Save 37% off PRO during our Black Friday Sale! »

Microservices on Fastly v1.1

7d6e26a4f1a9b5a866337f09178b0c9c?s=47 Ryo yasuda
February 20, 2019

Microservices on Fastly v1.1

7d6e26a4f1a9b5a866337f09178b0c9c?s=128

Ryo yasuda

February 20, 2019
Tweet

Transcript

  1. . ೔ຊܦࡁ৽ฉࣾ ҆ా ཽ 'BTUMZ5FDI5BML

  2.  o E (r , eak i N T n

    j ea )r p chmti i :5 25 1 s R S S .- l g 6 3 0:3 :
  3.  3 1 2 - 0

  4. . () / ) (     

       AD
  5. . Service A Service C Service B Service D Routing

    Caching Dev Debug Logging Auth ESI
  6. . Service A Service C Service B Service D Routing

    Caching Dev Debug Logging ESI ৽ωλ Dynamic Critical CSS Auth
  7.  Service A Service C Service B Service D Service

    Registry ֤αʔϏεͷ৘ใ؅ཧ΍ ϔϧενΣοΫ ϦΫΤετઌαʔϏεͷ৘ใऔಘ ϦΫΤετͷૹ৴
  8.  Routing Caching Dev Debug Logging Auth ESI Service A

    Service C Service B Service D • F • •
  9.  Routing Caching Dev Debug Logging ESI Service A Service

    C Service B Service D • I • F Auth
  10.     هࣄαʔϏε هࣄߋ৽௨஌ max-age: 604800 purge •

    '+25*-1/&%"! #3 • *-(. /&%"! #,) •     40$
  11.  Routing Caching Dev Debug Logging ESI Service A Service

    C Service B Service D • - • - • origin͕ࢮΜͰ΋ࢦఆͨ͠ظؒ͸ΩϟογϡΛར༻ͯ͘͠ΕΔઃఆ Service B͕ࢮΜͰ΋ ΩϟογϡΛ࢖ͬͯՔಇ Auth
  12. - - Routing Caching Dev Debug Logging ESI Service A

    Service C Service B Service D • F M R • • H Service D Nikkei-Routing-Override: serviceD->serviceD-tunnel Local Machine t u n n e l Auth
  13. • F D I D • ) ( ( (

    • F D H R Routing Caching Dev Debug Logging ESI Service A Service C Service B Service D Nikkei-Routing-Journey: serviceA Nikkei-Routing-Journey: serviceA,serviceB Nikkei-Routing-Journey: serviceA,service,serviceD Auth
  14.  Routing Caching Dev Debug Logging ESI Service A Service

    C Service B Service D • • • F Real Time Log Streaming request url status code response size taken time cache HIT/MISS ... Auth
  15. None
  16. ֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ཰ Ϣʔβछผ͝ͱͷΩϟογϡώοτ཰ (هࣄϖʔδ)

  17.  Routing Caching Dev Debug Logging ESI Service A Service

    C Service B Service D •   •   ! • " Auth
  18.     هࣄϖʔδ /article/123 Cookie: Auth=a124b5... OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ

    ϢʔβͷݖݶʹΑͬͯ ίϯςϯπมΘΔ
  19.     هࣄϖʔδ /article/123 Cookie: Auth=a124b5… Cache-control: no-cache,

    no-store Cookie: Auth=a124b5... Cache-control: no-cache, no-store OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
  20.     هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:

    paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
  21.     هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:

    paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ User-Rank͝ͱʹΩϟογϡ෼͚ ΔΑ͏CDNʹ໋ྩ
  22.       ඇձһ ༗ྉձһ ແྉձһ Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ཰

    ϩάΠϯϢʔβʹରͯ͠΋ΩϟογϡͰ͖ͯΔ
  23. ( ) Routing Caching Dev Debug Logging Auth ESI Service

    A Service C Service B Service D •
  24. •     ɾ ɾ ɾ ←ͷදࣔʹඞཁͳ࠷௿ݶͷCSSΛ HTMLʹຒΊࠐΉ

    ←ͷCSS͸ը໘දࣔޙʹಡΈࠐΉ
  25. •     • CSSऔಘʹඞཁͳϦΫΤετ਺ɾαΠζΛݮΒͤΔ (544KB → 69KB)

    • CSSOMߏஙɾϨΠΞ΢τͷ࣌ؒΛ࡟ݮͰ͖Δ
  26. • C •

  27. ֤ϖʔδʹ࠷దԽ͞ΕͨCCSSΛΞΫηε࣌ʹੜ੒͠ ESIͰຒΊࠐΉ

  28. Server Cache Control max-age=600 Cache Control: private <esi:include src=“http://example.com/mynews.html” />

    index.html mynews.html
  29. • • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>

