架構
當client user 有一的web request時, 會先經由cache server查看該要求資料是否有在自已cache 暫存裡面, 如果有則直接回應給client user, 反之則向後端web server要求資料然後自已回存一份,然後再回應給client user. 這裡varnish cache server 將扮演前端loadbalance及reverse proxy角色, 如果後端有任一台web server掛了或沒反應, varnish cache server第一時間則會知道, 就不會把資料後down掉那台web server送了!
1. 建立user/group
#groupadd varnish
#useradd -g varnish varnish
2. 建立cache目錄
#mkdir -p /var/varnish_cache
#chown -R varnish.varnish /var/varnish_cache
#chown -R varnish.varnish /var/varnish_cache
3. 編譯/安裝Varnish
要先確認是否安裝pcre-devel 套件, 沒有的話,安裝一下吧!!
# rpm -ivh pcre-devel-6.6-2.el5_1.7.i386.rpm
#cd /usr/local/src
# tar zxvf varnish-2.1.4.tar.gz
# cd varnish-2.1.4
# ./configure --prefix=/usr/local/varnish --sysconfdir=/etc
#make && make install
4. Varnish 相關啟動檔
# cp -p redhat/varnish.initrc /etc/init.d/varnish //varnish 啟動檔
# cp -p redhat/varnish.sysconfig /etc/sysconfig/varnish //varnish 啟動檔設定檔
# cp -p redhat/varnishncsa.initrc /etc/init.d/varnishncsa //varnish ncsa格式log啟動檔
Ps. redhat/varnishlog.initrc /etc/init.d/varnishlog //varnish 2進制log啟動檔,不能用 less,more ,vi等命令開啟,需要用/usr/local/varnish/bin/varnishlog 讀取; 用法只要 –r /var/log/varnish.log 即可; 我暫時不用此二進制log方式.
# vi /etc/init.d/varnish
內容如下
exec="/usr/local/varnish/sbin/varnishd" //確認varnishd執行檔位置
ps.只要修改這一行即可, 其它使用預設就好.
存檔退出
# vi /etc/sysconfig/varnish
內容如下
DAEMON_OPTS="-a 61.64.90.169:80 \
-f /etc/varnish/default.vcl \
-T localhost:4322 \
-u varnish -g varnish \
-s file,/var/varnish_cache/cache.data,1G"
ps.只要修改這一行即可, 其它使用預設就好.
存檔退出
# chkconfig --add varnish
# chkconfig varnish on
# chkconfig varnish --list
varnish 0:off1:off2:on3:on4:on5:on6:off
5. 編輯default.vcl檔案
# vi /etc/varnish/default.vcl
# man page for details on VCL syntax and semantics.
#
# Default backend definition. Set this to point to your content
# server.
backend server1 { //第一台web server
.host = "192.168.1.254"; //主機名或ip address皆可
.probe = { //對backend web server作探針
.url = "/"; //哪個url需要varnish請求
.interval = 5s; //檢查間隔時間
.timeout = 1 s; //等待多久的探針timeout
.window = 5; // varnish將維持5個sliding window的結果
.threshold = 3; //至少有3次, .windows檢查是成功的,就宣告backends健康
}
.connect_timeout = 600s; //等待連接後端(backend)的時間
.first_byte_timeout = 600s; //等待從 backend 傳輸過來的第一個字符的時間
.between_bytes_timeout = 600s; //兩個字元的間隔時間
}
backend server2 { //第二台web server
.host = "192.168.1.246";
.probe = {
.url = "/";
.interval = 5s;
.timeout = 1 s;
.window = 5;
.threshold = 3;
}
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
}
director lb round-robin { //定義redirector loadbalance
{
.backend = server1;
}
{
.backend = server2;
}
}
acl purge {
"127.0.0.1";
"192.168.1.0";
}
sub vcl_recv {
set req.grace = 15s;
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For ", " client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if (req.http.Authorization || req.http.Cookie) { //認證頁面不cache
return (pass);
}
if (req.http.host ~ "^(.*).catchlink.com") { //所有以*.catchlink.com的url都交由後端web server處理
set req.backend = lb; //剛定義的director
}
else {
error 404 "Unknown HostName!";
}
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not Allowed.";
return (lookup);
}
}
if (req.url ~ "\.(php|php5)($|\?)") { //.php或php? 都不cache
