User:Southparkfan/ServerDraft

Miraheze is not your average MediaWiki installation with Linux, Apache, MySQL and PHP. Instead, we use a lot of services to ensure our site works securely, fast and (well, for us) won't become too complex.

Visiting Miraheze in steps

 * 1) The visitor puts our URL into their address bar;
 * 2) The visitor asks one of our authorative DNS servers to give them an IP, one of our cache proxies;
 * 3) The visitor reaches our cache proxy;
 * 4) At the cache proxy, NGINX terminates SSL (or redirects to HTTPs, if the visitor used HTTP) and performs the handshake;
 * 5) NGINX forwards the request to Varnish;
 * 6) Varnish looks if the request can be cached and/or is cached. If it is, then it returns the cached version to the visitor. Otherwise it will return a MISS;
 * 7) Varnish passes the request to stunnel (Varnish can't speak to an HTTPS backend, so stunnel does that for him), who passes the request to an application server;
 * 8) NGINX performs the SSL work, and passes the request to HHVM, or (if asking for non-dynamic content) looks in our NFS mount for the content the client wants;
 * 9) HHVM will contact the database server as needed, returns the content to NGINX, which returns the content to stunnel, which returns the content to Varnish, which returns the content to NGINX, which after that returns the content to the visitor.

How can we improve this list?
The best solution: moving the servers to a private network.
 * Varnish can speak plain HTTP to the application servers, stunnel can be decomissioned.
 * No need to configure custom domains in NGINX on the appservers, because we won't need the SSL certs there anymore.