Varnish服务器的安装配置过程

安装
# yum install automake autoconf libtool ncurses-devel libxslt groff pcre-devel pkgconfig -y

# wget http://repo.varnish-cache.org/source/varnish-3.0.2.tar.gz
# tar -zxvf varnish-3.0.2.tar.gz
# cd varnish-3.0.2
# sh autogen.sh
# ./configure --prefix=/usr/local/varnish-3.0.2
# make
# make check
# make install
# ln -s /usr/local/varnish-3.0.2 /usr/local/varnish

# vi /etc/profile
增加：
export PATH=$PATH:/usr/local/varnish/bin

安装完成。

设置工作目录
# groupadd varnish
# useradd -g varnish -d /usr/local/varnish/var/varnish -s /sbin/nologin varnish

# passwd -l varnish

# mkdir /home/varnish
# chown -R varnish:varnish /home/varnish
# mkdir -p /home/log/varnish
# chown -R varnish /home/log/varnish

配置文件

# vi /usr/local/varnish/etc/varnish/varnish.vcl
director letaowwwserver random {
   { .backend = { .host = "192.168.100.108"; .port = "http"; .probe = { .url = "/heartbeat.aspx"; .timeout = 500 ms; .interval = 1s; .window = 5; .threshold = 3; }} .weight = 1; }
   { .backend = { .host = "192.168.100.104"; .port = "http"; .probe = { .url = "/heartbeat.aspx"; .timeout = 500 ms; .interval = 1s; .window = 5; .threshold = 3; }} .weight = 1; }
   { .backend = { .host = "192.168.100.105"; .port = "http"; .probe = { .url = "/heartbeat.aspx"; .timeout = 500 ms; .interval = 1s; .window = 5; .threshold = 3; }} .weight = 1; }
   { .backend = { .host = "192.168.100.109"; .port = "http"; .probe = { .url = "/heartbeat.aspx"; .timeout = 500 ms; .interval = 1s; .window = 5; .threshold = 3; }} .weight = 1; }
   { .backend = { .host = "192.168.100.110"; .port = "http"; .probe = { .url = "/heartbeat.aspx"; .timeout = 500 ms; .interval = 1s; .window = 5; .threshold = 3; }} .weight = 1; }
}

backend letaotestserver {
       .host = "192.168.100.119";
       .port = "80";
}

sub vcl_recv {
        if (req.request != "GET" && req.request != "HEAD") {
                error 405 req.url;
        }
if (req.http.Accept-Encoding) {
if (req.url ~"(?i)\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ipa|sisx|apk)$") {
   # No point in compressing these
   remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
   set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
   set req.http.Accept-Encoding = "deflate";
} else {
   # unkown algorithm
   remove req.http.Accept-Encoding;
}
}
set req.http.host = "www.letao.com";

     if (req.url ~"(?i).*\/letaozu\/.*\.(css|jpg|jpeg|gif|png|js|swf|apk|ipa|sisx)" || req.url ~"(?i).*\/images\/.*\.(css|jpg|jpeg|gif|png|js|swf|apk|ipa|sisx)" ) {
       set req.backend = letaotestserver;
       remove req.http.COOKIE;
       return(lookup);
} elsif (req.url ~"(?i)\.(css|jpg|jpeg|gif|png|js|swf|apk|ipa|sisx)") {
               set req.backend = letaowwwserver;
               remove req.http.COOKIE;
 return(lookup);
}
else {
               error 405 req.url;
}
}

sub vcl_fetch{

  if(beresp.status >= 400 && beresp.status <= 500)
  {
    set beresp.ttl = 900s;
  }
  else if(beresp.ttl > 0s){
    remove beresp.http.set-COOKIE;
unset beresp.http.Server;
unset beresp.http.X-Powered-By;
        set beresp.http.cache-cOntrol= "max-age = 86400000";
    set beresp.ttl = 100d;
set beresp.http.Expires = "Thu, 23 Jan 2020 17:18:52 GMT";
        set beresp.http.magicmarker = "2";
  }
}

sub vcl_deliver{
    if(resp.http.magicmarker){ 
        set resp.http.age = "0";
        unset resp.http.Etag;
unset resp.http.Varnish_Server;
        unset resp.http.X-Varnish;
        unset resp.http.Via;
     }
}

sub vcl_hit {
       if (req.request == "PURGE") {
               set obj.ttl = 0s;
               error 200 "Purged.";
       }
}

sub vcl_miss {
       if (req.request == "PURGE") {
               error 404 "Not in cache.";
       }
}

