Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TakumaKume_kixs_vol002

Takuma Kume
December 02, 2016
Technology
0
390

 TakumaKume_kixs_vol002

九州インフラ交流勉強会(Kixs) Vol.002
https://kixs.connpass.com/
ホスティングにおける柔軟かつ軽量なアクセス制御の必要性とその実装
@takumakume

Takuma Kume

December 02, 2016
Tweet

More Decks by Takuma Kume

See All by Takuma Kume
ホスティング事業におけるSREの取り組みとSREの面白さ/SRE Efforts in the Hosting Business and the Interest of SRE
takumakume
1
630
GitOpsで実現するPull Request毎のプレビュー環境/Preview environment for each Pull Request by GitOps
takumakume
0
520
クラウドネイティブな開発環境への移行/Move to the cloud native development environment
takumakume
1
400
200万ドメインを超えるレンタルサーバのコンテンツキャッシュ機能の裏側/2_million_more_than_the_domain_the_back_of_the_rental_server_content_cache
takumakume
10
2.4k
DDoS攻撃との終わりなき戦い/endless_battle_with_ddos_attack
takumakume
6
11k
toward_systematization_of_linux_trace_tool
takumakume
0
120
eBPF入門 /eBPF-getting-started
takumakume
6
6.3k
Webサーバ拡張における排他制御のパフォーマンスチューニング /performance_tuning_of_exclusive_control in_web_server extension
takumakume
7
2k
ホスティングにおける安定運用のためのアクセスコントロール手法
takumakume
3
2.1k

Other Decks in Technology

See All in Technology
『AWSではじめるクラウドセキュリティ』の裏側を。
ryohatanmonolog
2
190
カーネルコードの歩き方
sat
PRO
3
2.5k
ハッカソンにおけるiOSアプリ開発での学びと楽しさ
ojun9
1
170
ハンズオンで学ぶ! Instana基礎
daihiraoka
1
120
リリースノートにないCDKのアップデートを見てみよう
watany
0
760
Get started with OSS contributions
sinsoku
2
580
Semantic Kernel LT
takashi1029
1
330
AWS Copilotを CDKでカスタマイズする
_takahash
2
1.4k
Oracle Database Technology Night #67 Oracle Database High Availability concept
oracle4engineer
PRO
0
480
AWS WAFおよびWafCharmを複数サービスに導入した結果と課題
iwamot
0
170
ユーザーストーリーマッピング
kawaguti
PRO
4
720
監視からオブザーバビリティへ〜オブザーバビリティの成熟度/From Monitoring to Observability - Maturity of Observability
newrelic2023
0
420

Featured

See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
108
6k
How GitHub (no longer) Works
holman
299
140k
Designing the Hi-DPI Web
ddemaree
273
33k
Designing Experiences People Love
moore
130
22k
Testing 201, or: Great Expectations
jmmastey
26
5.9k
The Invisible Customer
myddelton
113
12k
The Mythical Team-Month
searls
211
41k
Building Your Own Lightsaber
phodgson
96
5k
The Power of CSS Pseudo Elements
geoffreycrofte
54
4.5k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.5k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
In The Pink: A Labor of Love
frogandcode
133
21k

Transcript

  1. ٱถ୓അ(.01FQBCP *OD
    ۝भΠϯϑϥަྲྀษڧձ,*94WPM!(.0ϖύϘ෱Ԭࢧࣾ
    ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͷ
    ඞཁੑͱͦͷ࣮૷

    View Slide

  2. ࣗݾ঺հ
    ٱถ ୓അ (@takumakume)
    ߴߍଔۀʙ6೥ؒ
    ΠϯλʔωοταʔϏεϓϩόΠμͰۈ຿
    ωοτϫʔΫʙϛυϧ΢ΣΞͷߏங
    ϓϦηʔϧεΤϯδχΞ
    2016೥4݄͔ΒϖύϘʹೖࣾ
    ϩϦϙοϓʂͷΠϯϑϥΤϯδχΞ

