varnish安装维护
各文档所在位置 日志文件 /var/log/varnish/varnish.log 可执行程序 /usr/loca...
扫描右侧二维码阅读全文
11
2008/04

varnish安装维护

各文档所在位置
日志文件 /var/log/varnish/varnish.log
可执行程序 /usr/local/varnish/bin
缓冲文件 /var/vcache
配置文件 /usr/local/varnish/vcl.conf
启动参数 /etc/sysconfig/varnish
启动脚本 /etc/rc.d/init.d/varnish
/etc/rc.d/init.d/varnishlog

创建www用户和组,以及Varnish缓存文件存放目录(/var/vcache):
/usr/sbin/groupadd www -g 48
/usr/sbin/useradd -u 48 -g www www
mkdir -p /var/vcache
chmod +w /var/vcache
chown -R www:www /var/vcache

创建日志文件,并授予www用户权限访问
mkdir -p /var/log/varnish
chmod +w /var/log/varnish
chown -R www:www /var/log/varnish

可能需要安装如下包
[CENTOS]yum install ncurses-devel
[UBUNTU]apt-get install libncurses5-dev

编译安装
./configure --prefix=/usr/local/varnish
make
make install

编辑配置文件
vi /usr/local/varnish/vcl.conf
view plaincopy to clipboardprint?
backend myblogserver {
set backend.host = "192.168.0.5";
set backend.port = "80";
}

acl purge {
"localhost";
"127.0.0.1";
"192.168.1.0"/24;
}

sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
lookup;
}

if (req.http.host ~ "^www.hiadmin.com") {
set req.backend = myblogserver;
if (req.request != "GET" && req.request != "HEAD") {
pipe;
}
elseif(req.url ~ "\.(php|cgi)($|\?)") {
pass;
}
else {
lookup;
}
}
else {
error 404 "Cache Server";
lookup;
}
}

sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
}

sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache.";
}
}

sub vcl_fetch {
if (req.request == "GET" && req.url ~ "\.(txt|js)$") {
set obj.ttl = 3600s;
}
else {
set obj.ttl = 30d;
}
}

backend myblogserver {
set backend.host = "192.168.0.5";
set backend.port = "80";
}

acl purge {
"localhost";
"127.0.0.1";
"192.168.1.0"/24;
}

sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
lookup;
}

if (req.http.host ~ "^www.hiadmin.com") {
set req.backend = myblogserver;
if (req.request != "GET" && req.request != "HEAD") {
pipe;
}
elseif(req.url ~ "\.(php|cgi)($|\?)") {
pass;
}
else {
lookup;
}
}
else {
error 404 "Cache Server";
lookup;
}
}

sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
}

sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache.";
}
}

sub vcl_fetch {
if (req.request == "GET" && req.url ~ "\.(txt|js)$") {
set obj.ttl = 3600s;
}
else {
set obj.ttl = 30d;
}
}

启动varnish
ulimit -SHn 51200
/usr/local/varnish/sbin/varnishd -n /var/vcache -f /usr/local/varnish/vcl.conf -a 0.0.0.0:80 -s file,/var/vcache/varnish_cache.data,1G -g www -u www -w 30000,51200,10 -T 127.0.0.1:3500 -p client_http11=on

启动varnishncsa记录访问日志
/usr/local/varnish/bin/varnishncsa -n /var/vcache -w /var/log/varnish/varnish.log &

优化linux内核
vi /etc/sysctl.conf
添加以下内容
view plaincopy to clipboardprint?
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000

