Varnish是一款强大的反向代理加速软件,关于其工作原理可以参考上图,其具体流程及VCL语法我这里就不做说明,网上资料多,大家还可以对照参考其官方网站和《Varnish中文权威指南》。
一、安装CentOS5.8系统环境下的依耐关系
|
1
2
|
yum
install
gcc gcc-c++
yum
install
automake autoconflibtool ncurses-devel libxslt groff pcre-devel pkgconfig libtool -y
|
二、下载varnish-2.1.5源码包,并进行编译安装。
|
1
2
3
4
5
|
cd
/usr/local/src
wget http:
//repo
.varnish-cache.org
/source/varnish-2
.1.5.
tar
.gz
tar
zxvf varnish-2.1.5.
tar
.gz
cd
varnish-2.1.5.
.
/autogen
.sh
|
#autogen.sh命令是用来检查软件的依耐关系是否满足,如果报错的话, 则应该如下
正常所示:
|
1
2
3
4
5
|
+ aclocal
+ libtoolize --copy --force
+ autoheader
+ automake --add-missing --copy --foreign
+ autoconf
|
继续编译安装:
|
1
2
|
./configure --prefix=/usr/local/
var
nish --enable-dependency-tracking --enable-debugging-symbols --enable-developer-warnings -enable-extra-warnings
make && make install && cd ../
|
三、创建varnish用户和组,以及varnish缓存文件和日志存放目录:
|
1
2
3
4
|
/usr/sbin/groupadd
varnish
/usr/sbin/useradd
-s
/sbin/nologin
-g varnish varnish
mkdir
-p
/data/varnish/
{cache,log}
chown
-R varnish:varnish
/data/varnish/
{cache,log}
|
四、我的测试环境是两台Web机器,IP为192.168.1.103(域名为http://www.yuhongchun027.net)的varnish机器对后端IP为192.168.1.104和192.168.1.105的机器进行反向代理加速,其配置文件/usr/local/varnish/etc/varnish/better.vcl如下所示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
backend rserver1
{
.host =
"192.168.1.104"
;
.port =
"80"
;
.probe = {
.timeout = 5s;
#等待多长时间超时
.interval = 2s;
#检查时间间隔
.window = 10;
#varnish将维持10个sliding windows的结果
.threshold = 8;
#如果是8次.windows检查是成功的,就宣告后端的Web机器
是健康的
}
}
backend rserver2
{
.host =
"192.168.1.105"
;
.port =
"80"
;
.probe = {
.timeout = 5s;
.interval = 2s;
.window = 10;
.threshold = 8;
}
}
#指定一个名为realserver组,使用random机制,权重越大,分配的访问越多,可根据
服务器性能来设定;而round-robin(轮询)机制是不能指定weight的
director realserver random {
{
.backend = rserver1;
.weight = 5;
}
{
.backend = rserver2;
.weight = 6;
}
}
#定义能清理缓存的机器,这里只允许本机能用purge的方式清理
acl purge {
"localhost"
;
"127.0.0.1"
;
}
sub vcl_recv
{
if
(req.http.host ~
"^(.*).yuhongchun027.net"
)
{
set
req.backend =realserver;
}
else
{
error 200
"Nocahce for this domain"
;
}
if
(req.request ==
"PURGE"
)
{
if
(!client.ip ~purge)
{
error 405
"Not allowed."
;
}
else
{
return
(pipe);
}
}
#获取客户端真实IP地址
if
(req.http.x-forwarded-
for
)
{
set
req.http.X-Forwarded-For =
req.http.X-Forwarded-For
","
client.ip;
}
else
{
set
req.http.X-Forwarded-For =client.ip;
}
#对HTTP协议中的GET、HEAD请求进行缓存,对POST请求透过,让其直接访问后端Web服
务器。之所以这样配置,是因为POST请求一般是发送数据给服务器的,需要服务器接
收、处理,所以不缓存;
if
(req.request !=
"GET"
&& req.request !=
"HEAD"
)
{
return
(pipe);
}
if
(req.http.Expect)
{
return
(pipe);
}
if
(req.http.Authenticate|| req.http.Cookie)
{
return
(pass);
}
if
(req.http.Cache-Control~
"no-cache"
)
{
return
(pass);
}
#对JSP或者PHP文件不缓存
if
(req.url ~
"\.jsp"
|| req.url ~
"\.php"
)
{
return
(pass);
}
else
{
return
(lookup);
}
}sub vcl_pipe
{
return
(pipe);
}sub vcl_pass
{
return
(pass);
}sub vcl_hash
{
set
req.
hash
+= req.url;
if
(req.http.host)
{
set
req.
hash
+=req.http.host;
}
else
{
set
req.
hash
+=server.ip;
}
return
(
hash
);
}sub vcl_hit
{
if
(req.request ==
"PURGE"
)
{
set
obj.ttl = 0s;
error 200
"Purged."
