Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AMEBA OWND DE HTTP/2
Search
Take
August 29, 2016
Technology
0
500
AMEBA OWND DE HTTP/2
道玄坂BeerBash#1 LT夏祭 CA系メディアサービス編 発表資料
http://dogenzaka-beerbash.connpass.com/event/37072/
Take
August 29, 2016
Tweet
Share
More Decks by Take
See All by Take
トルテが実践したマッチしたユーザーを除く3つの方法/torte-es
ww24
1
13k
トルテリリースまでの Go Tips 16/torte-go-tips-16
ww24
1
11k
Service Workers Push API Hands-on
ww24
1
180
OpenIL vol.1
ww24
0
3.7k
Other Decks in Technology
See All in Technology
CSPヘッダー導入で実現するWebサイトの多層防御:今すぐ試せる設定例と運用知見
llamakko
1
250
FAST導入1年間のふりかえり〜現実を直視し、さらなる進化を求めて〜 / Review of the first year of FAST implementation
wooootack
1
150
経理出身PdMがAIプロダクト開発を_ハンズオンで学んだ話.pdf
shunsukenarita
1
190
ObsidianをLLM時代のナレッジベースに! クリッピング→Markdown→CLI連携の実践
srvhat09
7
9.5k
PHPでResult型やってみよう
higaki_program
0
200
メモ整理が苦手な者による頑張らないObsidian活用術
optim
0
140
SAE J1939シミュレーション環境構築
daikiokazaki
1
180
「AI駆動開発」のボトルネック『言語化』を効率化するには
taniiicom
1
190
The Madness of Multiple Gemini CLIs Developing Simultaneously with Jujutsu
gunta
1
2.6k
DatabricksのOLTPデータベース『Lakebase』に詳しくなろう!
inoutk
0
140
MCPに潜むセキュリティリスクを考えてみる
milix_m
1
810
QuickBooks®️ Customer®️ USA Contact Numbers: Complete 2025 Support Guide
qbsupportinfo
0
120
Featured
See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.6k
Documentation Writing (for coders)
carmenintech
72
4.9k
Visualization
eitanlees
146
16k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Done Done
chrislema
184
16k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Embracing the Ebb and Flow
colly
86
4.8k
Transcript
AMEBA OWND DE HTTP/2 த ݑ
ࣗݾհ ➤ 16 ৽ଔΤϯδχΞ ➤ 6݄͔Β Ameba Ownd ➤ αʔόαΠυΛ୲
