varnish 示例详解
1、缓存命中次数示例
obj.hits 是内建变量,用于保存某缓存项的从缓存中命中的次数。
基本语法如下:
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache = "HIT via " + server.ip;
} else {
set resp.http.X-Cache = "MISS via " + server.ip;
}
}
1.1 绘制拓扑
1.2 varnish 服务器配置
[root@Neo_Neo varnish]# vim varnish.params
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_STORAGE="file,/data/varnish/cache,1G"
VARNISH_USER=varnish
VARNISH_GROUP=varnish
[root@Neo_Neo varnish]# ll /data/varnish/cache/ -d
drwxr-xr-x. 2 varnish varnish 6 Oct 9 10:22 /data/varnish/cache/
[root@Neo_Neo varnish]# vim default.vcl
vcl 4.0;
backend default {
.host = "192.168.10.12";
.port = "80";
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache = "HIT via " + server.ip;
} else {
set resp.http.X-Cache = "MISS via " + server.ip;
}
}
1.3 varnish 配置重载
[root@Neo_Neo varnish]# varnishadm -S secret -T 127.0.0.1:6082
200
-----------------------------
Varnish Cache CLI 1.0
-----------------------------
Linux,3.10.0-957.el7.x86_64,x86_64,-sfile,-smalloc,-hcritbit
varnish-4.0.5 revision 07eff4c29
Type 'help' for command list.
Type 'quit' to close CLI session.
varnish> vcl.list # 使用 varnishadm 工具进行配置重载
200
active 0 boot
varnish> vcl.load tang1 default.vcl
200
VCL compiled.
varnish> vcl.list
200
active 0 boot
available 0 tang1
varnish> vcl.use tang1
200
VCL 'tang1' now active
varnish> vcl.list
200
available 0 boot
active 0 tang1
1.4 用户进行访问
1.4.1 varnish 服务器对后端服务器进行访问
[root@Neo_Neo varnish]# alias ipinfo='ifconfig | grep "inet 192" -B 1'
[root@Neo_Neo varnish]# ipinfo
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.11 netmask 255.255.255.0 broadcast 192.168.1.255
--
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.11 netmask 255.255.255.0 broadcast 192.168.10.255
[root@Neo_Neo varnish]# curl http://192.168.10.12
<h1>HTTP backend-web-server-1 192.168.10.12</h1>
1.4.2 用户对后端服务器进行访问
[root@Neo ~]# alias ipinfo='ifconfig | grep "inet 192" -B 1'
[root@Neo ~]# ipinfo
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
### 第一次进行访问时,不会命中缓存 ###
[root@Neo ~]# curl -I http://192.168.1.11
HTTP/1.1 200 OK
Date: Wed, 09 Oct 2019 14:26:36 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 09 Oct 2019 14:19:45 GMT
ETag: "31-5947afa0a0130"
Content-Length: 49
Content-Type: text/html; charset=UTF-8
X-Varnish: 2
Age: 0
Via: 1.1 varnish-v4
X-Cache: MISS via 192.168.1.11
Connection: keep-alive
### 第二次访问时,命中缓存成功 ###
[root@Neo ~]# curl -I http://192.168.1.11
HTTP/1.1 200 OK
Date: Wed, 09 Oct 2019 14:26:36 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 09 Oct 2019 14:19:45 GMT
ETag: "31-5947afa0a0130"
Content-Length: 49
Content-Type: text/html; charset=UTF-8
X-Varnish: 32770 3
Age: 23
Via: 1.1 varnish-v4
X-Cache: HIT via 192.168.1.11
Connection: keep-alive
### 查看访问内容 ###
[root@Neo ~]# curl http://192.168.1.11
<h1>HTTP backend-web-server-1 192.168.10.12</h1>
2、强制对某类资源的请求不检查缓存
基本语法格式:
### (?i) 代表 不区分大小写 ###
sub vcl_recv {
if (req.url ~ "(?i)^/(login|admin)") {
return(pass);
}
}
2.1 绘制拓扑
2.2 varnish 服务器配置
[root@Neo_Neo varnish]# vim varnish.params
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_STORAGE="file,/data/varnish/cache,1G"
VARNISH_USER=varnish
VARNISH_GROUP=varnish
[root@Neo_Neo varnish]# ll /data/varnish/cache/ -d
drwxr-xr-x. 2 varnish varnish 6 Oct 9 10:22 /data/varnish/cache/
[root@Neo_Neo varnish]# vim default.vcl
