SlideShare una empresa de Scribd logo

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and NGINX Web Server

Descargar como PPTX, PDF
N
NGINX, Inc.

Building and deploying cloud native APIs is a complex operation, and can require a multitude of components. In this workshop we focus on the fundamentals of deploying the runtime API code and publishing the API through an API gateway. To achieve this we use NGINX Unit as a polyglot application server and NGINX web server as an API gateway. With this combination we deliver a solution lightweight enough for dev and strong enough for production. You will learn how to use NGINX Unit to run one or more apps and APIs in a variety of languages, including seamlessly deploying new versions. You will then see the best practices for how to configure NGINX to perform the common API gateway functions of request routing, rate limiting, and authentication for multiple APIs. We will also touch on advanced use cases such as HTTP method enforcement, and JSON validation. No previous experience of NGINX or NGINX Unit is required, but a basic knowledge of HTTP and JSON/REST APIs is valuable.

Tecnología
1 de 58
NGINX Workshop Running Modern APIs with NGINX Unit and NGINX web server All Things Open 19-Oct-2020
Today’s hosts Timo Stark 🇩🇪 • Product Management Engineer, NGINX • @linux_lenny Liam Crilly 🇬🇧 • Senior Director, Product Management, NGINX • @liamcrilly
What we’re going to build API Client Internet / WAN API Gateway Backend APIs
Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Q&A 4. Break (15 mins) 5. Deploying NGINX web server as an API gateway 6. Q&A
5 “... when I started NGINX, I focused on a very specific problem – how to handle more customers per a single server.” - Igor Sysoev, NGINX creator and founder
Introducing NGINX 6 2004 • NGINX 0.1 2007 • “Viable” 2011 • NGINX, Inc. • NGINX 1.0 2013 • NGINX Plus R1 2018 • NGINX Unit 1.0 • Controller 1.0 2019 • Controller 2.0 (API mgmt.) • NGINX Plus R19 • Acquired by F5 Networks
Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
What we’re going to build API Client Internet / WAN API Gateway Backend APIs
What is NGINX Unit 10 “NGINX Unit is a polyglot app server, a reverse proxy, and a static file server, available for Unix-like systems”
NGINX Unit 11 Flexible Performance Security 8 Supported App Languages
NGINX Unit Architecture Unit enables NGINX Unit Architecture
16
Process overview 17
Installing NGINX Unit (simple) 18 CentOS / RHEL(*) • yum install unit unit-go unit- devel unit-php Ubuntu / Debian(*) • apt-get install unit unit-dev unit-go unit-php Docker • docker pull nginx/unit:1.20.0- full MacOS / MacBook • Docker
Unit configuration 19 curl –s --unix-socket /var/run/control.unit.sock localhost 1 2 3 4 5 6 7 8 { "certificates": { ... }, "config": { ... } } TLS Certificates for the listeners General configuration object
Unit config 20 curl –s --unix-socket /var/run/control.unit.sock localhost/config 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 20 22 "settings": { "http": { ... } }, "listeners": { ... }, "routes": [ { ... }, ], "applications": { ... }, "upstreams": { ... }, "access_log": "/var/log/access.log" } Instace wide settings Bind ip addr and port Control the unit- router Our applications Proxy upstreams access-logs
Unit routes 1 21 curl –s --unix-socket /var/run/control.unit.sock localhost/config/routes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 20 22 "django": [ { "match": { "uri": "/static/*" }, "action": { "share": "/var/apphome/python/" } }, { "action": { "pass": "applications/django_project" } } ], name Routing pattern definition Action if pattern matches
Unit routes 2 22 curl –s --unix-socket /var/run/control.unit.sock localhost/config/routes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 20 22 23 "wordpress": [ { "match": { "uri": [ "*.php", "*.php/*", "/wp-admin/" ] }, "action": { "pass": "applications/wordpress/direct" } }, { "action": { "share": "/var/apphome/wordpress", "fallback": { "pass": "applications/wordpress/index" } } } ] name Routing pattern definition Action if pattern matches Fallback action with static file share
