Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Varnish+Redis - Russ Smith

Las Vegas Ruby Group
July 16, 2014
1
76

Varnish+Redis - Russ Smith

Las Vegas Ruby Group

July 16, 2014
Tweet

More Decks by Las Vegas Ruby Group

See All by Las Vegas Ruby Group
Ruby ISO Standard - David Grayson
lvrug
0
99
Windows Automation - Howard Feldman
lvrug
0
38
Separating Your Application from Rails - Brian Hughes
lvrug
0
89
SWIG and Ruby - David Grayson
lvrug
0
44
Practical Object-Oriented Design in Ruby - Charles Jackson
lvrug
3
100
The Hamster Gem - Ryan Mulligan
lvrug
1
77
Lambdas and Pops - Jan Hettich
lvrug
0
43
Making Good Use of Fonts - Russ Smith
lvrug
1
58
Writing Files - Ryan Mulligan
lvrug
0
36

Featured

See All Featured
Documentation Writing (for coders)
carmenintech
65
4.4k
A Philosophy of Restraint
colly
203
16k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Designing the Hi-DPI Web
ddemaree
280
34k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
120
Stop Working from a Prison Cell
hatefulcrawdad
267
20k

Transcript

  1. Varnish + Redis

  2. None

  3. Redis is a key value store. ! key => value

    set key value get key # value

  4. Redis can also store hashes as a value. ! key

    => hash hset user:12345 access active hget user:12345 access # active

  5. Varnish is a high-performance HTTP accelerator.

  6. Why use Varnish? Fast, stable, low overhead. 20k+ requests per

    second. Stop hitting your slow backend.

  7. Why put them together?

  8. Paywalls Varnish uses a hash key to store request objects.

    ! /path/to/content.html /path/to/content.html + myhost.com + user_access_level ! Multiple responses for a single url.

  9. Generalize Users The simple idea is to put your users

    into different groups based on certain business logic in your application.

  10. Putting it all together

  11. Warden::Manager.after_set_user do |user, auth, opts| auth.cookies[:user] = user.id auth.cookies[:railsapp_token] =

    OpenSSL::HMAC.hexdigest( ‘sha256’, RailsApp::Application.config.secret_token, user.id.to_s + RailsApp::Application.config.secret_token) end ! Warden::Manager.after_authentication do |user, proxy, opts| $redis.hset("user:#{user.id}", 'access', user.access_level) end ! Warden::Manager.before_logout do |user, auth, opts| auth.cookies[:user] = nil auth.cookies[:railsapp_token] = nil end

  12. import redis; import digest; ! sub vcl_init { redis.init_redis('127.0.0.1', 6379,

    200); } ! sub vcl_hash { hash_data(req.url); hash_data(req.http.host); ! if (req.request != "GET") { return(hash); } else { if (req.request == "GET" && req.http.Cookie ~ "rails_app_token=") { # Grab the user id from cookies set req.http.X-RailsApp-User = regsub(req.http.Cookie, "^.*?user=([^;]*);*.*$", "\1"); ! # Grab the token from cookies set req.http.X-RailsApp-Token = "0x" + regsub(req.http.Cookie, "^.*?rails_app_token=([^;]*);*.*$", "\1"); ! # Sign the secret token with the user id set req.http.X-RailsApp-Signed = digest.hmac_sha256("<%= RailsApp::Application.config.secret_token %>”, req.http.X-RailsApp-User + "<%= RailsApp::Application.config.secret_token %>"); ! # Check if the signed request equals the cookie token # If so, we have a valid request if (req.http.X-RailsApp-Signed == req.http.X-RailsApp-Token) { set req.http.X-RailsApp-Auth = "<%= RailsApp::Application.config.secret_token %>"; # Grab the access level from redis and use that as a part of the hash set req.http.X-RailsApp-Access = redis.call("HGET user:" + req.http.X-RailsApp-User + " access"); hash_data(req.http.X-RailsApp-Access); } } } ! unset req.http.Cookie; unset req.http.Authorization; ! return(hash); }

  13. import redis; import digest; ! sub vcl_init { redis.init_redis('127.0.0.1', 6379,

    200); }

  14. sub vcl_hash { hash_data(req.url); hash_data(req.http.host); ! if (req.request != "GET")

    { return(hash); } else { … } ! unset req.http.Cookie; unset req.http.Authorization; ! return(hash); }

  15. if (req.request == "GET" && req.http.Cookie ~ "rails_app_token=") { #

    Grab the user id from cookies set req.http.X-RailsApp-User = regsub(req.http.Cookie, "^.*? user=([^;]*);*.*$", "\1"); ! # Grab the token from cookies set req.http.X-RailsApp-Token = "0x" + regsub(req.http.Cookie, "^.*?rails_app_token=([^;]*);*.*$", "\1"); ! # Sign the secret token with the user id set req.http.X-RailsApp-Signed = digest.hmac_sha256("<%= RailsApp::Application.config.secret_token %>”, req.http.X-RailsApp- User + "<%= RailsApp::Application.config.secret_token %>"); ! # Check if the signed request equals the cookie token # If so, we have a valid request if (req.http.X-RailsApp-Signed == req.http.X-RailsApp-Token) { set req.http.X-RailsApp-Auth = "<%= RailsApp::Application.config.secret_token %>"; # Grab the access level from redis and use that as a part of the hash set req.http.X-RailsApp-Access = redis.call("HGET user:" + req.http.X-RailsApp-User + " access"); hash_data(req.http.X-RailsApp-Access); } }

  16. How this looks in Rails

  17. class ArticleController < ApplicationController def show @article = Article.find(params[:id]) render(template_for_show)

    end ! def template_for_show # Not signed in, so show them a signup page or something. return :show_excerpt unless user_signed_in? ! # Getting a request from Varnish, use it's access level. if request.headers.key?('HTTP_X_RAILSAPP_ACCESS') return request.headers['HTTP_X_RAILSAPP_ACCESS'].to_sym end ! # Fallback and for development. "show_#{current_user.access_level}".to_sym end end