执行优化
sysctl -p

编辑varnish启动参数
# vi /etc/sysconfig/varnish
修改

# Configuration file for varnish # # /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this # shell script fragment. # # Maximum number of open files (for ulimit -n) NFILES=131072 # # Main configuration file. You probably want to change it :) VARNISH_VCL_CONF=/usr/local/varnish/vcl.conf # # # Default address and port to bind to # # Blank address means all IPv4 and IPv6 interfaces, otherwise specify # # a host name, an IPv4 dotted quad, or an IPv6 address in brackets. # VARNISH_LISTEN_ADDRESS=80 VARNISH_LISTEN_PORT=80 # # # Telnet admin interface listen address and port VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 VARNISH_ADMIN_LISTEN_PORT=6082 # # # The minimum number of worker threads to start VARNISH_MIN_THREADS=1 # # # The Maximum number of worker threads to start VARNISH_MAX_THREADS=1000 # # # Idle timeout for worker threads VARNISH_THREAD_TIMEOUT=120 # # # Cache file location VARNISH_STORAGE_FILE=/var/vcache/varnish_cache.data # # # Cache Directory VARNISH_WORKDIR=/var/vcache # # # Cache file size: in bytes, optionally using k / M / G / T suffix, # # or in percentage of available disk space using the % suffix. VARNISH_STORAGE_SIZE=2G # # # Backend storage specification VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" # # # Default TTL used when the backend does not specify one VARNISH_TTL=120 # # varnish run as VARNISH_USER=www VARNISH_GROUP=www # # # DAEMON_OPTS is used by the init script. If you add or remove options, make # # sure you update this section, too. DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ -f ${VARNISH_VCL_CONF} \ -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ -t ${VARNISH_TTL} \ -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \ -u ${VARNISH_USER} -g ${VARNISH_GROUP} \ -n ${VARNISH_WORKDIR} \ -s ${VARNISH_STORAGE}" # # Configuration file for varnish # # /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this # shell script fragment. # # Maximum number of open files (for ulimit -n) NFILES=131072 # # Main configuration file. You probably want to change it :) VARNISH_VCL_CONF=/usr/local/varnish/vcl.conf # # # Default address and port to bind to # # Blank address means all IPv4 and IPv6 interfaces, otherwise specify # # a host name, an IPv4 dotted quad, or an IPv6 address in brackets. # VARNISH_LISTEN_ADDRESS=80 VARNISH_LISTEN_PORT=80 # # # Telnet admin interface listen address and port VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 VARNISH_ADMIN_LISTEN_PORT=6082 # # # The minimum number of worker threads to start VARNISH_MIN_THREADS=1 # # # The Maximum number of worker threads to start VARNISH_MAX_THREADS=1000 # # # Idle timeout for worker threads VARNISH_THREAD_TIMEOUT=120 # # # Cache file location VARNISH_STORAGE_FILE=/var/vcache/varnish_cache.data # # # Cache Directory VARNISH_WORKDIR=/var/vcache # # # Cache file size: in bytes, optionally using k / M / G / T suffix, # # or in percentage of available disk space using the % suffix. VARNISH_STORAGE_SIZE=2G # # # Backend storage specification VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" # # # Default TTL used when the backend does not specify one VARNISH_TTL=120 # # varnish run as VARNISH_USER=www VARNISH_GROUP=www # # # DAEMON_OPTS is used by the init script. If you add or remove options, make # # sure you update this section, too. DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ -f ${VARNISH_VCL_CONF} \ -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ -t ${VARNISH_TTL} \ -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \ -u ${VARNISH_USER} -g ${VARNISH_GROUP} \ -n ${VARNISH_WORKDIR} \ -s ${VARNISH_STORAGE}" #

配置启动脚本
# vi $home/varnish-1.1.2/redhat/varnish.initrc
修改
DAEMON="/usr/local/varnish/sbin/varnishd"
# cp varnishlog.initrc /etc/rc.d/init.d/varnish

配置varnishlog启动脚本
# vi $home/varnish-1.1.2/redhat/varnishlog.initrc
修改
DAEMON="/usr/local/varnish/bin/varnishlog"
LOGFILE="/var/log/varnish/varnish.log"
CACHEFILE="/var/vcache"
DAEMON_OPTS="-a -n ${CACHEFILE} -w ${LOGFILE} -D -P $PIDFILE"
# chmod 755 varnishlog.initrc
# cp varnishlog.initrc /etc/rc.d/init.d/varnishlog

