hoscon2016-shibuya-takumakume

Transcript

1. ٱถ
   ୓അ
   
   (.0
   1FQBCP
   *OD
   
   (.0
   )PTUJOH
   $POGFSFODF
   !ौ୩ ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͷ
   ඞཁੑͱͦͷ࣮૷ 

2. ࣗݾ঺հ ٱถ ୓അ (@takumakume) ߴߍଔۀʙ6೥ؒ ΠϯλʔωοταʔϏεϓϩόΠμͰۈ຿ ωοτϫʔΫʙϛυϧ΢ΣΞͷߏங ϓϦηʔϧεΤϯδχΞ 2016೥4݄͔ΒϖύϘʹೖࣾ ϩϦϙοϓʂͷΠϯϑϥΤϯδχΞ

   ෱Ԭग़਎ɾ෱Ԭࡏॅ ϚΠϒʔϜ͸ڕΛ௼ͬͯࡹ͘͜ͱ 

3. ϖύϘͷαʔϏε ϗεςΟϯά
   ࣄۀ &$ࢧԉ
   ࣄۀ ϋϯυϝΠυ
   ࣄۀ ίϛϡχςΟ
   ࣄۀɾͦͷଞ

4. 

5. ໨࣍ ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸ mrubyΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷ mrubyΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚ΔE2Eςετ ·ͱΊ ࠓޙͷ༧ఆ 

6. ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚ
   ͱ͸ 

7. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ 

8. ϗεςΟϯάʹ͓͚ΔΞΫηε੍ޚ ϗεςΟϯά͸ͦͷಛੑ্ɺ͓٬༷ͷ༷ʑͳίϯςϯπΛ͓ ༬͔Γ͍ͯ͠Δɻ தʹ͸ҟৗʹߴෛՙʹͳΔ΋ͷ΍ɺDDoSͷର৅ʹͳΔίϯς ϯπͳͲ༷ʑͰ͋Δɻ ͔͠͠ɺ͜ͷΑ͏ͳҰ෦ͷίϯςϯπʹΑΓɺͦͷαʔόΛ
   ͝ར༻௖͍͍ͯΔେଟ਺ͷଞͷ͓٬༷͕շదʹ8&#Λར༻Ͱ͖ͳ͘
   ͳͬͯ͠·͏͜ͱ͸ɺ͋ͬͯ͸ͳΒͳ͍ͱզʑ͸ߟ͍͑ͯ·͢ɻ 

9. ຊηογϣϯͰ͸ͦͷղܾखஈͷ̍ͭͱͯ͠ɺ
   ϩϦϙοϓʂͰߦ͍ͬͯΔ
   ଟ͘ͷ͓٬༷ʹշదʹ͝ར༻͍ͨͩͨ͘Ίͷ
   ࣍ੈ୅ΞΫηε੍ޚʹ͍ͭͯ͝঺հ͠·͢ɻ 

10. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ 

11. ݱঢ়ͷΞΫηε੍ޚͷ՝୊ 

12. ͜Ε·Ͱʹར༻ͨ͠ΞΫηε੍ޚखஈ  mod_cbandΛར༻ͨ͠ΞΧ΢ϯτ୯ҐͰͷτϥϑΟοΫ ੍ޚͱಉ࣌ΞΫηε਺੍ޚ mod_vhost_maxclientsΛར༻ͨ͠υϝΠϯ୯ҐͰͷ ಉ࣌ΞΫηε਺੍ޚ ͦΕͧΕ՝୊͕͋ͬͨ

13. NPE@DCBOEΛར༻੍ͨ͠ޚʹΑΔ՝୊  ΞΧ΢ϯτ୯ҐͷτϥϑΟοΫͱಉ࣌ΞΫηε਺੍ݶΛ͍ͯͨ͠ɻ CBandSpeed 10Mb/s 30 30 mod_cbandΛ༗ޮʹ͢Δ͜ͱͰ໿70%ఔ౓ͷύϑΥʔϚϯε ྼԽ͕ੜ͡ɺ੍ޚػߏࣗମ͕ϘτϧωοΫͱͳͬͨɻ

