Starting from the left, the CDN server and the reverse proxy server are used to cache some resources that users need to request. The difference between the two is that the CDN is deployed in the computer room of the network provider, and users can obtain it nearby; the reverse proxy is deployed in the computer room of the website center. The purpose of using CDN and reverse proxy is to return data to users as soon as possible. This can speed up the speed of returning user resources and reduce the load pressure on the back-end server.
Going down, it is a load balancing scheduling server, which is used to send user requests to the server cluster. The A and B application servers can be Tomcat server clusters, but only Action is deployed on it, which is the code of the controller layer that we usually write. Here, the business layer code that is deployed on different servers is called (large websites will split the business and deploy different applications independently). If some business requests are large and the business processing time is long, they can be added to the message queue according to the actual situation to achieve the purpose of fast return. Finally, the distributed business server calls the distributed database system to realize data storage. On the right, files can be deployed on distributed file servers. On the upper right, the distributed cache server is used to cache the 20% of the data that is most frequently accessed (the 28th law: 80% of business access is concentrated on 20% of the data). For the bottom two, because the website business is quite complex, some non-relational databases such as nosql and non-database query technologies such as search engines are used for data storage and retrieval.
The above is the general structure of a large website.
After the overall structure is finished, let’s talk about some specific things. Core architectural elements of large-scale websites: performance, availability, scalability, scalability, and security.
Let's talk about performance first:
Browser access optimization:
1 reduce http requests
The overhead of HTTP requests is expensive, and the number of HTTP requests should be minimized. The main method is to combine javascrit, css, and pictures into one file, so that the browser only needs one request.
2 Use browser cache
For websites, resources such as css, javascript, logo, and icons are updated infrequently. You can set the Cache-Control and Expires attributes in the http header to cache them in the browser.
3 Enable compression
The files can be compressed on the server side, and the compression efficiency of text files can reach more than 80%. Therefore, GZip compression for HTML, CSS, and Javascript files can achieve better results.
4 The css file is placed at the top of the page, and the javascript is placed at the bottom of the page
The browser renders the page after all the css is downloaded, while the javascript is executed immediately after it is loaded. Therefore, download the css file first, and put the javascript at the end.
cdn acceleration
The essence of CDN (Content Delivery Network) is still a cache, and the data is cached in the place closest to the user, so that the user can obtain the data at the fastest speed. Generally cache static resources.
reverse proxy
A reverse proxy server can protect the security of the server, and requests from the Internet must go through the proxy server. Therefore, you can also put some static data on the proxy server. When the user accesses the static content for the first time, the static content will be cached on the direction proxy server. When other users request it, they can return directly, reducing the load on the web server.
Application server performance optimization
The optimization methods of the server mainly include caching, clustering, asynchronous, etc.
Asynchronous operation:
In the case of high concurrency, if the message queue is not used, the direct writing of user requests to the database will cause huge pressure on the database, and at the same time increase the response delay. Using message queues and asynchronously writing to the database can play a very good role in peak shaving, improve the scalability of the website, and improve the performance of the website.
Use cluster:
In the scenario of high concurrent website access, load balancing technology is used to build a cluster of abortion servers for the application, and concurrent access requests are distributed to multiple servers for processing to avoid a single server responding slowly due to excessive load pressure.
Code optimization:
1 Multithreading
From a resource utilization perspective, there are two main reasons to use multithreading:
-
io blocking: When the thread is doing io processing, it will block the cpu to wait for io. Using multi-threaded io blocking and execution alternately can maximize the use of CPU.
-
Multiple CPUs: A server has multiple CPUs. In this era when mobile phones have quad-core CPUs, multi-threading must be enabled to maximize the use of these CPUs.
2 Resource reuse
There are two main modes of resource reuse: singleton and object pool.
-
Singleton: Since the anemia mode is mainly used in web development, many stateless objects are used, and there is no need to repeatedly create them, so it is natural to use the singleton mode.
-
Thread pool: The object pool reduces object creation and resource consumption by reusing object instances.
3 Data structures
Using appropriate data structures, rewriting data and computing characteristics in different scenarios can greatly optimize program performance.
4 Garbage collection
If the web application runs in a garbage collection-capable environment such as the JVM, understanding the garbage collection mechanism can help program optimization and parameter tuning, as well as write memory-safe code.
