NginxとELBの罠

Transcript

1. /HJOYͱ&-#ͷ᠘

2. ࣗݾ঺հ !JOOPTTI
   ,JJגࣜձࣾ
   
   *P5Ϋϥ΢υϓϥοτϑΥʔϜ
   ιϑτ΢ΣΞΤϯδχΞ
   %FW0QT
   
   +BWB
   "OTJCMF
   ࠷ۙ
   
   "MFYB
   εϓϥτΡʔϯ

3. ొ৔͢Δ΋ͷ w/HJOY
   w0QFO3FTUZ
   w7BSOJTI
   w&-#

4. /HJOYͷઃఆ͸᠘͕ଟ͍

5. /HJOYࡾ୒ΫΠζ

6. Ϩεϙϯεϔομ͸Ͳ͏ͳΔʁ location /if {
 set $true 1;
 
 if ($true)

   {
 add_header X-First 1;
 }
 if ($true) {
 add_header X-Second 2;
 }
 return 204;
 }

7. "
   9'JSTUͱ94FDPOE
   
   #
   9'JSTUͷΈ
   
   $
   94FDPOEͷΈ location /if {
 set $true 1;
 
 if

   ($true) {
 add_header X-First 1;
 }
 if ($true) {
 add_header X-Second 2;
 }
 return 204;
 }

8. ౴͑
   
   $
   94FDPOEͷΈ location /if {
 set $true 1;
 
 if ($true)

   {
 add_header X-First 1;
 }
 if ($true) {
 add_header X-Second 2;
 }
 return 204;
 }

9. *G
   *T
   &WJM
   ཧ༝͸ͳ͍

10. Ͱ͸΋͏Ұ໰

11. ϦΫΤετϔομ͸Ͳ͏ͳΔʁ http {
 proxy_set_header X-Foo foo;
 
 server {
 proxy_set_header

    X-Bar bar;
 
 location /proxysetheader {
 proxy_pass http://localhost:8080;
 proxy_set_header X-Baz baz;
 }
 }
 }

12. "
    9'PPͱ9#BSͱ9#B[
    #
    9#BSͱ9#B[
    
    $
    9#B[ͷΈ http {
 proxy_set_header X-Foo foo;
 
 server {


    proxy_set_header X-Bar bar;
 
 location /proxysetheader {
 proxy_pass http://localhost:8080;
 proxy_set_header X-Baz baz;
 }
 }
 }

13. ౴͑
    
    $
    9#B[ͷΈ http {
 proxy_set_header X-Foo foo;
 
 server {
 proxy_set_header

    X-Bar bar;
 
 location /proxysetheader {
 proxy_pass http://localhost:8080;
 proxy_set_header X-Baz baz;
 }
 }
 }

14. ཧ༝͸͋Δ

15. QSPYZ@TFU@IFBEFS͸
    ಉ͡Ϩϕϧʹఆ͕ٛͳ͍࣌ʹ
    લͷϨϕϧͷఆٛΛҾ͖ܧ͙

16. http {
 proxy_set_header X-Foo foo;
 
 server {
 proxy_set_header X-Bar

    bar;
 
 location /proxysetheader {
 proxy_pass http://localhost:8080;
 proxy_set_header X-Foo foo;
 proxy_set_header X-Bar bar;
 proxy_set_header X-Baz baz;
 }
 }
 }

17. ˞ͩͨ͠ϨΞέʔεͳͷͰ
    ϦϥοΫεͯ͠ௌ͍͍ͯͩ͘͞ ͔͜͜Β͕ຊ୊

18. લஔ͖ w7BSOJTIΛ0QFO3FTUZʹஔ͖׵͑Δ࡞ۀ ͰϋϚͬͨ᠘
    w)551ϔομ
    w$POUFOU-FOHUI
    w5SBOTGFS&ODPEJOH
    DIVOLFE

19. Ή͔͠Ή͔͋͠Δͱ͜Ζʹ
    7BSOJTIͱ0QFO3FTUZ ͕͍·ͨ͠

20. 7BSOJTI 0QFO3FTUZ &-#

21. 7BSOJTI͸$POUFOU-FOHUIΛ HTTP/1.1 200 OK Server: varnish Date: Tue, 22 Aug

    2017 10:44:59 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Status: 200 OK Content-Length: 20 Cache-Control: max-age=0, no-cache, no-store

22. 0QFO3FTUZ͸USBOTGFSFODPEJOHΛ HTTP/1.1 200 OK Server: openresty Date: Tue, 22 Aug

    2017 10:44:59 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Status: 200 OK transfer-encoding: chunked Cache-Control: max-age=0, no-cache, no-store