启动varnish
/etc/rc.d/init.d/varnish start
/etc/rc.d/init.d/varnishlog start

查看varnish状态
/usr/local/varnish/bin/varnishstat -n /var/vcache

通过varnish管理端口进行管理
/usr/local/varnish/bin/varnishadm -T 127.0.0.1:3500

通过正则清楚缓存
/usr/local/varnish/bin/varnishadm -T 127.0.0.1:3500 url.purge 正则表达式

/*附录摘自leftleg.hzpub.com*/
*********************************************************************************************
man page意译如下:

VCL语法比较简单,和C类似,if(){}的形式,=和==的区别,!、&&和||等等。但\符号没有特别的意思。
VCL里除了用==、!、&&、||做逻辑判断意外,还可以用~来表示与正则表达式或ACL的匹配。
VCL其实只是配置,并不是真正的编程语言,没有循环,没有自定义变量。

声明Backend
backend 名称 {
set backend.host = "域名";
set backend.port = "端口";
}
比如
backend www {
set backend.host = "www.example.com";
set backend.port = "http";
}
声明的Backend可以用在判断请求针对哪个后端服务器
if (req.http.host ~ "^(www.)?example.com$") {
{
set req.backend = www;
}

声明ACL
acl 名称 {
"IP";
"IP子网"/反掩码位数;
! "IP或IP子网"/反掩码位数;
}
比如
acl local {
"locahost"; /* myself */
"10.0.0.1"/8; /* and everyone on the local network */
! "10.0.0.23"; /* except for the dialin router */
}
判断ACL也很简单
if (client.ip ~ local) {
pipe;
}

还可以定义子程序
sub pipe_if_local {
if (client.ip ~ local) {
pipe;
}
}
用call来调用
call pipe_if_local;

内置的例程
vcl_recv
有请求到达后成功接收并分析时被调用,一般以以下几个关键字结束。
error code [reason] 返回code给客户端,并放弃处理该请求
pass 进入pass模式,把控制权交给vcl_pass
pipe 进入pipe模式,把控制权交给vcl_pipe
lookup 在缓存里查找被请求的对象,根据查找结果把控制权交给vcl_hit或vcl_miss

vcl_pipe
进入pipe模式时被调用。请求被直接发送到backend,后端和客户端之间的后继数据不进行处理,只是简单传递,直到一方关闭连接。一般以以下几个关键字结束。
error code [reason]
pipe

vcl_pass
进入pass模式时被调用。请求被送到后端,后端应答数据送给客户端,但不进入缓存。同一连接的后继请求正常处理。一般以以下几个关键字结束。
error code [reason]
pass

vcl_hash
目前不使用

vcl_hit
在lookup以后如果在cache中找到请求的内容事调用。一般以以下几个关键字结束。
error code [reason]
pass
deliver 将找到的内容发送给客户端,把控制权交给vcl_deliver.

vcl_miss
lookup后但没有找到缓存内容时调用,可以用于判断是否需要从后端服务器取内容。一般以以下几个关键字结束。
error code [reason]
pass
fetch 从后端取得请求的内容,把控制权交给vcl_fetch.

