1 00:00:01,889 --> 00:00:08,109 let's gather around take take your seats and let's continue talking about nginx 2 00:00:08,109 --> 00:00:18,580 unit and how that system can launch and run your applications it's a very 3 00:00:18,580 --> 00:00:23,410 interesting title slide I prepared for you this is literally the only slide for 4 00:00:23,410 --> 00:00:29,949 this talk and I want to introduce first I want to introduce the engineering team 5 00:00:29,949 --> 00:00:35,980 of nginx unit and the whole engineering team is here at the conference it's eager Valentin Maxime and I I just 6 00:00:40,629 --> 00:00:45,539 talked about this all right 7 00:00:46,530 --> 00:00:53,199 basically what we are going to be doing is looking at how nginx unit works in 8 00:00:53,199 --> 00:01:00,219 this in in our environment I will guide you through a creation of I will guide 9 00:01:00,219 --> 00:01:05,310 you through the configuration of unit through the compilation process through 10 00:01:05,310 --> 00:01:10,479 modifying and the change in your go applications to run through the nginx 11 00:01:10,479 --> 00:01:16,659 unit and also I'll show you how to run multiple versions of the application and 12 00:01:16,659 --> 00:01:22,840 multiple versions of application language here all right I already 13 00:01:22,840 --> 00:01:27,729 downloaded the source code you can do that using github mercurial repository 14 00:01:27,729 --> 00:01:37,500 or using just a simple terrible link from our website first let's clean it up 15 00:01:37,500 --> 00:01:41,560 all right and what we have here is our configure 16 00:01:41,560 --> 00:01:48,340 script usually when I launch a configure script first thing I do is launch in the 17 00:01:48,340 --> 00:01:54,490 help and see what we can configure in this in the source code the most important parts here will be the 18 00:01:58,030 --> 00:02:03,219 configuration options for each of our languages before going into the language 19 00:02:03,219 --> 00:02:10,960 configuration first thing I'm gonna do is configure nginx unit itself the 20 00:02:10,960 --> 00:02:15,380 prerequisites for that are quite easy you just need the C tools and 21 00:02:15,380 --> 00:02:21,320 for the languages themselves you will need the the library is the development 22 00:02:21,320 --> 00:02:27,350 kits for PHP Python and languages and forego language you just need the go 23 00:02:27,350 --> 00:02:33,680 package all right now we have it configured and now let's start 24 00:02:33,680 --> 00:02:39,830 configuring our languages we got PHP here and we see that it's been 25 00:02:39,830 --> 00:02:46,580 configured for PHP version 7.0 that is really good and now let's configure it 26 00:02:46,580 --> 00:02:54,110 for Python okay so for python it found a version 2.7 which is installed in the 27 00:02:54,110 --> 00:02:59,270 system but i do know that i installed not only python 2 but also python 3 in 28 00:02:59,270 --> 00:03:04,820 this same environment let's see what I have here lets me let me press tab here I see Python to Python 3 and so on let 29 00:03:08,570 --> 00:03:14,200 me take a look on how configure Python 30 00:03:15,370 --> 00:03:22,520 will show me the options of what I can configure you see we need the Python 31 00:03:22,520 --> 00:03:28,550 config that we can provide directly and the Python config for the version 3 here 32 00:03:28,550 --> 00:03:36,670 will be this one python 3.5 - config which means i can configure this with with the configuration file this one and 33 00:03:39,920 --> 00:03:47,810 now we see that we have a unit module prepared for us for python 3.5 it does 34 00:03:47,810 --> 00:03:53,600 not delete the previous one it just adds another module now we have configured 35 00:03:53,600 --> 00:04:04,040 the sources for PHP version 7 for Python 2.7 and Python 3.5 ok in addition to 36 00:04:04,040 --> 00:04:09,170 that we need to do that for the go language as well let's first take a look 37 00:04:09,170 --> 00:04:15,140 at the parameters we will build it with the default go package which is which 38 00:04:15,140 --> 00:04:20,959 comes with the system which is go 1.6 and if you want to use newer versions 39 00:04:20,959 --> 00:04:25,820 you can specify the parameters here alright let's go with with let's 40 