一 . 172.26.11.71 172.26.11.72 安装varnish
mkdir -p /data/software
mkdir -p /data/src
mkdir -p /data/conf
mkdir -p /data/logs
yum -y install gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel gettext-devel
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers libtool
yum -y install rsyslog gcc gcc-c++ libstdc++-devel httpd-devel pcre perl pcre-devel zlib zlib-devel GeoIP GeoIP-devel
cd /data/software/
wget http://repo.varnish-cache.org/source/varnish-3.0.3.tar.gz
cd /data/src/
tar zxf ../software/varnish-3.0.3.tar.gz
cd varnish-3.0.3
./autogen.sh
./configure --prefix=/usr/local/varnish PKG_CONFIG_PATH=/usr/lib/pkgconfig
make && make install
#指定一下命令的快捷方式
ln -s /usr/local/varnish/sbin/varnishd /usr/bin/varnishd
ln -s /usr/local/varnish/sbin/varnishd /usr/sbin/varnishd
ln -s /usr/local/varnish/bin/varnishlog /usr/bin/varnishlog
ln -s /usr/local/varnish/bin/varnishncsa /usr/bin/varnishncsa
ln -s /usr/local/varnish/bin/varnishadm /usr/bin/varnishadm
ln -s /usr/local/varnish/bin/varnishstat /usr/bin/varnishstat
#配置文件也指定到熟悉的位置
ln -s /usr/local/varnish/etc/varnish/default.vcl /etc/varnish.conf
#看看是否已正确安装了
varnishd -V
vi /etc/varnish.conf
# This is a basic VCL configuration file for varnish. See the vcl(7)
# man page for details on VCL syntax and semantics.
#
# Default backend definition. Set this to point to your content
# server.
#
backend web1 {
.host = "172.26.11.73";
.port = "8080";
.connect_timeout = 1s;
.first_byte_timeout = 5s;
.between_bytes_timeout = 2s;
}
backend web2 {
.host = "172.26.11.74";
.port = "8080";
.connect_timeout = 1s;
.first_byte_timeout = 5s;
.between_bytes_timeout = 2s;
}
director load random {
{
.backend = web1;
.weight = 5;
}
{
.backend = web2;
.weight = 5;
}
}
#
# Below is a commented-out copy of the default VCL logic. If you
# redefine any of these subroutines, the built-in logic will be
# appended to your code.
acl purge {
"localhost";
"127.0.0.1";
}
sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
return (lookup);
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.request == "GET" && req.url ~ "\.(js|css|html|jpg|png|gif|swf|jpeg|ico)$") {
unset req.http.cookie;
}
if (req.http.host ~ "^(.*)ijie.com$") {
set req.backend = load;
if (req.request != "GET" && req.request != "HEAD") {
return (pipe);
}
elseif(req.url ~ "\.(php|cgi)($|\?)") {
return (pass);
#return (lookup);
}
else {
return (lookup);
}
}
else {
error 404 "Tyler's Server";
return (lookup);
}
}
#
sub vcl_pipe {
# # Note that only the first request to the backend will have
# # X-Forwarded-For set. If you use X-Forwarded-For and want to
# # have it set for all requests, make sure to have:
# # set bereq.http.connection = "close";
# # here. It is not set by default as it might break some broken web
# # applications, like IIS with NTLM authentication.
return (pipe);
}
#
sub vcl_pass {
return (pass);
}
#
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (hash);
}
#
sub vcl_hit {
# if(req.http.Cache-Control~"no-cache"||req.http.Cache-Control~"max-age=0"||req.http.Pragma~"no-cache"){
# set obj.ttl=0s;
# return (restart);
# }
return (deliver);
}
#
sub vcl_miss {
return (fetch);
}
sub vcl_fetch {
# if (beresp.ttl <= 0s ||
# beresp.http.Set-Cookie ||
# beresp.http.Vary == "*") {
/*
* Mark as "Hit-For-Pass" for the next 2 minutes
*/
# set beresp.ttl = 3600 s;
# return (hit_for_pass);
# }
set beresp.ttl = 3600m;
if (req.url ~ "html$") {
set beresp.ttl = 3600m;
set beresp.do_gzip = true;
unset beresp.http.Cache-Control;
unset beresp.http.Pragma;
set beresp.http.Cache-Control = "max-age=3600";
unset beresp.http.Expires;
}
if (beresp.http.Pragma ~"no-cache" || beresp.http.Cache-Control ~"no-cache" ||beresp.http.Cache-Control ~"private") {
return (deliver);
}
if (req.request == "GET"&&req.url ~ "(?i)\.(png|xsl|xml|pdf|ppt|doc|docx|chm|rar|zip|bmp|jpeg|swf|ico|mp3|mp4|rmvb|ogg|mov|avi|wmv|swf|txt|png|gif|jpg|css|js)$") {
set beresp.ttl = 30d;
}
if (req.request == "GET"&& req.url ~ "\.(html|htm)$") {
set beresp.ttl = 1d;
}
return (deliver);
}
sub vcl_deliver {
return (deliver);
}
#
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>"} + obj.status + " " + obj.response + {"</title>
</head>
<body>
<h1>Error "} + obj.status + " " + obj.response + {"</h1>
<p>"} + obj.response + {"</p>
<h3>Guru Meditation:</h3>
<p>XID: "} + req.xid + {"</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
"};
return (deliver);
}
#
sub vcl_init {
return (ok);
}
sub vcl_fini {
return (ok);
}
#建立Varnish用户以及用户组
useradd -s /sbin/nologin varnish
#将varnish配置文件和服务写入到系统:
cp /data/src/varnish-3.0.3/redhat/varnish.initrc /root/varnish
cp /data/src/varnish-3.0.3/redhat/varnish.sysconfig /etc/sysconfig/varnish
cp /data/src/varnish-3.0.3/redhat/varnish_reload_vcl /usr/local/varnish/bin/
#生成一个secret用于varnish 的 reload,这样以后修改了 /etc/varnish.conf,可以不用重启就可以重新载入新的配置了!
