NGINX / Developers Summit 2019

Transcript

1. 1.

   Webαʔόʔར༻͚ͩͰ͸ͳ͍ NGINXιϦϡʔγϣϯ NGINX ςΫχΧϧ ιϦϡʔγϣϯζ ΞʔΩςΫτ ాล ໜ໵ 2019/2/15

2. 2.

   NGINXͷ͝঺հ NGINX Plus ϚΠΫϩαʔϏε΁ͷऔΓ૊Έ 1 2 3 ຊ೔ͷ಺༰ NGINX Controller

   4 2
3. 3.

   NGINXͷ͝঺հ 1

4. 4.

   NGINXࣾ • ೥ʹઃཱɺ೥ʹNGINX 1MVTͷॳظϦϦʔε ೥044൛ॳظϦϦʔε • ສҎ্ͷ΢ΣϒαΠτ • ΤϯλʔϓϥΠζιϑτ΢ΣΞۀքͷϦʔμʔͷϕϯνϟʔΩϟϐλϧͷࢧԉ •

   αϯϑϥϯγείɺϩϯυϯɺίʔΫɺγϯΨϙʔϧɺγυχʔɺϞεΫϫɺ౦ژͷΦϑΟε • ࣾҎ্ͷސ٬ • ਓҎ্ͷैۀһ 4
5. 5.

   NGINX Unit NGINX ͔Βͷ৽͍͠ಈతͳWebͱΞϓϦ έʔγϣϯɾαʔόʔɻΦʔϓϯιʔεɺ ෳ਺ͷݴޠͷαϙʔτɺ͓Αͼಈతͳ REST API ओಋͷߏ੒ɻ NGINX

   Plus ϩʔυόϥϯαʔɺWebαʔόʔɺίϯςϯπ ΩϟογϡΛؚΉ།ҰͷΦʔϧΠϯϫϯ ιϦϡʔγϣϯɻίετΛ࡟ݮ͠ͳ͕Βɺ ΞʔΩςΫνϟΛ؆ૉԽ͠·͢ɻ ੡඼ NGINX Controller NGINX PlusͷͨΊͷूத؂ࢹ͓Αͼ؅ཧɻ ୯Ұͷඒ͍͠ΠϯλʔϑΣΠεΛ࢖༻ͯ͠ɺ Ծ૝ϩʔυόϥϯαʔΛల։͠·͢ɻ NGINX WAF Φʔϓϯιʔεͷ WebΞϓϦέʔγϣϯ ϑΝΠΞ΢Υʔϧ (WAF) SQL ΠϯδΣΫγϣϯɺLFI
   RFI
   ͓ΑͼͦͷଞͷϨΠϠ7߈ܸΛ๷ޚ͠·͢ɻ Powered by ModSecurity. 5
6. 6.

   ݱࡏͷΞϓϦͷΠϯϑϥ͸ෳࡶ 6

7. 7.

   NGINXʹΑΓ10ഒ؆ૉԽɾ 80%ίετ࡟ݮ 7

8. 8.

   NGINX ΞϓϦέʔγϣϯ ϓϥοτϑΥʔϜ ϨΨγʔͳϞϊϦγοΫ ΞϓϦ͔ΒϞμϯͳϚΠ ΫϩαʔϏε·Ͱ෯޿͘ ରԠ͠ɺσδλϧମݧΛ ։ൃఏڙ͢ΔͨΊͷςΫ ϊϩδʔεΠʔτ ϩʔυόϥϯαʔ

   API 
   αʔϏεϝογϡ 8
9. 9.

   NGINX Plus 2

10. 10.

    ߴੑೳͳΞϓϦέʔγϣϯͷ഑৴ • ৄࡉͰ๛෋ͳϝτϦοΫ • ڧྗͳෛՙ෼ࢄ • ϔϧενΣοΫ • αʔϏεϨδετϦͷ౷߹ •

    HTTP/HTTPS/H2/gRPC/TCP/UDP ΤϯλʔϓϥΠζαϙʔτ HTTP HTTPS HTTP/2 gRPC TCP UDP consul etcd 11
11. 11.

    NGINX PlusͷμογϡϘʔυ 12 શମ αʔόʔͷঢ়گʢκʔϯʹ෼͚ͯදࣔʣ Ωϟογϡ ڞ༗ϝϞϦʔ NGINX Plusͷ Πϯελϯεຖͷ৘ใ

    http://demo.nginx.com
12. 12.

    NGINX Plus: Upstreamͷಈతมߋ ϩʔυόϥϯεઌ (Upstream) ΛಈతʹมߋՄೳ μογϡϘʔυͷGUIͰ APIͰ

13. 13.

    ϩʔυόϥϯαʔɾΩϟογϡ 
     • HTTP, TCP, UDP ͷෛՙ෼ࢄ • URIɺΫοΩʔɺҾ਺ͳͲΛ࢖༻ͨ͠ɺ ϨΠϠ7ϦΫΤετϧʔςΟϯά

    • ͞·͟·ͳΞϧΰϦζϜ • ϥ΢ϯυϩϏϯɺ࠷খίωΫγϣϯɺIPϋογϡ • ࠷খλΠϜɺ࠷খίωΫγϣϯ͔Βೋͭબ୒ • ΫοΩʔʹجͮ͘ηογϣϯӬଓԽ • εςʔλείʔυͱԠ౴ϘσΟʹجͮ͘ɺ ΞΫςΟϒϔϧενΣοΫ • DNS Λ࢖༻ͨ͠αʔϏε୳ࡧ
    ྘ࣈ෦෼͸NGINX PlusͷΈͷػೳʣ
14. 14.