vcl_fetch
从后端取得内容后调用。一般以以下几个关键字结束。
error code [reason]
pass
insert 将取到的内容插入缓存,然后发送给客户端,把控制权交给vcl_deliver

vcl_deliver
缓存内容发动给客户端前调用。一般以以下几个关键字结束。
error code [reason]
deliver 内容发送给客户端

vcl_timeout
在缓存内容到期前调用。一般以以下几个关键字结束。
fetch 从后端取得该内容
discard 丢弃该内容

vcl_discard
由于到期或者空间不足而丢弃缓存内容时调用。一般以以下几个关键字结束。
discard 丢弃
keep 继续保留在缓存里

如果这些内置例程没有被定义,则执行缺省动作

一些内置的变量
now 当前时间,标准时间点(1970?)到现在的秒数

backend.host 后端的IP或主机名
backend.port 后端的服务名或端口

请求到达后有效的变量
client.ip 客户端IP
server.ip 服务端IP
req.request 请求类型,比如GET或者HEAD或者POST
req.url 请求的URL
req.proto 请求的HTTP版本号
req.backend 请求对应的后端
req.http.header 对应的HTTP头

往后段的请求时有效的变量
bereq.request 比如GET或HEAD
bereq.url URL
bereq.proto 协议版本
bereq.http.header HTTP头

从cache或后端取到内容后有效的变量
obj.proto HTTP协议版本
obj.status HTTP状态代码
obj.response HTTP状态信息
obj.valid 是否有效的HTTP应答
obj.cacheable 是否可以缓存的内容,也就是说如果HTTP返回是200、203、300、301、302、404、410并且有非0的生存期,则为可缓存
obj.ttl 生存期,秒
obj.lastuse 上一次请求到现在间隔秒数

对客户端应答时有效的变量
resp.proto response的HTTP版本
resp.status 回给客户端的HTTP状态代码
resp.response 回给客户端的HTTP状态信息
resp.http.header HTTP头

变量可以通过set来赋值或通过remove来删除(清空)
sub vcl_recv {
if (req.http.host ~ "^(www.)?example.com$") {
set req.http.host = "www.example.com";
}
}

sub vcl_fetch {
remove obj.http.Set-Cookie;
}

##########关于varnishd的启动
进入 /home/admin/varnishd/sbin/,使用 varnishd启动
启动参数说明
-a address:port # varnishd httpd监听地址及其端口
-b address:port # 后台服务器地址及其端口
# -b
# -b ':'
-d # 使用debug模式
-f file # varnishd 服务器存取规则文件
-F # Run in foreground
-h kind[,hashoptions] # Hash specification
# -h simple_list
# -h classic [default]
# -h classic,
-n dir # varnishd working directory
-P file # PID file
-p param=value # 服务器参数,用来优化性能
-s kind[,storageoptions] # 缓存内容存放方式
# -s malloc
# -s file [default: use /tmp]
# -s file,
# -s file,,
-t # Default TTL
-T address:port # telnet管理地址及其端口
-V # version
-w int[,int[,int]] # 工作线程数
# -w
# -w min,max
# -w min,max,timeout [default: -w1,1000,120]
一般使用varnishd -a address:port -b address:port 其他使用默认即可启动
注意:vcl 中指定 后台服务器的话就不用使用-b 参数了
4.关于vcl文件的使用说明
vcl是varnishd的存取策略,即varnishd的配置文件
#基本格式如下指定后台服务器机器端口
backend www {
set backend.host = "www.example.com";
set backend.port = "http";
}
#acl访问控制
acl local {
"locahost"; /* myself */
"10.0.0.1"/8; /* and everyone on the local network */
! "10.0.0.23"; /* except for the dialin router */
}
#如果使用虚拟主机,请参照下面代码
view plaincopy to clipboardprint?
backend www {
set backend.host = "www.example.com";
set backend.port = "80";
}
backend images {
set backend.host = "images.example.com";
set backend.port = "80";
}
sub vcl_recv {
if (req.http.host ~ "^(www.)?example.com$") {
set req.backend = www;
} elsif (req.http.host ~ "^images.example.com") {
set req.backend = images;
} else {
error 404 "Unknown virtual host";
}
}

backend www {
set backend.host = "www.example.com";
set backend.port = "80";
}
backend images {
set backend.host = "images.example.com";
set backend.port = "80";
}
sub vcl_recv {
if (req.http.host ~ "^(www.)?example.com$") {
set req.backend = www;
} elsif (req.http.host ~ "^images.example.com") {
set req.backend = images;
} else {
error 404 "Unknown virtual host";
}
}

