Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
making-nginx-practical-guide
Search
Tatsuhiko Kubo
February 08, 2016
Technology
6
9.5k
making-nginx-practical-guide
Tatsuhiko Kubo
February 08, 2016
Tweet
Share
More Decks by Tatsuhiko Kubo
See All by Tatsuhiko Kubo
Handling a tremendous amount of images with Fastly / Yamagoya Traverse 2020
cubicdaiya
2
1.4k
System Integration with Fastly
cubicdaiya
0
590
実例で学ぶ画像最適化集 with ImageFlux / ImageFlux meetup#2
cubicdaiya
4
19k
Software Engineer, Infrastructure
cubicdaiya
4
3.1k
High Performance Count Up!
cubicdaiya
0
340
ImageFluxを利用した画像配信の最適化 / ImageFlux meetup 201801
cubicdaiya
0
2.9k
Building high performance push notification server in Go
cubicdaiya
5
3.2k
メルカリのデータ分析基盤 / mercari data analysis infrastructure
cubicdaiya
11
12k
On-call Engineering
cubicdaiya
8
6.6k
Other Decks in Technology
See All in Technology
個人開発から公式機能へ: PlaywrightとRailsをつなげた3年の軌跡
yusukeiwaki
11
3k
データマネジメントのトレードオフに立ち向かう
ikkimiyazaki
6
940
Moved to https://speakerdeck.com/toshihue/presales-engineer-career-bridging-tech-biz-ja
toshihue
2
740
TAMとre:Capセキュリティ編 〜拡張脅威検出デモを添えて〜
fujiihda
2
240
運用しているアプリケーションのDBのリプレイスをやってみた
miura55
1
700
The Future of SEO: The Impact of AI on Search
badams
0
190
現場の種を事業の芽にする - エンジニア主導のイノベーションを事業戦略に装着する方法 -
kzkmaeda
2
2k
管理者しか知らないOutlookの裏側のAIを覗く#AzureTravelers
hirotomotaguchi
2
350
偶然 × 行動で人生の可能性を広げよう / Serendipity × Action: Discover Your Possibilities
ar_tama
1
1.1k
Amazon S3 Tablesと外部分析基盤連携について / Amazon S3 Tables and External Data Analytics Platform
nttcom
0
130
組織貢献をするフリーランスエンジニアという生き方
n_takehata
1
1.3k
ハッキングの世界に迫る~攻撃者の思考で考えるセキュリティ~
nomizone
13
5.2k
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
BBQ
matthewcrist
87
9.5k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Facilitating Awesome Meetings
lara
52
6.2k
4 Signs Your Business is Dying
shpigford
182
22k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
The Cult of Friendly URLs
andyhume
78
6.2k
GitHub's CSS Performance
jonrohan
1030
460k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Rebuilding a faster, lazier Slack
samanthasiow
80
8.8k
Transcript
nginx࣮ફೖ ϝΠΩϯά Tatsuhiko Kubo@cubicdaiya nginx Tech Talks 2016/02/08
@cubicdaiya / Tatsuhiko Kubo Principal Engineer, SRE @ Mercari, Inc.
ngx_small_light, ngx_dynamic_upstream, nginx-build, slackboard,cachectl, gaurun, etc…
None
https://www.mercari.com/ Mercari - Your Friendly Mobile Marketplace
Agenda • ʰnginx࣮ફೖʱͷհ • ࣥචʹ·ͭΘΔΤϐιʔυ • ຊॻ੶ʹܝࡌ͖͠Εͳ͔ͬͨ༰ɺɹɹɹ nginxͷ৽ػೳʹ͍ͭͯ
None
ʰnginx࣮ફೖʱষߏ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ
• 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴͳHTTPSαʔόͷߏங
ʰnginx࣮ફೖʱষߏ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େنίϯςϯπ৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά
• 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty
ࣥච։࢝ɿ201311݄ ࣥචྃɿ201512݄ ൃചɹɿ20161݄ 2͔͔Γ·ͨ͠…
ষߏ ݪҊʢ2013ࠒʣ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧ • 3ষ
جຊઃఆ • 4ষ ੩తͳWebαΠτͷߏங • 5ষ WebΞϓϦέʔγϣϯαʔόͷߏங
ষߏ ݪҊʢ2013ࠒʣ • 6ষ େنίϯςϯπ৴αʔόͷߏங • 7ষ ը૾ετϨʔδαʔόͷߏங • 8ষ
nginxαʔόͷӡ༻ʗࢹ • 9ষ ϋΠύϑΥʔϚϯεnginx • 10ষ LuaʹΑΔnginxͷ֦ு • 11ষ ֦ுϞδϡʔϧͷ࡞Γํ
Ϙπʹͳͬͨষ
ը૾ετϨʔδαʔόͷߏங
ʮը૾ετϨʔδαʔόͷߏஙʯͳΜͰ͚͢Ͳɺ ͜ΕྲྀΕతʹʮେنίϯςϯπ৴αʔόʯͷষʹ ౷߹͠·͢Ͷ ͑ɺ͋ɺ͏Μ ※ձͷ༰ΠϝʔδͰ͢
ը૾ετϨʔδαʔόͷߏங • nginxͰαϜωΠϧੜػೳ͖ετϨʔδαʔόΛߏங͢Δ ͩͬͨ • ngx_http_image_filter_module • ngx_http_dav_module • େنίϯςϯπ৴αʔόͷষʹ౷߹ͨ͠ํ͕͍͍ͷͰ
ʁ by @harukasan • ༰͝ͱ7ষʹ౷߹͞Ε·ͨ͠ • ࠓͳΒngx_small_lightͷΛͯ͠Α͔͔ͬͨ͠Εͳ͍
ϋΠύϑΥʔϚϯεnginx
ϋΠύϑΥʔϚϯεnginx • tcp_nopushΞοϓετϦʔϜͷΩʔϓΞ ϥΠϒnginxͰͷνϡʔχϯάू • ֤ষ͕༻్ຖʹղઆ͍ͯ͠Δ͜ͱ͋ͬͯ͜ ͚ͩ͜·ͱ·Γ͕ͳ͍ • harukasanͷఏҊͰదͳষʹࢄ
ʮϋΠύϑΥʔϚϯεnginxʯͳΜͰ͚͢Ͳɺ ͜Ε֤߲ͷͷ༰͕όϥόϥͳͷͰ ผʑͷষʹࢄͤ͞·͢Ͷɻ ͓ɺ͓͏ ※ձͷ༰ΠϝʔδͰ͢
֦ுϞδϡʔϧͷ࡞Γํ • ్த·Ͱॻ͍ͯ·͕ͨ͠ɺશવϖʔδΓͳ͘ ͯΊ·ͨ͠ • ͜ͷ༰͚ͩͰຊ͕Ұॻ͚Δ • ༰͕શવೖ͡Όͳ͍ • CΑΓLuaͷղઆ૿ͨ͠ํ͕ಡऀͷͨΊʹͳΔ
• ͦ͏ͩɺOpenRestyʹ͠Α͏ʂ
ޙͰՃ͞Εͨষ
҆શ͔ͭߴͳHTTPSαʔόͷߏங
҆શ͔ͭߴͳHTTPSαʔόͷߏங • ॳʰ੩తͳWebαΠτͷߏஙʱͰશ෦ղઆ ͍ͯͨ͠ • ͔͠͠ɺHTTPSͷॏཁੑͷߴ·Γ2014ࠒ͔ Βͷ૬͙࣍OpenSSLͷ੬ऑੑใࠂ͔Β༰͕ ංେԽ • e.g.
HeartBleed, FREAK Attack… • ݁Ռɺؙʑ1ষׂ͍ͯղઆ͢Δ͜ͱʹ
OpenResty
OpenResty • CʹΑΔ֦ுϞδϡʔϧ࡞ͷষΛͬͨͷͰ ͔ΘΓʹೖΕͨ • ngx_luaؚΊଟࠃͰॳͷຊ֨తͳղઆ • ngx_luaΛར༻͢Δ߹ɺʹར༻͢ΔΑΓ OpenRestyʹ͓ͯ͘͠ํָ͕ͳ͜ͱ͕ଟ͍ͷ ͰΦεεϝͰ͢
ʰnginx࣮ફೖʱষߏ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ
• 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴͳHTTPSαʔόͷߏங
ʰnginx࣮ફೖʱষߏ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େنίϯςϯπ৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά
• 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty
೦ߍ࣌ظͷΈ(2015ळʙౙ)
nginxͷHTTP/2࣮͕ ͍ͭग़Δ͔Θ͔Βͳ͍
nginxͷdynamic module͕ ͍ͭग़Δ͔Θ͔Βͳ͍
nginx࣮ફೖͰղઆͯ͠ͳ͍ओͳ༰ • ngx_mail_xxx_module • nginxͰϝʔϧϓϩΩγ • ngx_stream_xxx_module • nginxͰL4ϩʔυόϥϯε •
ngx_luaͷ࠷৽ͷσΟϨΫςΟϒ • e.g. (ssl_certificate|balancer)_by_lua_block
nginxͰL4ϩʔυόϥϯε stream { upstream app { server x.x.x.x:12345; server x.x.x.y:12345;
} server { listen 50000; proxy_pass app; } }
xxx_by_lua_block (e.g. content_by_lua_block) • LuaεΫϦϓτΛΠϯϥΠϯͰॻ͘ࡍʹώΞυ ΩϡϝϯτͰॻ͚ΔΑ͏ʹͳͬͨ
content_by_lua location / { content_by_lua ‘ngx.say(‘hello’)’; } Syntax error…
content_by_lua_block location / { content_by_lua_block { ngx.say(‘hello’) } }
ssl_certificate_by_lua_(block|file) • TLSϋϯυγΣΠΫ࣌ʹLuaεΫϦϓτΛϑο ΫͰ͖Δ • ূ໌ॻͷಈతͳΓସ͑ʹԠ༻Մೳ
balancer_by_lua_(block|file) • upstreamίϯςΩετͰར༻ग़དྷΔσΟϨΫ ςΟϒ • ಈతͳϩʔυόϥϯαʔͷߏஙʹར༻Մೳ
ngx_stream_lua_module • https://github.com/openresty/stream-lua- nginx-module • ngx_luaͰL4ϩʔυόϥϯε • Status • Quite
usable but still experimental.
Coming soon… • dynamic module support of nginx • طʹnginxͷmainlineϦϙδτϦʹίϛοτ͞
ΕͯΔͷͰଟ࣍ͷ1.9.11ͰདྷΔ ./configure —with-stream=dynamic ▪ streamϞδϡʔϧͷಈతϩʔσΟϯά ▪ nginx.confͷઃఆ load_module /path/to/ngx_stream_module.so