Upgrade to Pro — share decks privately, control downloads, hide ads and more …

NGINX / Developers Summit 2019

C2cbcced4908b5ee6099fc2274749acc?s=47 NGINX Japan
February 15, 2019
Technology
0
960

NGINX / Developers Summit 2019

C2cbcced4908b5ee6099fc2274749acc?s=128

NGINX Japan

February 15, 2019
Tweet

More Decks by NGINX Japan

See All by NGINX Japan
C2cbcced4908b5ee6099fc2274749acc?s=48 nginx_jp
4
1.5k
C2cbcced4908b5ee6099fc2274749acc?s=48 nginx_jp
0
75
C2cbcced4908b5ee6099fc2274749acc?s=48 nginx_jp
0
51

Other Decks in Technology

See All in Technology
1fbd94fe0e6c61f43710f4fbb7e1ecdf?s=48 hashiyaman
0
400
7a54d6143169419fc6d4d9a0ff3056ea?s=48 maekawa123
0
610
64fdeeb10dba981472bf5a90dae23f2a?s=48 ryoheig0405
0
470
2016ba6b977a2e6691811fa66d5f4336?s=48 cyberagentdevelopers
PRO
0
490
97d180294474e9df01503148f3b11f39?s=48 lambda
0
220
2016ba6b977a2e6691811fa66d5f4336?s=48 cyberagentdevelopers
PRO
0
190
2dae6daed4edd231d733fcec84944332?s=48 sinedied
0
160
105adfe7203d81662325e3030181400c?s=48 nakamods320yen
0
1.3k
7e20183342a040a32924a41343603286?s=48 konabuta
0
1k
Ae1bcb47094f8a9352a3fedcfdc6a4e3?s=48 athagi
0
310
Dc20c893cac0daddd607dfc9a5855d27?s=48 amarelo_n24
0
120
7bbb6e8cd78042f30a37c29771002d2a?s=48 nenonaninu
0
140

Featured

See All Featured
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
237
10k
Ba530e786553390f3fb271848485681c?s=48 3n
163
22k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
31
1.2k
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
252
11k
B47b288784fda77a94aeb234ca743c24?s=48 keavy
108
15k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
12
1.9k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
360
63k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
442
29k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
262
11k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
332
16k
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
93
3.2k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
11
660