return (pass);
}
if (req.http.Cache-Control ~ "(no-cache|max-age=0)") {
purge_url(req.url);
}
return (lookup);
}
sub vcl_pipe {
return (pipe);
}
sub vcl_pass {
return (pass);
}
sub vcl_hash {
set req.hash += req.url;
if (req.http.host) {
set req.hash += req.http.host;
} else {
set req.hash += server.ip;
}
return (hash);
}
sub vcl_hit {
if (!obj.cacheable) {
return (pass);
}
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
return (deliver);
}
sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache.";
}
return (fetch);
}
sub vcl_fetch {
set req.grace = 10s;
if (!beresp.cacheable) {
return (pass);
}
if (!(req.url ~ "(admin|login)")) {
remove beresp.http.Set-Cookie;
}
if (req.request == "GET" && req.url ~ "\.(png|bmp|swf|txt|gif|jpg|jpeg|ico)$") {
unset req.http.cookie;
set beresp.ttl = 30d;
}
elseif (req.request == "GET" && req.url ~ "\.(html|htm|js|css)$") {
set beresp.ttl = 7d;
}
else {
set beresp.ttl = 120s;
}
return (deliver);
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
return (deliver);
}
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
synthetic {"
<?xml version="1.0" encoding="utf-8"?> //可自行定義error 頁面
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>"} obj.status " " obj.response {"</title>
</head>
<body>
<h1>Error "} obj.status " " obj.response {"</h1>
<p>XID: "} req.xid {"</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
"};
return (deliver);
}
6. 設定Varnish log
# vi /etc/init.d/varnishncsa
內容如下
logfile="/var/log/varnishncsa.log" //log 存放位置
exec="/usr/local/varnish/bin/varnishncsa" //varnishncsa 執行檔位置
存檔退出
# chmod +x /etc/init.d/varnishncsa
# chkconfig --add varnishncsa
# chkconfig varnishncsa on
# chkconfig varnishncsa --list
varnishncsa 0:off1:off2:on3:on4:on5:on6:off
啟用Varnish log service
#service varnishncsa start
7. 設定Varnish logrotate
# vi /etc/logrotate.d/varnish
內容如下
/var/log/varnishncsa.log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/bin/kill -HUP `cat /var/run/varnishncsa.pid 2>/dev/null` 2> /dev/null || true
endscript
}
也可以自己寫shell script
#vi /usr/local/varnish_logrotate.sh
內容如下
#!/bin/sh
# This file run at 02:00
date=$(date -d ”yesterday” +”%Y-%m-%d”)
pkill -9 varnishncsa
mv /var/log/varnish.log /var/log/${date}.log
/usr/local/varnish/bin/varnishncsa -a -w /var/log/varnish.log &
gzip -c /var/log/${date}.log > /var/log/${date}.log.gz
rm -f /var/log/${date}.log
rm -f /var/log/$(date -d ”-1 month” +”%Y-%m*”).log.gz
存檔退出
#chmod +x /usr/local/varnish_logrotate.sh
#crontab –e
0 2 * * * /usr/local/ varnish_logrotate.sh //安排每天2:00執行
啟動Varnish
# service varnish start
Starting varnish HTTP accelerator: [ OK ]
# service varnish //varnish用法
Usage: /etc/init.d/varnish {start|stop|status|restart|condrestart|try-restart|reload|force-reload}
#vi /etc/rc.loacl
ulimit –SHn 51200
8. 查看listen port
# netstat -na |grep -w 80
tcp 0 0 61.64.90.169:80 0.0.0.0:* LISTEN
9. 查看varnish status
# /usr/local/varnish/bin/varnishstat
10. OS kernel tuning - 選項,可有可無
編輯 /etc/sysctl.conf
net.ipv4.ip_local_port_range = 1024 65536
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
#sysctl -p
No comments:
Post a Comment