Web HighLoad - momwe timayendetsera magalimoto pamadomeni masauzande ambiri

Magalimoto ovomerezeka pa netiweki ya DDoS-Guard posachedwa adapitilira magigabiti zana pamphindikati. Pakadali pano, 50% yamayendedwe athu onse amapangidwa ndi mawebusayiti a kasitomala. Awa ndi madera masauzande ambiri, osiyana kwambiri ndipo nthawi zambiri amafunikira njira yamunthu payekha.

Pansipa mdulidwe ndi momwe timayendetsera ma node akutsogolo ndikutulutsa ziphaso za SSL pamasamba mazana masauzande.

Kukhazikitsa kutsogolo kwa tsamba limodzi, ngakhale lalikulu kwambiri, ndikosavuta. Timatenga nginx kapena haproxy kapena lighttpd, sinthani molingana ndi maupangiri ndikuyiwala za izo. Ngati tikufuna kusintha china chake, timayikanso ndikuyiwalanso.

Chilichonse chimasintha mukakonza kuchuluka kwa magalimoto pa ntchentche, pendani zopempha zovomerezeka, compress ndi cache user content, ndipo nthawi yomweyo musinthe magawo kangapo pamphindi. Wogwiritsa ntchito akufuna kuwona zotsatira zake pama node onse akunja atangosintha makonda mu akaunti yake. Wogwiritsa ntchito amathanso kutsitsa madomeni masauzande angapo (ndipo nthawi zina masauzande) okhala ndi magawo osintha magalimoto kudzera pa API. Zonsezi ziyeneranso kugwira ntchito nthawi yomweyo ku America, ku Ulaya, ndi ku Asia - ntchitoyi si yaing'ono kwambiri, poganizira kuti ku Moscow kokha kuli malo angapo olekanitsidwa ndi thupi.

Chifukwa chiyani pali ma node ambiri odalirika padziko lonse lapansi?

• Ubwino wa ntchito zamakasitomala - zopempha zochokera ku USA ziyenera kukonzedwa ku USA (kuphatikiza ziwopsezo, kugawa ndi zovuta zina), osakokedwa kupita ku Moscow kapena ku Europe, ndikuwonjezera kuchedwa kosayembekezereka.

• Magalimoto owukira amayenera kukhala am'deralo - oyendetsa magalimoto amatha kutsika panthawi yakuukira, kuchuluka kwake komwe kumaposa 1Tbps. Kunyamula ziwopsezo zamagalimoto kudzera pamalumikizidwe a transatlantic kapena transasian sikwabwino. Tinali ndi zochitika zenizeni pamene ogwira ntchito ku Tier-1 anati: "Kuchuluka kwa zigawenga zomwe mumalandira ndi zowopsa kwa ife." Ndicho chifukwa chake timavomereza mitsinje yomwe ikubwera pafupi kwambiri ndi momwe tingathere.

• Zofunikira kuti apitirize ntchito - malo oyeretsera asadalire wina ndi mnzake kapena zochitika zapadziko lonse lapansi zomwe zikusintha mwachangu. Kodi mudadula magetsi pamasitepe 11 onse a MMTS-9 kwa sabata? - palibe vuto. Palibe kasitomala m'modzi yemwe alibe kulumikizidwa komwe angavutike, ndipo ntchito zapaintaneti sizingavutike mwanjira iliyonse.

Kodi kusamalira zonsezi?

Kukonzekera kwautumiki kuyenera kugawidwa kumalo onse akutsogolo mwachangu momwe zingathere (momwemo nthawi yomweyo). Simungangotenga ndikumanganso ma configs ndikuyambitsanso ma daemoni pakusintha kulikonse - nginx yomweyo imatseka njira (ogwira ntchito akutseka) kwa mphindi zingapo (kapena mwina maola ngati pali magawo ataliatali a websocket).

Mukatsitsanso kasinthidwe ka nginx, chithunzi chotsatirachi ndichabwinobwino:

Kugwiritsa ntchito kukumbukira:

Ogwira ntchito akale amadya kukumbukira, kuphatikiza kukumbukira komwe sikutengera kuchuluka kwa maulumikizidwe - izi ndizabwinobwino. Kulumikizana kwamakasitomala kukatsekedwa, kukumbukira uku kumamasulidwa.

Chifukwa chiyani iyi sinali vuto pomwe nginx inali itangoyamba kumene? Panalibe HTTP/2, palibe WebSocket, panalibe kulumikizana kwanthawi yayitali. 70% ya traffic yathu pa intaneti ndi HTTP/2, kutanthauza kulumikizana kwakutali.

