hoscon2016-shibuya-takumakume

ٱถ୓അ(.01FQBCP *OD
(.0)PTUJOH$POGFSFODF!ौ୩
ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͷ
ඞཁੑͱͦͷ࣮૷

View Slide

ࣗݾ঺հ
ٱถ ୓അ (@takumakume)
ߴߍଔۀʙ6೥ؒ
ΠϯλʔωοταʔϏεϓϩόΠμͰۈ຿
ωοτϫʔΫʙϛυϧ΢ΣΞͷߏங
ϓϦηʔϧεΤϯδχΞ
2016೥4݄͔ΒϖύϘʹೖࣾ
ϩϦϙοϓʂͷΠϯϑϥΤϯδχΞ
෱Ԭग़਎ɾ෱Ԭࡏॅ
ϚΠϒʔϜ͸ڕΛ௼ͬͯࡹ͘͜ͱ

View Slide

ϖύϘͷαʔϏε
ϗεςΟϯά
ࣄۀ
&$ࢧԉ
ࣄۀ
ϋϯυϝΠυ
ࣄۀ
ίϛϡχςΟ
ࣄۀɾͦͷଞ

View Slide

View Slide

໨࣍
ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸
mrubyΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷
mrubyΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚ΔE2Eςετ
·ͱΊ
ࠓޙͷ༧ఆ

View Slide

ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚ
ͱ͸

View Slide

ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

View Slide

ϗεςΟϯάʹ͓͚ΔΞΫηε੍ޚ
ϗεςΟϯά͸ͦͷಛੑ্ɺ͓٬༷ͷ༷ʑͳίϯςϯπΛ͓
༬͔Γ͍ͯ͠Δɻ
தʹ͸ҟৗʹߴෛՙʹͳΔ΋ͷ΍ɺDDoSͷର৅ʹͳΔίϯς
ϯπͳͲ༷ʑͰ͋Δɻ
͔͠͠ɺ͜ͷΑ͏ͳҰ෦ͷίϯςϯπʹΑΓɺͦͷαʔόΛ
͝ར༻௖͍͍ͯΔେଟ਺ͷଞͷ͓٬༷͕շదʹ8Λར༻Ͱ͖ͳ͘
ͳͬͯ͠·͏͜ͱ͸ɺ͋ͬͯ͸ͳΒͳ͍ͱզʑ͸ߟ͍͑ͯ·͢ɻ

View Slide

ຊηογϣϯͰ͸ͦͷղܾखஈͷ̍ͭͱͯ͠ɺ
ϩϦϙοϓʂͰߦ͍ͬͯΔ
ଟ͘ͷ͓٬༷ʹշదʹ͝ར༻͍ͨͩͨ͘Ίͷ
࣍ੈ୅ΞΫηε੍ޚʹ͍ͭͯ͝঺հ͠·͢ɻ

View Slide


View Slide

ݱঢ়ͷΞΫηε੍ޚͷ՝୊

View Slide

͜Ε·Ͱʹར༻ͨ͠ΞΫηε੍ޚखஈ

mod_cbandΛར༻ͨ͠ΞΧ΢ϯτ୯ҐͰͷτϥϑΟοΫ
੍ޚͱಉ࣌ΞΫηε਺੍ޚ
mod_vhost_maxclientsΛར༻ͨ͠υϝΠϯ୯ҐͰͷ
ಉ࣌ΞΫηε਺੍ޚ
ͦΕͧΕ՝୊͕͋ͬͨ

View Slide

[email protected]Λར༻੍ͨ͠ޚʹΑΔ՝୊

ΞΧ΢ϯτ୯ҐͷτϥϑΟοΫͱಉ࣌ΞΫηε਺੍ݶΛ͍ͯͨ͠ɻ
CBandSpeed 10Mb/s 30 30
mod_cbandΛ༗ޮʹ͢Δ͜ͱͰ໿70%ఔ౓ͷύϑΥʔϚϯε
ྼԽ͕ੜ͡ɺ੍ޚػߏࣗମ͕ϘτϧωοΫͱͳͬͨɻ

