WordCamp Belgrade 04.19.2015.

download WordCamp Belgrade 04.19.2015.

of 25

  • date post

    17-Aug-2015
  • Category

    Documents

  • view

    7
  • download

    0

Embed Size (px)

Transcript of WordCamp Belgrade 04.19.2015.

  1. 1. NginX, HAProxy and DNS Stack Presentation at WordCamp Belgrade 2015. April 19th Authors: Ivan Dabic, General Manager @MaxCDN - NginX Jovan Katic, Support Engineer @MaxCDN - HAProxy Karlo Butigan Markovic, NOC Engineer @MaxCDN - DNS
  2. 2. NginX Nginxisafreeopensourcewebserverwhichishighlyrecognizedasagoodreverseproxy solutionaswellasimapandpop3proxy.Whatdistinguishesitfromotherwebserversisthe methodofhandlingrequests.Itdoesntusethreading,rather,ithasmoreasynchronous systemthatusessmallpredictableallocationsofmemory.Thisisthemainreasonforlargest servicestoswitchorchoosenginxoverotherwebserversonthemarket. ItisparticularlyinterestingforusbecauseCDNsystemsmustanticipatelargeloadandtraffic beingpushedthroughtheirservers.Additionally,weareshowingtheliveconfiguringofone samplenginxthatisplannedtobethereverseproxyandactasapartofCDNcluster. Firstof,weneedtodefineloggingforourreverseproxyandsoweneedthemainnginx.conf file: ~$nano/etc/nginx/nginx.conf Whatwewanttouseinlogoutputis: 1. sourceIPaddress 2. timestamp(local) 3. requestedfile(uri) 4. bytessenttosource(requester) 5. cachestatus 6. statuscode log_formatvps2'$remote_addr$remote_user[$time_local]$request_uri $status$upstream_cache_status' Andapplythelogformattoouraccesslogbyaddingnameofthelogformat(inthiscaseitis vps2): access_log/var/log/nginx/access.logvps2 Additionally,sincethisisgoingtobereverseproxynginxinstallation,wellwanttodefine cachelocation(/etc/nginx/nginx.conf): proxy_cache_path/var/cache/nginx/keys_zone=idabic:10m Whatwedidhereis: 1. definedcachelocation:proxy_cache_path/var/cache/nginx/ 2. definedthenameforourcachingzoneanditssize:keys_zone=idabic:10m 1
  3. 3. Thiswouldbethefirststeptoaccomplishreverseproxysetupwithnginx.Now,weneedto editthevhostfile(defaultorcustomoneirrelevant)sowecanincludethecachingspace, definebackendserverandplaywithcachingrules. Todothisweareusingdefaultvhostfileat/etc/nginx/sitesenabled/default: ~$nano/etc/nginx/sitesenabled/default Withinserverblockwewillbeaddingcachingspacedefinitionbyusingproxy_cache directive: proxy_cacheidabic Thisdirectiveloadscachedefinitionwemadeinnginx.conffile MakeservercachefromourlocalapacheinstallationthatholdsWordPressonitunder location/block: proxy_passhttp://127.0.0.1:8080$request_uri proxy_passdirectivepassesanynoncachedrequestbacktobackendserversoit canpullfromitcachedeliver Inorderforustoseewhethercertainrequestwasservedfromcacheorthroughitwewantto addcustomheadertoshowthisinformation: add_headerTestCache$upstream_cache_status add_headerdirectiveissimplyinsertingheaderanditsvaluetosetofresponse headers.Inthiscasewewantedtoshowcachestatusso,weusedlocalnginxvariable called$upstream_cache_statuswhichisholdingthisinformationinformofHITor MISS. Eventually,whatmakesonenakedreverseproxyinstallationiscachingrules.Forthesakeof thisexampleIwanttocacheallOKresponsesforonedayandIwanttohaveatleasttwo requestspersingleassetbeforeourreverseproxywilltrytocacheit: proxy_cache_min_uses2 proxy_cache_valid20010s proxy_cache_min_usesisdefiningthenumberofrequestspersingleassetbefore nginxtriestocacheitfrombackendserver.Bestpractiseistosetthisvalueto2 because: 2