vcl 4.0;
backend default {
.host = "192.168.10.12";
.port = "80";
}
sub vcl_recv {
if (req.url ~ "(?i)^/(login|admin)") {
return(pass);
}
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache = "HIT via " + server.ip;
} else {
set resp.http.X-Cache = "MISS via " + server.ip;
}
}
2.3 按 1.3 进行重载
2.4 用户进行访问
2.4.1 varnish 服务器对后端服务器进行访问
[root@Neo_Neo ~]# ipinfo
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.11 netmask 255.255.255.0 broadcast 192.168.1.255
--
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.11 netmask 255.255.255.0 broadcast 192.168.10.255
[root@Neo_Neo ~]# curl http://192.168.10.12/login/
<h1>HTTP backend-web-server-1 192.168.10.12(login)</h1>
[root@Neo_Neo ~]# curl http://192.168.10.12/admin/
<h1>HTTP backend-web-server-1 192.168.10.12(admin)</h1>
2.4.2 用户对后端服务器(login 目录)进行访问
[root@Neo ~]# alias ipinfo='ifconfig | grep "inet 192" -B 1'
[root@Neo ~]# ipinfo
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
### 第一次进行访问时,不会命中缓存 ###
[root@Neo ~]# curl -I http://192.168.1.11/login/
HTTP/1.1 200 OK
Date: Wed, 09 Oct 2019 15:11:12 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 09 Oct 2019 15:03:04 GMT
ETag: "38-5947b94fa215b"
Accept-Ranges: bytes
Content-Length: 56
Content-Type: text/html; charset=UTF-8
X-Varnish: 26
Age: 0
Via: 1.1 varnish-v4
X-Cache: MISS via 192.168.1.11
Connection: keep-alive
### 第二次访问时,依旧无法命中缓存 ###
[root@Neo ~]# curl -I http://192.168.1.11/login/
HTTP/1.1 200 OK
Date: Wed, 09 Oct 2019 15:11:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 09 Oct 2019 15:03:04 GMT
ETag: "38-5947b94fa215b"
Accept-Ranges: bytes
Content-Length: 56
Content-Type: text/html; charset=UTF-8
X-Varnish: 32796
Age: 0
Via: 1.1 varnish-v4
X-Cache: MISS via 192.168.1.11
Connection: keep-alive
### 查看访问内容 ###
[root@Neo ~]# curl http://192.168.1.11/login/
<h1>HTTP backend-web-server-1 192.168.10.12(login)</h1>
2.4.3 用户对后端服务器(admin 目录)进行访问
[root@Neo ~]# alias ipinfo='ifconfig | grep "inet 192" -B 1'
[root@Neo ~]# ipinfo
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
### 第一次进行访问时,不会命中缓存 ###
[root@Neo ~]# curl -I http://192.168.1.11/admin/
HTTP/1.1 200 OK
Date: Wed, 09 Oct 2019 15:10:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 09 Oct 2019 15:03:47 GMT
ETag: "38-5947b97895005"
Accept-Ranges: bytes
Content-Length: 56
Content-Type: text/html; charset=UTF-8
X-Varnish: 32784
Age: 0
Via: 1.1 varnish-v4
X-Cache: MISS via 192.168.1.11
Connection: keep-alive
### 第二次访问时,依旧无法命中缓存 ###
[root@Neo ~]# curl -I http://192.168.1.11/admin/
HTTP/1.1 200 OK
Date: Wed, 09 Oct 2019 15:10:24 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Wed, 09 Oct 2019 15:03:47 GMT
ETag: "38-5947b97895005"
Accept-Ranges: bytes
Content-Length: 56
Content-Type: text/html; charset=UTF-8
X-Varnish: 20
Age: 0
Via: 1.1 varnish-v4
X-Cache: MISS via 192.168.1.11
Connection: keep-alive
### 查看访问内容 ###
[root@Neo ~]# curl http://192.168.1.11/admin/
<h1>HTTP backend-web-server-1 192.168.10.12(admin)</h1>
3、禁止使用 curl 命令进行访问
当然也可以禁止其它方式进行访问。
基本语法格式:
### (?i) 代表 不区分大小写 ###
sub vcl_recv {
if (req.http.User-Agent ~ "(?i)curl") {
return(synth(403));
}
}
3.1 绘制拓扑
3.2 varnish 服务器配置
[root@Neo_Neo varnish]# vim varnish.params
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_STORAGE="file,/data/varnish/cache,1G"
VARNISH_USER=varnish
