Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
making-nginx-practical-guide
Search
Tatsuhiko Kubo
February 08, 2016
Technology
6
9.6k
making-nginx-practical-guide
Tatsuhiko Kubo
February 08, 2016
Tweet
Share
More Decks by Tatsuhiko Kubo
See All by Tatsuhiko Kubo
Mackerel in さくらのクラウド
cubicdaiya
1
720
Handling a tremendous amount of images with Fastly / Yamagoya Traverse 2020
cubicdaiya
2
1.5k
System Integration with Fastly
cubicdaiya
0
640
実例で学ぶ画像最適化集 with ImageFlux / ImageFlux meetup#2
cubicdaiya
4
19k
Software Engineer, Infrastructure
cubicdaiya
4
3.2k
High Performance Count Up!
cubicdaiya
0
370
ImageFluxを利用した画像配信の最適化 / ImageFlux meetup 201801
cubicdaiya
0
3k
Building high performance push notification server in Go
cubicdaiya
5
3.3k
メルカリのデータ分析基盤 / mercari data analysis infrastructure
cubicdaiya
11
12k
Other Decks in Technology
See All in Technology
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
500
初めてAWSを使うときのセキュリティ覚書〜初心者支部編〜
cmusudakeisuke
1
270
CDK CLIで使ってたあの機能、CDK Toolkit Libraryではどうやるの?
smt7174
4
190
Claude Code でアプリ開発をオートパイロットにするためのTips集 Zennの場合 / Claude Code Tips in Zenn
wadayusuke
1
150
未経験者・初心者に贈る!40分でわかるAndroidアプリ開発の今と大事なポイント
operando
5
730
Agile PBL at New Grads Trainings
kawaguti
PRO
1
450
COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用
osawa
1
370
スクラムガイドに載っていないスクラムのはじめかた - チームでスクラムをはじめるときに知っておきたい勘所を集めてみました! - / How to start Scrum that is not written in the Scrum Guide 2nd
takaking22
1
110
LLMを搭載したプロダクトの品質保証の模索と学び
qa
0
1.1k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
10
75k
会社紹介資料 / Sansan Company Profile
sansan33
PRO
6
380k
まずはマネコンでちゃちゃっと作ってから、それをCDKにしてみよか。
yamada_r
2
120
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
696
190k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.1k
Unsuck your backbone
ammeep
671
58k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.7k
Navigating Team Friction
lara
189
15k
Agile that works and the tools we love
rasmusluckow
330
21k
Optimizing for Happiness
mojombo
379
70k
Why Our Code Smells
bkeepers
PRO
339
57k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
Transcript
nginx࣮ફೖ ϝΠΩϯά Tatsuhiko Kubo@cubicdaiya nginx Tech Talks 2016/02/08
@cubicdaiya / Tatsuhiko Kubo Principal Engineer, SRE @ Mercari, Inc.
ngx_small_light, ngx_dynamic_upstream, nginx-build, slackboard,cachectl, gaurun, etc…
None
https://www.mercari.com/ Mercari - Your Friendly Mobile Marketplace
Agenda • ʰnginx࣮ફೖʱͷհ • ࣥචʹ·ͭΘΔΤϐιʔυ • ຊॻ੶ʹܝࡌ͖͠Εͳ͔ͬͨ༰ɺɹɹɹ nginxͷ৽ػೳʹ͍ͭͯ
None
ʰnginx࣮ફೖʱষߏ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ
• 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴͳHTTPSαʔόͷߏங
ʰnginx࣮ફೖʱষߏ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େنίϯςϯπ৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά
• 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty
ࣥච։࢝ɿ201311݄ ࣥචྃɿ201512݄ ൃചɹɿ20161݄ 2͔͔Γ·ͨ͠…
ষߏ ݪҊʢ2013ࠒʣ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧ • 3ষ
جຊઃఆ • 4ষ ੩తͳWebαΠτͷߏங • 5ষ WebΞϓϦέʔγϣϯαʔόͷߏங
ষߏ ݪҊʢ2013ࠒʣ • 6ষ େنίϯςϯπ৴αʔόͷߏங • 7ষ ը૾ετϨʔδαʔόͷߏங • 8ষ
nginxαʔόͷӡ༻ʗࢹ • 9ষ ϋΠύϑΥʔϚϯεnginx • 10ষ LuaʹΑΔnginxͷ֦ு • 11ষ ֦ுϞδϡʔϧͷ࡞Γํ
Ϙπʹͳͬͨষ
ը૾ετϨʔδαʔόͷߏங
ʮը૾ετϨʔδαʔόͷߏஙʯͳΜͰ͚͢Ͳɺ ͜ΕྲྀΕతʹʮେنίϯςϯπ৴αʔόʯͷষʹ ౷߹͠·͢Ͷ ͑ɺ͋ɺ͏Μ ※ձͷ༰ΠϝʔδͰ͢
ը૾ετϨʔδαʔόͷߏங • nginxͰαϜωΠϧੜػೳ͖ετϨʔδαʔόΛߏங͢Δ ͩͬͨ • ngx_http_image_filter_module • ngx_http_dav_module • େنίϯςϯπ৴αʔόͷষʹ౷߹ͨ͠ํ͕͍͍ͷͰ
ʁ by @harukasan • ༰͝ͱ7ষʹ౷߹͞Ε·ͨ͠ • ࠓͳΒngx_small_lightͷΛͯ͠Α͔͔ͬͨ͠Εͳ͍
ϋΠύϑΥʔϚϯεnginx
ϋΠύϑΥʔϚϯεnginx • tcp_nopushΞοϓετϦʔϜͷΩʔϓΞ ϥΠϒnginxͰͷνϡʔχϯάू • ֤ষ͕༻్ຖʹղઆ͍ͯ͠Δ͜ͱ͋ͬͯ͜ ͚ͩ͜·ͱ·Γ͕ͳ͍ • harukasanͷఏҊͰదͳষʹࢄ
ʮϋΠύϑΥʔϚϯεnginxʯͳΜͰ͚͢Ͳɺ ͜Ε֤߲ͷͷ༰͕όϥόϥͳͷͰ ผʑͷষʹࢄͤ͞·͢Ͷɻ ͓ɺ͓͏ ※ձͷ༰ΠϝʔδͰ͢
֦ுϞδϡʔϧͷ࡞Γํ • ్த·Ͱॻ͍ͯ·͕ͨ͠ɺશવϖʔδΓͳ͘ ͯΊ·ͨ͠ • ͜ͷ༰͚ͩͰຊ͕Ұॻ͚Δ • ༰͕શવೖ͡Όͳ͍ • CΑΓLuaͷղઆ૿ͨ͠ํ͕ಡऀͷͨΊʹͳΔ
• ͦ͏ͩɺOpenRestyʹ͠Α͏ʂ
ޙͰՃ͞Εͨষ
҆શ͔ͭߴͳHTTPSαʔόͷߏங
҆શ͔ͭߴͳHTTPSαʔόͷߏங • ॳʰ੩తͳWebαΠτͷߏஙʱͰશ෦ղઆ ͍ͯͨ͠ • ͔͠͠ɺHTTPSͷॏཁੑͷߴ·Γ2014ࠒ͔ Βͷ૬͙࣍OpenSSLͷ੬ऑੑใࠂ͔Β༰͕ ංେԽ • e.g.
HeartBleed, FREAK Attack… • ݁Ռɺؙʑ1ষׂ͍ͯղઆ͢Δ͜ͱʹ
OpenResty
OpenResty • CʹΑΔ֦ுϞδϡʔϧ࡞ͷষΛͬͨͷͰ ͔ΘΓʹೖΕͨ • ngx_luaؚΊଟࠃͰॳͷຊ֨తͳղઆ • ngx_luaΛར༻͢Δ߹ɺʹར༻͢ΔΑΓ OpenRestyʹ͓ͯ͘͠ํָ͕ͳ͜ͱ͕ଟ͍ͷ ͰΦεεϝͰ͢
ʰnginx࣮ફೖʱষߏ • 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ • 2ষ Πϯετʔϧͱىಈ • 3ষ جຊઃఆ
• 4ষ ੩తͳWebαΠτͷߏங • 5ষ ҆શ͔ͭߴͳHTTPSαʔόͷߏங
ʰnginx࣮ફೖʱষߏ • 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங • 7ষ େنίϯςϯπ৴αʔόͷߏங • 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά
• 9ষ LuaʹΑΔnginxͷ֦ு • 10ষ OpenResty
೦ߍ࣌ظͷΈ(2015ळʙౙ)
nginxͷHTTP/2࣮͕ ͍ͭग़Δ͔Θ͔Βͳ͍
nginxͷdynamic module͕ ͍ͭग़Δ͔Θ͔Βͳ͍
nginx࣮ફೖͰղઆͯ͠ͳ͍ओͳ༰ • ngx_mail_xxx_module • nginxͰϝʔϧϓϩΩγ • ngx_stream_xxx_module • nginxͰL4ϩʔυόϥϯε •
ngx_luaͷ࠷৽ͷσΟϨΫςΟϒ • e.g. (ssl_certificate|balancer)_by_lua_block
nginxͰL4ϩʔυόϥϯε stream { upstream app { server x.x.x.x:12345; server x.x.x.y:12345;
} server { listen 50000; proxy_pass app; } }
xxx_by_lua_block (e.g. content_by_lua_block) • LuaεΫϦϓτΛΠϯϥΠϯͰॻ͘ࡍʹώΞυ ΩϡϝϯτͰॻ͚ΔΑ͏ʹͳͬͨ
content_by_lua location / { content_by_lua ‘ngx.say(‘hello’)’; } Syntax error…
content_by_lua_block location / { content_by_lua_block { ngx.say(‘hello’) } }
ssl_certificate_by_lua_(block|file) • TLSϋϯυγΣΠΫ࣌ʹLuaεΫϦϓτΛϑο ΫͰ͖Δ • ূ໌ॻͷಈతͳΓସ͑ʹԠ༻Մೳ
balancer_by_lua_(block|file) • upstreamίϯςΩετͰར༻ग़དྷΔσΟϨΫ ςΟϒ • ಈతͳϩʔυόϥϯαʔͷߏஙʹར༻Մೳ
ngx_stream_lua_module • https://github.com/openresty/stream-lua- nginx-module • ngx_luaͰL4ϩʔυόϥϯε • Status • Quite
usable but still experimental.
Coming soon… • dynamic module support of nginx • طʹnginxͷmainlineϦϙδτϦʹίϛοτ͞
ΕͯΔͷͰଟ࣍ͷ1.9.11ͰདྷΔ ./configure —with-stream=dynamic ▪ streamϞδϡʔϧͷಈతϩʔσΟϯά ▪ nginx.confͷઃఆ load_module /path/to/ngx_stream_module.so