    APIήʔτ΢ΣΠͱͯ͠

15. 15.

    NGINX WAF ߴ౓ͳ8&#ΞϓϦέʔγϣϯ ϑΝΠΞ΢Υʔϧ  ϨΠϠ
    ߈ܸอޢ  %%P4
    ؇࿨  *1Ϩϐϡςʔγϣϯ

     ؂ࠪϩά
16. 16.

    ϚΠΫϩαʔϏε΁ͷऔΓ૊Έ 3

17. 17.

    NGINX͸ɺ͞·͟·ͳϚΠΫϩ αʔϏεΞʔΩςΫνϟΛαϙʔτ 3. Fabric Model 2. Router Mesh Model 1.

    Proxy Model 19
18. 18.

    NGINX Unit 20 • μΠφϛοΫWebɾ ΞϓϦέʔγϣϯαʔόʔ ◦ γϯϓϧɾܰྔ ◦ ଟݴޠʹରԠ:

    Python, PHP, Go, Perl, Ruby, JavaScript (Node.js), Java(༧ఆ)
    ηοτΞοϓɾઃఆͳͲɺಉ༷ͷ؀ڥΛར༻Մೳ ◦ RESTful JSON APIͰͷಈతͳઃఆ ◦ Φʔϓϯιʔε ◦ NGINX PlusϢʔβʔ͸ αϙʔτར༻Մ ◦ NGINXΛαΠυΧʔʹ
19. 19.

    ಈతͳϧʔςΟϯά: αʔϏεͷݕग़ • ͜Μͳͱ͖ʹඞཁ ◦ ৽͍͠αʔϏε͕௥Ճ͞Εͨ ◦ طଘͷαʔϏεͷΠϯελϯε͕௥Ճ͞Εͨ • ϓϩΩγ͕ߏ੒͞ΕΔτϦΨʔͷྫ

    ◦ Ansible Roles ◦ Consul templates ◦ DNS A, SRV Ϩίʔυ ◦ AWS Autoscaling άϧʔϓ ◦ Kubernetes (kube-dns) Ingress and Service-to- Service 21
20. 20.

    Unit

21. 21.

    Unit deployment/unit-headless Deployment Unit Unit

22. 22.

    Unit deployment/unit-headless Deployment Unit Unit

23. 23.

    Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service Unit Unit

24. 24.

    Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service NGINX Plus Load Balancer

    SRV ϨίʔυͰσΟεΧόϦ pod/nginx-headless Unit Unit
25. 25.

    Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service NGINX Plus Load Balancer

    SRV ϨίʔυͰσΟεΧόϦ NodePort Service pod/nginx-headless svc/nginx-headless Unit Unit
26. 26.

    DNSαʔϏεσΟεΧόϦ ༏ઌ౓ɾ΢ΣΠτ ϙʔτ൪߸ɾϗετ໊ NGINX಺ͷDNSΩϟογϡ༗ޮ࣌ؒ αʔόʔϦετΛDNSͰղܾ UpstreamΛࢀর 29 खಈͰDNSϨίʔυઃఆɺKubernetesͰ͸Headless Service

27. 27.

    None
28. 28.

    NGINX Plus - Kubernetes Ingress Controller NGINX PlusΛೖΓޱͱͯ͠ KubernetesΞϓϦέʔγϣϯΛ࡞੒ :

    • ߴ౓ͳෛՙ෼ࢄͱSSL/TLS ऴ୺ • WebSocket ͱ HTTP/2 ͷαϙʔτ • ϦΫΤετ͕ΞϓϦέʔγϣϯʹసૹ͞ΕΔ લʹURI ॻ͖׵͑ • ಈతͳ࠶ߏ੒ • Session persistence • JWT authentication • Prometheusͷαϙʔτ • 24x7 αϙʔτ https://github.com/nginxinc/kubernetes-ingress 32
29. 29.

    NGINX Controller 4

30. 30.

    NGINX Controller: ϞχλϦϯά 34 ଟ਺ͷNGINX Plus͔Β౷ܭ৘ใΛू໿

31. 31.

    NGINX Controller: LBઃఆ 35 nginx.conf ͷ֬ೝ nginx.conf ͷมߋ ઃఆͷݕূ NGINXͷίϯτϩʔϧϓϨʔϯͱͯ͠

    ·ͣ͸API Gateway͔Β
32. 32.

    NGINX Controller: API؅ཧ APIఆٛ ྲྀྔ؅ཧ ೝূɾೝՄ

33. 33.

    ·ͱΊ • ࣗࣾͷWebγεςϜ͕ෳࡶʹͳΓ͍͗ͯ͢Δ ◦ → NGINX Plus! • ϩʔυόϥϯαʔͷϋʔυ΢ΣΞͷߋ৽࣌ظʹདྷ͍ͯΔ ◦

    → NGINX Plus! • ϚΠΫϩαʔϏε΍ίϯςφͰͷӡ༻Λݕ౼த ◦ → NGINX Plus! ϑϦʔτϥΠΞϧ͸ ͪ͜Β͔Β 37
34. 34.

    Thank you! 38