优化linux内核：
# vi /etc/sysctl.conf 
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_synCOOKIEs = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000    65000

# sysctl -p

启动varnish测试：
/usr/local/varnish/sbin/varnishd -P /var/run/varnish.pid -a :80 -T 127.0.0.1:6082 -n /home/varnish -f /usr/local/varnish/etc/varnish/varnish.vcl -u varnish -g varnish -s file,/home/varnish/varnish_storage.bin,10G -t 8640000 -p lru_interval=20 -h classic,500009 -p thread_pools=4

记录日志：
/usr/local/varnish/bin/varnishncsa -n /home/varnish -w /home/log/varnish/varnish.log &

查看统计：
varnishstat -n /home/varnish

开放防火墙：
# vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

清除缓存：
/usr/local/varnish/bin/varnishadm  -T 0:6082 ban.url /test.html$

设置启动脚本：

# cp /root/varnish-3.0.2/redhat/varnish_reload_vcl /usr/local/varnish/bin/
# vi /usr/local/varnish/bin/varnish_reload_vcl
在. /etc/sysconfig/varnish下面增加：
. /etc/profile

然后
# cp /root/varnish-3.0.2/redhat/varnish.sysconfig /etc/sysconfig/varnish

# vi /root/varnish-3.0.2/redhat/varnish.initrc
#! /bin/sh
#
# varnish Control the Varnish Cache
#
# chkconfig: - 90 10
# description: Varnish is a high-perfomance HTTP accelerator
# processname: varnishd
# config: /etc/sysconfig/varnish
# pidfile: /var/run/varnishd.pid

### BEGIN INIT INFO
# Provides: varnish
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start:
# Default-Stop:
# Should-Start: $syslog
# Short-Description: start and stop varnishd
# Description: Varnish is a high-perfomance HTTP accelerator
### END INIT INFO

# Source function library.
. /etc/init.d/functions

retval=0
pidfile=/var/run/varnish.pid

#exec="/usr/sbin/varnishd"
exec="/usr/local/varnish/sbin/varnishd"
#reload_exec="/usr/bin/varnish_reload_vcl"
reload_exec="/usr/local/varnish/bin/varnish_reload_vcl"
prog="varnishd"
cOnfig="/etc/sysconfig/varnish"
lockfile="/var/lock/subsys/varnish"

# Include varnish defaults
[ -e /etc/sysconfig/varnish ] && . /etc/sysconfig/varnish

start() {

        if [ ! -x $exec ]
        then
                echo $exec not found
                exit 5
        fi

        if [ ! -f $config ]
        then
                echo $config not found
                exit 6
        fi
        echo -n "Starting Varnish Cache: "

        # Open files (usually 1024, which is way too small for varnish)
        ulimit -n ${NFILES:-131072}

        # Varnish wants to lock shared memory log in memory. 
        ulimit -l ${MEMLOCK:-82000}

        # $DAEMON_OPTS is set in /etc/sysconfig/varnish. At least, one
        # has to set up a backend, or /tmp will be used, which is a bad idea.
        if [ "$DAEMON_OPTS" = "" ]; then
                echo "\$DAEMON_OPTS empty."
                echo -n "Please put configuration options in $config"
                return 6
        else
                # Varnish always gives output on STDOUT
                daemon --pidfile $pidfile  $exec -P $pidfile "$DAEMON_OPTS" > /dev/null 2>&1
retval=$?
                if [ $retval -eq 0 ]
                then
      touch $lockfile
      echo_success
      echo
                else
      echo_failure
      echo
                fi
                return $retval
        fi
}

stop() {
        echo -n "Stopping Varnish Cache: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
}

restart() {
        stop
        start
}

reload() {
        if [ "$RELOAD_VCL" = "1" ]
        then
$reload_exec
        else
force_reload
        fi
}

force_reload() {
        restart
}

rh_status() {
        status -p $pidfile $prog
}

rh_status_q() {
        rh_status >/dev/null 2>&1
}

configtest() {
    if [ -f "$VARNISH_VCL_CONF" ]; then
        $exec -f "$VARNISH_VCL_CONF" -C -n /tmp > /dev/null && echo "Syntax ok"
    else
        echo "VARNISH_VCL_CONF is  unset or does not point to a file"
    fi
}

# See how we were called.
case "$1" in
        start)
                rh_status_q && exit 0
                $1
                ;;
        stop)
                rh_status_q || exit 0
                $1
                ;;
        restart)
                $1
                ;;
        reload)
                rh_status_q || exit 7
                $1
                ;;
        force-reload)
force_reload
                ;;
        status)
rh_status
                ;;
        condrestart|try-restart)
                rh_status_q || exit 0
                restart
                ;;
        configtest)
configtest
                ;;
        *)
        echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"

        exit 2
esac

exit $?