$ curl –-unix-socket /var/run/unit.control.sock –-data-binary "@.unit.conf.json" http://localhost/config $ curl –-unix-socket /var/run/unit.control.sock –-data-binary "UpdatedSecret" http://localhost/config/applications/app/environment/APISEC
Unit in docker 24 • Use the nginx/unit base images • Make use of the /docker-entrypoint-d features ◦ Apply initial configurtion ◦ Apply initial uploding of certificates for TLS encryption ◦ Run Shell-scripts
What we have now Developers Machine Backend APIs AWS EC2 AWS Container Registry push pull API Gateway
Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
What we’re going to build API Client Internet / WAN API Gateway Backend APIs
#1 40%“Most websites use NGINX” of NGINX deployments are as an API gateway Source: NGINX User survey 2017, 2018, 2019Source: Netcraft April 2019 Web Server Survey
Installing NGINX (official) 30 http://nginx.org/en/linux_packages.html • RHEL/Centos • Debian • Ubuntu • SLES • Alpine
Installing NGINX (simple) 31 CentOS / RHEL • yum install nginx Ubuntu / Debian • apt-get install nginx Docker • docker pull nginx MacOS / MacBook • Homebrew • Docker
NGINX Open Source Cycle Stable retired Mainline forked Mainline “bump” New stable Critical bugfix Stable 1.even.0 Mainline 1.odd.0 April • Mainline • New features • 8-12 releases per year • Stable • Critical bug fixes only • 1-2 releases per year
Define our API gateway 33 • Create api_gateway.conf • $ mkdir /etc/nginx/conf.d/my_apis • $ nginx -s reload • $ curl localhost:8080 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 5 6 7 8 9 10 11 12 server { listen 8080; # TLS config goes here (for production) include conf.d/my_apis/*.conf; # Invalid resource location / { return 400; } }
$ curl http://localhost:8080/ <html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx/1.15.10</center> </body> </html>
Define JSON error responses 36 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 server { listen 8080; # TLS config goes here (for production use) include conf.d/my_apis/*.conf; # Invalid resource location / { return 400; } # Error responses default_type application/json; error_page 400 = @400; location @400 { return 400 '{"status":400,"message":"Bad request"}n'; } } • error_page to named location (@) • Download full error set ◦ github.com/lcrilly/ nginx-api-gateway
Enable TLS 37 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 server { listen 8080; # TLS config goes here (for production use) listen 443 ssl; ssl_certificate /etc/nginx/ssl/space.nginx.org.crt; ssl_certificate_key /etc/nginx/ssl/space.nginx.org.key; include conf.d/my_apis/*.conf; # Invalid resource location / { return 400; } • Can listen on plaintext and SSL/TLS ports simulateously ◦ But don’t!
🪐 Publish the Space API API Client Internet / WAN API Gateway Space API
Microservices routing Events microservice Images microservice /api/space/planets/* /api/space/events/* /api/planets/images/* Planets microservice
Define the backend servers 41 • Upstream servers (backends) • Multiple servers will be load balanced • Next step is to define the API itself /etc/nginx/conf.d/api_backends.conf 1 2 3 4 5 6 7 8 9 10 11 upstream planets-svc { server 172.31.46.145:8080; } upstream events-svc { server 172.31.46.145:8085; } upstream images-svc { server 172.31.46.145:8090; }
Define the API 42 • Nested locations • Location (URI) matching ◦ Exact (=) ◦ Regex (~) ◦ Prefix ( ) • Policies can apply at any level /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 location /api/space/ { location = /api/space/planets { proxy_pass http://planets-svc; } location /api/space/planets/ { proxy_pass http://planets-svc; } location ~ ^/api/space/images/.+.(svg|png)$ { proxy_pass http://images-svc; } location /api/space/events { proxy_pass http://events-svc; } }
Rate limiting 44 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 limit_req_zone $remote_addr zone=perip:1m rate=2r/s; server { listen 8080; • Rate limit is configured and monitored at a global level • Limit is applied where we want it ◦ Per API gateway ◦ Per API definition  ◦ Per URI/route /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 location /api/space/ { limit_req zone=perip nodelay; _ limit_req_status 429; _ location = /api/space/planets { proxy_pass http://planets-svc; } location /api/space/planets/ { proxy_pass http://planets-svc; }
