Slide 1

Slide 1 text

Leverage HTTP to deliver cacheable websites Thijs Feryn

Slide 2

Slide 2 text

Slow websites suck

Slide 3

Slide 3 text

Web performance is an essential part of the user experience

Slide 4

Slide 4 text

Slow ~ Down

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

MO' MONEY MO' SERVERS MO' PROBLEMS

Slide 9

Slide 9 text

Identify slowest parts

Slide 10

Slide 10 text

Optimize

Slide 11

Slide 11 text

After a while you hit the limits

Slide 12

Slide 12 text

Cache

Slide 13

Slide 13 text

Hi, I'm Thijs

Slide 14

Slide 14 text

I'm an Evangelist at

Slide 15

Slide 15 text

I'm @thijsferyn

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

Don’t recompute if the data hasn’t changed

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

Reverse caching proxy

Slide 21

Slide 21 text

Normally User Server

Slide 22

Slide 22 text

With ReCaPro * User ReCaPro Server * Reverse Caching Proxy

Slide 23

Slide 23 text

Content Delivery Network

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

No content

Slide 26

Slide 26 text

HTTP caching mechanisms Expires: Sat, 09 Sep 2017 14:30:00 GMT Cache-control: public, max-age=3600, s-maxage=86400 Cache-control: private, no-cache, no-store

Slide 27

Slide 27 text

In an ideal world

Slide 28

Slide 28 text

✓Stateless ✓Well-defined TTL ✓Cache / no-cache per resource ✓Cache variations ✓Conditional requests ✓Placeholders for non-cacheable content In an ideal world

Slide 29

Slide 29 text

Reality sucks

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

Time To Live

Slide 33

Slide 33 text

Cache variations

Slide 34

Slide 34 text

Legacy

Slide 35

Slide 35 text

What if we could design our software with HTTP caching in mind?

Slide 36

Slide 36 text

✓Portability ✓Developer empowerment ✓Control ✓Consistent caching behavior Caching state of mind

Slide 37

Slide 37 text

Cache-Control

Slide 38

Slide 38 text

Cache-Control: public, s-maxage=500

Slide 39

Slide 39 text

render('index.twig') ->setSharedMaxAge(500) ->setPublic(); } }

Slide 40

Slide 40 text

Cache-Control: private, no-store

Slide 41

Slide 41 text

/** * @Route("/private", name="private") */ public function private() { $response = $this ->render('private.twig') ->setPrivate(); $response->headers->addCacheControlDirective('no-store'); return $response; }

Slide 42

Slide 42 text

Conditional requests

Slide 43

Slide 43 text

Only fetch payload that has changed

Slide 44

Slide 44 text

HTTP/1.1 200 OK

Slide 45

Slide 45 text

Otherwise: HTTP/1.1 304 Not Modified

Slide 46

Slide 46 text

Conditional requests HTTP/1.1 200 OK Host: localhost Etag: 7c9d70604c6061da9bb9377d3f00eb27 Content-type: text/html; charset=UTF-8 Hello world output GET / HTTP/1.1 Host: localhost

Slide 47

Slide 47 text

Conditional requests HTTP/1.0 304 Not Modified Host: localhost Etag: 7c9d70604c6061da9bb9377d3f00eb27 GET / HTTP/1.1 Host: localhost If-None-Match: 7c9d70604c6061da9bb9377d3f00eb27

Slide 48

Slide 48 text

Conditional requests HTTP/1.1 200 OK Host: localhost Last-Modified: Fri, 22 Jul 2016 10:11:16 GMT Content-type: text/html; charset=UTF-8 Hello world output GET / HTTP/1.1 Host: localhost

Slide 49

Slide 49 text

Conditional requests HTTP/1.0 304 Not Modified Host: localhost Last-Modified: Fri, 22 Jul 2016 10:11:16 GMT GET / HTTP/1.1 Host: localhost If-Last-Modified: Fri, 22 Jul 2016 10:11:16 GMT

