NGINX / Developers Summit 2019

Transcript

1. Webαʔόʔར༻͚ͩͰ͸ͳ͍ NGINXιϦϡʔγϣϯ NGINX ςΫχΧϧ ιϦϡʔγϣϯζ ΞʔΩςΫτ ాล ໜ໵ 2019/2/15

2. NGINXͷ͝঺հ NGINX Plus ϚΠΫϩαʔϏε΁ͷऔΓ૊Έ 1 2 3 ຊ೔ͷ಺༰ NGINX Controller

   4 2

3. NGINXͷ͝঺հ 1

4. NGINXࣾ • ೥ʹઃཱɺ೥ʹNGINX 1MVTͷॳظϦϦʔε ೥044൛ॳظϦϦʔε • ສҎ্ͷ΢ΣϒαΠτ • ΤϯλʔϓϥΠζιϑτ΢ΣΞۀքͷϦʔμʔͷϕϯνϟʔΩϟϐλϧͷࢧԉ •

   αϯϑϥϯγείɺϩϯυϯɺίʔΫɺγϯΨϙʔϧɺγυχʔɺϞεΫϫɺ౦ژͷΦϑΟε • ࣾҎ্ͷސ٬ • ਓҎ্ͷैۀһ 4

5. NGINX Unit NGINX ͔Βͷ৽͍͠ಈతͳWebͱΞϓϦ έʔγϣϯɾαʔόʔɻΦʔϓϯιʔεɺ ෳ਺ͷݴޠͷαϙʔτɺ͓Αͼಈతͳ REST API ओಋͷߏ੒ɻ NGINX

   Plus ϩʔυόϥϯαʔɺWebαʔόʔɺίϯςϯπ ΩϟογϡΛؚΉ།ҰͷΦʔϧΠϯϫϯ ιϦϡʔγϣϯɻίετΛ࡟ݮ͠ͳ͕Βɺ ΞʔΩςΫνϟΛ؆ૉԽ͠·͢ɻ ੡඼ NGINX Controller NGINX PlusͷͨΊͷूத؂ࢹ͓Αͼ؅ཧɻ ୯Ұͷඒ͍͠ΠϯλʔϑΣΠεΛ࢖༻ͯ͠ɺ Ծ૝ϩʔυόϥϯαʔΛల։͠·͢ɻ NGINX WAF Φʔϓϯιʔεͷ WebΞϓϦέʔγϣϯ ϑΝΠΞ΢Υʔϧ (WAF) SQL ΠϯδΣΫγϣϯɺLFI
   RFI
   ͓ΑͼͦͷଞͷϨΠϠ7߈ܸΛ๷ޚ͠·͢ɻ Powered by ModSecurity. 5

6. ݱࡏͷΞϓϦͷΠϯϑϥ͸ෳࡶ 6

7. NGINXʹΑΓ10ഒ؆ૉԽɾ 80%ίετ࡟ݮ 7

8. NGINX ΞϓϦέʔγϣϯ ϓϥοτϑΥʔϜ ϨΨγʔͳϞϊϦγοΫ ΞϓϦ͔ΒϞμϯͳϚΠ ΫϩαʔϏε·Ͱ෯޿͘ ରԠ͠ɺσδλϧମݧΛ ։ൃఏڙ͢ΔͨΊͷςΫ ϊϩδʔεΠʔτ ϩʔυόϥϯαʔ

   API 
   αʔϏεϝογϡ 8

9. NGINX Plus 2

10. ߴੑೳͳΞϓϦέʔγϣϯͷ഑৴ • ৄࡉͰ๛෋ͳϝτϦοΫ • ڧྗͳෛՙ෼ࢄ • ϔϧενΣοΫ • αʔϏεϨδετϦͷ౷߹ •

    HTTP/HTTPS/H2/gRPC/TCP/UDP ΤϯλʔϓϥΠζαϙʔτ HTTP HTTPS HTTP/2 gRPC TCP UDP consul etcd 11

11. NGINX PlusͷμογϡϘʔυ 12 શମ αʔόʔͷঢ়گʢκʔϯʹ෼͚ͯදࣔʣ Ωϟογϡ ڞ༗ϝϞϦʔ NGINX Plusͷ Πϯελϯεຖͷ৘ใ

    http://demo.nginx.com

12. NGINX Plus: Upstreamͷಈతมߋ ϩʔυόϥϯεઌ (Upstream) ΛಈతʹมߋՄೳ μογϡϘʔυͷGUIͰ APIͰ

13. ϩʔυόϥϯαʔɾΩϟογϡ 
     • HTTP, TCP, UDP ͷෛՙ෼ࢄ • URIɺΫοΩʔɺҾ਺ͳͲΛ࢖༻ͨ͠ɺ ϨΠϠ7ϦΫΤετϧʔςΟϯά

    • ͞·͟·ͳΞϧΰϦζϜ • ϥ΢ϯυϩϏϯɺ࠷খίωΫγϣϯɺIPϋογϡ • ࠷খλΠϜɺ࠷খίωΫγϣϯ͔Βೋͭબ୒ • ΫοΩʔʹجͮ͘ηογϣϯӬଓԽ • εςʔλείʔυͱԠ౴ϘσΟʹجͮ͘ɺ ΞΫςΟϒϔϧενΣοΫ • DNS Λ࢖༻ͨ͠αʔϏε୳ࡧ
    ྘ࣈ෦෼͸NGINX PlusͷΈͷػೳʣ