    View Slide

  3. ໨࣍
    ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸
    mrubyΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷
    ·ͱΊ

    View Slide

  4. ϗεςΟϯάʹ͓͚Δॊೈ͔ͭܰྔͳΞΫηε੍ޚ
    ͱ͸

    View Slide

  5. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

    View Slide

  6. ϗεςΟϯάʹ͓͚ΔΞΫηε੍ޚ
    ϗεςΟϯά͸ͦͷಛੑ্ɺ͓٬༷ͷ༷ʑͳίϯςϯπΛ͓
    ༬͔Γ͍ͯ͠Δɻ
    தʹ͸ҟৗʹߴෛՙʹͳΔ΋ͷ΍ɺDDoSͷର৅ʹͳΔίϯς
    ϯπͳͲ༷ʑͰ͋Δɻ
    ͔͠͠ɺ͜ͷΑ͏ͳҰ෦ͷίϯςϯπʹΑΓɺͦͷαʔόΛ
    ͝ར༻௖͍͍ͯΔେଟ਺ͷଞͷ͓٬༷͕շదʹ8Λར༻Ͱ͖ͳ͘
    ͳͬͯ͠·͏͜ͱ͸ɺ͋ͬͯ͸ͳΒͳ͍ͱզʑ͸ߟ͍͑ͯ·͢ɻ

    View Slide

  7. ຊηογϣϯͰ͸ͦͷղܾखஈͷ̍ͭͱͯ͠ɺ
    ϩϦϙοϓʂͰߦ͍ͬͯΔ
    ଟ͘ͷ͓٬༷ʹ8Λշదʹ͝ར༻͍ͨͩͨ͘Ίͷ
    ࣍ੈ୅ΞΫηε੍ޚʹ͍ͭͯ͝঺հ͠·͢ɻ

    View Slide

  8. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

    View Slide

  9. ݱঢ়ͷΞΫηε੍ޚͷ՝୊

    View Slide

  10. ͜Ε·Ͱʹར༻ͨ͠ΞΫηε੍ޚखஈ

    mod_cbandΛར༻ͨ͠ΞΧ΢ϯτ୯ҐͰͷτϥϑΟοΫ
    ੍ޚͱಉ࣌ΞΫηε਺੍ޚ
    mod_vhost_maxclientsΛར༻ͨ͠υϝΠϯ୯ҐͰͷ
    ಉ࣌ΞΫηε਺੍ޚ
    ͦΕͧΕ՝୊͕͋ͬͨ

    View Slide

  11. [email protected]Λར༻੍ͨ͠ޚʹΑΔ՝୊

    ΞΧ΢ϯτ୯ҐͷτϥϑΟοΫͱಉ࣌ΞΫηε਺੍ݶΛ͍ͯͨ͠ɻ
    CBandSpeed 10Mb/s 30 30
    mod_cbandΛ༗ޮʹ͢Δ͜ͱͰ໿70%ఔ౓ͷύϑΥʔϚϯε
    ྼԽ͕ੜ͡ɺ੍ޚػߏࣗମ͕ϘτϧωοΫͱͳͬͨɻ

    View Slide

  12. [email protected]@NBYDMJFOUTΛར༻੍ͨ͠ޚ

    mod_cbandͷύϑΥʔϚϯεྼԽ͕େ͖͍ͨΊͪ͜ΒΛ࠾༻ɻ
    ಋೖʹΑΔύϑΥʔϚϯεྼԽ͸2%ͱߴ଎ͳιϑτ΢ΣΞɻ
    ҎԼͷΑ͏ʹυϝΠϯ୯Ґͷಉ࣌ΞΫηε਺੍ݶΛߦ͏ɻ

