 All right, so oh wait the slide okay the slides are showing now okay so yeah I'm Carl Xander you can find me still I'm still on Twitter so you can find me on twigpress or at carlexander.ca if you've ever seen a talk by me I always have this slide because I love talking about advanced programming or anything topic and I like to help you understand those topics but I always have a bit of material and things for you to help you walk you through this but also I want to make it really open to all of you if you have any questions at any time feel free to stop me and ask questions it's better to ask me now than like keep it till the end and then you're lost for the the entire rest of the talk because this slide is really important today I think I'm gonna lose a lot of people so we're gonna go I love this saying servers we can't live without them we can't live with them and we can't live without them whenever your server blows up you're like oh my god like why am I managing this stuff why am I dealing with this how can I make this less painful for me to handle and there's a few solutions here so who here uses a server management system so spin up run cloud server pilot okay there's a couple of you so the thing with those server management tools is that you're still responsible so I've been a system in since I'm 14 it was my first summer summer job I was doing Windows NT servers I had a pager no I do not want to have a pager anymore I'm nothing is more stressful than being on pager duty so even with these server management tools if something happens with the server I mean I use spin up there's still sometimes where the server something happens with server spin-up sends an alert you're still the one responsible for dealing with that and that's still stressful and that's usually when you get into WordPress hosting so I assume everybody else here is gonna raise their hand when I say do you use WordPress hosting right okay okay so that's what you pay WordPress hosting for right you that you're like I don't want to know anything about servers I I trust you especially if you use the good ones then they usually stay up the less you know known web hosting companies is a bit more rock and roll but you still there's still a problem with WordPress hosting so who here has had an issue with a site where everything's good and then oh they write you know a viral article or something like that and then the whole thing blows up or like e-commerce e-commerce also is a really good example especially so in those scenarios like you have to usually buy a hosting plan to deal with that worst-case scenario you have to like and then you're stuck paying for that over provisioned server or you're stuck managing up upscaling and downscaling so I deal with some customers where they do it all themselves and that's stressful too because if you forget it's your money basically that you're spending forgetting to like upscale downstate so the goal of serverless is to address these problems so the first question you're probably wondering is what is serverless and a second question that you're gonna ask me is are there really no servers with serverless literally everyone asked me that and the answer is that no there's still servers with serverless they're still there I I'm not a big fan of the term it's a marketing term somebody in the marketing department decided like oh serverless sounds cool we're gonna use this term and so everybody started using it and all the engineers are like this makes no sense and they're like it's too late it's out there in the wild we can't do anything about it this is the term we have it's serverless we're keeping it but what is serverless for serverless is basically what they call functions as a service so with it's like Google Cloud functions AWS lambda I think Azure functions but what it is is conceptually it's on the band computing so what you do is you upload code the code gets executed when in responsive event so something happens a page view something triggered in somewhere else in AWS and the code gets it the code gets executed runs return something and then shuts down you'll notice we don't mention servers and what that that's because server well okay I'm at the right slide okay servers are basically outside of your sphere of concern so really what serverless means and that's where the confusion comes from is that it's not that there's no more servers is that they're really not they're really outside your sphere of concern and one thing I'll mention a bit later is a bit I'm a bit like the person in the early 2000s that's like have you heard for the cloud and they're like no like you run your own data centers obviously but the whole point of the cloud is to not have to think about data centers and the whole point of serverless is to not even have to think about the server itself so it's not even a question of oh I don't have to think about like data centers I don't even have to think about the Linux box itself so how does this work the best way I found to explain that is to start with talking about how WordPress works today on a server so I'm sure a lot of you are familiar with how WordPress works on a server this is basically how WordPress works on a server for almost every hosting provider I always joke that they're just all selling vanilla and it's just different there's been flavors of vanilla so one person's French vanilla and somebody else another flavor of vanilla so you always have an HTTP cache so either you're using cloud flair or you're using WP rocket or something like that to like do the page caching if that page is on cache it hits the server slash WordPress and then WordPress does either SQL queries directly to the database or if you're using object caching it will do object cache requests and check if it has that and send it back and then just that gets sent back to your browser that's like essentially like almost out every host every WordPress site system whatever is really