Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AMEBA OWND DE HTTP/2
Search
Take
August 29, 2016
Technology
0
500
AMEBA OWND DE HTTP/2
道玄坂BeerBash#1 LT夏祭 CA系メディアサービス編 発表資料
http://dogenzaka-beerbash.connpass.com/event/37072/
Take
August 29, 2016
Tweet
Share
More Decks by Take
See All by Take
トルテが実践したマッチしたユーザーを除く3つの方法/torte-es
ww24
1
13k
トルテリリースまでの Go Tips 16/torte-go-tips-16
ww24
1
11k
Service Workers Push API Hands-on
ww24
1
170
OpenIL vol.1
ww24
0
3.7k
Other Decks in Technology
See All in Technology
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
kkuv
1
310
本が全く読めなかった過去の自分へ
genshun9
0
570
Leveraging Open-Source Tools for Creating 3D Tiles in the Urban Environment
simboss
PRO
0
100
Абьюзим random_bytes(). Фёдор Кулаков, разработчик Lamoda Tech
lamodatech
0
350
より良いプロダクトの開発を目指して - 情報を中心としたプロダクト開発 #phpcon #phpcon2025
bengo4com
1
3.1k
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
910
Liquid Glass革新とSwiftUI/UIKit進化
fumiyasac0921
0
230
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
製造業からパッケージ製品まで、あらゆる領域をカバー!生成AIを利用したテストシナリオ生成 / 20250627 Suguru Ishii
shift_evolve
PRO
1
140
Oracle Cloud Infrastructure:2025年6月度サービス・アップデート
oracle4engineer
PRO
2
260
Кто отправит outbox? Валентин Удальцов, автор канала Пых
lamodatech
0
350
登壇ネタの見つけ方 / How to find talk topics
pinkumohikan
5
530
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
48
14k
Statistics for Hackers
jakevdp
799
220k
What's in a price? How to price your products and services
michaelherold
246
12k
Writing Fast Ruby
sferik
628
62k
BBQ
matthewcrist
89
9.7k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Fireside Chat
paigeccino
37
3.5k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
RailsConf 2023
tenderlove