14. APIήʔτ΢ΣΠͱͯ͠

15. NGINX WAF ߴ౓ͳ8&#ΞϓϦέʔγϣϯ ϑΝΠΞ΢Υʔϧ  ϨΠϠ
    ߈ܸอޢ  %%P4
    ؇࿨  *1Ϩϐϡςʔγϣϯ

     ؂ࠪϩά

16. ϚΠΫϩαʔϏε΁ͷऔΓ૊Έ 3

17. NGINX͸ɺ͞·͟·ͳϚΠΫϩ αʔϏεΞʔΩςΫνϟΛαϙʔτ 3. Fabric Model 2. Router Mesh Model 1.

    Proxy Model 19

18. NGINX Unit 20 • μΠφϛοΫWebɾ ΞϓϦέʔγϣϯαʔόʔ ◦ γϯϓϧɾܰྔ ◦ ଟݴޠʹରԠ:

    Python, PHP, Go, Perl, Ruby, JavaScript (Node.js), Java(༧ఆ)
    ηοτΞοϓɾઃఆͳͲɺಉ༷ͷ؀ڥΛར༻Մೳ ◦ RESTful JSON APIͰͷಈతͳઃఆ ◦ Φʔϓϯιʔε ◦ NGINX PlusϢʔβʔ͸ αϙʔτར༻Մ ◦ NGINXΛαΠυΧʔʹ

19. ಈతͳϧʔςΟϯά: αʔϏεͷݕग़ • ͜Μͳͱ͖ʹඞཁ ◦ ৽͍͠αʔϏε͕௥Ճ͞Εͨ ◦ طଘͷαʔϏεͷΠϯελϯε͕௥Ճ͞Εͨ • ϓϩΩγ͕ߏ੒͞ΕΔτϦΨʔͷྫ

    ◦ Ansible Roles ◦ Consul templates ◦ DNS A, SRV Ϩίʔυ ◦ AWS Autoscaling άϧʔϓ ◦ Kubernetes (kube-dns) Ingress and Service-to- Service 21

20. Unit

21. Unit deployment/unit-headless Deployment Unit Unit

22. Unit deployment/unit-headless Deployment Unit Unit

23. Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service Unit Unit

24. Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service NGINX Plus Load Balancer

    SRV ϨίʔυͰσΟεΧόϦ pod/nginx-headless Unit Unit

25. Unit deployment/unit-headless svc/unit-headless-svc Deployment Headless Service NGINX Plus Load Balancer

    SRV ϨίʔυͰσΟεΧόϦ NodePort Service pod/nginx-headless svc/nginx-headless Unit Unit

26. DNSαʔϏεσΟεΧόϦ ༏ઌ౓ɾ΢ΣΠτ ϙʔτ൪߸ɾϗετ໊ NGINX಺ͷDNSΩϟογϡ༗ޮ࣌ؒ αʔόʔϦετΛDNSͰղܾ UpstreamΛࢀর 29 खಈͰDNSϨίʔυઃఆɺKubernetesͰ͸Headless Service

27. None

28. NGINX Plus - Kubernetes Ingress Controller NGINX PlusΛೖΓޱͱͯ͠ KubernetesΞϓϦέʔγϣϯΛ࡞੒ :

    • ߴ౓ͳෛՙ෼ࢄͱSSL/TLS ऴ୺ • WebSocket ͱ HTTP/2 ͷαϙʔτ • ϦΫΤετ͕ΞϓϦέʔγϣϯʹసૹ͞ΕΔ લʹURI ॻ͖׵͑ • ಈతͳ࠶ߏ੒ • Session persistence • JWT authentication • Prometheusͷαϙʔτ • 24x7 αϙʔτ https://github.com/nginxinc/kubernetes-ingress 32

29. NGINX Controller 4

30. NGINX Controller: ϞχλϦϯά 34 ଟ਺ͷNGINX Plus͔Β౷ܭ৘ใΛू໿

31. NGINX Controller: LBઃఆ 35 nginx.conf ͷ֬ೝ nginx.conf ͷมߋ ઃఆͷݕূ NGINXͷίϯτϩʔϧϓϨʔϯͱͯ͠

    ·ͣ͸API Gateway͔Β

32. NGINX Controller: API؅ཧ APIఆٛ ྲྀྔ؅ཧ ೝূɾೝՄ

33. ·ͱΊ • ࣗࣾͷWebγεςϜ͕ෳࡶʹͳΓ͍͗ͯ͢Δ ◦ → NGINX Plus! • ϩʔυόϥϯαʔͷϋʔυ΢ΣΞͷߋ৽࣌ظʹདྷ͍ͯΔ ◦

    → NGINX Plus! • ϚΠΫϩαʔϏε΍ίϯςφͰͷӡ༻Λݕ౼த ◦ → NGINX Plus! ϑϦʔτϥΠΞϧ͸ ͪ͜Β͔Β 37

34. Thank you! 38