nginx for Fun and Performance

Transcript

1. NGINX for FUN & PERFORMANCE PHILIPP KRENN @xeraa
   ecosio

2. Vienna

3. ViennaDB Papers We Love Vienna

4. Electronic Data Interchange (EDI)

5. nginx

6. there's this russian server nginx. all the porn sites use

   it. it must be decent. — Jonathan VanascoJV JV http://www.destructuring.net/2006/10/09/nginx/

7. From Subversion to Git

8. Users WORDPRESS.COM APP SERVER + LOAD BALANCER

9. Users STATIC CONTENT GITHUB

10. Users SSL TERMINATION WIKIPEDIA

11. http://w3techs.com/technologies/cross/ web_server/ranking

12. http://news.netcraft.com/archives/2015/03/19/march-2015-web- server-survey.html

13. http://news.netcraft.com/archives/2015/03/19/march-2015-web- server-survey.html

14. Public launch in 2004 by IGOR SYSOEV HTTPS://WWW.RAMBLER.RU

15. BSD LICENSED CROSS-PLATFORM C

16. STABLE 1.6.2 (2014-09-16) PREVIEW 1.7.11 (2015-03-24) SUPPORT FROM NGINX INC.

17. nginx is a lightweight event-driven reverse proxy for web and

    mail services. — http://nginx.org

18. Apache THREAD / PROCESS-ORIENTED SPAWN A PROCESS FOR EACH CONNECTION

    (1MB+ RAM) APACHE 2.4 MULTI-PROCESS MODE REDUCES RAM USAGE

19. Problem 200KB RESPONSE MILLISECONDS TO GENERATE OR RETRIEVE 10S TO

    TRANSMIT AT 160KBPS (20KB/S) 1000 CONNECTIONS !

20. it's time for web servers to handle ten thousand clients

    simultaneously — Daniel Kegel

21. C10K challenge NGINX SOLUTION EVENT-DRIVEN ARCHITECTURE

22. Event-driven SINGLE NONBLOCKING THREAD ONE PROCESS PER CORE — NODE.JS,

    REDIS,... STABLE MEMORY USAGE, NO CONTEXT SWITCHES

23. Event-driven 1. Receive request 2. Trigger events in a process

    3. Process handles events and returns output http://en.wikipedia.org/wiki/Reactor_pattern

24. http://www.aosabook.org/en/nginx.html#fig.nginx.arch

25. !

26. EIERLEGENDE WOLLMILCHSAU

27. "EGG-LAYING WOOL-MILK- SOW"

28. 101 Things nginx can do

29. 000 SSL Termination

30. https://mozilla.github.io/server-side-tls/ssl-config-generator/

31. server { listen 443 ssl; ssl_certificate /path/to/signed_cert_plus_intermediates; ssl_certificate_key /path/to/private_key; ssl_session_timeout

    5m; ssl_session_cache shared:SSL:50m;

32. # Better Perfect Forward Secrecy, generate: openssl dhparam 2048 ssl_dhparam

    /path/to/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256: kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA: ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384: ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA: DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256: DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA: DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384: AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES: CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK: !aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on;

33. # HSTS: 15768000 seconds = 6 months add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling resolver 8.8.8.8 8.8.4.4; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; .... }

34. ! USE https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://www.ssllabs.com/ssltest/

35. 001 Load Balancing

36. upstream backend_hosts { server host0.example.com; server host1.example.com; server 10.10.10.10; }

    server { listen 80; server_name example.com; location / { proxy_pass http://backend_hosts; } }

37. location / { proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header

    X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend_hosts; }

38. UPSTREAM BALANCING ALGORITHM DEFAULT: ROUND ROBIN least_conn ip_hash hash

39. MOAR FEATURES COOKIE STICKINESS WEIGHTING OF NODES ...

40. 010 Proxying

41. location / { proxy_pass http://localhost:8000; }

42. 011 Dynamic Pages

43. location ~* \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php;

    include fastcgi.conf; fastcgi_read_timeout 120; }

44. 100 A/B Testing

45. http { split_clients "${remote_addr}" $designtest { 10% ".first"; 10% ".second";

    * ""; } server { listen 80; server_name example.com; index index${designtest}.html; } }

46. 101 Client-Side Caching

47. location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css| zip|tgz|gz|rar|bz2|doc|xls|exe|pdf| ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { access_log off; expires max;

    }

48. BUT WHAT ABOUT Monitoring?

49. GoAccess HTTP://GOACCESS.IO "REAL-TIME WEB LOG ANALYZER"

50. None

51. ServerDensity HTTPS://BLOG.SERVERDENSITY.COM/MONITOR-NGINX/ SAAS: PARSES OUTPUT FOR GRAPHS AND ALERTS REQUIRES

    RECOMPILE WITH HTTP://NGINX.ORG/EN/DOCS/HTTP/ NGX_HTTP_STUB_STATUS_MODULE.HTML

52. Munin GOOD OLD MUNIN... HTTP://WWW.NGINXTIPS.COM/NGINX-CONFIGURATION-FOR-MUNIN/

53. None

54. !

55. Apache is like Microsoft Word, it has a million options

    but you only need six.

