Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AMEBA OWND DE HTTP/2
Search
Take
August 29, 2016
Technology
0
490
AMEBA OWND DE HTTP/2
道玄坂BeerBash#1 LT夏祭 CA系メディアサービス編 発表資料
http://dogenzaka-beerbash.connpass.com/event/37072/
Take
August 29, 2016
Tweet
Share
More Decks by Take
See All by Take
トルテが実践したマッチしたユーザーを除く3つの方法/torte-es
ww24
1
13k
トルテリリースまでの Go Tips 16/torte-go-tips-16
ww24
1
11k
Service Workers Push API Hands-on
ww24
1
170
OpenIL vol.1
ww24
0
3.7k
Other Decks in Technology
See All in Technology
GitHub Copilot の概要
tomokusaba
1
130
rubygem開発で鍛える設計力
joker1007
2
190
「Chatwork」の認証基盤の移行とログ活用によるプロダクト改善
kubell_hr
1
140
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
kkuv
1
300
Azure AI Foundryでマルチエージェントワークフロー
seosoft
0
180
AIエージェント最前線! Amazon Bedrock、Amazon Q、そしてMCPを使いこなそう
minorun365
PRO
13
4.9k
BrainPadプログラミングコンテスト記念LT会2025_社内イベント&問題解説
brainpadpr
1
160
【TiDB GAME DAY 2025】Shadowverse: Worlds Beyond にみる TiDB 活用術
cygames
0
1k
Snowflake Summit 2025 データエンジニアリング関連新機能紹介 / Snowflake Summit 2025 What's New about Data Engineering
tiltmax3
0
310
ローカルLLMでファインチューニング
knishioka
0
150
ハノーバーメッセ2025座談会.pdf
iotcomjpadmin
0
160
第9回情シス転職ミートアップ_テックタッチ株式会社
forester3003
0
220
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Why Our Code Smells
bkeepers
PRO
337
57k
Raft: Consensus for Rubyists
vanstee
140
7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
228
22k
A Modern Web Designer's Workflow
chriscoyier
694
190k
Automating Front-end Workflow
addyosmani
1370
200k
GraphQLとの向き合い方2022年版
quramy
47
14k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Balancing Empowerment & Direction
lara
1
370
Producing Creativity
orderedlist
PRO
346
