nginx࣮ફೖϝΠΩϯάTatsuhiko Kubo@cubicdaiyanginx Tech Talks 2016/02/08
View Slide
@cubicdaiya / Tatsuhiko KuboPrincipal Engineer, SRE @ Mercari, Inc.ngx_small_light, ngx_dynamic_upstream,nginx-build, slackboard,cachectl, gaurun, etc…
https://www.mercari.com/Mercari - Your Friendly Mobile Marketplace
Agenda• ʰnginx࣮ફೖʱͷհ• ࣥචʹ·ͭΘΔΤϐιʔυ• ຊॻ੶ʹܝࡌ͖͠Εͳ͔ͬͨ༰ɺɹɹɹnginxͷ৽ػೳʹ͍ͭͯ
ʰnginx࣮ફೖʱষߏ• 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ• 2ষ Πϯετʔϧͱىಈ• 3ষ جຊઃఆ• 4ষ ੩తͳWebαΠτͷߏங• 5ষ ҆શ͔ͭߴͳHTTPSαʔόͷߏங
ʰnginx࣮ફೖʱষߏ• 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங• 7ষ େنίϯςϯπ৴αʔόͷߏங• 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά• 9ষ LuaʹΑΔnginxͷ֦ு• 10ষ OpenResty
ࣥච։࢝ɿ201311݄ࣥචྃɿ201512݄ൃചɹɿ20161݄2͔͔Γ·ͨ͠…
ষߏ ݪҊʢ2013ࠒʣ• 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ• 2ষ Πϯετʔϧ• 3ষ جຊઃఆ• 4ষ ੩తͳWebαΠτͷߏங• 5ষ WebΞϓϦέʔγϣϯαʔόͷߏங
ষߏ ݪҊʢ2013ࠒʣ• 6ষ େنίϯςϯπ৴αʔόͷߏங• 7ষ ը૾ετϨʔδαʔόͷߏங• 8ষ nginxαʔόͷӡ༻ʗࢹ• 9ষ ϋΠύϑΥʔϚϯεnginx• 10ষ LuaʹΑΔnginxͷ֦ு• 11ষ ֦ுϞδϡʔϧͷ࡞Γํ
Ϙπʹͳͬͨষ
ը૾ετϨʔδαʔόͷߏங
ʮը૾ετϨʔδαʔόͷߏஙʯͳΜͰ͚͢Ͳɺ͜ΕྲྀΕతʹʮେنίϯςϯπ৴αʔόʯͷষʹ౷߹͠·͢Ͷ͑ɺ͋ɺ͏Μ※ձͷ༰ΠϝʔδͰ͢
ը૾ετϨʔδαʔόͷߏங• nginxͰαϜωΠϧੜػೳ͖ετϨʔδαʔόΛߏங͢Δͩͬͨ• ngx_http_image_filter_module• ngx_http_dav_module• େنίϯςϯπ৴αʔόͷষʹ౷߹ͨ͠ํ͕͍͍ͷͰʁ by @harukasan• ༰͝ͱ7ষʹ౷߹͞Ε·ͨ͠• ࠓͳΒngx_small_lightͷΛͯ͠Α͔͔ͬͨ͠Εͳ͍
ϋΠύϑΥʔϚϯεnginx
ϋΠύϑΥʔϚϯεnginx• tcp_nopushΞοϓετϦʔϜͷΩʔϓΞϥΠϒnginxͰͷνϡʔχϯάू• ֤ষ͕༻్ຖʹղઆ͍ͯ͠Δ͜ͱ͚͋ͬͯͩ͜͜·ͱ·Γ͕ͳ͍• harukasanͷఏҊͰదͳষʹࢄ
ʮϋΠύϑΥʔϚϯεnginxʯͳΜͰ͚͢Ͳɺ͜Ε֤߲ͷͷ༰͕όϥόϥͳͷͰผʑͷষʹࢄͤ͞·͢Ͷɻ͓ɺ͓͏※ձͷ༰ΠϝʔδͰ͢
֦ுϞδϡʔϧͷ࡞Γํ• ్த·Ͱॻ͍ͯ·͕ͨ͠ɺશવϖʔδΓͳͯ͘Ί·ͨ͠• ͜ͷ༰͚ͩͰຊ͕Ұॻ͚Δ• ༰͕શવೖ͡Όͳ͍• CΑΓLuaͷղઆ૿ͨ͠ํ͕ಡऀͷͨΊʹͳΔ• ͦ͏ͩɺOpenRestyʹ͠Α͏ʂ
ޙͰՃ͞Εͨষ
҆શ͔ͭߴͳHTTPSαʔόͷߏங