➤ Go ݴޠͰ։ൃ ➤ Πϯϑϥ, োରԠ ➤ HN: τϚτ ➤ TDD: τϚτۦಈ։ൃ
৬
͢͜ͱ ➤ HTTP/2 ͷ؆୯ͳઆ໌ ➤ ELB ͱ Proxy Protocol ➤
ALPN ରԠ (Chrome 51+) nginx 1.10.1 + openssl 1.0.2h
HTTP/2
HTTP/2 ➤ HTTP/1.1 ςΩετ(ASCII)ϕʔεͷϓϩτίϧ ➤ ਓؒʹ༏͍͕͠ίϯϐϡʔλʹͱͬͯࡶ ➤ όΠφϦΛૹΔࡍ Base64 encoding
ͰςΩετʹ͢Δ ➤ HTTP/2 όΠφϦϓϩτίϧ ➤ ղੳ͘͢͠ίϯϐϡʔλʹ༏͍͠(ਓؒͭΒ͍) ➤ ϔομѹॖ͕ޮ͘ (HPACK)
HTTP/2 ➤ HTTP/1.1 ·Ͱ TCP ίωΫγϣϯΛ૿͢͜ͱͰฒྻʹ ϦΫΤετΛૹΓɺμϯϩʔυ͍ͯͨ͠ ➤ HTTP/2 ͔Β1ͭͷ
TCP ίωΫγϣϯͰϦΫΤετଟॏԽ HTTP1.1 / TCP TCP HTTP/2 HTTP/2 HTTP/2 HTTP1.1 / TCP HTTP1.1 / TCP
HTTP/2 ରԠ http://caniuse.com/#search=http2
AWS Ͱ HTTP/2 ରԠ
͔ͭͯ ELB HTTP/2 ʹରԠ͍ͯ͠ͳ͔ͬͨ ➤ AWS ͷ Elastic Load
Balancing ➤ (چདྷͷ) Classic Load Balancer HTTP/2 ඇରԠ ➤ Application Load Balancer HTTP/2 ରԠʂ →ࠓޙݕ౼͍ͨ͠
CLASSIC LOAD BALANCER ➤ HTTP/2 ରԠ͢Δʹ EC2 ্ͷ Web αʔόͰऴॲཧΛ͢
Δඞཁ͕༗ΔͨΊɺ ELB Ͱ TCP Ͱϩʔυόϥϯγϯά͢Δ ͔͠ํ๏ͳ͍ ➤ IP ΑΓ্ͷϨΠϠͷ TCP Ͱॲཧ͢ΔͨΊଓݩͷ IP ΞυϨ ε͕ ELB ͷͷʹॻ͖Θͬͯ͠·͏
PROTOCOL STACK ➤ HTTP/2 Ͱଓ͢Δͱ͖ͷ ϓϩτίϧελοΫ Ethernet IP TCP TLS
HTTP/2 (h2)
PROTOCOL STACK ➤ ELB Ͱ TCP ϩʔυόϥϯγ ϯά͢Δͱ TCP ҎԼͷ༰
όοΫΤϯυಧ͔ͳ͍ ➤ ଓݩͷ IP ΞυϨε IP ύέοτͷϔομʹॻ͔Ε ͍ͯΔͷͰࣦΘΕΔ Ethernet IP TCP TLS HTTP/2 (h2)
X-FORWARDED-FOR ͕͑ͳ͍ཧ༝ ➤ X-Forwarded-For HTTP ϔομͳͷͰɺHTTP (L7) ·Ͱ ղऍͰ͖Δ
LB Ͱͳ͍ͱѻ͑ͳ͍ ➤ TCP Ͱϩʔυόϥϯγϯάͯ͠ TLS ͷऴॲཧΛόοΫΤϯ υͰߦ͏߹ɺ TLS ͷ payload ҉߸Խ͞Ε͍ͯΔͷͰಡΈ ॻ͖Ͱ͖ͳ͍
PROXY PROTOCOL ➤ όοΫΤϯυʹ IP ΞυϨεͷଓݩใΛୡͰ͖Δ http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt
PROXY PROTOCOL ઃఆྫ (NGINX) listen 443 ssl http2; proxy_set_header X-Forwarded-For
$remote_addr; proxy_set_header X-Real-IP $remote_addr; listen 443 ssl http2 proxy_protocol; proxy_set_header X-Forwarded-For $proxy_protocol_addr; proxy_set_header X-Real-IP $proxy_protocol_addr; ELB: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
