Implementing transparent proxy server with aclTakahiro Arai
This is a Power Point Presentation document describing about the basic knowledge of how PROXY(in transparent mode) Server and ACL works together.
The case study here is the model case of ICT Unit of Municipal Council of Kinondoni, which is one of municipal offices existed in DSM in Tanzania.
Hide internal clients from external network
http://stableproxies.com/
Blocking of dangerous URLs
Filter dangerous content
Eliminate need for transport layer routing between networks
Single point of access, control and logging
Implementing transparent proxy server with aclTakahiro Arai
This is a Power Point Presentation document describing about the basic knowledge of how PROXY(in transparent mode) Server and ACL works together.
The case study here is the model case of ICT Unit of Municipal Council of Kinondoni, which is one of municipal offices existed in DSM in Tanzania.
Hide internal clients from external network
http://stableproxies.com/
Blocking of dangerous URLs
Filter dangerous content
Eliminate need for transport layer routing between networks
Single point of access, control and logging
A PPT to understanding the Proxy, Web Proxy Server, Proxy Server, How it works, Types of Proxy and Examples for it.
A brief and complete Details of Web Proxy Server.
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity.
http://www.ip-location.khozz.com
Proxy server is the best way to keep your server healthy. It enables a system to connect to the internet without revealing the system IP address to the destination site.
パフォーマンス・保守性・セキュリティ・稼働率など様々な要素を最適化しなければならないサイト構築と運用。旧態依然のAMPアーキテクチャでは限界です。そこで登場したのがSSG(Static Site Generator)であり、さらにそれをリファインしたJAMstackです。
まさに旧来のアーキテクチャからのパラダイムシフトとも言えます。
各種デプロイサービスやバックエンド用のAPIベースのCMSも合わせてご紹介します。
2. About me
✦ Tatsuhiko Kubo(bokko@pixiv.com)
✦ @cubicdaiya(twitter, github)
✦ Senior Software Engineer@pixiv Inc.
13年9月20日金曜日
3. Recent Work
✦ mruby_nginx_module
✦ Embedded mruby into Nginx
✦ ngx_small_light
✦ Dynamic Image Transformation for Nginx
✦ Contributions/pull requests to many other
projects on github
13年9月20日金曜日
4. Recent Work
WEB+DB PRESS Vol.72
□detailed nginx
flexible configuration
and
brilliant scalability
□collaborators
@harukasan
@semind
13年9月20日金曜日
17. Problems
✦ data synchronization is straining
✦ TCP connection overhead
✦ processing time is directly proprtional the
number of APs
✦ data restoration is painful
✦ memcached is not persistent
✦ e.g, when AP server goes down.
13年9月20日金曜日
18. Migration to KyotoTycoon
✦ KyotoTycoon supports
✦ data persistency.
✦ data expiration
✦ memcached ASCII protocol.
✦ We could migrate without modifying application!
13年9月20日金曜日
23. KyotoTycoon overwhelmed
✦ KyotoTycoon(using memcached protocol plugin)
compared with memcached,
✦ Lower performance
Even so, persistency is some good!
We wanted it at that time!
13年9月20日金曜日
24. Other Problems
✦ We needed
✦ seamless fail-over mechanism
✦ convenient monitoring mechanism
✦ slow query log(like MySQL)
✦ statistics for whole queries
13年9月20日金曜日
25. dealing with these problems
✦ Scale out(For example, add servers)
✦ This was difficult for us at least at that time...
✦ Scale up(For example, buy expensive servers)
✦ This was more difficult for us.
✦ Use proxy server!
✦ Actually, I developed one in C.
✦ Twemproxy was not released yet.
13年9月20日金曜日
26. ✦ Scale out(For example, add servers)
✦ This was difficult for us at least at that time...
✦ Scale up(For example, buy expensive servers)
✦ This was more difficult for us.
✦ Use proxy server!
✦ Actually, I developed one in C.
✦ Twemproxy was not released yet.
dealing with these problems
13年9月20日金曜日
45. single-master and multiple workers
✦ Master is responsible for
✦ controlling worker processes
✦ Workers are responsible for
✦ processing user’s requests
✦ Supervisor may control only Master
✦ Now we use Monit instead of daemontools
13年9月20日金曜日
52. “environments” block
✦ In neoagent,
✦ environment is the configuration for workers.
✦ Each entry in “environments” is the configuration for
each worker.
✦ Master manages workers for each of their of
environments.
13年9月20日金曜日
53. “environments” block
name environment name
sockpath socket path for communicating neoagent’s worker
target_server primary memcached server
backup_server secondary memcached server
conn_max max connections(backlog size)
connpool_max connection pool size
etc...
document is here
http://cubicdaiya.github.io/neoagent/
13年9月20日金曜日
56. Master’s threads
✦ sigwait-thread
✦ waiting for a signal from ctl-
thread
✦ ctl-thread
✦ receiving a instruction from
neoctl through ctl-socket
13年9月20日金曜日
57. Worker’s threads
✦ sigwait-thread
✦ waiting for a signal from ctl-
thread
✦ event-threads
✦ processing client requests
✦ support-thread
✦ health-checking & statictics
13年9月20日金曜日
67. SCons
✦ Simple & flexible & programable build tool
✦ Auto anaylysis of dependencies
✦ Build-configuration is written with Python
✦ Suitable for small or medium scale projects
13年9月20日金曜日
82. Problem with signals
✦ complicated & easy to mistake
✦ must send multiple signals to master
and workers at a time
✦ must link worker’s PID to neoagent’s
environment
13年9月20日金曜日
84. neoctl internal
✦ neoctl sends instructions to master
✦ by UNIX domain socket
✦ master manages worker’ PIDs
✦ and the link between each worker’s PID and
environment name, too.
✦ master sends signals master-self and workers.
13年9月20日金曜日