Slide 50

Slide 50 text

Cache-Control: public, max-age=100, s-maxage=500, stale-while-revalidate=20

Slide 51

Slide 51 text

Validate quickly

Slide 52

Slide 52 text

Exit early

Slide 53

Slide 53 text

Store & retrieve Etag

Slide 54

Slide 54 text

redis = $redis; } protected function isModified(Request $request, $etag) { if ($etags = $request->getETags()) { return in_array($etag, $etags) || in_array('*', $etags); } return true; } ... src/EventListener/ConditionalRequestListener.php

Slide 55

Slide 55 text

{ $this->redis = $redis; $this->logger = $logger; } protected function isModified(Request $request, $etag) { if ($etags = $request->getETags()) { return in_array($etag, $etags) || in_array('*', $etags); } return true; } public function onKernelRequest(GetResponseEvent $event) { $request = $event->getRequest(); $etag = $this->redis->get('etag:'.md5($request->getUri())); if(!$this->isModified($request,$etag)) { $event->setResponse(Response::create('Not Modified',Response::HTTP_NOT_MODIFIED)); } } public function onKernelResponse(FilterResponseEvent $event) { $response = $event->getResponse(); $request = $event->getRequest(); $etag = md5($response->getContent()); $response->setEtag($etag); if($this->isModified($request,$etag)) { $this->redis->set('etag:'.md5($request->getUri()),$etag); } } } src/EventListener/ConditionalRequestListener.php

Slide 56

Slide 56 text

Content composition & placeholders

Slide 57

Slide 57 text

No content

Slide 58

Slide 58 text

Shopping cart or account information

Slide 59

Slide 59 text

session cookie No cache

Slide 60

Slide 60 text

Code renders single HTTP response

Slide 61

Slide 61 text

Lowest common denominator: no cache

Slide 62

Slide 62 text

Placeholders

Slide 63

Slide 63 text

AJAX

Slide 64

Slide 64 text

Non-cached AJAX call

Slide 65

Slide 65 text

Edge Side Includes

Slide 66

Slide 66 text

Edge Side Includes ✓Placeholder ✓W3C standard ✓Parsed by Varnish ✓Output is a composition of blocks ✓State per block ✓TTL per block

Slide 67

Slide 67 text

Surrogate-Capability: key="ESI/1.0" Surrogate-Control: content="ESI/1.0" Varnish Backend Parse ESI placeholders Varnish

Slide 68

Slide 68 text

Non-cached ESI placeholder

Slide 69

Slide 69 text

ESI vs AJAX

Slide 70

Slide 70 text

✓ Server-side ✓ Standardized ✓ Processed on the “edge”, no in the browser ✓ Generally faster Edge-Side Includes - Sequential - One fails, all fail - Limited implementation in Varnish

Slide 71

Slide 71 text

✓ Client-side ✓ Common knowledge ✓ Parallel processing ✓ Graceful degradation AJAX - Processed by the browser - Extra roundtrips - Somewhat slower

Slide 72

Slide 72 text

Composition at the view layer

Slide 73

Slide 73 text

/** * @Route("/", name="home") */ public function index() { return $this ->render('index.twig') ->setPublic() ->setSharedMaxAge(500); } /** * @Route("/header", name="header") */ public function header() { $response = $this ->render('header.twig') ->setPrivate(); $response->headers->addCacheControlDirective('no-store'); return $response; } /** * @Route("/footer", name="footer") */ public function footer() { $response = $this->render('footer.twig'); $response ->setSharedMaxAge(500) ->setPublic(); return $response; } /** * @Route("/nav", name="nav") */ public function nav() { $response = $this->render('nav.twig'); $response ->setVary('X-Login',false) ->setSharedMaxAge(500) ->setPublic(); return $response; } Controller action per fragment

Slide 74

Slide 74 text

Subrequests

Slide 75

Slide 75 text


 {{ include('header.twig') }}


 {{ include('nav.twig') }}


 {% block content %}{% endblock %}


 {{ include('footer.twig') }}


 {{ render_esi(url('header')) }}


 {{ render_esi(url('nav')) }}


 {% block content %}{% endblock %}


 {{ render_esi(url('footer')) }}


Slide 76

Slide 76 text

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris consequat orci eget libero sollicitudin,…

Slide 77

Slide 77 text

Cache variations

Slide 78

Slide 78 text

How do you identify an object in cache?