VARNISH_GROUP=varnish
[root@Neo_Neo varnish]# ll /data/varnish/cache/ -d
drwxr-xr-x. 2 varnish varnish 6 Oct 9 10:22 /data/varnish/cache/
[root@Neo_Neo varnish]# vim default.vcl
vcl 4.0;
backend default {
.host = "192.168.10.12";
.port = "80";
}
sub vcl_recv {
if (req.http.User-Agent ~ "(?i)curl") {
return(synth(403));
}
if (req.url ~ "(?i)^/(login|admin)") {
return(pass);
}
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache = "HIT via " + server.ip;
} else {
set resp.http.X-Cache = "MISS via " + server.ip;
}
}
3.3 按 1.3 进行重载
3.4 用户进行访问
3.4.1 varnish 服务器对后端服务器进行访问
[root@Neo_Neo ~]# ipinfo
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.11 netmask 255.255.255.0 broadcast 192.168.1.255
--
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.11 netmask 255.255.255.0 broadcast 192.168.10.255
[root@Neo_Neo ~]# curl http://192.168.10.12
<h1>HTTP backend-web-server-1 192.168.10.12</h1>
3.4.2 使用 curl 进行访问(禁止访问)
[root@Neo ~]# alias ipinfo='ifconfig | grep "inet 192" -B 1'
[root@Neo ~]# ipinfo
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
### 访问时,被禁止 ###
[root@Neo ~]# curl http://192.168.1.11/
<!DOCTYPE html>
<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<h1>Error 403 Forbidden</h1>
<p>Forbidden</p>
<h3>Guru Meditation:</h3>
<p>XID: 46</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
3.4.3 使用 Chrome 进行访问(可正常访问)
4、修改请求报文格式(携带用户原IP地址,便于分析日志)
4.1 varnish 服务器配置并按 1.3 进行重载
[root@Tang varnish]# cat default.vcl
sub vcl_recv {
if (req.restarts == 0) {
if (req.http.X-Fowarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + "," + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
4.2 后端服务器的 httpd 的 log
### httpd.conf log 配置 ###
[root@Tang conf]# vim httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
### 日志 log ###
[root@Tang ~]# tail /var/log/httpd/access_log
192.168.100.101 - - [10/Oct/2019:22:08:27 -0400] "GET / HTTP/1.1" 200 48 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
192.168.100.101 - - [10/Oct/2019:22:08:28 -0400] "GET /favicon.ico HTTP/1.1" 404 209 "http://172.16.141.252/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
192.168.100.101 - - [10/Oct/2019:22:18:56 -0400] "GET / HTTP/1.1" 200 48 "-" "curl/7.47.0"
### httpd.conf log 配置 ###
[root@Tang conf]# vim httpd.conf
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
### 日志 log ###
### 包含了请求客户的 IP 地址和后端主机 IP 地址 ###
[root@Tang ~]# tail /var/log/httpd/access_log
172.16.141.199 192.168.100.101 - - [10/Oct/2019:22:21:19 -0400] "GET / HTTP/1.1" 200 48 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
172.16.141.199 192.168.100.101 - - [10/Oct/2019:22:27:33 -0400] "GET / HTTP/1.1" 200 48 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
172.16.141.199 192.168.100.101 - - [10/Oct/2019:22:27:33 -0400] "GET /favicon.ico HTTP/1.1" 404 209 "http://172.16.141.252/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
5、多个主机的情况下,不同主机的缓存不会交叉命中
5.1 varnish 服务器配置并按 1.3 进行重载
sub vcl_hash {
hash_data(req.url); # 从 根 开始的 URL
if (req.http.host) { # 不同主机的缓存不会交叉命中(主机只有一个的话,不需要此配置)
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (lookup);
}
[root@Tang varnish]# cat default.vcl
vcl 4.0;
import directors;
backend vhost1 {
.host = "192.168.100.101";
.port = "8080";
}
backend vhost2 {
.host = "192.168.100.102";
.port = "8080";
}
backend vhost3 {