#关于cache存在时间设置
sub vcl_fetch {
if (obj.ttl < 120s) {
set obj.ttl = 120s;
}
}
#cache图片等内容配置
sub vcl_recv {
if (req.request == "GET" && req.url ~ "\.(gif|jpg||jpeg|tom|swf|css|js)$") {
lookup;
}
lookup;
}
##########关于vcl文件的使用说明
vcl是varnishd的存取策略,即varnishd的配置文件
#基本格式如下指定后台服务器机器端口
backend www {
set backend.host = "www.example.com";
set backend.port = "http";
}
#acl访问控制
acl local {
"locahost"; /* myself */
"10.0.0.1"/8; /* and everyone on the local network */
! "10.0.0.23"; /* except for the dialin router */
}
#如果使用虚拟主机,请参照下面代码
backend www {
set backend.host = "www.example.com";
set backend.port = "80";
}
backend images {
set backend.host = "images.example.com";
set backend.port = "80";
}
sub vcl_recv {
if (req.http.host ~ "^(www.)?example.com$") {
set req.backend = www;
} elsif (req.http.host ~ "^images.example.com") {
set req.backend = images;
} else {
error 404 "Unknown virtual host";
}
}
#关于cache存在时间设置
sub vcl_fetch {
if (obj.ttl < 120s) {
set obj.ttl = 120s;
}
}
#cache图片等内容配置
sub vcl_recv {
if (req.request == "GET" && req.url ~ "\.(gif|jpg||jpeg|tom|swf|css|js)$") {
lookup;
}
lookup;
}
########## 关于服务器 param的设置
param有以下选项
user root (0)
group root (0)
default_ttl 14400 [seconds]
thread_pools 1 [pools]
thread_pool_max 12000 [threads]
thread_pool_min 4000 [threads]
thread_pool_timeout 10 [seconds]
overflow_max 100 [%]
http_workspace 8192 [bytes]
sess_timeout 5 [seconds]
pipe_timeout 60 [seconds]
send_timeout 20 [seconds]
auto_restart on [bool]
fetch_chunksize 128 [kilobytes]
sendfile_threshold unlimited [bytes]
vcl_trace off [bool]
listen_address 172.16.189.1:3128
listen_depth 1024 [connections]
srcaddr_hash 1049 [buckets]
srcaddr_ttl 720 [seconds]
backend_http11 on [bool]
client_http11 on [bool]
ping_interval 3 [seconds]
大家可以使用-p参数在启动时候进行配置和优化
例如
/home/admin/varnish/sbin/varnishd -f /etc/varnish/vcl.conf \
-a 172.16.189.1:3128 \
-s malloc \
-p user root -p group root \
-p default_ttl 14400 -p thread_pool_max 8000 -p send_timeout 20 \
-p srcaddr_ttl 720 -p backend_http11 on -p client_http11 on \
-w 4000,12000,10 -T 127.0.0.1:8080

########## 关于varnishd的管理
管理功能的启用需要在启动varnishd的时候 启动 -T参数指定 telnet管理使用的地址和端口
使用telnet localhost 8080,然后输入help参看相关的管理选项
或者使用 /home/admin/varnishd/bin/varnishadm -T localhost:8080 cmd进行管理
使用/home/admin/varnishd/bin/varnishstat 来查看varnishd的运行情况

########## 关于log
使用home/admin/varnishd/bin/varnishlog 和varnishncsa查看服务器访问log或者让其输出到文件来记录log

Last modification:November 26th, 2018 at 04:16 pm
If you think my article is useful to you, please feel free to appreciate

2 comments

  1. 阳光

    但是有很多内容复制重复了……

  2. 阳光

    真详细啊

Leave a Comment