Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Microservices on Fastly v1.1
Ryo yasuda
February 20, 2019
Programming
2
730
Microservices on Fastly v1.1
Ryo yasuda
February 20, 2019
Tweet
Share
More Decks by Ryo yasuda
See All by Ryo yasuda
GKE+Istio+GitOpsで作る日経電子版の次世代マイクロサービス基盤
ryysd
2
1.3k
日経電子版へのPWA導入事例
ryysd
0
210
Microservices on Fastly
ryysd
41
20k
Other Decks in Programming
See All in Programming
NEWT.net: Frontend Technology Selection
xpromx
0
280
JetpackCompose 導入半年で感じた 改善点
spbaya0141
0
100
Independently together: better developer experience & App performance
bcinarli
0
190
Terraform Plan/Apply結果の自動通知
ymmy02
0
280
実践エクストリームプログラミング / Extreme Programming in Practice
enk
1
570
Opsしかやってこなかった私が DevOpsが根付いたチームにJoinした話
yhamano
1
100
What's new in Android development tools まとめ
mkeeda
0
400
Cybozu GoogleI/O 2022 LT会 - Input for all screens
jaewgwon
0
390
Improving Developer Experience Through Tools and Techniques 2022
krzysztofzablocki
0
1.2k
Running Laravel/PHP on AWS (AWS Builders Day Taiwan 2022)
dwchiang
0
170
競プロのすすめ
uya116
0
680
Imperative is dead, long live Declarative! | Appdevcon
prof18
0
110
Featured
See All Featured
5 minutes of I Can Smell Your CMS
philhawksworth
196
18k
What's in a price? How to price your products and services
michaelherold
229
9.4k
Rails Girls Zürich Keynote
gr2m
86
12k
Testing 201, or: Great Expectations
jmmastey
21
5.4k
Web development in the modern age
philhawksworth
197
9.3k
A Tale of Four Properties
chriscoyier
149
21k
The Invisible Side of Design
smashingmag
290
48k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_i
23
15k
Making Projects Easy
brettharned
98
4.3k
GraphQLの誤解/rethinking-graphql
sonatard
28
6.6k
Scaling GitHub
holman
451
140k
Music & Morning Musume
bryan
35
4.2k
Transcript
. ຊܦࡁ৽ฉࣾ ҆ా ཽ 'BTUMZ5FDI5BML
o E (r , eak i N T n
j ea )r p chmti i :5 25 1 s R S S .- l g 6 3 0:3 :
3 1 2 - 0
. () / ) (
AD
. Service A Service C Service B Service D Routing
Caching Dev Debug Logging Auth ESI
. Service A Service C Service B Service D Routing
Caching Dev Debug Logging ESI ৽ωλ Dynamic Critical CSS Auth
Service A Service C Service B Service D Service
Registry ֤αʔϏεͷใཧ ϔϧενΣοΫ ϦΫΤετઌαʔϏεͷใऔಘ ϦΫΤετͷૹ৴
Routing Caching Dev Debug Logging Auth ESI Service A
Service C Service B Service D • F • •
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • I • F Auth
هࣄαʔϏε هࣄߋ৽௨ max-age: 604800 purge •
'+25*-1/&%"! #3 • *-(. /&%"! #,) • 40$
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • - • - • origin͕ࢮΜͰࢦఆͨ͠ظؒΩϟογϡΛར༻ͯ͘͠ΕΔઃఆ Service B͕ࢮΜͰ ΩϟογϡΛͬͯՔಇ Auth
- - Routing Caching Dev Debug Logging ESI Service A
Service C Service B Service D • F M R • • H Service D Nikkei-Routing-Override: serviceD->serviceD-tunnel Local Machine t u n n e l Auth
• F D I D • ) ( ( (
• F D H R Routing Caching Dev Debug Logging ESI Service A Service C Service B Service D Nikkei-Routing-Journey: serviceA Nikkei-Routing-Journey: serviceA,serviceB Nikkei-Routing-Journey: serviceA,service,serviceD Auth
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • • • F Real Time Log Streaming request url status code response size taken time cache HIT/MISS ... Auth
None
֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ Ϣʔβछผ͝ͱͷΩϟογϡώοτ (هࣄϖʔδ)
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • • ! • " Auth
هࣄϖʔδ /article/123 Cookie: Auth=a124b5... OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
ϢʔβͷݖݶʹΑͬͯ ίϯςϯπมΘΔ
هࣄϖʔδ /article/123 Cookie: Auth=a124b5… Cache-control: no-cache,
no-store Cookie: Auth=a124b5... Cache-control: no-cache, no-store OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:
paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:
paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ User-Rank͝ͱʹΩϟογϡ͚ ΔΑ͏CDNʹ໋ྩ
