connecting and deploying microservices at scale with nginx
TRANSCRIPT
![Page 2: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/2.jpg)
About me Nick Shadrin Technical Solutions Architect Located in SF, CA Used nginx since 2007
![Page 3: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/3.jpg)
Agenda Intro to microservices (again) The use of nginx for microservices Containers or no containers Nice old features Shiny new features Bits of nginx roadmap
![Page 4: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/4.jpg)
Building a great applicationis only half the battle, delivering the application is the other half.
![Page 5: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/5.jpg)
The Microservices Architecture
![Page 6: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/6.jpg)
The Microservices Architecture
![Page 7: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/7.jpg)
![Page 8: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/8.jpg)
NGINX Web tier Application tier
Database
N
N
Microservices enable you to break away from siloed departments (tiers) to a flexible architecture which improves performance, scalability and
manageability
Microservices Architecture
![Page 9: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/9.jpg)
Adding a new service becomes easier
N
![Page 10: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/10.jpg)
A new service that scales differently
N
![Page 11: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/11.jpg)
A new service that scales out of control
N
![Page 12: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/12.jpg)
Or maybe that service is part of a new feature
N
![Page 13: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/13.jpg)
Or maybe that service is part of a new feature
N
..launched only to partners
![Page 14: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/14.jpg)
Now you have many interconnected micro-services
N
![Page 15: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/15.jpg)
And those services must be tested for resiliency
N
![Page 16: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/16.jpg)
What's useful
![Page 17: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/17.jpg)
Proxy and scale proxy_pass fastcgi_pass uwsgi_pass scgi_pass memcached_pass proxy_pass
![Page 18: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/18.jpg)
Our DockerfileFROM debian:jessieMAINTAINER NGINX Docker Maintainers "[email protected]"RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys \ 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie \ nginx" >> /etc/apt/sources.listENV NGINX_VERSION 1.9.3-1~jessieRUN apt-get update && \ apt-get install -y ca-certificates nginx=${NGINX_VERSION} && \ rm -rf /var/lib/apt/lists/*# forward request and error logs to docker log collectorRUN ln -sf /dev/stdout /var/log/nginx/access.logRUN ln -sf /dev/stderr /var/log/nginx/error.logVOLUME ["/var/cache/nginx"]EXPOSE 80 443CMD ["nginx", "-g", "daemon off;"]
See more at https://registry.hub.docker.com/_/nginx/
![Page 19: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/19.jpg)
Extending your Dockerfileroot@linux# docker run --name mynginx1 -P -d nginx
root@linux# docker run --name mynginx2 -v /var/www:/usr/share/nginx/html:ro \ -v /var/nginx/conf:/etc/nginx:ro -P -d
Dockerfile:
FROM nginxRUN rm /etc/nginx/conf.d/default.confRUN rm /etc/nginx/conf.d/example_ssl.confCOPY static-html-directory /usr/share/nginx/htmlCOPY nginx.conf /etc/nginx/nginx.conf
See more at https://blog.docker.com/2015/04/tips-for-deploying-nginx-official-image-with-docker/
![Page 20: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/20.jpg)
A/B testing upstream a { server web.backend.com:9000; } upstream b { server staging.web.backend.com:9000; } split_clients "${arg_token}" $dynamic { 97% a; * b; } server { listen 80; location / { fastcgi_pass $dynamic; # ... other settings ... } }
![Page 21: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/21.jpg)
What's new
![Page 22: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/22.jpg)
Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services
![Page 23: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/23.jpg)
Stream module Released originally for commercial version Open source since nginx 1.9.0 Used to connect non-HTTP services
Use it for:- Reverse proxy- Load balancing- SSL offload / reencryption- Additional security
![Page 24: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/24.jpg)
TCP Proxy with stream moduleserver { listen 127.0.0.1:12345; proxy_pass 127.0.0.1:8080;}
server { listen 12345; proxy_connect_timeout 1s; proxy_timeout 1m; proxy_pass example.com:12345;}
server { listen [::1]:12345; proxy_pass unix:/tmp/stream.socket;}
![Page 25: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/25.jpg)
Stream module - Load Balancingupstream backend { hash $remote_addr consistent;
server backend1.example.com:12345 weight=5; server backend2.example.com:12345; server unix:/tmp/backend3;
server backup1.example.com:12345 backup; server backup2.example.com:12345 backup;}
server { listen 12346; proxy_pass backend;}
![Page 26: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/26.jpg)
More information for troubleshooting
nginx -V
nginx -T
![Page 27: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/27.jpg)
root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6
![Page 28: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/28.jpg)
root@ubu05-oss:/etc/nginx# nginx -Vnginx version: nginx/1.9.3built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)built with OpenSSL 1.0.1f 6 Jan 2014TLS SNI support enabledconfigure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6
![Page 29: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/29.jpg)
nginx -Vroot@ubu05-oss:/etc/nginx# nginx -V 2>&1 | grep arguments | xargs -n 1configurearguments:--prefix=/etc/nginx--sbin-path=/usr/sbin/nginx--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx.pid--lock-path=/var/run/nginx.lock--http-client-body-temp-path=/var/cache/nginx/client_temp--http-proxy-temp-path=/var/cache/nginx/proxy_temp--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp--http-scgi-temp-path=/var/cache/nginx/scgi_temp--user=nginx--group=nginx--with-http_ssl_module--with-http_realip_module--with-http_addition_module--with-http_sub_module--with-http_dav_module--with-http_flv_module--with-http_mp4_module--with-http_gunzip_module--with-http_gzip_static_module--with-http_random_index_module--with-http_secure_link_module--with-http_stub_status_module--with-http_auth_request_module--with-threads--with-stream--with-stream_ssl_module--with-mail--with-mail_ssl_module--with-file-aio--with-http_spdy_module--with-cc-opt=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
--with-ld-opt=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed--with-ipv6
![Page 30: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/30.jpg)
root@ubu05-oss:/etc/nginx# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful
![Page 31: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/31.jpg)
root@ubu05-oss:/etc/nginx# nginx -Tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:worker_processes auto; user nginx;events { worker_connections 2014; }http {server {
listen 80;return 200 "$http_user_agent $remote_addr";
}include /etc/nginx/conf.d/*.conf;
}stream {include /etc/nginx/stream/*.conf;
}
# configuration file /etc/nginx/conf.d/default.conf:server { listen 80;## etc.......
![Page 32: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/32.jpg)
root@ubu05-oss:/# nginx -T | grep '# configuration file'nginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful# configuration file /etc/nginx/nginx.conf:# configuration file /etc/nginx/conf.d/default.conf:# configuration file /etc/nginx/conf.d/listen-socket.conf:# configuration file /etc/nginx/conf.d/stream.conf:
![Page 33: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/33.jpg)
What's coming
![Page 34: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/34.jpg)
HTTP/2
![Page 35: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/35.jpg)
Dynamic Modules
![Page 36: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/36.jpg)
JavaScript
![Page 37: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/37.jpg)
Links
Inside NGINX infographic: https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/
Socket Sharding in NGINX Release 1.9.1: https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
LDAP Authentication with auth_request: https://www.nginx.com/blog/nginx-plus-authenticate-users/
Thread pools: https://www.nginx.com/blog/thread-pools-boost-performance-9x/
![Page 38: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/38.jpg)
[email protected]@shadrin
![Page 39: Connecting and Deploying Microservices at Scale with NGINX](https://reader033.vdocuments.site/reader033/viewer/2022051300/58eed5551a28aba64a8b4579/html5/thumbnails/39.jpg)