Slide 1
Slide 1 text
nginx࣮ફೖ
ϝΠΩϯά
Tatsuhiko Kubo@cubicdaiya
nginx Tech Talks 2016/02/08
Slide 2
Slide 2 text
@cubicdaiya / Tatsuhiko Kubo
Principal Engineer, SRE @ Mercari, Inc.
ngx_small_light, ngx_dynamic_upstream,
nginx-build, slackboard,cachectl, gaurun, etc…
Slide 3
Slide 3 text
No content
Slide 4
Slide 4 text
https://www.mercari.com/
Mercari - Your Friendly Mobile Marketplace
Slide 5
Slide 5 text
Agenda
• ʰnginx࣮ફೖʱͷհ
• ࣥචʹ·ͭΘΔΤϐιʔυ
• ຊॻ੶ʹܝࡌ͖͠Εͳ͔ͬͨ༰ɺɹɹɹ
nginxͷ৽ػೳʹ͍ͭͯ
Slide 6
Slide 6 text
No content
Slide 7
Slide 7 text
ʰnginx࣮ફೖʱষߏ
• 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ
• 2ষ Πϯετʔϧͱىಈ
• 3ষ جຊઃఆ
• 4ষ ੩తͳWebαΠτͷߏங
• 5ষ ҆શ͔ͭߴͳHTTPSαʔόͷߏங
Slide 8
Slide 8 text
ʰnginx࣮ફೖʱষߏ
• 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங
• 7ষ େنίϯςϯπ৴αʔόͷߏங
• 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά
• 9ষ LuaʹΑΔnginxͷ֦ு
• 10ষ OpenResty
Slide 9
Slide 9 text
ࣥච։࢝ɿ201311݄
ࣥචྃɿ201512݄
ൃചɹɿ20161݄
2͔͔Γ·ͨ͠…
Slide 10
Slide 10 text
ষߏ ݪҊʢ2013ࠒʣ
• 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ
• 2ষ Πϯετʔϧ
• 3ষ جຊઃఆ
• 4ষ ੩తͳWebαΠτͷߏங
• 5ষ WebΞϓϦέʔγϣϯαʔόͷߏங
Slide 11
Slide 11 text
ষߏ ݪҊʢ2013ࠒʣ
• 6ষ େنίϯςϯπ৴αʔόͷߏங
• 7ষ ը૾ετϨʔδαʔόͷߏங
• 8ষ nginxαʔόͷӡ༻ʗࢹ
• 9ষ ϋΠύϑΥʔϚϯεnginx
• 10ষ LuaʹΑΔnginxͷ֦ு
• 11ষ ֦ுϞδϡʔϧͷ࡞Γํ
Slide 12
Slide 12 text
Ϙπʹͳͬͨষ
Slide 13
Slide 13 text
ը૾ετϨʔδαʔόͷߏங
Slide 14
Slide 14 text
ʮը૾ετϨʔδαʔόͷߏஙʯͳΜͰ͚͢Ͳɺ
͜ΕྲྀΕతʹʮେنίϯςϯπ৴αʔόʯͷষʹ
౷߹͠·͢Ͷ
͑ɺ͋ɺ͏Μ
※ձͷ༰ΠϝʔδͰ͢
Slide 15
Slide 15 text
ը૾ετϨʔδαʔόͷߏங
• nginxͰαϜωΠϧੜػೳ͖ετϨʔδαʔόΛߏங͢Δ
ͩͬͨ
• ngx_http_image_filter_module
• ngx_http_dav_module
• େنίϯςϯπ৴αʔόͷষʹ౷߹ͨ͠ํ͕͍͍ͷͰ
ʁ by @harukasan
• ༰͝ͱ7ষʹ౷߹͞Ε·ͨ͠
• ࠓͳΒngx_small_lightͷΛͯ͠Α͔͔ͬͨ͠Εͳ͍
Slide 16
Slide 16 text
ϋΠύϑΥʔϚϯεnginx
Slide 17
Slide 17 text
ϋΠύϑΥʔϚϯεnginx
• tcp_nopushΞοϓετϦʔϜͷΩʔϓΞ
ϥΠϒnginxͰͷνϡʔχϯάू
• ֤ষ͕༻్ຖʹղઆ͍ͯ͠Δ͜ͱ͋ͬͯ͜
͚ͩ͜·ͱ·Γ͕ͳ͍
• harukasanͷఏҊͰదͳষʹࢄ
Slide 18
Slide 18 text
ʮϋΠύϑΥʔϚϯεnginxʯͳΜͰ͚͢Ͳɺ
͜Ε֤߲ͷͷ༰͕όϥόϥͳͷͰ
ผʑͷষʹࢄͤ͞·͢Ͷɻ
͓ɺ͓͏
※ձͷ༰ΠϝʔδͰ͢
Slide 19
Slide 19 text
֦ுϞδϡʔϧͷ࡞Γํ
• ్த·Ͱॻ͍ͯ·͕ͨ͠ɺશવϖʔδΓͳ͘
ͯΊ·ͨ͠
• ͜ͷ༰͚ͩͰຊ͕Ұॻ͚Δ
• ༰͕શવೖ͡Όͳ͍
• CΑΓLuaͷղઆ૿ͨ͠ํ͕ಡऀͷͨΊʹͳΔ
• ͦ͏ͩɺOpenRestyʹ͠Α͏ʂ
Slide 20
Slide 20 text
ޙͰՃ͞Εͨষ
Slide 21