.host = "192.168.100.103";
.port = "8080";
}
sub vcl_init {
new v = directors.round_robin();
v.add_backend(vhost1);
v.add_backend(vhost2);
v.add_backend(vhost3);
}
sub vcl_recv {
set req.backend_hint = v.backend();
}
sub vcl_recv {
if (req.restarts == 0) {
if (req.http.X-Fowarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + "," + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (lookup);
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache-Tang = "HIT via " + server.ip;
} else {
set resp.http.X-Cache-Tang = "MISS via " + server.ip;
}
}
5.2 用户在进行服务器访问时,同一 IP 的用户会一直命中同一后端主机
6、运用 purge 和 ban 修剪缓存
6.1 运用 purge 修剪缓存
因为 purge 是一个比较危险的操作,所以需要需要配置 ACL ,只允许部分地址段的 IP ,进行 purge 操作。
所以,我们的配置思路为:
- 先配置 ACL
- 在配置 VCL 时,引用 ACL
- 允许 PURGE 操作的,可以进行 OURGE 操作
- 不允许 PURGE 操作的,拒绝此操作,并回复相关页面
6.1.1 varnish 服务器配置并按 1.3 进行重载
基本语法说明:
acl purgers { # 定义一个 ACL ,名称为 purges
"127.0.0.1";
"172.16.141.0"/24;
}
sub vcl_recv {
if (req.method == "PURGE") { # 引用 ACL
if (!client.ip ~ purgers) {
return (synth(405, "Purging not allowed for " + client.ip));
}
return (purge);
}
}
varnishi 配置文件:
[root@Tang varnish]# cat default.vcl
vcl 4.0;
import directors;
backend vhost1 {
.host = "192.168.100.101";
.port = "8080";
}
backend vhost2 {
.host = "192.168.100.102";
.port = "8080";
}
backend vhost3 {
.host = "192.168.100.103";
.port = "8080";
}
sub vcl_init {
new v = directors.round_robin();
v.add_backend(vhost1);
v.add_backend(vhost2);
v.add_backend(vhost3);
}
sub vcl_recv {
set req.backend_hint = v.backend();
}
sub vcl_recv {
if (req.restarts == 0) {
if (req.http.X-Fowarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + "," + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
acl purgers {
"127.0.0.1";
"172.16.141.0"/24;
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purgers) {
return (synth(405, "Purging not allowed for " + client.ip));
}
return (purge);
}
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache-Tang = "HIT via " + server.ip;
} else {
set resp.http.X-Cache-Tang = "MISS via " + server.ip;
}
}
6.1.2 用户进行 purge 操作
### 第一次访问,无法命中缓存 ###
root@Neo:~# curl -I http://172.16.141.252
HTTP/1.1 200 OK
Date: Fri, 11 Oct 2019 03:08:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 10 Oct 2019 03:12:21 GMT
ETag: "30-59485c50d3bef"
Content-Length: 48
Content-Type: text/html; charset=UTF-8
X-Varnish: 163953
Age: 0
Via: 1.1 varnish-v4
X-Cache-Tang: MISS via 172.16.141.252
Connection: keep-alive
### 第二次访问,成功命中缓存 ###
root@Neo:~# curl -I http://172.16.141.252
HTTP/1.1 200 OK
Date: Fri, 11 Oct 2019 03:08:00 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 10 Oct 2019 03:12:21 GMT
ETag: "30-59485c50d3bef"
Content-Length: 48
Content-Type: text/html; charset=UTF-8
X-Varnish: 313 163954
Age: 2
Via: 1.1 varnish-v4
X-Cache-Tang: HIT via 172.16.141.252
Connection: keep-alive
### 携带请求方法 PURGE 进行缓存清除 ###
root@Neo:~# curl -X PURGE http://172.16.141.252
<!DOCTYPE html>
<html>
<head>
<title>200 Purged</title>
</head>
<body>
<h1>Error 200 Purged</h1>
<p>Purged</p>
<h3>Guru Meditation:</h3>
<p>XID: 315</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
### 再次访问,无法命中缓存 ###
root@Neo:~# curl -I http://172.16.141.252
HTTP/1.1 200 OK
Date: Fri, 11 Oct 2019 03:34:48 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 10 Oct 2019 03:12:49 GMT
ETag: "30-59485c6ba946e"
