39
Connecting and deploying microservices at scale with NGINX Nick Shadrin [email protected] @shadrin

Connecting and Deploying Microservices at Scale with NGINX

Embed Size (px)

Citation preview

Page 1: Connecting and Deploying Microservices at Scale with NGINX

Connecting and deploying microservices at scale with NGINX

Nick [email protected]

@shadrin

Page 2: Connecting and Deploying Microservices at Scale with NGINX

About me Nick Shadrin Technical Solutions Architect Located in SF, CA Used nginx since 2007

[email protected]

Page 3: Connecting and Deploying Microservices at Scale with NGINX

Agenda Intro to microservices (again) The use of nginx for microservices Containers or no containers Nice old features Shiny new features Bits of nginx roadmap

Page 4: Connecting and Deploying Microservices at Scale with NGINX

Building a great applicationis only half the battle, delivering the application is the other half.

Page 5: Connecting and Deploying Microservices at Scale with NGINX

The Microservices Architecture

Page 6: Connecting and Deploying Microservices at Scale with NGINX

The Microservices Architecture

Page 7: Connecting and Deploying Microservices at Scale with NGINX
Page 8: Connecting and Deploying Microservices at Scale with NGINX

NGINX Web tier Application tier

Database

N

N

Microservices enable you to break away from siloed departments (tiers) to a flexible architecture which improves performance, scalability and

manageability

Microservices Architecture

Page 9: Connecting and Deploying Microservices at Scale with NGINX

Adding a new service becomes easier

N

Page 10: Connecting and Deploying Microservices at Scale with NGINX

A new service that scales differently

N

Page 11: Connecting and Deploying Microservices at Scale with NGINX

A new service that scales out of control

N

Page 12: Connecting and Deploying Microservices at Scale with NGINX

Or maybe that service is part of a new feature

N

Page 13: Connecting and Deploying Microservices at Scale with NGINX

Or maybe that service is part of a new feature

N

..launched only to partners

Page 14: Connecting and Deploying Microservices at Scale with NGINX

Now you have many interconnected micro-services

N

Page 15: Connecting and Deploying Microservices at Scale with NGINX

And those services must be tested for resiliency

N

Page 16: Connecting and Deploying Microservices at Scale with NGINX

What's useful

Page 17: Connecting and Deploying Microservices at Scale with NGINX

Proxy and scale proxy_pass fastcgi_pass uwsgi_pass scgi_pass memcached_pass proxy_pass

Page 18: Connecting and Deploying Microservices at Scale with NGINX

Our DockerfileFROM debian:jessieMAINTAINER NGINX Docker Maintainers "[email protected]"RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys \ 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie \ nginx" >> /etc/apt/sources.listENV NGINX_VERSION 1.9.3-1~jessieRUN apt-get update && \ apt-get install -y ca-certificates nginx=${NGINX_VERSION} && \ rm -rf /var/lib/apt/lists/*# forward request and error logs to docker log collectorRUN ln -sf /dev/stdout /var/log/nginx/access.logRUN ln -sf /dev/stderr /var/log/nginx/error.logVOLUME ["/var/cache/nginx"]EXPOSE 80 443CMD ["nginx", "-g", "daemon off;"]

See more at https://registry.hub.docker.com/_/nginx/

Page 19: Connecting and Deploying Microservices at Scale with NGINX

Extending your Dockerfileroot@linux# docker run --name mynginx1 -P -d nginx

root@linux# docker run --name mynginx2 -v /var/www:/usr/share/nginx/html:ro \ -v /var/nginx/conf:/etc/nginx:ro -P -d

Dockerfile:

FROM nginxRUN rm /etc/nginx/conf.d/default.confRUN rm /etc/nginx/conf.d/example_ssl.confCOPY static-html-directory /usr/share/nginx/htmlCOPY nginx.conf /etc/nginx/nginx.conf

See more at https://blog.docker.com/2015/04/tips-for-deploying-nginx-official-image-with-docker/

Page 20: Connecting and Deploying Microservices at Scale with NGINX

A/B testing upstream a { server web.backend.com:9000; } upstream b { server staging.web.backend.com:9000; } split_clients "${arg_token}" $dynamic { 97% a; * b; } server { listen 80; location / { fastcgi_pass $dynamic; # ... other settings ... } }