14. NPE@WIPTU@NBYDMJFOUTΛར༻੍ͨ͠ޚ  mod_cbandͷύϑΥʔϚϯεྼԽ͕େ͖͍ͨΊͪ͜ΒΛ࠾༻ɻ ಋೖʹΑΔύϑΥʔϚϯεྼԽ͸2%ͱߴ଎ͳιϑτ΢ΣΞɻ ҎԼͷΑ͏ʹυϝΠϯ୯Ґͷಉ࣌ΞΫηε਺੍ݶΛߦ͏ɻ <VirtualHost *> DocumentRoot /path/to/web ServerName

    hoge.example.jp VhostMaxClients 30 </VirtualHost> ͔͠͠ɺ࣍ͷΑ͏ͳύλʔϯͰ՝୊͕ੜͨ͡ɻ

15. NPE@WIPTU@NBYDMJFOUTΛͲ͏࢖͍ͬͯΔ͔  ڞ༻8&#αʔό IPHFDPN mod_vhost_maxclientsͷ੍ݶ ZDPN YDPN ஶ͘͠Ϧιʔε࢖༻ྔ͕ภΒͳ͍Α͏ʹେ࿮ͷϦιʔε෼ׂͱ ͯ͠ɺ֤υϝΠϯʹಉ࣌઀ଓ਺ͷ੍ݶΛ͔͚͍ͯ·͢ɻ

16.  ڞ༻8&#αʔό IPHFDPN ॲཧͷॏ͍ϓϩάϥϜʹΞΫηε͕ूத͠αʔό͕ߴෛՙͱͳͬͨ mod_vhost_maxclientsͷ੍ݶ ZDPN YDPN

17.  ڞ༻8&#αʔό IPHFDPN mod_vhost_maxclientsͷ੍ݶ ZDPN YDPN NPE@WIPTU@NBYDMJFOUTͷ੍ݶΛڧΊΔඞཁ͕͋Δ

18.  ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ੍ݶΛڧΊͨ ܰྔͳίϯςϯπʹ΋ΞΫηεͰ͖ͳ͘ͳΔ

19.  ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ຊདྷ੍ޚ͞ΕΔඞཁ͕ͳ͍ϑΝΠϧ·Ͱ
    ΞΫηεͰ͖ͳ͘ͳͬͯ͠·͏ɻ

20. ղܾํ๏  ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ϑΝΠϧ୯ҐͰ੍ޚ mod_vhost_maxclients

21. ղܾํ๏  ڞ༻8&#αʔό IPHFDPN ZDPN YDPN ϑΝΠϧ୯ҐͰ੍ޚ mod_vhost_maxclients αʔόͷෛՙΛԼ͛ͭͭɺ੍ޚʹΑΔӨڹΛۃখԽͰ͖Δɻ

22.     ࣌ ࣌ ࣌ ࣌ ࣌ ࣌

    ࣌ ࣌ ࣌ ͋ΔαʔόͷϦιʔεফඅྔ <> 

23.     ࣌ ࣌ ࣌ ࣌ ࣌ ࣌

    ࣌ ࣌ ࣌ શମ ͋ΔαʔόͷϦιʔεফඅྔ <>  ಛఆͷϑΝΠϧ ఆظతʹॏ͍ॲཧ͕࣮ߦ͞Ε͍ͯͨ

24.     ࣌ ࣌ ࣌ ࣌ ࣌ ࣌

    ࣌ ࣌ ࣌ શମ ͋ΔαʔόͷϦιʔεফඅྔ <>  ಛఆͷϑΝΠϧ ಛఆͷϑΝΠϧͷॲཧͰϦιʔεͷ΄ͱΜͲΛফඅ͠
    ఆظతʹଞͷ͓٬༷΁ͷαʔϏεఏڙʹࢧোΛ͖͍ͨͯͨ͠ɻ

25.     ࣌ ࣌ ࣌ ࣌ ࣌ ࣌

    ࣌ ࣌ ࣌ શମ ಛఆͷϑΝΠϧ ղܾํ๏ <>  ෛՙͷߴ͍ϑΝΠϧʹରͯ͠ ࣌ؒࢦఆͰ੍ޚ͢Δ

26. ॊೈͳΞΫηε੍ޚͷ·ͱΊ ݱঢ়ΑΓ΋ࡉ͔͍ɺϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖ΔΑ͏ ʹͯ͠ɺ੍ޚʹΑΔӨڹΛۃখԽ͢Δ͜ͱɻ ಛఆͷ࣌ؒͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ 

27. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ 

28. ϗεςΟϯάͰ͸1୆ͷαʔόΛଟ͘ͷ͓٬༷ʹ͝ར༻͍ͨͩ͘͜ ͱͰ҆Ձʹఏڙ͍ͯ͠Δɻ ࠓޙ΋Ͱ͖Δ͚ͩ҆ՁʹշదͳαʔϏεΛఏڙ͍ͨ͠ɻ ΞΫηε੍ޚͷػߏ͕ϘτϧωοΫʹͳͬͯ͸ɺͦΕΛୡ੒Ͱ͖ ͳ͘ͳΔɻ ܰྔͳΞΫηε੍ޚͷඞཁੑ  ΞΫηε੍ޚΛߦ͏ιϑτ΢ΣΞ͸ॲཧ͕ߴ଎Ͱ͋Δඞཁ͕͋Δɻ

29. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ
    ͱ͸ 

30. ϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖Δ͜ͱɻ ಛఆͷ࣌ؒଳͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ ύϑΥʔϚϯεྼԽΛۃྗى͜͞ͳ͍͜ͱɻ ॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸  ͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

31. ϑΝΠϧ୯ҐͷΞΫηε੍ޚ͸
    طʹ"QBDIFͷϞδϡʔϧ͕ଘࡏ͢Δɻ 

32. NPE@WMJNJU mod_vlimit https://github.com/matsumoto-r/mod_vlimit ϑΝΠϧ΍σΟϨΫτϦ୯ҐͰಉ࣌ΞΫηε੍ޚΛ͢Δ͜ͱ͕Ͱ͖Δɻ <Files "hoge.php"> VlimitIP 30 /path/to/hoge.php </Files>

     ϑΝΠϧ୯ҐͰͷΞΫηε੍ޚΛߦ͏ػೳ͸͋Δ͕ ࠓճ͸ಋೖʹ͸ࢸΒͳ͔ͬͨɻ

33. NPE@WMJNJUΛ࠾༻͠ͳ͔ͬͨཧ༝ ࣌ؒࢦఆͰ੍ݶΛ༗ޮԽͰ͖Δػೳ͕ͳ͍ɻ ApacheͷϞδϡʔϧͳͷͰCݴޠͰ࣮૷͞Ε͍ͯΔɻ ӡ༻ܥͷπʔϧ͸࣌ؒͷܦաʹରͯ͠ॊೈͳมߋ͕ཁ ٻ͞ΕΔɻ CݴޠͰͷ։ൃͱͳΔͱ։ൃ޻਺্͕͕Δɺ։ൃऀ͕ݶ ΒΕΔɻ 

34. Ͱ͸ɺͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ 

35.  “mruby” ͳΒղܾͰ͖Δɻ

36. NSVCZ Rubyͷύύ͜ͱ “Matz” ͞Μ͕։ൃ͍ͯ͠Δɻ লϝϞϦͷ૊ΈࠐΈ޲͚ͷRuby࣮૷ɻ Cݴޠ͕ۤखͳͻͱͰ΋ɺmrubyΛ࢖͑͹RubyͰ૊ΈࠐΈ ։ൃΛߦ͏ࣄ͕Ͱ͖Δɻ 

37. Apache΍NginxͰmrubyΛ༻͍ͨ૊ΈࠐΈ ։ൃΛ࣮ݱͨ͠ιϑτ΢ΣΞ͕ଘࡏ͢Δ 

38. NPE@NSVCZOHY@NSVCZ ฐࣾͷ@matsumotory͕։ൃ͍ͯ͠Δɻ mod_mruby ApacheͰmrubyΛར༻͢ΔͨΊͷϞδϡʔϧ ngx_mruby nginxͰmrubyΛར༻͢ΔͨΊͷ֦ு࣮૷  CݴޠͰϞδϡʔϧΛ࣮૷͠ͳ͚Ε͹࣮ݱͰ͖ͳ͔ͬͨڍಈΛmruby Λ࢖͙ͬͯ͢ʹ࣮૷Ͱ͖ͯɺ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊΔ͜ ͱ͕Ͱ͖Διϑτ΢ΣΞɻ

39.  IUUQTHJUIVCDPNNBUTVNPUPSNPE@NSVCZ mod_mruby -1.5% ngx_mruby +17.5% ੩తίϯςϯπʹର͢ΔύϑΥʔϚϯεܭଌ݁Ռ

40. mrubyΛ༻͍Ε͹֦ுੑɺอकੑΛଛͳΘͣ ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊͯ ιϑτ΢ΣΞΛ։ൃ͢Δ͜ͱ͕Ͱ͖Δɻ 

41. NSVCZΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷ 

42.  ࣮૷ʹ͋ͨͬͯར༻ͨ͠ιϑτ΢ΣΞ

43. IUUQBDDFTTMJNJUFS ฐࣾͷ @matsumotory ͕։ൃ͍ͯ͠Δɻ https://github.com/matsumoto-r/http-access-limiter mod_mruby΋͘͠͸ngx_mrubyͰऔಘͨ͠೚ҙͷϦΫΤετύϥ ϝʔλΛ༻͍ͯಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δmruby੡ϛυϧ΢ΣΞ औಘͰ͖ΔϦΫΤετύϥϝʔλʹ͸ΞΫηεઌͷϑΝΠϧͷϑϧ ύεΛ࢝Ίɺ઀ଓݩͷIPΞυϨε΍ɺURLͳͲΛऔಘͰ͖ΔͨΊ ༷ʑͳ༻్Ͱ࢖༻Ͱ͖Δɻ

    

44. ಈ࡞֓ཁ
      ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE

    ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS ಉ࣌઀ଓ਺Χ΢ϯλʔ localmemcacheΛ༻͍ͨ Key-Value-Store Ωʔͱͨ͠ϦΫΤετύϥϝʔ λΛݩʹಉ࣌ΞΫηε਺ΛΧ ΢ϯτ͢Δɻ global mutex ֤Worker͔Βಉ࣌઀ଓ਺Χ ΢ϯλʔΛૢ࡞͢ΔͨΊෆ੔ ߹͕ൃੜ͠ͳ͍Α͏ʹ౎౓ϩο ΫΛߦ͏ɻ KEY /path/to/hoge.php VALUE 1

45. ಈ࡞֓ཁ
      ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE

    ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS 
    ϦΫΤετ 
    ϦΫΤετ 
    NVUFYΛϩοΫ 
    MPDL 
    ϦΫΤετύϥϝʔλΛΩʔ ʹΠϯΫϦϝϯτ 
    ΠϯΫϦϝϯτ KEY /path/to/hoge.php VALUE 1 
    VOMPDL 
    NVUFYΛΞϯϩοΫ

46. ಈ࡞֓ཁ
      ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE

    ڞ༗ϝϞϦ global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS 
    ίϯςϯπͷॲཧΛߦ͏ 
    NVUFYΛϩοΫ 
    MPDL 
    σΫϦϝϯτ 
    σΫϦϝϯτ 
    VOMPDL 
    NVUFYΛΞϯϩοΫ KEY /path/to/hoge.php VALUE 0 
    ίϯςϯπͷॲཧ

47. ಈ࡞֓ཁͷ·ͱΊ  ϦΫΤετ͕͋ͬͨ࣌ʹɺϦΫΤετύϥϝʔλΛmod_mruby΍ ngx_mrubyΛ༻͍ͯऔಘ͢Δɻ ΞΫηε੍ޚΛ͍ͨ͠୯ҐΛΩʔͱͯ͠ɺಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δɻ ෳ਺ͷWorker͔ΒΧ΢ϯλʔૢ࡞͢ΔͨΊɺglobal mutexΛ࢖ͬͯ ෆ੔߹͕ى͖ͳ͍Α͏ʹ੍ޚ͢Δɻ

48. ՝୊ http-access-limiter͸ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Διϑτ ΢ΣΞͰ͋Δɻ ͦͷͨΊɺϑΝΠϧຖͷ࠷େಉ࣌઀ଓ਺ͷઃఆػೳ΍ɺ੍ޚ Λ༗ޮԽ͢Δ࣌ؒଳΛઃఆ͢Δػೳ͸͍͍ͭͯͳ͍ɻ  mrubyͰॻ͔Ε͍ͯΔͨΊ؆୯ʹػೳ௥Ճ͕Ͱ͖Δʂ

49. ػೳ௥ՃΠϝʔδ  ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ

    global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS ੍ޚ৚݅ localmemcacheΛ༻͍ͨ Key-Value-Store ϑΝΠϧͷϑϧύε͕Ωʔ ࠷େಉ࣌઀ଓ਺ ੍ݶΛ༗ޮԽ͢Δ࣌ؒଳ KVS ੍ޚ৚݅

50. ੍ݶ৚݅ͷσʔλ /path/to/hoge.php { "max_clients" : 30, # ࠷େಉ࣌઀ଓ਺ "time_slots" :