Transcript

  1. Webαʔόʔར༻͚ͩͰ͸ͳ͍ NGINXιϦϡʔγϣϯ NGINX ςΫχΧϧ ιϦϡʔγϣϯζ ΞʔΩςΫτ ాล ໜ໵ 2019/2/15

  2. NGINXͷ͝঺հ NGINX Plus ϚΠΫϩαʔϏε΁ͷऔΓ૊Έ 1 2 3 ຊ೔ͷ಺༰ NGINX Controller

    4 2

  3. NGINXͷ͝঺հ 1

  4. NGINXࣾ • ೥ʹઃཱɺ೥ʹNGINX 1MVTͷॳظϦϦʔε ೥044൛ॳظϦϦʔε • ສҎ্ͷ΢ΣϒαΠτ • ΤϯλʔϓϥΠζιϑτ΢ΣΞۀքͷϦʔμʔͷϕϯνϟʔΩϟϐλϧͷࢧԉ •

    αϯϑϥϯγείɺϩϯυϯɺίʔΫɺγϯΨϙʔϧɺγυχʔɺϞεΫϫɺ౦ژͷΦϑΟε • ࣾҎ্ͷސ٬ • ਓҎ্ͷैۀһ 4

  5. NGINX Unit NGINX ͔Βͷ৽͍͠ಈతͳWebͱΞϓϦ έʔγϣϯɾαʔόʔɻΦʔϓϯιʔεɺ ෳ਺ͷݴޠͷαϙʔτɺ͓Αͼಈతͳ REST API ओಋͷߏ੒ɻ NGINX

    Plus ϩʔυόϥϯαʔɺWebαʔόʔɺίϯςϯπ ΩϟογϡΛؚΉ།ҰͷΦʔϧΠϯϫϯ ιϦϡʔγϣϯɻίετΛ࡟ݮ͠ͳ͕Βɺ ΞʔΩςΫνϟΛ؆ૉԽ͠·͢ɻ ੡඼ NGINX Controller NGINX PlusͷͨΊͷूத؂ࢹ͓Αͼ؅ཧɻ ୯Ұͷඒ͍͠ΠϯλʔϑΣΠεΛ࢖༻ͯ͠ɺ Ծ૝ϩʔυόϥϯαʔΛల։͠·͢ɻ NGINX WAF Φʔϓϯιʔεͷ WebΞϓϦέʔγϣϯ ϑΝΠΞ΢Υʔϧ (WAF) SQL ΠϯδΣΫγϣϯɺLFIRFI ͓ΑͼͦͷଞͷϨΠϠ7߈ܸΛ๷ޚ͠·͢ɻ Powered by ModSecurity. 5

  6. ݱࡏͷΞϓϦͷΠϯϑϥ͸ෳࡶ 6

  7. NGINXʹΑΓ10ഒ؆ૉԽɾ 80%ίετ࡟ݮ 7

  8. NGINX ΞϓϦέʔγϣϯ ϓϥοτϑΥʔϜ ϨΨγʔͳϞϊϦγοΫ ΞϓϦ͔ΒϞμϯͳϚΠ ΫϩαʔϏε·Ͱ෯޿͘ ରԠ͠ɺσδλϧମݧΛ ։ൃఏڙ͢ΔͨΊͷςΫ ϊϩδʔεΠʔτ ϩʔυόϥϯαʔ

    API  αʔϏεϝογϡ 8

  9. NGINX Plus 2

  10. ߴੑೳͳΞϓϦέʔγϣϯͷ഑৴ • ৄࡉͰ๛෋ͳϝτϦοΫ • ڧྗͳෛՙ෼ࢄ • ϔϧενΣοΫ • αʔϏεϨδετϦͷ౷߹ •

    HTTP/HTTPS/H2/gRPC/TCP/UDP ΤϯλʔϓϥΠζαϙʔτ HTTP HTTPS HTTP/2 gRPC TCP UDP consul etcd 11

  11. NGINX PlusͷμογϡϘʔυ 12 શମ αʔόʔͷঢ়گʢκʔϯʹ෼͚ͯදࣔʣ Ωϟογϡ ڞ༗ϝϞϦʔ NGINX Plusͷ Πϯελϯεຖͷ৘ใ

    http://demo.nginx.com

  12. NGINX Plus: Upstreamͷಈతมߋ ϩʔυόϥϯεઌ (Upstream) ΛಈతʹมߋՄೳ μογϡϘʔυͷGUIͰ APIͰ

  13. ϩʔυόϥϯαʔɾΩϟογϡ  • HTTP, TCP, UDP ͷෛՙ෼ࢄ • URIɺΫοΩʔɺҾ਺ͳͲΛ࢖༻ͨ͠ɺ ϨΠϠ7ϦΫΤετϧʔςΟϯά

    • ͞·͟·ͳΞϧΰϦζϜ • ϥ΢ϯυϩϏϯɺ࠷খίωΫγϣϯɺIPϋογϡ • ࠷খλΠϜɺ࠷খίωΫγϣϯ͔Βೋͭબ୒ • ΫοΩʔʹجͮ͘ηογϣϯӬଓԽ • εςʔλείʔυͱԠ౴ϘσΟʹجͮ͘ɺ ΞΫςΟϒϔϧενΣοΫ • DNS Λ࢖༻ͨ͠αʔϏε୳ࡧ ྘ࣈ෦෼͸NGINX PlusͷΈͷػೳʣ