NGINX authentication options 46 API Gateway HTTP Basic Client Cert JWT • NGINX Plus API Key Custom Token • External API
HTTP Basic authentication 47 • Other auth options replace auth_basic directives ◦ auth_jwt (JWT) ◦ auth_request ( API key) ◦ auth_request (custom) • Exception is client certs at server level ◦ ssl_client_certificate /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 location /api/space/ { auth_basic "Space API"; __ auth_basic_user_file conf.d/api_clients.htpasswd; _ limit_req zone=perip; limit_req_status 429; location = /api/space/planets { proxy_pass http://planets-svc; } $ cd /etc/nginx/conf.d $ wget http://files.liamcrilly.com/api_clients.htpasswd
API key authentication (example) 48 • Requests must pass auth_request test • Internal location performs API key validation logic ◦ Returns validation status back to auth_request • Keys can be SHA-256 protected with njs /etc/nginx/conf.d/my_apis/space.conf 1 2 … 16 17 18 19 20 21 22 23 24 25 26 27 28 29 location /api/space/ { auth_request /_validate_apikey; … } location = /_validate_apikey { internal; if ($http_apikey = "") { return 401; # Unauthorized } if ($api_client_name = "") { return 403; # Forbidden } return 204; # OK (no content) } /etc/nginx/conf.d/apikey_clients.conf 1 2 3 4 5 map $http_apikey $api_client_name { default ""; "7B5zIqmRGXmrJTFmKa99vcit" "client_one"; "QzVV6y1EmQFbbxOfRCwyJs35" "client_two"; }
HTTP method matching 50 • limit_except directive controls HTTP methods • Disable authentication for easier testing /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 … 19 20 21 22 23 location /api/space/ { auth_basic "Space API"; auth_basic_user_file conf.d/api_clients.htpasswd; limit_req zone=perip; limit_req_status 429; location = /api/space/planets { proxy_pass http://planets-svc; } location /api/space/events { limit_except GET POST { deny all; } _ proxy_pass http://events-svc; } }
JSON request validation [1/2] 52 • Load JavaScript module ◦ nginx-module-njs • Use JSON.parse() to test request body for valid JSON /etc/nginx/nginx.conf 1 2 3 4 5 6 7 8 9 10 11 user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; load_module modules/ngx_http_js_module.so; _ events { worker_connections 1024; } /etc/nginx/conf.d/json_validation.js 1 2 3 4 5 6 7 8 9 10 11 12 13 export default { parseRequestBody }; function parseRequestBody(r) { try { if (r.variables.request_body) { JSON.parse(r.variables.request_body); } return r.variables.upstream; } catch (e) { r.error('JSON.parse exception'); return '127.0.0.1:10415'; // Address for error response } }
JSON request validation [2/2] 53 • NGINX hates to buffer • Use mirror module to force early-reading of $request_body • Variable evaluation controls timing of JS code execution /etc/nginx/conf.d/api_gateway.conf 10 11 12 13 14 # Request body validation location /_get_request_body { internal; return 204; } /etc/nginx/conf.d/json_validation.conf 1 2 3 4 5 6 7 8 js_import conf.d/json_validation.js; js_set $json_validated json_validation.parseRequestBody; server { listen 127.0.0.1:10415; # This is the error response of json_validator() return 415; # Unsupported media type include conf.d/my_apis/errors_json.conf; } /etc/nginx/conf.d/my_apis/space.conf 8 9 10 11 12 13 location = /api/space/events { limit_except GET POST { deny all; } set $upstream events-svc; mirror /_get_request_body; # Force early-reading of request body proxy_pass http://$json_validated$request_uri; }
How did we do? • Error handling • API definition • Rate limiting • Authentication • HTTP methods • JSON validation
Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
Resources • NGINX Unit ◦ https://unit.nginx.org/ • Official NGINX open source downloads ◦ http://nginx.org/en/linux_packages.html • Configuration files and code samples ◦ https://github.com/nginx/unit-examples ◦ https://github.com/lcrilly/nginx-api-gateway • NGINX Plus developer license ◦ https://www.nginx.com/developer-license/ ◦ Code: ato2020workshop
fin