40k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Transcript
AMEBA OWND DE HTTP/2 த ݑ
ࣗݾհ ➤ 16 ৽ଔΤϯδχΞ ➤ 6݄͔Β Ameba Ownd ➤ αʔόαΠυΛ୲
➤ Go ݴޠͰ։ൃ ➤ Πϯϑϥ, োରԠ ➤ HN: τϚτ ➤ TDD: τϚτۦಈ։ൃ
৬
͢͜ͱ ➤ HTTP/2 ͷ؆୯ͳઆ໌ ➤ ELB ͱ Proxy Protocol ➤
ALPN ରԠ (Chrome 51+) nginx 1.10.1 + openssl 1.0.2h
HTTP/2
HTTP/2 ➤ HTTP/1.1 ςΩετ(ASCII)ϕʔεͷϓϩτίϧ ➤ ਓؒʹ༏͍͕͠ίϯϐϡʔλʹͱͬͯࡶ ➤ όΠφϦΛૹΔࡍ Base64 encoding
ͰςΩετʹ͢Δ ➤ HTTP/2 όΠφϦϓϩτίϧ ➤ ղੳ͘͢͠ίϯϐϡʔλʹ༏͍͠(ਓؒͭΒ͍) ➤ ϔομѹॖ͕ޮ͘ (HPACK)
HTTP/2 ➤ HTTP/1.1 ·Ͱ TCP ίωΫγϣϯΛ૿͢͜ͱͰฒྻʹ ϦΫΤετΛૹΓɺμϯϩʔυ͍ͯͨ͠ ➤ HTTP/2 ͔Β1ͭͷ
TCP ίωΫγϣϯͰϦΫΤετଟॏԽ HTTP1.1 / TCP TCP HTTP/2 HTTP/2 HTTP/2 HTTP1.1 / TCP HTTP1.1 / TCP
HTTP/2 ରԠ http://caniuse.com/#search=http2
AWS Ͱ HTTP/2 ରԠ
͔ͭͯ ELB HTTP/2 ʹରԠ͍ͯ͠ͳ͔ͬͨ ➤ AWS ͷ Elastic Load
Balancing ➤ (چདྷͷ) Classic Load Balancer HTTP/2 ඇରԠ ➤ Application Load Balancer HTTP/2 ରԠʂ →ࠓޙݕ౼͍ͨ͠
CLASSIC LOAD BALANCER ➤ HTTP/2 ରԠ͢Δʹ EC2 ্ͷ Web αʔόͰऴॲཧΛ͢
Δඞཁ͕༗ΔͨΊɺ ELB Ͱ TCP Ͱϩʔυόϥϯγϯά͢Δ ͔͠ํ๏ͳ͍ ➤ IP ΑΓ্ͷϨΠϠͷ TCP Ͱॲཧ͢ΔͨΊଓݩͷ IP ΞυϨ ε͕ ELB ͷͷʹॻ͖Θͬͯ͠·͏
PROTOCOL STACK ➤ HTTP/2 Ͱଓ͢Δͱ͖ͷ ϓϩτίϧελοΫ Ethernet IP TCP TLS
HTTP/2 (h2)
PROTOCOL STACK ➤ ELB Ͱ TCP ϩʔυόϥϯγ ϯά͢Δͱ TCP ҎԼͷ༰
όοΫΤϯυಧ͔ͳ͍ ➤ ଓݩͷ IP ΞυϨε IP ύέοτͷϔομʹॻ͔Ε ͍ͯΔͷͰࣦΘΕΔ Ethernet IP TCP TLS HTTP/2 (h2)
X-FORWARDED-FOR ͕͑ͳ͍ཧ༝ ➤ X-Forwarded-For HTTP ϔομͳͷͰɺHTTP (L7) ·Ͱ ղऍͰ͖Δ
LB Ͱͳ͍ͱѻ͑ͳ͍ ➤ TCP Ͱϩʔυόϥϯγϯάͯ͠ TLS ͷऴॲཧΛόοΫΤϯ υͰߦ͏߹ɺ TLS ͷ payload ҉߸Խ͞Ε͍ͯΔͷͰಡΈ ॻ͖Ͱ͖ͳ͍
PROXY PROTOCOL ➤ όοΫΤϯυʹ IP ΞυϨεͷଓݩใΛୡͰ͖Δ http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt
PROXY PROTOCOL ઃఆྫ (NGINX) listen 443 ssl http2; proxy_set_header X-Forwarded-For
$remote_addr; proxy_set_header X-Real-IP $remote_addr; listen 443 ssl http2 proxy_protocol; proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Real-IP $proxy_protocol_addr; ELB: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