҆શ͔ͭߴͳHTTPSαʔόͷߏங• ॳʰ੩తͳWebαΠτͷߏஙʱͰશ෦ղઆ͍ͯͨ͠• ͔͠͠ɺHTTPSͷॏཁੑͷߴ·Γ2014ࠒ͔Βͷ૬͙࣍OpenSSLͷ੬ऑੑใࠂ͔Β༰͕ංେԽ• e.g. HeartBleed, FREAK Attack…• ݁Ռɺؙʑ1ষׂ͍ͯղઆ͢Δ͜ͱʹ
OpenResty
OpenResty• CʹΑΔ֦ுϞδϡʔϧ࡞ͷষΛͬͨͷͰ͔ΘΓʹೖΕͨ• ngx_luaؚΊଟࠃͰॳͷຊ֨తͳղઆ• ngx_luaΛར༻͢Δ߹ɺʹར༻͢ΔΑΓOpenRestyʹ͓ͯ͘͠ํָ͕ͳ͜ͱ͕ଟ͍ͷͰΦεεϝͰ͢
೦ߍ࣌ظͷΈ(2015ळʙౙ)
nginxͷHTTP/2࣮͕͍ͭग़Δ͔Θ͔Βͳ͍
nginxͷdynamic module͕͍ͭग़Δ͔Θ͔Βͳ͍
nginx࣮ફೖͰղઆͯ͠ͳ͍ओͳ༰• ngx_mail_xxx_module• nginxͰϝʔϧϓϩΩγ• ngx_stream_xxx_module• nginxͰL4ϩʔυόϥϯε• ngx_luaͷ࠷৽ͷσΟϨΫςΟϒ• e.g. (ssl_certificate|balancer)_by_lua_block
nginxͰL4ϩʔυόϥϯεstream {upstream app {server x.x.x.x:12345;server x.x.x.y:12345;}server {listen 50000;proxy_pass app;}}
xxx_by_lua_block (e.g. content_by_lua_block)• LuaεΫϦϓτΛΠϯϥΠϯͰॻ͘ࡍʹώΞυΩϡϝϯτͰॻ͚ΔΑ͏ʹͳͬͨ
content_by_lualocation / {content_by_lua ‘ngx.say(‘hello’)’;}Syntax error…
content_by_lua_blocklocation / {content_by_lua_block {ngx.say(‘hello’)}}
ssl_certificate_by_lua_(block|file)• TLSϋϯυγΣΠΫ࣌ʹLuaεΫϦϓτΛϑοΫͰ͖Δ• ূ໌ॻͷಈతͳΓସ͑ʹԠ༻Մೳ
balancer_by_lua_(block|file)• upstreamίϯςΩετͰར༻ग़དྷΔσΟϨΫςΟϒ• ಈతͳϩʔυόϥϯαʔͷߏஙʹར༻Մೳ
ngx_stream_lua_module• https://github.com/openresty/stream-lua-nginx-module• ngx_luaͰL4ϩʔυόϥϯε• Status• Quite usable but still experimental.
Coming soon…• dynamic module support of nginx• طʹnginxͷmainlineϦϙδτϦʹίϛοτ͞ΕͯΔͷͰଟ࣍ͷ1.9.11ͰདྷΔ./configure —with-stream=dynamic■ streamϞδϡʔϧͷಈతϩʔσΟϯά■ nginx.confͷઃఆload_module /path/to/ngx_stream_module.so
cubicdaiya
lapis2411
saboyutaka
line_developers_tw
tomoaki25
mottox2
shinrinakamura
gl_tsukasa
1ftseabass
pauli
tomzoh
keio_smilab
nishiharatsubasa
destraynor
shpigford
hatefulcrawdad
dougneiner
ddemaree
andyhume
addyosmani
smashingmag
sferik
mthomps
eileencodes
davidbonilla