Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
NGINX Plusのご紹介 - Red Hat Forum Tokyo 2018
Search
NGINX Japan
November 08, 2018
Technology
120
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
NGINX Plusのご紹介 - Red Hat Forum Tokyo 2018
NGINX Japan
November 08, 2018
More Decks by NGINX Japan
See All by NGINX Japan
NGINX / Developers Summit 2019
nginx_jp
0
1.6k
NGINX Plus - マイクロサービスの高可用性 / JapanContainerDays v18.12
nginx_jp
4
2.1k
NGINXとApacheざっくり比較 - NGINX MeetUp #1 Lightning Talks
nginx_jp
0
130
Other Decks in Technology
See All in Technology
作る力から、見極める力へ — AI時代に広がるエンジニアの価値と役割
rince
0
350
クレデンシャル流出 ― 攻撃 3 時間 vs 復旧 10 時間。この非対称性にどう備えるか
kazzpapa3
3
590
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
170
WebGIS AI Agentの紹介
_shimizu
0
580
2026年6月23日 Syncable Tech + Start Python Club にて
hamukazu
0
150
コミュニティの有益性 ~JAWS Days 2026 での体験を通して~ / The Benefits of a Community ~Through My Experience at JAWS Days 2026~
seike460
PRO
0
290
AIをフル活用してオンコール機能のプロトタイプを2日で作った話 / Building an AI-Powered On-Call Prototype in Just Two Days
nari_ex
0
140
【Snowflake Summit 2026 Recap!!】Snowflake Summit Deep Dive: Security & Governance
civitaspo
1
320
Lightning近況報告
kozy4324
0
220
LayerX コーポレートエンジニアリング室におけるサプライチェーンセキュリティへの取り組み / Supply Chain Security at LayerX Corporate Engineering
yuyatakeyama
3
850
Zenoh on Zephyr on LiteX
takasehideki
2
120
サイバーエージェントにおけるAI推進戦略と変革への取り組み
shotatsuge
0
590
Featured
See All Featured
Discover your Explorer Soul
emna__ayadi
2
1.1k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
170
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
340
Believing is Seeing
oripsolob
1
150
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
740
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
420
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.4k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
We Are The Robots
honzajavorek
0
260
4 Signs Your Business is Dying
shpigford
187
22k
A designer walks into a library…
pauljervisheath
211
24k
sira's awesome portfolio website redesign presentation
elsirapls
0
280
Transcript
NGINX Plusͷ͝հ ϚΠΫϩαʔϏεͷߴՄ༻ੑ NGINX ςΫχΧϧ ιϦϡʔγϣϯζ ΞʔΩςΫτ ాลໜ 2018/11/8
None
NGINXͷ͝հ NGINX Plus αʔϏεϝογϡͱAPI ήʔτΣΠ 1 2 3 ຊͷ༰
NGINXͷ͝հ 1
NGINXࣾ • ʹઃཱɺʹNGINX 1MVTͷॳظϦϦʔε 044൛ॳظϦϦʔε • ສҎ্ͷΣϒαΠτ • ΤϯλʔϓϥΠζιϑτΣΞۀքͷϦʔμʔͷϕϯνϟʔΩϟϐλϧͷࢧԉ •
αϯϑϥϯγείɺϩϯυϯɺίʔΫɺγϯΨϙʔϧɺγυχʔɺϞεΫϫɺ౦ژͷΦϑΟε • ࣾҎ্ͷސ٬ • ਓҎ্ͷैۀһ
NGINX Unit NGINX ͔Βͷ৽͍͠ಈతͳWebͱΞϓϦ έʔγϣϯɾαʔόʔɻΦʔϓϯιʔεɺ ෳͷݴޠͷαϙʔτɺ͓Αͼಈతͳ REST API ओಋͷߏɻ NGINX
Plus ϩʔυόϥϯαʔɺWebαʔόʔɺίϯςϯ πΩϟογϡΛؚΉ།ҰͷΦʔϧΠϯϫϯι ϦϡʔγϣϯɻίετΛݮ͠ͳ͕ΒɺΞʔ ΩςΫνϟΛ؆ૉԽ͠·͢ɻ NGINX Controller NGINX PlusͷͨΊͷूதࢹ͓Αͼཧɻ ୯Ұͷඒ͍͠ΠϯλʔϑΣΠεΛ༻ͯ͠ɺ ԾϩʔυόϥϯαʔΛల։͠·͢ɻ NGINX WAF Φʔϓϯιʔεͷ WebΞϓϦέʔγϣϯϑΝ ΠΞΥʔϧ (WAF)SQL ΠϯδΣΫγϣϯɺ LFIRFI͓ΑͼͦͷଞͷϨΠϠ7߈ܸΛ ޚ͠·͢ɻ Powered by ModSecurity.
