Kubernetes Cluster Federation

This tutorial will walk you through testing Kubernetes cluster federation. This guide will cover the following federation features:

  • Federated Services
  • Federated Secrets
  • Federated ReplicaSets

See the Kubernetes Cluster Federation aka Ubernetes design doc for more details.



On the fly (and free) SSL registration and renewal

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let’s Encrypt.

This OpenResty plugin automatically and transparently issues SSL certificates from Let’s Encrypt (a free certificate authority) as requests are received. It works like:

  • A SSL request for a SNI hostname is received.
  • If the system already has a SSL certificate for that domain, it is immediately returned (with OCSP stapling).
  • If the system does not yet have an SSL certificate for this domain, it issues a new SSL certificate from Let’s Encrypt. Domain validation is handled for you. After receiving the new certificate (usually within a few seconds), the new certificate is saved, cached, and returned to the client (without dropping the original request).

This uses the ssl_certificate_by_lua functionality in OpenResty


Dynamic tracing talk

Dynamic tracing technology is a kind of post-modern advanced debugging techniques. It can help software engineers at a very low cost in a very short period of time, to answer some difficult questions about the software systems to more quickly troubleshoot and resolve problems. It is the rise of a large and prosperous background, we are in a rapid growth of the Internet age, as an engineer, faced with the challenge of two aspects: First, the number of size, regardless of the size of the user or the size of the room, are in the machine the rapid growth era. A second aspect of the challenge is the complexity. Our business logic more complex, we run the software systems are becoming more complex, and we know it will be divided into many, many levels, including the operating system kernel and above is a variety of system software, such as database and Web server, and then up virtual machines high-level scripting language or other language interpreter and real-time (JIT) compiler, various levels of abstraction on top of it is the business logic of the application level and a lot of complex code logic.


How To Set Up Django with Postgres, Nginx, and Gunicorn on Ubuntu 16.04

Django is a powerful web framework that can help you get your Python application or website off the ground. Django includes a simplified development server for testing your code locally, but for anything even slightly production related, a more secure and powerful web server is required.

In this guide, we will demonstrate how to install and configure some components on Ubuntu 16.04 to support and serve Django applications. We will be setting up a PostgreSQL database instead of using the default SQLite database. We will configure the Gunicorn application server to interface with our applications. We will then set up Nginx to reverse proxy to Gunicorn, giving us access to its security and performance features to serve our apps.


nginx module for Brotli compression

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

ngx_brotli is a set of two nginx modules:

  • ngx_brotli filter module – used to compress responses on-the-fly,
  • ngx_brotli static module – used to serve pre-compressed files.


Mitigating DDoS Attacks with NGINX and NGINX Plus

A Distributed Denial-of-Service (DDoS) attack is an attempt to make a service, usually a website, unavailable by bombarding it with so much traffic from multiple machines that the server providing the service is no longer able to function correctly because of resource exhaustion.

Typically, the attacker tries to saturate a system with so many connections and requests that it is no longer able to accept new traffic, or becomes so slow that it is effectively unusable.

Mitigating DDoS Attacks with NGINX and NGINX Plus

Launching nginScript and Looking Ahead

I’ve been wanting to add more scripting capabilities to NGINX for a long time. Scripting lets people do more in NGINX without having to write C modules, for example. Lua is a good tool in this area, but it’s not as widely known as some other languages.

JavaScript was the most obvious language to add next. It’s the most popular language – #1 on GitHubfor the past three years. JavaScript is also a good fit for the way we configure NGINX.

I recently announced a working prototype of a JavaScript virtual machine (VM) that would be embedded within NGINX. Today we announced the launch of the first preview of this software, nginScript, atnginx.conf 2015.

This is another milestone in the development of NGINX open source software and NGINX Plus. I want to take the opportunity to explain what nginScript is, describe why it’s needed, share some examples, and talk about the future.

Launching nginScript and Looking Ahead