Recomendados

How to Get Started With NGINX
How to Get Started With NGINXHow to Get Started With NGINX
How to Get Started With NGINXNGINX, Inc.
 
NGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX, Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingNGINX, Inc.
 
NGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX, Inc.
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Securing Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the CloudSecuring Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the CloudOlivia LaMar
 
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX, Inc.
 

Recomendados

How to Get Started With NGINX
How to Get Started With NGINXHow to Get Started With NGINX
How to Get Started With NGINXNGINX, Inc.
 
NGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX, Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingNGINX, Inc.
 
NGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX Basics and Best Practices Workshop
NGINX Basics and Best Practices WorkshopNGINX, Inc.
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCNGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Securing Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the CloudSecuring Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the CloudOlivia LaMar
 
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX, Inc.
 
NGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX, Inc.
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...NGINX, Inc.
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
NGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEANGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEANGINX, Inc.
 
Nim tames sprawl
Nim tames sprawlNim tames sprawl
Nim tames sprawlNGINX, Inc.
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXNGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.
 
Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19NGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXNGINX, Inc.
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX, Inc.
 
Accélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerAccélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerNGINX, Inc.
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtectNGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerKatherine Bagood
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 
NGINX as a Content Cache
NGINX as a Content CacheNGINX as a Content Cache
NGINX as a Content CacheNGINX, Inc.
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​NGINX, Inc.
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEAReplacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEANGINX, Inc.
 
Fundamentals of microservices
Fundamentals of microservicesFundamentals of microservices
Fundamentals of microservicesNGINX, Inc.
 
Kubernetes and the NGINX Plus Ingress Controller
Kubernetes and the NGINX Plus Ingress ControllerKubernetes and the NGINX Plus Ingress Controller
Kubernetes and the NGINX Plus Ingress ControllerKatherine Bagood
 
What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19NGINX, Inc.
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 

Más contenido relacionado

La actualidad más candente

NGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX, Inc.
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...NGINX, Inc.
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
NGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEANGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEANGINX, Inc.
 
Nim tames sprawl
Nim tames sprawlNim tames sprawl
Nim tames sprawlNGINX, Inc.
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXNGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.
 
Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19NGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXNGINX, Inc.
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX, Inc.
 
Accélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerAccélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerNGINX, Inc.
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtectNGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerKatherine Bagood
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshNGINX, Inc.
 
NGINX as a Content Cache
NGINX as a Content CacheNGINX as a Content Cache
NGINX as a Content CacheNGINX, Inc.
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​NGINX, Inc.
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEAReplacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEANGINX, Inc.
 
Fundamentals of microservices
Fundamentals of microservicesFundamentals of microservices
Fundamentals of microservicesNGINX, Inc.
 
Kubernetes and the NGINX Plus Ingress Controller
Kubernetes and the NGINX Plus Ingress ControllerKubernetes and the NGINX Plus Ingress Controller
Kubernetes and the NGINX Plus Ingress ControllerKatherine Bagood
 

La actualidad más candente (20)

NGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEA
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
 
NGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEANGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEA
 
Nim tames sprawl
Nim tames sprawlNim tames sprawl
Nim tames sprawl
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINX
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
 
Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19Architecting for now & the future with NGINX London April 19
Architecting for now & the future with NGINX London April 19
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
 
Get the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINXGet the Most Out of Kubernetes with NGINX
Get the Most Out of Kubernetes with NGINX
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEA
 
Accélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX ControllerAccélérez vos déploiements applicatifs avec NGINX Controller
Accélérez vos déploiements applicatifs avec NGINX Controller
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtect
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
 
NGINX as a Content Cache
NGINX as a Content CacheNGINX as a Content Cache
NGINX as a Content Cache
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​
 
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEAReplacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEA
 
Fundamentals of microservices
Fundamentals of microservicesFundamentals of microservices
Fundamentals of microservices
 
Kubernetes and the NGINX Plus Ingress Controller
Kubernetes and the NGINX Plus Ingress ControllerKubernetes and the NGINX Plus Ingress Controller
Kubernetes and the NGINX Plus Ingress Controller
 

Similar a Session: A Reference Architecture for Running Modern APIs with NGINX Unit and NGINX Web Server

What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19NGINX, Inc.
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesOrtus Solutions, Corp
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Pavel Chunyayev
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalPatrick Chanezon
 
What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?NGINX, Inc.
 