mkdir -p /etc/varnish/
uuidgen > /etc/varnish/secret
chmod 600 /etc/varnish/secret
mkdir -p /data/varnish/cache/
vi /etc/init.d/varnish
#! /bin/sh
. /etc/init.d/functions
retval=0
pidfile=/var/run/varnish.pid
exec="/usr/bin/varnishd" #attention this...
reload_exec="/usr/local/varnish/bin/varnish_reload_vcl" #attention this...
prog="varnishd" #attention this...
config="/etc/sysconfig/varnish" #attention this...
lockfile="/var/lock/subsys/varnish"
# Include varnish defaults
[ -e /etc/sysconfig/varnish ] && . /etc/sysconfig/varnish
start() {
if [ ! -x $exec ]
then
echo $exec not found
exit 5
fi
if [ ! -f $config ]
then
echo $config not found
exit 6
fi
echo -n "Starting Varnish Cache: "
# Open files (usually 1024, which is way too small for varnish)
ulimit -n ${NFILES:-131072}
# Varnish wants to lock shared memory log in memory.
ulimit -l ${MEMLOCK:-82000}
# $DAEMON_OPTS is set in /etc/sysconfig/varnish. At least, one
# has to set up a backend, or /tmp will be used, which is a bad idea.
if [ "$DAEMON_OPTS" = "" ]; then
echo "\$DAEMON_OPTS empty."
echo -n "Please put configuration options in $config"
return 6
else
# Varnish always gives output on STDOUT
daemon --pidfile $pidfile $exec -P $pidfile "$DAEMON_OPTS" > /dev/null 2>&1
retval=$?
if [ $retval -eq 0 ]
then
touch $lockfile
echo_success
echo
else
echo_failure
echo
fi
return $retval
fi
}
stop() {
echo -n "Stopping Varnish Cache: "
killproc -p $pidfile $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
if [ "$RELOAD_VCL" = "1" ]
then
$reload_exec
else
force_reload
fi
}
force_reload() {
restart
}
rh_status() {
status -p $pidfile $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
configtest() {
if [ -f "$VARNISH_VCL_CONF" ]; then
$exec -f "$VARNISH_VCL_CONF" -C -n /tmp > /dev/null && echo "Syntax ok"
else
echo "VARNISH_VCL_CONF is unset or does not point to a file"
fi
}
# See how we were called.
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
configtest)
configtest
;;
*)
echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?
vi /etc/sysconfig/varnish
NFILES=131072
MEMLOCK=82000
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish.conf #attention this...
VARNISH_LISTEN_ADDRESS=0.0.0.0
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 #这里设置成0.0.0.0表示允许任何IP对其进行管理,当然secret要通过才行~
VARNISH_ADMIN_LISTEN_PORT=2000
VARNISH_SECRET_FILE=/etc/varnish/secret #attention this...
VARNISH_MIN_THREADS=50
VARNISH_MAX_THREADS=1000
VARNISH_THREAD_TIMEOUT=120 #attention this...
VARNISH_STORAGE_FILE=/data/varnish/cache/varnish_cache.data #attention this...
VARNISH_STORAGE_SIZE=1G
VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" #attention this...
#it can also be fixed as this: VARNISH_STORAGE="malloc,1G"
VARNISH_TTL=120
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-f ${VARNISH_VCL_CONF} \
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-t ${VARNISH_TTL} \
-w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
-u varnish -g varnish \
-S ${VARNISH_SECRET_FILE} \
-s ${VARNISH_STORAGE}"
chmod 755 /root/varnish
chmod 755 /usr/local/varnish/bin/varnish_reload_vcl
#可以用的命令:
/root/varnish {start|stop|status|restart|condrestart|try-restart|reload|force-reload}
#查看实时运行状况
varnishstat
#查看日志 方式一(varnish的特有方式):
varnishlog
#查看日志 方式二(与nginx日志相似方式):
varnishncsa
#清除缓存:
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban.url ^/index.html
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban.url ^.* #清除所有的
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban.list
清除www.bbs.com域名下的/static/image/tt.jpg
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban “req.http.host ~www.bbs.com$ && req.url ~ /static/image/tt.jpg”
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret BAN “req.http.host ~www.aipinp.com$ && req.url ~ /index.html”
vi /etc/sysctl.conf
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000