View Slide

[email protected]@NBYDMJFOUTΛར༻੍ͨ͠ޚ

mod_cbandͷύϑΥʔϚϯεྼԽ͕େ͖͍ͨΊͪ͜ΒΛ࠾༻ɻ
ಋೖʹΑΔύϑΥʔϚϯεྼԽ͸2%ͱߴ଎ͳιϑτ΢ΣΞɻ
ҎԼͷΑ͏ʹυϝΠϯ୯Ґͷಉ࣌ΞΫηε਺੍ݶΛߦ͏ɻ

DocumentRoot /path/to/web
ServerName hoge.example.jp
VhostMaxClients 30

͔͠͠ɺ࣍ͷΑ͏ͳύλʔϯͰ՝୊͕ੜͨ͡ɻ

View Slide

[email protected]@NBYDMJFOUTΛͲ͏࢖͍ͬͯΔ͔

ڞ༻8αʔό
IPHFDPN
mod_vhost_maxclientsͷ੍ݶ
ZDPN
YDPN
ஶ͘͠Ϧιʔε࢖༻ྔ͕ภΒͳ͍Α͏ʹେ࿮ͷϦιʔε෼ׂͱ
ͯ͠ɺ֤υϝΠϯʹಉ࣌઀ଓ਺ͷ੍ݶΛ͔͚͍ͯ·͢ɻ

View Slide

ڞ༻8αʔό
IPHFDPN
ॲཧͷॏ͍ϓϩάϥϜʹΞΫηε͕ूத͠αʔό͕ߴෛՙͱͳͬͨ
ZDPN
YDPN

View Slide

ڞ༻8αʔό
IPHFDPN
ZDPN
YDPN
[email protected]@NBYDMJFOUTͷ੍ݶΛڧΊΔඞཁ͕͋Δ

View Slide

ڞ༻8αʔό
IPHFDPN ZDPN
YDPN
੍ݶΛڧΊͨ ܰྔͳίϯςϯπʹ΋ΞΫηεͰ͖ͳ͘ͳΔ

View Slide

ڞ༻8αʔό
IPHFDPN ZDPN
YDPN
ຊདྷ੍ޚ͞ΕΔඞཁ͕ͳ͍ϑΝΠϧ·Ͱ
ΞΫηεͰ͖ͳ͘ͳͬͯ͠·͏ɻ

View Slide

ղܾํ๏

ڞ༻8αʔό
IPHFDPN ZDPN
YDPN
ϑΝΠϧ୯ҐͰ੍ޚ
mod_vhost_maxclients

View Slide

ղܾํ๏

ڞ༻8αʔό
IPHFDPN ZDPN
YDPN
ϑΝΠϧ୯ҐͰ੍ޚ
mod_vhost_maxclients
αʔόͷෛՙΛԼ͛ͭͭɺ੍ޚʹΑΔӨڹΛۃখԽͰ͖Δɻ

View Slide

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
͋ΔαʔόͷϦιʔεফඅྔ
<>

View Slide

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
શମ
<>

ಛఆͷϑΝΠϧ
ఆظతʹॏ͍ॲཧ͕࣮ߦ͞Ε͍ͯͨ

View Slide

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
શମ
<>

ಛఆͷϑΝΠϧ
ಛఆͷϑΝΠϧͷॲཧͰϦιʔεͷ΄ͱΜͲΛফඅ͠
ఆظతʹଞͷ͓٬༷΁ͷαʔϏεఏڙʹࢧোΛ͖͍ͨͯͨ͠ɻ

View Slide

࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
શମ
ಛఆͷϑΝΠϧ
ղܾํ๏
<>

ෛՙͷߴ͍ϑΝΠϧʹରͯ͠
࣌ؒࢦఆͰ੍ޚ͢Δ

View Slide

ॊೈͳΞΫηε੍ޚͷ·ͱΊ
ݱঢ়ΑΓ΋ࡉ͔͍ɺϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖ΔΑ͏
ʹͯ͠ɺ੍ޚʹΑΔӨڹΛۃখԽ͢Δ͜ͱɻ
ಛఆͷ࣌ؒͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ

View Slide


View Slide

ϗεςΟϯάͰ͸1୆ͷαʔόΛଟ͘ͷ͓٬༷ʹ͝ར༻͍ͨͩ͘͜
ͱͰ҆Ձʹఏڙ͍ͯ͠Δɻ
ࠓޙ΋Ͱ͖Δ͚ͩ҆ՁʹշదͳαʔϏεΛఏڙ͍ͨ͠ɻ
ΞΫηε੍ޚͷػߏ͕ϘτϧωοΫʹͳͬͯ͸ɺͦΕΛୡ੒Ͱ͖
ͳ͘ͳΔɻ
ܰྔͳΞΫηε੍ޚͷඞཁੑ

