$30 off During Our Annual Pro Sale. View Details »

Microservices on Fastly v1.1

Ryo yasuda
February 20, 2019

Microservices on Fastly v1.1

Ryo yasuda

February 20, 2019
Tweet

More Decks by Ryo yasuda

Other Decks in Programming

Transcript

  1. .
    ೔ຊܦࡁ৽ฉࣾ ҆ా ཽ
    'BTUMZ5FDI5BML

    View Slide


  2. o E
    (r , eak i
    N T n j ea
    )r p chmti i
    :5 25 1 s
    R S S .-
    l g
    6 3 0:3 :

    View Slide


  3. 3 1
    2 - 0

    View Slide

  4. . ()
    / ) (





    AD

    View Slide

  5. .
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    Routing Caching
    Dev
    Debug
    Logging Auth ESI

    View Slide

  6. .
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    Routing Caching
    Dev
    Debug
    Logging ESI
    ৽ωλ
    Dynamic Critical CSS
    Auth

    View Slide


  7. Service
    A
    Service
    C
    Service
    B
    Service
    D
    Service
    Registry
    ֤αʔϏεͷ৘ใ؅ཧ΍
    ϔϧενΣοΫ
    ϦΫΤετઌαʔϏεͷ৘ใऔಘ
    ϦΫΤετͷૹ৴

    View Slide


  8. Routing Caching
    Dev
    Debug
    Logging Auth ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • F


    View Slide


  9. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • I
    • F
    Auth

    View Slide



  10. هࣄαʔϏε
    هࣄߋ৽௨஌
    max-age: 604800
    purge
    • '+25*-1/&%"! #3
    • *-(. /&%"! #,)


    40$

    View Slide


  11. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • -
    • -
    • origin͕ࢮΜͰ΋ࢦఆͨ͠ظؒ͸ΩϟογϡΛར༻ͯ͘͠ΕΔઃఆ
    Service B͕ࢮΜͰ΋
    ΩϟογϡΛ࢖ͬͯՔಇ
    Auth

    View Slide

  12. - -
    Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    • F M R

    • H
    Service
    D
    Nikkei-Routing-Override:
    serviceD->serviceD-tunnel
    Local Machine
    t
    u
    n
    n
    e
    l
    Auth

    View Slide

  13. • F D I D
    • ) ( ( (
    • F D H R
    Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D
    Nikkei-Routing-Journey:
    serviceA
    Nikkei-Routing-Journey:
    serviceA,serviceB
    Nikkei-Routing-Journey:
    serviceA,service,serviceD
    Auth

    View Slide


  14. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D


    • F
    Real Time Log Streaming
    request url
    status code
    response size
    taken time
    cache HIT/MISS
    ...
    Auth

    View Slide

  15. View Slide

  16. ֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ཰ Ϣʔβछผ͝ͱͷΩϟογϡώοτ཰
    (هࣄϖʔδ)

    View Slide


  17. Routing Caching
    Dev
    Debug
    Logging ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D


    !
    • "
    Auth

    View Slide



  18. هࣄϖʔδ
    /article/123
    Cookie:
    Auth=a124b5...
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ
    ϢʔβͷݖݶʹΑͬͯ
    ίϯςϯπมΘΔ

    View Slide



  19. هࣄϖʔδ
    /article/123
    Cookie:
    Auth=a124b5…
    Cache-control:
    no-cache, no-store
    Cookie:
    Auth=a124b5...
    Cache-control:
    no-cache, no-store
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ

    View Slide



  20. هࣄϖʔδ
    /article/123 ϦΫΤετϔομ
    User-ID: 98765
    User-Rank: paid
    Ϩεϙϯεϔομ
    Vary: User-Rank
    Cookie:
    Auth=a124b5...
    Cache-control: private
    ೝূΫοΩʔͷ
    decodeɾvalidate
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ

    View Slide



  21. هࣄϖʔδ
    /article/123 ϦΫΤετϔομ
    User-ID: 98765
    User-Rank: paid
    Ϩεϙϯεϔομ
    Vary: User-Rank
    Cookie:
    Auth=a124b5...
    Cache-control: private
    ೝূΫοΩʔͷ
    decodeɾvalidate
    OAuth2ೝূͰಘΒΕͨ
    JWTτʔΫϯ
    User-Rank͝ͱʹΩϟογϡ෼͚
    ΔΑ͏CDNʹ໋ྩ

    View Slide



  22. ඇձһ ༗ྉձһ ແྉձһ
    Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ཰
    ϩάΠϯϢʔβʹରͯ͠΋ΩϟογϡͰ͖ͯΔ

    View Slide

  23. ( )
    Routing Caching
    Dev
    Debug
    Logging Auth ESI
    Service
    A
    Service
    C
    Service
    B
    Service
    D

    View Slide



  24. ɾ
    ɾ
    ɾ
    ←ͷදࣔʹඞཁͳ࠷௿ݶͷCSSΛ
    HTMLʹຒΊࠐΉ
    ←ͷCSS͸ը໘දࣔޙʹಡΈࠐΉ

    View Slide



  25. • CSSऔಘʹඞཁͳϦΫΤετ਺ɾαΠζΛݮΒͤΔ (544KB → 69KB)
    • CSSOMߏஙɾϨΠΞ΢τͷ࣌ؒΛ࡟ݮͰ͖Δ

    View Slide

  26. • C

    View Slide

  27. ֤ϖʔδʹ࠷దԽ͞ΕͨCCSSΛΞΫηε࣌ʹੜ੒͠
    ESIͰຒΊࠐΉ

    View Slide

  28. Server
    Cache Control
    max-age=600
    Cache Control:
    private

    index.html
    mynews.html

    View Slide



  29. • C C EI

    <br/><esi:include src=”/critical.css?service=article”><br/><style><br/>…<br/></html><br/>Critical CSS<br/>Server<br/>Critical CSSͷ<br/>Ϗϧυ&഑৴<br/>Cache Control: private<br/>Application<br/>Server<br/>Cache Control<br/>max-age=600<br/>