hosted at this point this came from like this slide comes from like a talk I gave in 2016 I think it was called like the modern WordPress server stack and basically at this point everybody uses more or less the same thing so that's what it looks like now with serverless WordPress we have to go a bit further back because what serverless WordPress is is really serverless PHP so how does PHP work in switch okay how did PHP work on how does it work on a web server so we're gonna zoom it a bit further in so when you're on the web server so everybody here's knows Apache and Gen X we're good okay cool so normally you make your browser makes a request it hits Apache or engine X Apache or engine X decides okay what are you asking me for me right now are you asking me for a file you're asking me for PHP if it determines that it's asking for PHP it makes a call it to the PHP interpreter so if you're with PHP with Apache it used to be just PHP itself with you if you're with engine X which most people are now it's PHP FPM that you call but the idea is the same you basically the web server gets the request realizes that it's for PHP sends it to PHP PHP does its magic you know runs WordPress the WordPress script returns some HTML sends it back to the web server and the web server is like okay here's the status code everything let me send that back to the browser so that's how PHP works so how does serverless PHP compare to all of this so far so both of them will run code so like I said before when I explained what serverless is I mentioned in response to an event so in both cases your serverless code and your regular how PHP works right now they both run your PHP code in response to the event one is something calls AWS Lambda and decides okay we need to run this PHP code with a traditional server you basically have your engine X that determines okay this is PHP code let's call PHP FPM and have it run it so what's different then well it's not just PHP now that runs without a server it's everything so when you're starting to think about serverless WordPress and serverless PHP you're thinking about a service-based architecture so now all the blocks that we were talking about earlier when we looked at it get replaced by services I'm using a I'm with AWS so I'm more familiar with that but there we'll talk more about that in a second but it it starts looking something like this so you have your browser making a request to some something called an API gateway which acts a bit like your engine X so it receives the HTTP request it's like okay what's going on right now it determines oh we want to make a request to Lambda and sends it to Lambda then inside the Lambda there's the PHP runtime and your PHP code so your WordPress code would be here and then there's a PHP runtime which I'll explain in a second PHP runtime so what is the PHP runtime so the PHP runtime is really kind of the secret not secret sauce but it's the unique element that makes PHP serverless PHP work so the best analogy that I have for it is like imagine you have your engine X directives that you have like so when you configure engine X you have a bunch of rules those are the rules that determine what am I trying to do with this web request am I asking for a PHP file am I asking for a regular file basically the runtime acts as this layer this the configuration the host configuration or the server configuration inside your engine X or patchy I'm gonna go but so once it does that it does a couple of things so it processes the Lambda event so it receives an event from the AWS architecture it basically decides okay what am I trying to do here am I requesting a PHP file am I requesting a CSS file am I requesting something that should be a 404 what am I trying to do so it figures what the event wants and then it sends the result back so it's gonna be an HTTP response but a goal here is to mimic parts of the web server so if you request a file you return a file if you want PHP it creates a fast CGI request and sends it to PHP FPM and once PHP FPM determines what the once PHP FPM runs has a response sends that back but it also manages the PHP FPM process so each Lambda only has one PHP worker that's because Lambda can only handle one event at a time and the the idea with that is that the whole thing is self-contained inside this one Lambda that acts and I'm gonna get back to that because that's the really key point is that this entire thing mimics basically one PHP worker so if you if you're familiar with PHP FPM you can configure it to have like a pool of workers that it can scale and down scale and demand but each Lambda is essentially a PHP worker now if we start zooming out again and this is where it might lose a bit of people but right now I've shown you what it looks like just for PHP but what happens if we like zoom out and we look at what our modern WordPress architecture looks if we move it to all services looks something like this so now you're dealing with you still have your caching you still have your your htcache but now you have your file so who here uses something like offload s3 or something like that so so you have to we're gonna talk about that in the drawbacks but you all your media assets are in s3 so you have to determine whether you're requesting for a media asset and then if you're not it goes through the API gateway which is our web server the Lambda which is our PHP worker then we still have our caching object caching and our database so that's what it kind of looks like at a high level here so the essential part here to understand is that it's very it's all around very similar it's really we like swapped different parts of like the the previous like if you imagine like the the previous picture that I show which is the modern WordPress architecture we just started swapping a couple of parts with services and that's essentially what what the architecture looks like at a high level so any questions so far we're gonna ask that again