varnish-2.1.5在CentOS5.8 x86_64下的安装配置Varnish是一款强大的反向代理加速软件,关于其工作原理可以参考上图,其具体流程及VCL语法我这里就不做说明,网上资料多,大家还可以对照参考其官方网站和《Varnish中文权威指南》。
一、安装CentOS5.8系统环境下的依耐关系
12 yum install gccgcc-c++
yum install automakeautoconflibtool ncurses-devel libxslt groff pcre-devel pkgconfig libtool -y
二、下载varnish-2.1.5源码包,并进行编译安装。
12345 cd /usr/local/src
wget http://repo.varnish-cache.org/source/varnish-2.1.5.tar.gz
tar zxvfvarnish-2.1.5.tar.gz
cd varnish-2.1.5.
./autogen.sh
#autogen.sh命令是用来检查软件的依耐关系是否满足,如果报错的话,则应该如下
正常所示:
12345 + aclocal
+ libtoolize --copy--force
+ autoheader
+ automake--add-missing --copy --foreign
+ autoconf
继续编译安装:
12 ./configure--prefix=/usr/local/varnish --enable-dependency-tracking--enable-debugging-symbols --enable-developer-warnings -enable-extra-warnings
make && makeinstall && cd ../
三、创建varnish用户和组,以及varnish缓存文件和日志存放目录:
1234 /usr/sbin/groupaddvarnish
/usr/sbin/useradd -s/sbin/nologin -g varnish varnish
mkdir -p/data/varnish/{cache,log}
chown -R varnish:varnish /data/varnish/{cache,log}
四、我的测试环境是两台Web机器,IP为192.168.1.103(域名为http://www.yuhongchun027.net)的varnish机器对后端IP为192.168.1.104和192.168.1.105的机器进行反向代理加速,其配置文件/usr/local/varnish/etc/varnish/better.vcl如下所示:
backend rserver1
{
.host="192.168.1.104";
.port ="80";
.probe = {
.timeout = 5s; #等待多长时间超时
.interval = 2s; #检查时间间隔
.window = 10; #varnish将维持10个sliding windows的结果
.threshold = 8; #如果是8次.windows检查是成功的,就宣告后端的Web机器
是健康的
}
}
backend rserver2
{
.host="192.168.1.105";
.port ="80";
.probe = {
.timeout = 5s;
.interval = 2s;
.window = 10;
.threshold = 8;
}
}
#指定一个名为realserver组,使用random机制,权重越大,分配的访问越多,可根据
服务器性能来设定;而round-robin(轮询)机制是不能指定weight的
director realserverrandom {
{
.backend = rserver1;
.weight = 5;
}
{
.backend = rserver2;
.weight = 6;
}
}
#定义能清理缓存的机器,这里只允许本机能用purge的方式清理
acl purge {
"localhost";
"127.0.0.1";
}
sub vcl_recv
{
if (req.http.host~"^(.*).yuhongchun027.net")
{
set req.backend =realserver;
}
else
{
error 200 "Nocahce for thisdomain";
}
if (req.request =="PURGE")
{
if (!client.ip ~purge)
{
error 405"Notallowed.";
}
else
{
return (pipe);
}
}
#获取客户端真实IP地址
if(req.http.x-forwarded-for)
{
setreq.http.X-Forwarded-For =
req.http.X-Forwarded-For"," client.ip;
}
else
{
setreq.http.X-Forwarded-For =client.ip;
}
#对HTTP协议中的GET、HEAD请求进行缓存,对POST请求透过,让其直接访问后端Web服
务器。之所以这样配置,是因为POST请求一般是发送数据给服务器的,需要服务器接
收、处理,所以不缓存;
if (req.request!="GET" && req.request != "HEAD")
{
return (pipe);
}
if (req.http.Expect)
{
return (pipe);
}
if(req.http.Authenticate|| req.http.Cookie)
{
return (pass);
}
if(req.http.Cache-Control~ "no-cache")
{
return (pass);
}
#对JSP或者PHP文件不缓存
if(req.url~"\.jsp" || req.url ~ "\.php" )
{
return (pass);
}
else
{
return (lookup);
}
}sub vcl_pipe
{
return (pipe);
}sub vcl_pass
{
return (pass);
}sub vcl_hash
{
set req.hash +=req.url;
if (req.http.host)
{
set req.hash+=req.http.host;
}
else
{
set req.hash+=server.ip;
}
return (hash);
}sub vcl_hit
{
if (req.request=="PURGE")
{
set obj.ttl =0s;
error200"Purged.";
}
if (!obj.cacheable)
{
return (pass);
}
return (deliver);
}sub vcl_miss
{
if (req.request=="PURGE")
{