Yankho lake ndi losavuta - musagwiritse ntchito nginx, osayang'anira malire potengera mafayilo amawu, ndipo musatumize masinthidwe a zip pamakina a transpacific. Makanemawo ndi otsimikizika komanso osungika, koma izi siziwapangitsa kukhala ocheperako.

Tili ndi seva-balancer yathu yakutsogolo, omwe ndikulankhula nawo m'nkhani zotsatirazi. Chinthu chachikulu chomwe ingachite ndikugwiritsa ntchito masauzande masauzande osinthika pamphindikati pa ntchentche, popanda kuyambiranso, kuyikanso, kuwonjezeka kwadzidzidzi kwa kukumbukira kukumbukira, ndi zonsezo. Izi ndizofanana kwambiri ndi Hot Code Reload, mwachitsanzo ku Erlang. Deta imasungidwa mu database yamtengo wapatali ya geo-distributed ndipo imawerengedwa nthawi yomweyo ndi oyendetsa kutsogolo. Iwo. mumakweza satifiketi ya SSL kudzera pa intaneti kapena API ku Moscow, ndipo m'masekondi pang'ono ndikukonzekera kupita kumalo athu oyeretsa ku Los Angeles. Ngati nkhondo yapadziko lonse ichitika mwadzidzidzi ndipo intaneti ikutha padziko lonse lapansi, ma node athu adzapitirizabe kugwira ntchito mokhazikika ndikukonzanso ubongo wogawanika mwamsanga pamene imodzi mwa njira zodzipatulira Los Angeles-Amsterdam-Moscow, Moscow-Amsterdam-Hong Kong- Los-Los ikupezeka. Angeles kapena chimodzi mwazowonjezera zosunga zobwezeretsera za GRE.

Makina omwewa amatilola kutulutsa nthawi yomweyo ndikukonzanso masatifiketi a Let Encrypt. Mophweka kwambiri zimagwira ntchito motere:

1. Tikangowona pempho limodzi la HTTPS la dera la kasitomala wathu wopanda satifiketi (kapena yokhala ndi satifiketi yotha ntchito), nodi yakunja yomwe idavomereza pempholo imanena izi kwa oyang'anira certification amkati.

   

2. Ngati wogwiritsa ntchito sanaletse kuperekedwa kwa Let Encrypt, olamulira a certification amapanga CSR, amalandira chizindikiro chotsimikizira kuchokera ku LE ndikutumiza kumalire onse panjira yobisidwa. Tsopano node iliyonse imatha kutsimikizira pempho lovomerezeka kuchokera ku LE.

   

3. Mumphindi zochepa, tidzalandira satifiketi yolondola ndi kiyi yachinsinsi ndikutumiza kumalire chimodzimodzi. Apanso, popanda kuyambitsanso ma daemoni

   

4. Masiku 7 lisanafike tsiku lotha ntchito, njira yolandiranso satifiketi imayambika

Pakali pano tikutembenuza ziphaso za 350k mu nthawi yeniyeni, zowonekera kwathunthu kwa ogwiritsa ntchito.

M'nkhani zotsatirazi za mndandanda, ndilankhula za zinthu zina za nthawi yeniyeni yokonza magalimoto akuluakulu a intaneti - mwachitsanzo, za kusanthula RTT pogwiritsa ntchito deta yosakwanira kuti apititse patsogolo ubwino wa utumiki kwa makasitomala oyendayenda komanso zachitetezo kuukira kwa terabit, za kutumiza ndi kuphatikizika kwa zidziwitso zamagalimoto, za WAF, pafupifupi CDN yopanda malire ndi njira zambiri zokongoletsera zomwe zili.

Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. Lowani muakauntichonde.

Kodi mukufuna kudziwa chiyani poyamba?

• 14,3%Ma algorithms ophatikizira ndikuwunika kuchuluka kwa magalimoto pa intaneti <3

• 33,3%Zamkati mwa owerengera a DDoS-Guard7

• 9,5%Chitetezo chamayendedwe a L3/L4 traffic2

• 0,0%Kuteteza mawebusayiti pamayendedwe apaulendo0

• 14,3%Web Application Firewall3

• 28,6%Kuteteza ku kusanja ndi kudina6

Ogwiritsa ntchito 21 adavota. Ogwiritsa 6 adakana.

Source: www.habr.com