30
1.1k
Designing Experiences People Love
moore
142
24k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Transcript
AMEBA OWND DE HTTP/2 த ݑ
ࣗݾհ ➤ 16 ৽ଔΤϯδχΞ ➤ 6݄͔Β Ameba Ownd ➤ αʔόαΠυΛ୲
➤ Go ݴޠͰ։ൃ ➤ Πϯϑϥ, োରԠ ➤ HN: τϚτ ➤ TDD: τϚτۦಈ։ൃ
৬
͢͜ͱ ➤ HTTP/2 ͷ؆୯ͳઆ໌ ➤ ELB ͱ Proxy Protocol ➤
ALPN ରԠ (Chrome 51+) nginx 1.10.1 + openssl 1.0.2h
HTTP/2
HTTP/2 ➤ HTTP/1.1 ςΩετ(ASCII)ϕʔεͷϓϩτίϧ ➤ ਓؒʹ༏͍͕͠ίϯϐϡʔλʹͱͬͯࡶ ➤ όΠφϦΛૹΔࡍ Base64 encoding
ͰςΩετʹ͢Δ ➤ HTTP/2 όΠφϦϓϩτίϧ ➤ ղੳ͘͢͠ίϯϐϡʔλʹ༏͍͠(ਓؒͭΒ͍) ➤ ϔομѹॖ͕ޮ͘ (HPACK)
HTTP/2 ➤ HTTP/1.1 ·Ͱ TCP ίωΫγϣϯΛ૿͢͜ͱͰฒྻʹ ϦΫΤετΛૹΓɺμϯϩʔυ͍ͯͨ͠ ➤ HTTP/2 ͔Β1ͭͷ
TCP ίωΫγϣϯͰϦΫΤετଟॏԽ HTTP1.1 / TCP TCP HTTP/2 HTTP/2 HTTP/2 HTTP1.1 / TCP HTTP1.1 / TCP
HTTP/2 ରԠ http://caniuse.com/#search=http2
AWS Ͱ HTTP/2 ରԠ
͔ͭͯ ELB HTTP/2 ʹରԠ͍ͯ͠ͳ͔ͬͨ ➤ AWS ͷ Elastic Load
Balancing ➤ (چདྷͷ) Classic Load Balancer HTTP/2 ඇରԠ ➤ Application Load Balancer HTTP/2 ରԠʂ →ࠓޙݕ౼͍ͨ͠
CLASSIC LOAD BALANCER ➤ HTTP/2 ରԠ͢Δʹ EC2 ্ͷ Web αʔόͰऴॲཧΛ͢
Δඞཁ͕༗ΔͨΊɺ ELB Ͱ TCP Ͱϩʔυόϥϯγϯά͢Δ ͔͠ํ๏ͳ͍ ➤ IP ΑΓ্ͷϨΠϠͷ TCP Ͱॲཧ͢ΔͨΊଓݩͷ IP ΞυϨ ε͕ ELB ͷͷʹॻ͖Θͬͯ͠·͏
PROTOCOL STACK ➤ HTTP/2 Ͱଓ͢Δͱ͖ͷ ϓϩτίϧελοΫ Ethernet IP TCP TLS
HTTP/2 (h2)
PROTOCOL STACK ➤ ELB Ͱ TCP ϩʔυόϥϯγ ϯά͢Δͱ TCP ҎԼͷ༰
όοΫΤϯυಧ͔ͳ͍ ➤ ଓݩͷ IP ΞυϨε IP ύέοτͷϔομʹॻ͔Ε ͍ͯΔͷͰࣦΘΕΔ Ethernet IP TCP TLS HTTP/2 (h2)
X-FORWARDED-FOR ͕͑ͳ͍ཧ༝ ➤ X-Forwarded-For HTTP ϔομͳͷͰɺHTTP (L7) ·Ͱ ղऍͰ͖Δ
LB Ͱͳ͍ͱѻ͑ͳ͍ ➤ TCP Ͱϩʔυόϥϯγϯάͯ͠ TLS ͷऴॲཧΛόοΫΤϯ υͰߦ͏߹ɺ TLS ͷ payload ҉߸Խ͞Ε͍ͯΔͷͰಡΈ ॻ͖Ͱ͖ͳ͍
PROXY PROTOCOL ➤ όοΫΤϯυʹ IP ΞυϨεͷଓݩใΛୡͰ͖Δ http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt
PROXY PROTOCOL ઃఆྫ (NGINX) listen 443 ssl http2; proxy_set_header X-Forwarded-For
$remote_addr; proxy_set_header X-Real-IP $remote_addr; listen 443 ssl http2 proxy_protocol; proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Real-IP $proxy_protocol_addr; ELB: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
