Introduction to OpenResty Edge™

Slides of brief introdction of OpenResty Edge™
Introduction to
OpenResty Edge™
Produced by OpenResty Inc.
2019.4
OpenResty Edge™ is based on the mature open source OpenResty technologies.
At the same time, it uses various leading proprietary technologies and algorithms invented by the OpenResty Inc. company.
Composition of the OpenResty Edge™ software
  • Edge Node
  • Edge Admin
  • Edge Log Server
The user deploys all the software components themselves.
  • Public Cloud
  • Private Cloud
  • Physical Server Machines
  • PCs and Laptops
On the highest level, the Edge Node software is a traffic proxy.
Edge Node
Edge Admin synchronises configurations to Edge Node
Edge Admin
Edge Admin provides multiple interfaces
Support REST API and client SDKs for PHP/Python/etc languages.
Provide a graphical console based on a web UI.
Edge API
Real-time aggregated logs and metrics push based on the Edge Log server.
Log Server
Support custom real-time metrics, multi-tiered metric aggregation computing.
Avoid huge overhead in generating and transfering large log files.
Directly perform complex aggregated computations at or near the data sources.
Edge Node Metrics
Real-time gateway error log de-duplication, aggregation and reporting.
Error Log
Support arbitrarily many Edge Node servers
Support thousands or even tens
of thousands of nodes.
Multiple Node
Support adding new Edge Nodes online
Built-in DNS auto-update
Auto-adapting gateway cluster-level hashing.
Support removing Edge Node servers online
Built-in DNS auto-update
Auto-adapting gateway cluster-level hashing.
Also support marking a node offline without actually removing it.
Offline Node
Edge Node servers can distribute across the world
Worldwide Node
Support tiered networks and controlling
long-distance routing yourself.
Tiered caching: every level of nodes can cache
resources
It is easier to hit the cache for nodes closer to the origin servers or backend application servers (blue circles below).
Support various kinds of backend servers and applications
Various Kinds of Backends
The administrator can define groups of backend servers online
Backend servers providing the same
services are grouped together. Such
groups are called "upstreams".
upstream
The administrator can also configure "backup upstreams"
Backup upstreams are
only enabled when the
main ones are unavailable.
Support distributing traffic among multiple "upstreams" by specified ratios.
Multiple Upstreams
Support directing requests to different upstreams according to any user-specified conditions.
Multiple Upstreams
Support creating, modifying, and deleting web site configurations on the fly.
Every site supports one or more domain names, including wildcard ones.
Supports tens of thousands, hundreds of thousands or even more sites and each node's memory requirement is very low.
Multiple Sites
The administrator can upload any number of SSL certificates and private keys on the fly.
The uploaded certificates and private keys
will get synchronized at real time
to all the nodes in an encrypted
manner.
Each site can have multiple
certificates.
Upload SSL Cert
Support auto-generating free SSL certificates
Integrated the non-profit Let's Encrypt certificate issuing services.
Let's Encrypt
Auto-update all free SSL certificates issued by Let's Encrypt
When the certificates are about to expire, the Edge Admin controller
will automatically request Let's Encrypt services to update them.
Update Let's Encrypt
Support various client protocols
Multiple Protocols
Built-in DNS authoritative servers
  • All the gateway nodes can be DNS authoritative servers at the same time (can be disabled or selective too).
  • Gateway nodes going online or offline will reflect in the DNS services automatically.
  • Collaborating with automatic wildcard Let's Encrypt SSL certificate issuing.
  • EDNS Client Subnet support.
DNS Authority
Smart DNS dispatch
Assign clients to the closest gateway nodes according to ISP and geographical distances.
Real-time incremental config synchronization
with transaction protection
for atomicity.
Site config can be live updated on the client request level.
Every Edge Node has a local key-value database with transaction protection and in-memory caching. While a request picks up the new version of the site config, other concurrent requests in the same operating system thread won't get interrupted or affected.
Request Level Sync
When Edge Admin goes offline or network is down, all the Edge Node can still serve clients without down time
Admin goes offline
When the Edge Log server goes offline or network is down, the Edge Node servers can still serve clients without down time
Log Server goes offline
Edge Node servers can be grouped by gateway clusters
Grouped by Gateway Cluster
Share the HTTP/HTTPS response cache on the gateway cluster level
The same resource will map to the same gateway node in the same cluster, using consistent hashing.
Each node caches different subsets
of resources.
Share Cache on Gateway Cluster Level
Share the HTTP/HTTPS response cache on the gateway cluster level
If a resource maps to the gateway node itself, then just directly return the cached data.
Share Cache on Gateway Cluster Level
Also support disabling the cluster-level cache sharing
Every gateway node may cache the same set of resources.
Support disable Cluster-level Cache Sharing
Share SSL session identifier data on the gateway cluster level
For old SSL clients without support for TLS session tickets
Share SSL Session id
Multiple gateway clusters can be grouped in partitions
The administrator can define arbitrary partitions. Each partition can synchronize different configurations.
Group Gateway Clusters
Edge Admin can push different configurations
to different partitions.
Can be used to distinguish internal and external web apps
Can also be used to do A/B testing.
Can also synchronize the same site config to multiple partitions
Purge cached resources across the whole gateway network just in seconds.
Support whole-site purge, exact URL list purge, URL prefix purge, arbitrarily conditioned purge (using criteria in URL arguments, URI, request headers or any of their combinations).
Powerful request rewriting engine
The administrator can configure rewrite rules based on web UI forms, REST API, and/or the Edge language.
Support modifying the request's URI, URL arguments, request headers, request methods, and etc, based on arbitrarily complex conditions and rules.
Request Rewrite Engine
Powerful response rewriting engine
The administrator can configure rewrite rules based on web UI forms, REST API, and/or the Edge language.
Support modifying the response's status code, response headers, and etc, based on arbitrarily complex conditions and rules.
Response Rewrite Engine
Built-in Web Application Firewall (WAF)
Malicious request get blocked or challenged by the WAF. Normal request get trough.
WAF bad request
WAF good request
Provide a rule-based "domain-specific language", the Edge language, invented by OpenResty Inc.
Can be used to express very complicated gateway business logic.
Can be used for "edge computing"
Edge Rules
The Edge language optimizing compiler can combine regular expressions across different user rules
Can combine and merge many regular expressions into a single statement.
No matter how many regular expressions are specified, only a single data scan is needed.
Combine Regular Expression
The Edge language optimizing compiler can also combine constant string prefixes and suffixes across many different user rules
Merge prefix and suffix string patterns from many user rules, generating single Trie tries to support single scanning.
Automatically optimize the Trie trees' code and memory layout according to the user patterns.
Edge Rule Optimization
The Edge language supports invoking external user Lua modules in the privileged mode.
The user Lua code fragments can also
invoke arbitrary dynamically-
linked libraries in the system
(privileged mode only)
invoke Lua modules
The user Lua code can also invoke arbitrary system libraries
The administrator makes sure that every Edge Node server has the required system dynamically-linked libraries herself.
Load SO File