ݱࡏͷΞϓϦͷΠϯϑϥෳࡶ 7
NGINXʹΑΓ10ഒ؆ૉԽɾ 80%ίετݮ 8
NGINX ΞϓϦέʔγϣϯ ϓϥοτϑΥʔϜ ϩʔυόϥϯαɺAPI ήʔτΣΠɺ͓Αͼ αʔϏεϝογϡΛ୯Ұ ͷϞδϡϥʔԽϓϥοτ ϑΥʔϜʹ౷߹͢Δ͜ͱ ʹΑΓɺഒͷ؆ૉԽ ͱ
ͷίετݮΛ ࣮ݱ͢Δۀք།Ұͷι Ϧϡʔγϣϯ ύϑΥʔϚϯε ྗੑ ηΩϡϦςΟ ϩʔυόϥϯαʔ API αʔϏεϝογϡ
ΞϓϦͷ࠷৽Խͷ3ͭͷεςοϓ ϋʔυΣΞͷ ஔ͖͑ Ϋϥυͷ Ҡߦ ϚΠΫϩαʔϏε ͷҠߦ σδλϧτϥϯεϑΥʔϝʔγϣϯ
࠷৽Խ ϨΨγʔΞϓϦͱϚΠΫϩαʔ ϏεΛαϙʔτ͠ͳ͕Βɺ ࣗͷϖʔεͰΞϓϦΛ ࠷৽ԽͰ͖·͢ ؆ૉԽ ϞμϯͳΞϓϦΛ؆ૉԽ͠ɺ ϚϧνΫϥυͷҠ২ੑΛ ఏڙ͠·͢ NGINX:
ύϑΥʔϚϯε্͚ͩͰͳ͘ɺ ෳࡶ͞Λܰݮ͠·͢ɻ 12 ੜ࢈ੑ ΠϯϑϥετϥΫνϟ͓Αͼ ΞϓϦέʔγϣϯνʔϜؒͰ γʔϜϨεʹಈ࡞͠·͢
NGINX Plus 2
͠NGINX͕͖ͳΒ NGINX Plus͕ େ͖ʹͳΔͰ͠ΐ͏
NGINX Plusͱ • ΞϓϦέʔγϣϯͷఏڙʹؔ͢ΔશͯΛΧόʔ ◦ ϩʔυόϥϯαʔ ◦ ίϯςϯπΩϟογϡ ◦ Web
αʔόʔ ◦ ηΩϡϦςΟίϯτϩʔϧ ◦ ಈతϞδϡʔϧ ◦ ࢹ ◦ ߴՄ༻ੑ (HA) ◦ Kubernetes Ingress controller ◦ ϓϩάϥϚϏϦςΟ
NGINX Plus Runs Anywhere… Bare metal Multi-cloud Containers Linux/BSD CPUs
ߴੑೳͳΞϓϦέʔγϣϯͷ৴ • ৄࡉͰ๛ͳϝτϦοΫ • ڧྗͳෛՙࢄ • ϔϧενΣοΫ • αʔϏεϨδετϦͷ౷߹ •
HTTP/HTTPS/H2/gRPC/TCP/UDP HTTP HTTPS HTTP/2 gRPC TCP UDP consul etcd
౷߹ͱ؆ૉԽ Web ΞϓϦέʔγϣϯ ϑΝΠΞΥʔϧ Web Ωϟογϡ ωοτϫʔΫ ϑΝΠΞΥʔϧ ϩʔυόϥϯαʔ SSL
ϦόʔεϓϩΩγ ೝূ ήʔτΣΠ API ήʔτΣΠ ΞϓϦέʔγϣϯ <··> <··>
NGINX OSS vs NGINX Plus 19
Demo: NGINX PlusͷμογϡϘʔυ 20 શମ αʔόʔͷঢ়گʢκʔϯʹ͚ͯදࣔʣ Ωϟογϡ ڞ༗ϝϞϦʔ NGINX Plusͷ
Πϯελϯεຖͷใ
Demo: Upstreamͷಈతมߋ ϩʔυόϥϯεઌ (Upstream) ΛಈతʹมߋՄೳ μογϡϘʔυͷGUIͰ APIͰ
Demo: NGINX Controller 22 ଟͷNGINX Plus͔Β౷ܭใΛू
Demo: NGINX Controller 23 nginx.conf ͷ֬ೝ nginx.conf ͷมߋ ઃఆͷݕূ
