转载了峰哥的劳动成果!!!
一、 Nginx 反向代理
1、 安装条件:
Nginx: http://sysoev.ru/nginx/nginx-0.6.32.tar.gz
SSL: http://www.openssl.org/source/openssl-0.9.8g.tar.gz
Pcre: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz
Zlib: http://www.zlib.net/zlib-1.2.3.tar.gz
2、 安装:
l Ssl安装:
[root@RedhatAS4U4-Oracle oracle]# tar -zxvf openssl-0.9.8g.tar.gz
[root@RedhatAS4U4-Oracle oracle]# cd openssl-0.9.8g
[root@RedhatAS4U4-Oracle openssl-0.9.8g]#./config --prefix=/usr/local/openssl/
[root@RedhatAS4U4-Oracle openssl-0.9.8g]# make
[root@RedhatAS4U4-Oracle openssl-0.9.8g]# make install
l Pcre 安装:
[root@RedhatAS4U4-Oracle oracle]# tar -zxvf pcre-7.7.tar.gz
[root@RedhatAS4U4-Oracle oracle]# cd pcre-7.7
[root@RedhatAS4U4-Oracle pcre-7.7]# ./configure --prefix=/usr/local/pcre
[root@RedhatAS4U4-Oracle pcre-7.7]# make
[root@RedhatAS4U4-Oracle pcre-7.7]# make install
Make 时报错:
libtool: ignoring unknown tag CXX
libtool: unrecognized option `-DHAVE_CONFIG_H'
Try `libtool --help' for more information.
make[1]: *** [pcrecpp.lo] Error 1
make[1]: Leaving directory `/home/beijing/pcre-7.7'
make: *** [all] Error 2
原因:
pcre-7.7 configuration summary:
Install prefix .................. : /usr/local/pcre
C preprocessor .................. : gcc -E
C compiler ...................... : gcc
C++ preprocessor ................ :
C++ compiler .................... :
Linker .......................... : /usr/bin/ld
C preprocessor flags ............ :
C compiler flags ................ : -O2
C++ compiler flags .............. :
Linker flags .................... :
Extra libraries ................. :
没有装GCC C++包:
gcc-c++-3.4.6-8.i386.rpm libstdc++-devel-3.4.6-8.i386.rpm
l Zlib 安装:
[root@RedhatAS4U4-Oracle oracle]# tar -zxvf zlib-1.2.3.tar.gz
[root@RedhatAS4U4-Oracle oracle]# cd zlib-1.2.3
[root@RedhatAS4U4-Oracle zlib-1.2.3]#
[root@RedhatAS4U4-Oracle zlib-1.2.3]# make
[root@RedhatAS4U4-Oracle zlib-1.2.3]# make install
l Nginx 安装:
[root@RedhatAS4U4-Oracle oracle]# tar -zxvf nginx-0.6.32.tar.gz
[root@RedhatAS4U4-Oracle oracle]# cd nginx-0.6.32
[root@RedhatAS4U4-Oracle nginx-0.6.32]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-pcre=/root/pcre-7.7 --with-zlib=/root/zlib-1.2.3 --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-openssl=/root/openssl-0.9.8g
[root@RedhatAS4U4-Oracle nginx-0.6.32]# make
[root@RedhatAS4U4-Oracle nginx-0.6.32]# make install
3、 配置:
[root@RedhatAS4U4-Oracle oracle]# cat /usr/local/nginx/conf/nginx.conf
user nobody nobody;
worker_processes 30;
error_log logs/error.log notice;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 40960;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
keepalive_timeout 150;
server_names_hash_bucket_size 64;
upstream cache {
ip_hash;
server 10.167.26.166:8080; //varnish server 1
server 10.167.26.3;
}
server {
listen 10.167.26.5:80;
server_name cacti.chinarenservice.com;
