CentOS5.5环境下安装配置varnish

作者：夜沙 | 来源：互联网 | 2014-05-28 12:03

#!/bin/bash#BYkerryhu#MAIL:king_819@163.com#BLOG:http://kerry.blog.51cto.com#PleasemanualoperationyumofbeforeOperation.....#更新系统时间yuminstall-yntpntpdatetim

#!/bin/bash
# BY server110hu
# MAIL:king_819@163.com
# BLOG:http://server110.blog.51cto.com
# Please manual operation yum of before Operation.....
#============================ 更新系统时间 ============================
yum install -y ntp
ntpdate time.nist.gov
echo "00 01 * * * ntpdate time.nist.gov" >> /etc/crontab
#============================ Varnish安装 =============================
CentOS 5.5环境下安装配置Varnish - 曾国藩 - 曾国藩的博客

如果是RedHat/CentOS系统，在安装varnish的时候首先要安装以下软件包
automake
autoconf
libtool
ncurses-devel
libxslt
groff
pcre-devel
pkgconfig
groupadd www
useradd www -g www -s /sbin/nologin
mkdir -p /data/varnish/{cache,logs}
chmod +w /data/varnish/{cache,logs}
chown -R www:www /data/varnish/{cache,logs}
cd /opt
yum install -y automake autoconf libtool ncurses-devel libxslt groff pcre-devel pkgconfig
wget http://sourceforge.net/projects/varnish/files/varnish/2.1.3/varnish-2.1.3.tar.gz/download
tar -zxvf varnish-2.1.3.tar.gz
cd varnish-2.1.3
./configure --prefix=/usr/local/varnish
make;make install
#============================ varnish配置 ===========================
vi /usr/local/varnish/etc/varnish/server110.vcl
backend server110 {              #定义后端服务器名
.host = "192.168.9.203";    #定义后端服务器IP
.port = "80";      #定义后端服务器端口
}
backend king {
.host = "192.168.9.204";
.port = "80";
}
#定义访问控制列表,充许那些IP清除varnish 缓存
acl local {
"localhost";
"127.0.0.1";
}
#判断host请求针对那个后端服务器
sub vcl_recv {
if (req.http.host ~ "^(www.)?server110.com$") { #泛域名的写法"^(.*.)?server110.com$"
  set req.backend = server110;
}
elsif (req.http.host ~ "^(www.)?king.com$") {
  set req.backend = king;
}
else {
  error 404 "Unknown HostName!"; #如果都不匹配，返回404错误
}
#不充许非访问控制列表的IP进行varnish缓存清除
if(req.request == "PURGE") {
  if (!client.ip ~ local) {
   error 405 "Not Allowed.";
   return (lookup);
   }
}
#清除url中有jpg|png|gif等文件的COOKIE
if (req.request == "GET" && req.url ~ "\.(jpg|png|gif|swf|jpeg|ico)$") {
  unset req.http.COOKIE;
}
#取消服务器上images目录下所有文件的COOKIE
if (req.url ~ "^/images") {
  unset req.http.COOKIE;
}
#判断req.http.X-Forwarded-For,如果前端有多重反向代理,这样可以获取客户端IP地址。
if (req.http.x-forwarded-for) {
  set req.http.X-Forwarded-For =
  req.http.X-Forwarded-For ", " client.ip;
}
else {
  set req.http.X-Forwarded-For = client.ip;
}
if (req.request != "GET" &&
     req.request != "HEAD" &&
     req.request != "PUT" &&
     req.request != "POST" &&
     req.request != "TRACE" &&
     req.request != "OPTIONS" &&
     req.request != "DELETE") {
  return (pipe);
}
#针对请求和url地址判断，是否在varnish缓存里查找
if (req.request != "GET" && req.request != "HEAD") {
  return (pass);
} ## 对非GET|HEAD请求的直接转发给后端服务器
if (req.http.Authorization || req.http.COOKIE) {
  return (pass);
}
if (req.request == "GET" && req.url ~ "\.(php)($|\?)") {
  return (pass);
  } #对GET请求，且url里以.php和.php?结尾的，直接转发给后端服务器
      return (lookup);
}  #除了以上的访问以外，都在varnish缓存里查找
sub vcl_pipe {
return (pipe);
}
sub vcl_pass {
return (pass);
}
sub vcl_hash {
set req.hash += req.url;
if (req.http.host) {
  set req.hash += req.http.host;
} else {
  set req.hash += server.ip;
}
return (hash);
}
sub vcl_hit {
if (!obj.cacheable) {
  return (pass);
}
if (req.request == "PURGE") {
        set obj.ttl = 0s;
        error 200 "Purged.";
     }
return (deliver);
}
sub vcl_miss {
return (fetch);
}
sub vcl_fetch {
if (!beresp.cacheable) {
  return (pass);
}
if (beresp.http.Set-COOKIE) {
  return (pass);
}
#WEB服务器指明不缓存的内容，varnish服务器不缓存
if (beresp.http.Pragma ~ "no-cache" ||
     beresp.http.Cache-Control ~ "no-cache" ||
beresp.http.Cache-Control ~ "private") {
  return (pass);
      }
      #对.txt .js .shtml结尾的URL缓存时间设置1小时，对其他的URL缓存时间设置为10天
if (req.request == "GET" && req.url ~ "\.(txt|js|css|shtml|html|htm)$") {
set beresp.ttl = 3600s;
}
else {
set beresp.ttl = 10d;
}
return (deliver);
}
#添加在页面head头信息中查看缓存命中情况
sub vcl_deliver {
set resp.http.x-hits = obj.hits ;
if (obj.hits > 0) {
  set resp.http.X-Cache = "HIT cqtel-bbs";
}
else {
      set resp.http.X-Cache = "MISS cqtel-bbs";
}
}
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
synthetic {"