    DocumentRoot /path/to/web
    ServerName hoge.example.jp
    VhostMaxClients 30

    ͔͠͠ɺ࣍ͷΑ͏ͳύλʔϯͰ՝୊͕ੜͨ͡ɻ

    View Slide

  13. [email protected]@NBYDMJFOUTΛͲ͏࢖͍ͬͯΔ͔

    ڞ༻8αʔό
    IPHFDPN
    mod_vhost_maxclientsͷ੍ݶ
    ZDPN
    YDPN
    ஶ͘͠Ϧιʔε࢖༻ྔ͕ภΒͳ͍Α͏ʹେ࿮ͷϦιʔε෼ׂͱ
    ͯ͠ɺ֤υϝΠϯʹಉ࣌઀ଓ਺ͷ੍ݶΛ͔͚͍ͯ·͢ɻ

    View Slide


  14. ڞ༻8αʔό
    IPHFDPN
    ॲཧͷॏ͍ϓϩάϥϜʹΞΫηε͕ूத͠αʔό͕ߴෛՙͱͳͬͨ
    mod_vhost_maxclientsͷ੍ݶ
    ZDPN
    YDPN

    View Slide


  15. ڞ༻8αʔό
    IPHFDPN
    mod_vhost_maxclientsͷ੍ݶ
    ZDPN
    YDPN
    [email protected]@NBYDMJFOUTͷ੍ݶΛڧΊΔඞཁ͕͋Δ

    View Slide


  16. ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ੍ݶΛڧΊͨ ܰྔͳίϯςϯπʹ΋ΞΫηεͰ͖ͳ͘ͳΔ

    View Slide


  17. ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ຊདྷ੍ޚ͞ΕΔඞཁ͕ͳ͍ϑΝΠϧ·Ͱ
    ΞΫηεͰ͖ͳ͘ͳͬͯ͠·͏ɻ

    View Slide

  18. ղܾํ๏

    ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ϑΝΠϧ୯ҐͰ੍ޚ
    mod_vhost_maxclients

    View Slide

  19. ղܾํ๏

    ڞ༻8αʔό
    IPHFDPN ZDPN
    YDPN
    ϑΝΠϧ୯ҐͰ੍ޚ
    mod_vhost_maxclients
    αʔόͷෛՙΛԼ͛ͭͭɺ੍ޚʹΑΔӨڹΛۃখԽͰ͖Δɻ

    View Slide





  20. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    ͋ΔαʔόͷϦιʔεফඅྔ
    <>

    View Slide





  21. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    શମ
    ͋ΔαʔόͷϦιʔεফඅྔ
    <>

    ಛఆͷϑΝΠϧ
    ಛఆͷ࣌ؒʹେྔʹΞΫηε͕͋Δ

    View Slide





  22. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    શମ
    ͋ΔαʔόͷϦιʔεফඅྔ
    <>

    ಛఆͷϑΝΠϧ
    ಛఆͷϑΝΠϧͷॲཧͰϦιʔεͷ΄ͱΜͲΛফඅ͠
    ఆظతʹଞͷ͓٬༷΁ͷαʔϏεఏڙʹࢧোΛ͖͍ͨͯͨ͠ɻ

    View Slide





  23. ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌ ࣌
    શମ
    ಛఆͷϑΝΠϧ
    ղܾํ๏
    <>

    ෛՙͷߴ͍ϑΝΠϧʹରͯ͠
    ࣌ؒࢦఆͰ੍ޚ͢Δ

    View Slide

  24. ॊೈͳΞΫηε੍ޚͷ·ͱΊ
    ݱঢ়ΑΓ΋ࡉ͔͍ɺϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖ΔΑ͏
    ʹͯ͠ɺ੍ޚʹΑΔӨڹΛۃখԽ͢Δ͜ͱɻ
    ಛఆͷ࣌ؒͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ

    View Slide

  25. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ

    View Slide

  26. ϗεςΟϯάͰ͸1୆ͷαʔόΛଟ͘ͷ͓٬༷ʹ͝ར༻͍ͨͩ͘͜
    ͱͰ҆Ձʹఏڙ͍ͯ͠Δɻ
    ࠓޙ΋Ͱ͖Δ͚ͩ҆ՁʹշదͳαʔϏεΛఏڙ͍ͨ͠ɻ
    ΞΫηε੍ޚͷػߏ͕ϘτϧωοΫʹͳͬͯ͸ɺͦΕΛୡ੒Ͱ͖
    ͳ͘ͳΔɻ
    ܰྔͳΞΫηε੍ޚͷඞཁੑ

    View Slide

  27. ॊೈ͔ͭܰྔͳΞΫηε੍ޚ
    ͱ͸

    View Slide

  28. ϑΝΠϧ୯ҐͰΞΫηε੍ޚͰ͖Δ͜ͱɻ
    ಛఆͷ࣌ؒଳͷΈΞΫηε੍ޚΛ༗ޮԽͰ͖Δ͜ͱɻ
    ύϑΥʔϚϯεྼԽΛۃྗى͜͞ͳ͍͜ͱɻ
    ॊೈ͔ͭܰྔͳΞΫηε੍ޚͱ͸

    ͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

    View Slide

  29. ϑΝΠϧ୯ҐͷΞΫηε੍ޚ͸
    طʹ"QBDIFͷϞδϡʔϧ͕ଘࡏ͢Δɻ

    View Slide

  30. [email protected]
    mod_vlimit
    https://github.com/matsumoto-r/mod_vlimit
    ϑΝΠϧ΍σΟϨΫτϦ୯ҐͰಉ࣌ΞΫηε੍ޚΛ͢Δ͜ͱ͕Ͱ͖Δɻ

    VlimitIP 30 /path/to/hoge.php


    ϑΝΠϧ୯ҐͰͷΞΫηε੍ޚΛߦ͏ػೳ͸͋Δ͕
    ࠓճ͸ಋೖʹ͸ࢸΒͳ͔ͬͨɻ

    View Slide

  31. [email protected]Λ࠾༻͠ͳ͔ͬͨཧ༝
    ࣌ؒࢦఆͰ੍ݶΛ༗ޮԽͰ͖Δػೳ͕ͳ͍ɻ
    ApacheͷϞδϡʔϧͳͷͰCݴޠͰ࣮૷͞Ε͍ͯΔɻ
    ӡ༻ܥͷπʔϧ͸࣌ؒͷܦաʹରͯ͠ॊೈͳมߋ͕ཁ
    ٻ͞ΕΔɻ
    CݴޠͰͷ։ൃͱͳΔͱ։ൃ޻਺্͕͕Δɺ։ൃऀ͕ݶ
    ΒΕΔɻ

    View Slide

  32. Ͱ͸ɺͲͷΑ͏ʹ࣮ݱ͢Δ͔ʁ

    View Slide


  33. “mruby” ͳΒղܾͰ͖Δɻ

    View Slide

  34. NSVCZ
    Rubyͷύύ͜ͱ “Matz” ͞Μ͕։ൃ͍ͯ͠Δɻ
    লϝϞϦͷ૊ΈࠐΈ޲͚ͷRuby࣮૷ɻ
    Cݴޠ͕ۤखͳͻͱͰ΋ɺmrubyΛ࢖͑͹RubyͰ૊ΈࠐΈ
    ։ൃΛߦ͏ࣄ͕Ͱ͖Δɻ

    View Slide

  35. Apache΍NginxͰmrubyΛ༻͍ͨ૊ΈࠐΈ
    ։ൃΛ࣮ݱͨ͠ιϑτ΢ΣΞ͕ଘࡏ͢Δ

    View Slide

  36. [email protected]@NSVCZ
    ฐࣾͷ@matsumotory͕։ൃ͍ͯ͠Δɻ
    mod_mruby
    ApacheͰmrubyΛར༻͢ΔͨΊͷϞδϡʔϧ
    ngx_mruby
    nginxͰmrubyΛར༻͢ΔͨΊͷ֦ு࣮૷