56. nginx does those six things, and it does five of

    them 50 times faster than Apache. — Chris LeaCL CL http://maisonbisson.com/post/12249/chris-lea-on-nginx-and-wordpress/

57. GREAT! BUT...

58. ...IT DOESN'T WORK THE Apache WAY FOR EXAMPLE .htaccess

59. FOR EVERY REQUEST, CHECK EVERY DIRECTORY, READ AND PARSE EVERY

    FILE Changes effective immediately

60. http://example.com/assets/Uploads/gallery/image.jpg

61. None

62. DigitalOcean 512MB RAM, 20GB SSD UBUNTU 14.04 IN AMS2 +

    AMS3

63. ApacheBench $ sudo apt-get install apache2-utils

64. $ ab -n 25000 -c 10 http://example.com 25,000 REQUESTS CONCURRENCY

    10, 50, 250, 1000

65. Vanilla installation sudo apt-get install apache2 sudo apt-get install nginx

    NO TWEAKS

66. BEWARE Unstable

67. $ ab -n 25000 -c 10 http://188.226.151.84/codemotion_intro.png ... Server Software:

    nginx/1.4.6 Server Hostname: 188.226.151.84 Server Port: 80 Document Path: /codemotion_intro.png Document Length: 2461 bytes Concurrency Level: 10 Time taken for tests: 7.734 seconds Complete requests: 25000 Failed requests: 0 Total transferred: 67575000 bytes HTML transferred: 61525000 bytes Requests per second: 3232.56 [#/sec] (mean) Time per request: 3.094 [ms] (mean) Time per request: 0.309 [ms] (mean, across all concurrent requests) Transfer rate: 8532.82 [Kbytes/sec] received ...
68. None

69. Benchmarking 178.62.213.21 (be patient) Completed 2500 requests Completed 5000 requests

    Completed 7500 requests Completed 10000 requests Completed 12500 requests Completed 15000 requests Completed 17500 requests Completed 20000 requests Completed 22500 requests apr_socket_recv: Connection reset by peer (104) Total of 24847 requests completed

70. $ ab -n 25000 -c 10 http://188.226.151.84/assets/Uploads/gallery/codemotion_intro.png

71. None

72. Add PHP sudo apt-get install php5-fpm sudo apt-get install php5

    libapache2-mod-php5

73. File <?php phpinfo();

74. ab -n 2500 -c 10 -l http://188.226.151.84/info.php Concurrency Level: 10

    Time taken for tests: 4.920 seconds Complete requests: 2500 Failed requests: 0 Total transferred: 164667204 bytes HTML transferred: 164252204 bytes Requests per second: 508.18 [#/sec] (mean) Time per request: 19.678 [ms] (mean) Time per request: 1.968 [ms] (mean, across all concurrent requests) Transfer rate: 32687.80 [Kbytes/sec] received
75. None

76. BENCHMARK YOUR PROJECTS BUILD BENCHMARK REPEAT

77. None

78. Say Apache one more time...

79. Questions? NOW OR @XERAA HTTPS://SPEAKERDECK.COM/XERAA/

80. Feedback HTTPS://JOIND.IN/14161 HTTPS://JOIND.IN/EVENT/CODEMOTION-ROME-2015

81. IMAGE CREDIT Rome https://flic.kr/p/j9Lmu Vienna https://flic.kr/p/4enYGH Database https://flic.kr/p/6QVfAK Paper https://flic.kr/p/7Ahvn1

    Engine https://flic.kr/p/hD3SY4 X https://flic.kr/p/9vMs2 Kiss https://flic.kr/p/z8Phh Branches https://flic.kr/p/aDgLJx

82. Crowd https://flic.kr/p/Wd54U Launch https://flic.kr/p/kjkJ5N License https://flic.kr/p/nxAfZ Release https://flic.kr/p/4rDBEK Lightweight https://flic.kr/p/6h98Li

    Apache https://flic.kr/p/8m9Mf1 Flow https://flic.kr/p/a5A3e1 Simultaneous https://flic.kr/p/easM1t Speed https://flic.kr/p/afEu4o Block https://flic.kr/p/8szrqe Eierlegende Wollmilchsau https://flic.kr/p/GzQTT

83. Taipei https://flic.kr/p/4hi1jB Terminator https://flic.kr/p/6hDYBK Load https://flic.kr/p/mhuXC5 Balance https://flic.kr/p/bpeZXt Huge https://flic.kr/p/p8tTGE

    Between https://flic.kr/p/cXHXH3 Dynamic https://flic.kr/p/qzpdr9 Two https://flic.kr/p/9Jpzfz Fixed https://flic.kr/p/21CsBV Monitoring https://flic.kr/p/kYQdb Word https://flic.kr/p/913FL2

84. Different https://flic.kr/p/aUwPzp Access https://flic.kr/p/KA324 Sad https://flic.kr/p/9g5Gg8 Ocean https://flic.kr/p/fQ3pxX Bench https://flic.kr/p/kbpHr3

    Vanilla https://flic.kr/p/b4iChr PHP https://flic.kr/p/4o1dFf Test https://flic.kr/p/adiTK3