varnish反向代理的简单配置,可用看http://linuxguest.blog.51cto.com/195664/354889/这篇博文来对varnish有一个初步的了解。
varnish的流程图还是很重要的,可以说是varnish的整体结构。如下图:
目测csdn的博客比sina的牛很多的so
发现一个问题,那就是你定义的东西都必须使用,否则会报错,可能是警告吧,没看清楚。。。
不知道我在ACL里面定义的两个重复的IP,一个允许访问,一个不允许访问,最后会出什么样的结果呢。。。貌似,编译的时候会出错。。。
#This is a basic VCL configuration file for varnish. See the vcl(7)
#man page for details on VCL syntax and semantics.
#Default backend definition. Set this to point to your content
#server.
backend netease {#设置后端服务器,与haproxy不同的是,backend中只能设定一个服务器,不过可以定义规则,
.host = "183.136.156.182";
.port = "80";
.probe = { #探针,varnish将检查通过探针检查每个后端服务器是否健康.(怎么个机理,表示没看懂)
.url = "/"; #哪个url需要varnish请求。
.interval = 5s; #检查的间隔时间
.timeout = 1 s; #等待多长时间探针超时
.window = 5; #varnish将维持5个sliding window的结果
.threshold= 3; #至少有3次.windows检查是成功的,就宣告backends健康
}
}
backend zhong {
.host = "122.227.58.188";
.port = "80";
}
backend zzyl {
.host = "127.0.0.1";
.port = "8080";
}
director gdb round-robin{ #服务器组,具体作用和haproxy的backend类似,round-robin的作用是指定算法来访问服务器组。
{
.backend = netease;
}
{
.backend = zhong;
}
{
.backend = zzyl;
}
}
#创建一个VCL关键字的访问控制列表。可以配置客户端的IP地址
acl local {
"localhost";
"192.168.2.0"/24; #/* and everyone on the local network */
! "192.168.2.125"; #/* except for the dial in router (表示排除在外)*/
}
#Below is a commented-out copy of the default VCL logic. If you
#redefine any of these subroutines, the built-in logic will be
#appended to your code.
sub vcl_recv {
#return (vcl_error);
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if (req.http.Authorization || req.http.Cookie) {
/* Not cacheable by default */
return (pass);
}
#下面三个if语句要放在这里,如果放到fetch中就会失效的
if (req.http.host ~ "^www.163.com$" && client.ip ~ local){
set req.backend = netease;
}
if (req.http.host ~ "^www.53kf.com$"){
set req.backend = gdb;#这边就是对服务器组的使用
}
if (req.http.host ~ "(zzy)?\.zzyl\.com"){#~符号是正则表达式匹配,也可以作为acl访问控制列表的匹配
set req.backend = zzyl;
}
return (lookup);
#return (error);
}
sub vcl_pipe {
return (pipe);
}
sub vcl_pass {
return (pass);
}
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (hash);
}
sub vcl_hit {
return (deliver);
}
sub vcl_miss {
#return (error);
return (fetch);
}
sub vcl_fetch {
if (beresp.ttl <= 0s ||
beresp.http.Set-Cookie ||
beresp.http.Vary == "*") {
# /*
# * Mark as "Hit-For-Pass" for the next 2 minutes
# */
set beresp.ttl = 120 s;
# return (error);
return (hit_for_pass);
}
return (deliver);
}
sub vcl_deliver {
return (deliver);
}
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>"} + obj.status + " " + obj.response + {"</title>
</head>
<body>
<h1>Error "} + obj.status + " " + obj.response + {"</h1>
<p>"} + obj.response + {"</p>
<h3>Guru Meditation:</h3>
<p>XID: "} + req.xid + {"</p>
<hr>
<p>Varnish cache server-zzy</p>
</body>
</html>
"};
return (deliver);
}
sub vcl_init {
return (ok);
}
sub vcl_fini {
return (ok);
}