so but if you have any questions please don't hesitate it's better to ask now than wait till the end so here I want to talk about the advantages so you might be wondering at this point like why like why you talk me about this like this looks really complicated you lost me already why are we talking about this no servers to manage what I've been like I said I started being assisted me at 14 I don't want to manage servers anymore I don't want to be on a page on the pager duty or whatever it's it's a lot to manage servers it's it's tiring and it's not our area of expertise you know I don't know servers as well as somebody at GoDaddy or new folder especially those ones that manage their own data centers but even somebody at WP engine but they don't even know it as well as the people as AWS because the scale is completely different and not everybody's comfortable with servers like who here's comfortable with servers one two three maybe so three and a half four so you know we have almost a full we have a half full room and I had four hands up so there's not there's a problem with that we we're not most of us aren't we're developers we're not sysadmin we didn't start our career being sysadmin and that's stressful and it's stressful to be responsible for all of that even even when you're with WordPress hosting and something goes wrong it's stressful and WordPress hosting tries to solve this issue but the new problem that we're seeing at least that I'm seeing a lot is scaling now because WordPress is changing WordPress used to be just content sites and now it's becoming more applications you who here manages WooCommerce sites yeah a lot of you who here manages LMS's site like Lyft or LMS learn-dash exactly more and more people those aren't content sites they're applications and scaling is an issue like if you're hosting a webinar and a thousand people show up you're and you're like on a $50 a month server it's gonna blow up and then they're gone and then either you upscaled it ahead of time and then it's your responsibility to downscale it or you just pay for that maximum scaling all the time and that's also a problem for a lot of WordPress hosting because most WordPress hosting is single server so I know that I'm not the only one working on this but we're a couple of people trying to work on scaling WordPress elastically like horizontally and but for most of us that buy if you buy on WP engine you're buying a single server you're not buying anything elastic that can scale on demand at that I at that quickly you know when you're sending a sale email with WooCommerce or your people are coming in with your webinar that scaling doesn't happen fast enough that's called like the tundering herb problems so with this like I said now each lambda function is a PHP worker so essentially you can have thousands of them and you can scale it in seconds and not minutes because that's what I tried to do like this was like I actually did even something crazier racially but this was like two years ago and basically I sent 1500 users to to to check out on WooCommerce and we basically got to 800 concurrent so that means it was 1800 PHP workers running to give you an idea usually if you buy who here has a 96 core server that they pay for okay well I have a cuss I have a customer with that they're $3,000 a month you would need about five of those to to run this the test I tested recently that cost $10 so that kind of scaling is really hard to do even with servers Kubernetes is fast but it's not that fast and you end up with these kind of situation that's what happens with the tundering herb like the first server comes online it's already broken because yet like the demand's already too high and then it's scaling and scaling and especially for these scenarios you're losing a lot of money while that's happening so what do people do when I do consulting is they need to plan for the worst so yeah they're gonna buy those five $3,000 a month servers because otherwise they're losing $10,000 a minute in sales so yeah obviously they're gonna make sure that they have that but like I said that like how much does that cost you just to keep that running or you got to just do it yourself or talk with them but even then like like I said nobody's really solved the multi-server thing right so I'm talking about five servers but actually nobody's really done that yet at any sort of like really scale so while I can give you a theoretical number of how much that would cost nobody can do that yet and the cool thing is you don't have any of that with with serverless all that you have is that you pay for what you use so you pay when your worker runs and you're charged by the millisecond so if especially for these LMS sites it's kind of cool because oh you get that webinar and then after that it's people are gone and then you don't have to do anything you're not paying for anything there's no traffic to the site you're not you're not doing anything so you don't get paid for it the only thing that you're paying for is your database because you can't just shut down your database and turn it on when you want so maybe one day we'll get to that but we're not there yet for that one so those are kind of the advantages the real big advantages with serverless now what are the drawbacks you know maybe you're thinking like Carl like this sounds too good like I don't trust you like what the hell one of the scary this part is even if I tell you cost less usage based pricing is scary you know it's there's one thing with paying paying for a server it feels safe you know you pay X per month you know that each month you're paying $49 if you need more performance you pay more simple predicting serverless costs okay how many requests they get what's the average duration like what services got hit like it depends on your usage pattern like what application you're running and things like that even if it costs you less like even if you would I like serverless is