centos7下安装varnish并配置ssl

已于 2022-09-19 18:25:14 修改
阅读量854 收藏
点赞数
分类专栏: magento优化 文章标签: linux 服务器 centos
于 2022-08-30 08:53:50 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yuanzelin8/article/details/126585038
版权

需求:magento2下配置varnish缓存

准备工作

yum -y update

[root@localhost yum.repos.d]# cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)

nignx已安装好

安装varnish

yum -y install varnish

[root@localhost yum.repos.d]# varnishd -V
varnishd (varnish-4.0.5 revision 07eff4c29)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2014 Varnish Software AS


配置varnish

vi /etc/varnish/varnish.params

varnish.params文件:

VARNISH_LISTEN_PORT=8081

# Varnish environment configuration description. This was derived from
# the old style sysconfig/defaults settings

# Set this to 1 to make systemd reload try to switch VCL without restart.
RELOAD_VCL=1

# Main configuration file. You probably want to change it.
VARNISH_VCL_CONF=/etc/varnish/default.vcl

# Default address and port to bind to. Blank address means all IPv4
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
# quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=192.168.1.5
#VARNISH_LISTEN_PORT=6081
VARNISH_LISTEN_PORT=8081

# Admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082

# Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret

# Backend storage specification, see Storage Types in the varnishd(5)
# man page for details.
VARNISH_STORAGE="malloc,1G"

# User and group for the varnishd worker processes
VARNISH_USER=varnish
VARNISH_GROUP=varnish

# Other options, see the man page varnishd(1)
#DAEMON_OPTS="-p thread_pool_min=50 -p thread_pool_max=5000 -p thread_pool_timeout=300"

vi /etc/varnish/default.vcl

vcl 4.0;

import std;
# The minimal Varnish version is 4.0
# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'

backend default {
    .host = "127.0.0.1";
    .port = "8080";
    .connect_timeout = 4s;
    .first_byte_timeout = 5s;
    .between_bytes_timeout = 20s;
}

acl purge {
    "127.0.0.1";
    "localhost"
}

sub vcl_recv {
    if (req.url ~ "(jpg|jpeg|png|gif|tiff|bmp)$") {
        return (pipe);
    }
    if (req.method == "PURGE") {
        if (client.ip !~ purge) {
            return (synth(405, "Method not allowed"));
        }
        if (!req.http.X-Magento-Tags-Pattern) {
            return (synth(400, "X-Magento-Tags-Pattern header required"));
        }
        ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
        return (synth(200, "Purged"));
    }

    if (req.method != "GET" &&
        req.method != "HEAD" &&
        req.method != "PUT" &&
        req.method != "POST" &&
        req.method != "TRACE" &&
        req.method != "OPTIONS" &&
        req.method != "DELETE") {
          /* Non-RFC2616 or CONNECT which is weird. */
          return (pipe);
    }

    # We only deal with GET and HEAD by default
    if (req.method != "GET" && req.method != "HEAD") {
        return (pass);
    }

    # Bypass shopping cart, checkout and search requests
    if (req.url ~ "/checkout" || req.url ~ "/catalogsearch") {
        return (pass);
    }

    # normalize url in case of leading HTTP scheme and domain
    set req.url = regsub(req.url, "^http[s]?://", "");

    # collect all cookies
    std.collect(req.http.Cookie);

    # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
    if (req.http.Accept-Encoding) {
        if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
            # No point in compressing these
            unset req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            # unkown algorithm
            unset req.http.Accept-Encoding;
        }
    }

    # Remove Google gclid parameters to minimize the cache objects
    set req.url = regsuball(req.url,"\?gclid=[^&]+$",""); # strips when QS = "?gclid=AAA"
    set req.url = regsuball(req.url,"\?gclid=[^&]+&","?"); # strips when QS = "?gclid=AAA&foo=bar"
    set req.url = regsuball(req.url,"&gclid=[^&]+",""); # strips when QS = "?foo=bar&gclid=AAA" or QS = "?foo=bar&gclid=AAA&bar=baz"

    # static files are always cacheable. remove SSL flag and cookie
        if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") {
        unset req.http.Https;
        unset req.http.X-Forwarded-Proto;
        unset req.http.Cookie;
    }

    return (hash);
}

sub vcl_hash {
    if (req.http.cookie ~ "X-Magento-Vary=") {
        hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
    }