      Error "} obj.status " " obj.response {"

"} obj.response {"

Guru Meditation:

XID: "} req.xid {"

bbs cache server

"};
return (deliver);
}
注意：在2.1后的版本里,原"obj.*"的变量全部变为"beresp.*"了,需要留意一下启动varnish
/usr/local/varnish/sbin/varnishd -u www -g www -f /usr/local/varnish/etc/varnish/server110.vcl -a 192.168.9.201:80 -s file,/data/varnish/cache/varnish_cache.data,1G -w 1024,51200,10 -t 3600 -T 192.168.9.201:3000
echo "/usr/local/varnish/sbin/varnishd -u www -g www -f /usr/local/varnish/etc/varnish/server110.vcl -a 192.168.9.201:80 -s file,/data/varnish/cache/varnish_cache.data,1G -w 1024,51200,10 -t 3600 -T 192.168.9.201:3000" >> /etc/rc.local
参数:
-u 以什么用运行
-g 以什么组运行
-f varnish配置文件
-a 绑定IP和端口
-s varnish缓存文件位置与大小
-w 最小，最大线程和超时时间
-T varnish管理端口，主要用来清除缓存
-p client_http11=on 支持http1.1协议
-P(大P) /usr/local/varnish/var/varnish.pid 指定其进程码文件的位置，实现管理
停止varnish
pkill varnishd #结束varnishd进程
启动日志,方便分析网站访问情况
/usr/local/varnish/bin/varnishncsa -w /data/varnish/logs/varnish.log &
echo "/usr/local/varnish/bin/varnishncsa -w /data/varnish/logs/varnish.log &" >> /etc/rc.local
参数: -w 指定varnish访问日志要写入的目录与文件
varnish日志切割
vi /root/cut_varnish_log.sh
#!/bin/sh
logs_path=/data/varnish/logs
vlog=${logs_path}/varnish.log
date=$(date -d "yesterday" +"%Y-%m-%d")
pkill -9 varnishncsa
mkdir -p ${logs_path}/$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv /data/varnish/logs/varnish.log ${logs_path}/$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/varnish-${date}.log
/usr/local/varnish/bin/varnishncsa -w /data/varnish/logs/varnish.log &
使用计划任务,每天晚上凌晨00点运行日志切割脚本
echo "0 0 * * * /root/cut_varnish_log.sh" >> /etc/crontab
cat /etc/rc.local
ulimit -SHn 51200
/usr/local/varnish/sbin/varnishd -u www -g www -f /usr/local/varnish/etc/varnish/server110.vcl -a 192.168.9.201:80 -s file,/data/varnish/cache/varnish_cache.data,1G -w 1024,51200,10 -t 3600 -T 192.168.9.201:3000
/usr/local/varnish/bin/varnishncsa -w /data/varnish/logs/varnish.log &
#============================ Varnish 缓存清除 ======================
/usr/local/varnish/bin/varnishadm -T 192.168.9.201:3000 purge "req.http.host ~ www.server110.com$ && req.url ~ /static/image/tp.php"
说明：
192.168.9.201:3000 为被清除缓存服务器地址
www.server110.com 为被清除的域名
/static/image/tp.php 为被清除的url地址列表
清除所有缓存
/usr/local/varnish/bin/varnishadm -T 192.168.9.201:3000 url.purge *$
清除image目录下所有缓存
/usr/local/varnish/bin/varnishadm -T 192.168.9.201:3000 url.purge /image/
查看Varnish服务器连接数与命中率
/usr/local/varnish/bin/varnishstat ?n /data/varnish/cache/varnish_cache.data
CentOS 5.5环境下安装配置Varnish - 曾国藩 - 曾国藩的博客

