
The slowest part of a web application is typically not
your code.
Between databases and memcaches and Redises and Cassandras and MongoDBs
and networks, Django is not the problem.
“...everything
None
A few vanity metrics.
Monthly Unique Visitors 1,115,080,411
Monthly Page Views 7,516,761,301
Inbound Traffic 42k total req/s 15k app req/s not my
fault
36% of all requests actually hit a Django server 15k/42k
= 36%
...what happened to the other 64%?
Let’s talk about HTTP. Hypertext Transport Protocol
$ curl -v disqus.com
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Request
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Method
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Path
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Version
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Headers
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Response
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Status
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Headers
Request in Django request.method # method request.get_full_path() # path request.META['HTTP_USER_AGENT']
request.META['HTTP_ACCEPT']
Response in Django response = HttpResponse(body) response.status_code = 200 response['X-Foo']
= 'bar'
“Cool,
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 30 Aug 2013 06:38:37 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 10453 < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 06:38:36 GMT < Cache-Control: no-cache, must-revalidate Hmm. What can we do with this information?
> GET / HTTP/1.1 > User-Agent: curl/7.24.0 > Host: disqus.com
> Accept: */* > If-Modified-Since: Fri, 30 Aug 2013 00:32:14 GMT > < HTTP/1.1 304 Not Modified < Server: nginx < Date: Fri, 30 Aug 2013 18:05:38 GMT < Last-Modified: Fri, 30 Aug 2013 00:32:14 GMT < Vary: Accept-Encoding < Expires: Fri, 30 Aug 2013 18:05:37 GMT < Cache-Control: no-cache, must-revalidate
304 Not Modified No body is sent with the response
304 Not Modified Client reuses its cached version
304 Not Modified Usually more efficient to calculate
notbad.gif
But we can do better!
Static files have been promoting good practices for a long
time.
“Far future headers”
$ curl -v a.disquscdn.com/dotcom/d-6203c8f/css/ disqus-web/pages/home.css < HTTP/1.1 200 OK <
Server: nginx < Content-Type: text/css; charset=utf-8 < Last-Modified: Fri, 16 Aug 2013 20:31:05 GMT < Expires: Sun, 15 Sep 2013 20:34:21 GMT < Cache-Control: max-age=2592000 < Content-Length: 30749 < Date: Sun, 18 Aug 2013 03:23:37 GMT < Via: 1.1 varnish < Age: 110956 < Connection: keep-alive < Vary: Accept-Encoding
$ curl -v a.disquscdn.com/dotcom/d-6203c8f/css/ disqus-web/pages/home.css < HTTP/1.1 200 OK <
Server: nginx < Content-Type: text/css; charset=utf-8 < Last-Modified: Fri, 16 Aug 2013 20:31:05 GMT < Expires: Sun, 15 Sep 2013 20:34:21 GMT < Cache-Control: max-age=2592000 < Content-Length: 30749 < Date: Sun, 18 Aug 2013 03:23:37 GMT < Via: 1.1 varnish < Age: 110956 < Connection: keep-alive < Vary: Accept-Encoding 30 days in the future.
Chrome Web Inspector on second visit
No HTTP request 0ms
No HTTP request The client knew to just use its
local cache
No HTTP request Computer actually did something right for once
“I SEE WHAT YOU DID THERE” - Hopefully you
Takeaways Clients behave differently depending on the response headers
Takeaways These usually come with minimal effort with static files
Takeaways We can and should utilize these to our advantage
to improve UX
Same logic can be applied to dynamic content.
What’s this look like in Django?
Last-Modified def lol(request): response = render(request, 'lol.html') response['Last-Modified'] = \
'Fri, 16 Aug 2013 20:31:05 GMT' return response * don’t do this.
Last-Modified from django.views.decorators.http import \ last_modified def post_last_modified(request, slug): return
Post.objects.get(slug=slug).modified @last_modified(post_last_modified) def blog_post_detail(request, slug): # Your view
Cache-Control def lol(request): response = render(request, 'lol.html') response['Cache-Control'] = 'max-age=600'
return response
Cache-Control from django.views.decorators.cache import \ cache_control @cache_control(max_age=600) # Cache for
10m def home(request): return HttpResponse('lol')
“OMG!
None
Well... not really.
How many requests will {{user}} make to the same page
within 10 minutes?
1? 2? 3?
...out of 42k requests per second.
Even with caching, your app is doing a lot of
work.
Parsing HTTP.
WSGI.
Django middleware stack.
Do some stuff.
Render a template?
Back out through the Django middleware.
Transform an HttpResponse into a real HTTP response.
...at 42k requests per second.
You’re gonna have a bad time. me
Until now, “client” has been a user’s browser.
“If only we could utilize this Cache-Control stuff better...”
Introducing
$ apt-get install varnish
$ brew install varnish
tl;dr Varnish sits between Django and your users Internet
tl;dr Caches HTTP responses and respects proper HTTP headers Internet
tl;dr Its sole purpose in life is to be a
cache, so it’s really fast. Internet
Stand back, science is happening.
