centos5.5 32位系统 varnish版本3.0.2
192.168.159.88为后端静态资源服务器
varnish所以来的软件包:
autotools-dev
automake1.9
libtool
autoconf
libncurses-dev
xsltproc
groff-base
libpcre3-dev
直接yum安装系统所缺的包即可。
下载varnish源码包,解压安装:
wget http://repo.varnish-cache.org/source/varnish-3.0.2.tar.gz
# tar zxvf varnish-3.0.2.tar.gz
# cd varnish-3.0.2
# ./configure --prefix=/usr/local/varnish/
# make;make install
进行一些简单配置:
在解压的源码包的目录中拷贝启动文件和其他所需文件到相关目录:
# cp redhat/varnish.initrc /etc/init.d/varnish
# cp redhat/varnish.sysconfig /etc/sysconfig/varnish
# cp redhat/varnish_reload_vcl /usr/local/varnish/bin/ (此文件作用为修改配置文件后重新加载,这样避免了重启造成已缓存文件丢失)
# vim /etc/init.d/varnish
exec="/usr/local/varnish/sbin/varnishd"
reload_exec="/usr/local/varnish/bin/varnish_reload_vcl"
prog="varnishd"
config="/etc/sysconfig/varnish"
lockfile="/var/lock/subsys/varnish"
修改文件开始的相关路径的定义,我修改了红色习题标记的两行。
# vim /etc/sysconfig/varnish
NFILES=131072
MEMLOCK=82000
RELOAD_VCL=1
VARNISH_VCL_CONF=/usr/local/varnish/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_MIN_THREADS=1
VARNISH_MAX_THREADS=1000
VARNISH_THREAD_TIMEOUT=120
VARNISH_STORAGE_FILE=/var/lib/varnish/varnish_storage.bin
VARNISH_STORAGE_SIZE=128M
VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
VARNISH_TTL=120
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-f ${VARNISH_VCL_CONF} \
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-t ${VARNISH_TTL} \
-w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
-u varnish -g varnish \
-s ${VARNISH_STORAGE}"
以上是我修改的几处,我机器内存小。
# vim /usr/local/varnish/bin/varnish_reload_vcl
注释掉关于认证文件的部分:
#elif [ -z "$VARNISH_SECRET_FILE" ]; then
# echo "Warning: VARNISH_SECRET_FILE is not set"
# secret=""
#elif [ ! -s "$VARNISH_SECRET_FILE" ]; then
# echo "Error: varnish secret file $VARNISH_SECRET_FILE is unreadable or empty"
# exit 2
#else
# secret="-S $VARNISH_SECRET_FILE"
找到定义varnishadm的行,指定路径:
# Done parsing, set up command
VARNISHADM="/usr/local/varnish/bin/varnishadm $secret -T $VARNISH_ADMIN_LISTEN_ADDRESS:$VARNISH_ADMIN_LISTEN_PORT"
增加用户,建立一个varnish的日志目录,如果需要日志输出时使用
# useradd -s /bin/false -M varnish
# mkdir /var/log/varnish/
# chown -R varnish.varnish /var/log/varnish/
# chown -R varnish.varnish /var/lib/varnish
基本配置完成。
下面是重头戏,varnish几乎所有配置都是在一个vcl文件中完成,当然也可以使用Include包含进其他vcl。这个配置文件比较灵活,对我来说还有点复杂。一直没理顺处理流程。默默糊糊的。下面是一个基本的配置文件。default.vcl包含了大部分的基本配置。把注释去掉,再加上自定义的一些指令即可完成。
backend zabbix {
.host = "192.168.159.88";
.port = "8088";
}
acl purgeallow {
"127.0.0.1";
# "192.168.159.10";
}
#
# Below is a commented-out copy of the default VCL logic. If you
# redefine any of these subroutines, the built-in logic will be
# appended to your code.
sub vcl_recv {
if(req.request == "PURGE") {
if(!client.ip ~ purgeallow) {
error 405 "not allowed.";
}
return(lookup);
}
if (req.request == "GET" && req.url ~ "\.(jpg|png|gif|swf|flv|ico|jpeg)$") {
unset req.http.cookie;
}
if (req.request =="GET"&&req.url ~ "(?i)\.php($|\?)"){
return (pass);
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.request != "GET" && req.request != "HEAD") {
return (pass);
}
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
if (req.http.host ~ "192.168.159.88") {
set req.backend = zabbix;
set req.http.host = "192.168.159.88";
if (req.request != "GET" && req.request != "HEAD") {
return(pipe);
}
else {
return(lookup);
}
}
return (lookup);
}
sub vcl_pipe {
return (pipe);
}
sub vcl_pass {
return (pass);
}
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (hash);
}
#
sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "purged";
}
return (deliver);
}
#
sub vcl_miss {
if(req.request == "PURGE") {
error 404 "not in cache.";
}
return (fetch);
}
#
sub vcl_fetch {
if (beresp.ttl <= 0s ||
beresp.http.Set-Cookie ||
beresp.http.Vary == "*") {
/*
* Mark as "Hit-For-Pass" for the next 2 minutes
*/
set beresp.ttl = 120 s;
return (hit_for_pass);
}
if (beresp.http.Pragma ~ "no-cache" ||
beresp.http.Cache-Control ~ "no-cache" ||
beresp.http.Cache-Control ~ "private") {
return(deliver);
}
if(beresp.status == 404 || beresp.status == 300) {
error 404;
}
if (req.request == "GET" && req.url ~ "\.(jpg|png|gif|swf|flv|ico|jpeg)$") {
set beresp.ttl = 1d;
}
if (req.request == "GET" && req.url ~ "\.(htm|html)$") {
set beresp.ttl = 1d;
}
# if (req.url ~ "\.(png|gif|jpg)$") {
# unset beresp.http.set-cookie;
# set beresp.ttl = 1h;
# }
return (deliver);
}
#
sub vcl_deliver {
#if(obj.hits > 0) {
#set resp.http.X-Cache = "HIT";
#}
#else {
# set.resp.http.X-Cache = "MISS";
#}
#remove resp.http.X-Varnish;
#remove resp.http.Server;
if (obj.hits > 0) {
set resp.http.X-Cache = "cached";
} else {
set resp.http.x-Cache = "uncached";
}
# Remove some headers: PHP version
unset resp.http.X-Powered-By;
# Remove some headers: Apache version & OS
unset resp.http.Server;
return (deliver);
}
#
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>"} + obj.status + " " + obj.response + {"</title>
</head>
<body>
<h1>Error "} + obj.status + " " + obj.response + {"</h1>
<p>"} + obj.response + {"</p>
<h3>Guru Meditation:</h3>
<p>XID: "} + req.xid + {"</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
"};
return (deliver);
}
#
sub vcl_init {
return (ok);
}
#
sub vcl_fini {
return (ok);
}