  4. 4. wedontwanttohavewildrequestscachedeventhoughtheywillneverbe requestedagain weassumewhateverisrequestedtwotimesisvalidrequestasitsprobably goingtoberequested3rd,4th,...time. proxy_cache_validdefinesstatuscodewetreatasvalidandhowlongwewantto cacheitinnginxcache.Inthiscasestatuscodes200andwellcacheitfor10 seconds(NOTagoodpractisebut,forthesameofshowingtheloadbalancing methodbelowwewantedshortcachingtime).Youllusuallysetthistoatleastone weekormore. Whatwemaywanttodealwithseparatelyisthecachekey.ToshowthepurposeofitIam settingthecachekeytofollowing: proxy_cache_key$request_uri$http_accept_encoding Thiswill,basically,definecachingparametersthatdistinguishcachedassetby: 1. Requestedasset(uri) 2. AcceptEncodingrequestheader Whatshowetobetheperfectsetupis: proxy_cache_key$scheme$request_uri$http_accept_encoding$param$args Abovesetupdefines: 1. $scheme:Localnginxvariablethatholdsthevalueofprotocolusedtoaccess/request cachedasset(http,https,...) 2. $request_uri:Sameasindefaultexample,itsthenginxvariableholdingthevalue ofrequestedasseturi 3. $http_accept_encoding:variableholdingthevalueofrequestheader AcceptEncoding 4. $param:Customvariablewecanusetoalterthecachekeyincertainscenariosuse itwithcaution!Changingcachekeymayaffectcacheclearing! 5. $args:Querystringsinrequest So,letsshowanexampleofcacheaffectionbycache_key.Wehavedefinedthecache_key distinguisherbyusign$http_accept_encodingvariable.Thismeansthatanyrequestwith differentAcceptEncodingrequestheadervalueforthesamefilewillresultindifferentcache entry: ~$curlIhttp://vps2.net/index.html HTTP/1.1200OK Server:nginx/1.4.6(Ubuntu) Date:Sun,26Apr201522:56:13GMT 3
  5. 5. ContentType:text/htmlcharset=UTF8 ContentLength:7204 Connection:keepalive XPoweredBy:PHP/5.5.91ubuntu4.7 XPingback:http://95.85.50.33:8080/xmlrpc.php Vary:AcceptEncoding TestCache:HIT TestCache:HITmeanswevecachedtheoutputfrom/index.htmlwithno AcceptEncodingvalue. NextrequestwellsendwithchangedEncoding: ~$http://vps2.net/index.htmlH'AcceptEncoding:foo/bar' HTTP/1.1200OK Server:nginx/1.4.6(Ubuntu) Date:Sun,26Apr201522:56:44GMT ContentType:text/htmlcharset=UTF8 ContentLength:7204 Connection:keepalive XPoweredBy:PHP/5.5.91ubuntu4.7 XPingback:http://95.85.50.33:8080/xmlrpc.php Vary:AcceptEncoding TestCache:MISS TestCache:MISSprovesthatthisassetisnowtreateddifferentlybecauseourreverse proxyissayingIdonthaveitinmycache!Iwillserveitfrombackendserver. Canwedrawthis?Sure: Location key keychange http://vps2.net/index.html $scheme$request_uri$h ttp_accept_encoding$p aram$args N/A http://vps2.net/index.htmlH 'AcceptEncoding:foo/bar' $scheme$request_uri$h ttp_accept_encoding$p aram$args $scheme$request_uri$h ttp_accept_encoding$p aram$args Laststepwellbeshowing(giventhatthisisshortversion)isgzip. Backtovhostfileandaddfollowinglineswithinlocation/block: gzipon 4
  6. 6. gzip_typestext/htmlapplication/javascripttext/css gzip_min_length100 Again,itsashortversionso,forthepurposeofshowcaseitsgoodenough:)WhatIwantto achievehereistoenablecompressionondeliverysothatanyrequestthatmeetsmy requirement(below)isservedgzippedwhileserved. Requirement: 1. contenttypemustbetext/htmlapplication/javascripttext/css 2. contentmustbeatleast100bytesinsizetobeapplicableforcompression Howdoesitbehaveinreallife: ~$curlIhttp://vps2.net/index.html HTTP/1.1200OK Server:nginx/1.4.6(Ubuntu) Date:Sun,26Apr201523:08:42GMT