We recently replaced a proprietary API management solution with an in-house implementation built with nginx and Lua that let us get to a continuous delivery practice in a handful of months. Learn about our development process and the overall architecture that allowed us to write minimal amounts of code, enjoying native code performance while permitting interactive codeing, and how we leveraged other open source tools like Vagrant, Ansible, and OpenStack to build an automation-rich delivery pipeline. We will also take an in-depth look at our capacity management approach that differs from the rate limiting concept prevalent in the API community.
9. --- Validates the OAuth signature!
-- @return Const.HTTP_UNAUTHORIZED if either the key or signature is invalid!
-- this method is internal and should not be called directly!
function _M.validate_signature(self)!
local headers = self.req.get_oauth_params()!
local key = headers[Const.OAUTH_CONSUMER_KEY]!
local keyconf = self.conf.keys[key]!
if keyconf == nil then!
return {!
code = Const.HTTP_UNAUTHORIZED!
error = Const.ERROR_INVALID_CONSUMER_KEY!
}!
end!
!
local sig = get_hmac_signature(self.req, keyconf.secret)!
if sig ~= headers[Const.OAUTH_SIGNATURE] then!
return {!
code = Const.HTTP_UNAUTHORIZED,!
error = Const.ERROR_INVALID_SIGNATURE!
}!
end!
end!
61. DC1 DC2 DC3
VIP VIP VIP
entry-vip-dc1. A 10.1.0.1!
<foo> <foo>
<bar>
<bar>
foo-dc1. CNAME entry-vip-dc1.!
foo. CNAME foo-dc1.! (GSLB)
entry-vip-dc2. A 10.2.0.1!
entry-vip-dc3. A 10.3.0.1!
62. DC1 DC2 DC3
VIP VIP VIP
entry-vip-dc1. A 10.1.0.1!
<foo> <foo>
<bar>
<bar>
foo-dc1. CNAME entry-vip-dc1.!
foo. CNAME foo-dc1.! (GSLB)
entry-vip-dc2. A 10.2.0.1!
entry-vip-dc3. A 10.3.0.1!
63. DC1 DC2 DC3
VIP VIP VIP
entry-vip-dc1. A 10.1.0.1!
<foo> <foo>
<bar>
<bar>
foo-dc1. CNAME entry-vip-dc1.!
foo. CNAME foo-dc1.! (GSLB)
entry-vip-dc2. A 10.2.0.1!
entry-vip-dc3. A 10.3.0.1!
64. DC1 DC2 DC3
VIP VIP VIP
entry-vip-dc1. A 10.1.0.1!
<foo> <foo>
<bar>
<bar>
foo-dc1. CNAME entry-vip-dc1.!
foo. CNAME foo-dc1.! (GSLB)
entry-vip-dc2. A 10.2.0.1!
entry-vip-dc3. A 10.3.0.1!
65. DC1 DC2 DC3
VIP VIP VIP
entry-vip-dc1. A 10.1.0.1!
<foo> <foo>
<bar>
<bar>
foo-dc1. CNAME entry-vip-dc1.!
foo. CNAME foo-dc1.! (GSLB)
entry-vip-dc2. A 10.2.0.1!
entry-vip-dc3. A 10.3.0.1!
66. DC1 DC2 DC3
VIP VIP VIP
entry-vip-dc1. A 10.1.0.1!
<foo> <foo>
<bar>
<bar>
foo-dc1. CNAME entry-vip-dc1.!
foo. CNAME foo-dc1.! (GSLB)
entry-vip-dc2. A 10.2.0.1!
entry-vip-dc3. A 10.3.0.1!
67. Roll Your Own API Management with nginx and Lua
• nginx + Lua => great for HTTP middleware with a small
amount of custom logic
• Automated test and deployment pipeline with Vagrant,
Python, and Ansible
• Concurrent request limiting, not rate limiting
• Network architecture with operational flexibility
Presentation title (optional)67