23. όοΫΤϯυ +BWB ͸ಉҰ 7BSOJTI 0QFO3FTUZ - Content-Length: 20 + transfer-encoding:

    chunked

24. ͲΜͿΒ͜ʙͲΜͿΒ͜ʙ όοΫΤϯυ͸ಉҰͳͷʹ
    ࠩҟͷ͋ΔϨεϙϯε͕
    ྲྀΕ͖ͯ·ͨ͠

25. ໰୊఺ w0QFO3FTUZ΁ͷஔ͖׵͑ޙɺϨεϙϯε͕ νϟϯΫԽ͞ΕΔ
    w)551Λ໊৐ΓͭͭɺνϟϯΫԽ͞Εͨ ϨεϙϯεΛѻ͑ͳ͍ΫϥΠΞϯτ͕ଘࡏ

26. َୀ࣏ νϟϯΫԽ͞ΕͨݪҼΛ
    ୀ࣏͠Α͏

27. όοΫΤϯυʹ஫໨ HTTP/1.1 200 OK Date: Tue, 22 Aug 2017 10:44:59

    GMT Content-Type: application/json; charset=utf-8 Connection: close Content-Length: 20 ↑Content-Length͸෇͍͍ͯͳ͍ Status: 200 OK Cache-Control: max-age=0, no-cache, no-store

28. $POUFOU-FOHUI͸ෆཁʁ wແ͍৔߹ίωΫγϣϯΛΫϩʔζ͢Δ·Ͱ ϝοηʔδΛड৴
    w7BSOJTI͸$POUFOU-FOHUIΛউखʹ෇͚ ͍ͯͨ

29. ͦΕͳΒ0QFO3FTUZʹ஫໨ HTTP/1.1 200 OK Server: openresty Date: Tue, 22 Aug

    2017 10:44:59 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Status: 200 OK Transfer-Encoding: chunked Cache-Control: max-age=0, no-cache, no-store

30. DIVOLFE@USBOTGFS@FODPEJOH w/HJOYͷઃఆ஋ DIVOLFE@USBOTGFS@FODPEJOH͸σϑΥ ϧτͰPO
    w0QFO3FTUZ͸$POUFOU-FOHUIͷແ͍Ϩ εϙϯεΛνϟϯΫԽ͢Δ

31. 7BSOJTI΋0QFO3FTUZ΋Ոདྷʹ νϟϯΫԽ͞ΕͨݪҼΛ
    ಥ͖ࢭΊͨʜʁ

32. DIVOLFE@USBOTGFS@FODPEJOHΛPGGʹ HTTP/1.1 200 OK Server: openresty Date: Tue, 22 Aug

    2017 10:44:59 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Status: 200 OK transfer-encoding: chunked Cache-Control: max-age=0, no-cache, no-store

33. Ͳ͏ͤ/HJOYͷ᠘ͩΖ͏ʜ wDIVOLFE@USBOTGFS@FODPEJOH
    PGG͕ޮ ͔ͳ͍
    wͲ͏ߟ͑ͯ΋νϟϯΫԽ͢Δίʔυ͕࣮ߦ͞ ΕΔ͸͕ͣͳ͍
    w࠶Ϗϧυ΋όʔδϣϯΞοϓ΋ޮՌͳ͠

34. ʁ /HJOYͷιʔείʔυΛಡΜͰ
    Ұ͚ͭͩؾ͍ͮͨ͜ͱ͕ʜ

35. None

36. HTTP/1.1 200 OK Server: openresty Date: Tue, 22 Aug 2017

    10:44:59 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Status: 200 OK transfer-encoding: chunked Cache-Control: max-age=0, no-cache, no-store

37. NginxͰ͸ Transfer-Encoding: chunked

38. ΫϥΠΞϯτͰ͸ transfer-encoding: chunked

39. ELBͰ transfer-encoding: chunked ʊਓਓਓਓਓਓʊ
    ʼɹಥવͷ&-#ɹʻ
    ʉ:?:?:?:?:ʉ

40. ݪҼ͸&-# w&-#͸$POUFOU-FOHUIͷແ͍Ϩεϙϯε ΛνϟϯΫԽ͢Δ
    wখจࣈͷUSBOTGFSFODPEJOHΛ෇͚Δ

41. ಉ྅ʮ"-#࢖ͬͯΈͨΒʁʯ

42. "-#Λ࢖ͬͯΈΔͱ wಉ༷ʹϨεϙϯεΛνϟϯΫԽ͢Δ
    wେจࣈͷ5SBOTGFS&ODPEJOHΛ෇͚Δ͆ Nginx: Transfer-Encoding ELB: transfer-encoding ALB: Transfer-Encoding <=

    վળʁ͆

43. ղܾࡦ w&-#ͷ5$1ϦεφΛ࢖͏
    w΋͘͠͸/-#Λ࢖͏

44. ·ͱΊ wେจࣈখจࣈ͸໾ʹཱͭ͆
    w)551ඇରԠͷΫϥΠΞϯτ͸ͭΒ͍
    w)551ϔομΛकΔʹ͸5$1ϩʔυόϥϯα Λ࢖͏

45. Ҏ্ɺ/HJOYͱ&-#ͷ᠘ͷ࿩ *P5Ϋϥ΢υϓϥοτϑΥʔϜ
    ,JJ
    LJJDPN
    ΤϯδχΞืूͯ͠·͢ʂ