Yeah, I've seen this in more than a few places. There was a blog "running on a Wii" that, IIRC, was doing the same thing.
On the one hand I get it, TLS is pretty heavy, and it makes sense to take advantage of a VPS or Cloudflare or however you want to do it.
But once you are spinning up a VPS, the question is ... why the Pi? The VPS in the article has less RAM, but more storage. If you're already doing TLS termination on the VPS (the most RAM intensive part), you might as well just do the whole shebang there.
I know this is all for fun, I'm just wondering -- is the Pi Zero really too slow to handle TLS, especially with an optimized TLS library? In this setup, the Pi is already being directly exposed to the Internet anyway, there's no VPN being used. That ARM11 isn't "fast", but surely a 1 GHz ARM11 can handle an optimized TLS library serving some subset of TLS1.2.
Sometimes these demos enable caching on the reverse proxy. So then for these tiny demo html pages you request, you may not even reach the fun tiny computer it is supposed to demonstrate.
It is more than a little weird. A pi zero is more than capable of handling HTTP/1.2 and TLS 1.3 for a handful of connections per second. This machine is 10x what we were running web servers on in the '90s.
Also, all web pages are served from RAM. It's automatic that modern OSes will cache this stuff on first access.
A raspberry zero is more powerful than an enterprise server from the 1990s. A minimalist static website is not impressive. You can fit way more in there.
I hosted my personal email domain on a Zero for almost 10 years. It had about the same capability as the very expensive (and large) Win NT4 machine we used for our 80-person organization when I started my career in tech. I eventually replaced the Zero with a Raspberry Pi 4, primarily because the Zero’s IO ports are annoying (eg, USB is not hot-pluggable!) An RPi 4 is extreme overkill for personal email but it still idles under 1W and when it fails I can replace the entire machine for next to nothing.
The point of failure for all of these machines has been the SD card. They seem to last 4 years almost to the day. I suppose if I set up a RAMdisk they might last longer, but honestly, for the price of an SD card it’s not really worth my time.
The website running on the vape was far more interesting than this. I do wonder if anyone has tried to use the microphone in these devices to listen to audio. Backdoored vape
I have a self hosting Pi Zero W running Gentoo. It started as a joke, but I kept it because it's actually occasionally useful for testing new kernel releases.
It is still able to build software faster than it is released. It takes roughly a month to recompile the entire system :D
After seeing what new R-Pi stuff is selling for I went rummaging in the parts drawer and found the following:
- R-Pi Zero W
- Sixfab UPS hat
- Sixfab Cellular IoT App Shield
- R-Pi model 1B
With all this I should be able to make a multiply redundant always-on bastion host. It's awesome that alpine supports the armhf stuff, many OSes have dropped 32bit support entirely.
This feels a little weird because while they are running the website itself (HTTP) off the Pi, they are handing off all TLS to a cloud provider.
So while the content is in RAM on the Pi, a lot of the heavier lifting (TLS termination) is done elsewhere, which saves a ton of CPU load on the Pi.
Yeah, I've seen this in more than a few places. There was a blog "running on a Wii" that, IIRC, was doing the same thing.
On the one hand I get it, TLS is pretty heavy, and it makes sense to take advantage of a VPS or Cloudflare or however you want to do it.
But once you are spinning up a VPS, the question is ... why the Pi? The VPS in the article has less RAM, but more storage. If you're already doing TLS termination on the VPS (the most RAM intensive part), you might as well just do the whole shebang there.
I know this is all for fun, I'm just wondering -- is the Pi Zero really too slow to handle TLS, especially with an optimized TLS library? In this setup, the Pi is already being directly exposed to the Internet anyway, there's no VPN being used. That ARM11 isn't "fast", but surely a 1 GHz ARM11 can handle an optimized TLS library serving some subset of TLS1.2.
Sometimes these demos enable caching on the reverse proxy. So then for these tiny demo html pages you request, you may not even reach the fun tiny computer it is supposed to demonstrate.
It is more than a little weird. A pi zero is more than capable of handling HTTP/1.2 and TLS 1.3 for a handful of connections per second. This machine is 10x what we were running web servers on in the '90s.
Also, all web pages are served from RAM. It's automatic that modern OSes will cache this stuff on first access.
A raspberry zero is more powerful than an enterprise server from the 1990s. A minimalist static website is not impressive. You can fit way more in there.
Hey, it loads! Unlike ~10% of pages on first page of HN, hugged to death.
Also I love the dithered B&W images. The entire aesthetic of the site is great.
I hosted my personal email domain on a Zero for almost 10 years. It had about the same capability as the very expensive (and large) Win NT4 machine we used for our 80-person organization when I started my career in tech. I eventually replaced the Zero with a Raspberry Pi 4, primarily because the Zero’s IO ports are annoying (eg, USB is not hot-pluggable!) An RPi 4 is extreme overkill for personal email but it still idles under 1W and when it fails I can replace the entire machine for next to nothing.
The point of failure for all of these machines has been the SD card. They seem to last 4 years almost to the day. I suppose if I set up a RAMdisk they might last longer, but honestly, for the price of an SD card it’s not really worth my time.
The website running on the vape was far more interesting than this. I do wonder if anyone has tried to use the microphone in these devices to listen to audio. Backdoored vape
I have a self hosting Pi Zero W running Gentoo. It started as a joke, but I kept it because it's actually occasionally useful for testing new kernel releases.
It is still able to build software faster than it is released. It takes roughly a month to recompile the entire system :D
The OP link is not to Pi zero website, here's the actual website that's being hosted on the Raspberry Pi:
https://zero.btxx.org/
After seeing what new R-Pi stuff is selling for I went rummaging in the parts drawer and found the following:
- R-Pi Zero W
- Sixfab UPS hat
- Sixfab Cellular IoT App Shield
- R-Pi model 1B
With all this I should be able to make a multiply redundant always-on bastion host. It's awesome that alpine supports the armhf stuff, many OSes have dropped 32bit support entirely.