    [ # ༗ޮʹ͢Δ࣌ؒଳ { "begin" : 1200, "end" : 1800 }, { "begin" : 2100, "end" : 2200 } ] } KEY VALUE A
    A
    ͷؒ͸
    AQBUIUPIPHFQIQA
    ΁ͷ
    ࠷େ઀ଓ਺Λ
    AA
    ·Ͱʹ੍ݶ͢Δɻ 

51. ػೳ௥Ճޙͷಈ࡞֓ཁ  ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ

    global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS KVS ੍ޚ৚݅ 
    ϦΫΤετ 
    ϦΫΤετ 
    ੍ޚ৚݅
    Λࢀর 
    ੍ޚ৚݅Λࢀর
    ɹɹଘࡏ͠ͳ͚Ε͹ॲཧऴྃ 
    NVUFYΛϩοΫ 
    MPDL 
    ϑΝΠϧͷϑϧύεΛΩʔʹ ΠϯΫϦϝϯτ 
    ΠϯΫϦϝϯτ 
    ΋੍͠ݶ͕༗ޮͳ࣌ؒଳͰಉ ࣌઀ଓ਺੍ݶΛ௒ա͍ͯ͠Ε͹ ΤϥʔΛฦ͢

52. ࢖͍ํ
    IUUQEDPOG LoadModule mruby_module modules/mod_mruby.so <IfModule mod_mruby.c> # Apacheͷϓϩηε͕ىಈͨ࣌͠ʹϑοΫ͞ΕΔ #

    http-access-limiterͷΫϥεΛఆٛɺ࣍ʹىಈ͢ΔWorker͕ࢀরͰ͖ΔΑ͏ʹ͢Δɻ mrubyPostConfigMiddle /etc/httpd/conf.d/access_limiter/access_limiter_init.rb cache <FilesMatch ^.*\.php$> # ΞΫηε͕ൃੜͨ͠ͱ͖ʹϑοΫ͞ΕΔ # ಉ࣌઀ଓ਺Χ΢ϯλΛΠϯΫϦϝϯτ͢Δ # ͞Βʹɺ࠷େಉ࣌઀ଓ਺Λ௒աͨ͠৔߹ʹ503ΤϥʔΛฦ͢ͳͲͷΞΫγϣϯΛهड़͢Δɻ mrubyAccessCheckerMiddle /etc/httpd/conf.d/access_limiter/access_limiter.rb cache # ίϯςϯπͷॲཧ͕ऴΘͬͨͱ͖ʹϑοΫ͞ΕΔ # ಉ࣌઀ଓ਺Χ΢ϯλΛσΫϦϝϯτ͢Δ mrubyLogTransactionMiddle /etc/httpd/conf.d/access_limiter/access_limiter_end.rb cache </FilesMatch> </IfModule> 

53. ։ൃதͷ໰୊఺  ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ IUUQE ڞ༗ϝϞϦ

    global mutex ಉ࣌઀ଓ਺ Χ΢ϯλʔ KVS 
    ϦΫΤετ 
    ϦΫΤετ 
    NVUFYΛϩοΫ 
    MPDL 
    ΠϯΫϦϝϯτ 
    ΠϯΫϦϝϯτ 
    ίϯςϯπͷॲཧ 4FHNFOUBUJPO
    'BVMU
     8PSLFSϓϩηε͕ҟৗऴྃ͠ɺ
    Ҏ߱ͷσΫϦϝϯτͷॲཧ͕
    ߦΘΕͳ͘ͳΔɻ

54.  Χ΢ϯλʔ্͕͕Γͬͺͳ͠ʹͳͬͯ͠·͍ɺ ಉ࣌઀ଓՄೳͳ਺͕ݮͬͯ͠·͏ɻ

55. ໰୊఺ͷղܾ ಉ࣌઀ଓ਺ΛΧ΢ϯτ͢ΔKVSͷσʔλͷ࣋ͪํΛมߋͨ͠ɻ มߋલͷΧ΢ϯλʔ มߋޙͷΧ΢ϯλʔ KEY VALUE KEY VALUE /path/to/hoge.php 2

    /path/to/hoge.php 2 create_time_/path/to/hoge.php 1477303672 Χ΢ϯλʔ͕ʹͳͬͨ࣌ؒΛه࿥ͯ͠ɺҰఆ࣌ؒΧ΢ϯλʔ্͕͕Γͬͺͳ͠ʹ
    ͳ͍ͬͯͨΒɺҰ౓ʹ໭͢ͱ͍͏ॲཧΛೖΕΔ͜ͱͰղܾͨ͠ɻ 

