Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AMEBA OWND DE HTTP/2
Search
Take
August 29, 2016
Technology
0
450
AMEBA OWND DE HTTP/2
道玄坂BeerBash#1 LT夏祭 CA系メディアサービス編 発表資料
http://dogenzaka-beerbash.connpass.com/event/37072/
Take
August 29, 2016
Tweet
Share
More Decks by Take
See All by Take
トルテが実践したマッチしたユーザーを除く3つの方法/torte-es
ww24
1
12k
トルテリリースまでの Go Tips 16/torte-go-tips-16
ww24
1
11k
Service Workers Push API Hands-on
ww24
1
160
OpenIL vol.1
ww24
0
3.6k
Other Decks in Technology
See All in Technology
可視化により内部品質をあげるAIドキュメントリバース/20240910 Hiromitsu Akiba
shift_evolve
0
200
20240911_New_Relicダッシュボード活用例
speakerdeckfk
0
100
リアルお遍路+SORACOM IoT
ozk009
1
130
Mocking in Rust Applications
taiki45
1
410
Developer Experienceを向上させる基盤づくりの取り組み事例集
coconala_engineer
0
140
Privacy Sandbox on Android / DroidKaigi 2024
7pairs
1
240
PdMはどのように全てのスピードを上げられるか ~ 非連続進化のための具体的な取り組み ~
sansantech
PRO
4
1.2k
不動産売買取引におけるAIの可能性とプロダクトでのAI活用
zabio3
0
260
AIを活用した柔軟かつ効率的な社内リソース検索への取り組み
cygames
0
110
やってやろうじゃないかメカアジャイル! / Let's do it, mechanical agile!
psj59129
1
600
持続可能なソフトウェア開発を支える『GitHub CI/CD実践ガイド』
tmknom
6
1.3k
Oracle Autonomous Database:サービス概要のご紹介
oracle4engineer
PRO
1
7k
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
691
190k
How To Stay Up To Date on Web Technology
chriscoyier
786
250k
GraphQLとの向き合い方2022年版
quramy
43
13k
Clear Off the Table
cherdarchuk
91
320k
What's new in Ruby 2.0
geeforr
340
31k
Building Flexible Design Systems
yeseniaperezcruz
325
38k
The Invisible Customer
myddelton
119
13k
The Power of CSS Pseudo Elements
geoffreycrofte
71
5.3k
4 Signs Your Business is Dying
shpigford
179
21k
Automating Front-end Workflow
addyosmani
1365
200k
Mobile First: as difficult as doing things right