00:04:25,820 --> 00:04:31,550 configure go and that works just well so the first the first thing I want to 41 00:04:31,550 --> 00:04:38,449 build here well let's do make all and compile in the next unit of with the 42 00:04:38,449 --> 00:04:46,509 configuration that we just defined this is not a very long process it just takes 43 00:04:46,509 --> 00:04:57,319 less than a minute to compile it and let's see what we have here now in our 44 00:04:57,319 --> 00:05:05,840 build directory we see a unit daemon which is a binary right here and we got the objects the modules compiled in that 45 00:05:11,030 --> 00:05:16,759 same directory and as I said we got one for Python for the default version for 46 00:05:16,759 --> 00:05:24,050 the version 3.5 and the PHP module all of those modules will be discovered 47 00:05:24,050 --> 00:05:33,319 automatically when a unit runs all right let's do that let's run unit but before 48 00:05:33,319 --> 00:05:39,349 running it let me see what what other options can we do and we can specify for 49 00:05:39,349 --> 00:05:44,389 unit to be non demonized which is important if you want to run it in a 50 00:05:44,389 --> 00:05:50,210 container you can give it the PD log files directory where you put the modules user names and so on another 51 00:05:53,330 --> 00:05:59,180 important parameter that I want to use today will be the control socket since 52 00:05:59,180 --> 00:06:04,370 we talked that unit is fully api controlled and it's it doesn't require a 53 00:06:04,370 --> 00:06:11,810 configuration file the thing we want to use we want to actually connect to a 54 00:06:11,810 --> 00:06:16,909 unit the ways how our infrastructure likes it okay 55 00:06:16,909 --> 00:06:24,409 by default there's going to be a socket file in a file system let's open an HTTP 56 00:06:24,409 --> 00:06:30,740 pool let's open a TCP port and the let's make the API available via HTTP on port 57 00:06:30,740 --> 00:06:38,509 let's say 8 4 4 3 so we're going to use the control parameter and I will put the 58 00:06:38,509 --> 00:06:41,500 IP address in here 59 00:06:42,439 --> 00:06:47,330 because I don't want it to listen on the API on every available public address of the system all right so we just started 60 00:06:51,469 --> 00:06:59,689 the unit daemon with this API control socket okay in the process list on the 61 00:06:59,689 --> 00:07:07,819 bottom of the screen you can easily see that unit launched with launched the 62 00:07:07,819 --> 00:07:12,559 main process and directly in the process line you see where you will be able to 63 00:07:12,559 --> 00:07:18,649 connect for controlling and modifying its configuration it's going to be this 64 00:07:18,649 --> 00:07:25,879 IP and port right here unit immediately creates the controller and router 65 00:07:25,879 --> 00:07:32,360 processes you'll went to the keynote a few minutes ago and we discussed at 66 00:07:32,360 --> 00:07:38,659 length how controller and router processes work together in the unit okay 67 00:07:38,659 --> 00:07:44,179 well the first the first thing we're gonna do is let's see what this API 68 00:07:44,179 --> 00:07:53,739 gives us alright it just gave us an JSON object with listeners and applications 69 00:07:53,739 --> 00:08:02,179 which are not defined at at this point of time it launched empty with a very 70 00:08:02,179 --> 00:08:06,559 fresh and clean configuration and it doesn't listen on any ports and hasn't 71 00:08:06,559 --> 00:08:11,659 launched any application at this moment all right I prepared a a file here with the 72 00:08:15,529 --> 00:08:24,439 configuration and this file has a very very simple very simple listener and 73 00:08:24,439 --> 00:08:31,459 very simple one application defined the application is just PHP info and that 74 00:08:31,459 --> 00:08:41,169 PHP info file is available right here let's let's see the file itself I 75 00:08:41,919 --> 00:08:47,329 haven't I wasn't making any modifications to the PHP file I wasn't 76 00:08:47,329 --> 00:08:52,279 making any modifications to the PHP packages themselves just took them to 77 00:08:52,279 --> 00:08:55,640 the way they are and launching it with the unit 78 00:08:55,640 --> 00:09:03,890 alright well let's let's upload this file using the put method directly into 79 00:09:03,890 --> 00:09:17,710 this API control port well the curl put request we need to specify the file and 80 00:09:17,710 --> 00:09:27,590 our API port alright the first the first thing that we see is the response from 81 00:09:27,590 --> 00:09:33,950 unit that reconfiguration was performed all right let's see what was performed 82 00:09:33,950 --> 00:09:39,830 let's curl the configuration again let's see what's in there and yes we can see 83 00:09:39,830 --> 00:09:46,460 all of that information that we just put into that API directly available okay so 84 00:09:46,460 --> 00:09:51,050 we define the application we define the workers and everything but we are not seeing any application processes here 85 00:09:54,700 --> 00:10:03,400 let's take a look at how our application works and let's open a new tab for that and we have it on port 80 300 here we go 86 00:10:09,620 --> 00:10:18,080 here's our PHP info and we see that our server API is unit right here okay in 87 00:10:18,080 --> 00:10:25,010 the process list you immediately can see that we don't only have the controller 88 00:10:25,010 --> 00:10:30,800 and router process but also this new application process the number of those 89 00:10:30,800 --> 00:10:36,410 application workers the maximum number is what we defined in our adjacent file 90 00:10:36,410 --> 00:10:46,010 in our configuration that we uploaded ok that was pretty easy right let's let's 91 00:10:46,010 --> 00:10:53,420 look at another another application that we prepared here and that application is 92 00:10:53,420 --> 00:10:58,090 a Python app 93 00:11:03,990 --> 00:11:11,140 okay so this JSON file it doesn't have a name of the application it defines a 94 00:11:11,140 --> 00:11:17,700 Python application with a version 3 of Python language a couple of workers and 95 00:11:17,700 --> 00:11:23,560 also you can see that it lists a different user and the end different group parameters here ok let me show you 96 00:11:27,610 --> 00:11:36,550 the application itself the application is really easy all it does here it's just showing us the very simple the 97 00:11:41,140 --> 00:11:53,760 system version ok let's have this demo this Python application that file let's 98 00:11:53,760 --> 00:12:01,680 put this file into our API right here 99 00:12:06,120 --> 00:12:13,060 okay it's port 8 443 now where do we put this file without the full definition of the configuration we need to put it into 100 00:12:15,430 --> 00:12:26,460 the applications and let's give it a name alright we just 101 00:12:26,460 --> 00:12:33,990 defined it as a Python underscore sample and this application is now right there 102 00:12:33,990 --> 00:12:40,240 let's see what we have in our list of applications right now we have our port 103 00:12:40,240 --> 00:12:46,750 80 300 listener we got the application PHP info we got the Python sample our 104 00:12:46,750 --> 00:12:53,590 PHP info application worker it's still there the PHP info page is working 105 00:12:53,590 --> 00:13:00,850 perfectly but now we define some new entity right here okay so what we can do 106 00:13:00,850 --> 00:13:06,480 right now for this application we can either create a different listener and 107 00:13:06,480 --> 00:13:14,480 have it listening on a different port or we can redefine this existing listener 108 00:13:14,480 --> 00:13:20,170 which is part 8300 and see this application the way it works in this environment dynamically without change 109 00:13:23,360 --> 00:13:28,670 in the listener okay let's have a show of hands who wants that application to 110 00:13:28,670 --> 00:13:35,270 run on a new port okay and who wants to redefine the existing port for this new 111 00:13:35,270 --> 00:13:40,550 application okay we redefining the existing port to see the newer to see 112 00:13:40,550 --> 00:13:46,250 how the new application works for that we're gonna do regular under this we're 113 00:13:46,250 --> 00:13:51,770 going to access this object the listeners 8,300 and we're going to 114 00:13:51,770 --> 00:13:57,320 access this parameter application and change its value from PHP info to fight 115 00:13:57,320 --> 00:14:03,590 an underscore sample okay let's do that that's going to be some tricky command 116 00:14:03,590 --> 00:14:10,930 here it's going to be a put request