͜͜·Ͱ4݄ͷ
6݄ ଐ
None
None
Google Chrome ͔Β HTTP/2 Ͱܨ͕Βͳ͍
ࠔͬͨͱ͖ Wireshark
None
None
None
None
ݪҼ ➤ Google Chrome ALPN ͰϓϩτίϧωΰγΤʔγϣϯΛ ࢼΈΔ ➤ αʔό
(nginx 1.9) NPN ͰωΰγΤʔγϣϯΛࢼΈΔ ➤ ํͰ HTTP/2 ͷωΰγΤʔγϣϯํ͕ࣜҟͳΔҝɺ ωΰγΤʔγϣϯʹࣦഊͯ͠ HTTP/1.1 Ͱܨ͕Δ
લఏࣝ ➤ HTTP/2 Ͱଓ͢ΔͨΊʹɺΫϥΠΞϯτͱαʔόͷ྆ํ ͕ HTTP/2 ʹରԠ͍ͯ͠Δඞཁ͕͋Δ ˠͦ͜ͰϓϩτίϧͷωΰγΤʔγϣϯ͕ߦΘΕΔ ➤ NPN
ALPN TLS Handshake ύέοτΛ֦ுͯ͠ ωΰγΤʔγϣϯΛߦ͏ํࣜ
http://www.slideshare.net/shigeki_ohtsu/tls-http2
NPN ͱ ALPN ➤ SPDY ͰΘΕ͍ͯͨ NPN HTTP/2 ੍͕ఆ͞Εͯ ALPN
Ͱஔ͖ΘΔ ➤ Chrome 51 Ͱ SPDY ͷαϙʔτऴྃɻHTTP/2 શҠߦɻ http://blog.chromium.org/2016/02/transitioning-from-spdy- to-http2.html
OWND ͰͷରԠ ➤ nginx 1.9 + openssl 1.0.1: NPN ʹͷΈରԠ
ˠ Google Chrome 51 Ͱܨ͕Βͳ͘ͳͬͨݪҼ ➤ nginx 1.10 + openssl 1.0.2: ALPN ʹରԠ ˠ PPA Λ͏ or Ubuntu Λ 16.04 LTS ΞοϓάϨʔυ ➤ PPA (Personal Package Archive) Λ͏͜ͱʹͳΓ·ͨ͠
ఆ ➤ ppa ͷϦϙδτϦՃͯ͠ nginx, openssl Λߋ৽͢Δ ➤ ansible ʹॻ͖ى͜͢
➤ ֬ೝ & deploy ͜Ε͘Β͍ɺ3͋Ε…(ϑϥά)
NGINX ͷΞοϓάϨʔυ͕Ͱ͖ͳ͍ ➤ nginx 1.9 ͷ package ͕ conf ϑΝΠϧΛ௫ΜͰ͍ͯ
conflict Λىͯ͜͠ nginx 1.10 ͕ೖΒͳ͍ ➤ Ұ uninstall ͕ඞཁ
ANSIBLE Λ2ճྲྀ͞ͳ͍ͱ NGINX ͕ىಈ͠ͳ͍ ➤ ansible python ͷߏཧπʔϧ ➤
ansible Λͬͯɺ ਓ͕ؒਖ਼͘͠ॻ͔ͳ͚ΕႈʹͳͳΒͳ͍
NGINX 1.9 Λ UNINSTALL ͢Δͱ LOG ͕ফ͑Δ ➤ nginx 1.10
Ͱ࠶ݱ͠ͳ͍ ➤ apt remove ࣌ʹ log, cache ͷσΟϨΫτϦ͕ແ࣊൵ʹফ͑Δ ➤ ansible Ͱ apt remove લޙͰ log ͚ͩόοΫΞοϓΛऔΔ ͜ͱͰରॲ ➤ લड़ͷݪҼओʹίϨͰͨ͠…
NGINX ͷίωΫγϣϯ͕ര૿ ➤ HTTP/2 ରԠͷຊ൪ద༻தʹ Gun̋sy ๒Λड͚Δ ➤ HTTP/2 ରԠͨ͠Πϯελϯε͕ಛʹίωΫγϣϯ͕૿Ճ
➤ ͱ͋Δཧ༝ʹΑΓ nginx ͕Ұ੪ʹ restart ➤ Ϣʔβ͔Βܨ͕Γʹ͍͘ঢ়ଶʹ…
ݪҼΓ͚ͷҝʹμϯάϨʔυ ➤ ݩͷ nginx ͷόʔδϣϯ͢ ➤ 2ൃͷ๒͕ண͠ɺ͕มΘΔ
ؒʹ߹͍·ͤΜ Ͱͨ͠
~࠶ݕূத~ photo: https://www.flickr.com/photos/paulk/23784089050/
ڭ܇ ➤ ຊ൪ڥͰ༧ظͤ͵ࣗମ͕ى͜Δ ➤ ӡ༻͍ͯ͠ΔαʔϏεͰ৻ॏʹ (ϢʔβӨڹ৴༻ʹڹ͘) ➤ ख٧·ΓʹͳͬͨΒ packet Λಡ͏
➤ ϓϩτίϧΛཧղ͠Α͏ ➤ ςετͷແ͍ίʔυ(ಛʹ)ेಡΜͰཧղ͢Δ (ansible playbook ؚΉ)
͝ਗ਼ௌ͋Γ͕ͱ͏ ͍͟͝·ͨ͠