swwweet
221
8.8k
Rails Girls Zürich Keynote
gr2m
93
13k
Transcript
AMEBA OWND DE HTTP/2 த ݑ
ࣗݾհ ➤ 16 ৽ଔΤϯδχΞ ➤ 6݄͔Β Ameba Ownd ➤ αʔόαΠυΛ୲
➤ Go ݴޠͰ։ൃ ➤ Πϯϑϥ, োରԠ ➤ HN: τϚτ ➤ TDD: τϚτۦಈ։ൃ
৬
͢͜ͱ ➤ HTTP/2 ͷ؆୯ͳઆ໌ ➤ ELB ͱ Proxy Protocol ➤
ALPN ରԠ (Chrome 51+) nginx 1.10.1 + openssl 1.0.2h
HTTP/2
HTTP/2 ➤ HTTP/1.1 ςΩετ(ASCII)ϕʔεͷϓϩτίϧ ➤ ਓؒʹ༏͍͕͠ίϯϐϡʔλʹͱͬͯࡶ ➤ όΠφϦΛૹΔࡍ Base64 encoding
ͰςΩετʹ͢Δ ➤ HTTP/2 όΠφϦϓϩτίϧ ➤ ղੳ͘͢͠ίϯϐϡʔλʹ༏͍͠(ਓؒͭΒ͍) ➤ ϔομѹॖ͕ޮ͘ (HPACK)
HTTP/2 ➤ HTTP/1.1 ·Ͱ TCP ίωΫγϣϯΛ૿͢͜ͱͰฒྻʹ ϦΫΤετΛૹΓɺμϯϩʔυ͍ͯͨ͠ ➤ HTTP/2 ͔Β1ͭͷ
TCP ίωΫγϣϯͰϦΫΤετଟॏԽ HTTP1.1 / TCP TCP HTTP/2 HTTP/2 HTTP/2 HTTP1.1 / TCP HTTP1.1 / TCP
HTTP/2 ରԠ http://caniuse.com/#search=http2
AWS Ͱ HTTP/2 ରԠ
͔ͭͯ ELB HTTP/2 ʹରԠ͍ͯ͠ͳ͔ͬͨ ➤ AWS ͷ Elastic Load
Balancing ➤ (چདྷͷ) Classic Load Balancer HTTP/2 ඇରԠ ➤ Application Load Balancer HTTP/2 ରԠʂ →ࠓޙݕ౼͍ͨ͠
CLASSIC LOAD BALANCER ➤ HTTP/2 ରԠ͢Δʹ EC2 ্ͷ Web αʔόͰऴॲཧΛ͢
Δඞཁ͕༗ΔͨΊɺ ELB Ͱ TCP Ͱϩʔυόϥϯγϯά͢Δ ͔͠ํ๏ͳ͍ ➤ IP ΑΓ্ͷϨΠϠͷ TCP Ͱॲཧ͢ΔͨΊଓݩͷ IP ΞυϨ ε͕ ELB ͷͷʹॻ͖Θͬͯ͠·͏
PROTOCOL STACK ➤ HTTP/2 Ͱଓ͢Δͱ͖ͷ ϓϩτίϧελοΫ Ethernet IP TCP TLS
HTTP/2 (h2)
PROTOCOL STACK ➤ ELB Ͱ TCP ϩʔυόϥϯγ ϯά͢Δͱ TCP ҎԼͷ༰
όοΫΤϯυಧ͔ͳ͍ ➤ ଓݩͷ IP ΞυϨε IP ύέοτͷϔομʹॻ͔Ε ͍ͯΔͷͰࣦΘΕΔ Ethernet IP TCP TLS HTTP/2 (h2)
X-FORWARDED-FOR ͕͑ͳ͍ཧ༝ ➤ X-Forwarded-For HTTP ϔομͳͷͰɺHTTP (L7) ·Ͱ ղऍͰ͖Δ
LB Ͱͳ͍ͱѻ͑ͳ͍ ➤ TCP Ͱϩʔυόϥϯγϯάͯ͠ TLS ͷऴॲཧΛόοΫΤϯ υͰߦ͏߹ɺ TLS ͷ payload ҉߸Խ͞Ε͍ͯΔͷͰಡΈ ॻ͖Ͱ͖ͳ͍
PROXY PROTOCOL ➤ όοΫΤϯυʹ IP ΞυϨεͷଓݩใΛୡͰ͖Δ http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt
PROXY PROTOCOL ઃఆྫ (NGINX) listen 443 ssl http2; proxy_set_header X-Forwarded-For
$remote_addr; proxy_set_header X-Real-IP $remote_addr; listen 443 ssl http2 proxy_protocol; proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Real-IP $proxy_protocol_addr; ELB: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
