Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Microservices on Fastly v1.1
Search
Ryo yasuda
February 20, 2019
Programming
1.2k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Microservices on Fastly v1.1
Ryo yasuda
February 20, 2019
More Decks by Ryo yasuda
See All by Ryo yasuda
GKE+Istio+GitOpsで作る日経電子版の次世代マイクロサービス基盤
ryysd
3
2.2k
日経電子版へのPWA導入事例
ryysd
1
390
Microservices on Fastly
ryysd
42
22k
Other Decks in Programming
See All in Programming
フィードバックで育てるAI開発
kotaminato
1
100
Skillsは効率化、Agentsは"自分の拡張"——Builder時代のエージェント編成(CC Night 2026)
wemra
1
200
【やさしく解説 設計編・中級 #1】一つの車に、運転手は一人 ~ある倉庫システムの事例から~
panda728
PRO
0
110
キャリア迷子上等 ─ "ない道"は自分で作ればいい
16bitidol
3
2.8k
「なぜそう決めたのか」を残し続ける仕組み ― Notion AI カスタムエージェント × Slack連携による設計判断の自動記録 - NIKKEI Tech Talk #47
niftycorp
PRO
0
250
ローカルLLMでどこまでコードが書けるか -縮小版 / How much code can be written on a local LLM Shortened
kishida
2
180
コンテキストの使い捨てをやめる — ビジネスルール駆動開発と miko —
ioki
0
270
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
yukukotani
3
4.9k
SREは、MCPとSRE Agentをこう使え!
kazumax55
0
140
吝嗇家のためのAI活用 / AI development for miser - ChatGPT + Issue Driven Development
tooppoo
0
180
どこまでゆるくて許されるのか
tk3fftk
0
410
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
220
Featured
See All Featured
Designing for humans not robots
tammielis
254
26k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
500
The SEO identity crisis: Don't let AI make you average
varn
0
510
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
320
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
1k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
640
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
640
For a Future-Friendly Web
brad_frost
183
10k
Utilizing Notion as your number one productivity tool
mfonobong
4
340
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Transcript
. ຊܦࡁ৽ฉࣾ ҆ా ཽ 'BTUMZ5FDI5BML
o E (r , eak i N T n
j ea )r p chmti i :5 25 1 s R S S .- l g 6 3 0:3 :
3 1 2 - 0
. () / ) (
AD
. Service A Service C Service B Service D Routing
Caching Dev Debug Logging Auth ESI
. Service A Service C Service B Service D Routing
Caching Dev Debug Logging ESI ৽ωλ Dynamic Critical CSS Auth
Service A Service C Service B Service D Service
Registry ֤αʔϏεͷใཧ ϔϧενΣοΫ ϦΫΤετઌαʔϏεͷใऔಘ ϦΫΤετͷૹ৴
Routing Caching Dev Debug Logging Auth ESI Service A
Service C Service B Service D • F • •
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • I • F Auth
هࣄαʔϏε هࣄߋ৽௨ max-age: 604800 purge •
'+25*-1/&%"! #3 • *-(. /&%"! #,) • 40$
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • - • - • origin͕ࢮΜͰࢦఆͨ͠ظؒΩϟογϡΛར༻ͯ͘͠ΕΔઃఆ Service B͕ࢮΜͰ ΩϟογϡΛͬͯՔಇ Auth
- - Routing Caching Dev Debug Logging ESI Service A
Service C Service B Service D • F M R • • H Service D Nikkei-Routing-Override: serviceD->serviceD-tunnel Local Machine t u n n e l Auth
• F D I D • ) ( ( (
• F D H R Routing Caching Dev Debug Logging ESI Service A Service C Service B Service D Nikkei-Routing-Journey: serviceA Nikkei-Routing-Journey: serviceA,serviceB Nikkei-Routing-Journey: serviceA,service,serviceD Auth
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • • • F Real Time Log Streaming request url status code response size taken time cache HIT/MISS ... Auth
None
֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ Ϣʔβछผ͝ͱͷΩϟογϡώοτ (هࣄϖʔδ)
Routing Caching Dev Debug Logging ESI Service A Service
C Service B Service D • • ! • " Auth
هࣄϖʔδ /article/123 Cookie: Auth=a124b5... OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
ϢʔβͷݖݶʹΑͬͯ ίϯςϯπมΘΔ
هࣄϖʔδ /article/123 Cookie: Auth=a124b5… Cache-control: no-cache,
no-store Cookie: Auth=a124b5... Cache-control: no-cache, no-store OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:
paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank:
paid Ϩεϙϯεϔομ Vary: User-Rank Cookie: Auth=a124b5... Cache-control: private ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ User-Rank͝ͱʹΩϟογϡ͚ ΔΑ͏CDNʹ໋ྩ