    <style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&഑৴ Cache Control: private Application Server Cache Control max-age=600
  30. • • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>

    <style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&഑৴ Application Server Cache Control max-age=600 Cache Control max-age=86400
  31. App Server … <style> <esi:include src=”critical.css”> <style> …

  32. App Server Critical CSS Server ./critical.css … <style> <esi:include src=”critical.css”>

    <style> …
  33. App Server ./critical.css S3 Critical CSS Server critical CSS͕͋Δ͔֬ೝ …

    <style> <esi:include src=”critical.css”> <style> …
  34. App Server ./critical.css S3 Critical CSS Server critical css͕ଘࡏ͠ͳ͍ ͷͰ௨ৗͷCSSΛฦ٫

    Fastly΁Ωϟογϡ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
  35. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
  36. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    Ϗϧυ͕׬ྃͨ͠ΒS3΁อଘ ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
  37. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    Ωϟογϡ͞Εͨ ௨ৗͷCSSΛPurge ඇಉظͰϏϧυཁٻ … <style> <esi:include src=”critical.css”> <style> … CSS Cache
  38. App Server ./critical.css S3 Critical CSS Server Critical CSS Builder

    ඇಉظͰϏϧυཁٻ Critical CSS Cache ࣍ճΞΫηε࣌ɺ Critical CSSΛฦ٫ Fastly΁Ωϟογϡ … <style> <esi:include src=”critical.css”> <style> …
  39. • J S •

  40.        S d d

    F C e h S I E c a
  41.    

  42. None
  43. None
  44. Routing Caching Logging Auth Vanity URL ESI hub service •

    $ #%" •  & ' $!  ”/” ”/hub/front” ද޲͖URL ಺෦URL
  45. table vanities { ”/”: ”/hub/front” … } Routing Caching Logging

    Auth Vanity URL ESI • F D • E • R F D U L ”/” ද޲͖URL hub service ”/hub/front” ಺෦URL
  46. None
  47.  Top Article API ֎෦Ϧιʔε /article/123 Path Based Routing

  48. backends.vcl routing.vcl     backend article { .host:

    "article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
  49. [ { "name": "article", "path": "/article/.+", "host": "article.xx.jp", "ssl": true

    } … ] services.json backends.vcl routing.vcl શαʔϏεͷఆٛϑΝΠϧ ͲΜͳαʔϏεɺϧʔτ͕͋Δ ͔ͻͱ໨ͰΘ͔Δ      backend article { .host: "article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
  50.  if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") { set beresp.stale_if_error = 86400s;

    }      Next NikkeiͰ͸ɺstale-if-errorΛࣗಈͰ෇༩ αʔϏε͕ࢮΜͰ΋ɺΩϟογϡ͕͋Ε͹͠͹Β͘͸ίϯςϯπΛฦͤΔ stale-if-error
  51.       ೝূΫοΩʔ(JWTܗࣜ): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ A

    :J :C AA :, - : :; :C AA : 414 $" 14 $ 14 $ " .6 B :D ;: 6 :+)5 : A : - = I ;: 6 5 6(*+5 6 :+) " 4 6 :; 6 6 ?A6 4 . 2 ,2 2 $" . 2 "
  52.     if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") { set

    req.http.Auth-Valid = "false"; } set var.base64Header = re.group.1; set var.base64Payload = re.group.2; set var.signature = digest.base64url_decode(re.group.3); set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "." var.base64Payload)); set var.payload = digest.base64_decode(var.base64Payload); set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1"); # γάωνϟͷਖ਼౰ੑͱ༗ޮظݶͷ֬ೝ if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) { set req.http.Auth-Valid = "false"; } # payload͔Βݖݶ৘ใͳͲΛநग़ req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");
  53.       sub vcl_log { log

    {"syslog "} req.service_id {" fastly-log :: "} {" timestamp_us:"} time.start.usec {" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "") {" upstream_host:"} regsuball(req.http.Host, {" "}, "") {" remote_addr:"} client.ip {" method:"} req.request {" fastly_x_cache:"} req.http.X-Cache {" fastly_x_cache_hits:"} req.http.X-Cache-Hits {" user_id:"} req.http.User-ID {" user_rank:"} req.http.User-Rank; … } LTSVܗࣜͰͷϩάग़ྗྫ