αʔϏεϝογϡͱ APIήʔτΣΠ 3
NGINX Plus ͱϚΠΫϩαʔϏε • NGINX ϚΠΫϩαʔϏεʹ ର͠ҎԼΛఏڙ ◦ ଓ ◦
αʔϏεఏڙ ◦ ೝূ ◦ ηΩϡϦςΟ ◦ Ωϟογϡ ◦ ෛՙࢄ ◦ εέʔϦϯά
NGINXɺ͋ΒΏΔϚΠΫϩ αʔϏεΞʔΩςΫνϟΛαϙʔτ Fabric Model Router Mesh Model Proxy Model
ͳͥ NGINX? NGINX ϚΠΫϩαʔϏεΛݱ࣮ʹ ݱࡏར༻͞Ε͍ͯΔσʔλϓϨʔϯιϦϡʔγϣϯ • 400ສɿNGINXΠϯελϯε͕ϓϩμΫγϣϯͷϚΠΫϩαʔϏεͰՔಇதɻ* • 10ԯճɿNGINX ެࣜ
DockerHub Πϝʔδͷϓϧ • ߴՄ༻ੑίϯςφτϥϑΟοΫཧͷͨΊͷ NGINX Plus Dockerfile • ඦສճɿNGINX Kubernetes Ingress Controllerͷϓϧ • 250ࣾɿNGINXΛϓϩμΫγϣϯͷϚΠΫϩαʔϏεͰ༻த* • NGINX Plus: ίϯςφͰωΠςΟϒʹΞϓϦέʔγϣϯαʔϏεΛఏڙ • NGINX Controller: શͳࢹ͓ΑͼཧίϯςφϓϥοτϑΥʔϜ * Source: Internal customer data and surveys
East-West τϥϑΟοΫ: API ήʔτΣΠͱ αʔϏεؒͷτϥϑΟοΫ
ಈతͳ E-W ϧʔςΟϯά: αʔϏεͷݕग़ • ͜Μͳͱ͖ʹඞཁ: ◦ ৽͍͠αʔϏε͕Ճ͞Εͨ ◦ طଘͷαʔϏεͷΠϯελϯε͕Ճ͞Εͨ
• ϓϩΩγ͕ߏ͞ΕΔτϦΨʔ: ◦ Ansible Roles ◦ Consul templates ◦ DNS A, SRV Ϩίʔυ ◦ AWS Autoscaling άϧʔϓ ◦ Kubernetes (kube-dns) Ingress and Service-to- Service
NGINX αΠυΧʔ: ηΩϡΞͰߴͳαʔϏεؒτϥϑΟοΫ • ηΩϡΞ ◦ αʔϏεؒͷSSL/TLS௨৴ ◦ NGINX Λܦ༝͠ͳ͍
ύεͷϧʔςΟϯάͳ͠ ◦ αʔϏεϨδετϦ lsource of truth” ◦ ΞϓϦ͝ͱͷೝূͱΫϨʔϜ੍ޚʹ JWT • ࠷దԽ ◦ SSL keepalive, ηοτΞοϓίετͷݮ ◦ αʔϏεؒͷτϥϑΟοΫྔௐ ◦ Many-to-many ίΞͱϦόʔεϓϩΩγͷ ΞʔΩςΫνϟ
࣍ͷεςοϓ: αʔϏεϝογϡͷΦʔέετϨʔγϣϯ • ࢄαʔϏεؒͷ௨৴Λߴɺߴ৴ པɺ͓ΑͼηΩϡΞʹ͢Δωοτ ϫʔΫ • සൟͳαʔϏεมߋʹରͯ͠ɺ ωοτϫʔΫ௨৴ͷ৴པੑΛ֬อ •
αʔϏεϝογϡΛҙࣝ͢Δඞཁ ͳ͘ɺσʔλͱίϯτϩʔϧϓ Ϩʔϯͷ੍ޚΛ αʔϏεϝογϡ ίϯτϩʔϧϓϨʔϯ ϓϥοτϑΥʔϜͷΦʔέετϨʔγϣϯ (K8s, Docker, EKS, etc) αʔϏεϝογϡ σʔλϓϨʔϯ