    CݴޠͰϞδϡʔϧΛ࣮૷͠ͳ͚Ε͹࣮ݱͰ͖ͳ͔ͬͨڍಈΛmruby
    Λ࢖͙ͬͯ͢ʹ࣮૷Ͱ͖ͯɺ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊΔ͜
    ͱ͕Ͱ͖Διϑτ΢ΣΞɻ

    View Slide


  37. [email protected]
    mod_mruby -1.5%
    ngx_mruby +17.5%
    ੩తίϯςϯπʹର͢ΔύϑΥʔϚϯεܭଌ݁Ռ

    View Slide

  38. mrubyΛ༻͍Ε͹֦ுੑɺอकੑΛଛͳΘͣ
    ࠷খݶͷύϑΥʔϚϯεྼԽʹཹΊͯ
    ιϑτ΢ΣΞΛ։ൃ͢Δ͜ͱ͕Ͱ͖Δɻ

    View Slide

  39. NSVCZΛ༻͍ͨ࣍ੈ୅ΞΫηε੍ޚͷ࣮૷

    View Slide


  40. ࣮૷ʹ͋ͨͬͯར༻ͨ͠ιϑτ΢ΣΞ

    View Slide

  41. IUUQBDDFTTMJNJUFS
    ฐࣾͷ @matsumotory ͕։ൃ͍ͯ͠Δɻ
    https://github.com/matsumoto-r/http-access-limiter
    mod_mruby΋͘͠͸ngx_mrubyͰऔಘͨ͠೚ҙͷϦΫΤετύϥ
    ϝʔλΛ༻͍ͯಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δmruby੡ϛυϧ΢ΣΞ
    औಘͰ͖ΔϦΫΤετύϥϝʔλʹ͸ΞΫηεઌͷϑΝΠϧͷϑϧ
    ύεΛ࢝Ίɺ઀ଓݩͷIPΞυϨε΍ɺURLͳͲΛऔಘͰ͖ΔͨΊ
    ༷ʑͳ༻్Ͱ࢖༻Ͱ͖Δɻ

    View Slide

  42. ಈ࡞֓ཁ



    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS
    ಉ࣌઀ଓ਺Χ΢ϯλʔ
    localmemcacheΛ༻͍ͨ
    Key-Value-Store
    Ωʔͱͨ͠ϦΫΤετύϥϝʔ
    λΛݩʹಉ࣌ΞΫηε਺ΛΧ
    ΢ϯτ͢Δɻ
    global mutex
    ֤Worker͔Βಉ࣌઀ଓ਺Χ
    ΢ϯλʔΛૢ࡞͢ΔͨΊෆ੔
    ߹͕ൃੜ͠ͳ͍Α͏ʹ౎౓ϩο
    ΫΛߦ͏ɻ
    KEY
    /path/to/hoge.php
    VALUE
    1