the data of the put request will be a string which is Python underscore sample and 117 00:14:16,840 --> 00:14:29,840 the URL where we will put that will be our listeners URL with the with the ID 118 00:14:29,840 --> 00:14:39,100 of with the ID of the listener and then the parameter will be application 119 00:14:39,100 --> 00:14:45,200 alright we just got that money in here all right we see reconfiguration is done 120 00:14:45,200 --> 00:14:50,390 let's take a look what we have here and yes our application was redefined for this same listener what's interesting in 121 00:14:52,700 --> 00:14:55,910 the process list is that nothing changed here we haven't removed the PHP application 122 00:15:00,710 --> 00:15:07,340 it's just not bound to any listeners at this point and now the thing that we're 123 00:15:07,340 --> 00:15:11,660 gonna do we're gonna refresh the page and here we go we can see that the Python app is running and we can see 124 00:15:14,480 --> 00:15:20,150 that python worker process has been created right here okay at this point 125 00:15:20,150 --> 00:15:24,260 you can see the Python app and PHP are onion at the same time in that same 126 00:15:24,260 --> 00:15:29,130 system and all of those all of them both of 127 00:15:29,130 --> 00:15:34,620 them are onion under different users the PHP user and Python user in this in this 128 00:15:34,620 --> 00:15:41,000 Linux system and we can dynamically manage and dynamically change whatever 129 00:15:41,000 --> 00:15:49,140 whatever we want about this listener and application the there are interesting 130 00:15:49,140 --> 00:15:54,270 use cases for that let's say you want to update your application with a new 131 00:15:54,270 --> 00:16:00,240 version just put the code in a different directory and change the route using 132 00:16:00,240 --> 00:16:05,370 this API or change the listener into a completely new instance of application 133 00:16:05,370 --> 00:16:12,810 or create a new application object in this API test it out with a separate listener just put some minor amounts of 134 00:16:16,170 --> 00:16:20,190 traffic into that a new version of the application once it's ready just swap 135 00:16:20,190 --> 00:16:26,100 the listeners using one API call all of the changes are graceful the connections 136 00:16:26,100 --> 00:16:33,210 are not broken connections are not reset and the listener the listening sockets 137 00:16:33,210 --> 00:16:39,450 are still open it at any point of time if you're changing it so this is this is 138 00:16:39,450 --> 00:16:45,420 fully truly dynamic alright let's let's see what else we have here I prepared a longer file and in this 139 00:16:51,930 --> 00:16:56,640 file what we what we see right here is a bunch of different listeners we got a 140 00:16:56,640 --> 00:17:01,770 PHP application of an application defined in Python version 2 in Python 141 00:17:01,770 --> 00:17:06,540 version 3 and also a very interesting one which is the go hello world 142 00:17:06,540 --> 00:17:15,709 application okay now the goal occations are really really interesting to build 143 00:17:15,709 --> 00:17:24,540 let's go directly into this directory and let's see what we have here as our 144 00:17:24,540 --> 00:17:34,440 hello go app what we did we created the package the go package which is called 145 00:17:34,440 --> 00:17:41,790 unit and we need to add a unit as as the package right here in the code of 146 00:17:41,790 --> 00:17:50,970 our application now instead of using HTTP listen and serve I will use unit 147 00:17:50,970 --> 00:17:57,000 listen and serve right here with the same parameters how that will work if 148 00:17:57,000 --> 00:18:04,740 the application is launched directly it will fall back to the HTTP functionality 149 00:18:04,740 --> 00:18:10,740 of go and it will listen on the port it will be available right now it will be 150 00:18:10,740 --> 00:18:18,900 available the way you usually launch the go applications however if unit will 151 00:18:18,900 --> 00:18:22,650 launch the application if unit will take that binary and and 152 00:18:22,650 --> 00:18:30,630 start it the application will not open an HTTP port instead of that it will be 153 00:18:30,630 --> 00:18:36,900 communicating with unit or router using the shared memory that