centos5.5 32位系统 varnish版本3.0.2

192.168.159.88为后端静态资源服务器

varnish所以来的软件包:

autotools-dev

automake1.9

libtool

autoconf

libncurses-dev

xsltproc

groff-base

libpcre3-dev

直接yum安装系统所缺的包即可。

下载varnish源码包,解压安装:

wget http://repo.varnish-cache.org/source/varnish-3.0.2.tar.gz

# tar zxvf varnish-3.0.2.tar.gz

# cd varnish-3.0.2

# ./configure --prefix=/usr/local/varnish/

# make;make install

进行一些简单配置:

在解压的源码包的目录中拷贝启动文件和其他所需文件到相关目录:

# cp redhat/varnish.initrc /etc/init.d/varnish

# cp redhat/varnish.sysconfig /etc/sysconfig/varnish

# cp redhat/varnish_reload_vcl /usr/local/varnish/bin/ (此文件作用为修改配置文件后重新加载,这样避免了重启造成已缓存文件丢失)

 

# vim /etc/init.d/varnish

exec="/usr/local/varnish/sbin/varnishd"

reload_exec="/usr/local/varnish/bin/varnish_reload_vcl"

prog="varnishd"

config="/etc/sysconfig/varnish"

lockfile="/var/lock/subsys/varnish"

修改文件开始的相关路径的定义,我修改了红色习题标记的两行。

 

# vim /etc/sysconfig/varnish

NFILES=131072

MEMLOCK=82000

RELOAD_VCL=1

VARNISH_VCL_CONF=/usr/local/varnish/etc/varnish/default.vcl

VARNISH_LISTEN_PORT=80

VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1

VARNISH_ADMIN_LISTEN_PORT=6082

VARNISH_MIN_THREADS=1

VARNISH_MAX_THREADS=1000

VARNISH_THREAD_TIMEOUT=120

VARNISH_STORAGE_FILE=/var/lib/varnish/varnish_storage.bin

VARNISH_STORAGE_SIZE=128M

VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"

VARNISH_TTL=120

DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \

             -f ${VARNISH_VCL_CONF} \

             -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \

             -t ${VARNISH_TTL} \

             -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \

             -u varnish -g varnish \

             -s ${VARNISH_STORAGE}"

以上是我修改的几处,我机器内存小。

 

# vim /usr/local/varnish/bin/varnish_reload_vcl

注释掉关于认证文件的部分:

#elif [ -z "$VARNISH_SECRET_FILE" ]; then

#       echo "Warning: VARNISH_SECRET_FILE is not set"

#       secret=""

 

#elif [ ! -s "$VARNISH_SECRET_FILE" ]; then

#       echo "Error: varnish secret file $VARNISH_SECRET_FILE is unreadable or empty"

#       exit 2

#else

#       secret="-S $VARNISH_SECRET_FILE"

找到定义varnishadm的行,指定路径:

# Done parsing, set up command

VARNISHADM="/usr/local/varnish/bin/varnishadm $secret -T $VARNISH_ADMIN_LISTEN_ADDRESS:$VARNISH_ADMIN_LISTEN_PORT"

 

增加用户,建立一个varnish的日志目录,如果需要日志输出时使用

# useradd -s /bin/false -M varnish

# mkdir /var/log/varnish/

# chown -R varnish.varnish /var/log/varnish/

# chown -R varnish.varnish /var/lib/varnish

基本配置完成。

下面是重头戏,varnish几乎所有配置都是在一个vcl文件中完成,当然也可以使用Include包含进其他vcl。这个配置文件比较灵活,对我来说还有点复杂。一直没理顺处理流程。默默糊糊的。下面是一个基本的配置文件。default.vcl包含了大部分的基本配置。把注释去掉,再加上自定义的一些指令即可完成。

 

backend zabbix {

        .host = "192.168.159.88";

        .port = "8088";

       

}

 

acl purgeallow {

        "127.0.0.1";

#       "192.168.159.10";

}

 

#

# Below is a commented-out copy of the default VCL logic.  If you

# redefine any of these subroutines, the built-in logic will be

# appended to your code.

 sub vcl_recv {

     if(req.request == "PURGE") {

        if(!client.ip ~ purgeallow) {

                error 405 "not allowed.";

        }

        return(lookup);