    View Slide

  43. ಈ࡞֓ཁ



    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS

    ϦΫΤετ

    ϦΫΤετ

    NVUFYΛϩοΫ

    MPDL

    ϦΫΤετύϥϝʔλΛΩʔ
    ʹΠϯΫϦϝϯτ

    ΠϯΫϦϝϯτ
    KEY
    /path/to/hoge.php
    VALUE
    1

    VOMPDL

    NVUFYΛΞϯϩοΫ

    View Slide

  44. ಈ࡞֓ཁ



    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS

    ίϯςϯπͷॲཧΛߦ͏

    NVUFYΛϩοΫ

    MPDL

    σΫϦϝϯτ

    σΫϦϝϯτ

    VOMPDL

    NVUFYΛΞϯϩοΫ
    KEY
    /path/to/hoge.php
    VALUE
    0

    ίϯςϯπͷॲཧ

    View Slide

  45. ಈ࡞֓ཁͷ·ͱΊ

    ϦΫΤετ͕͋ͬͨ࣌ʹɺϦΫΤετύϥϝʔλΛmod_mruby΍
    ngx_mrubyΛ༻͍ͯऔಘ͢Δɻ
    ΞΫηε੍ޚΛ͍ͨ͠୯ҐΛΩʔͱͯ͠ɺಉ࣌઀ଓ਺ΛΧ΢ϯτ͢Δɻ
    ෳ਺ͷWorker͔ΒΧ΢ϯλʔૢ࡞͢ΔͨΊɺglobal mutexΛ࢖ͬͯ
    ෆ੔߹͕ى͖ͳ͍Α͏ʹ੍ޚ͢Δɻ

    View Slide

  46. ػೳ௥ՃΛ͢Δ
    http-access-limiterʹϑΝΠϧຖͷ࠷େಉ࣌઀ଓ਺ͷઃఆ
    ػೳ΍ɺ੍ޚΛ༗ޮԽ͢Δ࣌ؒଳΛઃఆ͢ΔػೳΛ௥Ճͨ͠
    ͍ɻ

    mrubyͰॻ͔Ε͍ͯΔͨΊ؆୯ʹػೳ௥Ճ͕Ͱ͖Δʂ

    View Slide

  47. ػೳ௥ՃΠϝʔδ


    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS
    ੍ޚ৚݅
    localmemcacheΛ༻͍ͨ
    Key-Value-Store
    ϑΝΠϧͷϑϧύε͕Ωʔ
    ࠷େಉ࣌઀ଓ਺
    ੍ݶΛ༗ޮԽ͢Δ࣌ؒଳ
    KVS
    ੍ޚ৚݅

    View Slide

  48. ੍ݶ৚݅ͷσʔλ
    /path/to/hoge.php
    {
    "max_clients" : 30, # ࠷େಉ࣌઀ଓ਺
    "time_slots" : [ # ༗ޮʹ͢Δ࣌ؒଳ
    { "begin" : 1200, "end" : 1800 },
    { "begin" : 2100, "end" : 2200 }
    ]
    }
    KEY
    VALUE
    A Aͷؒ͸AQBUIUPIPHFQIQA΁ͷ
    ࠷େ઀ଓ਺ΛAA·Ͱʹ੍ݶ͢Δɻ

    View Slide

  49. ػೳ௥Ճޙͷಈ࡞֓ཁ


    NSVCZ
    8PSLFS
    NSVCZ
    8PSLFS
    NSVCZ
    IUUQE
    ڞ༗ϝϞϦ
    global
    mutex
    ಉ࣌઀ଓ਺
    Χ΢ϯλʔ
    KVS
    KVS
    ੍ޚ৚݅

    ϦΫΤετ

    ϦΫΤετ

    ੍ޚ৚݅
    Λࢀর

    ੍ޚ৚݅Λࢀর
    ɹɹଘࡏ͠ͳ͚Ε͹ॲཧऴྃ

    NVUFYΛϩοΫ

    MPDL

    ϑΝΠϧͷϑϧύεΛΩʔʹ
    ΠϯΫϦϝϯτ

    ΠϯΫϦϝϯτ

    ΋੍͠ݶ͕༗ޮͳ࣌ؒଳͰಉ
    ࣌઀ଓ਺੍ݶΛ௒ա͍ͯ͠Ε͹
    ΤϥʔΛฦ͢

    View Slide

  50. ࢖͍ํ IUUQEDPOG

    LoadModule mruby_module modules/mod_mruby.so

    # Apacheͷϓϩηε͕ىಈͨ࣌͠ʹϑοΫ͞ΕΔ
    # http-access-limiterͷΫϥεΛఆٛɺ࣍ʹىಈ͢ΔWorker͕ࢀরͰ͖ΔΑ͏ʹ͢Δɻ
    mrubyPostConfigMiddle /etc/httpd/conf.d/access_limiter/access_limiter_init.rb cache

