Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AMEBA OWND DE HTTP/2
Search
Take
August 29, 2016
Technology
0
460
AMEBA OWND DE HTTP/2
道玄坂BeerBash#1 LT夏祭 CA系メディアサービス編 発表資料
http://dogenzaka-beerbash.connpass.com/event/37072/
Take
August 29, 2016
Tweet
Share
More Decks by Take
See All by Take
トルテが実践したマッチしたユーザーを除く3つの方法/torte-es
ww24
1
13k
トルテリリースまでの Go Tips 16/torte-go-tips-16
ww24
1
11k
Service Workers Push API Hands-on
ww24
1
160
OpenIL vol.1
ww24
0
3.6k
Other Decks in Technology
See All in Technology
偶有的複雑性と戦うためのアーキテクチャとチームトポロジー
knih
7
5.6k
GeminiとUnityで実現するインタラクティブアート
hokkey621
0
160
Kubernetes だけじゃない!Amazon ECS で実現するクラウドネイティブな GitHub Actions セルフホストランナー / CNDW2024
ponkio_o
PRO
6
390
Nutanixにいらっしゃいませ。Moveと仮想マシン移行のポイント紹介
shadowhat
0
120
RDRAとLLM
kanzaki
4
460
ARRが3年で10倍になったプロダクト開発とAI活用の軌跡
akiroom
0
170
Entra ID の多要素認証(Japan Microsoft 365 コミュニティ カンファレンス 2024 )
murachiakira
0
1.4k
コンパウンド戦略に向けた技術選定とリアーキテクチャ
kworkdev
PRO
1
3.8k
GAS × Discord bot × Gemini で作ったさいきょーの情報収集ツール
ysknsid25
1
230
セキュリティ運用って包括的にできていますか?SaaSを使って次のステップへ / Comprehensive Cyber Security Operations for Cloud Services Using SaaS
sakaitakeshi
0
260
【平成レトロ】へぇボタンハック👨🔧
vanchan2625
0
160
B11-SharePoint サイトのストレージ管理を考えよう
maekawa123
0
110
Featured
See All Featured
Raft: Consensus for Rubyists
vanstee
136
6.7k
Designing for humans not robots
tammielis
250
25k
Embracing the Ebb and Flow
colly
84
4.5k
Gamification - CAS2011
davidbonilla
80
5k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
We Have a Design System, Now What?
morganepeng
50
7.2k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
27
2.1k
Why Our Code Smells
bkeepers
PRO
334
57k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Scaling GitHub