    # For multi site configurations to not cache each other's content
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }

    # To make sure http users don't see ssl warning
    if (req.http.X-Forwarded-Proto) {
        hash_data(req.http.X-Forwarded-Proto);
    }

}

sub vcl_backend_response {
    if (beresp.http.content-type ~ "text") {
        set beresp.do_esi = true;
    }

    if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
        set beresp.do_gzip = true;
    }

    # cache only successfully responses and 404s
    if (beresp.status != 200 && beresp.status != 404) {
        set beresp.ttl = 0s;
        set beresp.uncacheable = true;
        return (deliver);
    } elsif (beresp.http.Cache-Control ~ "private") {
        set beresp.uncacheable = true;
        set beresp.ttl = 86400s;
        return (deliver);
    }

    if (beresp.http.X-Magento-Debug) {
        set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
    }

    # validate if we need to cache it and prevent from setting cookie
    # images, css and js are cacheable by default so we have to remove cookie also
    if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
        unset beresp.http.set-cookie;
        if (bereq.url !~ "\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)(\?|$)") {
            set beresp.http.Pragma = "no-cache";
            set beresp.http.Expires = "-1";
            set beresp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
            set beresp.grace = 1m;
        }
    }

   # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
   if (beresp.ttl <= 0s ||
        beresp.http.Surrogate-control ~ "no-store" ||
        (!beresp.http.Surrogate-Control && beresp.http.Vary == "*")) {
        # Mark as Hit-For-Pass for the next 2 minutes
        set beresp.ttl = 120s;
        set beresp.uncacheable = true;
    }
    return (deliver);
}

sub vcl_deliver {
    if (resp.http.X-Magento-Debug) {
        if (resp.http.x-varnish ~ " ") {
            set resp.http.X-Magento-Cache-Debug = "HIT";
        } else {
            set resp.http.X-Magento-Cache-Debug = "MISS";
        }
    } else {
        unset resp.http.Age;
    }

    unset resp.http.X-Magento-Debug;
    unset resp.http.X-Magento-Tags;
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.X-Varnish;
    unset resp.http.Via;
    unset resp.http.Link;
}

配置nginx站点

upstream fastcgi_backend {
  server   unix:/run/php/php7.3-fpm.sock;
}

server
{
    listen 8080;
    server_name test.xx.net;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/test.xx.net;

    #PHP-INFO-START  PHP引用配置,可以注释或修改
    include enable-php-73.conf;
    #PHP-INFO-END

    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/test.xx.net.conf;
    #REWRITE-END
    
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log /dev/null;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log /dev/null;
        access_log /dev/null;
    }
    access_log  /www/wwwlogs/test.xx.net.log;
    error_log  /www/wwwlogs/test.xx.net.error.log;
}


server
{
    
		listen 443 ssl http2;
    server_name test.xx.net;
    #index index.php index.html index.htm default.php default.htm default.html;
    #root /www/wwwroot/test.xx.net;

    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate    /www/server/panel/vhost/cert/test.xx.net/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/test.xx.net/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;
		#SSL-END

    location / {
        proxy_pass http://127.0.0.1:8081;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Ssl-Offloaded "1";
        proxy_set_header      X-Forwarded-Proto https;
        proxy_set_header      X-Forwarded-Port 443;
        #proxy_hide_header X-Varnish;
        #proxy_hide_header Via;
        proxy_set_header X-Forwarded-Proto $scheme;

    }
    
}

加入开机启动

systemctl start   varnish
systemctl enable  varnish 

 进行测试

systemctl restart varnish.service
systemctl restart nginx.service

注意:vi /etc/varnish/default.vcl 中把最后几行先注释再进行调试

#    unset resp.http.X-Magento-Debug;
#    unset resp.http.X-Magento-Tags;
#    unset resp.http.X-Powered-By;
#    unset resp.http.Server;
#    unset resp.http.X-Varnish;
#    unset resp.http.Via;
#    unset resp.http.Link;

curl -I http://127.0.0.1:8081  进行测试

当没有从缓存里命中时,会出现以下提示(没有命中缓存,则X-varnish后面数字为单组数字):

