Nginx: Accelerate Rails, HTTP Tricks
•
37 j'aime•16,171 vues
Nginx is a web server that is faster, uses less memory and is more stable than Apache under load. It is better suited for Rails applications and cloud computing. Nginx acts as a proxy, routing requests to application servers. It can perform request filtering, like caching requests, and authentication checks without modifying Rails application code using custom Nginx modules. This allows separating infrastructure concerns from application logic.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (19)
En vedette
En vedette (18)
Similaire à Nginx: Accelerate Rails, HTTP Tricks
Similaire à Nginx: Accelerate Rails, HTTP Tricks (20)
Plus de Adam Wiggins
Dernier
Dernier (20)
Nginx: Accelerate Rails, HTTP Tricks
- 1. Nginx: Accelerate Rails, HTTP Tricks Adam Wiggins Railsconf 2008
- 2. Nginx is a webserver
- 3. Which means: Nginx replaces Apache
- 4. Nginx replaces Apache ‣Faster ‣Smaller memory footprint ‣More stable under load ‣More secure
- 6. But more importantly: Nginx is a better fit for Rails
- 7. Apache is the right tool: ‣mod_php ‣owning your own server hardware
- 8. Apache is the right tool: ‣mod_php ‣owning your own server hardware The era now coming to a close.
- 9. The era now upon us: ‣Rails ‣cloud computing
- 10. The era now upon us: ‣Rails ‣cloud computing Which both work best with proxying.
- 11. Proxying is Nginx’s primary mechanism for serving dynamic content
- 12. “One thing”
- 13. Embrace the constraint of keeping application VMs out of the front-end webserver
- 14. Ok cool.
- 15. Ok cool. Wait, there’s something funny going on here...
- 16. Nginx is not a webserver?
- 17. Nginx is an HTTP router
- 23. Enough abstraction; let’s see some code
- 24. Proxy balancing example upstream myapp_mongrels { 127.0.0.1:3000; 127.0.0.1:3001; } location / { proxy_pass http://myapp_mongrels; }
- 25. Memcached in front location / { set $memcached_key $uri; memcached_pass 127.0.0.1:11211; error_page 404 502 = @myapp; } location @myapp { internal; proxy_pass http://myapp_mongrels; }
- 26. Memcached method filter location / { if ($request_method = GET) { set $memcached_key $uri; memcached_pass 127.0.0.1:11211; error_page 404 502 = @myapp; break; } proxy_pass http://myapp_mongrels; }
- 27. Filtering
- 28. Filtering is reaching in and tinkering with requests and responses
- 31. Separate concerns: ‣Filters in your app for business logic
- 32. Separate concerns: ‣Filters in your app for business logic ‣Filters in your http router for server infrastructure
- 33. Separate concerns: ‣Filters in your app for business logic ‣Filters in your http router for server infrastructure ‣Filters in either for application infrastructure
- 34. Separate concerns: ‣Filters in your app for business logic ‣Filters in your http router for server infrastructure ‣Filters in either for application infrastructure
- 35. Time to get hardcore: Custom Nginx modules
- 37. The problem: Granular user access control
- 39. The Rails solution: before_filter before_filter :authorize def authorize @user = User.find(session[:user_id]) @resource = request.env['REQUEST_URI'] redirect_to '/login' unless @user redirect_to '/access_denied' unless @user.can_access(@resource) end
- 40. Can we do this without touching the Rails app’s code?
- 41. The Nginx solution: input filter module
- 42. The Nginx solution: input filter module ngx_heroku_gate
- 44. before_filter :authorize static ngx_int_t ngx_heroku_gate_init(ngx_conf_t *cf) { phase = cmcf->phases[NGX_HTTP_ACCESS_PHASE]; h = ngx_array_push(&phase.handlers); *h = ngx_heroku_gate_handler; }
- 45. def authorize @user = User.find(session[:user_id]) @resource = request.env['REQUEST_URI']
- 46. def authorize @user = User.find(session[:user_id]) @resource = request.env['REQUEST_URI'] static ngx_int_t ngx_heroku_gate_handler (ngx_http_request_t *req) { user = get_logged_in_user( req->headers_in.cookies); app_name = get_app_name( req->headers_in.host->value.data);
- 47. redirect_to '/login' unless @user
- 48. redirect_to '/login' unless @user if (!user) { redirect_to(req, '/login'); return NGX_HTTP_MOVED_TEMPORARILY; }
- 49. redirect_to '/access_denied' unless @user.can_access(@resource)
- 50. redirect_to '/access_denied' unless @user.can_access(@resource) if (!user_can_access(user, app)) { redirect_to(req, '/access_denied'); return NGX_HTTP_MOVED_TEMPORARILY; } else { write_heroku_user_header(req, user); return NGX_OK; }
- 51. #define X_HEROKU_USER quot;X-Heroku-Userquot; static void write_heroku_user_header (ngx_http_request_t *r, u_char *user) { h = ngx_list_push( &r->headers_in.headers); h->hash = 1; h->key.len = sizeof(X_HEROKU_USER) - 1; h->key.data = (u_char *) X_HEROKU_USER; h->value.len = strlen((char *)user); h->value.data = user; }
- 52. The Rails solution: before_filter before_filter :authorize def authorize @user = User.find(session[:user_id]) @resource = request.env['REQUEST_URI'] redirect_to '/login' unless @user redirect_to '/access_denied' unless @user.can_access(@resource) end
- 53. The Nginx solution: input filter static ngx_int_t ngx_heroku_gate_handler(ngx_http_request_t *req) { user = get_logged_in_user(req->headers_in.cookies); app_name = get_app_name(req->headers_in.host->value.data); if (!user) { redirect_to(req, '/login'); return NGX_HTTP_MOVED_TEMPORARILY; } if (!user_can_access(user, app)) { redirect_to(req, '/access_denied'); return NGX_HTTP_MOVED_TEMPORARILY; } else { write_heroku_user_header(req, user); return NGX_OK; } }
- 54. A word on performance
- 55. Closing thoughts / the future
- 56. HTTP is the enabling protocol for the era of cloud computing