Home 零对冲(ZeroHedge)每日HackerNews

OpenWorkers:用Rust自托管Cloudflare Workers
OpenWorkers: Self-Hosted Cloudflare Workers in Rust

原始链接: https://openworkers.com/introducing-openworkers

## OpenWorkers:自托管边缘计算 OpenWorkers是一个开源运行时,允许您在V8隔离环境中安全地执行不受信任的JavaScript代码——本质上是将Cloudflare Workers的功能带到您自己的基础设施上。它优先考虑数据隐私、可预测的成本并避免供应商锁定。 主要特性包括对KV存储、PostgreSQL数据库和S3/R2兼容存储的绑定,以及`fetch`和`crypto`等标准Web API。Workers在沙盒环境中运行,具有CPU和内存限制以确保安全。OpenWorkers还支持cron调度,并且与Cloudflare Workers语法兼容。 部署通过Docker Compose简化,仅需要一个PostgreSQL数据库。架构利用Nginx、仪表盘、API、runners和Postgate,通过NATS进行通信。 OpenWorkers历经7年构建,从`vm2`和`deno-core`发展到`rusty_v8`,旨在为边缘计算提供一种强大、自托管的替代方案。未来的开发重点是执行记录以进行调试。

## OpenWorkers:Cloudflare Workers 的自托管替代方案 OpenWorkers (openworkers.com) 是一个新项目,旨在提供 Cloudflare Workers 的功能,而无需厂商锁定。由 max_lt 开发,它允许在您自己的基础设施上使用 V8 隔离运行不受信任的 JavaScript 代码,提供与 Cloudflare Workers 相似的开发者体验 (DX)。 目前,它支持 `fetch`、KV 存储、Postgres 和 S3/R2 绑定、定时调度和加密等功能。设置过程简化,只需一个 Docker Compose 文件和 Postgres 即可。 该项目仍在开发中,计划未来实现持久化对象、WebSockets、HTMLRewriter 和缓存 API。当前的重点是添加执行记录/重放功能以进行调试。 讨论中强调了沙箱安全性问题——这是运行时环境的一个关键方面——以及健全测试和积极维护的重要性。然而,由于它是自托管的,一些人认为对于受信任的代码,资源隔离比严格的安全隔离更重要。
相关文章
原文

OpenWorkers is an open-source runtime for executing untrusted JavaScript in V8 isolates. It brings the power of edge computing to your own infrastructure.

What works today

export default {
  async fetch(request, env) {
    const data = await env.KV.get("key");
    const rows = await env.DB.query(
      "SELECT * FROM users WHERE id = $1",
      [1]
    );
    return Response.json({ data, rows });
  }
};

Features

Bindings

  • • KV storage (get, put, delete, list)
  • • PostgreSQL database
  • • S3/R2-compatible storage
  • • Service bindings
  • • Environment variables & secrets

Web APIs

  • • fetch, Request, Response
  • • ReadableStream
  • • crypto.subtle
  • • TextEncoder/Decoder, Blob
  • • setTimeout, AbortController

Architecture

                         ┌─────────────────┐
                         │  nginx (proxy)  │
                         └────────┬────────┘
                                  │
         ┌───────────────┬────────┴──┬───────────────┐
         │               │           │               │
         │               │           │               │
┌────────┸────────┐ ┌────┸────┐ ┌────┸────┐ ┌────────┸────────┐
│   dashboard     │ │  api    │ │ logs *  │ │  runner (x3) *  │
└─────────────────┘ └────┬────┘ └────┰────┘ └────────┰────────┘
                         │           │               │
                         │           │               │
                ┌────────┸────────┐  │      ┌────────┸────────┐
                │   postgate *    │  └──────┥      nats       │
                └─────────────────┘         └────────┰────────┘
                                                     │
                                                     │
                ┌─────────────────┐           ┌──────┴───────┐
         * ─────┥   PostgreSQL    │           │ scheduler *  │
                └─────────────────┘           └──────────────┘
  • V8 Isolates: Secure sandboxing with CPU (100ms) and memory (128MB) limits per worker.
  • Cron Scheduling: Built-in support for 5 or 6-field cron syntax.
  • Compatibility: Cloudflare Workers syntax compatible.

Self-hosting

Deployment is designed to be simple. A single PostgreSQL database and a single Docker Compose file is all you need.

git clone https://github.com/openworkers/openworkers-infra
cd openworkers-infra && cp .env.example .env
docker compose up -d postgres
# Run migrations, generate token
docker compose up -d

Why I built this

This project has been evolving for about 7 years. I started experimenting with vm2 for sandboxing JS, then Cloudflare launched Workers and I got hooked on the model. When Deno came out, I switched to deno-core and ran on that for two years. Recently, with Claude's help, I rewrote everything on top of rusty_v8 directly.

The goal has always been the same: run untrusted JavaScript securely on your own servers, with the same DX as Cloudflare Workers but without vendor lock-in.

Your Data

Never leaves your infrastructure

Predictable Costs

No per-request pricing

No Lock-in

Cloudflare Workers compatible

Next up: Execution recording & replay for deterministic debugging.

联系我们 contact @ memedata.com