Upgrade to Pro — share decks privately, control downloads, hide ads and more …

プロキシサーバ自作から学ぶ、HTTP通信

Avatar for kobatako kobatako
July 15, 2019
Technology
110
0

 プロキシサーバ自作から学ぶ、HTTP通信

Avatar for kobatako

kobatako

July 15, 2019

More Decks by kobatako

See All by kobatako
ネットワークのことを知るため ソフトウェアルータを 自作した話
Avatar for kobatako kobatako
0
3.5k
enginnerday.pdf
Avatar for kobatako kobatako
0
46

Other Decks in Technology

See All in Technology
QGISプラグイン CMChangeDetector
Avatar for Forestgeo.info naokimuroki
1
400
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
Avatar for Cybozu cybozuinsideout
PRO
10
78k
Standards et agents IA : un tour d’horizon de MCP, A2A, ADK et plus encore
Avatar for Guillaume Laforge glaforge
0
170
AIを共同作業者にして書籍を執筆する方法 / How to Write a Book with AI as a Co-Creator
Avatar for ama-ch ama_ch
2
130
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
Avatar for Kenji Saito ks91
PRO
0
320
Amazon S3 Filesについて
Avatar for Yuuki Yamashita yama3133
2
210
Oracle AI Database@AWS:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
4
2.4k
「SaaSの次の時代」に重要性を増すステークホルダーマネジメントの要諦 ~解像度を圧倒的に高めPdMの価値を最大化させる方法~
Avatar for KAKEHASHI kakehashi
PRO
2
840
目的ファーストのハーネス設計 ~ハーネスの変更容易性を高めるための優先順位~
Avatar for Gota gotalab555
8
2.2k
ARIA Notifyについて
Avatar for ryokatsuse ryokatsuse
1
120
AgentCore×VPCでの設計パターンn選と勘所
Avatar for Har1101 har1101
3
280
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
3.1k

Featured

See All Featured
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
163
24k
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
900
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
Avatar for David Carrasco davidcarrasco
0
120
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.9k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
160
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.7k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
9k
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
100
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
260
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
3
3.4k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k

Transcript

  1. ϓϩΩγαʔόࣗ࡞͔ΒֶͿɺ HTTP௨৴ PHPΧϯϑΝϨϯε෱Ԭ2019 খݪɹਸ׮ 2019/06/29 (౔)

  2. ࣗݾ঺հ • ໊લ : খݪ ਸ׮ʢ͜͹Δ ͔ͨͻΖʣ • ॴଐ :

    גࣜձࣾFusic • ࢓ࣄ : PHPɺGolangɺAWS • झຯ : ElixirɺErlangɺΠϯϑϥ͍Ζ͍Ζ • Twitter : kobatako_

  3. ΞδΣϯμ • ϓϩΩγαʔόʹ͍ͭͯ • ࣗ࡞ͨ͠HTTPϓϩΩγͷॲཧ • ·ͱΊ

  4. ϓϩΩγαʔόʹ͍ͭͯ

  5. ϓϩΩγαʔόͷ ϨΠϠʔ

  6. ϓϩΩγαʔόͷϨΠϠʔ • L3/L4 • TCP/IPϨϕϧͰͷϓϩΩγ • L7 •ΞϓϦέʔγϣϯϨϕϧͰͷϓϩΩγ

  7. ϓϩΩγαʔόͷϨΠϠʔ • L3/L4 • TCP/IPϨϕϧͰͷϓϩΩγ • L7 •ΞϓϦέʔγϣϯϨϕϧͰͷϓϩΩγ <- ͜͜ʹ͍ͭͯ

  8. L7 ϓϩΩγ HTTPϦΫΤετ • ΫϥΠΞϯτͱϓϩΩγαʔόɺϓϩΩγαʔόͱόοΫΤϯυͷ αʔόͦΕͧΕͰTCP઀ଓΛߦ͏ • ΞϓϦέʔγϣϯϨϕϧͰͷ੍ޚʢHTTPͳͲʣ HTTPϦΫΤετ TCP

    TCP ΫϥΠΞϯτ ϓϩΩγ όοΫΤϯυ

  9. ϓϩΩγαʔόΛڬΉͱ Ͳ͏ͳΔ ???

