实验拓扑
varnish主机 地址192.168.150.137
后端web主机 web1静态服务192.168.150.138 web2动态服务192.168.150.140
varnish的安装及开启
varnish主机:
~]# yum info varnish varnish版本4.0.4 epel源
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.zju.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.zju.edu.cn
可安装的软件包
名称 :varnish
架构 :x86_64
版本 :4.0.4
发布 :3.el7
大小 :452 k
源 :epel
简介 : High-performance HTTP accelerator
网址 :http://www.varnish-cache.org/
协议 : BSD
描述 : This is Varnish Cache, a high-performance HTTP accelerator.
: Documentation wiki and additional information about Varnish is
: available on the following web site: http://www.varnish-cache.org/
~]# yum -y install varnish
~]# yum info varnish-docs varnish的说明文档
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.zju.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.zju.edu.cn
可安装的软件包
名称 :varnish-docs
架构 :x86_64
版本 :4.0.4
发布 :3.el7
大小 :438 k
源 :epel
简介 : Documentation files for varnish
网址 :http://www.varnish-cache.org/
协议 : BSD
描述 : Documentation files for varnish
~]# yum -y install varnish-docs
~]# rpm -ql varnish
/etc/logrotate.d/varnish
/etc/varnish
/etc/varnish/default.vcl vcl: Varnish Configuration Language varnish的缓存策略配置接口
/etc/varnish/varnish.params 初始化参数配置,配置进场特性
/run/varnish.pid
/usr/bin/varnishadm
/usr/bin/varnishhist
/usr/bin/varnishlog
/usr/bin/varnishncsa
/usr/bin/varnishstat
/usr/bin/varnishtest
/usr/bin/varnishtop
/usr/lib/systemd/system/varnish.service
/usr/lib/systemd/system/varnishlog.service
/usr/lib/systemd/system/varnishncsa.service
/usr/sbin/varnish_reload_vcl
/usr/sbin/varnishd
/usr/share/doc/varnish-4.0.4
/usr/share/doc/varnish-4.0.4/LICENSE
/usr/share/doc/varnish-4.0.4/README
/usr/share/doc/varnish-4.0.4/builtin.vcl
/usr/share/doc/varnish-4.0.4/changes.rst
/usr/share/doc/varnish-4.0.4/example.vcl
/usr/share/man/man1/varnishadm.1.gz
/usr/share/man/man1/varnishd.1.gz
/usr/share/man/man1/varnishhist.1.gz
/usr/share/man/man1/varnishlog.1.gz
/usr/share/man/man1/varnishncsa.1.gz
/usr/share/man/man1/varnishstat.1.gz
/usr/share/man/man1/varnishtest.1.gz
/usr/share/man/man1/varnishtop.1.gz
/usr/share/man/man3/vmod_directors.3.gz
/usr/share/man/man3/vmod_std.3.gz
/usr/share/man/man7/varnish-cli.7.gz
/usr/share/man/man7/varnish-counters.7.gz
/usr/share/man/man7/vcl.7.gz
/usr/share/man/man7/vsl-query.7.gz
/usr/share/man/man7/vsl.7.gz
/var/lib/varnish
/var/log/varnish
varnish]# cat varnish.params
# Varnish environment configuration description. This was derived from
# the old style sysconfig/defaults settings
# Set this to 1 to make systemd reload try to switch VCL without restart.
RELOAD_VCL=1
# Main configuration file. You probably want to change it.
VARNISH_VCL_CONF=/etc/varnish/default.vcl
# Default address and port to bind to. Blank address means all IPv4
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
# quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=192.168.1.5
VARNISH_LISTEN_PORT=6081 监听端口
# Admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
# Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret
# Backend storage specification, see Storage Types in the varnishd(5)
# man page for details.
VARNISH_STORAGE="malloc,256M"
varnish如何存储缓存对象
file: 单个文件;不支持持久机制;自管理的文件系统,黑盒;
malloc: 内存;使用malloc()库调用在varnish启动时向内在申请指定大小的空间
persistent:基于文件的持久存储;
# User and group for the varnishd worker processes
VARNISH_USER=varnish