ඇձһ ༗ྉձһ ແྉձһ Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ
ϩάΠϯϢʔβʹରͯ͠ΩϟογϡͰ͖ͯΔ
( ) Routing Caching Dev Debug Logging Auth ESI Service
A Service C Service B Service D •
• ɾ ɾ ɾ ←ͷදࣔʹඞཁͳ࠷ݶͷCSSΛ HTMLʹຒΊࠐΉ
←ͷCSSը໘දࣔޙʹಡΈࠐΉ
• • CSSऔಘʹඞཁͳϦΫΤετɾαΠζΛݮΒͤΔ (544KB → 69KB)
• CSSOMߏஙɾϨΠΞτͷ࣌ؒΛݮͰ͖Δ
• C •
֤ϖʔδʹ࠷దԽ͞ΕͨCCSSΛΞΫηε࣌ʹੜ͠ ESIͰຒΊࠐΉ
Server Cache Control max-age=600 Cache Control: private <esi:include src=“http://example.com/mynews.html” />
index.html mynews.html
• • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>
<style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&৴ Cache Control: private Application Server Cache Control max-age=600
• • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>
<style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&৴ Application Server Cache Control max-age=600 Cache Control max-age=86400
App Server … <style> <esi:include src=”critical.css”> <style> …
App Server Critical CSS Server ./critical.css … <style> <esi:include src=”critical.css”>
<style> …
App Server ./critical.css S3 Critical CSS Server critical CSS͕͋Δ͔֬ೝ …
<style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server critical css͕ଘࡏ͠ͳ͍ ͷͰ௨ৗͷCSSΛฦ٫
FastlyΩϟογϡ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
Ϗϧυ͕ྃͨ͠ΒS3อଘ ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
Ωϟογϡ͞Εͨ ௨ৗͷCSSΛPurge ඇಉظͰϏϧυཁٻ … <style> <esi:include src=”critical.css”> <style> … CSS Cache
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
ඇಉظͰϏϧυཁٻ Critical CSS Cache ࣍ճΞΫηε࣌ɺ Critical CSSΛฦ٫ FastlyΩϟογϡ … <style> <esi:include src=”critical.css”> <style> …
• J S •
S d d
F C e h S I E c a
None
None
Routing Caching Logging Auth Vanity URL ESI hub service •
$ #%" • & ' $! ”/” ”/hub/front” ද͖URL ෦URL
table vanities { ”/”: ”/hub/front” … } Routing Caching Logging
Auth Vanity URL ESI • F D • E • R F D U L ”/” ද͖URL hub service ”/hub/front” ෦URL
None
Top Article API ֎෦Ϧιʔε /article/123 Path Based Routing
backends.vcl routing.vcl backend article { .host:
"article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
[ { "name": "article", "path": "/article/.+", "host": "article.xx.jp", "ssl": true
} … ] services.json backends.vcl routing.vcl શαʔϏεͷఆٛϑΝΠϧ ͲΜͳαʔϏεɺϧʔτ͕͋Δ ͔ͻͱͰΘ͔Δ backend article { .host: "article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") { set beresp.stale_if_error = 86400s;
} Next NikkeiͰɺstale-if-errorΛࣗಈͰ༩ αʔϏε͕ࢮΜͰɺΩϟογϡ͕͋Ε͠Β͘ίϯςϯπΛฦͤΔ stale-if-error
ೝূΫοΩʔ(JWTܗࣜ): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ A
:J :C AA :, - : :; :C AA : 414 $" 14 $ 14 $ " .6 B :D ;: 6 :+)5 : A : - = I ;: 6 5 6(*+5 6 :+) " 4 6 :; 6 6 ?A6 4 . 2 ,2 2 $" . 2 "
if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") { set
req.http.Auth-Valid = "false"; } set var.base64Header = re.group.1; set var.base64Payload = re.group.2; set var.signature = digest.base64url_decode(re.group.3); set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "." var.base64Payload)); set var.payload = digest.base64_decode(var.base64Payload); set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1"); # γάωνϟͷਖ਼ੑͱ༗ޮظݶͷ֬ೝ if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) { set req.http.Auth-Valid = "false"; } # payload͔ΒݖݶใͳͲΛநग़ req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");
sub vcl_log { log
{"syslog "} req.service_id {" fastly-log :: "} {" timestamp_us:"} time.start.usec {" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "") {" upstream_host:"} regsuball(req.http.Host, {" "}, "") {" remote_addr:"} client.ip {" method:"} req.request {" fastly_x_cache:"} req.http.X-Cache {" fastly_x_cache_hits:"} req.http.X-Cache-Hits {" user_id:"} req.http.User-ID {" user_rank:"} req.http.User-Rank; … } LTSVܗࣜͰͷϩάग़ྗྫ