Scalable design of website architecture
Generally speaking. The scalability design of a website can be divided into two categories: one is to achieve scaling based on physical separation of functions, and the other is a single function to achieve scaling through clusters. The former is that different servers deploy different services and provide different functions; the latter is that servers in the cluster deploy the same service to achieve the same function.
Scalability Design of Application Server Cluster
Load balancing is a key technology to achieve scalability design. Because it can distribute user requests to different servers in the cluster according to certain rules, and can sense or configure the number of servers in the cluster, and discover newly online or offline servers in time, so as to achieve the scalability of application server clusters. . There are several techniques for implementing load balancing:
-
http redirect load balancing
The http server is an ordinary application server, and its only function is to calculate a real web server address according to the user's http request. The advantage of this scheme is that it is relatively simple. The disadvantage is that the browser needs to request the server twice to complete an access, and the performance is poor; it is not often used in practice.
-
dns domain name resolution load balancing
Each domain name resolution request will calculate a different IP address and return it according to the load balancing algorithm. The advantage is that the load balancing work is handed over to dns, which saves the trouble of website management and maintenance of the load balancing server. The disadvantage is that the control of DNS load balancing is in the domain name service provider, and the website cannot make more improvements and more powerful management.
-
Reverse proxy load balancing
The reverse proxy server requires dual network cards and two sets of internal and external IP addresses. The advantage is that it is integrated with the reverse proxy server function, and the deployment is simple. The downside is that all requests go through this and its performance can become a bottleneck.
- ip load balancing
Load balancing is performed at the network layer by modifying the request target address. IP load balancing completes data distribution in the kernel process and has better processing performance. But for large websites that need to provide download services or video services, it is difficult to meet the demand.
2. Data link layer load balancing
Modify the mac address at the data link layer of the communication protocol for load balancing. This mode is currently the most widely used load balancing method for large websites.
Scaling of database storage server clusters
Here we mainly focus on the scaling design of relational databases. For databases with horizontal database and table partitioning, some distributed database products such as Mycat and Cobar can be used.
Using distributed message queues to reduce system coupling
If there are no direct calls between modules, additions or modifications have minimal impact on other modules. Keep modules loosely coupled by transmitting event messages between less coupled modules. The most commonly used is the distributed message queue. In terms of scalability, since the data on the server on the message queue is processed in real time, it can be regarded as a stateless server. The scalability is relatively simple. Add a new server to the distributed message queue cluster and notify the producer server to change the message. A list of queue servers is enough. In terms of availability, to avoid running out of memory space, messages are written to disk.
Website application attack and defense:
Since the birth of the Internet, various web attacks and information leaks have never stopped. Here are the main attack methods and defense measures.
- xss attack
XSS is a cross-site scripting attack, which causes hackers to inject malicious html scripts by tampering with web pages. There are two main means of defense:
1 Sanitize escaping some html dangerous characters, such as ">" escape to ">".
2 HttpOnly means that the browser prohibits the page javascript from accessing the cookie with the HttpOnly attribute.
- sql injection
SQL injection, the attacker injects malicious SQL commands in http requests. The defense method, or disinfection, is to filter the SQL that may be injected in the request data. Or parameter binding, such as #{} in mybatis, treats the attacker's sql as a parameter, not the executable sql.
- csrf attack
Cross-site request forgery, an attacker conducts illegal operations as a legitimate user through a cross-site request. Its core is to use server session or browser cookie policy. Steal user identities. Defense method
1 Form token. Add a random number to the page form as the token value and submit it to the server for inspection.
2 Verification code
3 Refer Check
The request source of the http request header is recorded in the request source, and the request source can be checked to verify whether it is legal.
web application firewall
ModSecurity, an open source web application firewall, detects attacks and protects web applications.
Website Security Vulnerability Scan
Refers to a tool that constructs offensive URLs according to certain rules to simulate hacking.
Because this blog is only a general description of the architecture of large-scale websites and the technologies used (it is not easy to explain in detail, because there are too many knowledge points involved here, and each knowledge point can be raised separately Write a piece or a few blogs), so the explanation of most knowledge points is only a shallow taste. If you want to know more details, you can Baidu or read the main references of this article:
"Core Principles and Case Analysis of Large Website Technical Architecture"
Reprinted from: https://blog.csdn.net/zoroduyu/article/details/79187169