Varnish

Varnish简介

Varnish是什么 Varnish是一款开源的、高性能的HTTP加速器和反向代理服务器

Varnish能干什么 最主要的功能就是:通过缓存来实现Web访问加速

Varnish特点 主要基于内存或者是虚拟内存进行缓存，性能好 支持设置精确的缓存时间 VCL配置管理比较灵活 后端服务器的负载均衡和健康检查
局部支持ESI
URL地址重写 优雅的处理后端服务器宕机的问题 32位机器上缓存文件大小为最大2GB

Varnish安装

n 源码安装
演示环境:CentOS6.5
1:需要gcc，系统自带了，没有的话，需要先安装 2:需要pcre，这个前面讲Nginx已安装了
3:需要libedit-dev，安装命令:yum install libedit-dev* 4:去https://www.varnish-cache.org/ 下载，然后进行解压安装，示例如下: (1)先解压源码包，然后进入到这个包里面

(2)安装命令示例如下: 第一步:因为安装varnish需要pcre，因此先设置一下路径:

export PKG_CONFIG_PATH=/usr/local/pcre/lib/pkgconfig 第二步:

./configure --prefix=/usr/common/varnish 第三步:

配置后就依次 make ， make install 安装过后，如果从外面访问不了，多半是被防火墙挡住了，可以关闭掉防火墙:

/sbin/service iptables stop

Varnish基本运行

 运行的基本命令示例
./varnishd -f /usr/common/varnish/etc/varnish/default.vcl -s malloc,32M -T 127.0.0.1:2000 -a 0.0.0.0:1111

其中:1:-f 指定要运行的配置文件
2: -s malloc,32M :–s 选项用来确定varnish使用的存储类型和存储容量，这里使用 的是malloc类型(malloc是一个C函数，用于分配内存空间)
3:-T 127.0.0.1:2000 : 指定varnish的管理ip和端口
4: -a 0.0.0.0:1111 :指定varnish对外提供web服务的ip和端口

到valish/sbin的路径下，运行 pkill varnished

配置参考：

https://blog.51cto.com/php2012web/1680580

https://blog.csdn.net/wos1002/article/details/56483283

https://blog.csdn.net/kjsayn/article/details/51329938

完整例子：

#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and http://varnish-cache.org/trac/wiki/VCLExamples for more examples.

# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
import std;
import directors;
# Default backend definition. Set this to point to your content server.
backend server1 {
    .host = "127.0.0.1";    # 指定后端主机的IP地址或者域名
    .port = "8080";        # 指定后端主机的服务端口
    .probe = {
           .url = "/";            # 哪个 url 需要 varnish 请求
    .interval = 10s;    # 检查服务机的时间间隔
    .timeout = 2s;        # 超时时间
    .window = 3;        # 维持3个sliding window 的结果
    .threshold = 3;        # 至少有三次window是成功的，则backend健康
    }
}

backend server2 {
    .host = "127.0.0.1";        # 指定后端主机的IP地址或者域名
    .port = "8090";             # 指定后端主机的服务端口
    .probe = {
        .url = "/";             # 哪个 url 需要 varnish 请求
        .interval = 10s;        # 检查服务机的时间间隔
        .timeout = 2s;          # 超时时间
        .window = 3;            # 维持3个sliding window 的结果
        .threshold = 3;         # 至少有三次window是成功的，则backend健康
    }
}
# 初始化处理
sub vcl_init{
    # 负载均衡
    new vdir = directors.round_robin(); # 创建对象
    vdir.add_backend(server1);
    vdir.add_backend(server2);
}

acl manager {
    "10.5.31.225";  
    ! "192.168.2.0"/24;
    ! "192.168.12.0"/24;
    ! "192.168.2.200";
}

sub vcl_recv {
    # Huppens before we check if we have this in cache already.
    #
    # Typically you clean up the request here, removing cookies you don't need,
    # rewriting the request, etc.
    set req.backend_hint = vdir.backend(); # 获取后端