holman
458
140k
Transcript
AMEBA OWND DE HTTP/2 த ݑ
ࣗݾհ ➤ 16 ৽ଔΤϯδχΞ ➤ 6݄͔Β Ameba Ownd ➤ αʔόαΠυΛ୲
➤ Go ݴޠͰ։ൃ ➤ Πϯϑϥ, োରԠ ➤ HN: τϚτ ➤ TDD: τϚτۦಈ։ൃ
৬
͢͜ͱ ➤ HTTP/2 ͷ؆୯ͳઆ໌ ➤ ELB ͱ Proxy Protocol ➤
ALPN ରԠ (Chrome 51+) nginx 1.10.1 + openssl 1.0.2h
HTTP/2
HTTP/2 ➤ HTTP/1.1 ςΩετ(ASCII)ϕʔεͷϓϩτίϧ ➤ ਓؒʹ༏͍͕͠ίϯϐϡʔλʹͱͬͯࡶ ➤ όΠφϦΛૹΔࡍ Base64 encoding
ͰςΩετʹ͢Δ ➤ HTTP/2 όΠφϦϓϩτίϧ ➤ ղੳ͘͢͠ίϯϐϡʔλʹ༏͍͠(ਓؒͭΒ͍) ➤ ϔομѹॖ͕ޮ͘ (HPACK)
HTTP/2 ➤ HTTP/1.1 ·Ͱ TCP ίωΫγϣϯΛ૿͢͜ͱͰฒྻʹ ϦΫΤετΛૹΓɺμϯϩʔυ͍ͯͨ͠ ➤ HTTP/2 ͔Β1ͭͷ
TCP ίωΫγϣϯͰϦΫΤετଟॏԽ HTTP1.1 / TCP TCP HTTP/2 HTTP/2 HTTP/2 HTTP1.1 / TCP HTTP1.1 / TCP
HTTP/2 ରԠ http://caniuse.com/#search=http2
AWS Ͱ HTTP/2 ରԠ
͔ͭͯ ELB HTTP/2 ʹରԠ͍ͯ͠ͳ͔ͬͨ ➤ AWS ͷ Elastic Load
Balancing ➤ (چདྷͷ) Classic Load Balancer HTTP/2 ඇରԠ ➤ Application Load Balancer HTTP/2 ରԠʂ →ࠓޙݕ౼͍ͨ͠
CLASSIC LOAD BALANCER ➤ HTTP/2 ରԠ͢Δʹ EC2 ্ͷ Web αʔόͰऴॲཧΛ͢
Δඞཁ͕༗ΔͨΊɺ ELB Ͱ TCP Ͱϩʔυόϥϯγϯά͢Δ ͔͠ํ๏ͳ͍ ➤ IP ΑΓ্ͷϨΠϠͷ TCP Ͱॲཧ͢ΔͨΊଓݩͷ IP ΞυϨ ε͕ ELB ͷͷʹॻ͖Θͬͯ͠·͏
PROTOCOL STACK ➤ HTTP/2 Ͱଓ͢Δͱ͖ͷ ϓϩτίϧελοΫ Ethernet IP TCP TLS
HTTP/2 (h2)
PROTOCOL STACK ➤ ELB Ͱ TCP ϩʔυόϥϯγ ϯά͢Δͱ TCP ҎԼͷ༰
όοΫΤϯυಧ͔ͳ͍ ➤ ଓݩͷ IP ΞυϨε IP ύέοτͷϔομʹॻ͔Ε ͍ͯΔͷͰࣦΘΕΔ Ethernet IP TCP TLS HTTP/2 (h2)
X-FORWARDED-FOR ͕͑ͳ͍ཧ༝ ➤ X-Forwarded-For HTTP ϔομͳͷͰɺHTTP (L7) ·Ͱ ղऍͰ͖Δ
LB Ͱͳ͍ͱѻ͑ͳ͍ ➤ TCP Ͱϩʔυόϥϯγϯάͯ͠ TLS ͷऴॲཧΛόοΫΤϯ υͰߦ͏߹ɺ TLS ͷ payload ҉߸Խ͞Ε͍ͯΔͷͰಡΈ ॻ͖Ͱ͖ͳ͍
PROXY PROTOCOL ➤ όοΫΤϯυʹ IP ΞυϨεͷଓݩใΛୡͰ͖Δ http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt
PROXY PROTOCOL ઃఆྫ (NGINX) listen 443 ssl http2; proxy_set_header X-Forwarded-For
$remote_addr; proxy_set_header X-Real-IP $remote_addr; listen 443 ssl http2 proxy_protocol; proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Real-IP $proxy_protocol_addr; ELB: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