Stand back, science is happening. benchmarking
Simple, non-scientific “Hello World”
from django.views.decorators.cache import \ cache_control from django.http import HttpResponse @cache_control(max_age=5)
def hello(request): return HttpResponse('Hello world') “Hello World”
$ httperf --server 127.0.0.1 --port 8000 -- uri /hello/ --rate
150 --num-conn 10 --num-call 500 --hog Request rate: 369.6 req/s (2.7 ms/req) Django + gunicorn * on my MacBook Air
$ httperf --server 127.0.0.1 --port 8888 -- uri /hello/ --rate
150 --num-conn 10 --num-call 10000 --hog Request rate: 15633.4 req/s (0.1 ms/req) Varnish * on my MacBook Air
Varnish: How does it work?
First request
First response “Lemme
“Yo,
Next response “wut
Caching: ProMoves™
Augment with JavaScript Update your UI optimistically
Augment with JavaScript Leverage cookies to store non-critical data
Augment with JavaScript Defer fetching user-specific data until needed
Short TTLs are good Most things can be cached for
at least 5s
Short TTLs are good At 10k requests/s, a 5s TTL
absorbs 49,999 requests
Let’s meet: John and Jane Doe.
John and Jane are different users.
John logs into Disqus.
Jane logs into Disqus.
Jane sees John’s stuff.
Jane sees John’s stuff. ^ not
We really want to avoid this from ever happening.
Cookies
How do users even work?
$ curl -vd "username=foo&password=bar" https:// disqus.com/profile/login/ > POST /profile/login/ HTTP/1.1
> User-Agent: curl/7.24.0 > Host: disqus.com > < HTTP/1.1 302 FOUND < Server: nginx < Date: Fri, 30 Aug 2013 21:34:36 GMT < Vary: Cookie < Set-Cookie: sessionid=f7aa9598-11bb-11e3-9eb1-003048d9a288; Domain=.disqus.com; expires=Sun, 29-Sep-2013 21:34:36 GMT; httponly; Max-Age=2592000; Path=/
$ curl -vd "username=foo&password=bar" https:// disqus.com/profile/login/ > POST /profile/login/ HTTP/1.1
> User-Agent: curl/7.24.0 > Host: disqus.com > < HTTP/1.1 302 FOUND < Server: nginx < Date: Fri, 30 Aug 2013 21:34:36 GMT < Vary: Cookie < Set-Cookie: sessionid=f7aa9598-11bb-11e3-9eb1-003048d9a288; Domain=.disqus.com; expires=Sun, 29-Sep-2013 21:34:36 GMT; httponly; Max-Age=2592000; Path=/ Set-Cookie
$ curl -vd "username=foo&password=bar" https:// disqus.com/profile/login/ > POST /profile/login/ HTTP/1.1
> User-Agent: curl/7.24.0 > Host: disqus.com > < HTTP/1.1 302 FOUND < Server: nginx < Date: Fri, 30 Aug 2013 21:34:36 GMT < Vary: Cookie < Set-Cookie: sessionid=f7aa9598-11bb-11e3-9eb1-003048d9a288; Domain=.disqus.com; expires=Sun, 29-Sep-2013 21:34:36 GMT; httponly; Max-Age=2592000; Path=/ Session Id
Unique id that represents a logged in user Session Id
django.contrib.sessions / django.contrib.auth Session Id
Could potentially cache per session id Session Id
By default, Varnish will not cache any request with a
Cookie header at all.
Think about if your endpoint changes based on a user’s
authentication.
If it doesn’t, Varnish can normalize it.
None
Learn: Varnish Configuration Language (VCL) in 30 seconds
sub vcl_recv { // These urls can be stripped of
all // cookies since they serve the same // data for anon and auth'd user if ( req.url == "/" || req.url ~ "^/embed/comments/" ) { unset req.http.Cookie; } }
Basically, caching is hard.
Go make some stuff faster.
We’re hiring people who hate computers. disqus.com/jobs
Questions? I have answers. ^ github.com/mattrobenolt @mattrobenolt some
mattrobenolt
cloverrose
nogu66
yuya4
tosuri13
momok47
andpad
welliving
maroon1st
ahuglajbclajep
hekuchan
ikema
yuukiw00w
ryanjones
skipperchong
axbom
rkaga
andyhume
techseoconnect
bluesmoon
helmedeiros
portentint
soudai
garrettdimon
tonyrice
![Request in Django request.method # method request.get_full_path() # path request.META['HTTP_USER_AGENT']](https://files.speakerdeck.com/presentations/d8fa46d0f569013035d14afa8daffd2f/slide_27.jpg){kind=link}
![Response in Django response = HttpResponse(body) response.status_code = 200 response['X-Foo']](https://files.speakerdeck.com/presentations/d8fa46d0f569013035d14afa8daffd2f/slide_28.jpg){kind=link}
![Last-Modified def lol(request): response = render(request, 'lol.html') response['Last-Modified'] = \](https://files.speakerdeck.com/presentations/d8fa46d0f569013035d14afa8daffd2f/slide_51.jpg){kind=link}
![Cache-Control def lol(request): response = render(request, 'lol.html') response['Cache-Control'] = 'max-age=600'](https://files.speakerdeck.com/presentations/d8fa46d0f569013035d14afa8daffd2f/slide_53.jpg){kind=link}
