1、工作原理
在当前主流的Web服务架构体系中,Cache担任着越来越重要的作用。常见的基于浏览器的C/S架构,Web Cache更是节约服务器资源的关键。而最近几年由FreeBSD创始人之一Kamp开发的varnish更是一个不可多得的Web Cache Server。严格意义上说,Varnish是一个高性能的反向代理软件,只不过与其出色的缓存功能相比,企业更愿意使用其搭建缓存服务器。同时,由于其工作在Web Server的前端,有一部分企业已经在生产环境中使用其作为旧版本的squid的替代方案,以在相同的服务器成本下提供更好的缓存效果,Varnish更是作为CDN缓存服务器的可选服务之一。
Varnish主要有以下几点特性:
1.缓存位置:可以使用内存也可以使用磁盘。如果要使用磁盘的话推荐SSD做RAID1
2.日志存储:日志也存储在内存中。存储策略:固定大小,循环使用
3.支持虚拟内存的使用。
4.有精确的时间管理机制,即缓存的时间属性控制。
5.状态引擎架构:在不同的引擎上完成对不同的缓存和代理数据进行处理。可以通过特定的配置语言设计不同的控制语句,以决定数据在不同位置以不同方式缓存。类似于netfilter中的钩子,在特定的地方对经过的报文进行特定规则的处理。
6.缓存管理:以二叉堆格式管理缓存数据,做到数据的及时清理。
摘自: http://blog.51cto.com/12205781/2049222
2、Keepalived + Haproxy + Varnish + LNMP 实战
2.1、架构拓扑
2.2、设备列表
|
Name |
IP |
Role |
remark |
|
Node01 |
192.168.1.233, vip:192.168.1.100 |
Haproxy master |
Keepalived |
|
Node02 |
192.168.1.111, vip:192.168.1.100 |
Haproxy backup |
Keepalived |
|
Node03 |
192.168.1.178 |
Varnish |
agency |
|
Node04 |
192.168.1.242 |
Web |
Lnmp |
|
Node05 |
192.168.1.128 |
Web |
Lnmp |
2.3、服务安装
2.3.1、Node4,Node5 上安装LNMP服务
rpm –ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm yum -y install nginx mariadb-server php-fpm php-mysql
优化nginx配置
vim /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on; #启动高效传输文件的模式
tcp_nopush on; #包累计到一定大小后发送
tcp_nodelay on; #开启 关闭延迟发送
keepalive_timeout 60; #设定保持长连接超时时长
client_header_timeout 10; #设置请求头的超时时间
client_body_timeout 10; #设置请求体的超时时间
reset_timedout_connection on; #告诉nginx关闭不响应的客户端连接
send_timeout 10; #响应客户端超时时间,这个超时时间仅限于两个活动之间的时间,如果超过这个时间,客户端没有任何活动,nginx关闭连接
#limit_conn_zone $binary_remote_addr zone=addr:5m;
#limit_conn addr 100;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
vim /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name website.com;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
检查语法配置与启动服务
ngint -t
systemctl restart nginx
查看系统文件描述符数量
ulimit -n
修改
ulimit -n 65535
修改php-fpm
vim /etc/php.ini
date.timezone = Asia/Shanghai
short_open_tag = On #允许短标签, php语法中可用短标签
启动服务
systemctl start nginx
systemctl start mariadb
systemctl start php-fpm
systemctl enable nginx
systemctl enable mariadb
systemctl enable php-fpm
2.3.2、node01,node02 haproxy & keepalived服务安装
yum install haproxy -y
yum install keepalived -y
配置haproxy, (frontend , backend , listen)
vim /etc/haproxy/haproxy.cfg
frontend web
bind *:80
default_backend varnish-server
backend varnish-server
balance roundrobin
server varnishserver 192.168.1.178:6081 check inter 3000 rise 3 fall 5
listen admin
bind :9527
stats enable
stats uri /haproxyadmin
stats auth admin:admin
stats refresh 20s
stats admin if TRUE
启动服务
systemctl start haproxy
systemctl enable haproxy
配置keepalived
node01
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keepalived_haproxy
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
fall 2
rise 2
weight -4
}
vrrp_instance VI_1 {
state MASTER
interface enp0s8
virtual_router_id 170
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass keer
}
virtual_ipaddress {
192.168.1.100
}
track_script {
chk_haproxy
}
node02 修改对应 state,priority,
启动服务
systemctl start keepalived
systemctl enable keepalived
2.3.3 node03 varnish配置
yum install epel-release
yum install varnish –y
修改配置文件
vim /etc/varnish/varnish.params #进程配置文件
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_STORAGE="file,/data/cache,1G" # 缓存在本地磁盘
vim /etc/varnish/default.vcl #总配置文件
①定义一个健康监测:
vcl 4.0; #指定版本 import directors; #加载后端的轮询模块
probe backend_healthcheck { #设置名为backend_healthcheck的健康监测
.url = "/index.html";
.window = 5;
.threshold = 2;
.interval = 3s;
.timeout = 1s;
}
② 设置后端server:
backend web1 {
.host = "192.168.1.242"; #node04 ip
.port = "80";
.probe = backend_healthcheck;
}
backend web2 {
.host = "192.168.1.128"; #node05 ip
.port = "80";
.probe = backend_healthcheck;
}
③ 配置后端集群事件:
sub vcl_init {
new img_cluster = directors.round_robin();
img_cluster.add_backend(web1);
img_cluster.add_backend(web2);
}
acl purgers { # 定义可访问来源IP,权限控制
"127.0.0.1";
"192.168.0.0"/16;
}
sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. if (req.method == "GET" && req.http.cookie) { return(hash); //处理完recv 引擎,给下一个hash引擎处理 } if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "PURGE" && req.method != "DELETE") { return (pipe); #除了上边的请求头部,通过通道直接扔后端的pass } if (req.url ~ "index.php") { return(pass); } if (req.method == "PURGE") { #PURGE请求的处理的头部,清缓存 if (client.ip ~ purgers) { return(purge); } } if (req.http.X-Forward-For) { #为发往后端主机的请求添加X-Forward-For首部 set req.http.X-Forward-For = req.http.X-Forward-For + "," + client.ip; }
else { set req.http.X-Forward-For = client.ip; } return(hash); }
sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. if (bereq.url ~ ".(jpg|jpeg|gif|png)$") { set beresp.ttl = 30d; } if (bereq.url ~ ".(html|css|js)$") { set beresp.ttl = 7d; } if (beresp.http.Set-Cookie) { #定义带Set-Cookie首部的后端响应不缓存,直接返回给客户端 set beresp.grace = 30m; return(deliver); } }
sub vcl_deliver { # Happens when we have all the pieces we need, and are about to send the # response to the client. # # You can do accounting or modifying the final object here. if (obj.hits > 0) { #为响应添加X-Cache首部,显示缓存是否命中 set resp.http.X-Cache = "HIT from " + server.ip; }
else { set resp.http.X-Cache = "MISS"; } unset resp.http.X-Powered-By; #取消显示php框架版本的header头 unset resp.http.Via; #取消显示varnish的header头 unset resp.http.Server; unset resp.http.X-Drupal-Cache; unset resp.http.Link; unset resp.http.X-Varnish; }
sub vcl_hash { hash_data(req.url); }
启动服务
service varnish start
service enable start
测试
Varnish服务器上查看
varnishstat