North-South τϥϑΟοΫͱ Ingress Controller
NGINX Plus: API ήʔτΣΠ NGINX PlusAPI • API ϧʔςΟϯά
◦ URL Ϛοϐϯά ◦ աෛՙอޢ • ೝূ ◦ API Ωʔ ◦ JWT/JWK ◦ SSL/MASSL Everywhere • ੳͱࠪ ◦ ϦΫΤετͷτϨʔε • ࠷దԽ ◦ ΞοϓετϦʔϜ API ΫϥελϦϯά
NGINX Plus - Kubernetes Ingress Controller NGINX PlusΛೖΓޱͱͯ͠ KubernetesΞϓϦέʔγϣϯΛ࡞ :
• ߴͳෛՙࢄͱSSL/TLS ऴ • WebSocket ͱ HTTP/2 ͷαϙʔτ • ϦΫΤετ͕ΞϓϦέʔγϣϯʹసૹ͞ΕΔ લʹURI ॻ͖͑ • ಈతͳ࠶ߏ • Session persistence • JWT authentication • Prometheusͷαϙʔτ • 24x7 αϙʔτ https://github.com/nginxinc/kubernetes-ingress
؆୯Ͱ౷߹͞Εͨߏ 1. apiVersion: extensions/v1beta1 2. kind: Ingress 3. metadata: 4.
name: cafe-ingress 5. spec: 6. tls: 7. - hosts: 8. - cafe.example.com 9. secretName: cafe-secret 10. rules: 11. - host: cafe.example.com 12. http: 13. paths: 14. - path: /tea 15. backend: 16. serviceName: tea-svc 17. servicePort: 80 18. - path: /coffee 19. backend: 20. serviceName: coffee-svc 21. servicePort: 80
OpenShift Router https://github.com/nginxinc/nginx-plus-router NGINXͷੑೳͱ҆ఆੑɾ࠷৽ͷػೳɾ༻αϙʔτ͕ಘΒΕ·͢
39 NGINX Solution Diagram
·ͱΊ 40 • ࣗࣾͷWebγεςϜ͕ෳࡶʹͳΓ͍͗ͯ͢Δ ◦ → NGINX Plus! • ϩʔυόϥϯαʔͷϋʔυΣΞͷߋ৽࣌ظʹདྷ͍ͯΔ
◦ → NGINX Plus! • APIήʔτΣΠαʔϏεϝογϡΛݕ౼த ◦ → NGINX Plus! ϑϦʔτϥΠΞϧ ͪ͜Β͔Β
[email protected]
ͥͻϒʔεʹཱ͓ͪدΓԼ͍͞ʂ