# cp /root/varnish-3.0.2/redhat/varnish.initrc /etc/init.d/varnish
# chkconfig --add varnish
# chmod +x /etc/init.d/varnish
# chkconfig varnish on

设置启动参数配置文件
# vi /etc/sysconfig/varnish
# Configuration file for varnish
#
# /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this
# shell script fragment.
#

# Maximum number of open files (for ulimit -n)
NFILES=131072

# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
MEMLOCK=82000

# Maximum size of corefile (for ulimit -c). Default in Fedora is 0
# DAEMON_COREFILE_LIMIT="unlimited"

# Set this to 1 to make init script reload try to switch vcl without restart.
# To make this work, you need to set the following variables
# explicit: VARNISH_VCL_CONF, VARNISH_ADMIN_LISTEN_ADDRESS,
# VARNISH_ADMIN_LISTEN_PORT, VARNISH_SECRET_FILE, or in short,
# use Alternative 3, Advanced configuration, below
RELOAD_VCL=1

# This file contains 4 alternatives, please use only one.

## Alternative 1, Minimal configuration, no VCL
#
# Listen on port 6081, administration on localhost:6082, and forward to
# content server on localhost:8080.  Use a fixed-size cache file.
#
#DAEMON_OPTS="-a :6081 \
#             -T localhost:6082 \
#             -b localhost:8080 \
#             -u varnish -g varnish \
#             -s file,/var/lib/varnish/varnish_storage.bin,1G"

## Alternative 2, Configuration with VCL
#
# Listen on port 6081, administration on localhost:6082, and forward to
# one content server selected by the vcl file, based on the request.  Use a
# fixed-size cache file.
#
#DAEMON_OPTS="-a :6081 \
#             -T localhost:6082 \
#             -f /etc/varnish/default.vcl \
#             -u varnish -g varnish \
#             -S /etc/varnish/secret \
#             -s file,/var/lib/varnish/varnish_storage.bin,1G"

## Alternative 3, Advanced configuration
#
# See varnishd(1) for more information.
#
# # Main configuration file. You probably want to change it :)
#VARNISH_VCL_COnF=/etc/varnish/default.vcl
VARNISH_VCL_COnF=/usr/local/varnish/etc/varnish/varnish.vcl
#
# # Default address and port to bind to
# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=
#VARNISH_LISTEN_PORT=6081
VARNISH_LISTEN_PORT=80
#
# # Telnet admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
#
# # Shared secret file for admin interface
#VARNISH_SECRET_FILE=/etc/varnish/secret
#
# # The minimum number of worker threads to start
#VARNISH_MIN_THREADS=1
#
# # The Maximum number of worker threads to start
#VARNISH_MAX_THREADS=1000
#
# # Idle timeout for worker threads
#VARNISH_THREAD_TIMEOUT=120
#
# # Cache file location
#VARNISH_STORAGE_FILE=/var/lib/varnish/varnish_storage.bin
VARNISH_STORAGE_FILE=/home/varnish/varnish_storage.bin
#
# # Cache file size: in bytes, optionally using k / M / G / T suffix,
# # or in percentage of available disk space using the % suffix.
#VARNISH_STORAGE_SIZE=1G
VARNISH_STORAGE_SIZE=10G
#
# # Backend storage specification
VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
#
# # Default TTL used when the backend does not specify one
#VARNISH_TTL=120
VARNISH_TTL=8640000
#
# # DAEMON_OPTS is used by the init script.  If you add or remove options, make
# # sure you update this section, too.
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
             -f ${VARNISH_VCL_CONF} \
             -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
             -t ${VARNISH_TTL} \
             -u varnish -g varnish \
             -s ${VARNISH_STORAGE} -n /home/varnish -p lru_interval=20 -h classic,500009 -p thread_pools=4"

#             -S ${VARNISH_SECRET_FILE} \
#             -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
#

## Alternative 4, Do It Yourself. See varnishd(1) for more information.
#
# DAEMON_OPTS=""