Upgrade to Pro — share decks privately, control downloads, hide ads and more …

making-nginx-practical-guide

5d74d743eabd2bf7d4d2f68b9d3c727d?s=47 Tatsuhiko Kubo
February 08, 2016

 making-nginx-practical-guide

5d74d743eabd2bf7d4d2f68b9d3c727d?s=128

Tatsuhiko Kubo

February 08, 2016
Tweet

Transcript

  1. nginx࣮ફೖ໳ ϝΠΩϯά Tatsuhiko Kubo@cubicdaiya nginx Tech Talks 2016/02/08

  2. @cubicdaiya / Tatsuhiko Kubo Principal Engineer, SRE @ Mercari, Inc.

    ngx_small_light, ngx_dynamic_upstream, nginx-build, slackboard,cachectl, gaurun, etc…
  3. None
  4. https://www.mercari.com/ Mercari - Your Friendly Mobile Marketplace

  5. Agenda • ʰnginx࣮ફೖ໳ʱͷ঺հ • ࣥචʹ·ͭΘΔΤϐιʔυ • ຊॻ੶ʹܝࡌ͖͠Εͳ͔ͬͨ಺༰ɺɹɹɹ nginxͷ৽ػೳʹ͍ͭͯ

  6. None
  7. ʰnginx࣮ફೖ໳ʱষߏ੒ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ

    • 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங
  8. ʰnginx࣮ફೖ໳ʱষߏ੒ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େن໛ίϯςϯπ഑৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά

    • 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty
  9. ࣥච։࢝ɿ2013೥11݄ ࣥච׬ྃɿ2015೥12݄ ൃച೔ɹɿ2016೥1݄ ໿2೥͔͔Γ·ͨ͠…

  10. ষߏ੒ ݪҊʢ2013೥຤ࠒʣ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧ • 3ষ

    جຊઃఆ • 4ষ ੩తͳWebαΠτͷߏங • 5ষ WebΞϓϦέʔγϣϯαʔόͷߏங
  11. ষߏ੒ ݪҊʢ2013೥຤ࠒʣ • 6ষ େن໛ίϯςϯπ഑৴αʔόͷߏங • 7ষ ը૾ετϨʔδαʔόͷߏங • 8ষ

    nginxαʔόͷӡ༻ʗ؂ࢹ • 9ষ ϋΠύϑΥʔϚϯεnginx • 10ষ LuaʹΑΔnginxͷ֦ு • 11ষ ֦ுϞδϡʔϧͷ࡞Γํ
  12. Ϙπʹͳͬͨষ

  13. ը૾ετϨʔδαʔόͷߏங

  14. ʮը૾ετϨʔδαʔόͷߏஙʯͳΜͰ͚͢Ͳɺ ͜ΕྲྀΕతʹʮେن໛ίϯςϯπ഑৴αʔόʯͷষʹ ౷߹͠·͢Ͷ ͑ɺ͋ɺ͏Μ ※ձ࿩ͷ಺༰͸ΠϝʔδͰ͢

  15. ը૾ετϨʔδαʔόͷߏங • nginxͰαϜωΠϧੜ੒ػೳ෇͖ετϨʔδαʔόΛߏங͢Δ ࿩ͩͬͨ • ngx_http_image_filter_module • ngx_http_dav_module • େن໛ίϯςϯπ഑৴αʔόͷষʹ౷߹ͨ͠ํ͕͍͍ͷͰ

    ͸ʁ by @harukasan • ಺༰͝ͱ7ষʹ౷߹͞Ε·ͨ͠ • ࠓͳΒngx_small_lightͷ࿩Λͯ͠΋Α͔͔ͬͨ΋͠Εͳ͍
  16. ϋΠύϑΥʔϚϯεnginx

  17. ϋΠύϑΥʔϚϯεnginx • tcp_nopush΍ΞοϓετϦʔϜ΁ͷΩʔϓΞ ϥΠϒ౳nginxͰͷνϡʔχϯάू • ֤ষ͕༻్ຖʹղઆ͍ͯ͠Δ͜ͱ΋͋ͬͯ͜ ͚ͩ͜·ͱ·Γ͕ͳ͍ • harukasanͷఏҊͰద੾ͳষʹ෼ࢄ