Iger explained in 154 00:18:36,900 --> 00:18:43,710 the keynote and that system will provide you a consistent HTTP stack across your 155 00:18:43,710 --> 00:18:49,080 applications regardless of the language and the platform that you are using for 156 00:18:49,080 --> 00:18:57,900 these applications alright we already have this hello application compiled 157 00:18:57,900 --> 00:19:04,020 it's a very simple app we have more complicated applications or Iranian in 158 00:19:04,020 --> 00:19:09,870 the demo booth where you can see apps like graph Anna Iranian of with nginx 159 00:19:09,870 --> 00:19:17,420 unit and some other apps as well all right we have it right there and we had 160 00:19:17,420 --> 00:19:24,870 the full JSON file that I'm going to upload the full JSON file that I'm going to upload through the API and it will be 161 00:19:27,720 --> 00:19:32,460 able to launch for different applications PHP two versions of Python 162 00:19:32,460 --> 00:19:44,210 and go alright let's do that I will use the put method I will specify the file 163 00:19:44,210 --> 00:19:51,390 curl command requires the @ symbol before specifying the file and let's put 164 00:19:51,390 --> 00:19:55,799 that in our one two seven zero zero one and the port at which shows right here all right we 165 00:19:59,730 --> 00:20:05,400 got the configuration going since I renamed the applications our Python 166 00:20:05,400 --> 00:20:10,230 sample application was removed and the workers of the Python sample 167 00:20:10,230 --> 00:20:15,539 applications are not there however our PHP application in the full 168 00:20:15,539 --> 00:20:20,820 JSON file was exactly the same PHP application that we started from since 169 00:20:20,820 --> 00:20:27,900 that wasn't a change unit didn't kill any PHP processes it kept them live it 170 00:20:27,900 --> 00:20:31,740 kept them accessible on that same port because that wasn't hurt 171 00:20:31,740 --> 00:20:36,510 that wasn't a change only the Python applications and go applications were 172 00:20:36,510 --> 00:20:43,530 changed in this environment all right let's see all of those applications how 173 00:20:43,530 --> 00:20:49,020 they are working so a port 8300 that's going to be our PHP application here we 174 00:20:49,020 --> 00:20:56,940 go that's PHP seven zero PHP info let's go to the next port which was 8400 8400 175 00:20:56,940 --> 00:21:05,010 was the Python application defined as Python 2.7 version and I had almost 176 00:21:05,010 --> 00:21:10,260 exactly the copy of that at the next port 8401 which is exactly the same 177 00:21:10,260 --> 00:21:14,549 application running in a different version of python you see now the once 178 00:21:14,549 --> 00:21:19,440 we started launching those applications we see the processes coming in and we 179 00:21:19,440 --> 00:21:25,020 got the PI 2 and PI 3 and application now let's open the last one of those 180 00:21:25,020 --> 00:21:29,400 which is the go app and this is a completely different application right 181 00:21:29,400 --> 00:21:37,320 here we can see it in the process list directly all right now what happens if we want to delete some of those apps 182 00:21:40,340 --> 00:21:49,830 well it's very easy you can use the same the same API for cleaning things up we 183 00:21:49,830 --> 00:21:56,159 can use the delete method and we'll apply that delete method directed to the 184 00:21:56,159 --> 00:22:06,190 application and which which application do you want do you want to do 185 00:22:06,190 --> 00:22:17,080 to be to delete right here PHP okay yep what what do you think will happen right now it's invalid we cannot delete it 186 00:22:23,350 --> 00:22:27,850 right now because we have a listener socket bound right now to the same 187 00:22:27,850 --> 00:22:34,480 application let's clean up the listen socket first all right so our PHP 188 00:22:34,480 --> 00:22:43,299 application was leased was listening on the socket that was 8300 this one all 189 00:22:43,299 --> 00:22:47,980 right what happened here is quite interesting as well we deleted the 190 00:22:47,980 --> 00:22:55,059 socket now our port 8300 will not be accessible here we go 191 00:22:55,059 --> 00:22:59,740 the site can be reached the port is not there however in the list of processes 192 00:22:59,740 --> 00:23:05,529 below you can still see the PHP application we only deleted the listener 193 00:23:05,529 --> 00:23:11,110 we only deleted that part that was changed and we were not touching the 194 00:23:11,110 --> 00:23:14,740 rest of the system that is still supposed to be live maybe you want to 195 00:23:14,740 --> 00:23:18,789 run that same PHP application on a different port you just create another 196 00:23:18,789 --> 00:23:23,110 different listener bind it to that same application and your life without 197 00:23:23,110 --> 00:23:31,210 changes and without restarts even of a single app alright now let's try to 198 00:23:31,210 --> 00:23:38,669 delete our PHP application and here we go PHP application is out of here 199 00:23:39,410 --> 00:23:46,320 [Applause] all right so this is this is a really fun system right here and you can create 200 00:23:49,789 --> 00:23:57,869 delete update parts of the application parts of configuration using any any of 201 00:23:57,869 --> 00:24:02,999 those requests that I've shown you really easy to use and really 202 00:24:02,999 --> 00:24:11,279 configurable all of those things are available on on any modern Linux system 203 00:24:11,279 --> 00:24:18,090 and with all of the modern versions of PHP Python and go languages so here's 204 00:24:18,090 --> 00:24:22,739 the thing we started to get a lot of comments and a lot of questions on 205 00:24:22,739 --> 00:24:28,499 social media and even on github and everywhere else so for this session we 206 00:24:28,499 --> 00:24:32,669 wanted to leave more time for your questions and we want to answer all of 207 00:24:32,669 --> 00:24:38,580 those questions right here so we have the whole engineering team as eager Valentin and Maxime right here and 208 00:24:40,710 --> 00:24:43,799 myself for answering the questions all right 209 00:24:43,799 --> 00:25:09,629 let's ask the questions so yes the question was about heaven the the 210 00:25:09,629 --> 00:25:18,600 variables passed from nginx into into unit similar to the PHP fpm similar the 211 00:25:18,600 --> 00:25:25,529 fancy GI params right all right let's let's have the the engineering 212 00:25:25,529 --> 00:25:32,879 team up here and let's let's help answer this question I I must say that many of 213 00:25:32,879 --> 00:25:43,789 your questions will be answered with the words yes we have this planned all right 214 00:25:43,789 --> 00:25:49,489 can we have a portable microphone here 215 00:25:51,620 --> 00:25:55,920 all right well we'll get the microphone right now for because we're getting a 216 00:25:55,920 --> 00:26:00,390 lot of questions let's let's have a microphone here for that oh this this 217 00:26:00,390 --> 00:26:09,300 one is working so it should be configurable of course and we will provide a way how to pass additional 218 00:26:13,580 --> 00:26:20,310 variables using HTTP headers from and the next to unit of course and for now 219 00:26:20,310 --> 00:26:26,400 it populates environment variables according to HTTP requests so if you 220 00:26:26,400 --> 00:26:34,170 want to pass for example IP address from the client connection to nginx you have 221 00:26:34,170 --> 00:26:41,940 to use custom I should be header but eventually I think that you know you 222 00:26:41,940 --> 00:26:50,550 will be able to put nginx unit to the external environment so and don't have 223 00:26:50,550 --> 00:26:58,140 nginx behind unit and in this case there is really no problem at all to populate 224 00:26:58,140 --> 00:27:07,700 all the environment variables it's yes go ahead 225 00:27:12,200 --> 00:27:19,950 yes that's right and they as you can see they use different user and group and 226 00:27:19,950 --> 00:27:27,180 they're isolated and if one process dies so only the request that is served by 227 00:27:27,180 --> 00:27:32,700 this process will be in a failed everything else will be protested is and 228 00:27:32,700 --> 00:27:40,170 what I should mention that and unit rotor process it's not iterated but each 229 00:27:40,170 --> 00:27:47,790 thread is asynchronous like nginx worker process so you have as many traits as 230 00:27:47,790 --> 00:27:54,930 you have course in your system and each thread can handle thousands of 231 00:27:54,930 --> 00:27:59,690 connections like nginx