͜͜·Ͱ4݄ͷ
6݄ ଐ
None
None
Google Chrome ͔Β HTTP/2 Ͱܨ͕Βͳ͍
ࠔͬͨͱ͖ Wireshark
None
None
None
None
ݪҼ ➤ Google Chrome ALPN ͰϓϩτίϧωΰγΤʔγϣϯΛ ࢼΈΔ ➤ αʔό
(nginx 1.9) NPN ͰωΰγΤʔγϣϯΛࢼΈΔ ➤ ํͰ HTTP/2 ͷωΰγΤʔγϣϯํ͕ࣜҟͳΔҝɺ ωΰγΤʔγϣϯʹࣦഊͯ͠ HTTP/1.1 Ͱܨ͕Δ
લఏࣝ ➤ HTTP/2 Ͱଓ͢ΔͨΊʹɺΫϥΠΞϯτͱαʔόͷ྆ํ ͕ HTTP/2 ʹରԠ͍ͯ͠Δඞཁ͕͋Δ ˠͦ͜ͰϓϩτίϧͷωΰγΤʔγϣϯ͕ߦΘΕΔ ➤ NPN
ALPN TLS Handshake ύέοτΛ֦ுͯ͠ ωΰγΤʔγϣϯΛߦ͏ํࣜ
http://www.slideshare.net/shigeki_ohtsu/tls-http2
NPN ͱ ALPN ➤ SPDY ͰΘΕ͍ͯͨ NPN HTTP/2 ੍͕ఆ͞Εͯ ALPN
Ͱஔ͖ΘΔ ➤ Chrome 51 Ͱ SPDY ͷαϙʔτऴྃɻHTTP/2 શҠߦɻ http://blog.chromium.org/2016/02/transitioning-from-spdy- to-http2.html
OWND ͰͷରԠ ➤ nginx 1.9 + openssl 1.0.1: NPN ʹͷΈରԠ
ˠ Google Chrome 51 Ͱܨ͕Βͳ͘ͳͬͨݪҼ ➤ nginx 1.10 + openssl 1.0.2: ALPN ʹରԠ ˠ PPA Λ͏ or Ubuntu Λ 16.04 LTS ΞοϓάϨʔυ ➤ PPA (Personal Package Archive) Λ͏͜ͱʹͳΓ·ͨ͠
ఆ ➤ ppa ͷϦϙδτϦՃͯ͠ nginx, openssl Λߋ৽͢Δ ➤ ansible ʹॻ͖ى͜͢
➤ ֬ೝ & deploy ͜Ε͘Β͍ɺ3͋Ε…(ϑϥά)
NGINX ͷΞοϓάϨʔυ͕Ͱ͖ͳ͍ ➤ nginx 1.9 ͷ package ͕ conf ϑΝΠϧΛ௫ΜͰ͍ͯ
conflict Λىͯ͜͠ nginx 1.10 ͕ೖΒͳ͍ ➤ Ұ uninstall ͕ඞཁ
ANSIBLE Λ2ճྲྀ͞ͳ͍ͱ NGINX ͕ىಈ͠ͳ͍ ➤ ansible python ͷߏཧπʔϧ ➤
ansible Λͬͯɺ ਓ͕ؒਖ਼͘͠ॻ͔ͳ͚ΕႈʹͳͳΒͳ͍
NGINX 1.9 Λ UNINSTALL ͢Δͱ LOG ͕ফ͑Δ ➤ nginx 1.10
Ͱ࠶ݱ͠ͳ͍ ➤ apt remove ࣌ʹ log, cache ͷσΟϨΫτϦ͕ແ࣊൵ʹফ͑Δ ➤ ansible Ͱ apt remove લޙͰ log ͚ͩόοΫΞοϓΛऔΔ ͜ͱͰରॲ ➤ લड़ͷݪҼओʹίϨͰͨ͠…
NGINX ͷίωΫγϣϯ͕ര૿ ➤ HTTP/2 ରԠͷຊ൪ద༻தʹ Gun̋sy ๒Λड͚Δ ➤ HTTP/2 ରԠͨ͠Πϯελϯε͕ಛʹίωΫγϣϯ͕૿Ճ
➤ ͱ͋Δཧ༝ʹΑΓ nginx ͕Ұ੪ʹ restart ➤ Ϣʔβ͔Βܨ͕Γʹ͍͘ঢ়ଶʹ…
ݪҼΓ͚ͷҝʹμϯάϨʔυ ➤ ݩͷ nginx ͷόʔδϣϯ͢ ➤ 2ൃͷ๒͕ண͠ɺ͕มΘΔ
ؒʹ߹͍·ͤΜ Ͱͨ͠
~࠶ݕূத~ photo: https://www.flickr.com/photos/paulk/23784089050/
ڭ܇ ➤ ຊ൪ڥͰ༧ظͤ͵ࣗମ͕ى͜Δ ➤ ӡ༻͍ͯ͠ΔαʔϏεͰ৻ॏʹ (ϢʔβӨڹ৴༻ʹڹ͘) ➤ ख٧·ΓʹͳͬͨΒ packet Λಡ͏
➤ ϓϩτίϧΛཧղ͠Α͏ ➤ ςετͷແ͍ίʔυ(ಛʹ)ेಡΜͰཧղ͢Δ (ansible playbook ؚΉ)
͝ਗ਼ௌ͋Γ͕ͱ͏ ͍͟͝·ͨ͠