ΞΫηε੍ޚΛߦ͏ιϑτ΢ΣΞ͸ॲཧ͕ߴ଎Ͱ͋Δඞཁ͕͋Δɻ

View Slide

ͱ͸

View Slide

ϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖Δ͜ͱɻ
ಛఆͷ࣌ؒଳͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ
ύϑΥʔϚϯεྼԽΛۃྗى͜͞ͳ͍͜ͱɻ
ॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸

ͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

View Slide

ϑΝΠϧ୯ҐͷΞΫηε੍ޚ͸
طʹ"QBDIFͷϞδϡʔϧ͕ଘࡏ͢Δɻ

View Slide

[email protected]
mod_vlimit
https://github.com/matsumoto-r/mod_vlimit
ϑΝΠϧ΍σΟϨΫτϦ୯ҐͰಉ࣌ΞΫηε੍ޚΛ͢Δ͜ͱ͕Ͱ͖Δɻ

VlimitIP 30 /path/to/hoge.php

ϑΝΠϧ୯ҐͰͷΞΫηε੍ޚΛߦ͏ػೳ͸͋Δ͕
ࠓճ͸ಋೖʹ͸ࢸΒͳ͔ͬͨɻ

View Slide

[email protected]Λ࠾༻͠ͳ͔ͬͨཧ༝
࣌ؒࢦఆͰ੍ݶΛ༗ޮԽͰ͖Δػೳ͕ͳ͍ɻ
ApacheͷϞδϡʔϧͳͷͰCݴޠͰ࣮૷͞Ε͍ͯΔɻ
ӡ༻ܥͷπʔϧ͸࣌ؒͷܦաʹରͯ͠ॊೈͳมߋ͕ཁ
ٻ͞ΕΔɻ
CݴޠͰͷ։ൃͱͳΔͱ։ൃ޻਺্͕͕Δɺ։ൃऀ͕ݶ
ΒΕΔɻ

View Slide

Ͱ͸ɺͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

View Slide

“mruby” ͳΒղܾͰ͖Δɻ

View Slide

NSVCZ
Rubyͷύύ͜ͱ “Matz” ͞Μ͕։ൃ͍ͯ͠Δɻ
লϝϞϦͷ૊ΈࠐΈ޲͚ͷRuby࣮૷ɻ
Cݴޠ͕ۤखͳͻͱͰ΋ɺmrubyΛ࢖͑͹RubyͰ૊ΈࠐΈ
։ൃΛߦ͏ࣄ͕Ͱ͖Δɻ

View Slide

Apache΍NginxͰmrubyΛ༻͍ͨ૊ΈࠐΈ
։ൃΛ࣮ݱͨ͠ιϑτ΢ΣΞ͕ଘࡏ͢Δ

View Slide

[email protected]@NSVCZ
ฐࣾͷ@matsumotory͕։ൃ͍ͯ͠Δɻ
mod_mruby
ApacheͰmrubyΛར༻͢ΔͨΊͷϞδϡʔϧ
ngx_mruby
nginxͰmrubyΛར༻͢ΔͨΊͷ֦ு࣮૷

CݴޠͰϞδϡʔϧΛ࣮૷͠ͳ͚Ε͹࣮ݱͰ͖ͳ͔ͬͨڍಈΛmruby
Λ࢖͙ͬͯ͢ʹ࣮૷Ͱ͖ͯɺ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊΔ͜
ͱ͕Ͱ͖Διϑτ΢ΣΞɻ

View Slide

[email protected]
mod_mruby -1.5%
ngx_mruby +17.5%
੩తίϯςϯπʹର͢ΔύϑΥʔϚϯεܭଌ݁Ռ

View Slide

mrubyΛ༻͍Ε͹֦ுੑɺอकੑΛଛͳΘͣ
࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊͯ
ιϑτ΢ΣΞΛ։ൃ͢Δ͜ͱ͕Ͱ͖Δɻ