already competitive pretty much at the $49 a month plan but it's still stressful and harder to budget for it so even if I tell you cost less there's something safe about knowing that you're paying a fixed amount for that even each time so it's cost less and then the other one that another thing that people don't always like is AWS who here uses AWS oh wow actually genuinely surprised there's a lot of you because I'm used to like when I'm totally like AWS like I have like I mean who here is was ever a Windows system in okay yeah who gets a PTSD from like the AWS consoles from yeah yeah exactly you get it like you it's it's scary and you know when you when you tell somebody or I tell somebody like oh you're gonna need to like use AWS or like oh my god it's so big like there's so many things there's so many servers services and I don't know what they mean so that's like a scary part and you might be wondering why not Azure or GCP and the reason for that is unfortunately it's not interchangeable like conceptually there's the same but as we saw earlier we're not just using Lambda we need the other services as well for for those things so they're equivalent well then switch okay they're equivalent but they're not the same so they don't have the same limitations they don't behave the same way so that's kind of like the why multi cloud is kind of a pipe dream like nobody really everybody chooses one cloud and stays with it and the reality is that there's so much energy in the PHP community in all the other programming communities around AWS that it just that's where the energy is and that's why it's mostly only on AWS that you'll find there's some people working a bit on the other services but most of the energy if you look online like the serverless PHP is called a breath so breath it's only on AWS as well so that's one of the drawbacks as well and then the last drawback is repress assumes you're on the server so there's a few issues with that when you know like you can trick it but there's still a few things that people are might not be like comfortable with because of that one you can't install teams and plugins directly why because it's read only you have to deploy the way that AWS makes this so scalable is that you package the application and then it can like boom create like 16,000 copies of it 1600 sorry but I could also do 16,000 but like it could do like thousands of copies of it but for that to happen it needs to be packaged you can't be modifying the files or whatnot so usually the way it works if who here works it does enterprise yeah so who here lets their enterprise users install plugins and teams exactly nobody does so if you come for an enterprise background it makes a lot of sense but if you're not then it can be a bit of a sore point and depends on your what your customer or client expects as well maybe they expect to be able to make modifications and things like that the other part to is the media library I had to actually do a lot of R&D to get the meetings because obviously when you upload a file you're uploading it to a server so what happens instead when you're uploading a file now well you actually have to upload it directly to S3 so none of the S3 plugins do this like you actually have to like send it directly because the thing is you might send the file to one one lambda and then you talk to another one like you can't be sure that the file that you uploaded is there so you have to basically send everything as three but that kind of like messes around like if you use a lot of media library plugins or media manipulation plugins those don't work very well you're better off using a CDN like photon note is it photon tacky on tacky photon yeah photon like something like photon I have I built something like photon to where I'll talk in a second about EMEAR but but that's the idea you use you use a CDN to do the manipulation and instead don't rely on WordPress to do it which is where it's trending largely but still that's still a drawback that you should be aware of and then sometimes plugins assume that your own server too you know I most of the time that really the popular plugins that follow coding standards and PHP coding standards of WordPress coding standards don't have any problems with this like I work with Beaver Builder Elementor and all the page builders you think like this would like explode for them and then it's like works flawlessly it's usually plugins that don't follow conventions or things like that or do things that are kind of greedy server greedy that will kind of cause issues but you have to be aware that there's potential compatibility issues so it's not perfect yet but it's getting better every time alright we're almost done here no questions oh yeah do we do a microphone we'd like to ask how you manage PHP sessions in this well depends the PHP sessions can be managed different ways because you have in general with WordPress they're cookie based sessions but obviously you can't have them on you can't do the sessions that are files right but there you can do sessions that are SQL you can do sessions that are read us or you can do the cookie sessions they work fine but by default WordPress just does cookie sessions so that's like tends to be the standard even in with Laravel it's cookie sessions like it's almost never like stored directly on the server because like this isn't common again because we're so WordPress has always been single server we do things that like that other PHP projects don't do and file sessions on the server does not work the minute you do any sort of like horizontal scaling with like two servers right if you had two servers it wouldn't work it doesn't it wouldn't work either way if you had like file sessions on the server as well yeah yeah you could do a memcache but I only I only have read us with this but yes you could do memcache so but you could also do read this for the sessions and that will work fine it's really the the ones if