Content-Length: 48
Content-Type: text/html; charset=UTF-8
X-Varnish: 163956
Age: 0
Via: 1.1 varnish-v4
X-Cache-Tang: MISS via 172.16.141.252
Connection: keep-alive
### 再次访问,依旧能够成功命中缓存 ###
root@Neo:~# curl -I http://172.16.141.252
HTTP/1.1 200 OK
Date: Fri, 11 Oct 2019 03:34:48 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 10 Oct 2019 03:12:49 GMT
ETag: "30-59485c6ba946e"
Content-Length: 48
Content-Type: text/html; charset=UTF-8
X-Varnish: 317 163957
Age: 21
Via: 1.1 varnish-v4
X-Cache-Tang: HIT via 172.16.141.252
Connection: keep-alive
6.1.3 用户进行 purge 操作(不在 ACL 内的用户)
### 修改 vcl 配置文件 ###
acl purgers {
"127.0.0.1";
# "172.16.141.0"/24;
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purgers) {
return (synth(405, "Purging not allowed for " + client.ip));
}
return (purge);
}
}
### 用户进行 PURGE 操作 ###
### 回复界面,就是在 vcl 配置的合成界面 ###
root@Neo:~# curl -X PURGE http://172.16.141.252
<!DOCTYPE html>
<html>
<head>
<title>405 Purging not allowed for 172.16.141.209</title>
</head>
<body>
<h1>Error 405 Purging not allowed for 172.16.141.209</h1>
<p>Purging not allowed for 172.16.141.209</p>
<h3>Guru Meditation:</h3>
<p>XID: 163959</p>
<hr>
<p>Varnish cache server</p>
</body>
</html>
6.2、运用 ban 修剪缓存
6.2.1 ban 语法格式(需要在 varnishadm 下进行 ban 操作)
# 运用 ban 清除正则表达式匹配到的缓存(以 /javascripts 开头的 URL)
varnish> ban req.url ~ ^/javascripts
200
# 运用 ban 清除正则表达式匹配到的缓存(以 .js 结尾的 URL)
varnish> ban req.url ~ .js$
200
# 清除全部缓存
varnish> ban req.url == /
200
# 清除访问 neotang.com 的全部缓存
varnish> ban req.url == / && req.http.host ~ "neotang.com"
200
# 清除主机 172.16.0.6 且 url 是 /javascripts/test.js 的缓存
varnish> ban req.http.host == 172.16.0.6 && req.url == /javascripts/test.js
200
6.2.2 ban 应用示例
-
客户端进行 test.js 内容访问,第一次访问,没有缓存
root@Neo:~# curl -I http://172.16.141.252/test.js HTTP/1.1 200 OK Date: Fri, 11 Oct 2019 07:22:42 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Fri, 11 Oct 2019 04:15:17 GMT ETag: "5-5949ac402c30b" Content-Length: 5 Content-Type: application/javascript X-Varnish: 337 Age: 0 Via: 1.1 varnish-v4 X-Cache-Tang: MISS via 172.16.141.252 Connection: keep-alive -
客户端进行 test.js 内容访问,第二次访问,命中缓存
root@Neo:~# curl -I http://172.16.141.252/test.js HTTP/1.1 200 OK Date: Fri, 11 Oct 2019 07:22:42 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Fri, 11 Oct 2019 04:15:17 GMT ETag: "5-5949ac402c30b" Content-Length: 5 Content-Type: application/javascript X-Varnish: 163979 338 Age: 2 Via: 1.1 varnish-v4 X-Cache-Tang: HIT via 172.16.141.252 Connection: keep-alive -
在 varnishadm 下进行缓存清除( .js 结尾的缓存进行清除)
varnish> ban req.url ~ .js$ 200 -
客户端再次进行 test.js 内容访问,无法命中缓存,缓存被清除符合预期
root@Neo:~# curl -I http://172.16.141.252/test.js HTTP/1.1 200 OK Date: Fri, 11 Oct 2019 07:25:07 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Fri, 11 Oct 2019 04:15:17 GMT ETag: "5-5949ac402bf23" Content-Length: 5 Content-Type: application/javascript X-Varnish: 163981 Age: 0 Via: 1.1 varnish-v4 X-Cache-Tang: MISS via 172.16.141.252 Connection: keep-alive -
客户端再次进行 test.js 内容访问,命中缓存
root@Neo:~# curl -I http://172.16.141.252/test.js HTTP/1.1 200 OK Date: Fri, 11 Oct 2019 07:25:07 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Fri, 11 Oct 2019 04:15:17 GMT ETag: "5-5949ac402bf23" Content-Length: 5 Content-Type: application/javascript X-Varnish: 98319 163982 Age: 37 Via: 1.1 varnish-v4 X-Cache-Tang: HIT via 172.16.141.252 Connection: keep-alive -