    # if (req.http.host !~ "(?).xjh.com$") {
    #    return (synth(403,"Forbidden"));    
    #  }
    if (req.method == "PURGE" || (req.http.Pragma ~ "no-cache" && client.ip ~ manager)) {
     if (client.ip !~ manager) {
        return(synth(403, "Access denied."));
     }
     ban("req.http.host == " + req.http.host +" && req.url == " + req.url);
         return(synth(200, "Ban added"));
    }
    if (req.url ~ "\.(php|asp|aspx|jsp|do|ashx|shtml)($|\?)") {
        std.log("dynamic URI - url=" + req.url);
        return (pass);
    }
    if (req.url ~ "\.(css|js|html|htm|bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)($|\?)") {
        std.log("static URI - url=" + req.url);
        unset req.http.cookie;
        return (hash);
    }
    if (req.method == "GET" && req.method == "HEAD") {
        std.log("METHOD URI - url=" + req.url);
        return (hash);
    }
    if (req.restarts == 0) {
        if (req.http.x-forwarded-for) {
            set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
        } else {
            set req.http.X-Forwarded-For = client.ip;
        }
    }
    if (req.method != "GET" && 
    req.method != "HEAD" && 
    req.method != "PUT" &&
    req.method != "POST" &&
    req.method != "TRACE" &&
    req.method != "OPTIONS" &&
    req.method != "PATCH" &&
    req.method != "DELETE") {    
        return (pipe);
    }
    if (req.http.Authorization) {
    return (pass);
    }

    if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)$") {
        unset req.http.Accept-Encoding;    
       } elseif (req.http.Accept-Encoding ~ "gzip") {
        set req.http.Accept-Encoding = "gzip";
       } elseif (req.http.Accept-Encoding ~ "deflate") {
        set req.http.Accept-Encoding = "deflate";
        } else {
            unset req.http.Accept-Encoding;
        }
    }
    std.log("OTHER URI - url=" + req.url);
    return (hash); 
}
sub vcl_pipe {
     if (req.http.upgrade) {
            set bereq.http.upgrade = req.http.upgrade;
     }
}

sub vcl_hash {
    hash_data(req.url);
   if (req.http.host) {
      hash_data(req.http.host);
    } else {
      hash_data(server.ip);
    }
    std.log("HASH URI - url=" + req.url);
    return (lookup);
}
sub vcl_hit {
    std.log("HIT URI - url=" + req.url);
    if (obj.ttl > 0s) {
       return (deliver);
    }
    if (obj.ttl + obj.grace > 0s) {
       return (deliver);
    }
    if (!std.healthy(req.backend_hint) && (obj.ttl + obj.grace > 0s)) {
       return (deliver);
    } else {
         return (fetch);
    }
    return (deliver);
}
sub vcl_miss {
    std.log("Miss URI - url=" + req.url);
    return (fetch);
}

sub vcl_backend_response {
    # Happens after we have read the response headers from the backend.
    #
    # Here you clean the response headers, removing silly Set-Cookie headers
    # and other mistakes your backend does.

    if (beresp.ttl > 0s) {
      unset beresp.http.Set-Cookie;
    }
 
 
    if (beresp.http.Set-Cookie) {
      set beresp.uncacheable = true;
      return (deliver);
    }
 
 
    if (beresp.http.Cache-Control && beresp.ttl > 0s) {
      set beresp.grace = 1m;
      unset beresp.http.Set-Cookie;
    }
 
 
    if (beresp.http.Content-Length ~ "[0-9]{8,}") {
      set bereq.http.x-pipe = "1";
      return (retry);
    }
 
 
    if (bereq.url ~ "\.(php|asp|aspx|jsp|do|ashx|shtml)($|\?)") {
     # set bereq.uncacheable = true; #  只能读不能写
      return (deliver);
    }
 
 
    if (bereq.url ~ "\.(css|js|html|htm|bmp|png|gif|jpg|jpeg|ico)($|\?)") {
       unset beresp.http.set-cookie;
       set beresp.ttl = 12h;
    } elseif (bereq.url ~ "\.(gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)($|\?)") {
      set beresp.ttl = 30m;
    } else {
      set beresp.ttl = 10m;
    } 
    if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") {
       unset beresp.http.set-cookie;
       set beresp.ttl = 120s;
       set beresp.uncacheable = true;
       return (deliver);
    }
   # if (!std.healthy(req.backend_hint)) {
   #    std.log("eq.backend not healthy! req.grace = 1m");
   #     set beresp.grace = 15m;
   # } else {
   #     set beresp.grace = 10s;
   # } 
    return (deliver);
    set beresp.grace = 2m; 
}

sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.

   if (obj.hits > 0) {
      set resp.http.X-Cache = "HIT from " + req.http.host;
      set resp.http.X-Cache-Hits = obj.hits;
    } else {
      set resp.http.X-Cache = "MISS from " + req.http.host;
    }
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.Via;
    unset resp.http.X-Varnish;
    unset resp.http.Age;
    unset resp.http.qq;

}
sub vcl_backend_error {
  if (beresp.status == 500 ||
    beresp.status == 501 ||
    beresp.status == 502 ||
    beresp.status == 503 ||
    beresp.status == 504) {
    return (retry);
  }
}
 
 
sub vcl_fini {
  return (ok);
}