varnish-cache使用

 

Varnish Cache是一个web加速软件，用作web服务加速的反向代理，与Squid不同的是它建立在较新的系统内核调用上，并且主要是使用内存作为缓存，它现有的使用者有facebook等，据使用者反馈，其与Squid相比，相同的访问量下连接数大大减少。

本人测试过程

1. 准备一个普通的HTTP web服务器，我在虚拟机内启动了一个Linux+Apache+MySQL+Php环境，配置文件未改动，下载一个PHPWind 的bbs程序拿来测试。
2. 在另外一个服务器上编译安装Varnish 3.0(IP:192.168.159.5)，默认安装路径，安装过程可参考官方文档。
3. 编辑Varnish的默认配置文件(/usr/local/etc/varnish/default.vcl)：
   varnish ACL配置文件

   #首先设置一个后端服务器
   backend default {.host = "192.168.159.11";.port = "80";
   }sub vcl_recv {if (req.restarts == 0) {if (req.http.x-forwarded-for) {set req.http.X-Forwarded-For =req.http.X-Forwarded-For + ", " + client.ip;} else {set req.http.X-Forwarded-For = client.ip;}}#把除了以下这些类型请求以外的访问请求全部直接管道发送到后端的服务器if (req.request != "GET" &&req.request != "HEAD" &&req.request != "PUT" &&req.request != "POST" &&req.request != "TRACE" &&req.request != "OPTIONS" &&req.request != "DELETE") {/* Non-RFC2616 or CONNECT which is weird. */return (pipe);}#只有GET与HEAD方法才会使用Lookup，使用缓存。if (req.request != "GET" && req.request != "HEAD") {/* We only deal with GET and HEAD by default */return (pass);}# if (req.http.Authorization || req.http.Cookie) {#     /* Not cacheable by default */#     return (pass);# }#如果请求的是php页面直接转发到后端服务器if (req.url ~ "\.(php|cgi)($|\?)") {return (pass);}return (lookup);}sub vcl_pipe {return (pipe);}sub vcl_pass {return (pass);}sub vcl_hash {hash_data(req.url);if (req.http.host) {hash_data(req.http.host);} else {hash_data(server.ip);}return (hash);}sub vcl_hit {return (deliver);}sub vcl_miss {return (fetch);}sub vcl_fetch {if (beresp.ttl <= 0s ||beresp.http.Set-Cookie ||beresp.http.Vary == "*") {/** Mark as "Hit-For-Pass" for the next 2 minutes*/set beresp.ttl = 120 s;return (hit_for_pass);}if (req.url ~ "\.(png|gif|jpg)$") {unset beresp.http.set-cookie;set beresp.ttl = 1h;}#设置图片的缓存TTL为一小时return (deliver);}sub vcl_deliver {return (deliver);}sub vcl_error {set obj.http.Content-Type = "text/html; charset=utf-8";set obj.http.Retry-After = "5";synthetic {"<?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><title>"} + obj.status + " " + obj.response + {"</title></head><body><h1>Error "} + obj.status + " " + obj.response + {"</h1><p>"} + obj.response + {"</p><h3>Guru Meditation:</h3><p>XID: "} + req.xid + {"</p><hr><p>Varnish cache server</p></body></html>"};return (deliver);}sub vcl_init {return (ok);}sub vcl_fini {return (ok);}
   #

4. 添加Varnishd进程用户www,用户组www,创建/var/vcache目录，使www用户有权限可读写。

   groupadd www
   useradd www -g www
   mkdir /var/vcache
   chown -R www:www /var/vcache
   chmod -R 750 /var/vcache

5. 编辑/etc/sysctl.conf 优化几个内核参数：

   net.ipv4.tcp_fin_timeout = 30
   net.ipv4.tcp_keepalive_time = 300
   net.ipv4.tcp_tw_reuse = 1
   net.ipv4.tcp_tw_recycle = 1

   运行sysctl -p　重新按配置文件设置内核参数。

6. 启动Varnishd

   varnishd -a 0.0.0.0:80 -f /usr/local/etc/varnish/default.vcl -T 127.0.0.1:2000 -s file,/var/vcache/,1G -u www

   参数说明：-f指定了配置文件，-T是指定命令行管理界面监听地址，-s file指定了使用文件做缓存，1G是缓存文件大小，-u就是进程的用户了。

7. 在客户端访问http://192.168.159.5/phpwind ,高频率刷新页面观察varnishd一端netstat -n输出，可以发现Varnish端到后端（apache）的TCP连接几乎一闪而过，很快就释放掉。
8. 解决后端服务器不能日志记录真实访问者IP的问题，修改apache日志格式。

   LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""  varnish_combined