access_log logs/cacti.wizardial.com.access.log main;
location / {
proxy_pass http://cache;
proxy_redirect http://cacti.chinarenservice.com/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Is-EDU 0;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 10;
proxy_send_timeout 15;
proxy_read_timeout 15;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
server {
listen 10.167.26.5:81;
server_name nginxstatus.chinarenservice.com 10.167.26.5;
location /NginxStatus {
stub_status on;
access_log off;
allow 210.22.7.147;
allow 127.0.0.1;
deny all;
}
}
}
以上配置为nginx 做反向代理,监听10.167.26.5:80的IP,接收cacti.wizardial.com 的域名请求,转发到后端varnish缓存服务器
4、 优化:
l 修改open files数
显示open files数
|
[root@RedhatAS4U4-Oracle oracle]# ulimit -a
|
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
pending signals (-i) 1024
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
……
修改open files数
|
[root@RedhatAS4U4-Oracle oracle]# ulimit -n 8192
|
l 优化Linux内核参数
|
[root@RedhatAS4U4-Oracle oracle]# vi /etc/sysctl.conf
|
在末尾增加以下内容:
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
使配置立即生效:
|
[root@RedhatAS4U4-Oracle oracle]# /sbin/sysctl -p
|
l 不停止Nginx服务的情况下平滑变更Nginx配置
|
[root@RedhatAS4U4-Oracle oracle]# kill -HUP `cat /usr/local/nginx/logs/nginx.pid`
|
l
5、
二、 Varnish 缓存
Varnish优点:
1、Varnish采用了“Visual Page Cache”技术,在内存的利用上,Varnish比Squid具有优势,它避免了Squid频繁在内存、磁盘中交换文件,性能要比Squid高。
2、Varnish的稳定性非常好
3、通过Varnish管理端口,可以使用正则表达式快速、批量地清除部分缓存,这一点是Squid不能具备的。
Varnish网站缓存加速器安装:
1、创建www用户和组,以及Varnish缓存文件存放目录(/var/InfiNET/cache):
[root@RedhatAS4U4-Oracle oracle]# /usr/sbin/groupadd www -g 48
[root@RedhatAS4U4-Oracle oracle]# /usr/sbin/useradd -u 48 -g www www
[root@RedhatAS4U4-Oracle oracle]# mkdir -p /var/InfiNET/cache
[root@RedhatAS4U4-Oracle oracle]# chmod +w /var/InfiNET/cache
[root@RedhatAS4U4-Oracle oracle]# chown -R www:www /var/InfiNET/cache
2、创建Varnish日志目录(/var/logs/):
[root@RedhatAS4U4-Oracle oracle]# mkdir -p /usr/local/varnish/logs
[root@RedhatAS4U4-Oracle oracle]# chmod +w /usr/local/varnish/logs
[root@RedhatAS4U4-Oracle oracle]# chown -R www:www /usr/local/varnish/logs
3、编译安装varnish:
下载:
http://sourceforge.net/project/showfiles.php?group_id=155816&package_id=173643&release_id=563022
[root@RedhatAS4U4-Oracle oracle]# wget http://blog.s135.com/soft/linux/varnish/varnish-1.1.2.tar.gz
[root@RedhatAS4U4-Oracle oracle]# tar zxvf varnish-1.1.2.tar.gz
[root@RedhatAS4U4-Oracle oracle]# cd varnish-1.1.2
[root@RedhatAS4U4-Oracle oracle]# ./configure --prefix=/usr/local/varnish
[root@RedhatAS4U4-Oracle oracle]# make && make install
./configure -enable-debugging-symbols -enable-developer-warnings -enable-dependency-tracking --prefix=/usr/local/varnish
注意,我在进行make步骤时,出现如下错误:
"varnishhist.c:35:20: error: curses.h: No such file or directory"
造成该问题的原因是因为系统中少了ncurses-devel包
4、创建Varnish配置文件:
[root@RedhatAS4U4-Oracle oracle]# vi /usr/local/varnish/vcl.conf
backend myblogserver {
set backend.host = "10.167.26.3";
set backend.port = "80";
}
acl purge {
"localhost";
"127.0.0.1";
"10.167.0.0"/16;
"210.22.7.147"/32;
}
sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
lookup;
}
if (req.http.host ~ "^cacti.chinarenservice.com") {
set req.backend = mymonitorserver;
if (req.request != "GET" && req.request != "HEAD") {
pipe;
}
else {
lookup;
}
}
else {
error 404 "Zhang Yan Cache Server";
lookup;
}
}
sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache.";
}
}
sub vcl_fetch {
if (req.request == "GET" && req.url ~ "\.(txt|js|gif|jpg||jpeg|tom|swf|css)$") {
set obj.ttl = 3600s;
}
else {
set obj.ttl = 30d;
}
}
对以上配置文件解释一下:
(1)、Varnish通过反向代理请求后端IP为10.167.26.3,端口为80的apache服务器;
(2)、Varnish允许localhost、127.0.0.1、10.167.0.***源IP通过PURGE方法清除缓存;
(3)、Varnish对域名为cacti.chinarenservice.com的请求进行处理,非cacti.chinarenservice.com域名的请求则返回“freeke Cache Server”;
(4)、Varnish对HTTP协议中的GET、HEAD请求进行缓存,对POST请求透过,让其直接访问后端Web服务器。之所以这样配置,是因为POST请求一般是发送数据给服务器的,需要服务器接收、处理,所以不缓存;
(5)、Varnish对以.txt和.js等结尾的URL缓存时间设置1小时,对其他的URL缓存时间设置为30天。
5、启动Varnish
[root@RedhatAS4U4-Oracle oracle]# limit -SHn 51200
[root@RedhatAS4U4-Oracle oracle]# /usr/local/varnish/sbin/varnishd -n /var/InfiNET/cache -f /usr/local/varnish/vcl.conf -a 0.0.0.0:80 -s file,/var/InfiNET/cache/varnish_cache.data,1G -g www -u www -w 30000,51200,10 -T 127.0.0.1:3500 -p client_http11=on
6、启动varnishncsa用来将Varnish访问日志写入日志文件:
[root@RedhatAS4U4-Oracle oracle]# /usr/local/varnish/bin/varnishncsa -n /var/InfiNET/cache -w /usr/local/varnish/logs/varnish.log &
7、配置开机自动启动Varnish
[root@RedhatAS4U4-Oracle oracle]# vi /etc/rc.local
ulimit -SHn 51200
/usr/local/varnish/sbin/varnishd -n /var/InfiNET/cache -f /usr/local/varnish/vcl.conf -a 0.0.0.0:80 -s file,/var/InfiNET/cache/varnish_cache.data,1G -g www -u www -w 30000,51200,10 -T 127.0.0.1:3500 -p client_http11=on
/usr/local/varnish/bin/varnishncsa -n /var/InfiNET/cache -w /usr/local/varnish/logs/varnish.log &
FAQ:
1、 配置 泛域名 的主机
很多二级域名,比如 xx.chinarenservice.com ,一个一个加好麻烦。。。squid 或者nginx 都支持 .chinarenservice.com 的
if (req.http.host ~ "^www.chinarenservice.com") {
改成
if (req.http.host ~ ".chinarenservice.com") {
2、 附varnish多站点配置
backend www {
set backend.host = "www.chinarenservice.com";
set backend.port = "80";
}
backend blog {
set backend.host = "blog.chinarenservice.com";
set backend.port = "80";
}
backend image {
set backend.host = "image.chinarenservice.com";
set backend.port = "80";
}
sub vcl_recv {
if (req.http.host ~ "^(www.)?chinarenservice.com$") {
set req.http.host = "www.chinarenservice.com";
set req.backend = www;
} elsif (req.http.host ~ "^blog.chinarenservice.com$") {
set req.backend = blog;
} elsif (req.http.host ~ "^image.chinarenservice.com$") {
set req.backend = image;
} else {
error 404 "Unknown host";
}