Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Microservices on Fastly v1.1

Ryo yasuda
February 20, 2019
Programming
2
830

Microservices on Fastly v1.1

Ryo yasuda

February 20, 2019
Tweet

More Decks by Ryo yasuda

See All by Ryo yasuda
GKE+Istio+GitOpsで作る日経電子版の次世代マイクロサービス基盤
ryysd
2
1.4k
日経電子版へのPWA導入事例
ryysd
0
220
Microservices on Fastly
ryysd
41
20k

Other Decks in Programming

See All in Programming
AT Protocol (BlueSky Social)仕様解説 ~ W3C DID仕様を添えて ~
gpsnmeajp
0
130
Amplify Boostup #2 monorepo 運用による複数プロジェクト開発
coa00
0
140
6年以上メンテされていない!? クレカ読み取りライブラリの廃止とDataScannerViewControllerを使ってクレカ読み取りを実装しよう!
terukinakano
0
110
Honoの3+1のルーターとそこにつながるPRがプロジェクトにもたらしたもの
usualoma
1
870
Flaky Tests - Fighting Nightmares
leichteckig
0
200
アンドキュメンテッド ちょうぜつソフトウェア 設計入門 「オブジェクト指向に定義はない」のか?
tanakahisateru
4
1k
社内のメンバーに「関数型プログラミングの学習・教育」についていろいろ聞いてみた
j5ik2o
1
460
防衛的 PHP: 多様性を生き抜くための PHP 入門 / Defensive PHP
siketyan
1
220
Kubernetesコントローラーのパフォーマンスチューニング
zoetrope
4
440
PHPerKaigi2023|技術負債とプロジェクトと私たち(technical debt&project&us)
weddingpark
0
190
GitHub ActionsとDeployGateで始めるAndroidアプリのCICD
yuhei_fujita
2
180
RISC-V 命令 / ISA 拡張ピックアップ ― 最近追加されたもの、これから追加されるもの、議論が進みつつあるもの
a4lg
0
120

Featured

See All Featured
Three Pipe Problems
jasonvnalue
89
9k
Facilitating Awesome Meetings
lara
34
4.7k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
7
670
Music & Morning Musume
bryan
37
4.7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
11
1.4k
A Tale of Four Properties
chriscoyier
149
21k
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
31
20k
Thoughts on Productivity
jonyablonski
50
2.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
Building Flexible Design Systems
yeseniaperezcruz
314
35k

Transcript

  1. .
    ೔ຊܦࡁ৽ฉࣾ ҆ా ཽ
    'BTUMZ5FDI5BML

    View Slide


  2. o E
    (r , eak i
    N T n j ea
    )r p chmti i
    :5 25 1 s
    R S S .-
    l g
    6 3 0:3 :

    View Slide


  3. 3 1
    2 - 0

    View Slide

  4. . ()
    / ) (





    AD

    View Slide

  5. .
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    Routing Caching
    Dev
    Debug
    Logging Auth ESI

    View Slide

  6. .
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    Routing Caching
    Dev
    Debug
    Logging ESI
    ৽ωλ
    Dynamic Critical CSS
    Auth

    View Slide


  7. Service
    A
    Service
    C
    Service
    B
    Service
    D
    Service
    Registry
    ֤αʔϏεͷ৘ใ؅ཧ΍
    ϔϧενΣοΫ
    ϦΫΤετઌαʔϏεͷ৘ใऔಘ
    ϦΫΤετͷૹ৴

    View Slide


  8. Routing Caching
    Dev
    Debug
    Logging Auth ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • F


    View Slide


  9. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • I
    • F
    Auth

    View Slide



  10. هࣄαʔϏε
    هࣄߋ৽௨஌
    max-age: 604800
    purge
    • '+25*-1/&%"! #3
    • *-(. /&%"! #,)


    40$

    View Slide


  11. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • -
    • -
    • origin͕ࢮΜͰ΋ࢦఆͨ͠ظؒ͸ΩϟογϡΛར༻ͯ͘͠ΕΔઃఆ
    Service B͕ࢮΜͰ΋
    ΩϟογϡΛ࢖ͬͯՔಇ
    Auth

    View Slide

  12. - -
    Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • F M R

    • H
    Service
    D
    Nikkei-Routing-Override:
    serviceD->serviceD-tunnel
    Local Machine
    t
    u
    n
    n
    e
    l
    Auth