worker process 232 00:28:07,740 --> 00:28:12,039 so the question was how we monitor the health of the workers and how they shut 233 00:28:12,039 --> 00:28:16,870 down at what conditions and how we can control that this is one of the things 234 00:28:16,870 --> 00:28:22,389 that we are planning in a very short term a roadmap right now as having the 235 00:28:22,389 --> 00:28:28,259 pre fork module to pre for pre fork model for creating the workers and 236 00:28:28,259 --> 00:28:35,470 monitoring them using the pretty much standard system level tools as for 237 00:28:35,470 --> 00:28:46,590 memory timeouts and so on this is plan this is a short-term road map yes 238 00:28:51,700 --> 00:29:01,519 sorry I didn't quite and send the question okay so what happens to the 239 00:29:01,519 --> 00:29:12,710 existing configuration okay for now it will just it disappeared but we are 240 00:29:12,710 --> 00:29:19,549 going to add persistence in the short term I think it will be ready in a week 241 00:29:19,549 --> 00:29:28,750 or so so if the main router process or work or master process will die you can 242 00:29:28,750 --> 00:29:36,830 restart unit and it will start with the previous working configuration yes as of 243 00:29:36,830 --> 00:29:41,899 as of right now what you can do is when when you are just when you are making 244 00:29:41,899 --> 00:29:45,169 changes to your configuration it is completely dynamic that the changes 245 00:29:45,169 --> 00:29:48,019 might come from different sources for different reasons 246 00:29:48,019 --> 00:29:53,120 but it gives you a fully consistent view on what the configuration is you can simply a dump that configuration JSON 247 00:29:55,789 --> 00:30:00,860 into a file and that will be your last non-working config of course the 248 00:30:00,860 --> 00:30:04,789 persistence features are very important and that we have them we will have them 249 00:30:04,789 --> 00:30:07,330 done very quickly 250 00:30:09,760 --> 00:30:12,859 [Music] 251 00:30:31,400 --> 00:30:38,940 so we expect users to interact with nginx unit only using this API so we 252 00:30:38,940 --> 00:30:44,309 don't expect them to edit our persistent storage of course you can because it 253 00:30:44,309 --> 00:31:04,830 will be simple JSON and but soon all right yes yep yeah the question was 254 00:31:04,830 --> 00:31:10,830 about securing the API access what I did in this demo I enabled API access only 255 00:31:10,830 --> 00:31:16,200 on localhost on one to seven zero zero one and only through only on one 256 00:31:16,200 --> 00:31:22,860 specific port by default it launches the API in a UNIX domain socket which is only accessible locally in the system 257 00:31:25,409 --> 00:31:30,929 now here's what you can do in addition to that if you go to our website in to 258 00:31:30,929 --> 00:31:38,240 integration with nginx article right here we actually defined how you can see 259 00:31:38,240 --> 00:31:44,549 secure your API using nginx tools we already know how to deliver secure 260 00:31:44,549 --> 00:31:50,429 websites and secure API is in the world and what you can do here you can install 261 00:31:50,429 --> 00:31:56,669 nginx configure access lists configure proxy in into the control socket 262 00:31:56,669 --> 00:32:01,470 directly you can configure client certificate authentication you can have 263 00:32:01,470 --> 00:32:07,140 basic authentication and all of the nginx security tools right in front of 264 00:32:07,140 --> 00:32:12,620 the unit naturally as you would have in front of any API 265 00:32:24,560 --> 00:32:31,700 yeah for now we recommend to use UNIX domain circuits with root credentials 266 00:32:31,700 --> 00:32:37,880 but eventually we are going to add TLS support and client certificates of 267 00:32:37,880 --> 00:32:43,160 terrorization and other whereas other methods of terrorization 268 00:32:43,160 --> 00:32:50,870 to be able to control the privileges and who can manipulate it with this API interface all right all right we got 269 00:32:56,960 --> 00:33:13,160 another question here sorry I couldn't hear this oh chroot environments are we 270 00:33:13,160 --> 00:33:17,440 playing this the chroot environments 271 00:33:28,260 --> 00:33:36,990 and to also watch shall in for Python applications of course