  10. ϓϩΩγαʔόͷ໾ׂ •௨৴಺༰ͷվม •ෛՙ෼ࢄ •ηΩϡΞͳ௨৴ɺೝূ

  11. ϚΠΫϩαʔϏεͰ΋ར༻

  12. ϓϩΩγαʔό •Envoy • L3/L4 filter architecture • L7 filter architecture

    • HTTP2 / gRPCΛαϙʔτ • αʔΩοτϒϨʔΧʔ • Etc…

  13. ࣗ࡞͢Δ͜ͱͰਂ͘ཧղ
 ϓϩΩγαʔόͷ ར༻ൣғ͕޿͕͖͍ͬͯͯΔ

  14. ࣗ࡞ͨ͠ HTTPϓϩΩγͷॲཧ

  15. ࣗ࡞ͨ͠HTTPϓϩΩγͷॲཧ • X-Forwarded • ෛՙ෼ࢄ • Upgrade-Insecure-Requests • αʔΩοτϒϨʔΧʔ

  16. X-Forwarded

  17. X-Forwarded • RFC 7239 • HTTP Headerͷ֦ு • ϓϩΩγΛதܧ͢Δࡍʹૹ৴ݩʢΫϥΠΞϯτʣͷ
 IP΍ProtocolͳͲHeaderʹ෇͚Ճ͑Δ


    ˞ ͚ͭͳ͍ͱૹ৴ݩIPͳͲͰ੍ޚ͕Ͱ͖ͳ͘ͳΔ
 ʢX-Forwarded-Forʣ

  18. X-Forwarded • X-Forwarded-For • ΫϥΠΞϯτͷIP • X-Forwarded-Host • ΫϥΠΞϯτ͔ΒૹΒΕ͖ͯͨHost Header

    • X-Forwarded-Proto • ΫϥΠΞϯτ͔ΒͷϦΫΤετ: HTTPɺHTTPSͱ͔ • X-Forwarded-By • ΫϥΠΞϯτ͔ΒϦΫΤετΛड͚औͬͨϓϩΩγଆͷIP

  19. X-Forwarded-For͚ͩͰͳ͘ શ෦ೖΕΔΑ͏ʹ͢Δ

  20. • X-Forwarded-For • Laravel(Symfony)΍CakePHPͰ͸ૹ৴ݩIPͷ஋ͱͯ͠ར༻ • X-Forwarded-Proto • Laravel(Symfony)ͰηΩϡΞͳ௨৴͔Ͳ͏͔ͷࢀরͱͯ͠ར༻
 https://github.com/symfony/http-foundation/blob/master/Request.php#L1113 ϑϨʔϜϫʔΫ಺Ͱར༻͞Ε͍ͯΔ

  21. ෛՙ෼ࢄ

  22. ෛՙ෼ࢄ • ෛՙʹԠͯ͡όοΫΤϯυͷαʔόʹϦΫΤετΛ
 ৼΓ෼͚Δ • ϦΫΤετͷछྨ΍ύεʹΑͬͯϦΫΤετઌΛܾΊΔ • .jsɺ.cssɺ.png΁ͷϦΫΤετ • /admin/

    ΁ͷϦΫΤετ

  23. ෛՙ෼ࢄ HTTP ϦΫΤετ /index HTTP ϦΫΤετ js, css HTTP ϦΫΤετ

    /index GET /index HTTP/1.1

  24. ࣮૷ͨ࣌͠ͷߏ੒

  25. ෛՙ෼ࢄ 1. Proxyʢϓϩηεʣ͕HTTP RequestΛड͚औΓɺύε͔ΒClusterΛબ୒ 2. Cluster͕LoadBalancerʹϦΫΤετΛ͠ɺIndex൪߸Λฦ͢ 3. ฦ͞ΕͨIndex൪߸ΛݩʹCluster͕NodeΛฦ͠ɺϦΫΤετΛૹ৴ $MVTUFS /PEF

    /PEF /PEF -PBE#BMBODFS 1SPYZ )5513FRVFTU

  26. Upgrade-Insecure-Requests

  27. Upgrade-Insecure-Requests • HTTPSԽΛଅਐ͢Δ • ηΩϡΞͰอޢ͞ΕͨURLͰஔ͖׵͑ΒΕ͔ͨͷΑ͏ʹॲ ཧ͢ΔΑ͏ࢦࣔΛ͢Δ

  28. Upgrade-Insecure-Requests • ΫϥΠΞϯτ • Upgrade-Insecure-Requests: 1 • ChromeͰ͸Headerʹ͍ͭͯΔ • αʔό

    • Content-Security-Policy: upgrade-insecure-requests • ApacheɺNginxͳͲͰઃఆ͢Δ͜ͱ΋Մೳ

  29. Upgrade-Insecure-Requests • ΫϥΠΞϯτ • Upgrade-Insecure-Requests: 1 • ChromeͰ͸Headerʹ͍ͭͯΔ • αʔό

    • Content-Security-Policy: upgrade-insecure-requests • ApacheɺNginxͳͲͰઃఆ͢Δ͜ͱ΋Մೳ <- ͜͜ʹ͍ͭͯ

