The Problem

Recently we needed to redirect all Amazon Elastic Load Balancer (ELB) HTTP traffic to HTTPS. AWS ELB doesn't provide this automatic redirection as a service. ELB will, however, let you map multiple ports from the ELB into the auto-scaling cluster of nodes attached to that ELB.

People usually just point both port 80 & 443 to a webserver that is configured to redirect traffic through the secure port. The question of how to configure your webserver for this task is asked over & over again on the internet. People have to go scrape the config snip off the internet & put it in their webserver's configuration files. You might be using a different webserver for your new project than you used for your last.

Lifting this configuration into place also takes some dev-ops work (chef, puppet, etc) & testing to make sure it works. If you have to mix redirect-to-https configuration with your other configuration for the webserver it takes even more care & testing. Wouldn't it be nicer to have a microservice for this that redirects out of the box without any configuration needed?

We could map port 80 (HTTP) to our own fast webserver to do the job of redirecting to HTTPS (TLS). The requirements are just that it always redirects to HTTPS & doesn't need configuration to do so (at least in its default mode).

The Solution

I wrote a Haskell service using the fast webserver library/server combo of Wai & Warp. It only took about an hour to write the basic service from start time to ready-for-deployment time. Working on it for an hour solved a problem for us for the foreseeable future for forcing HTTPS on AWS ELB. It does the job well & logs in Apache webserver format. We had it deployed the same day.

The project is open source & can be found on github.com.

Why Haskell?

Haskell can be a great tool for solving systems/dev-ops problems. Its performance can compete with other popular natively compiled systems languages like Go, Rust or even (hand-written) C.

In addition to great performance, Haskell helps you to communicate your intent in code with precision. Mistakes are often caught at compile time instead of runtime. You often hear Haskellers talk about having their code just work after they write it & it compiles.

After installing the GHC compiler and the `cabal-install` build tool, compiling a native executable of the webserver is as simple as these 3 commands in the project root.

cabal update cabal sandbox init cabal install

After installation you will have a single binary in $PROJECT/.cabal-sandbox/bin/rdr2tls.

Deployment

What gets installed is a native executable with just a few dynamic links (because GPL licensing). Since we have a nice self-contained native executable, we have a multitude of options for deployment. We could create a Debian package. We could package things up as an RPM. We could deliver the code as a Docker container.

We chose to deploy our first run of the project as Docker container. The first deploy was 200MB (because we based the deployment on the Ubuntu docker image). This is not a huge image but we wanted to see if we could shrink that if possible.

What if we could take everything out of the image that wasn't necessary to running our webserver code? There isn't a whole lot needed to create a working Docker image from an executable. If you run ldd <binary> on the native executable you'll see the following.

tim@kaku:~/src/github.com/dysinger/rdr2tls% ldd .cabal-sandbox/bin/rdr2tls linux-vdso.so.1 => (0x00007ffef0fa8000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fb3fc3e2000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fb3fc1de000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fb3fbfbf000) libgmp.so.10 => /usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007fb3fbd3f000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fb3fba37000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb3fb66c000) /lib64/ld-linux-x86-64.so.2 (0x00007fb3fc608000)

If we package up just the libraries that are linked, is that enough? No. It didn't work. Michael Snoyman did some digging around & found we also need some gconv UTF libraries. I also found we needed /bin/sh for Docker to be happy. We created a small project for building a base docker image with these things in place. It's just a few megabytes!

When we inject our webserver into the base image we get a complete Docker image for our webserver in less than 20MB. That's not bad!

Into the Rabbit Hole

We went from nearly 200MB to 20MB. Can we do any better? How deep does the rabbit hole go? Luckily I had the weekend so I could really geek out on it.

GHC can be configured with a number of options when it is compiled. We can matrix on the following options:

GHC Version: 7.8 or 7.10 (the last two stable)

GHC Build Flavour: (e.g., quick, perf & perf-llvm)

GHC Integer Library: libgmp-based or 'simple'

LLVM Version: 3.4 or 3.5 (the last two stable)

Split Objects: not recommended in the GHC manual (so we didn't)

In addition to tweaking GHC compiler options while installing GHC, we can tell GHC to compile the code with different backends:

GHC Backend: asm or llvm

I used a script to run through and compile all the different combinations of GHC. I ended up with many, many versions of GHC installed (11GB of them actually). I wanted to see what difference it would make in the size of the webserver executable.