  14. APIήʔτ΢ΣΠͱͯ͠

  15. NGINX WAF ߴ౓ͳ8&#ΞϓϦέʔγϣϯ ϑΝΠΞ΢Υʔϧ  ϨΠϠ߈ܸอޢ  %%P4؇࿨  *1Ϩϐϡςʔγϣϯ

     ؂ࠪϩά

  16. ϚΠΫϩαʔϏε΁ͷऔΓ૊Έ 3

  17. NGINX͸ɺ͞·͟·ͳϚΠΫϩ αʔϏεΞʔΩςΫνϟΛαϙʔτ 3. Fabric Model 2. Router Mesh Model 1.

    Proxy Model 19

  18. NGINX Unit 20 • μΠφϛοΫWebɾ ΞϓϦέʔγϣϯαʔόʔ ◦ γϯϓϧɾܰྔ ◦ ଟݴޠʹରԠ:

    Python, PHP, Go, Perl, Ruby, JavaScript (Node.js), Java(༧ఆ)  ηοτΞοϓɾઃఆͳͲɺಉ༷ͷ؀ڥΛར༻Մೳ ◦ RESTful JSON APIͰͷಈతͳઃఆ ◦ Φʔϓϯιʔε ◦ NGINX PlusϢʔβʔ͸ αϙʔτར༻Մ ◦ NGINXΛαΠυΧʔʹ

  19. ಈతͳϧʔςΟϯά: αʔϏεͷݕग़ • ͜Μͳͱ͖ʹඞཁ ◦ ৽͍͠αʔϏε͕௥Ճ͞Εͨ ◦ طଘͷαʔϏεͷΠϯελϯε͕௥Ճ͞Εͨ • ϓϩΩγ͕ߏ੒͞ΕΔτϦΨʔͷྫ

    ◦ Ansible Roles ◦ Consul templates ◦ DNS A, SRV Ϩίʔυ ◦ AWS Autoscaling άϧʔϓ ◦ Kubernetes (kube-dns) Ingress and Service-to- Service 21

  20. Unit

  21. Unit deployment/unit-headless Deployment Unit Unit

  22. Unit deployment/unit-headless Deployment Unit Unit

  23. Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service Unit Unit

  24. Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service NGINX Plus Load Balancer

    SRV ϨίʔυͰσΟεΧόϦ pod/nginx-headless Unit Unit

  25. Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service NGINX Plus Load Balancer

    SRV ϨίʔυͰσΟεΧόϦ NodePort Service pod/nginx-headless svc/nginx-headless Unit Unit

  26. DNSαʔϏεσΟεΧόϦ ༏ઌ౓ɾ΢ΣΠτ ϙʔτ൪߸ɾϗετ໊ NGINX಺ͷDNSΩϟογϡ༗ޮ࣌ؒ αʔόʔϦετΛDNSͰղܾ UpstreamΛࢀর 29 खಈͰDNSϨίʔυઃఆɺKubernetesͰ͸Headless Service

  27. None

  28. NGINX Plus - Kubernetes Ingress Controller NGINX PlusΛೖΓޱͱͯ͠ KubernetesΞϓϦέʔγϣϯΛ࡞੒ :

    • ߴ౓ͳෛՙ෼ࢄͱSSL/TLS ऴ୺ • WebSocket ͱ HTTP/2 ͷαϙʔτ • ϦΫΤετ͕ΞϓϦέʔγϣϯʹసૹ͞ΕΔ લʹURI ॻ͖׵͑ • ಈతͳ࠶ߏ੒ • Session persistence • JWT authentication • Prometheusͷαϙʔτ • 24x7 αϙʔτ https://github.com/nginxinc/kubernetes-ingress 32

  29. NGINX Controller 4

  30. NGINX Controller: ϞχλϦϯά 34 ଟ਺ͷNGINX Plus͔Β౷ܭ৘ใΛू໿

  31. NGINX Controller: LBઃఆ 35 nginx.conf ͷ֬ೝ nginx.conf ͷมߋ ઃఆͷݕূ NGINXͷίϯτϩʔϧϓϨʔϯͱͯ͠

    ·ͣ͸API Gateway͔Β

  32. NGINX Controller: API؅ཧ APIఆٛ ྲྀྔ؅ཧ ೝূɾೝՄ

  33. ·ͱΊ • ࣗࣾͷWebγεςϜ͕ෳࡶʹͳΓ͍͗ͯ͢Δ ◦ → NGINX Plus! • ϩʔυόϥϯαʔͷϋʔυ΢ΣΞͷߋ৽࣌ظʹདྷ͍ͯΔ ◦

    → NGINX Plus! • ϚΠΫϩαʔϏε΍ίϯςφͰͷӡ༻Λݕ౼த ◦ → NGINX Plus! ϑϦʔτϥΠΞϧ͸ ͪ͜Β͔Β 37

  34. Thank you! 38