Microservices on Fastly v1.1

Transcript

1. . ೔ຊܦࡁ৽ฉࣾ ҆ా ཽ 'BTUMZ
   5FDI
   5BML
   
   

2. 
   o E (r , eak i N T n

   j ea )r p chmti i :5 25 1 s R S S .- l g 6 3 0:3 :

3. 
    3 1 2 - 0

4. . () / ) (
       

      AD

5. . Service A Service C Service B Service D Routing

   Caching Dev Debug Logging Auth ESI

6. . Service A Service C Service B Service D Routing

   Caching Dev Debug Logging ESI ৽ωλ Dynamic Critical CSS Auth

7. 
    Service A Service C Service B Service D Service

   Registry ֤αʔϏεͷ৘ใ؅ཧ΍ ϔϧενΣοΫ ϦΫΤετઌαʔϏεͷ৘ใऔಘ ϦΫΤετͷૹ৴

8. 
    Routing Caching Dev Debug Logging Auth ESI Service A

   Service C Service B Service D • F • •

9. 
    Routing Caching Dev Debug Logging ESI Service A Service

   C Service B Service D • I • F Auth

10.   
      هࣄαʔϏε هࣄߋ৽௨஌ max-age: 604800 purge •

    '+25*-1/&%"! #3 • *-(. /&%"! #,) •   
    
    40$

11. 
     Routing Caching Dev Debug Logging ESI Service A Service

    C Service B Service D • - • - • origin͕ࢮΜͰ΋ࢦఆͨ͠ظؒ͸ΩϟογϡΛར༻ͯ͘͠ΕΔઃఆ Service B͕ࢮΜͰ΋ ΩϟογϡΛ࢖ͬͯՔಇ Auth

12. - - Routing Caching Dev Debug Logging ESI Service A

    Service C Service B Service D • F M R • • H Service D Nikkei-Routing-Override: serviceD->serviceD-tunnel Local Machine t u n n e l Auth

13. • F D I D • ) ( ( (

    • F D H R Routing Caching Dev Debug Logging ESI Service A Service C Service B Service D Nikkei-Routing-Journey: serviceA Nikkei-Routing-Journey: serviceA,serviceB Nikkei-Routing-Journey: serviceA,service,serviceD Auth

14. 
     Routing Caching Dev Debug Logging ESI Service A Service

    C Service B Service D • • • F Real Time Log Streaming request url status code response size taken time cache HIT/MISS ... Auth
15. None

16. ֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ཰ Ϣʔβछผ͝ͱͷΩϟογϡώοτ཰ (هࣄϖʔδ)

17. 
    Routing Caching Dev Debug Logging ESI Service A Service

    C Service B Service D •
      •   ! • " Auth

18. 
        هࣄϖʔδ /article/123 Cookie: Auth=a124b5... OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ

    ϢʔβͷݖݶʹΑͬͯ ίϯςϯπมΘΔ

19. 
        هࣄϖʔδ /article/123 Cookie: Auth=a124b5… Cache-control: no-cache,

    no-store Cookie: Auth=a124b5... Cache-control: no-cache, no-store OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ

20. 
        هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:

    paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ

21. 
        هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:

    paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ User-Rank͝ͱʹΩϟογϡ෼͚ ΔΑ͏CDNʹ໋ྩ

22. 
          ඇձһ ༗ྉձһ ແྉձһ Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ཰

    ϩάΠϯϢʔβʹରͯ͠΋ΩϟογϡͰ͖ͯΔ

23. ( ) Routing Caching Dev Debug Logging Auth ESI Service

    A Service C Service B Service D •

24. •  
      ɾ ɾ ɾ ←ͷදࣔʹඞཁͳ࠷௿ݶͷCSSΛ HTMLʹຒΊࠐΉ

    ←ͷCSS͸ը໘දࣔޙʹಡΈࠐΉ

25. •  
      • CSSऔಘʹඞཁͳϦΫΤετ਺ɾαΠζΛݮΒͤΔ (544KB → 69KB)

    • CSSOMߏஙɾϨΠΞ΢τͷ࣌ؒΛ࡟ݮͰ͖Δ

26. • C •

27. ֤ϖʔδʹ࠷దԽ͞ΕͨCCSSΛΞΫηε࣌ʹੜ੒͠ ESIͰຒΊࠐΉ

28. Server Cache Control max-age=600 Cache Control: private <esi:include src=“http://example.com/mynews.html” />

    index.html mynews.html

29. • • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>

    <style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&഑৴ Cache Control: private Application Server Cache Control max-age=600

30. • • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>

    <style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&഑৴ Application Server Cache Control max-age=600 Cache Control max-age=86400

31. App Server … <style> <esi:include src=”critical.css”> <style> …

32. App Server Critical CSS Server ./critical.css … <style> <esi:include src=”critical.css”>

    <style> …

33. App Server ./critical.css S3 Critical CSS Server critical CSS͕͋Δ͔֬ೝ …

    <style> <esi:include src=”critical.css”> <style> …

34. App Server ./critical.css S3 Critical CSS Server critical css͕ଘࡏ͠ͳ͍ ͷͰ௨ৗͷCSSΛฦ٫

    Fastly΁Ωϟογϡ CSS Cache … <style> <esi:include src=”critical.css”> <style> …

35. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …

36. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    Ϗϧυ͕׬ྃͨ͠ΒS3΁อଘ ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …

37. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    Ωϟογϡ͞Εͨ ௨ৗͷCSSΛPurge ඇಉظͰϏϧυཁٻ … <style> <esi:include src=”critical.css”> <style> … CSS Cache

38. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    ඇಉظͰϏϧυཁٻ Critical CSS Cache ࣍ճΞΫηε࣌ɺ Critical CSSΛฦ٫ Fastly΁Ωϟογϡ … <style> <esi:include src=”critical.css”> <style> …

39. • J S •

40. 
           S d d

    F C e h S I E c a

41. 
      

42. None
43. None

44. Routing Caching Logging Auth Vanity URL ESI hub service •

    $
    #%"
     • 
    & ' 
    $!  ”/” ”/hub/front” ද޲͖URL ಺෦URL

45. table vanities { ”/”: ”/hub/front” … } Routing Caching Logging

    Auth Vanity URL ESI • F D • E • R F D U L ”/” ද޲͖URL hub service ”/hub/front” ಺෦URL
46. None

47. 
     Top Article API ֎෦Ϧιʔε /article/123 Path Based Routing

48. backends.vcl routing.vcl  
     backend article { .host:

    "article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

49. [ { "name": "article", "path": "/article/.+", "host": "article.xx.jp", "ssl": true

    } … ] services.json backends.vcl routing.vcl શαʔϏεͷఆٛϑΝΠϧ ͲΜͳαʔϏεɺϧʔτ͕͋Δ ͔ͻͱ໨ͰΘ͔Δ  
      backend article { .host: "article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

50. 
    if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") { set beresp.stale_if_error = 86400s;

    }  
       Next NikkeiͰ͸ɺstale-if-errorΛࣗಈͰ෇༩ αʔϏε͕ࢮΜͰ΋ɺΩϟογϡ͕͋Ε͹͠͹Β͘͸ίϯςϯπΛฦͤΔ stale-if-error

51.    
     ೝূΫοΩʔ(JWTܗࣜ): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ A

    :J :C AA :, - : :; :C AA : 414 $" 14 $ 14 $ " .6 B :D ;: 6 :+)5 : A : - = I ;: 6 5 6(*+5 6 :+) " 4 6 :; 6 6 ?A6 4 . 2 ,2 2 $" . 2 "

52.    
     if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") { set

    req.http.Auth-Valid = "false"; } set var.base64Header = re.group.1; set var.base64Payload = re.group.2; set var.signature = digest.base64url_decode(re.group.3); set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "." var.base64Payload)); set var.payload = digest.base64_decode(var.base64Payload); set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1"); # γάωνϟͷਖ਼౰ੑͱ༗ޮظݶͷ֬ೝ if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) { set req.http.Auth-Valid = "false"; } # payload͔Βݖݶ৘ใͳͲΛநग़ req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");

53.    
     sub vcl_log { log

    {"syslog "} req.service_id {" fastly-log :: "} {" timestamp_us:"} time.start.usec {" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "") {" upstream_host:"} regsuball(req.http.Host, {" "}, "") {" remote_addr:"} client.ip {" method:"} req.request {" fastly_x_cache:"} req.http.X-Cache {" fastly_x_cache_hits:"} req.http.X-Cache-Hits {" user_id:"} req.http.User-ID {" user_rank:"} req.http.User-Rank; … } LTSVܗࣜͰͷϩάग़ྗྫ