    View Slide

  13. • F D I D
    • ) ( ( (
    • F D H R
    Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    Nikkei-Routing-Journey:
    serviceA
    Nikkei-Routing-Journey:
    serviceA,serviceB
    Nikkei-Routing-Journey:
    serviceA,service,serviceD
    Auth

    View Slide


  14. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D


    • F
    Real Time Log Streaming
    request url
    status code
    response size
    taken time
    cache HIT/MISS
    ...
    Auth

    View Slide

  15. View Slide

  16. ֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ཰ Ϣʔβछผ͝ͱͷΩϟογϡώοτ཰
    (هࣄϖʔδ)

    View Slide


  17. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D


    !
    • "
    Auth

    View Slide



  18. هࣄϖʔδ
    /article/123
    Cookie:
    Auth=a124b5...
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ
    ϢʔβͷݖݶʹΑͬͯ
    ίϯςϯπมΘΔ

    View Slide



  19. هࣄϖʔδ
    /article/123
    Cookie:
    Auth=a124b5…
    Cache-control:
    no-cache, no-store
    Cookie:
    Auth=a124b5...
    Cache-control:
    no-cache, no-store
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ

    View Slide



  20. هࣄϖʔδ
    /article/123 ϦΫΤετϔομ
    User-ID: 98765
    User-Rank: paid
    Ϩεϙϯεϔομ
    Vary: User-Rank
    Cookie:
    Auth=a124b5...
    Cache-control: private
    ೝূΫοΩʔͷ
    decodeɾvalidate
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ

    View Slide



  21. هࣄϖʔδ
    /article/123 ϦΫΤετϔομ
    User-ID: 98765
    User-Rank: paid
    Ϩεϙϯεϔομ
    Vary: User-Rank
    Cookie:
    Auth=a124b5...
    Cache-control: private
    ೝূΫοΩʔͷ
    decodeɾvalidate
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ
    User-Rank͝ͱʹΩϟογϡ෼͚
    ΔΑ͏CDNʹ໋ྩ

    View Slide



  22. ඇձһ ༗ྉձһ ແྉձһ
    Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ཰
    ϩάΠϯϢʔβʹରͯ͠΋ΩϟογϡͰ͖ͯΔ

    View Slide

  23. ( )
    Routing Caching
    Dev
    Debug
    Logging Auth ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D

    View Slide



  24. ɾ
    ɾ
    ɾ
    ←ͷදࣔʹඞཁͳ࠷௿ݶͷCSSΛ
    HTMLʹຒΊࠐΉ
    ←ͷCSS͸ը໘දࣔޙʹಡΈࠐΉ

    View Slide



  25. • CSSऔಘʹඞཁͳϦΫΤετ਺ɾαΠζΛݮΒͤΔ (544KB → 69KB)
    • CSSOMߏஙɾϨΠΞ΢τͷ࣌ؒΛ࡟ݮͰ͖Δ

    View Slide

  26. • C

    View Slide

  27. ֤ϖʔδʹ࠷దԽ͞ΕͨCCSSΛΞΫηε࣌ʹੜ੒͠
    ESIͰຒΊࠐΉ

    View Slide

  28. Server
    Cache Control
    max-age=600
    Cache Control:
    private

    index.html
    mynews.html

    View Slide



  29. • C C EI

    <br/><esi:include src=”/critical.css?service=article”><br/><style><br/>…<br/></html><br/>Critical CSS<br/>Server<br/>Critical CSSͷ<br/>Ϗϧυ&഑৴<br/>Cache Control: private<br/>Application<br/>Server<br/>Cache Control<br/>max-age=600<br/>

    View Slide



  30. • C C EI

    <br/><esi:include src=”/critical.css?service=article”><br/><style><br/>…<br/></html><br/>Critical CSS<br/>Server<br/>Critical CSSͷ<br/>Ϗϧυ&഑৴<br/>Application<br/>Server<br/>Cache Control<br/>max-age=600<br/>Cache Control<br/>max-age=86400<br/>

    View Slide

  31. App
    Server

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  32. App
    Server
    Critical CSS
    Server
    ./critical.css

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  33. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    critical CSS͕͋Δ͔֬ೝ

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  34. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    critical css͕ଘࡏ͠ͳ͍
    ͷͰ௨ৗͷCSSΛฦ٫
    Fastly΁Ωϟογϡ
    CSS
    Cache

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  35. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    ඇಉظͰϏϧυཁٻ
    CSS
    Cache

