Documentation on multi-codebase environments?

[hamptonmoore]

I believe there should be docs on how to optimally setup workerd for multiple different JS codebases. Based on https://github.com/cloudflare/workerd/blob/main/src/workerd/server/workerd.capnp#L114-L115 it seems like we can't currently doing that using Host Headers natively, but can use a main javascript script to do so. Having an example of that would be ideal, otherwise my idea is to make a unix socket per site, and hook nginx into those.

[jasnell]

workerd as it currently stands is not at all intended for multi-tenant environments ... specifically, it does not implement any mechanisms for ensuring the necessary sandboxing required for proper multi-tenant support. We do not intend to include that support here. As you note, it is possible to support dispatching based on Host header but I would definitely caution against using that as a reliable multi-tenant mechanism.

[kentonv]

I assume Hampton is talking about running multiple nanoservices e.g. from the same company, not possibly-malicious third-party code. workerd is definitely designed for this and I am planning to add some samples soon.

On Fri, Sep 30, 2022, 10:19 PM James M Snell @.***> wrote:

workerd as it currently stands is not at all intended for multi-tenant environments ... specifically, it does not implement any mechanisms for ensuring the necessary sandboxing required for proper multi-tenant support. We do not intend to include that support here. As you note, it is possible to support dispatching based on Host header but I would definitely caution against using that as a reliable multi-tenant mechanism.

— Reply to this email directly, view it on GitHub https://github.com/cloudflare/workerd/issues/58#issuecomment-1264219068, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA6RADNLA5VGT35KXEGG3O3WA6UVNANCNFSM6AAAAAAQZLL5UE . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[hamptonmoore]

Ah sorry for the confusion, yes I was talking about multiple nanoservices from the same company as @kentonv believed, apologies for the confusing title

[chenthillrulz]

On the similar note, If there is a use case to run custom javascript functions (or a nanoservice) from a different company, is it possible to use a custom sandbox (such as https://github.com/patriksimek/vm2) inside a worker to achieve certain level of security ?

Am also looking for some samples around nanoservices. Want to see the benefits pointed out in the documentation such as homogenous deployment and nanoservices, performance benefits compared to microservices, with a POC. Some of our use cases involve using workerd for executing nanoservices as well as a worker engine.

[kentonv]

On the similar note, If there is a use case to run custom javascript functions (or a nanoservice) from a different company, is it possible to use a custom sandbox (such as https://github.com/patriksimek/vm2) inside a worker to achieve certain level of security?

I would say that you only need intense sandboxing if you are intending to run arbitrary code from anonymous, possibly-malicious sources, who might attempt to exploit bugs in V8 or workerd.

If you are running code from a different company -- but you know specifically who the company is -- then you probably don't need to worry about them trying to exploit you (if they did, you could prosecute). In that case, workerd's sandbox should be good enough. Services in workerd cannot access any resources other than what you give them in your configuration (except through exploits).

[tom-sherman]

Hey @kentonv do you have any samples to share yet?

I'm currently investigating workerd as an option in our organisation and would love to see how this could work.