ContentType:text/htmlcharset=UTF8 ContentLength:7204 Connection:keepalive XPoweredBy:PHP/5.5.91ubuntu4.7 XPingback:http://95.85.50.33:8080/xmlrpc.php Vary:AcceptEncoding TestCache:HIT ~$curlIhttp://vps2.net/index.htmlH'AcceptEncoding:gzip' HTTP/1.1200OK Server:nginx/1.4.6(Ubuntu) Date:Sun,26Apr201523:09:00GMT ContentType:text/htmlcharset=UTF8 ContentLength:2250 Connection:keepalive XPoweredBy:PHP/5.5.91ubuntu4.7 XPingback:http://95.85.50.33:8080/xmlrpc.php Vary:AcceptEncoding ContentEncoding:gzip TestCache:MISS Twothings: 1. Weverequestedthisassetasgzippedsowehavegotit:ContentEncoding: gzip 2. Cachekeyhasbeenchangeddueto$http_accept_encodingdifferentvaluethan theoriginalonethatachedthisassetso,thecachestatusshowsMISSbecausenow, wearetreatingthisrequestasitsanewonenoncached. 5
  7. 7. 6
  8. 8. HAProxy Asyoumighthavealreadyreadinourblogpost(HAProxyBlog),HAProxyisanopensource, fastandreliableloadbalancingsolutionfilledwithvarietyofoptions,fromcustomresponse pagestodifferentloadbalancingalgorithms.Let'sseewhatthispowerfulsoftwarecandofor yourhightrafficwebsiteinthisquickstepbystepguide. ToinstallHAProxyonUbuntuLinuxdistribution,youneedtorunthefollowingcommand: ~$aptgetinstallhaproxy ToinstallitonadifferentLinuxdistributionpleaseruntheappropriateinstallcommandforthat distribution. WecangettheHAProxyversionbyrunning: ~$haproxyv HAProxyversion1.5.42014/09/02 Copyright20002014WillyTarreau InordertoallowourselvestostartHAProxyserviceviaaninitscript,weneedtoadd ENABLED=1lineto/etc/default/haproxyfile,likeso: nano/etc/default/haproxy #DefaultsfileforHAProxy # #Thisissourcedbyboth,theinitscriptandthesystemdunitfile, sodonot #treatitasashellscriptfragment. #Changetheconfigfilelocationifneeded #CONFIG="/etc/haproxy/haproxy.cfg" #Addextraflagshere,seehaproxy(1)forafewoptions #EXTRAOPTS="dem16" ENABLED=1 NowwecantrystartingtheHAProxyservicefromfromthecommandlinebyrunningthe followingcommand: ~$servicehaproxystart *Startinghaproxyhaproxy [OK] Withthisinitscriptwecanalsorestart,reload,stoporgetthestatusoftheservice. 7
  9. 9. ~$servicehaproxyrestart *Restartinghaproxyhaproxy [OK] servicehaproxyreload *Reloadinghaproxyhaproxy [OK] servicehaproxystatus haproxyisrunning. servicehaproxystop *Stoppinghaproxyhaproxy [OK] servicehaproxystatus haproxynotrunning. Tobehonest,youwon'tbeabletodoanythingwiththeinitscriptbeforeyouconfigurethe loadloadbalanceritself.Solet'scheckwhatdowegetoutofthebox: ~$cat/etc/haproxy/haproxy.cfg global log/dev/loglocal0 log/dev/loglocal1notice chroot/var/lib/haproxy maxconn2000 userhaproxy grouphaproxy daemon defaults logglobal modehttp optionhttplog optiondontlognull timeoutconnect5000ms timeoutclient50000ms timeoutserver50000ms errorfile400/etc/haproxy/errors/400.http errorfile403/etc/haproxy/errors/403.http errorfile408/etc/haproxy/errors/408.http errorfile500/etc/haproxy/errors/500.http errorfile502/etc/haproxy/errors/502.http 8
  10. 10. errorfile503/etc/haproxy/errors/503.http errorfile504/etc/haproxy/errors/504.http Let'sgothroughwhatthesedirectivesmean,andwhattheydo. Directives: logthisdirectivespecifieswherelogswillbesaved. maxconnthisdirectivespecifiesthemaximumnumberofconcurrentconnectionsonthe frontend.Oppositetothisdirective,there'saminconndirectivewhichspecifiesminimum numberofconcurrentconnectionsforaservertoaccept. user/groupthesedirectiveschangeHAProxyprocesstospecifieduserandgroup. da