Varnish是一款強大的反向代理加速軟件,關於其工作原理可以參考上圖,其具體流程及VCL語法我這裡就不做說明,網上資料多,大家還可以對照參考其官方網站和《Varnish中文權威指南》。
一、安裝CentOS5.8系統環境下的依耐關系
yum install gcc gcc-c++
yum install automake autoconflibtool ncurses-devel libxslt groff pcre-devel pkgconfig libtool -y
二、下載varnish-2.1.5源碼包,並進行編譯安裝。
cd /usr/local/src
wget http://repo.varnish-cache.org/source/varnish-2.1.5.tar.gz
tar zxvf varnish-2.1.5.tar.gz
cd varnish-2.1.5.
./autogen.sh
#autogen.sh命令是用來檢查軟件的依耐關系是否滿足,如果報錯的話, 則應該如下
正常所示:
+ aclocal
+ libtoolize --copy --force
+ autoheader
+ automake --add-missing --copy --foreign
+ autoconf
繼續編譯安裝:
./configure --prefix=/usr/local/varnish --enable-dependency-tracking --enable-debugging-symbols --enable-developer-warnings -enable-extra-warnings
make && make install && cd ../
三、創建varnish用戶和組,以及varnish緩存文件和日志存放目錄:
/usr/sbin/groupadd varnish
/usr/sbin/useradd -s /sbin/nologin -g varnish varnish
mkdir -p /data/varnish/{cache,log}
chown -R varnish:varnish /data/varnish/{cache,log}
四、我的測試環境是兩台Web機器,IP為192.168.1.103(域名為http://www.yuhongchun027.net)的varnish機器對後端IP為192.168.1.104和192.168.1.105的機器進行反向代理加速,其配置文件/usr/local/varnish/etc/varnish/better.vcl如下所示:
backend rserver1
{
.host ="192.168.1.104";
.port = "80";
.probe = {
.timeout = 5s; #等待多長時間超時
.interval = 2s; #檢查時間間隔
.window = 10; #varnish將維持10個sliding windows的結果
.threshold = 8; #如果是8次.windows檢查是成功的,就宣告後端的Web機器
是健康的
}
}
backend rserver2
{
.host ="192.168.1.105";
.port = "80";
.probe = {
.timeout = 5s;
.interval = 2s;
.window = 10;
.threshold = 8;
}
}
#指定一個名為realserver組,使用random機制,權重越大,分配的訪問越多,可根據
服務器性能來設定;而round-robin(輪詢)機制是不能指定weight的
director realserver random {
{
.backend = rserver1;
.weight = 5;
}
{
.backend = rserver2;
.weight = 6;
}
}
#定義能清理緩存的機器,這裡只允許本機能用purge的方式清理
acl purge {
"localhost";
"127.0.0.1";
}
sub vcl_recv
{
if (req.http.host ~"^(.*).yuhongchun027.net")
{
set req.backend =realserver;
}
else
{
error 200 "Nocahce for this domain";
}
if (req.request =="PURGE")
{
if (!client.ip ~purge)
{
error 405"Not allowed.";
}
else
{
return (pipe);
}
}
#獲取客戶端真實IP地址
if(req.http.x-forwarded-for)
{
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For "," client.ip;
}
else
{
set req.http.X-Forwarded-For =client.ip;
}
#對HTTP協議中的GET、HEAD請求進行緩存,對POST請求透過,讓其直接訪問後端Web服
務器。之所以這樣配置,是因為POST請求一般是發送數據給服務器的,需要服務器接
收、處理,所以不緩存;
if (req.request !="GET" && req.request != "HEAD")
{
return (pipe);
}
if (req.http.Expect)
{
return (pipe);
}
if (req.http.Authenticate|| req.http.Cookie)
{
return (pass);
}
if (req.http.Cache-Control~ "no-cache")
{
return (pass);
}
#對JSP或者PHP文件不緩存
if(req.url ~"\.jsp" || req.url ~ "\.php" )
{
return (pass);
}
else
{
return (lookup);
}
}sub vcl_pipe
{
return (pipe);
}sub vcl_pass
{
return (pass);
}sub vcl_hash
{
set req.hash += req.url;
if (req.http.host)
{
set req.hash +=req.http.host;