Load Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS ClusterLoad Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS ClusterKevin Jones
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...Aman Kohli
 
NGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App ServerNGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App ServerNGINX, Inc.
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack APIKrunal Jain
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXAine Long
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfchalermpany
 
Node.js to the rescue
Node.js to the rescueNode.js to the rescue
Node.js to the rescueMarko Heijnen
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performanceEngine Yard
 

Similar a Session: A Reference Architecture for Running Modern APIs with NGINX Unit and NGINX Web Server (20)

What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and Kubernetes
 
KONG-APIGateway.pptx
KONG-APIGateway.pptxKONG-APIGateway.pptx
KONG-APIGateway.pptx
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - Technical
 
What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?
 
Load Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS ClusterLoad Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS Cluster
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
 
MesosCon - Be a microservices hero
MesosCon - Be a microservices heroMesosCon - Be a microservices hero
MesosCon - Be a microservices hero
 
NGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App ServerNGINX Unit: Rebooting our Universal Web App Server
NGINX Unit: Rebooting our Universal Web App Server
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
Sprint 17
Sprint 17Sprint 17
Sprint 17
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack API
 
signalr
signalrsignalr
signalr
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINX
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
 
Node.js to the rescue
Node.js to the rescueNode.js to the rescue
Node.js to the rescue
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performance
 

Más de NGINX, Inc.

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法NGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナーNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法NGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101NGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...NGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXNGINX, Inc.
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes APINGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXNGINX, Inc.
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxNGINX, Inc.
 

Más de NGINX, Inc. (20)

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with Observability
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with Automation
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes API
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
 