  30. Upgrade-Insecure-Requests • αʔό 1. HTTPϦΫΤετ 2. όοΫάϥϯυ΁ϦΫΤετ 3. HTTPϨεϙϯε 4.

    Ϩεϙϯεϔομʔʹ `upgrade-insecure-requests` Λ͚ͭΔ ᶃ ᶄ ᶅ ᶆ

  31. ࣮ࡍͷಈ࡞

  32. Upgrade-Insecure-Requests <img src=“http://example.com/img.png"> IUUQTFYBNQMFDPN ը૾ͷϦΫΤετ͸A)551Aͱͯ͠ϦΫΤετ͢Δ 6QHSBEF*OTFDVSF3FRVFTUT͕ͳ͍৔߹

  33. Upgrade-Insecure-Requests IUUQTFYBNQMFDPN 6QHSBEF*OTFDVSF3FRVFTUT͕͋Δ৔߹ <img src=“http://example.com/img.png"> ը૾ͷϦΫΤετ͸A)5514Aͱͯ͠ϦΫΤετ͢Δ ˞JNHλάͷTSD͸AIUUQAͷ··

  34. Consoleʹܯࠂ͕ग़ͳ͘ͳΔ Mixed Content: The page at ‘https://example.com' was loaded over

    HTTPS, but requested an insecure image ‘http://example.com/img.png'. This content should also be served over HTTPS.

  35. αʔΩοτϒϨʔΧʔ

  36. αʔΩοτϒϨʔΧʔ Failͨ͠αʔόʹରͯ͠େྔͷϦΫΤετ͕ ߦ͔ͳ͍Α͏ʹ੍ޚ͢Δ

  37. αʔΩοτϒϨʔΧʔ Fail = 5xxͷ εςʔλείʔυ

  38. αʔΩοτϒϨʔΧʔ )551ϦΫΤετ εςʔλείʔυ  •εςʔλείʔυΛ؂ࢹ͢Δ

  39. αʔΩοτϒϨʔΧʔ )551ϦΫΤετ εςʔλείʔυ ʢ'BJMʣ )551ϦΫΤετ εςʔλείʔυ ʢ'BJMʣ

  40. αʔΩοτϒϨʔΧʔ •όοΫΤϯυͷαʔό΁ϦΫΤετΛߦΘͣ
 circuit breaker͔ΒϦΫΤετΛฦ͢ )551ϦΫΤετ εςʔλείʔυ ʢ'BJMʣ

  41. ඵܦաʜ

  42. αʔΩοτϒϨʔΧʔ •Ұఆ࣌ؒա͗ΔͱϒϨʔΧʔΛ໭͢ )551ϦΫΤετ εςʔλείʔυ 

  43. ࣮૷ͨ࣌͠ͷߏ੒

  44. • CircuitBreakerʹϦΫΤετͷύεΛૹΓON͔Λ֬ೝ • ONʹͳ͍ͬͯΔ৔߹͸όοΫΤϯυ΁ϦΫΤετ • OFFʹͳ͍ͬͯΔ৔߹͸ΤϥʔΛϓϩΩγαʔό͔ΒϨεϙϯε 1SPYZ )5513FRVFTU $JSDVJU#SFBLFS αʔΩοτϒϨʔΧʔ

  45. αʔΩοτϒϨʔΧʔ • ࣮૷ͷํࣜ • ϦΫΤετ࣌ʹߦͬͨPathʹରͯ͠3ճ5xxܥͷεςʔλείʔυ͕
 ฦ͖ͬͯͨ৔߹͸ͦΕҎ߱ͷϦΫΤετ͸αʔΩοτϒϨʔΧʔΛ
 ONʹ͢Δ • ఀࢭ͔ͯ͠Β30ඵܦա͔ͯ͠ΒαʔΩοτϒϨʔΧʔΛOFFʹ͢Δ
 


    -> ଞʹ΋ϔϧενΣοΫͳͲͷ΍Γํ͕͋Δʢະ࣮૷ʣ

  46. ·ͱΊ

  47. ·ͱΊ • HTTP͸γϯϓϧ͕ͩɺগ͠ෳࡶͳ͜ͱΛ͢Δͱ೉͘͠ͳΔ • ϦΫΤετ͝ͱʹϓϩηεΛ෼͚͍ͯΔͷͰɺϩʔυόϥϯαʔͱ
 αʔΩοτϒϨʔΧʔͷ࣮૷ʹ޻෉͕ඞཁͩͬͨ ʢHTTPϓϩΩγͱ͸ผ͕ͩ… • ϒϥ΢β͝ͱʹTCPίωΫγϣϯͷ࣋ͪํ͕ҧͬͨ •

    ߴෛՙ࣌ͷϓϩηε੍ޚͰۤઓͨ͠ʢݱࡏਐߦܗʣ

  48. ͝੩ௌ͋Γ͕ͱ͏ ͍͟͝·ͨ͠