    }

    

     if (req.request == "GET" && req.url ~ "\.(jpg|png|gif|swf|flv|ico|jpeg)$") {

        unset req.http.cookie;

     }

     if (req.request =="GET"&&req.url ~ "(?i)\.php($|\?)"){

        return (pass);

     }

     if (req.restarts == 0) {

        if (req.http.x-forwarded-for) {

            set req.http.X-Forwarded-For =

                req.http.X-Forwarded-For + ", " + client.ip;

        } else {

            set req.http.X-Forwarded-For = client.ip;

        }

     }

     if (req.request != "GET" &&

       req.request != "HEAD" &&

       req.request != "PUT" &&

       req.request != "POST" &&

       req.request != "TRACE" &&

       req.request != "OPTIONS" &&

       req.request != "DELETE") {

         /* Non-RFC2616 or CONNECT which is weird. */

         return (pipe);

     }

     if (req.request != "GET" && req.request != "HEAD") {

         return (pass);

     }

     if (req.http.Authorization || req.http.Cookie) {

         return (pass);

     }

     if (req.http.host ~ "192.168.159.88") {

               set req.backend = zabbix;

               set req.http.host = "192.168.159.88";

               if (req.request != "GET" && req.request != "HEAD") {

                       return(pipe);

               }

               else {

                       return(lookup);

               }

       }

     return (lookup);

 }

 

sub vcl_pipe {

    return (pipe);

}

sub vcl_pass {

     return (pass);

}

sub vcl_hash {

     hash_data(req.url);

     if (req.http.host) {

         hash_data(req.http.host);

     } else {

         hash_data(server.ip);

     }

     return (hash);

}

#

sub vcl_hit {

     if (req.request == "PURGE") {

        purge;

        error 200 "purged";

     }

     return (deliver);

 }

#

sub vcl_miss {

     if(req.request == "PURGE") {

        error 404 "not in cache.";

     }

     return (fetch);

}

#

sub vcl_fetch {

     if (beresp.ttl <= 0s ||

         beresp.http.Set-Cookie ||

         beresp.http.Vary == "*") {

                /*

                 * Mark as "Hit-For-Pass" for the next 2 minutes

                 */

                set beresp.ttl = 120 s;

                return (hit_for_pass);

     }

     if (beresp.http.Pragma ~ "no-cache" ||

        beresp.http.Cache-Control ~ "no-cache" ||

        beresp.http.Cache-Control ~ "private") {

        return(deliver);

     }

     if(beresp.status == 404 || beresp.status == 300) {

        error 404;

     }

     if (req.request == "GET" && req.url ~ "\.(jpg|png|gif|swf|flv|ico|jpeg)$") {

        set beresp.ttl = 1d;

     }

     if (req.request == "GET" && req.url ~ "\.(htm|html)$") {

        set beresp.ttl = 1d;

     }

#       if (req.url ~ "\.(png|gif|jpg)$") {

#               unset beresp.http.set-cookie;

#               set beresp.ttl = 1h;

#       }

     return (deliver);

}

#

sub vcl_deliver {

        #if(obj.hits > 0) {

        #set resp.http.X-Cache = "HIT";

        #}

        #else {

        #       set.resp.http.X-Cache = "MISS";

        #}

        #remove resp.http.X-Varnish;

        #remove resp.http.Server;

        if (obj.hits > 0) {

                set resp.http.X-Cache = "cached";

        } else {

                set resp.http.x-Cache = "uncached";

        }

 

        # Remove some headers: PHP version

        unset resp.http.X-Powered-By;

 

        # Remove some headers: Apache version & OS

        unset resp.http.Server;

 

        return (deliver);

}

#

sub vcl_error {

     set obj.http.Content-Type = "text/html; charset=utf-8";

     set obj.http.Retry-After = "5";

     synthetic {"

 <?xml version="1.0" encoding="utf-8"?>

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 <html>

   <head>

     <title>"} + obj.status + " " + obj.response + {"</title>

   </head>

   <body>

     <h1>Error "} + obj.status + " " + obj.response + {"</h1>

     <p>"} + obj.response + {"</p>

     <h3>Guru Meditation:</h3>

     <p>XID: "} + req.xid + {"</p>

     <hr>

     <p>Varnish cache server</p>

   </body>

 </html>

 "};

     return (deliver);

}

#

 sub vcl_init {

        return (ok);

 }

#

 sub vcl_fini {

        return (ok);

 }