Último

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and NGINX Web Server

  • 1. NGINX Workshop Running Modern APIs with NGINX Unit and NGINX web server All Things Open 19-Oct-2020
  • 2. Today’s hosts Timo Stark 🇩🇪 • Product Management Engineer, NGINX • @linux_lenny Liam Crilly 🇬🇧 • Senior Director, Product Management, NGINX • @liamcrilly
  • 3. What we’re going to build API Client Internet / WAN API Gateway Backend APIs
  • 4. Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Q&A 4. Break (15 mins) 5. Deploying NGINX web server as an API gateway 6. Q&A
  • 5. 5 “... when I started NGINX, I focused on a very specific problem – how to handle more customers per a single server.” - Igor Sysoev, NGINX creator and founder
  • 6. Introducing NGINX 6 2004 • NGINX 0.1 2007 • “Viable” 2011 • NGINX, Inc. • NGINX 1.0 2013 • NGINX Plus R1 2018 • NGINX Unit 1.0 • Controller 1.0 2019 • Controller 2.0 (API mgmt.) • NGINX Plus R19 • Acquired by F5 Networks
  • 7.
  • 8. Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
  • 9. What we’re going to build API Client Internet / WAN API Gateway Backend APIs
  • 10. What is NGINX Unit 10 “NGINX Unit is a polyglot app server, a reverse proxy, and a static file server, available for Unix-like systems”
  • 13.
  • 14.
  • 15.
  • 16. 16
  • 18. Installing NGINX Unit (simple) 18 CentOS / RHEL(*) • yum install unit unit-go unit- devel unit-php Ubuntu / Debian(*) • apt-get install unit unit-dev unit-go unit-php Docker • docker pull nginx/unit:1.20.0- full MacOS / MacBook • Docker
  • 19. Unit configuration 19 curl –s --unix-socket /var/run/control.unit.sock localhost 1 2 3 4 5 6 7 8 { "certificates": { ... }, "config": { ... } } TLS Certificates for the listeners General configuration object
  • 20. Unit config 20 curl –s --unix-socket /var/run/control.unit.sock localhost/config 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 20 22 "settings": { "http": { ... } }, "listeners": { ... }, "routes": [ { ... }, ], "applications": { ... }, "upstreams": { ... }, "access_log": "/var/log/access.log" } Instace wide settings Bind ip addr and port Control the unit- router Our applications Proxy upstreams access-logs
  • 21. Unit routes 1 21 curl –s --unix-socket /var/run/control.unit.sock localhost/config/routes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 20 22 "django": [ { "match": { "uri": "/static/*" }, "action": { "share": "/var/apphome/python/" } }, { "action": { "pass": "applications/django_project" } } ], name Routing pattern definition Action if pattern matches
  • 22. Unit routes 2 22 curl –s --unix-socket /var/run/control.unit.sock localhost/config/routes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 20 22 23 "wordpress": [ { "match": { "uri": [ "*.php", "*.php/*", "/wp-admin/" ] }, "action": { "pass": "applications/wordpress/direct" } }, { "action": { "share": "/var/apphome/wordpress", "fallback": { "pass": "applications/wordpress/index" } } } ] name Routing pattern definition Action if pattern matches Fallback action with static file share
  • 23. $ curl –-unix-socket /var/run/unit.control.sock –-data-binary "@.unit.conf.json" http://localhost/config $ curl –-unix-socket /var/run/unit.control.sock –-data-binary "UpdatedSecret" http://localhost/config/applications/app/environment/APISEC
  • 24. Unit in docker 24 • Use the nginx/unit base images • Make use of the /docker-entrypoint-d features ◦ Apply initial configurtion ◦ Apply initial uploding of certificates for TLS encryption ◦ Run Shell-scripts
  • 25. What we have now Developers Machine Backend APIs AWS EC2 AWS Container Registry push pull API Gateway
  • 26. Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
  • 27. Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
  • 28. What we’re going to build API Client Internet / WAN API Gateway Backend APIs
  • 29. #1 40%“Most websites use NGINX” of NGINX deployments are as an API gateway Source: NGINX User survey 2017, 2018, 2019Source: Netcraft April 2019 Web Server Survey
  • 30. Installing NGINX (official) 30 http://nginx.org/en/linux_packages.html • RHEL/Centos • Debian • Ubuntu • SLES • Alpine
  • 31. Installing NGINX (simple) 31 CentOS / RHEL • yum install nginx Ubuntu / Debian • apt-get install nginx Docker • docker pull nginx MacOS / MacBook • Homebrew • Docker
  • 32. NGINX Open Source Cycle Stable retired Mainline forked Mainline “bump” New stable Critical bugfix Stable 1.even.0 Mainline 1.odd.0 April • Mainline • New features • 8-12 releases per year • Stable • Critical bug fixes only • 1-2 releases per year
  • 33. Define our API gateway 33 • Create api_gateway.conf • $ mkdir /etc/nginx/conf.d/my_apis • $ nginx -s reload • $ curl localhost:8080 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 5 6 7 8 9 10 11 12 server { listen 8080; # TLS config goes here (for production) include conf.d/my_apis/*.conf; # Invalid resource location / { return 400; } }
  • 34. $ curl http://localhost:8080/ <html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx/1.15.10</center> </body> </html>
  • 35.
  • 36. Define JSON error responses 36 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 server { listen 8080; # TLS config goes here (for production use) include conf.d/my_apis/*.conf; # Invalid resource location / { return 400; } # Error responses default_type application/json; error_page 400 = @400; location @400 { return 400 '{"status":400,"message":"Bad request"}n'; } } • error_page to named location (@) • Download full error set ◦ github.com/lcrilly/ nginx-api-gateway
  • 37. Enable TLS 37 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 server { listen 8080; # TLS config goes here (for production use) listen 443 ssl; ssl_certificate /etc/nginx/ssl/space.nginx.org.crt; ssl_certificate_key /etc/nginx/ssl/space.nginx.org.key; include conf.d/my_apis/*.conf; # Invalid resource location / { return 400; } • Can listen on plaintext and SSL/TLS ports simulateously ◦ But don’t!