Slide 21 text
҆શ͔ͭߴͳHTTPSαʔόͷߏங
Slide 22
Slide 22 text
҆શ͔ͭߴͳHTTPSαʔόͷߏங
• ॳʰ੩తͳWebαΠτͷߏஙʱͰશ෦ղઆ
͍ͯͨ͠
• ͔͠͠ɺHTTPSͷॏཁੑͷߴ·Γ2014ࠒ͔
Βͷ૬͙࣍OpenSSLͷ੬ऑੑใࠂ͔Β༰͕
ංେԽ
• e.g. HeartBleed, FREAK Attack…
• ݁Ռɺؙʑ1ষׂ͍ͯղઆ͢Δ͜ͱʹ
Slide 23
Slide 23 text
OpenResty
Slide 24
Slide 24 text
OpenResty
• CʹΑΔ֦ுϞδϡʔϧ࡞ͷষΛͬͨͷͰ
͔ΘΓʹೖΕͨ
• ngx_luaؚΊଟࠃͰॳͷຊ֨తͳղઆ
• ngx_luaΛར༻͢Δ߹ɺʹར༻͢ΔΑΓ
OpenRestyʹ͓ͯ͘͠ํָ͕ͳ͜ͱ͕ଟ͍ͷ
ͰΦεεϝͰ͢
Slide 25
Slide 25 text
ʰnginx࣮ફೖʱষߏ
• 1ষ nginxͷ֓ཁͱΞʔΩςΫνϟ
• 2ষ Πϯετʔϧͱىಈ
• 3ষ جຊઃఆ
• 4ষ ੩తͳWebαΠτͷߏங
• 5ষ ҆શ͔ͭߴͳHTTPSαʔόͷߏங
Slide 26
Slide 26 text
ʰnginx࣮ફೖʱষߏ
• 6ষ WebΞϓϦέʔγϣϯαʔόͷߏங
• 7ষ େنίϯςϯπ৴αʔόͷߏங
• 8ষ Webαʔόͷӡ༻ͱϝτϦΫεϞχλϦϯά
• 9ষ LuaʹΑΔnginxͷ֦ு
• 10ষ OpenResty
Slide 27
Slide 27 text
೦ߍ࣌ظͷΈ(2015ळʙౙ)
Slide 28
Slide 28 text
nginxͷHTTP/2࣮͕
͍ͭग़Δ͔Θ͔Βͳ͍
Slide 29
Slide 29 text
nginxͷdynamic module͕
͍ͭग़Δ͔Θ͔Βͳ͍
Slide 30
Slide 30 text
nginx࣮ફೖͰղઆͯ͠ͳ͍ओͳ༰
• ngx_mail_xxx_module
• nginxͰϝʔϧϓϩΩγ
• ngx_stream_xxx_module
• nginxͰL4ϩʔυόϥϯε
• ngx_luaͷ࠷৽ͷσΟϨΫςΟϒ
• e.g. (ssl_certificate|balancer)_by_lua_block
Slide 31
Slide 31 text
nginxͰL4ϩʔυόϥϯε
stream {
upstream app {
server x.x.x.x:12345;
server x.x.x.y:12345;
}
server {
listen 50000;
proxy_pass app;
}
}
Slide 32
Slide 32 text
xxx_by_lua_block (e.g. content_by_lua_block)
• LuaεΫϦϓτΛΠϯϥΠϯͰॻ͘ࡍʹώΞυ
ΩϡϝϯτͰॻ͚ΔΑ͏ʹͳͬͨ
Slide 33
Slide 33 text
content_by_lua
location / {
content_by_lua ‘ngx.say(‘hello’)’;
}
Syntax error…
Slide 34
Slide 34 text
content_by_lua_block
location / {
content_by_lua_block {
ngx.say(‘hello’)
}
}
Slide 35
Slide 35 text
ssl_certificate_by_lua_(block|file)
• TLSϋϯυγΣΠΫ࣌ʹLuaεΫϦϓτΛϑο
ΫͰ͖Δ
• ূ໌ॻͷಈతͳΓସ͑ʹԠ༻Մೳ
Slide 36
Slide 36 text
balancer_by_lua_(block|file)
• upstreamίϯςΩετͰར༻ग़དྷΔσΟϨΫ
ςΟϒ
• ಈతͳϩʔυόϥϯαʔͷߏஙʹར༻Մೳ
Slide 37
Slide 37 text
ngx_stream_lua_module
• https://github.com/openresty/stream-lua-
nginx-module
• ngx_luaͰL4ϩʔυόϥϯε
• Status
• Quite usable but still experimental.
Slide 38
Slide 38 text
Coming soon…
• dynamic module support of nginx
• طʹnginxͷmainlineϦϙδτϦʹίϛοτ͞
ΕͯΔͷͰଟ࣍ͷ1.9.11ͰདྷΔ
./configure —with-stream=dynamic
■ streamϞδϡʔϧͷಈతϩʔσΟϯά
■ nginx.confͷઃఆ
load_module /path/to/ngx_stream_module.so