Page 21: Connecting and Deploying Microservices at Scale with NGINX

What's new

Page 22: Connecting and Deploying Microservices at Scale with NGINX

Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services

Page 23: Connecting and Deploying Microservices at Scale with NGINX

Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services

Use it for:- Reverse proxy- Load balancing- SSL offload / reencryption- Additional security

Page 24: Connecting and Deploying Microservices at Scale with NGINX

TCP Proxy with stream moduleserver { listen 127.0.0.1:12345; proxy_pass 127.0.0.1:8080;}

server { listen 12345; proxy_connect_timeout 1s; proxy_timeout 1m; proxy_pass example.com:12345;}

server { listen [::1]:12345; proxy_pass unix:/tmp/stream.socket;}

Page 25: Connecting and Deploying Microservices at Scale with NGINX

Stream module - Load Balancingupstream backend { hash $remote_addr consistent;

server backend1.example.com:12345 weight=5; server backend2.example.com:12345; server unix:/tmp/backend3;

server backup1.example.com:12345 backup; server backup2.example.com:12345 backup;}

server { listen 12346; proxy_pass backend;}

Page 26: Connecting and Deploying Microservices at Scale with NGINX

More information for troubleshooting

nginx -V

nginx -T

Page 27: Connecting and Deploying Microservices at Scale with NGINX

root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6

Page 28: Connecting and Deploying Microservices at Scale with NGINX

root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6

Page 29: Connecting and Deploying Microservices at Scale with NGINX

nginx -Vroot@ubu05-oss:/etc/nginx# nginx -V 2>&1 | grep arguments | xargs -n 1configurearguments:--prefix=/etc/nginx--sbin-path=/usr/sbin/nginx--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx.pid--lock-path=/var/run/nginx.lock--http-client-body-temp-path=/var/cache/nginx/client_temp--http-proxy-temp-path=/var/cache/nginx/proxy_temp--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp--http-scgi-temp-path=/var/cache/nginx/scgi_temp--user=nginx--group=nginx--with-http_ssl_module--with-http_realip_module--with-http_addition_module--with-http_sub_module--with-http_dav_module--with-http_flv_module--with-http_mp4_module--with-http_gunzip_module--with-http_gzip_static_module--with-http_random_index_module--with-http_secure_link_module--with-http_stub_status_module--with-http_auth_request_module--with-threads--with-stream--with-stream_ssl_module--with-mail--with-mail_ssl_module--with-file-aio--with-http_spdy_module--with-cc-opt=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2

--with-ld-opt=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed--with-ipv6

Page 30: Connecting and Deploying Microservices at Scale with NGINX

root@ubu05-oss:/etc/nginx# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful

Page 31: Connecting and Deploying Microservices at Scale with NGINX

root@ubu05-oss:/etc/nginx# nginx -Tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:worker_processes auto; user nginx;events { worker_connections 2014; }http {server {

listen 80;return 200 "$http_user_agent $remote_addr";

}include /etc/nginx/conf.d/*.conf;

}stream {include /etc/nginx/stream/*.conf;

}

# configuration file /etc/nginx/conf.d/default.conf:server { listen 80;## etc.......

Page 32: Connecting and Deploying Microservices at Scale with NGINX

root@ubu05-oss:/# nginx -T | grep '# configuration file'nginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:# configuration file /etc/nginx/conf.d/default.conf:# configuration file /etc/nginx/conf.d/listen-socket.conf:# configuration file /etc/nginx/conf.d/stream.conf:

Page 33: Connecting and Deploying Microservices at Scale with NGINX

What's coming

Page 34: Connecting and Deploying Microservices at Scale with NGINX

HTTP/2

Page 35: Connecting and Deploying Microservices at Scale with NGINX

Dynamic Modules

Page 36: Connecting and Deploying Microservices at Scale with NGINX

JavaScript

Page 37: Connecting and Deploying Microservices at Scale with NGINX

Links

Inside NGINX infographic: https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/

Socket Sharding in NGINX Release 1.9.1: https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/

LDAP Authentication with auth_request: https://www.nginx.com/blog/nginx-plus-authenticate-users/

Thread pools: https://www.nginx.com/blog/thread-pools-boost-performance-9x/

Page 38: Connecting and Deploying Microservices at Scale with NGINX

[email protected]@shadrin

Page 39: Connecting and Deploying Microservices at Scale with NGINX