View Slide

NSVCZΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷

View Slide

࣮૷ʹ͋ͨͬͯར༻ͨ͠ιϑτ΢ΣΞ

View Slide

IUUQBDDFTTMJNJUFS
ฐࣾͷ @matsumotory ͕։ൃ͍ͯ͠Δɻ
https://github.com/matsumoto-r/http-access-limiter
mod_mruby΋͘͠͸ngx_mrubyͰऔಘͨ͠೚ҙͷϦΫΤετύϥ
ϝʔλΛ༻͍ͯಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δmruby੡ϛυϧ΢ΣΞ
औಘͰ͖ΔϦΫΤετύϥϝʔλʹ͸ΞΫηεઌͷϑΝΠϧͷϑϧ
ύεΛ࢝Ίɺ઀ଓݩͷIPΞυϨε΍ɺURLͳͲΛऔಘͰ͖ΔͨΊ
༷ʑͳ༻్Ͱ࢖༻Ͱ͖Δɻ

View Slide

ಈ࡞֓ཁ

਌
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
IUUQE
ڞ༗ϝϞϦ
global
mutex
ಉ࣌઀ଓ਺
Χ΢ϯλʔ
KVS
ಉ࣌઀ଓ਺Χ΢ϯλʔ
localmemcacheΛ༻͍ͨ
Key-Value-Store
Ωʔͱͨ͠ϦΫΤετύϥϝʔ
λΛݩʹಉ࣌ΞΫηε਺ΛΧ
΢ϯτ͢Δɻ
global mutex
֤Worker͔Βಉ࣌઀ଓ਺Χ
΢ϯλʔΛૢ࡞͢ΔͨΊෆ੔
߹͕ൃੜ͠ͳ͍Α͏ʹ౎౓ϩο
ΫΛߦ͏ɻ
KEY
/path/to/hoge.php
VALUE
1

View Slide

ಈ࡞֓ཁ

਌
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
IUUQE
ڞ༗ϝϞϦ
global
mutex
ಉ࣌઀ଓ਺
Χ΢ϯλʔ
KVS

ϦΫΤετ

ϦΫΤετ

NVUFYΛϩοΫ

MPDL

ϦΫΤετύϥϝʔλΛΩʔ
ʹΠϯΫϦϝϯτ

ΠϯΫϦϝϯτ
KEY
/path/to/hoge.php
VALUE
1

VOMPDL

NVUFYΛΞϯϩοΫ

View Slide

ಈ࡞֓ཁ

਌
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
IUUQE
ڞ༗ϝϞϦ
global
mutex
ಉ࣌઀ଓ਺
Χ΢ϯλʔ
KVS

ίϯςϯπͷॲཧΛߦ͏

NVUFYΛϩοΫ

MPDL

σΫϦϝϯτ

σΫϦϝϯτ

VOMPDL

NVUFYΛΞϯϩοΫ
KEY
/path/to/hoge.php
VALUE
0

ίϯςϯπͷॲཧ

View Slide

ಈ࡞֓ཁͷ·ͱΊ

ϦΫΤετ͕͋ͬͨ࣌ʹɺϦΫΤετύϥϝʔλΛmod_mruby΍
ngx_mrubyΛ༻͍ͯऔಘ͢Δɻ
ΞΫηε੍ޚΛ͍ͨ͠୯ҐΛΩʔͱͯ͠ɺಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δɻ
ෳ਺ͷWorker͔ΒΧ΢ϯλʔૢ࡞͢ΔͨΊɺglobal mutexΛ࢖ͬͯ
ෆ੔߹͕ى͖ͳ͍Α͏ʹ੍ޚ͢Δɻ

View Slide

՝୊
http-access-limiter͸ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Διϑτ
΢ΣΞͰ͋Δɻ
ͦͷͨΊɺϑΝΠϧຖͷ࠷େಉ࣌઀ଓ਺ͷઃఆػೳ΍ɺ੍ޚ
Λ༗ޮԽ͢Δ࣌ؒଳΛઃఆ͢Δػೳ͸͍͍ͭͯͳ͍ɻ

mrubyͰॻ͔Ε͍ͯΔͨΊ؆୯ʹػೳ௥Ճ͕Ͱ͖Δʂ

View Slide

ػೳ௥ՃΠϝʔδ

਌
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
IUUQE
ڞ༗ϝϞϦ
global
mutex
ಉ࣌઀ଓ਺
Χ΢ϯλʔ
KVS
੍ޚ৚݅
localmemcacheΛ༻͍ͨ
Key-Value-Store
ϑΝΠϧͷϑϧύε͕Ωʔ
࠷େಉ࣌઀ଓ਺
੍ݶΛ༗ޮԽ͢Δ࣌ؒଳ
KVS
੍ޚ৚݅