    # ΞΫηε͕ൃੜͨ͠ͱ͖ʹϑοΫ͞ΕΔ
    # ಉ࣌઀ଓ਺Χ΢ϯλΛΠϯΫϦϝϯτ͢Δ
    # ͞Βʹɺ࠷େಉ࣌઀ଓ਺Λ௒աͨ͠৔߹ʹ503ΤϥʔΛฦ͢ͳͲͷΞΫγϣϯΛهड़͢Δɻ
    mrubyAccessCheckerMiddle /etc/httpd/conf.d/access_limiter/access_limiter.rb cache
    # ίϯςϯπͷॲཧ͕ऴΘͬͨͱ͖ʹϑοΫ͞ΕΔ
    # ಉ࣌઀ଓ਺Χ΢ϯλΛσΫϦϝϯτ͢Δ
    mrubyLogTransactionMiddle /etc/httpd/conf.d/access_limiter/access_limiter_end.rb cache



    View Slide


  51. ؾʹͳΔύϑΥʔϚϯε

    View Slide


  52. ಋೖʹΑΔύϑΥʔϚϯεྼԽ
    ໿3ˋ

    View Slide

  53. ύϑΥʔϚϯεςετ݁Ռ
    abΛ࢖ͬͯύϑΥʔϚϯεΛଌఆ͠·ͨ͠ɻ
    ςετύλʔϯ ྼԽ཰
    httpd 0%
    httpd + http-access-limiter 3%
    httpd + http-access-limiter (੍ݶର৅) 5%
    WordPress΁ͷΞΫηε
    10ສϦΫΤετ100ଟॏ / CPU24ίΞɾRAM32GB
    ςετύλʔϯ ྼԽ཰
    httpd 0%
    httpd + http-access-limiter 3%
    httpd + http-access-limiter (੍ݶର৅) 30%
    phpinfo()΁ͷΞΫηε

    ࢀߟࢿྉ

    View Slide

  54. ύϑΥʔϚϯεςετ݁Ռʹର͢Δߟ࡯
    access-limiterͷಋೖʹੜ͡ΔύϑΥʔϚϯεྼԽ͸3%ͱߴ
    ଎Ͱ͋Δ͜ͱ͕෼͔ͬͨɻ
    DBΛ࢖͏WordPressͰ͸ɺΞϓϦέʔγϣϯͷॲཧ͕Φʔό
    ϔουͱͳͬͯaccess-limiterΛಋೖ͢Δ͜ͱʹΑΔΦʔό
    ϔου͸ޡࠩఔ౓ͱͳͬͨɻ
    phpinfo()ͷΑ͏ͳܰྔͳॲཧͷ৔߹ʹɺ੍ݶର৅ͱͨ͠ͱ͖
    ʹ3ׂఔ౓ύϑΥʔϚϯεྼԽ͕ੜͨ͡ɻ

    ࢀߟࢿྉ

    View Slide

  55. ·ͱΊ

    View Slide

  56. ·ͱΊ
    ϗεςΟϯά͸ڞ༗αʔόͰ͋ΔͷͰɺΑΓଟ͘ͷਓ͕҆Ձ
    Ͱշదʹ͝ར༻͍ͨͩͨ͘ΊʹΞΫηε੍ޚ͸ඞཁɻ
    ΞΫηε੍ޚͷ୯ҐΛΑΓࡉ੍͔ͯ͘͠ޚʹΑΔӨڹΛۃখ
    Խ͠ɺద੾ͳΞΫηε੍ޚΛ࣮ݱͨ͠ɻ
    ࣮ݱखஈͱͯ͠อकੑɺ֦ுੑɺੑೳͷόϥϯε͕Α͍
    mrubyΛ༻͍ͨɻ

    View Slide