VARNISH_GROUP=varnish
# Other options, see the man page varnishd(1)
#DAEMON_OPTS="-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300"
额外的参数配置 -p param=value
~]# systemctl start varnish.service
~]# ss -tnpl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
users:(("sshd",pid=1078,fd=3))LISTEN 0 100 127.0.0.1:25 *:*
users:(("master",pid=1400,fd=13))LISTEN 0 128 *:6081 *:*
users:(("varnishd",pid=3189,fd=6))LISTEN 0 10 127.0.0.1:6082 *:*
users:(("varnishd",pid=3188,fd=5))LISTEN 0 128 :::22 :::*
users:(("sshd",pid=1078,fd=4))LISTEN 0 100 ::1:25 :::*
users:(("master",pid=1400,fd=14))LISTEN 0 128 :::6081 :::*
users:(("varnishd",pid=3189,fd=7))
修改监听端口并开启,提供80端口监听
varnish]# vim varnish.params
VARNISH_LISTEN_ADDRESS=192.168.150.137
VARNISH_LISTEN_PORT=80
varnish]# systemctl restart varnish.service
varnish]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.150.137:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 10 127.0.0.1:6082 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
varnishadm:命令行工具
~]# varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082
200
—————————–
Varnish Cache CLI 1.0
—————————–
Linux,3.10.0-327.el7.x86_64,x86_64,-smalloc,-smalloc,-hcritbit
varnish-4.0.4 revision 386f712
Type 'help' for command list.
Type 'quit' to close CLI session.
help
200
help [<command>]
ping [<timestamp>]
auth <response>
quit
banner
status
start
stop
vcl.load <configname> <filename> 编译装载并定义vcl
vcl.inline <configname> <quoted_VCLstring>
vcl.use <configname> 使用定义的vcl
vcl.discard <configname>
vcl.list
param.show [-l] [<param>]
param.set <param> <value>
panic.show
panic.clear
storage.list
vcl.show [-v] <configname>
backend.list [<backend_expression>]
backend.set_health <backend_expression> <state>
ban <field> <operator> <arg> [&& <field> <oper> <arg>]…
ban.list
配置后端主机,定义在vcl_deliver中,向响应给客户端的报文添加一个自定义首部X-Cache;
varnish主机配置
~]# cd /etc/varnish/
varnish]# vim default.vcl
backend default {
.host = "192.168.150.138";
.port = "80";
}
……
sub vcl_deliver {
# Happens when we have all the pieces we need, and are about to send the
# response to the client.
#
# You can do accounting or modifying the final object here.
if (obj.hits>0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
}
命令行进行配置载入并生效
varnish]# varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082
200
—————————–
Varnish Cache CLI 1.0
—————————–
Linux,3.10.0-327.el7.x86_64,x86_64,-smalloc,-smalloc,-hcritbit
varnish-4.0.4 revision 386f712
Type 'help' for command list.
Type 'quit' to close CLI session.
vcl.load test1 default.vcl
200
VCL compiled.
vcl.use test1
200
VCL 'test1' now active
后端web1主机配置
~]# yum -y install httpd
~]# vim /var/www/html/index.html
<h1>Backend Web Server1</h1>
~]# systemctl start httpd.service
~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
访问测试:
访问192.168.150.137 varnish主机,指向了后端http主机
并且在响应报文中添加了自定义内容
再次访问后内容 X-Cache自定义内容变为HIT,表示已命中缓存
强制对某资源的请求,不检查缓存:
varnish主机default.vcl中添加如下配置
sub vcl_recv {
# Happens before we check if we have this in cache already.
#
# Typically you clean up the request here, removing cookies you don't need,
# rewriting the request, etc.
if (req.url ~ "(?i)^/login" || req.url ~ "(?i)^/admin") {
return(pass);
}
}
说明:
~ 模式匹配
(?i) 不区分字符大小写
命令行进行配置载入并生效
vcl.load test2 default.vcl
200
VCL compiled.