View Slide

੍ݶ৚݅ͷσʔλ
/path/to/hoge.php
{
"max_clients" : 30, # ࠷େಉ࣌઀ଓ਺
"time_slots" : [ # ༗ޮʹ͢Δ࣌ؒଳ
{ "begin" : 1200, "end" : 1800 },
{ "begin" : 2100, "end" : 2200 }
]
}
KEY
VALUE
A Aͷؒ͸AQBUIUPIPHFQIQA΁ͷ
࠷େ઀ଓ਺ΛAA·Ͱʹ੍ݶ͢Δɻ

View Slide

ػೳ௥Ճޙͷಈ࡞֓ཁ

਌
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
IUUQE
ڞ༗ϝϞϦ
global
mutex
ಉ࣌઀ଓ਺
Χ΢ϯλʔ
KVS
KVS
੍ޚ৚݅

ϦΫΤετ

ϦΫΤετ

੍ޚ৚݅
Λࢀর

੍ޚ৚݅Λࢀর
ɹɹଘࡏ͠ͳ͚Ε͹ॲཧऴྃ

NVUFYΛϩοΫ

MPDL

ϑΝΠϧͷϑϧύεΛΩʔʹ
ΠϯΫϦϝϯτ

ΠϯΫϦϝϯτ

΋੍͠ݶ͕༗ޮͳ࣌ؒଳͰಉ
࣌઀ଓ਺੍ݶΛ௒ա͍ͯ͠Ε͹
ΤϥʔΛฦ͢

View Slide

࢖͍ํ IUUQEDPOG

LoadModule mruby_module modules/mod_mruby.so

# Apacheͷϓϩηε͕ىಈͨ࣌͠ʹϑοΫ͞ΕΔ
# http-access-limiterͷΫϥεΛఆٛɺ࣍ʹىಈ͢ΔWorker͕ࢀরͰ͖ΔΑ͏ʹ͢Δɻ
mrubyPostConfigMiddle /etc/httpd/conf.d/access_limiter/access_limiter_init.rb cache

# ΞΫηε͕ൃੜͨ͠ͱ͖ʹϑοΫ͞ΕΔ
# ಉ࣌઀ଓ਺Χ΢ϯλΛΠϯΫϦϝϯτ͢Δ
# ͞Βʹɺ࠷େಉ࣌઀ଓ਺Λ௒աͨ͠৔߹ʹ503ΤϥʔΛฦ͢ͳͲͷΞΫγϣϯΛهड़͢Δɻ
mrubyAccessCheckerMiddle /etc/httpd/conf.d/access_limiter/access_limiter.rb cache
# ίϯςϯπͷॲཧ͕ऴΘͬͨͱ͖ʹϑοΫ͞ΕΔ
# ಉ࣌઀ଓ਺Χ΢ϯλΛσΫϦϝϯτ͢Δ
mrubyLogTransactionMiddle /etc/httpd/conf.d/access_limiter/access_limiter_end.rb cache

View Slide

։ൃதͷ໰୊఺

਌
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
IUUQE
ڞ༗ϝϞϦ
global
mutex
ಉ࣌઀ଓ਺
Χ΢ϯλʔ
KVS

ϦΫΤετ

ϦΫΤετ

NVUFYΛϩοΫ

MPDL

ΠϯΫϦϝϯτ

ΠϯΫϦϝϯτ

ίϯςϯπͷॲཧ
4FHNFOUBUJPO'BVMU
8PSLFSϓϩηε͕ҟৗऴྃ͠ɺ
Ҏ߱ͷσΫϦϝϯτͷॲཧ͕
ߦΘΕͳ͘ͳΔɻ

View Slide

Χ΢ϯλʔ্͕͕Γͬͺͳ͠ʹͳͬͯ͠·͍ɺ
ಉ࣌઀ଓՄೳͳ਺͕ݮͬͯ͠·͏ɻ

View Slide

໰୊఺ͷղܾ
ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢ΔKVSͷσʔλͷ࣋ͪํΛมߋͨ͠ɻ
มߋલͷΧ΢ϯλʔ มߋޙͷΧ΢ϯλʔ
KEY VALUE KEY VALUE
/path/to/hoge.php 2 /path/to/hoge.php 2
create_time_/path/to/hoge.php 1477303672
Χ΢ϯλʔ͕ʹͳͬͨ࣌ؒΛه࿥ͯ͠ɺҰఆ࣌ؒΧ΢ϯλʔ্͕͕Γͬͺͳ͠ʹ
ͳ͍ͬͯͨΒɺҰ౓ʹ໭͢ͱ͍͏ॲཧΛೖΕΔ͜ͱͰղܾͨ͠ɻ