    View Slide



  30. • C C EI

    <br/><esi:include src=”/critical.css?service=article”><br/><style><br/>…<br/></html><br/>Critical CSS<br/>Server<br/>Critical CSSͷ<br/>Ϗϧυ&഑৴<br/>Application<br/>Server<br/>Cache Control<br/>max-age=600<br/>Cache Control<br/>max-age=86400<br/>

    View Slide

  31. App
    Server

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  32. App
    Server
    Critical CSS
    Server
    ./critical.css

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  33. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    critical CSS͕͋Δ͔֬ೝ

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  34. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    critical css͕ଘࡏ͠ͳ͍
    ͷͰ௨ৗͷCSSΛฦ٫
    Fastly΁Ωϟογϡ
    CSS
    Cache

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  35. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    ඇಉظͰϏϧυཁٻ
    CSS
    Cache

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  36. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    Ϗϧυ͕׬ྃͨ͠ΒS3΁อଘ
    ඇಉظͰϏϧυཁٻ
    CSS
    Cache

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  37. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    Ωϟογϡ͞Εͨ
    ௨ৗͷCSSΛPurge
    ඇಉظͰϏϧυཁٻ

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>CSS<br/>Cache<br/>

    View Slide

  38. App
    Server
    ./critical.css
    S3
    Critical CSS
    Server
    Critical CSS
    Builder
    ඇಉظͰϏϧυཁٻ
    Critical
    CSS
    Cache
    ࣍ճΞΫηε࣌ɺ
    Critical CSSΛฦ٫
    Fastly΁Ωϟογϡ

    <br/><esi:include src=”critical.css”><br/><style><br/>…<br/>

    View Slide

  39. • J
    S

    View Slide





  40. S
    d
    d F C e h
    S
    I E c a

    View Slide



  41. View Slide

  42. View Slide

  43. View Slide

  44. Routing Caching Logging
    Auth
    Vanity
    URL
    ESI
    hub
    service
    • $ #%"
    • &'
    $!
    ”/” ”/hub/front”
    ද޲͖URL ಺෦URL

    View Slide

  45. table vanities {
    ”/”: ”/hub/front”

    }
    Routing Caching Logging
    Auth
    Vanity
    URL
    ESI
    • F D
    • E
    • R F D U L
    ”/”
    ද޲͖URL
    hub
    service
    ”/hub/front”
    ಺෦URL

    View Slide

  46. View Slide


  47. Top
    Article
    API
    ֎෦Ϧιʔε
    /article/123
    Path Based
    Routing

    View Slide

  48. backends.vcl routing.vcl


    backend article {
    .host: "article.xx.jp";
    .port: 443
    .ssl: true
    }
    ...
    if (req.url ~ "/article/.+") {
    req.backend = article;
    }
    ...
    vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

    View Slide

  49. [
    {
    "name": "article",
    "path": "/article/.+",
    "host": "article.xx.jp",
    "ssl": true
    }

    ]
    services.json backends.vcl routing.vcl
    શαʔϏεͷఆٛϑΝΠϧ
    ͲΜͳαʔϏεɺϧʔτ͕͋Δ
    ͔ͻͱ໨ͰΘ͔Δ


    backend article {
    .host: "article.xx.jp";
    .port: 443
    .ssl: true
    }
    ...
    if (req.url ~ "/article/.+") {
    req.backend = article;
    }
    ...
    vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

    View Slide


  50. if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") {
    set beresp.stale_if_error = 86400s;
    }


    Next NikkeiͰ͸ɺstale-if-errorΛࣗಈͰ෇༩
    αʔϏε͕ࢮΜͰ΋ɺΩϟογϡ͕͋Ε͹͠͹Β͘͸ίϯςϯπΛฦͤΔ
    stale-if-error

    View Slide



  51. ೝূΫοΩʔ(JWTܗࣜ):
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4
    gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
    A :J :C AA :,
    - : :; :C AA : 414 $" 14 $ 14 $
    "
    .6 B :D ;: 6 :+)5 : A :
    - = I ;: 6 5 6(*+5 6 :+) "
    4 6 :; 6 6 ?A6 4 . 2 ,2 2 $" . 2 "

    View Slide



  52. if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") {
    set req.http.Auth-Valid = "false";
    }
    set var.base64Header = re.group.1;
    set var.base64Payload = re.group.2;
    set var.signature = digest.base64url_decode(re.group.3);
    set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "."
    var.base64Payload));
    set var.payload = digest.base64_decode(var.base64Payload);
    set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1");
    # γάωνϟͷਖ਼౰ੑͱ༗ޮظݶͷ֬ೝ
    if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) {
    set req.http.Auth-Valid = "false";
    }
    # payload͔Βݖݶ৘ใͳͲΛநग़
    req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");

    View Slide



  53. sub vcl_log {
    log {"syslog "} req.service_id {" fastly-log :: "}
    {" timestamp_us:"} time.start.usec
    {" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "")
    {" upstream_host:"} regsuball(req.http.Host, {" "}, "")
    {" remote_addr:"} client.ip
    {" method:"} req.request
    {" fastly_x_cache:"} req.http.X-Cache
    {" fastly_x_cache_hits:"} req.http.X-Cache-Hits
    {" user_id:"} req.http.User-ID
    {" user_rank:"} req.http.User-Rank;

    }
    LTSVܗࣜͰͷϩάग़ྗྫ

    View Slide