making-nginx-practical-guide

Transcript

1. nginx࣮ફೖ໳ ϝΠΩϯά Tatsuhiko Kubo@cubicdaiya nginx Tech Talks 2016/02/08

2. @cubicdaiya / Tatsuhiko Kubo Principal Engineer, SRE @ Mercari, Inc.

   ngx_small_light, ngx_dynamic_upstream, nginx-build, slackboard,cachectl, gaurun, etc…
3. None

4. https://www.mercari.com/ Mercari - Your Friendly Mobile Marketplace

5. Agenda • ʰnginx࣮ફೖ໳ʱͷ঺հ • ࣥචʹ·ͭΘΔΤϐιʔυ • ຊॻ੶ʹܝࡌ͖͠Εͳ͔ͬͨ಺༰ɺɹɹɹ nginxͷ৽ػೳʹ͍ͭͯ

6. None

7. ʰnginx࣮ફೖ໳ʱষߏ੒ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ

   • 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங

8. ʰnginx࣮ફೖ໳ʱষߏ੒ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େن໛ίϯςϯπ഑৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά

   • 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty

9. ࣥච։࢝ɿ2013೥11݄ ࣥච׬ྃɿ2015೥12݄ ൃച೔ɹɿ2016೥1݄ ໿2೥͔͔Γ·ͨ͠…

10. ষߏ੒ ݪҊʢ2013೥຤ࠒʣ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧ • 3ষ

    جຊઃఆ • 4ষ ੩తͳWebαΠτͷߏங • 5ষ WebΞϓϦέʔγϣϯαʔόͷߏங

11. ষߏ੒ ݪҊʢ2013೥຤ࠒʣ • 6ষ େن໛ίϯςϯπ഑৴αʔόͷߏங • 7ষ ը૾ετϨʔδαʔόͷߏங • 8ষ

    nginxαʔόͷӡ༻ʗ؂ࢹ • 9ষ ϋΠύϑΥʔϚϯεnginx • 10ষ LuaʹΑΔnginxͷ֦ு • 11ষ ֦ுϞδϡʔϧͷ࡞Γํ

12. Ϙπʹͳͬͨষ

13. ը૾ετϨʔδαʔόͷߏங

14. ʮը૾ετϨʔδαʔόͷߏஙʯͳΜͰ͚͢Ͳɺ ͜ΕྲྀΕతʹʮେن໛ίϯςϯπ഑৴αʔόʯͷষʹ ౷߹͠·͢Ͷ ͑ɺ͋ɺ͏Μ ※ձ࿩ͷ಺༰͸ΠϝʔδͰ͢

15. ը૾ετϨʔδαʔόͷߏங • nginxͰαϜωΠϧੜ੒ػೳ෇͖ετϨʔδαʔόΛߏங͢Δ ࿩ͩͬͨ • ngx_http_image_filter_module • ngx_http_dav_module • େن໛ίϯςϯπ഑৴αʔόͷষʹ౷߹ͨ͠ํ͕͍͍ͷͰ

    ͸ʁ by @harukasan • ಺༰͝ͱ7ষʹ౷߹͞Ε·ͨ͠ • ࠓͳΒngx_small_lightͷ࿩Λͯ͠΋Α͔͔ͬͨ΋͠Εͳ͍

16. ϋΠύϑΥʔϚϯεnginx

17. ϋΠύϑΥʔϚϯεnginx • tcp_nopush΍ΞοϓετϦʔϜ΁ͷΩʔϓΞ ϥΠϒ౳nginxͰͷνϡʔχϯάू • ֤ষ͕༻్ຖʹղઆ͍ͯ͠Δ͜ͱ΋͋ͬͯ͜ ͚ͩ͜·ͱ·Γ͕ͳ͍ • harukasanͷఏҊͰద੾ͳষʹ෼ࢄ

18. ʮϋΠύϑΥʔϚϯεnginxʯͳΜͰ͚͢Ͳɺ ͜Ε֤߲໨ͷ࿩ͷ಺༰͕όϥόϥͳͷͰ ผʑͷষʹ෼ࢄͤ͞·͢Ͷɻ ͓ɺ͓͏ ※ձ࿩ͷ಺༰͸ΠϝʔδͰ͢

19. ֦ுϞδϡʔϧͷ࡞Γํ • ్த·Ͱॻ͍ͯ·͕ͨ͠ɺશવϖʔδ਺଍Γͳ͘ ͯ΍Ί·ͨ͠ • ͜ͷ಺༰͚ͩͰຊ͕Ұ࡭ॻ͚Δ • ಺༰͕શવೖ໳͡Όͳ͍ • CΑΓ΋Luaͷղઆ૿΍ͨ͠ํ͕ಡऀͷͨΊʹͳΔ