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  36. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    Ϗϧυ͕׬ྃͨ͠ΒS3΁อଘ
    ඇಉظͰϏϧυཁٻ
    CSS
    Cache

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  37. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    Ωϟογϡ͞Εͨ
    ௨ৗͷCSSΛPurge
    ඇಉظͰϏϧυཁٻ

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>CSS<br/>Cache<br/>

    View Slide

  38. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    ඇಉظͰϏϧυཁٻ
    Critical
    CSS
    Cache
    ࣍ճΞΫηε࣌ɺ
    Critical CSSΛฦ٫
    Fastly΁Ωϟογϡ

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  39. • J
    S

    View Slide





  40. S
    d
    d F C e h
    S
    I E c a

    View Slide



  41. View Slide

  42. View Slide

  43. View Slide

  44. Routing Caching Logging
    Auth
    Vanity
    URL
    ESI
    hub
    service
    • $ #%"
    • &'
    $!
    ”/” ”/hub/front”
    ද޲͖URL ಺෦URL

    View Slide

  45. table vanities {
    ”/”: ”/hub/front”

    }
    Routing Caching Logging
    Auth
    Vanity
    URL
    ESI
    • F D
    • E
    • R F D U L
    ”/”
    ද޲͖URL
    hub
    service
    ”/hub/front”
    ಺෦URL

    View Slide

  46. View Slide


  47. Top
    Article
    API
    ֎෦Ϧιʔε
    /article/123
    Path Based
    Routing

    View Slide

  48. backends.vcl routing.vcl


    backend article {
    .host: "article.xx.jp";
    .port: 443
    .ssl: true
    }
    ...
    if (req.url ~ "/article/.+") {
    req.backend = article;
    }
    ...
    vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

    View Slide

  49. [
    {
    "name": "article",
    "path": "/article/.+",
    "host": "article.xx.jp",
    "ssl": true
    }

    ]
    services.json backends.vcl routing.vcl
    શαʔϏεͷఆٛϑΝΠϧ
    ͲΜͳαʔϏεɺϧʔτ͕͋Δ
    ͔ͻͱ໨ͰΘ͔Δ


    backend article {
    .host: "article.xx.jp";
    .port: 443
    .ssl: true
    }
    ...
    if (req.url ~ "/article/.+") {
    req.backend = article;
    }
    ...
    vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

    View Slide


  50. if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") {
    set beresp.stale_if_error = 86400s;
    }


    Next NikkeiͰ͸ɺstale-if-errorΛࣗಈͰ෇༩
    αʔϏε͕ࢮΜͰ΋ɺΩϟογϡ͕͋Ε͹͠͹Β͘͸ίϯςϯπΛฦͤΔ
    stale-if-error

    View Slide



  51. ೝূΫοΩʔ(JWTܗࣜ):
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4
    gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
    A :J :C AA :,
    - : :; :C AA : 414 $" 14 $ 14 $
    "
    .6 B :D ;: 6 :+)5 : A :
    - = I ;: 6 5 6(*+5 6 :+) "
    4 6 :; 6 6 ?A6 4 . 2 ,2 2 $" . 2 "

    View Slide



  52. if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") {
    set req.http.Auth-Valid = "false";
    }
    set var.base64Header = re.group.1;
    set var.base64Payload = re.group.2;
    set var.signature = digest.base64url_decode(re.group.3);
    set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "."
    var.base64Payload));
    set var.payload = digest.base64_decode(var.base64Payload);
    set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1");
    # γάωνϟͷਖ਼౰ੑͱ༗ޮظݶͷ֬ೝ
    if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) {
    set req.http.Auth-Valid = "false";
    }
    # payload͔Βݖݶ৘ใͳͲΛநग़
    req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");

    View Slide



  53. sub vcl_log {
    log {"syslog "} req.service_id {" fastly-log :: "}
    {" timestamp_us:"} time.start.usec
    {" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "")
    {" upstream_host:"} regsuball(req.http.Host, {" "}, "")
    {" remote_addr:"} client.ip
    {" method:"} req.request
    {" fastly_x_cache:"} req.http.X-Cache
    {" fastly_x_cache_hits:"} req.http.X-Cache-Hits
    {" user_id:"} req.http.User-ID
    {" user_rank:"} req.http.User-Rank;

    }
    LTSVܗࣜͰͷϩάग़ྗྫ

    View Slide