Slide 79

Slide 79 text

The URL identifies objects in cache

Slide 80

Slide 80 text

What if the content of a URL varies based on the value of a request header?

Slide 81

Slide 81 text

Cache variations HTTP/1.1 200 OK Host: localhost Content-Language: en Content-type: text/html; charset=UTF-8 Hello world output GET / HTTP/1.1 Host: localhost Accept-Language: en, nl, de

Slide 82

Slide 82 text

Vary: Accept-Language Request header value Response header

Slide 83

Slide 83 text

Content invalidation

Slide 84

Slide 84 text

There's only one thing worse than not caching enough

Slide 85

Slide 85 text

It's caching too much or too long

Slide 86

Slide 86 text

Purging

Slide 87

Slide 87 text

sub vcl_recv { if (req.method == "PURGE") { if (!client.ip ~ purge) { return (synth(405, "This IP is not allowed to send PURGE.")); } if (req.http.X-Purge-Pattern) { ban("obj.http.X-Req-URL ~ " + req.url + " && obj.http.X-Req-Host == " + req.http.host); return (synth(200, "Purged")); } else { ban("obj.http.x-url == " + req.url + " && obj.http.x-host == " + req.http.host); return (synth(200, "Purged")); } } } sub vcl_backend_response { set beresp.http.x-url = bereq.url; set beresp.http.x-host = bereq.http.host; }

Slide 88

Slide 88 text

curl -XPURGE -H"X-Purge-Pattern:/products/(.*)" http://localhost

Slide 89

Slide 89 text

High TTL + purging

Slide 90

Slide 90 text

Low TTL + conditional requests

Slide 91

Slide 91 text

No content

Slide 92

Slide 92 text

No content

Slide 93

Slide 93 text

No content

Slide 94

Slide 94 text

https://feryn.eu https://twitter.com/ThijsFeryn https://instagram.com/ThijsFeryn

Slide 95

Slide 95 text

✓Navigation page ✓Private page Weak spots Not cached because of stateful content

Slide 96

Slide 96 text

Move state client-side

Slide 97

Slide 97 text

Replace PHP session with JSON Web Tokens

Slide 98

Slide 98 text

JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pb iIsImV4cCI6MTQ5NTUyODc1NiwibG9naW4iOnRydWV9.u4Idy- SYnrFdnH1h9_sNc4OasORBJcrh2fPo1EOTre8 ✓3 parts ✓Dot separated ✓Base64 encoded JSON ✓Header ✓Payload ✓Signature (HMAC with secret)

Slide 99

Slide 99 text

eyJzdWIiOiJhZG1pbiIsIm V4cCI6MTQ5NTUyODc1Niwi bG9naW4iOnRydWV9 { "alg": "HS256", "typ": "JWT" } { "sub": "admin", "exp": 1495528756, "login": true } HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret ) eyJhbGciOiJIUzI1NiIsI nR5cCI6IkpXVCJ9 u4Idy- SYnrFdnH1h9_sNc4OasOR BJcrh2fPo1EOTre8

Slide 100

Slide 100 text

JWT Cookie:token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJhZG1pbiIsImV4cCI6MTQ5NTUyODc1NiwibG9naW4iOnRydW V9.u4Idy-SYnrFdnH1h9_sNc4OasORBJcrh2fPo1EOTre8 ✓Stored in a cookie ✓Can be validated by Varnish ✓Payload can be processed by any language (e.g. Javascript)