View Slide

ؾʹͳΔύϑΥʔϚϯε

View Slide

ύϑΥʔϚϯεςετ݁Ռ
abΛ࢖ͬͯύϑΥʔϚϯεΛଌఆ͠·ͨ͠ɻ
ςετύλʔϯ ྼԽ཰
httpd 0%
httpd + http-access-limiter 3%
httpd + http-access-limiter (੍ݶର৅) 5%
WordPress΁ͷΞΫηε
10ສϦΫΤετ100ଟॏ / CPU24ίΞɾRAM32GB
ςετύλʔϯ ྼԽ཰
httpd 0%
httpd + http-access-limiter 3%
httpd + http-access-limiter (੍ݶର৅) 30%
phpinfo()΁ͷΞΫηε

View Slide

ύϑΥʔϚϯεςετ݁Ռʹର͢Δߟ࡯
access-limiterͷಋೖʹੜ͡ΔύϑΥʔϚϯεྼԽ͸3%ͱߴ
଎Ͱ͋Δ͜ͱ͕෼͔ͬͨɻ
DBΛ࢖͏WordPressͰ͸ɺΞϓϦέʔγϣϯͷॲཧ͕Φʔό
ϔουͱͳͬͯaccess-limiterΛಋೖ͢Δ͜ͱʹΑΔΦʔό
ϔου͸ޡࠩఔ౓ͱͳͬͨɻ
phpinfo()ͷΑ͏ͳܰྔͳॲཧͷ৔߹ʹɺ੍ݶର৅ͱͨ͠ͱ͖
ʹ3ׂఔ౓ύϑΥʔϚϯεྼԽ͕ੜͨ͡ɻ

View Slide

ͲͷΑ͏ʹͯ͠ύϑΥʔϚϯεΛ
޲্͍ͤͯ͞Δͷ͔ʁ

View Slide

NSVCZΛ࢖ͬͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ
ύϑΥʔϚϯε޲্ͷ޻෉

View Slide


਌
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
KVS͔Β৘ใΛऔಘ͢Δͱ͖
KVS
ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ
PQFO PQFO PQFO PQFO
ϦΫΤετຖʹKVSΛOpen͢Δͱޮ཰͕ѱ͍

View Slide

mod_mruby΍ngx_mrubyʹ͸mrubyΛϑοΫͰ͖ΔλΠϛϯά͕ز͔ͭ͋Γ·͢ɻ
http-access-limiterͰ࢖͍ͬͯΔͷ͸ҎԼͷσΟϨΫςΟϒͰ͢ɻ
σΟϨΫςΟϒ λΠϛϯά
mrubyPostConfigMiddle ਌ϓϩηεىಈ࣌
mrubyAccessCheckerMiddle ϦΫΤετΛड͚෇͚ͨͱ͖
mrubyLogTransactionMiddle ΫϥΠΞϯτʹϨεϙϯεΛૹ৴ͨ͋͠ͱ

View Slide


਌
NSVCZ
KVSʹΞΫηε͢Δͱ͖
KVS
8PSLFS
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
8PSLFS
NSVCZ
ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ
ڞ༗ϝϞϦ
KVS
PQFO
ΦϒδΣΫτΛ֨ೲ

View Slide

ΞΫηεຖʹKVSΛ։͘ಈ࡞͕লུͰ͖ΔͷͰ
ΞϓϦέʔγϣϯ͸ߴ଎ʹͳΔ

View Slide

mruby-userdataͱ͍͏mgemΛར༻͢Δɻ
# mrubyPostConfigMiddle(ϓϩηεىಈ࣌)
Userdata.new.shared_kvs = Cache.new :filename => "store.lmc"
# mrubyAccessCheckerMiddle(ΞΫηε࣌)
cache = Userdata.new.shared_kvs ɹɹɹɹ # ڞ༗ϝϞϦΛࢀর͢Δ
p cache.get["hoge"]