;
}
if
(!obj.cacheable)
{
return
(pass);
}
return
(deliver);
}sub vcl_miss
{
if
(req.request ==
"PURGE"
)
{
error 404
"Not incache."
;
}
if
(req.http.user-agent ~
"spider"
)
{
error 503
"Notpresently in cache"
;
}
return
(fetch);
}
sub vcl_fetch
{
if
(req.request ==
"GET"
&& req.url ~
"\.(txt|js)$"
)
{
set
beresp.ttl = 3600s;
}
else
{
set
beresp.ttl = 30d;
}
if
(!beresp.cacheable)
{
return
(pass);
}
if
(beresp.http.Set-Cookie)
{
return
(pass);
}
return
(deliver);
}
sub vcl_deliver {
if
(obj.hits > 0) {
set
resp.http.X-Cache=
"HIT FROM www.yuhongchun027.net"
;
}
else
{
set
resp.http.X-Cache=
"MISS FROM www.yuhongchun027.net"
;
}
return
(deliver);
}
|
五、启动varnish的命令很长,如下所示:
|
1
2
3
|
/usr/local/varnish/sbin/varnishd
-n
/data/varnish/cache
-f
/usr/local/varnish/etc/varnish/better
.vcl -a 0.0.0.0:80 -s
file
,
/data/varnish/varnish_cache
.data,8G -p user=varnish -p group=varnish -p default_ttl=14400 -p thread_pool_max=8000 -p send_timeout=20 -w
5,51200,30 -T 127.0.0.1:3500 -P
/usr/local/varnish/var/varnish
.pid
|
验证其是否生效可以用curl –I命令,如下所示:
|
1
|
[root@localhost cache]
# curl -I http://www.yuhongchun027.net/
|
以下结果显示varnish缓存已经起作用了:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
HTTP
/1
.1 200 OK
Server: Apache
/2
.2.3 (CentOS)
Last-Modified: Wed, 28 Aug 2013 16:27:33 GMT
ETag:
"10d242-e-776b6740"
Content-Type: text
/html
; charset=UTF-8
Content-Length: 14
Date: Wed, 21 Aug 2013 17:47:48 GMT
X-Varnish: 1584727079 1584726982
Age: 10101
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT FROM www.yuhongchun027.net
|
六、如果vcl配置文件发生改动,想要不重启而直接reload,可以用如下操作,可以在本机上进行telnet操作,连接3500管理端口:
|
1
2
3
4
5
6
|
telnet 127.0.0.1 3500
vcl.load newconfig
/usr/local/varnish/etc/varnish/better
.vcl
200 13
VCL compiled.
vcl.use newconfig
200 0
|
如果显示有200字样,则表示已经正常reload了,newconfig这个名字是自己定义的,熟悉varnish操作的朋友应该也清楚,通过telnet连接本机还可以进行清理缓存。
七、用varnishadm命令来清理缓存,例子如下所示:
清除所有缓存
|
1
|
/usr/local/varnish/bin/varnishadm
-T 192.168.1.103:3500 url.purge *$
|
清除image目录下所有缓存
|
1
|
/usr/local/varnish/bin/varnishadm
-T 192.168.1.103:3500 url.purge
/image/
|
查看最近清除的详细url列表,可执行如下命令:
|
1
|
/usr/local/varnish/bin/varnishadm
–T 192.168.1.103:3500 purge.list
|
另外,缓存命中率的高低直接说明了varnish的运行状态和效果,如果缓存率命中率过低,我们应该对varnish配置进行检查调整来进行提高,查看其命中率命令如下所示:
|
1
|
/usr/local/varnish/bin/varnishstat
-n
/data/varnish/cache
|
八、内核优化如下所示:
编辑/etc/sysctl.conf,添加如下选项:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
|
执行如下命令,让改动配置立即生效:
|
1
|
/sbin/sysctl
–p
|
注意:老生常谈的ulimit的问题,这个话题说得太多了,这里实在不想再提了,记得将在/etc/rc.local添加如下内容:
|
1
|
ulimit
–SHn 65535
|
注意:记得在启动varnish之前将此命令手动执行一遍(最方便的做法是放进经常运行的监控脚本或服务启动脚本),另外,在工作中发现,CentOS6.X x86_64下更改ulimit跟CentOS5.X x86_64是不同的,这点也请大家注意。以上即为varnish-2.1.5在CentOS5.8 x86_64下的安装配置过程,记录下作为工作笔记,方便以后在新机器上部署,年纪大了,起个备忘作用而矣。
本文转自 抚琴煮酒 51CTO博客,原文链接:http://blog.51cto.com/yuhongchun/1293169,如需转载请自行联系原作者