After compiling the webserver a couple dozen times we see that flags & options makes a difference. Sizes for the stripped native executable ranged from 13879600 bytes (13.88MB) to 5963632 bytes (5.96MB) depending on options. No doubt there will be performance trade offs in size vs performance. We are just looking at size for the moment.

If we add UPX in the mix, we can further shrink the executable to the range of 3022828 bytes (3.02MB) to 1224368 bytes (1.22MB!).

Our 'scratch' base docker image is 3.67MB (w/o libgmp) and 4.19MB (w/ libgmp) currently. If we add a stripped & compressed executable weighing in at 1.22MB to 3.67MB we should get something around 5MB. Not to shabby for a complete running Docker image!

REPOSITORY TAG SIZE rdr2tls 7.8.4-perf_llvm-llvm_3_4-integer_gmp-llvm 7.21MB rdr2tls 7.8.4-perf_llvm-llvm_3_4-integer_gmp-asm 7.11MB rdr2tls 7.8.4-perf_llvm-llvm_3_4-integer_simple-llvm 6.69MB rdr2tls 7.8.4-perf_llvm-llvm_3_4-integer_simple-asm 6.59MB rdr2tls 7.8.4-perf-llvm_3_4-integer_gmp-llvm 5.70MB rdr2tls 7.8.4-perf-llvm_3_5-integer_gmp-asm 5.60MB rdr2tls 7.8.4-perf-llvm_3_4-integer_gmp-asm 5.60MB rdr2tls 7.8.4-perf-llvm_3_4-integer_simple-llvm 5.18MB rdr2tls 7.8.4-perf-llvm_3_5-integer_simple-asm 5.08MB rdr2tls 7.8.4-perf-llvm_3_4-integer_simple-asm 5.08MB haskell-scratch integer-gmp 4.19MB haskell-scratch integer-simple 3.66MB

The 7MB LLVM-backend-compiled version is now pushed to Dockerhub.

Appendix: The Data

Stripped Executable Size (bytes)

Version Build Flavour LLVM Integer Library Backend Size 7.8.4 perf_llvm llvm_3_4 integer_simple llvm 13879600 7.8.4 perf_llvm llvm_3_4 integer_gmp llvm 13875952 7.8.4 perf_llvm llvm_3_4 integer_simple asm 13768888 7.8.4 perf_llvm llvm_3_4 integer_gmp asm 13763704 7.8.4 quick llvm_3_4 integer_gmp llvm 11854264 7.8.4 quick llvm_3_4 integer_simple llvm 11841336 7.8.4 quick llvm_3_4 integer_gmp asm 11640248 7.8.4 quick llvm_3_5 integer_gmp asm 11640248 7.8.4 quick llvm_3_4 integer_simple asm 11624760 7.8.4 quick llvm_3_5 integer_simple asm 11624760 7.8.4 perf llvm_3_4 integer_simple llvm 6570680 7.8.4 perf llvm_3_4 integer_gmp llvm 6568888 7.8.4 perf llvm_3_4 integer_gmp asm 6456632 7.8.4 perf llvm_3_5 integer_gmp asm 6456632 7.8.4 perf llvm_3_4 integer_simple asm 6455864 7.8.4 perf llvm_3_5 integer_simple asm 6455864 7.10.1 perf llvm_3_5 integer_gmp llvm 6267568 7.8.4 perf_llvm llvm_3_5 integer_gmp llvm 6267568 7.8.4 perf_llvm llvm_3_5 integer_simple llvm 6267568 7.10.1 perf_llvm llvm_3_5 integer_gmp llvm 6267568 7.10.1 quick llvm_3_5 integer_gmp llvm 6267568 7.10.1 perf llvm_3_4 integer_gmp llvm 6259376 7.10.1 perf_llvm llvm_3_4 integer_gmp llvm 6259376 7.10.1 perf_llvm llvm_3_4 integer_simple llvm 6259376 7.10.1 quick llvm_3_4 integer_gmp llvm 6259376 7.10.1 perf llvm_3_4 integer_gmp asm 5963632 7.10.1 perf llvm_3_5 integer_gmp asm 5963632 7.8.4 perf_llvm llvm_3_5 integer_gmp asm 5963632 7.8.4 perf_llvm llvm_3_5 integer_simple asm 5963632 7.10.1 perf_llvm llvm_3_4 integer_gmp asm 5963632 7.10.1 perf_llvm llvm_3_4 integer_simple asm 5963632 7.10.1 perf_llvm llvm_3_5 integer_gmp asm 5963632 7.10.1 quick llvm_3_4 integer_gmp asm 5963632 7.10.1 quick llvm_3_5 integer_gmp asm 5963632