56.  ؾʹͳΔύϑΥʔϚϯε

57. ύϑΥʔϚϯεςετ݁Ռ abΛ࢖ͬͯύϑΥʔϚϯεΛଌఆ͠·ͨ͠ɻ ςετύλʔϯ ྼԽ཰ httpd 0% httpd + http-access-limiter 3%

    httpd + http-access-limiter (੍ݶର৅) 5% WordPress΁ͷΞΫηε 10ສϦΫΤετ100ଟॏ / CPU24ίΞɾRAM32GB ςετύλʔϯ ྼԽ཰ httpd 0% httpd + http-access-limiter 3% httpd + http-access-limiter (੍ݶର৅) 30% phpinfo()΁ͷΞΫηε 

58. ύϑΥʔϚϯεςετ݁Ռʹର͢Δߟ࡯ access-limiterͷಋೖʹੜ͡ΔύϑΥʔϚϯεྼԽ͸3%ͱߴ ଎Ͱ͋Δ͜ͱ͕෼͔ͬͨɻ DBΛ࢖͏WordPressͰ͸ɺΞϓϦέʔγϣϯͷॲཧ͕Φʔό ϔουͱͳͬͯaccess-limiterΛಋೖ͢Δ͜ͱʹΑΔΦʔό ϔου͸ޡࠩఔ౓ͱͳͬͨɻ phpinfo()ͷΑ͏ͳܰྔͳॲཧͷ৔߹ʹɺ੍ݶର৅ͱͨ͠ͱ͖ ʹ3ׂఔ౓ύϑΥʔϚϯεྼԽ͕ੜͨ͡ɻ 

59.  ͲͷΑ͏ʹͯ͠ύϑΥʔϚϯεΛ ޲্͍ͤͯ͞Δͷ͔ʁ

60. NSVCZΛ࢖ͬͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ
    ύϑΥʔϚϯε޲্ͷ޻෉ 

61. ύϑΥʔϚϯε޲্ͷ޻෉  ਌ NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ 8PSLFS NSVCZ

    8PSLFS NSVCZ KVS͔Β৘ใΛऔಘ͢Δͱ͖ KVS ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ PQFO PQFO PQFO PQFO ϦΫΤετຖʹKVSΛOpen͢Δͱޮ཰͕ѱ͍

62. ύϑΥʔϚϯε޲্ͷ޻෉ mod_mruby΍ngx_mrubyʹ͸mrubyΛϑοΫͰ͖ΔλΠϛϯά͕ز͔ͭ͋Γ·͢ɻ http-access-limiterͰ࢖͍ͬͯΔͷ͸ҎԼͷσΟϨΫςΟϒͰ͢ɻ σΟϨΫςΟϒ λΠϛϯά mrubyPostConfigMiddle ਌ϓϩηεىಈ࣌ mrubyAccessCheckerMiddle ϦΫΤετΛड͚෇͚ͨͱ͖ mrubyLogTransactionMiddle

    ΫϥΠΞϯτʹϨεϙϯεΛૹ৴ͨ͋͠ͱ 

63. ύϑΥʔϚϯε޲্ͷ޻෉  ਌ NSVCZ KVSʹΞΫηε͢Δͱ͖ KVS 8PSLFS NSVCZ 8PSLFS NSVCZ

    8PSLFS NSVCZ 8PSLFS NSVCZ ϦΫΤετ ϦΫΤετ ϦΫΤετ ϦΫΤετ ڞ༗ϝϞϦ KVS PQFO ΦϒδΣΫτΛ֨ೲ

64.  ΞΫηεຖʹKVSΛ։͘ಈ࡞͕লུͰ͖ΔͷͰ ΞϓϦέʔγϣϯ͸ߴ଎ʹͳΔ

65. ύϑΥʔϚϯε޲্ͷ޻෉ mruby-userdataͱ͍͏mgemΛར༻͢Δɻ # mrubyPostConfigMiddle(ϓϩηεىಈ࣌) Userdata.new.shared_kvs = Cache.new :filename => "store.lmc"

