Comments (5)
Thanks for your thoughts.
If someone stumbles upon this, https://en.wikipedia.org/wiki/Cache_replacement_policies might be a useful resource to checkout.
from certmagic.
Closing, since there's nothing actionable at this point; but if we get some useful data as mentioned above, then we can reopen and discuss which policy to use if random is not sufficient.
from certmagic.
Can be done but requires some more state. Is this impacting your deployments?
from certmagic.
Thanks for your quick reply. We are in the early stage of moving away from wildcard certificates. So nothing is impacted. We want to remove less frequently used certs first as it makes more sense in our case. Consider a website like statuspage.io where it gives you yourpage.statuspage.io or netlify/vercel preview deployments like example-somehash.vercel.app. You can have hundreds of domains but some of them are visited only once while others multiple times in a day. So randomized removal may remove the most used one which is not ideal.
from certmagic.
I see. Great use case, but I think first we should make a decision like this based on data/experience.
Why do you want LRU specifically? Why does it "make more sense"?
So randomized removal may remove the most used one which is not ideal.
It also may remove the least-used one, which is most ideal.
There are a lot of cache eviction options, so if we're going to invest in the complexity of something other than random we might as well make sure it serves us well. 👍
Let's get some data from an actual deployment to see why random isn't a good fit, and to have it become more clear that another algorithm would be better.
For example, LRU has a bad worst case, if the cache is slightly smaller than the working set.
from certmagic.
Related Issues (20)
- Support customizable certificate validity period HOT 2
- Add: Deactivating an Authorization (7.5.2) HOT 4
- Certificate Import HOT 16
- Add proxy option for OCSP stapling requests HOT 6
- Ability to disable logs with `no information found to solve challenge for identifier` HOT 3
- Config option for what the Caddy ask endpoint protects / DecisionFunc HOT 2
- Can DNS be used alongside ALPN? HOT 5
- How to manually issue a certificate HOT 3
- Is FallbackServerName still experimental? HOT 3
- Question: How to issue wildcard certificates rather than exact subject name in OnDemand? HOT 5
- FileStorage Delete doesn't delete non-empty directories HOT 7
- Implement ARI HOT 2
- How to disable logs? HOT 1
- Panic on ZeroSSL API Issuer when no `Storage` is set HOT 3
- Looking for cause and solution to "config returned for certificate is not nil and points to different cache" error returned in cache.go HOT 3
- Allow Certmagic to generate 'next' private key to allow safe TLSA/DANE deployment and rollover HOT 5
- Use posix file advisory locks on supported platforms HOT 1
- Do calls to storage Load need to be Lock protected? HOT 5
- Sometimes generating 33 ARI requests in a single second HOT 7
- Allow specific issuers for specific on-demand domains HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certmagic.