Compressed Executable Size (bytes)

Version Build Flavour LLVM Integer Library Backend Size 7.8.4 perf_llvm llvm_3_4 integer_simple llvm 3022828 7.8.4 perf_llvm llvm_3_4 integer_gmp llvm 3022228 7.8.4 perf_llvm llvm_3_4 integer_simple asm 2924580 7.8.4 perf_llvm llvm_3_4 integer_gmp asm 2924084 7.8.4 quick llvm_3_4 integer_gmp llvm 2526344 7.8.4 quick llvm_3_4 integer_simple llvm 2523524 7.8.4 quick llvm_3_4 integer_gmp asm 2415588 7.8.4 quick llvm_3_5 integer_gmp asm 2415588 7.8.4 quick llvm_3_4 integer_simple asm 2412936 7.8.4 quick llvm_3_5 integer_simple asm 2412936 7.8.4 perf llvm_3_4 integer_simple llvm 1516816 7.8.4 perf llvm_3_4 integer_gmp llvm 1513672 7.8.4 perf llvm_3_4 integer_simple asm 1412060 7.8.4 perf llvm_3_5 integer_simple asm 1412060 7.8.4 perf llvm_3_4 integer_gmp asm 1409684 7.8.4 perf llvm_3_5 integer_gmp asm 1409684 7.8.4 perf_llvm llvm_3_5 integer_simple llvm 1339448 7.10.1 perf llvm_3_5 integer_gmp llvm 1339192 7.8.4 perf_llvm llvm_3_5 integer_gmp llvm 1339192 7.10.1 perf_llvm llvm_3_5 integer_gmp llvm 1339192 7.10.1 quick llvm_3_5 integer_gmp llvm 1339192 7.10.1 perf llvm_3_4 integer_gmp llvm 1338580 7.10.1 perf_llvm llvm_3_4 integer_gmp llvm 1338572 7.10.1 quick llvm_3_4 integer_gmp llvm 1338572 7.10.1 perf_llvm llvm_3_4 integer_simple llvm 1338540 7.8.4 perf_llvm llvm_3_5 integer_simple asm 1224440 7.10.1 perf_llvm llvm_3_4 integer_simple asm 1224440 7.10.1 perf llvm_3_4 integer_gmp asm 1224368 7.10.1 perf llvm_3_5 integer_gmp asm 1224368 7.8.4 perf_llvm llvm_3_5 integer_gmp asm 1224368 7.10.1 perf_llvm llvm_3_4 integer_gmp asm 1224368 7.10.1 perf_llvm llvm_3_5 integer_gmp asm 1224368 7.10.1 quick llvm_3_4 integer_gmp asm 1224368 7.10.1 quick llvm_3_5 integer_gmp asm 1224368

GHC Compiler Size

Version Build Flavour LLVM Integer Library Size 7.8.4 quick llvm_3_4 integer_gmp 272M 7.8.4 quick llvm_3_5 integer_gmp 272M 7.8.4 quick llvm_3_4 integer_simple 273M 7.8.4 quick llvm_3_5 integer_simple 273M 7.10.1 quick llvm_3_4 integer_simple 332M 7.10.1 quick llvm_3_5 integer_simple 332M 7.8.4 perf_llvm llvm_3_4 integer_gmp 912M 7.8.4 perf_llvm llvm_3_4 integer_simple 913M 7.8.4 perf llvm_3_4 integer_gmp 927M 7.8.4 perf llvm_3_5 integer_gmp 927M 7.8.4 perf llvm_3_4 integer_simple 928M 7.8.4 perf llvm_3_5 integer_simple 928M 7.10.1 perf llvm_3_4 integer_simple 1.1G 7.10.1 perf llvm_3_5 integer_simple 1.1G 7.10.1 perf_llvm llvm_3_5 integer_simple 1.1G

Do you like this blog post and need help with DevOps, Rust or functional programming? Contact us.

Share this