#============================ 内核优化 ==============================
vi /etc/sysctl.conf
net.ipv4.tcp_synCOOKIEs = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxcOnn= 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
/sbin/sysctl -p
#===================== Varnish添加到服务自启动 ======================
配置启动文件
vi /etc/init.d/varnish
#! /bin/sh
#
# varnish Control the varnish HTTP accelerator
#
# chkconfig: - 90 10
# description: Varnish is a high-perfomance HTTP accelerator
# processname: varnishd
# config: /etc/sysconfig/varnish
# pidfile: /var/run/varnish/varnishd.pid
### BEGIN INIT INFO
# Provides: varnish
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog
# Short-Description: start and stop varnishd
# Description: Varnish is a high-perfomance HTTP accelerator
### END INIT INFO
# Source function library.
. /etc/init.d/functions
retval=0
pidfile=/var/run/varnish.pid
exec="/usr/local/varnish/sbin/varnishd"
prog="varnishd"
cOnfig="/usr/local/varnish/etc/varnish/varnish"
lockfile="/var/lock/subsys/varnish"
# Include varnish defaults
[ -e /usr/local/varnish/etc/varnish/varnish ] && . /usr/local/varnish/etc/varnish/varnish
start() {     if [ ! -x $exec ]
    then
        echo $exec not found
        exit 5
    fi
    if [ ! -f $config ]
    then
        echo $config not found
        exit 6
    fi
    echo -n "Starting varnish HTTP accelerator: "
    # Open files (usually 1024, which is way too small for varnish)
    ulimit -n ${NFILES:-131072}
    # Varnish wants to lock shared memory log in memory.
    ulimit -l ${MEMLOCK:-82000}
        # $DAEMON_OPTS is set in /etc/sysconfig/varnish. At least, one
        # has to set up a backend, or /tmp will be used, which is a bad idea.
    if [ "$DAEMON_OPTS" = "" ]; then
        echo "\$DAEMON_OPTS empty."
        echo -n "Please put configuration options in $config"
        return 6
    else
        # Varnish always gives output on STDOUT
        daemon   $exec -P $pidfile "$DAEMON_OPTS" > /dev/null 2>&1
        retval=$?
        if [ $retval -eq 0 ]
        then
touch $lockfile
echo_success
echo
        else
echo_failure
        fi
        return $retval
    fi
}
stop() {
    echo -n "Stopping varnish HTTP accelerator: "
    killproc $prog
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}
restart() {
    stop
    start
}
reload() {
    restart
}
force_reload() {
    restart
}
rh_status() {
    status $prog
}
rh_status_q() {
    rh_status >/dev/null 2>&1
}
# See how we were called.
case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        restart
        ;;
    *)
    echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
    exit 2
esac
exit $?
varnish的配置调用文件,是用来告诉程序从哪里读取配置文件,启动参数有哪些等
vi /usr/local/varnish/etc/varnish
# Configuration file for varnish
#
# /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this
# shell script fragment.
#
# Maximum number of open files (for ulimit -n)
NFILES=131072
# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
MEMLOCK=1000000
## Alternative 2, Configuration with VCL
DAEMON_OPTS="-a 192.168.9.201:80 \
-f /usr/local/varnish/etc/varnish/server110.vcl \
-T 192.168.9.201:3000 \
-u www -g www \
-n /data/varnish/cache \
-s file,/data/varnish/cache/varnish_cache.data,1G"
添加到系统服务，开机自启动
chmod +x /etc/init.d/varnish
/sbin/chkconfig --add varnish
/sbin/chkconfig --level 2345 varnish on
开启varnish
/etc/init.d/varnish start
CentOS 5.5环境下安装配置Varnish - 曾国藩 - 曾国藩的博客

关闭varnish
/etc/init.d/varnish stop

推荐阅读

int
Linux 自动化安装脚本详解

本文介绍了一款用于自动化部署 Linux 服务的 Bash 脚本。该脚本不仅涵盖了基本的文件复制和目录创建，还处理了系统服务的配置和启动，确保在多种 Linux 发行版上都能顺利运行。 ... [详细]

蜡笔小新 2024-12-27 16:33:32
int
Docker的安全基准

nsitionalENhttp:www.w3.orgTRxhtml1DTDxhtml1-transitional.dtd ... [详细]

蜡笔小新 2024-12-28 13:00:24
bash
Linux 系统启动故障排除指南：MBR 和 GRUB 问题

本文详细介绍了 Linux 系统启动过程中常见的 MBR 扇区和 GRUB 引导程序故障及其解决方案，涵盖从备份、模拟故障到恢复的具体步骤。 ... [详细]

蜡笔小新 2024-12-27 20:40:29
int
新浪笔试题

1:有如下一段程序：packagea.b.c;publicclassTest{privatestaticinti0;publicintgetNext(){return ... [详细]

蜡笔小新 2024-12-27 19:32:17
int
深入理解Cookie与Session会话管理

本文详细介绍了如何通过HTTP响应和请求处理浏览器的Cookie信息，以及如何创建、设置和管理Cookie。同时探讨了会话跟踪技术中的Session机制，解释其原理及应用场景。 ... [详细]

蜡笔小新 2024-12-27 18:20:43
int
Dockerfile 编写与 Docker 网络配置详解

本文详细介绍了 Dockerfile 的编写方法及其在网络配置中的应用，涵盖基础指令、镜像构建与发布流程，并深入探讨了 Docker 的默认网络、容器互联及自定义网络的实现。 ... [详细]

蜡笔小新 2024-12-27 17:31:41
io
使用Vultr云服务器和Namesilo域名搭建个人网站

本文详细介绍了如何通过Vultr云服务器和Namesilo域名搭建一个功能齐全的个人网站，包括购买、配置服务器以及绑定域名的具体步骤。文章还提供了详细的命令行操作指南，帮助读者顺利完成建站过程。 ... [详细]

蜡笔小新 2024-12-26 16:36:34
plugins
在CentOS 7上部署Grafana

本文详细介绍了如何在CentOS 7操作系统上安装和配置Grafana，包括必要的依赖项安装、插件管理以及服务启动等步骤。 ... [详细]

蜡笔小新 2024-12-25 20:15:57
go
程序员妻子吐槽：丈夫北漂8年终薪3万，存款情况令人意外

一位程序员的妻子在网上分享了她丈夫在北京工作八年的经历，月薪仅3万元，存款情况却出乎意料。本文探讨了高学历人才在大城市的职场现状及生活压力。 ... [详细]

蜡笔小新 2024-12-28 11:14:15
go
信息安全小组第一周工作总结

本周信息安全小组主要进行了CTF竞赛相关技能的学习，包括HTML和CSS的基础知识、逆向工程的初步探索以及整数溢出漏洞的学习。此外，还掌握了Linux命令行操作及互联网工作原理的基本概念。 ... [详细]

蜡笔小新 2024-12-28 05:52:22
int
技术分享：从动态网站提取站点密钥的解决方案

本文探讨了如何从动态网站中提取站点密钥，特别是针对验证码（reCAPTCHA）的处理方法。通过结合Selenium和requests库，提供了详细的代码示例和优化建议。 ... [详细]

蜡笔小新 2024-12-28 04:11:47
int
360SRC安全应急响应：从漏洞提交到修复的全过程

本文详细介绍了360SRC平台处理一起关键安全事件的过程，涵盖从漏洞提交、验证、排查到最终修复的各个环节。通过这一案例，展示了360在安全应急响应方面的专业能力和严谨态度。 ... [详细]

蜡笔小新 2024-12-27 11:10:05
go
告别传统文件传输，迎接新一代高效工具Croc

在现代网络环境中，两台计算机之间的文件传输需求日益增长。传统的FTP和SSH方式虽然有效，但其配置复杂、步骤繁琐，难以满足快速且安全的传输需求。本文将介绍一种基于Go语言开发的新一代文件传输工具——Croc，它不仅简化了操作流程，还提供了强大的加密和跨平台支持。 ... [详细]

蜡笔小新 2024-12-26 16:16:06
blob
基于KVM的SRIOV直通配置及性能测试

SRIOV介绍、VF直通配置，以及包转发率性能测试小慢哥的原创文章，欢迎转载目录?1.SRIOV介绍?2.环境说明?3.开启SRIOV?4.生成VF?5.VF ... [详细]

蜡笔小新 2024-12-25 19:26:39
char
解决网站乱码问题的综合指南

本文总结了导致网站乱码的常见原因，并提供了详细的解决方案，包括文件编码、HTML元标签设置、服务器响应头配置、数据库字符集调整以及PHP与MySQL交互时的编码处理。 ... [详细]

蜡笔小新 2024-12-25 14:57:54

夜沙

这个家伙很懒，什么也没留下！

Tags | 热门标签

RankList | 热门文章