error 404 "Notincache.";
}
if(req.http.user-agent ~"spider")
{
error 503"Notpresently in cache";
}
return (fetch);
}
sub vcl_fetch
{
if (req.request=="GET" && req.url ~ "\.(txt|js)$")
{
set beresp.ttl =3600s;
}
else
{
set beresp.ttl = 30d;
}
if(!beresp.cacheable)
{
return (pass);
}
if(beresp.http.Set-Cookie)
{
return (pass);
}
return (deliver);
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache= "HIT FROM www.yuhongchun027.net";
} else {
set resp.http.X-Cache= "MISS FROM www.yuhongchun027.net";
}
return (deliver);
}
五、启动varnish的命令很长,如下所示:
123/usr/local/varnish/sbin/varnishd -n /data/varnish/cache -f /usr/local/varnish/etc/varnish/better.vcl-a 0.0.0.0:80 -s
file,/data/varnish/varnish_cache.data,8G -p user=varnish -p group=varnish -pdefault_ttl=14400 -p thread_pool_max=8000 -p send_timeout=20 -w
5,51200,30 -T127.0.0.1:3500 -P/usr/local/varnish/var/varnish.pid
验证其是否生效可以用curl –I命令,如下所示:
1 [root@localhostcache]# curl -I http://www.yuhongchun027.net/
以下结果显示varnish缓存已经起作用了:
123456789101112HTTP/1.1 200 OK
Server: Apache/2.2.3(CentOS)
Last-Modified: Wed,28 Aug 2013 16:27:33 GMT
ETag:"10d242-e-776b6740"
Content-Type:text/html; charset=UTF-8
Content-Length: 14
Date: Wed, 21 Aug2013 17:47:48 GMT
X-Varnish: 15847270791584726982
Age: 10101
Via: 1.1 varnish
Connection:keep-alive
X-Cache: HIT FROM www.yuhongchun027.net
六、如果vcl配置文件发生改动,想要不重启而直接reload,可以用如下操作,可以在本机上进行telnet操作,连接3500管理端口:
123456 telnet127.0.0.1 3500
vcl.load newconfig/usr/local/varnish/etc/varnish/better.vcl
200 13
VCL compiled.
vcl.use newconfig
200 0
如果显示有200字样,则表示已经正常reload了,newconfig这个名字是自己定义的,熟悉varnish操作的朋友应该也清楚,通过telnet连接本机还可以进行清理缓存。
七、用varnishadm命令来清理缓存,例子如下所示:
清除所有缓存
1/usr/local/varnish/bin/varnishadm -T 192.168.1.103:3500 url.purge *$
清除image目录下所有缓存
1/usr/local/varnish/bin/varnishadm -T 192.168.1.103:3500 url.purge /image/
查看最近清除的详细url列表,可执行如下命令:
1 /usr/local/varnish/bin/varnishadm–T 192.168.1.103:3500 purge.list
另外,缓存命中率的高低直接说明了varnish的运行状态和效果,如果缓存率命中率过低,我们应该对varnish配置进行检查调整来进行提高,查看其命中率命令如下所示:
1/usr/local/varnish/bin/varnishstat -n /data/varnish/cache
八、内核优化如下所示:
编辑/etc/sysctl.conf,添加如下选项:
1234567891011121314151617181920net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse= 1
net.ipv4.tcp_tw_recycle= 1
net.ipv4.ip_local_port_range= 1024 65000
net.ipv4.tcp_max_syn_backlog= 8192
net.ipv4.tcp_max_tw_buckets= 5000
net.ipv4.tcp_max_syn_backlog= 65536
net.core.netdev_max_backlog= 32768
net.core.somaxconn =32768
net.core.wmem_default= 8388608
net.core.rmem_default= 8388608
net.core.rmem_max =16777216
net.core.wmem_max =16777216
net.ipv4.tcp_timestamps= 0
net.ipv4.tcp_synack_retries= 2
net.ipv4.tcp_syn_retries= 2
net.ipv4.tcp_tw_recycle= 1
net.ipv4.tcp_tw_reuse =1
net.ipv4.tcp_mem =94500000 915000000 927000000
net.ipv4.tcp_max_orphans= 3276800
执行如下命令,让改动配置立即生效:
1 /sbin/sysctl –p
注意:老生常谈的ulimit的问题,这个话题说得太多了,这里实在不想再提了,记得将在/etc/rc.local添加如下内容:
1 ulimit –SHn 65535
注意:记得在启动varnish之前将此命令手动执行一遍(最方便的做法是放进经常运行的监控脚本或服务启动脚本),另外,在工作中发现,CentOS6.X x86_64下更改ulimit跟CentOS5.X x86_64是不同的,这点也请大家注意。以上即为varnish-2.1.5在CentOS5.8 x86_64下的安装配置过程