you use files to do the session storage that it won't work everything else every other method is is not server dependent to do it like whether it's cookies or read this memcache or SQL to store the sessions one more question yeah what exactly you do to keep the lambda functions warm because after a few minutes there is no request to the lambda function that will be in the oh I see somebody knows this stuff okay so I'm gonna nerd out a bit so with lambda so what he's asking is basically normally the way it works with lambda is like they leave the the function running for about five to ten minutes and then it shuts down so if you don't get any any requesting that time like you will go back to zero and then the ramp up the scaling can cause some issues so the way that you're there's two ways you can solve that one there's you can pre provision functions if you want to keep them always running but the other way is there's you can ping them so you can play basically I'm just like I'm this probably above everybody a lot of people but in cloud watch you can basically set an event every five minutes I ping let's say you want to keep 500 them running I ping 500 and then it'll just keep them warm basically so there's a small cost to that but it's like what two milliseconds every five minutes so it's very easy to do a cost about a cost analysis on that as well because you'll know how much it costs and how long it runs and it's just a ping it's not it's not even running WordPress so it's running it's just really pinging the lambda function to make sure that there's enough of them running does that answer your question okay awesome any other questions okay so I just wanted to so we've talked about advantages and disadvantages and one thing that I want to close on that section is just when you're evaluating whether you want to use serverless and not I've talked a lot about cost and it's really tempting to just compare costs you know serverless is expensive I can just buy a five dollar a month droplet from Digital Ocean or Vulture and that'll be fine but that's usually somebody that's comfortable with servers somebody like me will be like oh this is fine like I can like run this on this five dollar a month droplet but it's kind of a false equivalence so you're kind of being dishonest when you just compare the costs like that because there's a lot of intangible costs to managing servers you know like evenings ruined you know no it's true like I had a server blow up on New Year's Eve this year like it it's not fun like I still manage sure even if I'm promoting serverless I'm still managing servers for people so I still have ones blow up on New Year's Eve so it's not fun there's intangible costs and it's there's mental health costs like it's like stressful it's just it's it's not something that you want to do I like who here is on pay has ever been on pager duty yeah there's a couple of them I hope many of you enjoy being on pager duty yeah there's no hands raising there's there's nothing pleasant about being on pager duty there's nothing pleasant about managing servers when it's not your area of expertise or something that you're comfortable with and even when you're comfortable with it like me I'm still looking I'm I should be the last person here talking about serverless because I know servers so well yet I'm the one talking about it because I don't like it either it affects my mental health affects my life I and I don't want it I don't want it anymore and then the last one I think is really important is we really discount our time here like we're like oh I'll go fix this like you know you know how much you charge your clients right you you know how much you're worth so you're like oh let me just go fix this and I like two hours later you're still trying to fix it and you're like oh I could have you know and then you can't charge your client because it's like you're it's your responsibility so it's just there your time is valuable so don't discount it like it's it's it's a part of the cost of of managers server you know it might cost $5 a month on digital ocean but if it takes you like 10 hours to set it up I mean those 10 hours are still worth something so don't don't discount it alright so we're gonna talk tools and projects and I'm the only one that does serverless per press so I mean I'm I've been I we're I was talking about this before the talk started I've been organizing work camps for a while and I always feel really awkward when somebody does a talk and they're the only one that does something for that specific talk and here I am doing exactly that so I'm serverless PHP has a lot of tools and options available to them I'm the only I was basically at Laracon in 2019 I saw Taylor Otwell come out with Laravel vapor and I was like this is so cool I want we're pressed to have this and I just like started building it and it's open source so if you go to the emir app account on github you'll find everything that you need to run the you'll find the runtime you'll you'll find the runtime and the WordPress plugin that I used to make WordPress work on AWS Lambda but I still need to kind of fund myself because I do some consulting but it I should be working on this full-time so that's why Sanjay introduced me like I work on emir emir is basically the equivalent of of Laravel vapor so I'm gonna I have to like speed it up a bit but it's the equivalent of Laravel vapor so I just managed the AWS infrastructure so it's not about like the serverless part like you could use my parts and just put everything up together yourself if you want but for somebody that's stressed and you know oh my god I don't know anything about AWS well that's kind of what that product solves and also I have github sponsor if you want to help me but I'm sure that over time there's gonna be more and more people that it's gonna there's a serverless framework so if somebody wants to try to get this to work with serverless framework or