Slide 101

Slide 101 text

sub jwt { std.log("Ready to perform some JWT magic"); if(cookie.isset("jwt_cookie")) { #Extract header data from JWT var.set("token", cookie.get("jwt_cookie")); var.set("header", regsub(var.get("token"),"([^\.]+)\.[^\.]+\.[^\.]+","\1")); var.set("type", regsub(digest.base64url_decode(var.get("header")),{"^.*?"typ"\s*:\s*"(\w+)".*?$"},"\1")); var.set("algorithm", regsub(digest.base64url_decode(var.get("header")),{"^.*?"alg"\s*:\s*"(\w+)".*?$"},"\1")); #Don't allow invalid JWT header if(var.get("type") == "JWT" && var.get("algorithm") == "HS256") { #Extract signature & payload data from JWT var.set("rawPayload",regsub(var.get("token"),"[^\.]+\.([^\.]+)\.[^\.]+$","\1")); var.set("signature",regsub(var.get("token"),"^[^\.]+\.[^\.]+\.([^\.]+)$","\1")); var.set("currentSignature",digest.base64url_nopad_hex(digest.hmac_sha256(var.get("key"),var.get("header") + "." + var.get("rawPayload")))); var.set("payload", digest.base64url_decode(var.get("rawPayload"))); var.set("exp",regsub(var.get("payload"),{"^.*?"exp"\s*:\s*([0-9]+).*?$"},"\1")); var.set("jti",regsub(var.get("payload"),{"^.*?"jti"\s*:\s*"([a-z0-9A-Z_\-]+)".*?$"},"\1")); var.set("userId",regsub(var.get("payload"),{"^.*?"uid"\s*:\s*"([0-9]+)".*?$"},"\1")); var.set("roles",regsub(var.get("payload"),{"^.*?"roles"\s*:\s*"([a-z0-9A-Z_\-, ]+)".*?$"},"\1")); #Only allow valid userId if(var.get("userId") ~ "^\d+$") { #Don't allow expired JWT if(std.time(var.get("exp"),now) >= now) { #SessionId should match JTI value from JWT if(cookie.get(var.get("sessionCookie")) == var.get("jti")) { #Don't allow invalid JWT signature if(var.get("signature") == var.get("currentSignature")) { #The sweet spot set req.http.X-login="true"; } else { std.log("JWT: signature doesn't match. Received: " + var.get("signature") + ", expected: " + var.get("currentSignature")); } } else { std.log("JWT: session cookie doesn't match JTI." + var.get("sessionCookie") + ": " + cookie.get(var.get("sessionCookie")) + ", JTI:" + var.get("jti")); } } else { std.log("JWT: token has expired"); } } else { std.log("UserId '"+ var.get("userId") +"', is not numeric"); } } else { std.log("JWT: type is not JWT or algorithm is not HS256"); } std.log("JWT processing finished. UserId: " + var.get("userId") + ". X-Login: " + req.http.X-login); } #Look for full private content if(req.url ~ "/node/2" && req.url !~ "^/user/login") { if(req.http.X-login != "true") { return(synth(302,"/user/login?destination=" + req.url)); } } } Insert incomprehensible Varnish VCL code here …

Slide 102

Slide 102 text

X-Login: true End result: X-Login: false

Slide 103

Slide 103 text

Extra cache variation required

Slide 104

Slide 104 text

Vary: Accept-Language, X-Login Content for logged-in & anonymous differs

Slide 105

Slide 105 text


 function getCookie(name) {
 var value = "; " + document.cookie;
 var parts = value.split("; " + name + "=");
 if (parts.length == 2) return parts.pop().split(";").shift();
 }
 function parseJwt (token) {
 var base64Url = token.split('.')[1];
 var base64 = base64Url.replace('-', '+').replace('_', '/');
 return JSON.parse(window.atob(base64));
 };
 $(document).ready(function(){
 if ($.cookie('token') != null ){
 var token = parseJwt($.cookie("token"));
 $("#usernameLabel").html(', ' + token.sub);
 }
 });
 Parse JWT in Javascript

Slide 106

Slide 106 text

Does not require backend access

Slide 107

Slide 107 text

No content

Slide 108

Slide 108 text

No content

Slide 109

Slide 109 text

https://feryn.eu https://twitter.com/ThijsFeryn https://instagram.com/ThijsFeryn