Would you mind sharing a bit about the architecture of this project? What tools and technologies & language (beside lua) did you use? I'm guessing you just need custom routes (all the URLS are on your domain?) rather than custom DNS. How are you handling sending emails, for instance? (did you plug into an email as a service provider?)
The whole thing is a Python app, written with Flask. As you said, we do custom routing to map URLs to scripts, which we then load up in a Lua VM and execute with conventions for how we pass in the request and interpret the return value.
For email, we just support SMTP. You have to bring your own server and credentials. Our examples are using Amazon SES, but anything would work (e.g. SendGrid or even GMail).
Great to see another lua based service. I'm running http://geolua.com/ which also uses Python (and even gunicorn) for the web interface and lua (in a custom libevent based server) for running user provided lua code. I sandboxed lua using chroot, a custom allocator function, runtime limits using signals and an "outer" lua environment which interfaces with the python code. The inner environment should be safe. I guess :-)
How do you handle 'a = " "; while true do a = a .. a end'? Do you spawn individual processes with process limits? Which version of lua are you using? Why not luajit2?
It sounds like we're doing some similar things. Custom allocators are definitely the way to go to limit memory usage. We also use process-level isolation to limit the amount of execution time.
We're Lua 5.1 and not luajit2 for now for vague technical integration reasons that we may very well revisit as this takes off.
As far as I'm aware, Python is vastly more popular for scripts than Lua. At first, I assumed you were just Lua guys, but apparently you're a Python fan as well, at least to some degree.
I imagine it must have to do with easy of sandboxing or something, but why Lua over Python for scripts?