    # mrubyAccessCheckerMiddle(ΞΫηε࣌) cache = Userdata.new.shared_kvs ɹɹɹɹ # ڞ༗ϝϞϦΛࢀর͢Δ p cache.get["hoge"]  ଞʹ΋MySQL΍RedisͳͲʹ઀ଓ͢ΔΑ͏ͳ৔߹ʹ΋༗ޮͳखஈ

66. ύϑΥʔϚϯε޲্ͷ޻෉ σΟϨΫςΟϒͷએݴ࣌ʹcacheΦϓγϣϯΛ͚ͭΔɻ ϓϩηεىಈ࣌ʹόΠτίʔυม׵͞Εͯɺ࣮ߦͷͨͼʹίϯύΠ ϧ͕ߦΘΕͳ͍ͨΊߴ଎ɻ σϝϦοτͱͯ͠ίʔυΛมߋͨ͠৔߹͸ɺϓϩηεͷϦελʔτ ͕ඞཁʹͳΔɻ mrubyPostConfigMiddle /etc/httpd/conf.d/script/init.rb cache 

67. NSVCZΛ༻͍ͨϛυϧ΢ΣΞ։ൃʹ͓͚Δ
    &&ςετ 

68. &&ςετͷ໨త ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ [access_limiterͩͱ] ࢦఆͨ͠ಉ࣌઀ଓ਺ʹୡͨ࣌͠ʹҙਤ͢Δε ςʔλείʔυΛฦ͢͜ͱ͕Ͱ͖Δ͔ʁ ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ [access_limiterͩͱ] ϩοΫɺΞϯϩοΫɺΠϯΫϦϝϯτɺσΫϦ ϝϯτͱϘτϧωοΫʹͳΓ͏Δಈ࡞Λ͍ͯ͠ΔͷͰૉͷhttpdͱൺ΂ͯ Ͳͷ͘Β͍ύϑΥʔϚϯε͕ྼԽ͢Δͷ͔ʁͦΕ͸ڐ༰ൣғ͔ʁ

    

69. &&ςετͷඞཁੑ mrubyιʔείʔυΛॻ͖׵͑ͨ࣌ʹͦͷมߋ͕ͲΕ͚ͩύϑΥʔ ϚϯεʹӨڹΛٴ΅͔͢Λ౎౓೺Ѳ͢Δඞཁ͕͋Δɻ E2Eςετ͕͋Ε͹ɺଞͷਓ΋ίʔυΛॻ͖׵͑΍͍͢ɻ ෛՙΛ͔͚ͨঢ়ଶͰਖ਼ৗͳಈ࡞Λ͢Δ͔ɻ ௨ৗͷιϑτ΢ΣΞ։ൃͱ͸ҧ͍ΫϥΠΞϯτͱApache΍Nginx ͷؒʹҐஔ͢Δ෦෼Λ։ൃ͢ΔͨΊUnitςετͷΈͰ͸ෆे෼ɻ 

70. ͲͷΑ͏ʹςετ͢Δ͔ʁ 

71. ෛՙΛ͔͚ͯύϑΥʔϚϯεΛଌఆ͢Δʹ͸ʁ abίϚϯυ  # ab -c 100 -n 100000 -k

    http://localhost/phpinfo.php : Requests per second: 1699.53 [#/sec] (mean) Time per request: 58.840 [ms] (mean) Time per request: 0.588 [ms] (mean, across all concurrent requests) Transfer rate: 73499.65 [Kbytes/sec] received ෛՙΛ͔͚ͨ݁Ռɺ3FDTFD΍Ϩεϙϯείʔυ͕
    ҙਤͨ͠΋ͷͩͬͨͷ͔Λ؆୯ʹ֬ೝ͍ͨ͠ʂ

72. ab-mrubyΛ࢖͑͹࣮ݱͰ͖Δ 

73. BCNSVCZͷ࢖͍ํ ҎԼͷΑ͏ʹίϚϯυΛ࣮ߦ͠·͢ɻ ˌab-mruby -m config.rb -M suite.rb http://hoge.jp/phpinfo.php ҎԼͷΑ͏ʹςετͷઃఆ͠·͢ɻ add_config(

    "TotalRequests" => 100000, "Concurrency" => 100, "KeepAlive" => true, ) test_suite do "CompleteRequests".should_be 100000 "RequestPerSecond".should_be_over 1000 "Non2xxResponses".should_be 0 end config.rb suite.rb ςετͷઃఆΛهड़ ςετ݁Ռͷ͋Δ΂͖ ঢ়ଶΛهड़ 