vcl.use test2
200
VCL 'test2' now active
web1端进行/login和/admin配置进行模拟测试
~]# cd /var/www/html/
html]# mkdir {login,admin}
html]# ls
admin index.html login
html]# vim login/index.html
html]# cat login/index.html
<h1>login</h1>
html]# vim admin/index.html
html]# cat admin/index.html
<h1>admin</h1>
测试结果
对特定类型的资源取消其私有的cookie标识,并强行设定其可以varnish缓存的时长
varnish主机中进行default.vcl的配置,在vcl_backend_response选项中添加如下配置
if (beresp.http.cache-control !~ "s-maxage") {
if (bereq.url ~ "(?i)\.jpg$") {
set beresp.ttl = 3600s;
unset beresp.http.Set-Cookie;
}
if (bereq.url ~ "(?i)\.css$") {
set beresp.ttl = 600s;
unset beresp.http.Set-Cookie;
}
}
命令行进行配置载入并生效
vcl.load test3 default.vcl
200
VCL compiled.
vcl.use test3
200
VCL 'test3' now active
web1端进行配置,模拟实验
创建.jpg文件
html]# find /usr -iname "*.jpg"
/usr/share/backgrounds/morning.jpg
/usr/share/backgrounds/night.jpg
/usr/share/backgrounds/day.jpg
/usr/share/backgrounds/default.jpg
/usr/share/kde4/apps/ksplash/Themes/CentOS7/2560×1600/background.jpg
/usr/share/wallpapers/CentOS7/contents/images/2560×1600.jpg
html]# cp /usr/share/backgrounds/day.jpg ./
html]# ls
admin day.jpg index.html login
缓存对象修剪的方式
varnish主机中的default.vcl配置
acl purgers { 定义可以进行访问控制列表,指定特定的ip可以进行PURGE
"127.0.0.0"/8;
"192.168.150.0"/24;
}
sub vcl_purge{
return (synth(200,"Purged"));
}
sub vcl_recv { 在vcl_recv进行PURGE方法的定义,当请求的方法为PURGE时return purge
if (req.method == "PURGE") {
if (!client.ip ~ purgers) {
return(synth(405,"Purge not allow for" + client.ip));
}
return(purge);
}
}
vcl.load test4 default.vcl
200
VCL compiled.
vcl.use test4
200
VCL 'test4' now active
客户端进行curl命令指定PURGE方法访问
[root@client1 ~]# curl -X PURGE http://192.168.150.137/morning.jpg
<!DOCTYPE html>
<html>
<head>
<title>200 Purged</title> 返回了200 Purged
</head>
<body>
<h1>Error 200 Purged</h1>
<p>Purged</p>
<h3>Guru Meditation:</h3>
<p>XID: 131139</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
设定多个后端主机
varnish主机配置
backend default {
.host = "192.168.150.138";
.port = "80";
}
backend appsrv {
.host = "192.168.150.140";
.port = "80";
}
sub vcl_recv { 在vcl_recv中进行判断,如何请求一.php结尾的则指向后端的appsrv主机
if (req.url ~ "(?i)\.php$") {
set req.backend_hint = appsrv;
} else {
set req.backend_hint = default;
}
}
vcl.load test5 default.vcl
200
VCL compiled.
vcl.use test5
200
VCL 'test5' now active
设定web2主机,架设Php进行模拟测试
~]# yum -y install httpd php
~]# vim /var/www/html/index.php
<?php
phpinfo();
?>
访问index.html时
访问index.php时调度至Php主机
后端主机的调度
使用调度时,先要在配置档中进行import引用
import directors;
backend websrv1 {
.host = "192.168.150.138";
.port = "80";
}
backend websrv2 {
.host = "192.168.150.140";
.port = "80";
}
sub vcl_init {
new websrvs = directors.round_robin();
websrvs.add_backend(websrv1);
websrvs.add_backend(websrv2);
}
sub vcl_recv {
set req.backend_hint = websrvs.backend();
…
}
健康状态监测
backend websrv1 {
.host = "192.168.150.138";
.port = "80";
.probe = {
.url = "/";
.interval = 1s; #探测频率
.window = 8; #基于最近多少次的探测
.threshold = 5; #最近8次探测中至少有5次是成功的
.timeout = 2s;每次探测的超时时长
}
.request =
"GET / HTTP/1.1"
"Host:192.168.150.138"
"Connection:close"
.expected_response=200;
}
原创文章,作者:N23-苏州-void,如若转载,请注明出处:http://www.178linux.com/65956
评论列表(1条)
很棒的部署文档。