͜͜·Ͱ4݄ͷ
6݄ ଐ
None
None
Google Chrome ͔Β HTTP/2 Ͱܨ͕Βͳ͍
ࠔͬͨͱ͖ Wireshark
None
None
None
None
ݪҼ ➤ Google Chrome ALPN ͰϓϩτίϧωΰγΤʔγϣϯΛ ࢼΈΔ ➤ αʔό
(nginx 1.9) NPN ͰωΰγΤʔγϣϯΛࢼΈΔ ➤ ํͰ HTTP/2 ͷωΰγΤʔγϣϯํ͕ࣜҟͳΔҝɺ ωΰγΤʔγϣϯʹࣦഊͯ͠ HTTP/1.1 Ͱܨ͕Δ
લఏࣝ ➤ HTTP/2 Ͱଓ͢ΔͨΊʹɺΫϥΠΞϯτͱαʔόͷ྆ํ ͕ HTTP/2 ʹରԠ͍ͯ͠Δඞཁ͕͋Δ ˠͦ͜ͰϓϩτίϧͷωΰγΤʔγϣϯ͕ߦΘΕΔ ➤ NPN
ALPN TLS Handshake ύέοτΛ֦ுͯ͠ ωΰγΤʔγϣϯΛߦ͏ํࣜ
http://www.slideshare.net/shigeki_ohtsu/tls-http2
NPN ͱ ALPN ➤ SPDY ͰΘΕ͍ͯͨ NPN HTTP/2 ੍͕ఆ͞Εͯ ALPN
Ͱஔ͖ΘΔ ➤ Chrome 51 Ͱ SPDY ͷαϙʔτऴྃɻHTTP/2 શҠߦɻ http://blog.chromium.org/2016/02/transitioning-from-spdy- to-http2.html
OWND ͰͷରԠ ➤ nginx 1.9 + openssl 1.0.1: NPN ʹͷΈରԠ
ˠ Google Chrome 51 Ͱܨ͕Βͳ͘ͳͬͨݪҼ ➤ nginx 1.10 + openssl 1.0.2: ALPN ʹରԠ ˠ PPA Λ͏ or Ubuntu Λ 16.04 LTS ΞοϓάϨʔυ ➤ PPA (Personal Package Archive) Λ͏͜ͱʹͳΓ·ͨ͠
ఆ ➤ ppa ͷϦϙδτϦՃͯ͠ nginx, openssl Λߋ৽͢Δ ➤ ansible ʹॻ͖ى͜͢
➤ ֬ೝ & deploy ͜Ε͘Β͍ɺ3͋Ε…(ϑϥά)
NGINX ͷΞοϓάϨʔυ͕Ͱ͖ͳ͍ ➤ nginx 1.9 ͷ package ͕ conf ϑΝΠϧΛ௫ΜͰ͍ͯ
conflict Λىͯ͜͠ nginx 1.10 ͕ೖΒͳ͍ ➤ Ұ uninstall ͕ඞཁ
ANSIBLE Λ2ճྲྀ͞ͳ͍ͱ NGINX ͕ىಈ͠ͳ͍ ➤ ansible python ͷߏཧπʔϧ ➤
ansible Λͬͯɺ ਓ͕ؒਖ਼͘͠ॻ͔ͳ͚ΕႈʹͳͳΒͳ͍
NGINX 1.9 Λ UNINSTALL ͢Δͱ LOG ͕ফ͑Δ ➤ nginx 1.10
Ͱ࠶ݱ͠ͳ͍ ➤ apt remove ࣌ʹ log, cache ͷσΟϨΫτϦ͕ແ࣊൵ʹফ͑Δ ➤ ansible Ͱ apt remove લޙͰ log ͚ͩόοΫΞοϓΛऔΔ ͜ͱͰରॲ ➤ લड़ͷݪҼओʹίϨͰͨ͠…
NGINX ͷίωΫγϣϯ͕ര૿ ➤ HTTP/2 ରԠͷຊ൪ద༻தʹ Gun̋sy ๒Λड͚Δ ➤ HTTP/2 ରԠͨ͠Πϯελϯε͕ಛʹίωΫγϣϯ͕૿Ճ
➤ ͱ͋Δཧ༝ʹΑΓ nginx ͕Ұ੪ʹ restart ➤ Ϣʔβ͔Βܨ͕Γʹ͍͘ঢ়ଶʹ…
ݪҼΓ͚ͷҝʹμϯάϨʔυ ➤ ݩͷ nginx ͷόʔδϣϯ͢ ➤ 2ൃͷ๒͕ண͠ɺ͕มΘΔ
ؒʹ߹͍·ͤΜ Ͱͨ͠
~࠶ݕূத~ photo: https://www.flickr.com/photos/paulk/23784089050/
ڭ܇ ➤ ຊ൪ڥͰ༧ظͤ͵ࣗମ͕ى͜Δ ➤ ӡ༻͍ͯ͠ΔαʔϏεͰ৻ॏʹ (ϢʔβӨڹ৴༻ʹڹ͘) ➤ ख٧·ΓʹͳͬͨΒ packet Λಡ͏
➤ ϓϩτίϧΛཧղ͠Α͏ ➤ ςετͷແ͍ίʔυ(ಛʹ)ेಡΜͰཧղ͢Δ (ansible playbook ؚΉ)
͝ਗ਼ௌ͋Γ͕ͱ͏ ͍͟͝·ͨ͠