connecting and deploying microservices at scale with nginx
Post on 13-Apr-2017
945 Views
Preview:
TRANSCRIPT
Connecting and deploying microservices at scale with NGINX
Nick Shadrinnick@nginx.com
@shadrin
About me Nick Shadrin Technical Solutions Architect Located in SF, CA Used nginx since 2007
nick@nginx.com
Agenda Intro to microservices (again) The use of nginx for microservices Containers or no containers Nice old features Shiny new features Bits of nginx roadmap
Building a great applicationis only half the battle, delivering the application is the other half.
The Microservices Architecture
The Microservices Architecture
NGINX Web tier Application tier
Database
N
N
Microservices enable you to break away from siloed departments (tiers) to a flexible architecture which improves performance, scalability and
manageability
Microservices Architecture
Adding a new service becomes easier
N
A new service that scales differently
N
A new service that scales out of control
N
Or maybe that service is part of a new feature
N
Or maybe that service is part of a new feature
N
..launched only to partners
Now you have many interconnected micro-services
N
And those services must be tested for resiliency
N
What's useful
Proxy and scale proxy_pass fastcgi_pass uwsgi_pass scgi_pass memcached_pass proxy_pass
Our DockerfileFROM debian:jessieMAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com"RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys \ 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie \ nginx" >> /etc/apt/sources.listENV NGINX_VERSION 1.9.3-1~jessieRUN apt-get update && \ apt-get install -y ca-certificates nginx=${NGINX_VERSION} && \ rm -rf /var/lib/apt/lists/*# forward request and error logs to docker log collectorRUN ln -sf /dev/stdout /var/log/nginx/access.logRUN ln -sf /dev/stderr /var/log/nginx/error.logVOLUME ["/var/cache/nginx"]EXPOSE 80 443CMD ["nginx", "-g", "daemon off;"]
See more at https://registry.hub.docker.com/_/nginx/
Extending your Dockerfileroot@linux# docker run --name mynginx1 -P -d nginx
root@linux# docker run --name mynginx2 -v /var/www:/usr/share/nginx/html:ro \ -v /var/nginx/conf:/etc/nginx:ro -P -d
Dockerfile:
FROM nginxRUN rm /etc/nginx/conf.d/default.confRUN rm /etc/nginx/conf.d/example_ssl.confCOPY static-html-directory /usr/share/nginx/htmlCOPY nginx.conf /etc/nginx/nginx.conf
See more at https://blog.docker.com/2015/04/tips-for-deploying-nginx-official-image-with-docker/
A/B testing upstream a { server web.backend.com:9000; } upstream b { server staging.web.backend.com:9000; } split_clients "${arg_token}" $dynamic { 97% a; * b; } server { listen 80; location / { fastcgi_pass $dynamic; # ... other settings ... } }
What's new
Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services
Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services
Use it for:- Reverse proxy- Load balancing- SSL offload / reencryption- Additional security
TCP Proxy with stream moduleserver { listen 127.0.0.1:12345; proxy_pass 127.0.0.1:8080;}
server { listen 12345; proxy_connect_timeout 1s; proxy_timeout 1m; proxy_pass example.com:12345;}
server { listen [::1]:12345; proxy_pass unix:/tmp/stream.socket;}
Stream module - Load Balancingupstream backend { hash $remote_addr consistent;
server backend1.example.com:12345 weight=5; server backend2.example.com:12345; server unix:/tmp/backend3;
server backup1.example.com:12345 backup; server backup2.example.com:12345 backup;}
server { listen 12346; proxy_pass backend;}
More information for troubleshooting
nginx -V
nginx -T
root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6
root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6
nginx -Vroot@ubu05-oss:/etc/nginx# nginx -V 2>&1 | grep arguments | xargs -n 1configurearguments:--prefix=/etc/nginx--sbin-path=/usr/sbin/nginx--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx.pid--lock-path=/var/run/nginx.lock--http-client-body-temp-path=/var/cache/nginx/client_temp--http-proxy-temp-path=/var/cache/nginx/proxy_temp--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp--http-scgi-temp-path=/var/cache/nginx/scgi_temp--user=nginx--group=nginx--with-http_ssl_module--with-http_realip_module--with-http_addition_module--with-http_sub_module--with-http_dav_module--with-http_flv_module--with-http_mp4_module--with-http_gunzip_module--with-http_gzip_static_module--with-http_random_index_module--with-http_secure_link_module--with-http_stub_status_module--with-http_auth_request_module--with-threads--with-stream--with-stream_ssl_module--with-mail--with-mail_ssl_module--with-file-aio--with-http_spdy_module--with-cc-opt=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
--with-ld-opt=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed--with-ipv6
root@ubu05-oss:/etc/nginx# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful
root@ubu05-oss:/etc/nginx# nginx -Tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:worker_processes auto; user nginx;events { worker_connections 2014; }http {server {
listen 80;return 200 "$http_user_agent $remote_addr";
}include /etc/nginx/conf.d/*.conf;
}stream {include /etc/nginx/stream/*.conf;
}
# configuration file /etc/nginx/conf.d/default.conf:server { listen 80;## etc.......
root@ubu05-oss:/# nginx -T | grep '# configuration file'nginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:# configuration file /etc/nginx/conf.d/default.conf:# configuration file /etc/nginx/conf.d/listen-socket.conf:# configuration file /etc/nginx/conf.d/stream.conf:
What's coming
HTTP/2
Dynamic Modules
JavaScript
Links
Inside NGINX infographic: https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/
Socket Sharding in NGINX Release 1.9.1: https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
LDAP Authentication with auth_request: https://www.nginx.com/blog/nginx-plus-authenticate-users/
Thread pools: https://www.nginx.com/blog/thread-pools-boost-performance-9x/
nick@nginx.com@shadrin
top related