  • 38.
  • 39. 🪐 Publish the Space API API Client Internet / WAN API Gateway Space API
  • 41. Define the backend servers 41 • Upstream servers (backends) • Multiple servers will be load balanced • Next step is to define the API itself /etc/nginx/conf.d/api_backends.conf 1 2 3 4 5 6 7 8 9 10 11 upstream planets-svc { server 172.31.46.145:8080; } upstream events-svc { server 172.31.46.145:8085; } upstream images-svc { server 172.31.46.145:8090; }
  • 42. Define the API 42 • Nested locations • Location (URI) matching ◦ Exact (=) ◦ Regex (~) ◦ Prefix ( ) • Policies can apply at any level /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 location /api/space/ { location = /api/space/planets { proxy_pass http://planets-svc; } location /api/space/planets/ { proxy_pass http://planets-svc; } location ~ ^/api/space/images/.+.(svg|png)$ { proxy_pass http://images-svc; } location /api/space/events { proxy_pass http://events-svc; } }
  • 43.
  • 44. Rate limiting 44 /etc/nginx/conf.d/api_gateway.conf 1 2 3 4 limit_req_zone $remote_addr zone=perip:1m rate=2r/s; server { listen 8080; • Rate limit is configured and monitored at a global level • Limit is applied where we want it ◦ Per API gateway ◦ Per API definition  ◦ Per URI/route /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 location /api/space/ { limit_req zone=perip nodelay; _ limit_req_status 429; _ location = /api/space/planets { proxy_pass http://planets-svc; } location /api/space/planets/ { proxy_pass http://planets-svc; }
  • 45.
  • 46. NGINX authentication options 46 API Gateway HTTP Basic Client Cert JWT • NGINX Plus API Key Custom Token • External API
  • 47. HTTP Basic authentication 47 • Other auth options replace auth_basic directives ◦ auth_jwt (JWT) ◦ auth_request ( API key) ◦ auth_request (custom) • Exception is client certs at server level ◦ ssl_client_certificate /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 location /api/space/ { auth_basic "Space API"; __ auth_basic_user_file conf.d/api_clients.htpasswd; _ limit_req zone=perip; limit_req_status 429; location = /api/space/planets { proxy_pass http://planets-svc; } $ cd /etc/nginx/conf.d $ wget http://files.liamcrilly.com/api_clients.htpasswd
  • 48. API key authentication (example) 48 • Requests must pass auth_request test • Internal location performs API key validation logic ◦ Returns validation status back to auth_request • Keys can be SHA-256 protected with njs /etc/nginx/conf.d/my_apis/space.conf 1 2 … 16 17 18 19 20 21 22 23 24 25 26 27 28 29 location /api/space/ { auth_request /_validate_apikey; … } location = /_validate_apikey { internal; if ($http_apikey = "") { return 401; # Unauthorized } if ($api_client_name = "") { return 403; # Forbidden } return 204; # OK (no content) } /etc/nginx/conf.d/apikey_clients.conf 1 2 3 4 5 map $http_apikey $api_client_name { default ""; "7B5zIqmRGXmrJTFmKa99vcit" "client_one"; "QzVV6y1EmQFbbxOfRCwyJs35" "client_two"; }
  • 49.
  • 50. HTTP method matching 50 • limit_except directive controls HTTP methods • Disable authentication for easier testing /etc/nginx/conf.d/my_apis/space.conf 1 2 3 4 5 6 7 8 9 10 … 19 20 21 22 23 location /api/space/ { auth_basic "Space API"; auth_basic_user_file conf.d/api_clients.htpasswd; limit_req zone=perip; limit_req_status 429; location = /api/space/planets { proxy_pass http://planets-svc; } location /api/space/events { limit_except GET POST { deny all; } _ proxy_pass http://events-svc; } }
  • 51.
  • 52. JSON request validation [1/2] 52 • Load JavaScript module ◦ nginx-module-njs • Use JSON.parse() to test request body for valid JSON /etc/nginx/nginx.conf 1 2 3 4 5 6 7 8 9 10 11 user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; load_module modules/ngx_http_js_module.so; _ events { worker_connections 1024; } /etc/nginx/conf.d/json_validation.js 1 2 3 4 5 6 7 8 9 10 11 12 13 export default { parseRequestBody }; function parseRequestBody(r) { try { if (r.variables.request_body) { JSON.parse(r.variables.request_body); } return r.variables.upstream; } catch (e) { r.error('JSON.parse exception'); return '127.0.0.1:10415'; // Address for error response } }
  • 53. JSON request validation [2/2] 53 • NGINX hates to buffer • Use mirror module to force early-reading of $request_body • Variable evaluation controls timing of JS code execution /etc/nginx/conf.d/api_gateway.conf 10 11 12 13 14 # Request body validation location /_get_request_body { internal; return 204; } /etc/nginx/conf.d/json_validation.conf 1 2 3 4 5 6 7 8 js_import conf.d/json_validation.js; js_set $json_validated json_validation.parseRequestBody; server { listen 127.0.0.1:10415; # This is the error response of json_validator() return 415; # Unsupported media type include conf.d/my_apis/errors_json.conf; } /etc/nginx/conf.d/my_apis/space.conf 8 9 10 11 12 13 location = /api/space/events { limit_except GET POST { deny all; } set $upstream events-svc; mirror /_get_request_body; # Force early-reading of request body proxy_pass http://$json_validated$request_uri; }
  • 54. How did we do? • Error handling • API definition • Rate limiting • Authentication • HTTP methods • JSON validation
  • 55. Agenda 1. Introducing NGINX 2. Running APIs with NGINX Unit 3. Break / Q&A 4. Deploying NGINX web server as an API gateway 5. Q&A
  • 56. Resources • NGINX Unit ◦ https://unit.nginx.org/ • Official NGINX open source downloads ◦ http://nginx.org/en/linux_packages.html • Configuration files and code samples ◦ https://github.com/nginx/unit-examples ◦ https://github.com/lcrilly/nginx-api-gateway • NGINX Plus developer license ◦ https://www.nginx.com/developer-license/ ◦ Code: ato2020workshop
  • 57.
  • 58. fin