  18. ʮϋΠύϑΥʔϚϯεnginxʯͳΜͰ͚͢Ͳɺ ͜Ε֤߲໨ͷ࿩ͷ಺༰͕όϥόϥͳͷͰ ผʑͷষʹ෼ࢄͤ͞·͢Ͷɻ ͓ɺ͓͏ ※ձ࿩ͷ಺༰͸ΠϝʔδͰ͢

  19. ֦ுϞδϡʔϧͷ࡞Γํ • ్த·Ͱॻ͍ͯ·͕ͨ͠ɺશવϖʔδ਺଍Γͳ͘ ͯ΍Ί·ͨ͠ • ͜ͷ಺༰͚ͩͰຊ͕Ұ࡭ॻ͚Δ • ಺༰͕શવೖ໳͡Όͳ͍ • CΑΓ΋Luaͷղઆ૿΍ͨ͠ํ͕ಡऀͷͨΊʹͳΔ

    • ͦ͏ͩɺOpenRestyʹ͠Α͏ʂ
  20. ޙͰ௥Ճ͞Εͨষ

  21. ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங

  22. ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங • ౰ॳ͸ʰ੩తͳWebαΠτͷߏஙʱͰશ෦ղઆ ͍ͯͨ͠ • ͔͠͠ɺHTTPSͷॏཁੑͷߴ·Γ΍2014೥ࠒ͔ Βͷ૬͙࣍OpenSSLͷ੬ऑੑใࠂ౳͔Β಺༰͕ ංେԽ • e.g.

    HeartBleed, FREAK Attack… • ݁Ռɺؙʑ1ষׂ͍ͯղઆ͢Δ͜ͱʹ
  23. OpenResty

  24. OpenResty • CʹΑΔ֦ுϞδϡʔϧ࡞੒ͷষΛ࡟ͬͨͷͰ ͔ΘΓʹೖΕͨ • ngx_luaؚΊଟ෼ࠃ಺Ͱॳͷຊ֨తͳղઆ • ngx_luaΛར༻͢Δ৔߹ɺ௚ʹར༻͢ΔΑΓ͸ OpenRestyʹ͓ͯ͘͠ํָ͕ͳ͜ͱ͕ଟ͍ͷ ͰΦεεϝͰ͢

  25. ʰnginx࣮ફೖ໳ʱষߏ੒ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ

    • 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴ଎ͳHTTPSαʔόͷߏங
  26. ʰnginx࣮ફೖ໳ʱষߏ੒ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େن໛ίϯςϯπ഑৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά

    • 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty
  27. ೦ߍ࣌ظͷ೰Έ(2015೥ळʙౙ)

  28. nginxͷHTTP/2࣮૷͕ ͍ͭग़Δ͔Θ͔Βͳ͍

  29. nginxͷdynamic module͕ ͍ͭग़Δ͔Θ͔Βͳ͍

  30. nginx࣮ફೖ໳Ͱղઆͯ͠ͳ͍ओͳ಺༰ • ngx_mail_xxx_module • nginxͰϝʔϧϓϩΩγ • ngx_stream_xxx_module • nginxͰL4ϩʔυόϥϯε •

    ngx_luaͷ࠷৽ͷσΟϨΫςΟϒ • e.g. (ssl_certificate|balancer)_by_lua_block
  31. nginxͰL4ϩʔυόϥϯε stream { upstream app { server x.x.x.x:12345; server x.x.x.y:12345;

    } server { listen 50000; proxy_pass app; } }
  32. xxx_by_lua_block (e.g. content_by_lua_block) • LuaεΫϦϓτΛΠϯϥΠϯͰॻ͘ࡍʹώΞυ ΩϡϝϯτͰॻ͚ΔΑ͏ʹͳͬͨ

  33. content_by_lua location / { content_by_lua ‘ngx.say(‘hello’)’; } Syntax error…

  34. content_by_lua_block location / { content_by_lua_block { ngx.say(‘hello’) } }

  35. ssl_certificate_by_lua_(block|file) • TLSϋϯυγΣΠΫ࣌ʹLuaεΫϦϓτΛϑο ΫͰ͖Δ • ূ໌ॻͷಈతͳ੾Γସ͑౳ʹԠ༻Մೳ

  36. balancer_by_lua_(block|file) • upstreamίϯςΩετͰར༻ग़དྷΔσΟϨΫ ςΟϒ • ಈతͳϩʔυόϥϯαʔͷߏஙʹར༻Մೳ

  37. ngx_stream_lua_module • https://github.com/openresty/stream-lua- nginx-module • ngx_luaͰL4ϩʔυόϥϯε • Status • Quite

    usable but still experimental.
  38. Coming soon… • dynamic module support of nginx • طʹnginxͷmainlineϦϙδτϦʹίϛοτ͞

    ΕͯΔͷͰଟ෼࣍ͷ1.9.11ͰདྷΔ ./configure —with-stream=dynamic ▪ streamϞδϡʔϧͷಈతϩʔσΟϯά ▪ nginx.confͷઃఆ load_module /path/to/ngx_stream_module.so