}
else
{
set req.hash +=server.ip;
}
return (hash);
}sub vcl_hit
{
if (req.request =="PURGE")
{
set obj.ttl = 0s;
error 200"Purged.";
}
if (!obj.cacheable)
{
return (pass);
}
return (deliver);
}sub vcl_miss
{
if (req.request =="PURGE")
{
error 404 "Not incache.";
}
if (req.http.user-agent ~"spider")
{
error 503 "Notpresently in cache";
}
return (fetch);
}
sub vcl_fetch
{
if (req.request =="GET" && req.url ~ "\.(txt|js)$")
{
set beresp.ttl = 3600s;
}
else
{
set beresp.ttl = 30d;
}
if (!beresp.cacheable)
{
return (pass);
}
if (beresp.http.Set-Cookie)
{
return (pass);
}
return (deliver);
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache= "HIT FROM www.yuhongchun027.net";
} else {
set resp.http.X-Cache= "MISS FROM www.yuhongchun027.net";
}
return (deliver);
}
五、啟動varnish的命令很長,如下所示:
/usr/local/varnish/sbin/varnishd -n /data/varnish/cache -f /usr/local/varnish/etc/varnish/better.vcl -a 0.0.0.0:80 -s
file,/data/varnish/varnish_cache.data,8G -p user=varnish -p group=varnish -p default_ttl=14400 -p thread_pool_max=8000 -p send_timeout=20 -w
5,51200,30 -T 127.0.0.1:3500 -P /usr/local/varnish/var/varnish.pid
驗證其是否生效可以用curl –I命令,如下所示:
[root@localhost cache]# curl -I http://www.yuhongchun027.net/
以下結果顯示varnish緩存已經起作用了:
HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 28 Aug 2013 16:27:33 GMT
ETag: "10d242-e-776b6740"
Content-Type: text/html; charset=UTF-8
Content-Length: 14
Date: Wed, 21 Aug 2013 17:47:48 GMT
X-Varnish: 1584727079 1584726982
Age: 10101
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT FROM www.yuhongchun027.net
六、如果vcl配置文件發生改動,想要不重啟而直接reload,可以用如下操作,可以在本機上進行telnet操作,連接3500管理端口:
telnet 127.0.0.1 3500
vcl.load newconfig /usr/local/varnish/etc/varnish/better.vcl
200 13
VCL compiled.
vcl.use newconfig
200 0
如果顯示有200字樣,則表示已經正常reload了,newconfig這個名字是自己定義的,熟悉varnish操作的朋友應該也清楚,通過telnet連接本機還可以進行清理緩存。
七、用varnishadm命令來清理緩存,例子如下所示:
清除所有緩存
/usr/local/varnish/bin/varnishadm -T 192.168.1.103:3500 url.purge *$
清除image目錄下所有緩存
/usr/local/varnish/bin/varnishadm -T 192.168.1.103:3500 url.purge /image/
查看最近清除的詳細url列表,可執行如下命令:
/usr/local/varnish/bin/varnishadm –T 192.168.1.103:3500 purge.list
另外,緩存命中率的高低直接說明了varnish的運行狀態和效果,如果緩存率命中率過低,我們應該對varnish配置進行檢查調整來進行提高,查看其命中率命令如下所示:
/usr/local/varnish/bin/varnishstat -n /data/varnish/cache
八、內核優化如下所示:
編輯/etc/sysctl.conf,添加如下選項:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
執行如下命令,讓改動配置立即生效:
/sbin/sysctl –p
注意:老生常談的ulimit的問題,這個話題說得太多了,這裡實在不想再提了,記得將在/etc/rc.local添加如下內容:
ulimit –SHn 65535
注意:記得在啟動varnish之前將此命令手動執行一遍(最方便的做法是放進經常運行的監控腳本或服務啟動腳本),另外,在工作中發現,CentOS6.X x86_64下更改ulimit跟CentOS5.X x86_64是不同的,這點也請大家注意。以上即為varnish-2.1.5在CentOS5.8 x86_64下的安裝配置過程,記錄下作為工作筆記,方便以後在新機器上部署,年紀大了,起個備忘作用而矣。
本文出自 “撫琴煮酒” 博客,請務必保留此出處http://andrewyu.blog.51cto.com/1604432/1293169
