Upload
nginx-inc
View
939
Download
2
Embed Size (px)
Citation preview
About me Nick Shadrin Technical Solutions Architect Located in SF, CA Used nginx since 2007
Agenda Intro to microservices (again) The use of nginx for microservices Containers or no containers Nice old features Shiny new features Bits of nginx roadmap
Building a great applicationis only half the battle, delivering the application is the other half.
The Microservices Architecture
The Microservices Architecture
NGINX Web tier Application tier
Database
N
N
Microservices enable you to break away from siloed departments (tiers) to a flexible architecture which improves performance, scalability and
manageability
Microservices Architecture
Adding a new service becomes easier
N
A new service that scales differently
N
A new service that scales out of control
N
Or maybe that service is part of a new feature
N
Or maybe that service is part of a new feature
N
..launched only to partners
Now you have many interconnected micro-services
N
And those services must be tested for resiliency
N
What's useful
Proxy and scale proxy_pass fastcgi_pass uwsgi_pass scgi_pass memcached_pass proxy_pass
Our DockerfileFROM debian:jessieMAINTAINER NGINX Docker Maintainers "[email protected]"RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys \ 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie \ nginx" >> /etc/apt/sources.listENV NGINX_VERSION 1.9.3-1~jessieRUN apt-get update && \ apt-get install -y ca-certificates nginx=${NGINX_VERSION} && \ rm -rf /var/lib/apt/lists/*# forward request and error logs to docker log collectorRUN ln -sf /dev/stdout /var/log/nginx/access.logRUN ln -sf /dev/stderr /var/log/nginx/error.logVOLUME ["/var/cache/nginx"]EXPOSE 80 443CMD ["nginx", "-g", "daemon off;"]
See more at https://registry.hub.docker.com/_/nginx/
Extending your Dockerfileroot@linux# docker run --name mynginx1 -P -d nginx
root@linux# docker run --name mynginx2 -v /var/www:/usr/share/nginx/html:ro \ -v /var/nginx/conf:/etc/nginx:ro -P -d
Dockerfile:
FROM nginxRUN rm /etc/nginx/conf.d/default.confRUN rm /etc/nginx/conf.d/example_ssl.confCOPY static-html-directory /usr/share/nginx/htmlCOPY nginx.conf /etc/nginx/nginx.conf
See more at https://blog.docker.com/2015/04/tips-for-deploying-nginx-official-image-with-docker/
A/B testing upstream a { server web.backend.com:9000; } upstream b { server staging.web.backend.com:9000; } split_clients "${arg_token}" $dynamic { 97% a; * b; } server { listen 80; location / { fastcgi_pass $dynamic; # ... other settings ... } }
What's new
Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services
Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services
Use it for:- Reverse proxy- Load balancing- SSL offload / reencryption- Additional security
TCP Proxy with stream moduleserver { listen 127.0.0.1:12345; proxy_pass 127.0.0.1:8080;}
server { listen 12345; proxy_connect_timeout 1s; proxy_timeout 1m; proxy_pass example.com:12345;}
server { listen [::1]:12345; proxy_pass unix:/tmp/stream.socket;}
Stream module - Load Balancingupstream backend { hash $remote_addr consistent;
server backend1.example.com:12345 weight=5; server backend2.example.com:12345; server unix:/tmp/backend3;
server backup1.example.com:12345 backup; server backup2.example.com:12345 backup;}
server { listen 12346; proxy_pass backend;}
More information for troubleshooting
nginx -V
nginx -T
root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6
root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6
nginx -Vroot@ubu05-oss:/etc/nginx# nginx -V 2>&1 | grep arguments | xargs -n 1configurearguments:--prefix=/etc/nginx--sbin-path=/usr/sbin/nginx--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx.pid--lock-path=/var/run/nginx.lock--http-client-body-temp-path=/var/cache/nginx/client_temp--http-proxy-temp-path=/var/cache/nginx/proxy_temp--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp--http-scgi-temp-path=/var/cache/nginx/scgi_temp--user=nginx--group=nginx--with-http_ssl_module--with-http_realip_module--with-http_addition_module--with-http_sub_module--with-http_dav_module--with-http_flv_module--with-http_mp4_module--with-http_gunzip_module--with-http_gzip_static_module--with-http_random_index_module--with-http_secure_link_module--with-http_stub_status_module--with-http_auth_request_module--with-threads--with-stream--with-stream_ssl_module--with-mail--with-mail_ssl_module--with-file-aio--with-http_spdy_module--with-cc-opt=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
--with-ld-opt=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed--with-ipv6
root@ubu05-oss:/etc/nginx# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful
root@ubu05-oss:/etc/nginx# nginx -Tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:worker_processes auto; user nginx;events { worker_connections 2014; }http {server {
listen 80;return 200 "$http_user_agent $remote_addr";
}include /etc/nginx/conf.d/*.conf;
}stream {include /etc/nginx/stream/*.conf;
}
# configuration file /etc/nginx/conf.d/default.conf:server { listen 80;## etc.......
root@ubu05-oss:/# nginx -T | grep '# configuration file'nginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:# configuration file /etc/nginx/conf.d/default.conf:# configuration file /etc/nginx/conf.d/listen-socket.conf:# configuration file /etc/nginx/conf.d/stream.conf:
What's coming
HTTP/2
Dynamic Modules
JavaScript
Links
Inside NGINX infographic: https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/
Socket Sharding in NGINX Release 1.9.1: https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
LDAP Authentication with auth_request: https://www.nginx.com/blog/nginx-plus-authenticate-users/
Thread pools: https://www.nginx.com/blog/thread-pools-boost-performance-9x/
[email protected]@shadrin