ଞʹ΋MySQL΍RedisͳͲʹ઀ଓ͢ΔΑ͏ͳ৔߹ʹ΋༗ޮͳखஈ

View Slide

σΟϨΫςΟϒͷએݴ࣌ʹcacheΦϓγϣϯΛ͚ͭΔɻ
ϓϩηεىಈ࣌ʹόΠτίʔυม׵͞Εͯɺ࣮ߦͷͨͼʹίϯύΠ
ϧ͕ߦΘΕͳ͍ͨΊߴ଎ɻ
σϝϦοτͱͯ͠ίʔυΛมߋͨ͠৔߹͸ɺϓϩηεͷϦελʔτ
͕ඞཁʹͳΔɻ
mrubyPostConfigMiddle /etc/httpd/conf.d/script/init.rb cache

View Slide

NSVCZΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ
&&ςετ

View Slide

&&ςετͷ໨త
ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ
[access_limiterͩͱ] ࢦఆͨ͠ಉ࣌઀ଓ਺ʹୡͨ࣌͠ʹҙਤ͢Δε
ςʔλείʔυΛฦ͢͜ͱ͕Ͱ͖Δ͔ʁ
ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ
[access_limiterͩͱ] ϩοΫɺΞϯϩοΫɺΠϯΫϦϝϯτɺσΫϦ
ϝϯτͱϘτϧωοΫʹͳΓ͏Δಈ࡞Λ͍ͯ͠ΔͷͰૉͷhttpdͱൺ΂ͯ
Ͳͷ͘Β͍ύϑΥʔϚϯε͕ྼԽ͢Δͷ͔ʁͦΕ͸ڐ༰ൣғ͔ʁ

View Slide

&&ςετͷඞཁੑ
mrubyιʔείʔυΛॻ͖׵͑ͨ࣌ʹͦͷมߋ͕ͲΕ͚ͩύϑΥʔ
ϚϯεʹӨڹΛٴ΅͔͢Λ౎౓೺Ѳ͢Δඞཁ͕͋Δɻ
E2Eςετ͕͋Ε͹ɺଞͷਓ΋ίʔυΛॻ͖׵͑΍͍͢ɻ
ෛՙΛ͔͚ͨঢ়ଶͰਖ਼ৗͳಈ࡞Λ͢Δ͔ɻ
௨ৗͷιϑτ΢ΣΞ։ൃͱ͸ҧ͍ΫϥΠΞϯτͱApache΍Nginx
ͷؒʹҐஔ͢Δ෦෼Λ։ൃ͢ΔͨΊUnitςετͷΈͰ͸ෆे෼ɻ

View Slide

ͲͷΑ͏ʹςετ͢Δ͔ʁ

View Slide

ෛՙΛ͔͚ͯύϑΥʔϚϯεΛଌఆ͢Δʹ͸ʁ
abίϚϯυ

# ab -c 100 -n 100000 -k http://localhost/phpinfo.php
:
Requests per second: 1699.53 [#/sec] (mean)
Time per request: 58.840 [ms] (mean)
Time per request: 0.588 [ms] (mean, across all concurrent
requests)
Transfer rate: 73499.65 [Kbytes/sec] received
ෛՙΛ͔͚ͨ݁Ռɺ3FDTFD΍Ϩεϙϯείʔυ͕
ҙਤͨ͠΋ͷͩͬͨͷ͔Λ؆୯ʹ֬ೝ͍ͨ͠ʂ

View Slide

ab-mrubyΛ࢖͑͹࣮ݱͰ͖Δ

View Slide

BCNSVCZͷ࢖͍ํ
ҎԼͷΑ͏ʹίϚϯυΛ࣮ߦ͠·͢ɻ
ˌab-mruby -m config.rb -M suite.rb http://hoge.jp/phpinfo.php
ҎԼͷΑ͏ʹςετͷઃఆ͠·͢ɻ
add_config(
"TotalRequests" => 100000,
"Concurrency" => 100,
"KeepAlive" => true,
)
test_suite do
"CompleteRequests".should_be 100000
"RequestPerSecond".should_be_over 1000
"Non2xxResponses".should_be 0
end
config.rb
suite.rb
ςετͷઃఆΛهड़
ςετ݁Ռͷ͋Δ΂͖
ঢ়ଶΛهड़

