feat(browser): per-source proxy pool behind FEATURE_BROWSER_POOL_ENABLED (Phase 1) #1735
No reviewers
Labels
No labels
admin
analytics
auth
automation
bug
business
chore
ci
compliance
data
data-moat
docs
duplicate
dx
enhancement
Fable 5 ревью
feedback/max
generative
GG-форсайт
needs-discussion
needs-human
observability
pause-bots
performance
priority/p0
priority/p1
priority/p2
priority/p3
scope/backend
scope/db
scope/devops
scope/frontend
scope/qa
scrapers
security
site-finder
stage/1
stage/2
status/blocked
status/done
status/needs-analysis
status/needs-fix
status/qa
status/ready
status/review
status/wip
tech-debt
tradein
ux
week ревью 1
wontfix
вторичка
ИРД
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: lekss361/gendesign#1735
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "feat/browser-per-source-proxy-pool"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What & why
The camoufox browser service runs ONE global AsyncCamoufox with the proxy fixed at launch (apw). All scraper sources egress through that single proxy → mutual wedge under load (apw degrades ~30min →
page.gototimeout → 500 → 0 lots), andBROWSER_CONCURRENCYis effectively pinned because one mobile proxy can't take parallel load.This adds a per-source proxy pool so each source gets its own camoufox instance + proxy, fully behind a feature flag.
Phase 1 = flag OFF by default (zero behavior change)
FEATURE_BROWSER_POOL_ENABLEDdefaults to false. With it off,fetch_handlerdelegates to_fetch_via_single— the current single-browser + semaphore path, unchanged. So merging + deploying this is a no-op for prod behavior. Env wiring + flipping the flag = Phase 2 (separate, owner-gated) — this PR does NOT touch.env.runtimeor compose.Design (ON path)
_build_proxy_map()→BROWSER_PROXY_MAPfrom env:BROWSER_PROXY_{AVITO,CIAN,YANDEX,DOMCLICK}with legacy fallbacks (AVITO_PROXY_URL/SCRAPER_PROXY_URL,CIAN_PROXY_URL,YANDEX_PROXY_URL)._browser_pool/_browser_cm_pool/_page_counter_pool+ lazy per-proxyasyncio.Lock. Lazy-launch per proxy on first/fetch, per-proxy recycle atBROWSER_RECYCLE_PAGES, per-proxy crash-recovery (relaunch + retry once).fetch_handlerroutes bybody["source"]→BROWSER_PROXY_MAP[source]→ fallback avito →""(direct).BrowserFetcher(source=...)passes it; every scraper callsite sets its source./loginstays on the single-browser path for both flag states (cian-only, low volume; pooling login is out of scope).type(exc).__name__only, mirroring existing sanitization).Callsites updated (every
BrowserFetcher(...))avito/scrape_pipeline/avito_detail_backfill →
avito; cian_newbuilding/cian_history_backfill/admin(login) →cian; yandex_realty/yandex_newbuilding →yandex; domclick →domclick. (cian_detail.pyreceives an injected fetcher — nothing to change.)Tests
test_browser_fetcher.py: assertssourceis sent in the/fetchbody (defaultavito+ explicityandex).test_browser_pool_routing.py(new): flag-ON routes by source + acquires that proxy's lock; unknown-source→avito fallback; 503 on unavailable proxy; flag-OFF takes the single path and ignores source;_build_proxy_mapempty-drop/fallback. (Loadsbrowser/server.pyvia an aiohttp stub since aiohttp isn't in the backend venv.)pytest -q(2 standard deselects) → 1913 passed, 2 deselected. ruff check+format clean on touched backend files. Pre-commit green.Phase 2 (follow-up, not in this PR)
Add to
backend/.env.runtime:BROWSER_PROXY_AVITO=apw,BROWSER_PROXY_CIAN=kf,BROWSER_PROXY_YANDEX=ti,FEATURE_BROWSER_POOL_ENABLED=true; recreate browser; smoke that avito/cian/yandex egress via distinct exit IPs. (domclick has no dedicated proxy yet → falls back to avito/apw, deferred.) Proxies already validated live: apw/kf/ti all reachable, authed-socks5 works, container mem limit 5GB (fits 4 instances).Reviewer note
The intentional asymmetry: OFF path uses the global semaphore on one browser; ON path uses per-proxy locks (ignores the global semaphore) because per-proxy serialization is the real safety constraint for mobile proxies. mypy not run locally (not in dev group) — annotations are trivial (
source: str | None); worth a CI mypy pass if applicable.