初識varnish

實驗拓撲

varnish主機    地址192.168.150.137

后端web主機     web1靜態服務192.168.150.138     web2動態服務192.168.150.140

varnish的安裝及開啟

varnish主機：

~]# yum info varnish     varnish版本4.0.4 epel源

已加載插件：fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirrors.zju.edu.cn

 * extras: mirrors.cn99.com

 * updates: mirrors.zju.edu.cn

可安裝的軟件包

名稱    ：varnish

架構    ：x86_64

版本    ：4.0.4

發布    ：3.el7

大小    ：452 k

源    ：epel

簡介    ： High-performance HTTP accelerator

網址    ：http://www.varnish-cache.org/

協議    ： BSD

描述    ： This is Varnish Cache, a high-performance HTTP accelerator.

         : Documentation wiki and additional information about Varnish is

         : available on the following web site: http://www.varnish-cache.org/

~]# yum -y install varnish

~]# yum info varnish-docs     varnish的說明文檔

已加載插件：fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirrors.zju.edu.cn

 * extras: mirrors.cn99.com

 * updates: mirrors.zju.edu.cn

可安裝的軟件包

名稱    ：varnish-docs

架構    ：x86_64

版本    ：4.0.4

發布    ：3.el7

大小    ：438 k

源    ：epel

簡介    ： Documentation files for varnish

網址    ：http://www.varnish-cache.org/

協議    ： BSD

描述    ： Documentation files for varnish

~]# yum -y install varnish-docs

~]# rpm -ql varnish

/etc/logrotate.d/varnish

/etc/varnish

/etc/varnish/default.vcl     vcl: Varnish Configuration Language varnish的緩存策略配置接口

/etc/varnish/varnish.params     初始化參數配置，配置進場特性

/run/varnish.pid

/usr/bin/varnishadm

/usr/bin/varnishhist

/usr/bin/varnishlog

/usr/bin/varnishncsa

/usr/bin/varnishstat

/usr/bin/varnishtest

/usr/bin/varnishtop

/usr/lib/systemd/system/varnish.service

/usr/lib/systemd/system/varnishlog.service

/usr/lib/systemd/system/varnishncsa.service

/usr/sbin/varnish_reload_vcl

/usr/sbin/varnishd

/usr/share/doc/varnish-4.0.4

/usr/share/doc/varnish-4.0.4/LICENSE

/usr/share/doc/varnish-4.0.4/README

/usr/share/doc/varnish-4.0.4/builtin.vcl

/usr/share/doc/varnish-4.0.4/changes.rst

/usr/share/doc/varnish-4.0.4/example.vcl

/usr/share/man/man1/varnishadm.1.gz

/usr/share/man/man1/varnishd.1.gz

/usr/share/man/man1/varnishhist.1.gz

/usr/share/man/man1/varnishlog.1.gz

/usr/share/man/man1/varnishncsa.1.gz

/usr/share/man/man1/varnishstat.1.gz

/usr/share/man/man1/varnishtest.1.gz

/usr/share/man/man1/varnishtop.1.gz

/usr/share/man/man3/vmod_directors.3.gz

/usr/share/man/man3/vmod_std.3.gz

/usr/share/man/man7/varnish-cli.7.gz

/usr/share/man/man7/varnish-counters.7.gz

/usr/share/man/man7/vcl.7.gz

/usr/share/man/man7/vsl-query.7.gz

/usr/share/man/man7/vsl.7.gz

/var/lib/varnish

/var/log/varnish

varnish]# cat varnish.params

# Varnish environment configuration description. This was derived from

# the old style sysconfig/defaults settings

# Set this to 1 to make systemd reload try to switch VCL without restart.

RELOAD_VCL=1

# Main configuration file. You probably want to change it.

VARNISH_VCL_CONF=/etc/varnish/default.vcl

# Default address and port to bind to. Blank address means all IPv4

# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted

# quad, or an IPv6 address in brackets.

# VARNISH_LISTEN_ADDRESS=192.168.1.5

VARNISH_LISTEN_PORT=6081     監聽端口

# Admin interface listen address and port

VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1

VARNISH_ADMIN_LISTEN_PORT=6082

# Shared secret file for admin interface

VARNISH_SECRET_FILE=/etc/varnish/secret

# Backend storage specification, see Storage Types in the varnishd(5)

# man page for details.

VARNISH_STORAGE="malloc,256M"    

varnish如何存儲緩存對象

            file: 單個文件；不支持持久機制；自管理的文件系統，黑盒；

            malloc: 內存；使用malloc()庫調用在varnish啟動時向內在申請指定大小的空間

            persistent：基于文件的持久存儲；

# User and group for the varnishd worker processes

VARNISH_USER=varnish

VARNISH_GROUP=varnish

# Other options, see the man page varnishd(1)

#DAEMON_OPTS="-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300"