运用 ban 再次进行缓存清除
varnish> ban req.http.host == 172.16.141.252 200 -
客户端再次进行访问,无法命中缓存
root@Neo:~# curl -I http://172.16.141.252/test.js HTTP/1.1 200 OK Date: Fri, 11 Oct 2019 07:46:15 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Fri, 11 Oct 2019 04:15:17 GMT ETag: "5-5949ac402bf23" Content-Length: 5 Content-Type: application/javascript X-Varnish: 98321 Age: 0 Via: 1.1 varnish-v4 X-Cache-Tang: MISS via 172.16.141.252 Connection: keep-alive
7、多个后端主机配置
配置思路:
- 定义后端主机
- 定义后端主机的集群服务,并指定调度方式
- 引用后端主机的集群服务名称
配置语法:
import directors; # load the directors
backend server1 {
.host =
.port =
}
backend server2 {
.host =
.port =
}
sub vcl_init {
new GROUP_NAME = directors.round_robin();
GROUP_NAME.add_backend(server1);
GROUP_NAME.add_backend(server2);
}
sub vcl_recv {
# send all traffic to the bar director:
set req.backend_hint = GROUP_NAME.backend();
}
7.1 后端主机配置(一个主机配置多个虚拟主机)
7.1.1 后端主机的 httpd 的 conf 文件配置
[root@Tang conf]# cat /etc/httpd/conf.d/test.conf
<VirtualHost 192.168.100.101:8080>
ServerName 192.168.100.101
DocumentRoot "/data/web/vhost1"
<Directory "/data/web/vhost1">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.100.102:8080>
ServerName 192.168.100.102
DocumentRoot "/data/web/vhost2"
<Directory "/data/web/vhost2">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.100.103:8080>
ServerName 192.168.100.103
DocumentRoot "/data/web/vhost3"
<Directory "/data/web/vhost3">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
7.1.2 验证后端主机的各个虚拟主机
[root@Tang conf]# for i in {1..3}; do cat /data/web/vhost$i/index.html; done;
<h1>Backend Http-Server-01 192.168.100.101</h1>
<h1>Backend Http-Server-02 192.168.100.102</h1>
<h1>Backend Http-Server-03 192.168.100.103</h1>
[root@Tang conf]# for i in {1..3}; do curl http://192.168.100.10$i; done
<h1>Backend Http-Server-01 192.168.100.101</h1>
<h1>Backend Http-Server-02 192.168.100.102</h1>
<h1>Backend Http-Server-03 192.168.100.103</h1>
7.2 varnish 服务器配置并按 1.3 进行重载
[root@Tang varnish]# cat default.vcl
vcl 4.0;
import directors;
backend vhost1 {
.host = "192.168.100.101";
.port = "8080";
}
backend vhost2 {
.host = "192.168.100.102";
.port = "8080";
}
backend vhost3 {
.host = "192.168.100.103";
.port = "8080";
}
sub vcl_init {
new v = directors.round_robin();
v.add_backend(vhost1);
v.add_backend(vhost2);
v.add_backend(vhost3);
}
sub vcl_recv {
set req.backend_hint = v.backend();
}
sub vcl_recv {
if (req.restarts == 0) {
if (req.http.X-Fowarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + "," + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
acl purgers {
"127.0.0.1";
"172.16.141.0"/24;
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purgers) {
return (synth(405, "Purging not allowed for " + client.ip));
}
return (purge);
}
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache-Tang = "HIT via " + server.ip;
} else {
set resp.http.X-Cache-Tang = "MISS via " + server.ip;
}
}
7.3 用户进行访问
使用一台用户主机进行访问,访问步骤:
- 进行 http 访问
- 缓存清除
- 再次进行 http 访问,看后端主机是否变化
- 缓存清除
- 再次进行 http 访问,看后端主机是否变化
### 通过访问,发现 varnish 服务器在轮流把请求发往后端主机 ###
root@Neo:~# curl http://172.16.141.252
<h1>Backend Http-Server-01 192.168.100.101</h1>
root@Neo:~# curl -X PURGE http://172.16.141.252 > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 238 100 238 0 0 114k 0 --:--:-- --:--:-- --:--:-- 232k