ඇձһ ༗ྉձһ ແྉձһ Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ
ϩάΠϯϢʔβʹରͯ͠ΩϟογϡͰ͖ͯΔ
( ) Routing Caching Dev Debug Logging Auth ESI Service
A Service C Service B Service D •
• ɾ ɾ ɾ ←ͷදࣔʹඞཁͳ࠷ݶͷCSSΛ HTMLʹຒΊࠐΉ
←ͷCSSը໘දࣔޙʹಡΈࠐΉ
• • CSSऔಘʹඞཁͳϦΫΤετɾαΠζΛݮΒͤΔ (544KB → 69KB)
• CSSOMߏஙɾϨΠΞτͷ࣌ؒΛݮͰ͖Δ
• C •
֤ϖʔδʹ࠷దԽ͞ΕͨCCSSΛΞΫηε࣌ʹੜ͠ ESIͰຒΊࠐΉ
Server Cache Control max-age=600 Cache Control: private <esi:include src=“http://example.com/mynews.html” />
index.html mynews.html
• • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>
<style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&৴ Cache Control: private Application Server Cache Control max-age=600
• • • C C EI <html> <style> <esi:include src=”/critical.css?service=article”>
<style> … </html> Critical CSS Server Critical CSSͷ Ϗϧυ&৴ Application Server Cache Control max-age=600 Cache Control max-age=86400
App Server … <style> <esi:include src=”critical.css”> <style> …
App Server Critical CSS Server ./critical.css … <style> <esi:include src=”critical.css”>
<style> …
App Server ./critical.css S3 Critical CSS Server critical CSS͕͋Δ͔֬ೝ …
<style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server critical css͕ଘࡏ͠ͳ͍ ͷͰ௨ৗͷCSSΛฦ٫
FastlyΩϟογϡ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
Ϗϧυ͕ྃͨ͠ΒS3อଘ ඇಉظͰϏϧυཁٻ CSS Cache … <style> <esi:include src=”critical.css”> <style> …
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
Ωϟογϡ͞Εͨ ௨ৗͷCSSΛPurge ඇಉظͰϏϧυཁٻ … <style> <esi:include src=”critical.css”> <style> … CSS Cache
App Server ./critical.css S3 Critical CSS Server Critical CSS Builder
ඇಉظͰϏϧυཁٻ Critical CSS Cache ࣍ճΞΫηε࣌ɺ Critical CSSΛฦ٫ FastlyΩϟογϡ … <style> <esi:include src=”critical.css”> <style> …
• J S •
S d d
F C e h S I E c a
None
None
Routing Caching Logging Auth Vanity URL ESI hub service •
$ #%" • & ' $! ”/” ”/hub/front” ද͖URL ෦URL
table vanities { ”/”: ”/hub/front” … } Routing Caching Logging
Auth Vanity URL ESI • F D • E • R F D U L ”/” ද͖URL hub service ”/hub/front” ෦URL
None
Top Article API ֎෦Ϧιʔε /article/123 Path Based Routing
backends.vcl routing.vcl backend article { .host:
"article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
[ { "name": "article", "path": "/article/.+", "host": "article.xx.jp", "ssl": true
} … ] services.json backends.vcl routing.vcl શαʔϏεͷఆٛϑΝΠϧ ͲΜͳαʔϏεɺϧʔτ͕͋Δ ͔ͻͱͰΘ͔Δ backend article { .host: "article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") { set beresp.stale_if_error = 86400s;
} Next NikkeiͰɺstale-if-errorΛࣗಈͰ༩ αʔϏε͕ࢮΜͰɺΩϟογϡ͕͋Ε͠Β͘ίϯςϯπΛฦͤΔ stale-if-error
ೝূΫοΩʔ(JWTܗࣜ): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ A
:J :C AA :, - : :; :C AA : 414 $" 14 $ 14 $ " .6 B :D ;: 6 :+)5 : A : - = I ;: 6 5 6(*+5 6 :+) " 4 6 :; 6 6 ?A6 4 . 2 ,2 2 $" . 2 "
if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") { set
req.http.Auth-Valid = "false"; } set var.base64Header = re.group.1; set var.base64Payload = re.group.2; set var.signature = digest.base64url_decode(re.group.3); set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "." var.base64Payload)); set var.payload = digest.base64_decode(var.base64Payload); set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1"); # γάωνϟͷਖ਼ੑͱ༗ޮظݶͷ֬ೝ if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) { set req.http.Auth-Valid = "false"; } # payload͔ΒݖݶใͳͲΛநग़ req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");
sub vcl_log { log
{"syslog "} req.service_id {" fastly-log :: "} {" timestamp_us:"} time.start.usec {" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "") {" upstream_host:"} regsuball(req.http.Host, {" "}, "") {" remote_addr:"} client.ip {" method:"} req.request {" fastly_x_cache:"} req.http.X-Cache {" fastly_x_cache_hits:"} req.http.X-Cache-Hits {" user_id:"} req.http.User-ID {" user_rank:"} req.http.User-Rank; … } LTSVܗࣜͰͷϩάग़ྗྫ