    • ͦ͏ͩɺOpenRestyʹ͠Α͏ʂ

20. ޙͰ௥Ճ͞Εͨষ

21. ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங

22. ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங • ౰ॳ͸ʰ੩తͳWebαΠτͷߏஙʱͰશ෦ղઆ ͍ͯͨ͠ • ͔͠͠ɺHTTPSͷॏཁੑͷߴ·Γ΍2014೥ࠒ͔ Βͷ૬͙࣍OpenSSLͷ੬ऑੑใࠂ౳͔Β಺༰͕ ංେԽ • e.g.

    HeartBleed, FREAK Attack… • ݁Ռɺؙʑ1ষׂ͍ͯղઆ͢Δ͜ͱʹ

23. OpenResty

24. OpenResty • CʹΑΔ֦ுϞδϡʔϧ࡞੒ͷষΛ࡟ͬͨͷͰ ͔ΘΓʹೖΕͨ • ngx_luaؚΊଟ෼ࠃ಺Ͱॳͷຊ֨తͳղઆ • ngx_luaΛར༻͢Δ৔߹ɺ௚ʹར༻͢ΔΑΓ͸ OpenRestyʹ͓ͯ͘͠ํָ͕ͳ͜ͱ͕ଟ͍ͷ ͰΦεεϝͰ͢

25. ʰnginx࣮ફೖ໳ʱষߏ੒ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ

    • 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங

26. ʰnginx࣮ફೖ໳ʱষߏ੒ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େن໛ίϯςϯπ഑৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά

    • 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty

27. ೦ߍ࣌ظͷ೰Έ(2015೥ळʙౙ)

28. nginxͷHTTP/2࣮૷͕ ͍ͭग़Δ͔Θ͔Βͳ͍

29. nginxͷdynamic module͕ ͍ͭग़Δ͔Θ͔Βͳ͍

30. nginx࣮ફೖ໳Ͱղઆͯ͠ͳ͍ओͳ಺༰ • ngx_mail_xxx_module • nginxͰϝʔϧϓϩΩγ • ngx_stream_xxx_module • nginxͰL4ϩʔυόϥϯε •

    ngx_luaͷ࠷৽ͷσΟϨΫςΟϒ • e.g. (ssl_certificate|balancer)_by_lua_block

31. nginxͰL4ϩʔυόϥϯε stream { upstream app { server x.x.x.x:12345; server x.x.x.y:12345;

    } server { listen 50000; proxy_pass app; } }

32. xxx_by_lua_block (e.g. content_by_lua_block) • LuaεΫϦϓτΛΠϯϥΠϯͰॻ͘ࡍʹώΞυ ΩϡϝϯτͰॻ͚ΔΑ͏ʹͳͬͨ

33. content_by_lua location / { content_by_lua ‘ngx.say(‘hello’)’; } Syntax error…

34. content_by_lua_block location / { content_by_lua_block { ngx.say(‘hello’) } }

35. ssl_certificate_by_lua_(block|file) • TLSϋϯυγΣΠΫ࣌ʹLuaεΫϦϓτΛϑο ΫͰ͖Δ • ূ໌ॻͷಈతͳ੾Γସ͑౳ʹԠ༻Մೳ

36. balancer_by_lua_(block|file) • upstreamίϯςΩετͰར༻ग़དྷΔσΟϨΫ ςΟϒ • ಈతͳϩʔυόϥϯαʔͷߏஙʹར༻Մೳ

37. ngx_stream_lua_module • https://github.com/openresty/stream-lua- nginx-module • ngx_luaͰL4ϩʔυόϥϯε • Status • Quite

    usable but still experimental.

38. Coming soon… • dynamic module support of nginx • طʹnginxͷmainlineϦϙδτϦʹίϛοτ͞

    ΕͯΔͷͰଟ෼࣍ͷ1.9.11ͰདྷΔ ./configure —with-stream=dynamic ▪ streamϞδϡʔϧͷಈతϩʔσΟϯά ▪ nginx.confͷઃఆ load_module /path/to/ngx_stream_module.so