HTTP/1.1 302 Found
Server: Tengine
Date: Mon, 19 Sep 2022 10:09:50 GMT
Content-Type: text/html; charset=UTF-8
Set-Cookie: PHPSESSID=4296unf712v56ffuonr5hs8hje; expires=Tue, 20-Sep-2022 10:09:50 GMT; Max-Age=86400; path=/; domain=127.0.0.1; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://www.xxx.com/us/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
X-Varnish: 5
Via: 1.1 varnish-v4
Connection: keep-alive

命中时为双数组:

HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 19 Sep 2022 10:19:03 GMT
Content-Type: text/html; charset=UTF-8
Last-Modified: Mon, 19 Sep 2022 10:00:46 GMT
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
ETag: W/"63283dce-14"
X-Varnish: 17 32780
Via: 1.1 varnish-v4
Connection: keep-alive

配置Varnish+SSL · Magento2实战 · 看云

yuanzelin8
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Centos7安装给Apache服务安装配置SSL证书
01-07
一、目标 在Centos7.6平台下使用openssl给apache做自签名证书,并给apache设置HTTPS的SSL证书。(无坑版) 二、平台 [[email protected] ~]# uname -r 3.10.0-957.el7.x86_64 [[email protected] ~]# cat /etc/redhat-release  CentOS Linux release 7.6.1810 (Core)  [[email protected] ~]# rpm -qa |grep httpd httpd-tools-2.4.6-90.el7.centos.x86_64 httpd-2.4.6-9
基于Centos7 部署Varnish缓存代理服务器
09-14
主要介绍了基于Centos7 部署Varnish缓存代理服务器,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
CentOS 7 安装配置 MySQL 5.6的步骤详解
09-09
主要介绍了CentOS 7 安装配置 MySQL 5.6的步骤,本文分步骤给大家介绍的非常详细,具有一定的参考借鉴价值 ,需要的朋友可以参考下
centOS7下Spark安装配置教程详解
09-15
主要介绍了centOS7下Spark安装配置教程详解,非常不错,具有一定的参考借鉴价值,需要的朋友可以参考下
CentOS7下 Apache的安装配置方法
09-15
前些天安装了Nginx,为了好玩我就又安装Apache,Apache的安装还算顺利。在此做一下学习记录和经验分享,需要的朋友可以参考下
如何在CentOS 7上安装Varnish Cache
从零开始的教程世界
07-19 497
Varnish cache is a free and opensource high-performance HTTP accelerator used to speed up the rate at which web servers serve web pages. Varnish缓存是一种免费的开源高性能HTTP加速器,用于加快Web服务器为网页提供服务的速度。 The cache sa...
Ubuntu Apache varnish 加速magento网站
CyrusZhou的专栏
12-22 302
1、安装Varnish sudo apt install varnish 2、配置文件 1)创建 /etc/supervisor/conf.d/varnish.conf 配置文件 supervisor安装说明参考supervisor 守护 ElasticSearch 进程 [program:varnish] command=/usr/sbin/varnishd -j unix,user=vcache -a :80 -T localhost:6081 -f /etc/varnish/defa.
varnish缓存代理配置
weixin_47019016的博客
07-31 649
varnish介绍一级标题二级标题三级标题四级标题五级标题六级标题 一级标题 二级标题 三级标题 四级标题 五级标题 六级标题
centos7varnish4.1.10的安装配置
FlyAway的博客
08-24 1571
本文会在新的centos7系统下安装varnish 软件,所遇到的问题都会在此处给记录下来,希望能给学习varnish的各位提供一点帮助。 1.yum install 报错 :大致就是刚安装centos,没有配置dns 解决方案: 1. cd etc/sysconfig/network-scripts/ 2. vi ifcfg-ens33 3.修改ONBOOT 和 NM_CO...
Varnish安装教程
chenc梧高的博客
03-10 501