͜͜·Ͱ4݄ͷ
6݄ ଐ
None
None
Google Chrome ͔Β HTTP/2 Ͱܨ͕Βͳ͍
ࠔͬͨͱ͖ Wireshark
None
None
None
None
ݪҼ ➤ Google Chrome ALPN ͰϓϩτίϧωΰγΤʔγϣϯΛ ࢼΈΔ ➤ αʔό
(nginx 1.9) NPN ͰωΰγΤʔγϣϯΛࢼΈΔ ➤ ํͰ HTTP/2 ͷωΰγΤʔγϣϯํ͕ࣜҟͳΔҝɺ ωΰγΤʔγϣϯʹࣦഊͯ͠ HTTP/1.1 Ͱܨ͕Δ
લఏࣝ ➤ HTTP/2 Ͱଓ͢ΔͨΊʹɺΫϥΠΞϯτͱαʔόͷ྆ํ ͕ HTTP/2 ʹରԠ͍ͯ͠Δඞཁ͕͋Δ ˠͦ͜ͰϓϩτίϧͷωΰγΤʔγϣϯ͕ߦΘΕΔ ➤ NPN
ALPN TLS Handshake ύέοτΛ֦ுͯ͠ ωΰγΤʔγϣϯΛߦ͏ํࣜ
http://www.slideshare.net/shigeki_ohtsu/tls-http2
NPN ͱ ALPN ➤ SPDY ͰΘΕ͍ͯͨ NPN HTTP/2 ੍͕ఆ͞Εͯ ALPN
Ͱஔ͖ΘΔ ➤ Chrome 51 Ͱ SPDY ͷαϙʔτऴྃɻHTTP/2 શҠߦɻ http://blog.chromium.org/2016/02/transitioning-from-spdy- to-http2.html
OWND ͰͷରԠ ➤ nginx 1.9 + openssl 1.0.1: NPN ʹͷΈରԠ
ˠ Google Chrome 51 Ͱܨ͕Βͳ͘ͳͬͨݪҼ ➤ nginx 1.10 + openssl 1.0.2: ALPN ʹରԠ ˠ PPA Λ͏ or Ubuntu Λ 16.04 LTS ΞοϓάϨʔυ ➤ PPA (Personal Package Archive) Λ͏͜ͱʹͳΓ·ͨ͠
ఆ ➤ ppa ͷϦϙδτϦՃͯ͠ nginx, openssl Λߋ৽͢Δ ➤ ansible ʹॻ͖ى͜͢
➤ ֬ೝ & deploy ͜Ε͘Β͍ɺ3͋Ε…(ϑϥά)
NGINX ͷΞοϓάϨʔυ͕Ͱ͖ͳ͍ ➤ nginx 1.9 ͷ package ͕ conf ϑΝΠϧΛ௫ΜͰ͍ͯ
conflict Λىͯ͜͠ nginx 1.10 ͕ೖΒͳ͍ ➤ Ұ uninstall ͕ඞཁ
ANSIBLE Λ2ճྲྀ͞ͳ͍ͱ NGINX ͕ىಈ͠ͳ͍ ➤ ansible python ͷߏཧπʔϧ ➤
ansible Λͬͯɺ ਓ͕ؒਖ਼͘͠ॻ͔ͳ͚ΕႈʹͳͳΒͳ͍
NGINX 1.9 Λ UNINSTALL ͢Δͱ LOG ͕ফ͑Δ ➤ nginx 1.10
Ͱ࠶ݱ͠ͳ͍ ➤ apt remove ࣌ʹ log, cache ͷσΟϨΫτϦ͕ແ࣊൵ʹফ͑Δ ➤ ansible Ͱ apt remove લޙͰ log ͚ͩόοΫΞοϓΛऔΔ ͜ͱͰରॲ ➤ લड़ͷݪҼओʹίϨͰͨ͠…
NGINX ͷίωΫγϣϯ͕ര૿ ➤ HTTP/2 ରԠͷຊ൪ద༻தʹ Gun̋sy ๒Λड͚Δ ➤ HTTP/2 ରԠͨ͠Πϯελϯε͕ಛʹίωΫγϣϯ͕૿Ճ
➤ ͱ͋Δཧ༝ʹΑΓ nginx ͕Ұ੪ʹ restart ➤ Ϣʔβ͔Βܨ͕Γʹ͍͘ঢ়ଶʹ…
ݪҼΓ͚ͷҝʹμϯάϨʔυ ➤ ݩͷ nginx ͷόʔδϣϯ͢ ➤ 2ൃͷ๒͕ண͠ɺ͕มΘΔ
ؒʹ߹͍·ͤΜ Ͱͨ͠
~࠶ݕূத~ photo: https://www.flickr.com/photos/paulk/23784089050/
ڭ܇ ➤ ຊ൪ڥͰ༧ظͤ͵ࣗମ͕ى͜Δ ➤ ӡ༻͍ͯ͠ΔαʔϏεͰ৻ॏʹ (ϢʔβӨڹ৴༻ʹڹ͘) ➤ ख٧·ΓʹͳͬͨΒ packet Λಡ͏
➤ ϓϩτίϧΛཧղ͠Α͏ ➤ ςετͷແ͍ίʔυ(ಛʹ)ेಡΜͰཧղ͢Δ (ansible playbook ؚΉ)
͝ਗ਼ௌ͋Γ͕ͱ͏ ͍͟͝·ͨ͠