͜͜·Ͱ4݄ͷ
6݄ ଐ
None
None
Google Chrome ͔Β HTTP/2 Ͱܨ͕Βͳ͍
ࠔͬͨͱ͖ Wireshark
None
None
None
None
ݪҼ ➤ Google Chrome ALPN ͰϓϩτίϧωΰγΤʔγϣϯΛ ࢼΈΔ ➤ αʔό
(nginx 1.9) NPN ͰωΰγΤʔγϣϯΛࢼΈΔ ➤ ํͰ HTTP/2 ͷωΰγΤʔγϣϯํ͕ࣜҟͳΔҝɺ ωΰγΤʔγϣϯʹࣦഊͯ͠ HTTP/1.1 Ͱܨ͕Δ
લఏࣝ ➤ HTTP/2 Ͱଓ͢ΔͨΊʹɺΫϥΠΞϯτͱαʔόͷ྆ํ ͕ HTTP/2 ʹରԠ͍ͯ͠Δඞཁ͕͋Δ ˠͦ͜ͰϓϩτίϧͷωΰγΤʔγϣϯ͕ߦΘΕΔ ➤ NPN
ALPN TLS Handshake ύέοτΛ֦ுͯ͠ ωΰγΤʔγϣϯΛߦ͏ํࣜ
http://www.slideshare.net/shigeki_ohtsu/tls-http2
NPN ͱ ALPN ➤ SPDY ͰΘΕ͍ͯͨ NPN HTTP/2 ੍͕ఆ͞Εͯ ALPN
Ͱஔ͖ΘΔ ➤ Chrome 51 Ͱ SPDY ͷαϙʔτऴྃɻHTTP/2 શҠߦɻ http://blog.chromium.org/2016/02/transitioning-from-spdy- to-http2.html
OWND ͰͷରԠ ➤ nginx 1.9 + openssl 1.0.1: NPN ʹͷΈରԠ
ˠ Google Chrome 51 Ͱܨ͕Βͳ͘ͳͬͨݪҼ ➤ nginx 1.10 + openssl 1.0.2: ALPN ʹରԠ ˠ PPA Λ͏ or Ubuntu Λ 16.04 LTS ΞοϓάϨʔυ ➤ PPA (Personal Package Archive) Λ͏͜ͱʹͳΓ·ͨ͠
ఆ ➤ ppa ͷϦϙδτϦՃͯ͠ nginx, openssl Λߋ৽͢Δ ➤ ansible ʹॻ͖ى͜͢
➤ ֬ೝ & deploy ͜Ε͘Β͍ɺ3͋Ε…(ϑϥά)
NGINX ͷΞοϓάϨʔυ͕Ͱ͖ͳ͍ ➤ nginx 1.9 ͷ package ͕ conf ϑΝΠϧΛ௫ΜͰ͍ͯ
conflict Λىͯ͜͠ nginx 1.10 ͕ೖΒͳ͍ ➤ Ұ uninstall ͕ඞཁ
ANSIBLE Λ2ճྲྀ͞ͳ͍ͱ NGINX ͕ىಈ͠ͳ͍ ➤ ansible python ͷߏཧπʔϧ ➤
ansible Λͬͯɺ ਓ͕ؒਖ਼͘͠ॻ͔ͳ͚ΕႈʹͳͳΒͳ͍
NGINX 1.9 Λ UNINSTALL ͢Δͱ LOG ͕ফ͑Δ ➤ nginx 1.10
Ͱ࠶ݱ͠ͳ͍ ➤ apt remove ࣌ʹ log, cache ͷσΟϨΫτϦ͕ແ࣊൵ʹফ͑Δ ➤ ansible Ͱ apt remove લޙͰ log ͚ͩόοΫΞοϓΛऔΔ ͜ͱͰରॲ ➤ લड़ͷݪҼओʹίϨͰͨ͠…
NGINX ͷίωΫγϣϯ͕ര૿ ➤ HTTP/2 ରԠͷຊ൪ద༻தʹ Gun̋sy ๒Λड͚Δ ➤ HTTP/2 ରԠͨ͠Πϯελϯε͕ಛʹίωΫγϣϯ͕૿Ճ
➤ ͱ͋Δཧ༝ʹΑΓ nginx ͕Ұ੪ʹ restart ➤ Ϣʔβ͔Βܨ͕Γʹ͍͘ঢ়ଶʹ…
ݪҼΓ͚ͷҝʹμϯάϨʔυ ➤ ݩͷ nginx ͷόʔδϣϯ͢ ➤ 2ൃͷ๒͕ண͠ɺ͕มΘΔ
ؒʹ߹͍·ͤΜ Ͱͨ͠
~࠶ݕূத~ photo: https://www.flickr.com/photos/paulk/23784089050/
ڭ܇ ➤ ຊ൪ڥͰ༧ظͤ͵ࣗମ͕ى͜Δ ➤ ӡ༻͍ͯ͠ΔαʔϏεͰ৻ॏʹ (ϢʔβӨڹ৴༻ʹڹ͘) ➤ ख٧·ΓʹͳͬͨΒ packet Λಡ͏
➤ ϓϩτίϧΛཧղ͠Α͏ ➤ ςετͷແ͍ίʔυ(ಛʹ)ेಡΜͰཧղ͢Δ (ansible playbook ؚΉ)
͝ਗ਼ௌ͋Γ͕ͱ͏ ͍͟͝·ͨ͠