文章目录1、Varnish的介绍2、端口和官网3、varnish 特点:1) 缓存方式:2) ACL4、varnish安装1)安装依赖包2)上传安装包并解压3)进入目录并编译安装4)检查版本及启动 1、Varnish的介绍 Varnish是一款高性能的开源HTTP加速器,挪威最大的在线报纸 Verdens Gang (http://www.vg.no) 使用3台Varnish代替了原来的12台s...
Centos7安装MongoDB
08-24
Centos7安装MongoDB
使用varnish为网站加速
菜鸟、上路
08-01 710
一、 varnish概述 Varnish是一款高性能的开源HTTP加速器,挪威最大的在线报纸 Verdens Gang (http://www.vg.no) 使用3台Varnish代替了原来的12台squid,性能居然比以前更好。 Varnish 的作者Poul-Henning Kamp是FreeBSD的内核开发者之一,他认为现在的计算机比起1975年已经复杂许多。在1975年时,储存媒介只有两种...
Varnish安装及简单操作
syz1985的博客
11-13 224
Varnish是一个web应用加速器,也称为反向代理服务器 client-----------------> proxy( varnish缓存)----------------> web1 安装操作: 安装软件依赖包 [root@proxy ~]# yum -y install gcc readline-devel [root@proxy ~]# yum -y install ...
代理服务器Nginx/Varnish/HAProxy对比
撸起袖子加油干
02-25 662
今天给大家带来的是Nginx/Varnish/HAProxy这三款开源代理服务器软件的区别,以及什么样的场景使用哪款软件;哪个软件能够支撑高可用,高并发,还要好维护,运维和网络管理员如何从这些方案中选择一个适合的代理服务器解决方案。 下面我们就来看这三种代理服务器的基本资料,然后对比异同。 关于代理服务器 代理服务器的位置是后端服务的前端,用来负载流量,分配资源,以及解决安全攻击等问题,比如DDOS,并且支持Web应用的高可用。 Varnish Varnish是一款反向HTTP代理服务器,提供
centosvarnish安装
每天积累一点,一年后你会发现,自己变化很大
06-19 1893
1,下载安装包,并修改文件名 wget http://sourceforge.net/projects/varnish/files/latest/download tar zxvf download cd varnish-2.1.3 2,安装相关组件pcre yum install pcre 3,设置环境变量 export PKG_CONFIG_PATH=/usr/local/lib/pkgcon
【SRE】【varnishvarnish离线安装实录
algebra007的博客
11-12 555
Varnish是高性能开源的反向代理服务器和HTTP缓存服务器,记录离线部署过程
代理服务(2):Varnish_反向代理
向上的信念
04-16 813
1、vainish的作用和特点 1)作用 对访问用户进行缓存 支持反向代理 配置针对web服务器的负载均衡 2)特点 占用内存空间小 比squid处理速度快 稳定性强 如图所示: [root@vatnish ~]# sysctl -p net.ipv4.ip_forward = 1 2、安装varnish 1)安装依赖程序 [root@varnish ~]# wget -O /etc/yum.r...
基于Centos 7 部署Varnish缓存代理服务器
看清所以看轻
01-15 490
博文大纲: 一、varnish简介 二、Varnish 如何工作 三、部署varnish缓存服务器 一、varnish简介 Varnish是高性能开源的反向代理服务器和HTTP缓存服务器,其功能与Squid服务器相似,都可以用来做HTTP缓存。可以安装 varnish 在任何web前端,同时配置它缓存内容。与传统的 squid 相比,varnish 具有性能更高、速度更快、管理更加方便等诸多优...
linux varnish服务安装及不同域名 以及VCL的介绍
weixin_33904756的博客
02-14 178
环境需要三台服务器 一台作为varnish服务另外两台作为web服务 关闭防火墙 systemctl stop firewalld setenforce 0 首先下载epel源 yum install epel-release -y 再安装varnish yum -y install varnish 创建一个varnish程序用户 useradd -M -s /sbin/no...
centos7yum安装nginx并配置
最新发布
07-28
你可以按照以下步骤在CentOS 7上安装Nginx并进行配置: 1. 打开终端并使用root用户登录服务器。 2. 更新系统软件包列表: ``` yum update ``` 3. 使用以下命令安装Nginx: ``` yum install epel-release yum install nginx ``` 4. 安装完成后,使用以下命令启动Nginx服务: ``` systemctl start nginx ``` 5. 在防火墙上开放HTTP和HTTPS访问: ``` firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload ``` 6. 配置Nginx的默认站点。打开默认站点配置文件: ``` vi /etc/nginx/conf.d/default.conf ``` 7. 在打开的文件中,可以根据需要进行配置更改,例如更改默认网站的根目录、添加服务器名称等。保存并关闭文件。 8. 重新加载Nginx配置: ``` nginx -s reload ``` 现在,你已经成功安装配置了Nginx。你可以通过在Web浏览器中输入服务器的IP地址或域名来访问Nginx默认网站。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值