|
|
|
|
|
|
by syrusakbary
1177 days ago
|
|
|
Here are the main differences with the Docker strategy: * If you want it to be usable, you will need to ship it with some mechanism that allows running CGI over http (kind of Apache or Nginx), so your container would be bigger than the Wasmer package * Regarding security: Docker containers needs to rely on hardware virtualization to run securely (via KVM or simlar), aside of a virtualization on the systemcall layer (which depends on the crun layer that you use) Because of that, Docker containers will have the downside of: being able to run only in one chipset/OS, they will be bigger-sized and they would be slower to start up (even if you use state of the art for running them, aka Firecracker, you still get 250ms vs < 1ms with Wasmer) |
|
|
Is wasmer stable and secure enough to be exposed to abuse of the entire Internet?
> your container would be bigger than the Wasmer package
The first Google hit for "docker php nginx" is https://hub.docker.com/r/trafex/php-nginx - they claim their Docker image is 40 MB compressed, whereas Wasmer for amd64 (latest from https://github.com/wasmerio/wasmer/releases) is a 80 MB tar.gz (unpacks to 300 MB tar). Even with larger images, like the `wordpress` image (200 MB), the size is neglible.
> Because of that, Docker containers will have the downside of: being able to run only in one chipset/OS
You probably don’t need to care about architectures other than amd64 and arm64. Both are supported by the trafex/php-nginx and wordpress Docker images.
> (even if you use state of the art for running them, aka Firecracker, you still get 250ms vs < 1ms with Wasmer)
Starting a fresh VM for every request doesn’t make sense, so this difference wouldn’t matter in real life.