Estimated Reading time: 6 minutes | Last modified: 2022-04-08, 10:39:12 am

Introduction to OpenResty Edge™

Slides of brief introdction of OpenResty Edge™

Introduction to

OpenResty Edge™

Produced by OpenResty Inc.

2019.4

OpenResty Edge™ is based on the mature open source OpenResty technologies.

At the same time, it uses various leading proprietary technologies and algorithms invented by the OpenResty Inc. company.

Composition of the OpenResty Edge™ software

Edge Node
Edge Admin
Edge Log Server

The user deploys all the software components themselves.

Public Cloud
Private Cloud
Physical Server Machines
PCs and Laptops

On the highest level, the Edge Node software is a traffic proxy.

Edge Admin synchronises configurations to Edge Node

Edge Admin provides multiple interfaces

Support REST API and client SDKs for PHP/Python/etc languages.

Provide a graphical console based on a web UI.

Real-time aggregated logs and metrics push based on the Edge Log server.

Support custom real-time metrics, multi-tiered metric aggregation computing.

Avoid huge overhead in generating and transfering large log files.

Directly perform complex aggregated computations at or near the data sources.

Real-time gateway error log de-duplication, aggregation and reporting.

Support arbitrarily many Edge Node servers

Support thousands or even tens

of thousands of nodes.

Support adding new Edge Nodes online

Built-in DNS auto-update

Auto-adapting gateway cluster-level hashing.

Support removing Edge Node servers online

Built-in DNS auto-update

Auto-adapting gateway cluster-level hashing.

Also support marking a node offline without actually removing it.

Edge Node servers can distribute across the world

Support tiered networks and controlling

long-distance routing yourself.

Tiered caching: every level of nodes can cache

resources

It is easier to hit the cache for nodes closer to the origin servers or backend application servers (blue circles below).

Support various kinds of backend servers and applications

The administrator can define groups of backend servers online

Backend servers providing the same

services are grouped together. Such

groups are called "upstreams".

The administrator can also configure "backup upstreams"

Backup upstreams are

only enabled when the

main ones are unavailable.

Support distributing traffic among multiple "upstreams" by specified ratios.

Support directing requests to different upstreams according to any user-specified conditions.

Support creating, modifying, and deleting web site configurations on the fly.

Every site supports one or more domain names, including wildcard ones.

Supports tens of thousands, hundreds of thousands or even more sites and each node's memory requirement is very low.

The administrator can upload any number of SSL certificates and private keys on the fly.

The uploaded certificates and private keys

will get synchronized at real time

to all the nodes in an encrypted

manner.

Each site can have multiple

certificates.

Support auto-generating free SSL certificates

Integrated the non-profit Let's Encrypt certificate issuing services.

Auto-update all free SSL certificates issued by Let's Encrypt

When the certificates are about to expire, the Edge Admin controller

will automatically request Let's Encrypt services to update them.

Support various client protocols

Built-in DNS authoritative servers

All the gateway nodes can be DNS authoritative servers at the same time (can be disabled or selective too).
Gateway nodes going online or offline will reflect in the DNS services automatically.
Collaborating with automatic wildcard Let's Encrypt SSL certificate issuing.
EDNS Client Subnet support.

Smart DNS dispatch

Assign clients to the closest gateway nodes according to ISP and geographical distances.

Real-time incremental config synchronization

with transaction protection

for atomicity.

Site config can be live updated on the client request level.

Every Edge Node has a local key-value database with transaction protection and in-memory caching. While a request picks up the new version of the site config, other concurrent requests in the same operating system thread won't get interrupted or affected.

When Edge Admin goes offline or network is down, all the Edge Node can still serve clients without down time

When the Edge Log server goes offline or network is down, the Edge Node servers can still serve clients without down time

Edge Node servers can be grouped by gateway clusters

Share the HTTP/HTTPS response cache on the gateway cluster level

The same resource will map to the same gateway node in the same cluster, using consistent hashing.

Each node caches different subsets

of resources.

Share the HTTP/HTTPS response cache on the gateway cluster level

If a resource maps to the gateway node itself, then just directly return the cached data.

Share SSL session identifier data on the gateway cluster level

For old SSL clients without support for TLS session tickets

Multiple gateway clusters can be grouped in partitions

The administrator can define arbitrary partitions. Each partition can synchronize different configurations.

Edge Admin can push different configurations

to different partitions.

Can be used to distinguish internal and external web apps

Can also be used to do A/B testing.

Can also synchronize the same site config to multiple partitions

Purge cached resources across the whole gateway network just in seconds.

Support whole-site purge, exact URL list purge, URL prefix purge, arbitrarily conditioned purge (using criteria in URL arguments, URI, request headers or any of their combinations).

Powerful request rewriting engine

The administrator can configure rewrite rules based on web UI forms, REST API, and/or the Edge language.

Support modifying the request's URI, URL arguments, request headers, request methods, and etc, based on arbitrarily complex conditions and rules.

Powerful response rewriting engine

The administrator can configure rewrite rules based on web UI forms, REST API, and/or the Edge language.

Support modifying the response's status code, response headers, and etc, based on arbitrarily complex conditions and rules.

Built-in Web Application Firewall (WAF)

Malicious request get blocked or challenged by the WAF. Normal request get trough.

Provide a rule-based "domain-specific language", the Edge language, invented by OpenResty Inc.

Can be used to express very complicated gateway business logic.

Can be used for "edge computing"

The Edge language optimizing compiler can combine regular expressions across different user rules

Can combine and merge many regular expressions into a single statement.

No matter how many regular expressions are specified, only a single data scan is needed.

The Edge language optimizing compiler can also combine constant string prefixes and suffixes across many different user rules

Merge prefix and suffix string patterns from many user rules, generating single Trie tries to support single scanning.

Automatically optimize the Trie trees' code and memory layout according to the user patterns.

The Edge language supports invoking external user Lua modules in the privileged mode.

The user Lua code fragments can also

invoke arbitrary dynamically-

linked libraries in the system

(privileged mode only)

The user Lua code can also invoke arbitrary system libraries

The administrator makes sure that every Edge Node server has the required system dynamically-linked libraries herself.