額外的參數配置 -p param=value

~]# systemctl start varnish.service

~]# ss -tnpl

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port             

LISTEN     0      128               *:22                            *:*                   

users:(("sshd",pid=1078,fd=3))LISTEN     0      100       127.0.0.1:25                            *:*                   

users:(("master",pid=1400,fd=13))LISTEN     0      128               *:6081                          *:*                   

users:(("varnishd",pid=3189,fd=6))LISTEN     0      10        127.0.0.1:6082                          *:*                   

users:(("varnishd",pid=3188,fd=5))LISTEN     0      128              :::22                           :::*                   

users:(("sshd",pid=1078,fd=4))LISTEN     0      100             ::1:25                           :::*                   

users:(("master",pid=1400,fd=14))LISTEN     0      128              :::6081                         :::*                   

users:(("varnishd",pid=3189,fd=7))

修改監聽端口并開啟，提供80端口監聽

varnish]# vim varnish.params

VARNISH_LISTEN_ADDRESS=192.168.150.137

VARNISH_LISTEN_PORT=80

varnish]# systemctl restart varnish.service

varnish]# ss -tnl

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port             

LISTEN     0      128    192.168.150.137:80                            *:*               

  LISTEN     0      128               *:22                            *:*                 

LISTEN     0      100       127.0.0.1:25                            *:*                 

LISTEN     0      10        127.0.0.1:6082                          *:*                 

LISTEN     0      128              :::22                           :::*                 

LISTEN     0      100             ::1:25                           :::*    

varnishadm：命令行工具

~]# varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082

200       

—————————–

Varnish Cache CLI 1.0

—————————–

Linux,3.10.0-327.el7.x86_64,x86_64,-smalloc,-smalloc,-hcritbit

varnish-4.0.4 revision 386f712

Type 'help' for command list.

Type 'quit' to close CLI session.

help

200       

help [<command>]

ping [<timestamp>]

auth <response>

quit

banner

status

start

stop

vcl.load <configname> <filename>     編譯裝載并定義vcl

vcl.inline <configname> <quoted_VCLstring>

vcl.use <configname>     使用定義的vcl

vcl.discard <configname>

vcl.list

param.show [-l] [<param>]

param.set <param> <value>

panic.show

panic.clear

storage.list

vcl.show [-v] <configname>

backend.list [<backend_expression>]

backend.set_health <backend_expression> <state>

ban <field> <operator> <arg> [&& <field> <oper> <arg>]…

ban.list

配置后端主機，定義在vcl_deliver中，向響應給客戶端的報文添加一個自定義首部X-Cache；

varnish主機配置

~]# cd /etc/varnish/

varnish]# vim default.vcl

backend default {

    .host = "192.168.150.138";

    .port = "80";

}

……

sub vcl_deliver {

    # Happens when we have all the pieces we need, and are about to send the

    # response to the client.

    #

    # You can do accounting or modifying the final object here.

    if (obj.hits>0) {

       set resp.http.X-Cache = "HIT";

    } else {

       set resp.http.X-Cache = "MISS";

    }

}

命令行進行配置載入并生效

varnish]# varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082

200       

—————————–

Varnish Cache CLI 1.0

—————————–

Linux,3.10.0-327.el7.x86_64,x86_64,-smalloc,-smalloc,-hcritbit

varnish-4.0.4 revision 386f712

Type 'help' for command list.

Type 'quit' to close CLI session.

vcl.load test1 default.vcl

200       

VCL compiled.

vcl.use test1

200       

VCL 'test1' now active

后端web1主機配置

~]# yum -y install httpd

~]# vim /var/www/html/index.html

<h1>Backend Web Server1</h1>

~]# systemctl start httpd.service

~]# ss -tnl

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port             

LISTEN     0      128               *:22                            *:*                 

LISTEN     0      100       127.0.0.1:25                            *:*                 

LISTEN     0      128              :::80                           :::*                 

LISTEN     0      128              :::22                           :::*                 

LISTEN     0      100             ::1:25                           :::*   

訪問測試：

訪問192.168.150.137 varnish主機，指向了后端http主機

并且在響應報文中添加了自定義內容

 

再次訪問后內容 X-Cache自定義內容變為HIT，表示已命中緩存

 

 

強制對某資源的請求，不檢查緩存：

varnish主機default.vcl中添加如下配置

sub vcl_recv {

    # Happens before we check if we have this in cache already.

    #

    # Typically you clean up the request here, removing cookies you don't need,

    # rewriting the request, etc.

    if (req.url ~ "(?i)^/login" || req.url ~ "(?i)^/admin") {

        return(pass);

        }

}

說明：

~ 模式匹配

(?i) 不區分字符大小寫

命令行進行配置載入并生效

vcl.load test2 default.vcl

200       

VCL compiled.

vcl.use test2

200       

VCL 'test2' now active

web1端進行/login和/admin配置進行模擬測試

~]# cd /var/www/html/

html]# mkdir {login,admin}

html]# ls

admin  index.html  login

html]# vim login/index.html

html]# cat login/index.html

<h1>login</h1>

html]# vim admin/index.html

html]# cat admin/index.html

<h1>admin</h1>

測試結果

 

對特定類型的資源取消其私有的cookie標識，并強行設定其可以varnish緩存的時長

varnish主機中進行default.vcl的配置，在vcl_backend_response選項中添加如下配置

 if (beresp.http.cache-control !~ "s-maxage") {

            if (bereq.url ~ "(?i)\.jpg$") {

                set beresp.ttl = 3600s;

                unset beresp.http.Set-Cookie;

            }

            if (bereq.url ~ "(?i)\.css$") {

                set beresp.ttl = 600s;

                unset beresp.http.Set-Cookie;

            }

        }

命令行進行配置載入并生效

vcl.load test3 default.vcl

200       

VCL compiled.

vcl.use test3

200       

VCL 'test3' now active

web1端進行配置，模擬實驗

創建.jpg文件

html]# find /usr -iname "*.jpg"

/usr/share/backgrounds/morning.jpg

/usr/share/backgrounds/night.jpg

/usr/share/backgrounds/day.jpg

/usr/share/backgrounds/default.jpg

/usr/share/kde4/apps/ksplash/Themes/CentOS7/2560×1600/background.jpg

/usr/share/wallpapers/CentOS7/contents/images/2560×1600.jpg

html]# cp /usr/share/backgrounds/day.jpg ./

html]# ls

admin  day.jpg  index.html  login

 

緩存對象修剪的方式

varnish主機中的default.vcl配置

        acl purgers {          定義可以進行訪問控制列表，指定特定的ip可以進行PURGE

            "127.0.0.0"/8;

            "192.168.150.0"/24;

        }

        sub vcl_purge{

            return (synth(200,"Purged"));

        }

        sub vcl_recv {     在vcl_recv進行PURGE方法的定義，當請求的方法為PURGE時return purge

            if (req.method == "PURGE") {

                if (!client.ip ~ purgers) {

                    return(synth(405,"Purge not allow for" + client.ip));

                }

                return(purge);

            }

        }

vcl.load test4 default.vcl

200       

VCL compiled.

vcl.use test4

200       

VCL 'test4' now active

客戶端進行curl命令指定PURGE方法訪問

[root@client1 ~]# curl -X PURGE http://192.168.150.137/morning.jpg

<!DOCTYPE html>

<html>

  <head>

    <title>200 Purged</title>     返回了200 Purged

  </head>

  <body>

    <h1>Error 200 Purged</h1>

    <p>Purged</p>

    <h3>Guru Meditation:</h3>

    <p>XID: 131139</p>

    <hr>

    <p>Varnish cache server</p>

  </body>

</html>

設定多個后端主機

varnish主機配置

        backend default {

            .host = "192.168.150.138";

            .port = "80";

        }

        backend appsrv {

            .host = "192.168.150.140";

            .port = "80";

        }

        sub vcl_recv {     在vcl_recv中進行判斷，如何請求一.php結尾的則指向后端的appsrv主機

            if (req.url ~ "(?i)\.php$") {

                set req.backend_hint = appsrv;

            } else {

                set req.backend_hint = default;

            }

        }

vcl.load test5 default.vcl

200       

VCL compiled.

vcl.use test5

200       

VCL 'test5' now active

設定web2主機，架設Php進行模擬測試

~]# yum -y install httpd php

~]# vim /var/www/html/index.php

<?php

    phpinfo();

?>

訪問index.html時

 

訪問index.php時調度至Php主機

 

后端主機的調度

使用調度時，先要在配置檔中進行import引用

        import directors;

        backend websrv1 {

            .host = "192.168.150.138";

            .port = "80";

        }

        backend websrv2 {

            .host = "192.168.150.140";

            .port = "80";

        }

        sub vcl_init {

            new websrvs = directors.round_robin();

            websrvs.add_backend(websrv1);

            websrvs.add_backend(websrv2);

        }

        sub vcl_recv {

                set req.backend_hint = websrvs.backend();

                …

        }

健康狀態監測

        backend websrv1 {

            .host = "192.168.150.138";

            .port = "80";

            .probe = {

                .url = "/";

                .interval = 1s;    #探測頻率

                .window = 8;    #基于最近多少次的探測

                .threshold = 5;    #最近8次探測中至少有5次是成功的

                .timeout = 2s;每次探測的超時時長

            }

            .request =

                 "GET / HTTP/1.1"

                 "Host:192.168.150.138"

                 "Connection:close"

             .expected_response=200;

        }