Overview
A detailed solution architecture document is available on request to agencies.
HTTP request time limit
The PHP execution limit (max_execution_time) is 30 seconds, after which a 503 (Service Unavailable) error will be returned.
The "Gateway" server which fronts all stacks has a HTTP request timeout limit of 120 seconds, after which it will generate a 504 (Gateway Timeout) error. This is preventing overloading of the shared parts of the infrastructure.
Your publicly accessible URLs should never take a long time to process, as this leaves your environment open to denial of service attacks. You should definitely hide these behind a login or a captcha, or use caching and other optimisations to bring down the processing time.
The preferred way to handle your long-running processes is via the queuedjobs module. You can extend the time limit of a PHP process by using:
- Silverstripe Framework v4's
\SilverStripe\Core\Environment::increaseTimeLimitTo() - Silverstripe Framework v3's
increase_time_limit_to
Consider using caching to speed up request execution.
PHP extensions
Environments within a stack are turnkey deployments of a standardised environment. For security and supportability reasons we don't allow the installation of binaries, PHP extensions or other deviations from the standard environment that are not encapsulated within the PHP code deployed into the environment.
These PHP extensions are part of the standard environment, and can be relied on to be available:
- bcmath
- curl
- gd
- mbstring
- mcrypt
- tidy
- xsl
Webserver
Environments are running Apache 2.4 (see Debian "Buster" packages). Note that there's other caching infrastructure in front of your environment.
Document root
Apache's DocumentRoot directive is currently configured to point to the root path of the code repository.
For Silverstripe CMS Recipe 4.x (CWP Recipe 2.x), we strongly recommend retaining the recipe's .htaccess file verbatim. Additional .htaccess directives, such as redirects, should be added to public/.htaccess. For future-compatibility, the new redirects should be tested against both DocumentRoot pointing to repository root and pointing to public directory within the repository.
Database
Silverstripe Cloud Public Sector is running on MariaDB 10.3 (see Debian "Buster" packages). For local development, you can also choose MySQL 5.7.
Hosting video
Stacks don't provide built-in hosting of video content, and we recommend you don't attempt to do so.
Instead, we recommend hosting video on a third-party service, such as vimeo.com. They provide a simple, turn-key solution optimised for hosting video that is easily integrated with Cloud environments.
Since the resource allocated to a environment is directly related to the cost per month for a stack, we have optimised the network bandwidth allocated to an environment for hosting standard HTML content and regular files such as pdfs, docs, etc. Video files are much larger than most other assets, and exceed this network bandwidth. Attempting to host video files will cause severely degraded performance for your other users.
If you do need to host video within Silverstripe Cloud, please contact us to have a quote provided for a custom stack with sufficient bandwidth for hosting. You will also need to provide your own solution for other elements of video hosting, such as:
- Transcoding the video to the variety of formats needed by different web-enabled devices
- A player that provides the necessary controls and accessibility extensions to the devices' built-in video playing support
Code patching
Some Silverstripe CMS security vulnerabilities are live-patched using a post-deploy script. This script applies patch files to your codebase based on the version detected from the composer.lock file.
We currently require the lock file to use tagged versions of the silverstripe-framework and silverstripe-multivaluefield modules. Branch aliases such as 3.2.x-dev are not permitted and will cause deployments to fail with "integer expression expected" message. This is because the current solution is unable to resolve if the version being aliased is vulnerable.
Other features
- Varnish and Incapsula caching
- Outgoing HTTP proxy
- WKHTMLTOPDF is available in series 0.12.6.
- Solr search
- Apache Tika
Process for new infrastructure features
Where your business requirements necessitate a server-side feature that is not currently present, there are options available, for instance, wrapping of the feature as a web application hosted outside the infrastructure (either at your own cost or through an external provider).