help me get it to work with serverless framework I would love that but for now it's just me and that's kind of what's happening so I'm gonna close it out while talking about the future of hosting if you had to start a hosting company today would you buy a server no no of course not yeah you get one in the cloud right like you know like there's a reason you there's a reason I joke that I'm the guy in the early 2000 talking about like have you heard about the cloud and they're like no of course not you build your own data centers you manage them it's like no that's like you don't want to have to do that like if you don't like managing server you're gonna like it even less having to go into the rack to reset it like I had to do that like I had to drive to the office to reset a server in a rack it's not fun you obviously you get one in the cloud and serverless kind of next evolution of this step because not only do you want to not care about like the actual physical server but really like who here likes doing like server updates who likes having to raise this head but you know who likes knowing that after four years their Ubuntu LTS is is done and then they have to migrate like everything to a new machine you know it's just like no like serverless like who here is uses next Vercel or Netlify okay there's not I actually expected considering like how much more JS there is in WordPress now I thought there'd be more people but whenever I talk with people from the JS space they get it like right away they're like I just deployed a Vercel and then I don't have to think about like how much memory how many PHP workers it just scales like it does what it needs to do I deploy and I forget it and that's like what serverless is about it's about deploying and and just having it scale and behave and just the code runs it does its thing and the cool thing with that is that it levels the playing field so who here has ever heard of FATM analytics so FATM analytics is like my favorite example of like the power of serverless there are two people and one developer and they built a Larival app that does like privacy focused analytics and they require they deal with billions of requests a minute and they're one person they're one developer and it's all possible about because of serverless because they just deploy and the whole thing scales and they can just they can do it like they can two people can take on Google analytics with this tech it's awesome like that gets me so excited I love it and there's a lot of you here that build products so I'm like what I find it's exciting about working on this tech is like what cool stuff you could build like one my favorite examples is like what if gravity forms took on like type form like what if they just hosted their forms and just like took on type form but like rethinking of rethinking how what kind of products what times of things that you can do with WordPress when you don't have to worry about scaling especially since we're moving to more and more WordPress applications gets me really really excited and that's it I don't think we have a lot of time for questions but I don't know if there any there's do we have time for one okay that's an annoying one I'm sorry so thanks first of all but I have one question regarding DDoS attacks so yeah DDoS attacks can be held back by on a DNS level but when they come through yeah every request and if you find a very load bearing request on the PHP level will count rack up money well okay so for that there's a couple so if we go back I mean I'm not gonna it's too hard to go back to the slide with a clicker but when you have cloud front sitting in front you can attach the web like email does that you can attach the web application firewall and then put a rate limit on it and you're kind of okay but you're gonna hit unless they're really trying to but cache bust the cloud front because of how the architectures like structured it kind of mitigates some of the DDoS attacks but I'm again I'm like involved in all the serverless PHP like groups so like I took a lot of the lessons do you you I think you raise your hand for fat amount of links right yeah so you saw when they got like DDoS right so I was like with Jack and like in their slack and like there's a lot of like the things that he figured out that are just already implemented in emir that you can just turn on yeah from the right up and just from talking with him as well but usually just putting a rate limit at the is probably the cheapest and easiest option for that but obviously if you're getting like if a competitor decides to really attack you then it's like you saw what he did right like he paid for like the expert the expert service but those are always a potential issue but DDoS I mean who here has had their server shut down by one of their hosts because they got like some sort of like attack or like yeah like that happens all the time like they were gonna do it to you like it's cause it's gonna cause problems but the cost thing is still valid but I think if you put some alerts and things like that like we can talk about it but like there are ways and I'm making more and more ways to make stat like as safe as possible but one thing I do different from vapor is that you don't get the unlimited scaling by default so it's gonna cap your your lambda functions and you're not gonna end up with you know three thousand of them running for like hours so that's that's something that I did by default so I'm gonna I'm gonna have to stop here because I'm already five minutes over but you can find me here also twig press Carl Alexander and the blog the emir blog has a lot of articles so if you want to a lot of the things that I talked here has very detailed articles on the emir blog that you can read because I like writing like 4,000 word articles so basically you can find like on the architecture on the runtime all that you can find like you all the write-ups on that and thank you very much