root@Neo:~# curl http://172.16.141.252
<h1>Backend Http-Server-02 192.168.100.102</h1>
root@Neo:~# curl -X PURGE http://172.16.141.252 > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 238 100 238 0 0 112k 0 --:--:-- --:--:-- --:--:-- 232k
root@Neo:~# curl http://172.16.141.252
<h1>Backend Http-Server-03 192.168.100.103</h1>
7.4 后端主机的健康状态检测配置
7.4.1 varnish 服务器配置并按 1.3 进行重载
[root@Tang varnish]# cat default.vcl
vcl 4.0;
import directors;
# 检测 .healthcheck.html 是否能正常访问,访问五次,有四次成功,说明状态健康 #
# 超时时间 1s, 检测间隔时间为 2s #
probe check {
.url = "/.healthcheck.html";
.timeout = 1s;
.window = 5;
.threshold = 4;
.interval = 2s;
}
backend vhost1 {
.host = "192.168.100.101";
.port = "8080";
.probe = check;
}
backend vhost2 {
.host = "192.168.100.102";
.port = "8080";
.probe = check;
}
backend vhost3 {
.host = "192.168.100.103";
.port = "8080";
.probe = check;
}
sub vcl_init {
new v = directors.round_robin();
v.add_backend(vhost1);
v.add_backend(vhost2);
v.add_backend(vhost3);
}
sub vcl_recv {
set req.backend_hint = v.backend();
}
sub vcl_recv {
if (req.restarts == 0) {
if (req.http.X-Fowarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + "," + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
acl purgers {
"127.0.0.1";
"172.16.141.0"/24;
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purgers) {
return (synth(405, "Purging not allowed for " + client.ip));
}
return (purge);
}
}
sub vcl_backend_response {
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache-Tang = "HIT via " + server.ip;
} else {
set resp.http.X-Cache-Tang = "MISS via " + server.ip;
}
}
7.4.2 httpd 服务器配置
[root@Tang conf]# for i in {1..3}; do echo "I am Healthy" > /data/web/vhost$i/.healthcheck.html; done;
[root@Tang conf]# for i in {1..3}; do cat /data/web/vhost$i/.healthcheck.html; done;
I am Healthy
I am Healthy
I am Healthy
7.4.3 varnishadm 查看后端服务器的状态
varnish> backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Healthy 5/5
7.4.4 手动 down 掉一个 IP 地址(有一个后端主机状态为 sick)
[root@Tang ~]# ifconfig enp1s0:3 192.168.100.103 down
varnish> backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Sick 3/5
varnish> backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Sick 0/5
7.4.5 手动 up 后,在查看状态(检测四次成功后,状态变为 healthy)
varnish> backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Sick 0/5
backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Sick 1/5
backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Sick 2/5
backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Sick 3/5
backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Healthy 4/5
backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Healthy 5/5
7.4.6 手动设置状态示例
varnish> backend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 probe Healthy 5/5
varnish> backend.set_health vhost3 sick
200
varnish> backend.set_healtlist
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 sick Healthy 5/5
varnish> backend.set_health vhost3 healthy
200
varnish> backend.sbackend.list
200
Backend name Refs Admin Probe
default(192.168.100.100,,8080) 3 probe Healthy (no probe)
vhost1(192.168.100.101,,8080) 9 probe Healthy 5/5
vhost2(192.168.100.102,,8080) 9 probe Healthy 5/5
vhost3(192.168.100.103,,8080) 9 healthy Healthy 5/5
1203
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