74. Mac IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ ςετ؀ڥ͸DockerͰίϯςφΛ্ཱͪ͛ͯߏங͢Δɻ ab-mrubyΛ࢖ͬͯabͷ݁ՌΛςετ͢Δɻ WEB Client httpd mod-mruby ab-mruby Docker

    ςετύλʔϯ͸ httpd httpd + access-limiter httpd + access-limiter(੍ݶ͋Γ) ύϑΥʔϚϯεͷਪҠΛ֬ೝͰ͖ΔΑ͏ʹ͠ ͯͲ͕͜ϘτϧωοΫʹͳ͍ͬͯΔ͔Λ෼͔ ΔΑ͏ʹ͍ͯ͠·͢ɻ  BCʹΑΔෛՙ

75. IUUQBDDFTTMJNJUFSͰ͸͜͏͍ͯ͠Δ ςετ࣮ߦ͸ҎԼͷΑ͏ʹ͠·͢ɻ ύϑΥʔϚϯεࢼݧ͸සൟʹߦ͏ͷͰɺΦϖϨʔγϣϯΛ؆୯ʹ͢ΔͨΊʹɺશͯ ͷςετύλʔϯΛrakeίϚϯυ1ൃͰͰ͖ΔΑ͏ʹ͍ͯ͠·͢ɻ ˌrake e2e:test >> >> performance test

    >> : Finished 100000 requests [TEST CASE] [true] CompleteRequests (100000) should be 100000 [TEST CASE] [true] RequestPerSecond (1024.9543902983) should be over 1000 [TEST CASE] [true] Non2xxResponses (0) should be 0 test suites: [true] 

76. &&ςετͷ໨తΛୡ੒Ͱ͖ͨ E2Eςετͷ໨త ΫϥΠΞϯτɾαʔόؒͰҙਤ͍ͯ͠Δಈ͖Λ͍ͯ͠Δ͔Λ֬ೝɻ ΫϥΠΞϯτɾαʔόؒͰҙਤ͢ΔύϑΥʔϚϯεΛग़͍ͤͯΔ͔Λ֬ೝɻ  E2EςετΛίϚϯυҰൃͰ؆୯ʹͰ͖ΔΑ͏ʹͳͬͨ

77. ·ͱΊ 

78. ·ͱΊ ϗεςΟϯά͸ڞ༗αʔόͰ͋ΔͷͰɺΑΓଟ͘ͷਓ͕҆Ձ Ͱշదʹ͝ར༻͍ͨͩͨ͘ΊʹΞΫηε੍ޚ͸ඞཁɻ ΞΫηε੍ޚͷ୯ҐΛΑΓࡉ੍͔ͯ͘͠ޚʹΑΔӨڹΛۃখ Խ͠ɺద੾ͳΞΫηε੍ޚΛ࣮ݱͨ͠ɻ ࣮ݱखஈͱͯ͠อकੑɺ֦ுੑɺੑೳͷόϥϯε͕Α͍ mrubyΛ༻͍ͨɻ 

79. ࠓޙͷ༧ఆ 

80. ࠓޙͷ༧ఆ ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ 

81. ࠓޙͷ༧ఆ ڕΛ͞͹͖ͭͭɺద੾ʹΞΫηεΛ͞͹͍͍͖͍ͯͨͰ͢ɻ mrubyͰ࣮૷ͨ͜͠ͱΛ׆͔ͯ͠ɺ·ͩ·ͩൃల్্ͷhttp-access- limiterΛࠓޙ΋ϒϥογϡΞοϓ͍ͯ͘͠ɻ ฐࣾͰ͸ෛՙίϯτϩʔϧͷࣗಈԽʹऔΓ૊ΜͰ͍·͢ɻ http-access-limiter͸ઃఆͷϦϩʔυ͕ඞཁͳ͘ɺ੍ޚͷӨڹͷ ۃখԽΛ࣮ݱͨ͠ιϑτ΢ΣΞͳͷͰࣗಈԽʹద͍ͯ͠·͢ɻ ͦͷͨΊɺࠓޙ͸http-access-limiterΛ࢖ͬͨࣗಈతͳෛՙίϯ τϩʔϧΛߦ͍͖͍ͬͯͨͱߟ͍͑ͯ·͢ɻ 

82. ϖύϘͰҰॹʹಇ͘஥ؒΛืू͍ͯ͠·͢ʂ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU