首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 其他教程 > 互联网 >

Nginx 反向署理+Varnish 技术

2012-10-15 
Nginx 反向代理+Varnish 技术Nginx?反向代理+Varnish?技术转载了峰哥的劳动成果!!!??一、?????????????Ngin

Nginx 反向代理+Varnish 技术

Nginx?反向代理+Varnish?技术


转载了峰哥的劳动成果!!!??


一、?????????????Nginx?反向代理

?

1、?安装条件:

Nginx: http://sysoev.ru/nginx/nginx-0.6.32.tar.gz

SSL: http://www.openssl.org/source/openssl-0.9.8g.tar.gz

Pcre:?ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz

Zlib:?http://www.zlib.net/zlib-1.2.3.tar.gz

?

2、?安装:

l?????????Ssl安装:

?

?

[root@RedhatAS4U4-Oracle oracle]# tar -zxvf?openssl-0.9.8g.tar.gz

[root@RedhatAS4U4-Oracle oracle]# cd?openssl-0.9.8g

[root@RedhatAS4U4-Oracle?openssl-0.9.8g]#./config --prefix=/usr/local/openssl/

[root@RedhatAS4U4-Oracle?openssl-0.9.8g]# make

[root@RedhatAS4U4-Oracle?openssl-0.9.8g]# make install

?

?

l?????????Pcre?安装:

?

[root@RedhatAS4U4-Oracle oracle]# tar -zxvf?pcre-7.7.tar.gz

[root@RedhatAS4U4-Oracle oracle]# cd pcre-7.7

[root@RedhatAS4U4-Oracle pcre-7.7]# ./configure --prefix=/usr/local/pcre

[root@RedhatAS4U4-Oracle pcre-7.7]# make

[root@RedhatAS4U4-Oracle pcre-7.7]# make install

?

Make?时报错:

libtool: ignoring unknown tag CXX

libtool: unrecognized option `-DHAVE_CONFIG_H'

Try `libtool --help' for more information.

make[1]: *** [pcrecpp.lo] Error 1

make[1]: Leaving directory `/home/beijing/pcre-7.7'

make: *** [all] Error 2

?

原因:

pcre-7.7 configuration summary:

?

????Install prefix .................. : /usr/local/pcre

????C preprocessor .................. : gcc -E

????C compiler ...................... : gcc

????C++ preprocessor ................ :

????C++ compiler .................... :

????Linker .......................... : /usr/bin/ld

????C preprocessor flags ............ :

????C compiler flags ................ : -O2

????C++ compiler flags .............. :

????Linker flags .................... :

????Extra libraries ................. :

没有装GCC C++包:

gcc-c++-3.4.6-8.i386.rpm libstdc++-devel-3.4.6-8.i386.rpm

?

?

l?????????Zlib?安装:

?

[root@RedhatAS4U4-Oracle oracle]# tar -zxvf?zlib-1.2.3.tar.gz

[root@RedhatAS4U4-Oracle oracle]# cd zlib-1.2.3

[root@RedhatAS4U4-Oracle zlib-1.2.3]#

[root@RedhatAS4U4-Oracle zlib-1.2.3]# make

[root@RedhatAS4U4-Oracle zlib-1.2.3]# make install

?

?

l?????????Nginx?安装:

?

[root@RedhatAS4U4-Oracle oracle]# tar -zxvf?nginx-0.6.32.tar.gz

[root@RedhatAS4U4-Oracle oracle]# cd nginx-0.6.32

[root@RedhatAS4U4-Oracle nginx-0.6.32]# ./configure??--prefix=/usr/local/nginx --with-http_ssl_module --with-pcre=/root/pcre-7.7 --with-zlib=/root/zlib-1.2.3 --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-openssl=/root/openssl-0.9.8g

[root@RedhatAS4U4-Oracle nginx-0.6.32]# make

[root@RedhatAS4U4-Oracle nginx-0.6.32]# make install

?

?

?

3、?配置:

?

?

[root@RedhatAS4U4-Oracle oracle]# cat /usr/local/nginx/conf/nginx.conf

user??nobody nobody;

worker_processes??30;

error_log??logs/error.log notice;

pid????????logs/nginx.pid;

events {

????????use epoll;

????????worker_connections??????40960;

?????????}

http {

?????????include???????mime.types;

?????????default_type??application/octet-stream;

?????????log_format main??'$remote_addr - $remote_user [$time_local] '

????????????????????????????????????????????????'"$request" $status $bytes_sent '

????????????????????????????????????????????????'"$http_referer" "$http_user_agent" '

????????????????????????????????????????????????'"$gzip_ratio"';

?????????keepalive_timeout??150;

?????????server_names_hash_bucket_size??64;

?

upstream?cache?{

?????????ip_hash;

?????????server?10.167.26.166:8080;???//varnish server 1

?????????server 10.167.26.3;

??????????}

?

server {

?????????listen???????????????10.167.26.5:80;

?????????server_name????cacti.chinarenservice.com;

?????????access_log??logs/cacti.wizardial.com.access.log??main;

?????????location / {

????????????????????????proxy_pass??????http://cache;

????????????????????????proxy_redirect????????http://cacti.chinarenservice.com/ /;

????????????????????????proxy_set_header????????Host $host;

????????????????????????proxy_set_header????????X-Real-IP $remote_addr;

????????????????????????proxy_set_header????????X-Forwarded-For $proxy_add_x_forwarded_for;

?????????????????????proxy_set_header????????X-Is-EDU??0;

?????????????????????client_max_body_size?50m;
??????????????????????????client_body_buffer_size 256k;
??????????????????????????proxy_connect_timeout 10;
??????????????????????????proxy_send_timeout 15;
??????????????????????????proxy_read_timeout 15;
??????????????????????????proxy_buffer_size 4k;
??????????????????????????proxy_buffers 4 32k;
??????????????????????????proxy_busy_buffers_size 64k;
??????????????????????????proxy_temp_file_write_size 64k;

??????????????????????????}

????????}

?

server {

?????????listen??10.167.26.5:81;

?????????server_name nginxstatus.chinarenservice.com 10.167.26.5;

?????????location /NginxStatus {

?????????????????stub_status on;

?????????????????access_log???off;

?????????????????allow???210.22.7.147;

?????????????????allow????127.0.0.1;

?????????????????deny all;

??????????????}

??????}

?????????}

?

?

以上配置为nginx?做反向代理,监听10.167.26.5:80的IP,接收cacti.wizardial.com?的域名请求,转发到后端varnish缓存服务器

?

4、?优化:

l?????????修改open files数

显示open files数

[root@RedhatAS4U4-Oracle oracle]#?ulimit -a

?

core file size??????????(blocks, -c) 0

data seg size???????????(kbytes, -d) unlimited

file size???????????????(blocks, -f) unlimited

pending signals?????????????????(-i) 1024

max locked memory???????(kbytes, -l) 32

max memory size?????????(kbytes, -m) unlimited

open files??????????????????????(-n) 1024

?

……

?

修改open files数

?

[root@RedhatAS4U4-Oracle oracle]#?ulimit -n 8192

?

l?????????优化Linux内核参数

[root@RedhatAS4U4-Oracle oracle]#?vi /etc/sysctl.conf

?

在末尾增加以下内容:

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_keepalive_time = 300

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.ip_local_port_range = 5000????65000

?

使配置立即生效:

[root@RedhatAS4U4-Oracle oracle]#?/sbin/sysctl -p

?

?

l?????????不停止Nginx服务的情况下平滑变更Nginx配置

?

[root@RedhatAS4U4-Oracle oracle]#?kill -HUP `cat /usr/local/nginx/logs/nginx.pid`

?

?

l??????????

?

5、???

?

二、?????????????Varnish?缓存

?

Varnish优点:
  1、Varnish采用了“Visual Page Cache”技术,在内存的利用上,Varnish比Squid具有优势,它避免了Squid频繁在内存、磁盘中交换文件,性能要比Squid高。
  2、Varnish的稳定性非常好

  3、通过Varnish管理端口,可以使用正则表达式快速、批量地清除部分缓存,这一点是Squid不能具备的。

?

Varnish网站缓存加速器安装:
  1、创建www用户和组,以及Varnish缓存文件存放目录(/var/InfiNET/cache):

[root@RedhatAS4U4-Oracle oracle]#?/usr/sbin/groupadd www -g 48
[root@RedhatAS4U4-Oracle oracle]#?/usr/sbin/useradd -u 48 -g www www
[root@RedhatAS4U4-Oracle oracle]#?mkdir -p /var/InfiNET/cache
[root@RedhatAS4U4-Oracle oracle]#?chmod +w /var/InfiNET/cache
[root@RedhatAS4U4-Oracle oracle]#?chown -R www:www /var/InfiNET/cache


  2、创建Varnish日志目录(/var/logs/):

[root@RedhatAS4U4-Oracle oracle]#?mkdir -p /usr/local/varnish/logs

[root@RedhatAS4U4-Oracle oracle]#?chmod +w /usr/local/varnish/logs

[root@RedhatAS4U4-Oracle oracle]#?chown -R www:www /usr/local/varnish/logs

  3、编译安装varnish:

下载:

http://sourceforge.net/project/showfiles.php?group_id=155816&package_id=173643&release_id=563022

[root@RedhatAS4U4-Oracle oracle]#?wget http://blog.s135.com/soft/linux/varnish/varnish-1.1.2.tar.gz
[root@RedhatAS4U4-Oracle oracle]#?tar zxvf varnish-1.1.2.tar.gz
[root@RedhatAS4U4-Oracle oracle]#?cd varnish-1.1.2
[root@RedhatAS4U4-Oracle oracle]#?./configure --prefix=/usr/local/varnish
[root@RedhatAS4U4-Oracle oracle]#?make && make install

?

./configure -enable-debugging-symbols -enable-developer-warnings -enable-dependency-tracking?--prefix=/usr/local/varnish
注意,我在进行make步骤时,出现如下错误:?
"varnishhist.c:35:20: error: curses.h: No such file or directory"?
造成该问题的原因是因为系统中少了ncurses-devel包


  4、创建Varnish配置文件:

[root@RedhatAS4U4-Oracle oracle]#?vi /usr/local/varnish/vcl.conf

backend myblogserver {?
? ? ? ?set backend.host = "10.167.26.3";?
? ? ? ?set backend.port = "80";?
}

acl purge {
? ? ? ?"localhost";
? ? ? ?"127.0.0.1";
? ? ? ?"10.167.0.0"/16;

"210.22.7.147"/32;
}

sub vcl_recv {
? ? ? ?if (req.request == "PURGE") {
? ? ? ? ? ? ? ?if (!client.ip ~ purge) {
? ? ? ? ? ? ? ? ? ? ? ?error 405 "Not allowed.";
? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ?lookup;
? ? ? ?}

? ? ? ?if (req.http.host ~ "^cacti.chinarenservice.com") {
? ? ? ? ? ? ? ?set req.backend = mymonitorserver;?
? ? ? ? ? ? ? ?if (req.request != "GET" && req.request != "HEAD") {
? ? ? ? ? ? ? ? ? ? ? ?pipe;
? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ?else {
? ? ? ? ? ? ? ? ? ? ? ?lookup;
? ? ? ? ? ? ? ?}
? ? ? ?}
? ? ? ?else {
? ? ? ? ? ? ? ?error 404 "Zhang Yan Cache Server";?
? ? ? ? ? ? ? ?lookup;
? ? ? ?}
}

sub vcl_hit {
? ? ? ?if (req.request == "PURGE") {
? ? ? ? ? ? ? ?set obj.ttl = 0s;
? ? ? ? ? ? ? ?error 200 "Purged.";
? ? ? ?}
}

sub vcl_miss {
? ? ? ?if (req.request == "PURGE") {
? ? ? ? ? ? ? ?error 404 "Not in cache.";
? ? ? ?}
}

sub vcl_fetch {
? ? ? ?if (req.request == "GET" && req.url ~ "\.(txt|js|gif|jpg||jpeg|tom|swf|css)$") {
? ? ? ? ? ? ? ?set obj.ttl = 3600s;
? ? ? ?}
? ? ? ?else {
? ? ? ? ? ? ? ?set obj.ttl = 30d;
? ? ? ?}
}

  对以上配置文件解释一下:
  (1)、Varnish通过反向代理请求后端IP为10.167.26.3,端口为80的apache服务器;
  (2)、Varnish允许localhost、127.0.0.1、10.167.0.***源IP通过PURGE方法清除缓存;
  (3)、Varnish对域名为cacti.chinarenservice.com的请求进行处理,非cacti.chinarenservice.com域名的请求则返回“freeke Cache Server”;
  (4)、Varnish对HTTP协议中的GET、HEAD请求进行缓存,对POST请求透过,让其直接访问后端Web服务器。之所以这样配置,是因为POST请求一般是发送数据给服务器的,需要服务器接收、处理,所以不缓存;
  (5)、Varnish对以.txt和.js等结尾的URL缓存时间设置1小时,对其他的URL缓存时间设置为30天。

  5、启动Varnish

[root@RedhatAS4U4-Oracle oracle]#?limit -SHn 51200

[root@RedhatAS4U4-Oracle oracle]#?/usr/local/varnish/sbin/varnishd -n /var/InfiNET/cache -f /usr/local/varnish/vcl.conf -a 0.0.0.0:80 -s file,/var/InfiNET/cache/varnish_cache.data,1G?-g www -u www -w 30000,51200,10 -T 127.0.0.1:3500 -p client_http11=on


  6、启动varnishncsa用来将Varnish访问日志写入日志文件:

[root@RedhatAS4U4-Oracle oracle]#?/usr/local/varnish/bin/varnishncsa -n /var/InfiNET/cache -w /usr/local/varnish/logs/varnish.log &

  7、配置开机自动启动Varnish

[root@RedhatAS4U4-Oracle oracle]#?vi /etc/rc.local

ulimit -SHn 51200

/usr/local/varnish/sbin/varnishd -n /var/InfiNET/cache -f /usr/local/varnish/vcl.conf -a 0.0.0.0:80 -s file,/var/InfiNET/cache/varnish_cache.data,1G?-g www -u www -w 30000,51200,10 -T 127.0.0.1:3500 -p client_http11=on

/usr/local/varnish/bin/varnishncsa -n /var/InfiNET/cache -w /usr/local/varnish/logs/varnish.log &

?

FAQ:

1、?配置 泛域名 的主机

很多二级域名,比如?xx.chinarenservice.com ? ?,一个一个加好麻烦。。。squid?或者nginx?都支持.chinarenservice.com?的

?

if (req.http.host ~ "^www.chinarenservice.com") {
改成
if (req.http.host ~ ".chinarenservice.com") {

?

?

2、?附varnish多站点配置

?

backend www {
?????? set backend.host = "www.chinarenservice.com";
?????? set backend.port = "80";
???????? }
?
backend blog {
?????? set backend.host = "blog.chinarenservice.com";
?????? set backend.port = "80";
???????? }
?
backend image {
????? set backend.host = "image.chinarenservice.com";
????? set backend.port = "80";
???????? }
?
sub vcl_recv {
????? if (req.http.host ~ "^(www.)?chinarenservice.com$") {
??????????? set req.http.host = "www.chinarenservice.com";
??????????? set req.backend = www;
????? } elsif (req.http.host ~ "^blog.chinarenservice.com$") {
??????????? set req.backend = blog;
????? } elsif (req.http.host ~ "^image.chinarenservice.com$") {
??????????? set req.backend = image;
????? } else {
??????????? error 404 "Unknown host";
}

读书人精选
热点排行