Microservices and containers are on the top of everyone’s minds these days, but how can you really apply these emerging trends to your work today? This webinar covers: - Best practices with microservices architecture and approach - How to connect and deploy your microservices in the cloud and in container environments - How NGINX can make the process of connecting, scaling, and securing these deployments easy and painless - New scripting, configuration, and performance capabilities coming in upcoming releases of NGINX View full webinar on demand at https://www.nginx.com/resources/webinars/connecting-and-deploying-microservices-at-scale/

1. Connecting and deploying
microservices at scale with NGINX
Nick Shadrin
nick@nginx.com
@shadrin

2. About me
 Nick Shadrin
 Technical Solutions Architect
 Located in SF, CA
 Used nginx since 2007
 nick@nginx.com

3. Agenda
 Intro to microservices (again)
 The use of nginx for microservices
 Containers or no containers
 Nice old features
 Shiny new features
 Bits of nginx roadmap

4. Building a great application
is only half the battle,
delivering the application
is the other half.

5. The Microservices Architecture

6. The Microservices Architecture

8. NGINX Web tier Application tier Database
N
N
Microservices enable you to break away from siloed departments (tiers) to a flexible
architecture which improves performance, scalability and manageability
Microservices Architecture

9. Adding a new service becomes easier
N

10. A new service that scales differently
N

11. A new service that scales out of control
N

12. Or maybe that service is part of a new feature
N

13. Or maybe that service is part of a new feature
N
..launched only to partners

14. Now you have many interconnected micro-services
N

15. And those services must be tested for resiliency
N

16. What's useful

17. Proxy and scale
 proxy_pass
 fastcgi_pass
 uwsgi_pass
 scgi_pass
 memcached_pass
 proxy_pass

18. Our Dockerfile
FROM debian:jessie
MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com"
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie
nginx" >> /etc/apt/sources.list
ENV NGINX_VERSION 1.9.3-1~jessie
RUN apt-get update &&
apt-get install -y ca-certificates nginx=${NGINX_VERSION} &&
rm -rf /var/lib/apt/lists/*
# forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log
VOLUME ["/var/cache/nginx"]
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
See more at https://registry.hub.docker.com/_/nginx/

19. Extending your Dockerfile
root@linux# docker run --name mynginx1 -P -d nginx
root@linux# docker run --name mynginx2 -v /var/www:/usr/share/nginx/html:ro
-v /var/nginx/conf:/etc/nginx:ro -P -d
Dockerfile:
FROM nginx
RUN rm /etc/nginx/conf.d/default.conf
RUN rm /etc/nginx/conf.d/example_ssl.conf
COPY static-html-directory /usr/share/nginx/html
COPY nginx.conf /etc/nginx/nginx.conf
See more at https://blog.docker.com/2015/04/tips-for-deploying-nginx-official-image-with-docker/

20. A/B testing
upstream a {
server web.backend.com:9000;
}
upstream b {
server staging.web.backend.com:9000;
}
split_clients "${arg_token}" $dynamic {
97% a;
* b;
}
server {
listen 80;
location / {
fastcgi_pass $dynamic;
# ... other settings ...
}
}

21. What's new

22. Stream module
 Released originally for commercial version
 Open source since nginx 1.9.0
 Used to connect non-HTTP services

23. Stream module
 Released originally for commercial version
 Open source since nginx 1.9.0
 Used to connect non-HTTP services
 Use it for:
- Reverse proxy
- Load balancing
- SSL offload / reencryption
- Additional security

24. TCP Proxy with stream module
server {
listen 127.0.0.1:12345;
proxy_pass 127.0.0.1:8080;
}
server {
listen 12345;
proxy_connect_timeout 1s;
proxy_timeout 1m;
proxy_pass example.com:12345;
}
server {
listen [::1]:12345;
proxy_pass unix:/tmp/stream.socket;
}

25. Stream module - Load Balancing
upstream backend {
hash $remote_addr consistent;
server backend1.example.com:12345 weight=5;
server backend2.example.com:12345;
server unix:/tmp/backend3;
server backup1.example.com:12345 backup;
server backup2.example.com:12345 backup;
}
server {
listen 12346;
proxy_pass backend;
}

26. More information for troubleshooting
 nginx -V
 nginx -T

27. root@ubu05-oss:/etc/nginx# nginx -V
nginx version: nginx/1.9.3
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-
path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-
path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-
path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-
path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-
path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --
with-http_addition_module --with-http_sub_module --with-http_dav_module --with-
http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-
http_gzip_static_module --with-http_random_index_module --with-
http_secure_link_module --with-http_stub_status_module --with-
http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --
with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-
cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -
Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-
functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6

28. root@ubu05-oss:/etc/nginx# nginx -V
nginx version: nginx/1.9.3
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-
path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-
path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-
path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-
path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-
path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --
with-http_addition_module --with-http_sub_module --with-http_dav_module --with-
http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-
http_gzip_static_module --with-http_random_index_module --with-
http_secure_link_module --with-http_stub_status_module --with-
http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --
with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-
cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -
Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-
functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6

29. nginx -V
root@ubu05-oss:/etc/nginx# nginx -V 2>&1 | grep arguments | xargs -n 1
configure
arguments:
--prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx
--group=nginx
--with-http_ssl_module
--with-http_realip_module
--with-http_addition_module
--with-http_sub_module

30. root@ubu05-oss:/etc/nginx# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

31. root@ubu05-oss:/etc/nginx# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
worker_processes auto; user nginx;
events { worker_connections 2014; }
http {
server {
listen 80;
return 200 "$http_user_agent $remote_addr";
}
include /etc/nginx/conf.d/*.conf;
}
stream {
include /etc/nginx/stream/*.conf;
}
# configuration file /etc/nginx/conf.d/default.conf:
server {
listen 80;
#
# etc.......

32. root@ubu05-oss:/# nginx -T | grep '# configuration file'
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# configuration file /etc/nginx/conf.d/default.conf:
# configuration file /etc/nginx/conf.d/listen-socket.conf:
# configuration file /etc/nginx/conf.d/stream.conf:

33. What's coming

34. HTTP/2

35. Dynamic Modules

36. JavaScript

37. Links
 Inside NGINX infographic: https://www.nginx.com/blog/inside-nginx-how-we-designed-for-
performance-scale/
 Socket Sharding in NGINX Release 1.9.1: https://www.nginx.com/blog/socket-sharding-
nginx-release-1-9-1/
 LDAP Authentication with auth_request: https://www.nginx.com/blog/nginx-plus-
authenticate-users/
 Thread pools: https://www.nginx.com/blog/thread-pools-boost-performance-9x/

38. nick@nginx.com
@shadrin