View Slide

Mac
IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ
ςετ؀ڥ͸DockerͰίϯςφΛ্ཱͪ͛ͯߏங͢Δɻ
ab-mrubyΛ࢖ͬͯabͷ݁ՌΛςετ͢Δɻ
WEB Client
httpd
mod-mruby
ab-mruby
Docker
ςετύλʔϯ͸
httpd
httpd + access-limiter
httpd + access-limiter(੍ݶ͋Γ)
ύϑΥʔϚϯεͷਪҠΛ֬ೝͰ͖ΔΑ͏ʹ͠
ͯͲ͕͜ϘτϧωοΫʹͳ͍ͬͯΔ͔Λ෼͔
ΔΑ͏ʹ͍ͯ͠·͢ɻ

BCʹΑΔෛՙ

View Slide

IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ
ςετ࣮ߦ͸ҎԼͷΑ͏ʹ͠·͢ɻ
ύϑΥʔϚϯεࢼݧ͸සൟʹߦ͏ͷͰɺΦϖϨʔγϣϯΛ؆୯ʹ͢ΔͨΊʹɺશͯ
ͷςετύλʔϯΛrakeίϚϯυ1ൃͰͰ͖ΔΑ͏ʹ͍ͯ͠·͢ɻ
ˌrake e2e:test
>>
>> performance test
>>
:
Finished 100000 requests
[TEST CASE] [true] CompleteRequests (100000) should be 100000
[TEST CASE] [true] RequestPerSecond (1024.9543902983) should be over 1000
[TEST CASE] [true] Non2xxResponses (0) should be 0
test suites: [true]

View Slide

&&ςετͷ໨తΛୡ੒Ͱ͖ͨ
E2Eςετͷ໨త
ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ
ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ

E2EςετΛίϚϯυҰൃͰ؆୯ʹͰ͖ΔΑ͏ʹͳͬͨ

View Slide

·ͱΊ

View Slide

·ͱΊ
ϗεςΟϯά͸ڞ༗αʔόͰ͋ΔͷͰɺΑΓଟ͘ͷਓ͕҆Ձ
Ͱշదʹ͝ར༻͍ͨͩͨ͘ΊʹΞΫηε੍ޚ͸ඞཁɻ
ΞΫηε੍ޚͷ୯ҐΛΑΓࡉ੍͔ͯ͘͠ޚʹΑΔӨڹΛۃখ
Խ͠ɺద੾ͳΞΫηε੍ޚΛ࣮ݱͨ͠ɻ
࣮ݱखஈͱͯ͠อकੑɺ֦ுੑɺੑೳͷόϥϯε͕Α͍
mrubyΛ༻͍ͨɻ

View Slide

ࠓޙͷ༧ఆ

View Slide

ࠓޙͷ༧ఆ
ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ

View Slide

ࠓޙͷ༧ఆ
ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ
mrubyͰ࣮૷ͨ͜͠ͱΛ׆͔ͯ͠ɺ·ͩ·ͩൃల్্ͷhttp-access-
limiterΛࠓޙ΋ϒϥογϡΞοϓ͍ͯ͘͠ɻ
ฐࣾͰ͸ෛՙίϯτϩʔϧͷࣗಈԽʹऔΓ૊ΜͰ͍·͢ɻ
http-access-limiter͸ઃఆͷϦϩʔυ͕ඞཁͳ͘ɺ੍ޚͷӨڹͷ
ۃখԽΛ࣮ݱͨ͠ιϑτ΢ΣΞͳͷͰࣗಈԽʹద͍ͯ͠·͢ɻ
ͦͷͨΊɺࠓޙ͸http-access-limiterΛ࢖ͬͨࣗಈతͳෛՙίϯ
τϩʔϧΛߦ͍͖͍ͬͯͨͱߟ͍͑ͯ·͢ɻ

View Slide

ϖύϘͰҰॹʹಇ͘஥ؒΛืू͍ͯ͠·͢ʂ
࠷৽ͷ࠾༻৘ใΛνΣοΫˠ [email protected]

View Slide

hoscon2016-shibuya-takumakume

hoscon2016-shibuya-takumakume

Takuma Kume

More Decks by Takuma Kume

Other Decks in Technology

Featured

Transcript