Well worth navigating through - it just gets nuttier and nuttier. I certainly didn't know you could execute SQL queries against Drizzle from within your nginx.conf, parameterise them based on the query string, hash them to different backend shards and format the results as JSON...

Agreed, that's the point where my mind was blown.

In case it isn't clear to some folks (like me), this is a slideshow: left and right arrows to navigate.

If you put your mouse exactly at the top of the page, a toolbar pops up. But this took me a long time to discover, and I kept using the arrow keys.

Sorry for the confusion...I should have added a tip in my tweet.

Whoa, nginx can do a hell of a lot via conf scripting. You could build a semi-decent REST interface to a data source using the modules in this presentation...

One can do a full-decent REST interface when ngx_lua is ready ;)

I actually tried putting a website together in a similar fashion a while back. All the hacks quickly got difficult to maintain, and the code was ugly. I was too ashamed of what I've created to share it with the world. Now I see someone actually built up that courage :)

I do understand the risk. And we've been trying pretty hard to keep things clean :)

This site design is totally unusable on android devices, I cannot workout how to change slides.

Sorry about that...but arrow keys on your keyboard doesn't work for you?

Not to nitpick, but I feel the need to point out that the "REST interface to memcache server" isn't really REST, since it's issuing non-idempotent commands using GET requests, with the command type and resource specified in the query string.

Also, "Native support for cross-site scripting (XSS) in an nginx" (http://github.com/agentzh/xss-nginx-module)... I don't think XSS means what they think it means. Hint: it's not a feature. http://en.wikipedia.org/wiki/Cross-site_scripting

Still pretty cool though :)

Yeah, that statement in my slides is incorrect :) But the ngx_memc module itself does support true REST interface setup. Please take a look at the samples in its documentation: http://wiki.nginx.org/NginxHttpMemcModule

    GET /foo?key=dog
    
    POST /foo?key=cat
    Cat's value...
    
    PUT /foo?key=bird
    Bird's value...
    
    DELETE /foo?key=Tiger

XSS seems as good a definition as any - everyone's calling it lots of things, JSONP or AJAST or whatever - but setting up data feeds inside javascript function calls specifically to do ajax-Y stuff but getting around the cross-site security model built into xmlhttprequest.

But XSS already has a different specific meaning. Granted it's a confusing definition for exactly this reason, but it's well established to mean a security vulnerability where an attacker can inject JavaScript into users pages thereby stealing their session cookies, etc. It has nothing to do with cross-domain requests.

OH NO! Register Globals comes back! http://php.net/manual/security.globals.php

I've worked with agentzh before, and he is extremely knowledgeable and friendly. He's an amazing asset to the Nginx project!

I wonder how vulnerable this setup is to sql-injection attacks and similar stuff.

Haven't you seen the set_quote_sql_str directive used in my slides?

Why would you do this? Use a proper web framework!

If you're running a web scale operation then the ability to talk to memcached directly from nginx lets you do something like "Grab the page out of memcached if it is already there, if not, pass request to application server.", totally avoiding the application server and database for a huge portion of your "dynamic" requests. Given the relative costs of two roundtrips to memcached and e.g. going through the entire Rails stack, that is a bit of a win.

The examples are there to show you what you can do from a flexible piece of software like Nginx. It could have nothing to do with the web tier.

Still, it would be interesting with connections to real-life applications. I was hoping to figure out a few practical ways of using more of my nginx spare cycles. I'm sure there's a ton of cool stuff one could actually use this for, but I'm none the wiser after the presentation.

I must add that, the stuffs shown in these slides are just our "level 1 scripting". There will be level 2 and level 3, so as to support more sophisticated business logic in our data platform.

Level 2 will be ngx_lua scripting which provides Erlang-style transparent non-blocking I/O support and access to the whole nginx infrastructure and all the level 1 scripting goodies.

Level 3 will be...well...Perl 6, JavaScript, and PHP scripting atop the ngx_lua VM (by the corresponding X -> Lua compiler). grin We'll eventually get there.

Well, we're building our business (some data products in Taobao.com) atop this kind of nginx-based technology ;)

We'll also make extensive use of AJAX, Flash, and Jemplate in this context.

To be clearer, this is not a project just for fun, but rather, a serious company project that is allowed to be opensourced.

Why? Just because our db-backed web app have to handle tens of millions of requests each day on one or two plain simple servers ;)

Well, I didn't give any benchmark numbers in my slides. It's by intention. Just go ahead and find out how fast it can be :)

And...also, to tell the secret, nginx itself is a web framework. And it's a very powerful one and we're still pushing it ahead ;)

OK, well it might be fast and powerful, but I don't much like how the code looks.