Notas del editor

  1. NGINX 1.0 and Unit 1.0 released 12th Apr (International Day of Human Space Flight – Yuri Gagarin) 2020 – let’s pretend it didn’t happen!
  2. *** ADD RELOAD COMMANDS *** Other error formats are available
  3. Let’s now take a look at the architecture for NGINX Unit This is how we built Unit for performance, security and consistency We’ll start at the top of this diagram And drill-in on the various processes *click*
  4. When Unit starts up we get the “main” process the “controller” process and the “router” process The controller process exposes an HTTP interface for API configuration By default it is a Unix socket but can also listen as a TCP port on the network API calls are handled by the controller process Configuration is analyzed by the controller and passed to the main process And then into the router process *click*
  5. The router is interesting There are several threads: a main thread and a number of workers Whereas configuration requests are handled by the controller process Client requests for applications are handled by the router process The router accepts client HTTP connections but only when you ask Unit to bind an application to a specific port do you enable that application Such changes do not reload the workers, but simply modify their configuration
  6. The router process transfers requests to the application processes We don’t include PHP, Python or Go with Unit That is, we don’t compile them in We use system-level interpreters – which means we can have several of them, all co-existing on the same instance. In this example we have PHP5 and PHP7 running different applications
  7. GO, however, is a different animal ;) Unlike PHP and Python, GO applications listen on HTTP ports directly GO provides a network-level web server as a builtin facility Therefore in order for a GO application to run within Unit we replace the ‘http’ listener with a ‘unit’ listener So without Unit it will listen directly With Unit it will not listen on a port, but communicate with the Unit router using shared memory But why would you run a GO application with Unit? This brings us back to the benefits of a consistent application stack. You have the same control and configuration for GO as you do for PHP and Python And so it will work the same way as the rest of your distributed application Greatly simplifying the deployment and DevOps workload if you use nodejs "http", then you need to proxy http over a socket connection, that has additional overhead Unit adds dynamic control to your "http" in nodejs with routing and etc...  all the features that we to add in the future, also it should be more scalable... lots of things in nodejs http are written in javascript, while Unit is in C the idea is that people will no more need in additional proxy layer in front of their nodejs apps
  8. *** ADD RELOAD COMMANDS *** Other error formats are available
  9. How to apply new Unit configuration
  10. We’re going to use port 8080 for all of the APIs – if that’s a conflict for you then choose another and map 8080 to it Single server{} benefits TLS footprint and use of keepalives This is the first config reload – make sure it’s working
  11. Nested locations not useful yet – we use them for policies Exact (=), regex (~) and prefix () matching
  12. Might also use an external auth server with proxy_pass to perform OAuth 2.0 token introspection (see blog)
  13. Resources