二、172.26.11.71 172.26.11.72 安装varnish mkdir -p /data/softwaremkdir -p /data/srcmkdir -p /data/confmkdir -p /data/logsyum -y install gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel libjpeg-devel lib
二、172.26.11.71 172.26.11.72 安装varnish
mkdir -p /data/software mkdir -p /data/src mkdir -p /data/conf mkdir -p /data/logs yum -y install gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel gettext-devel yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers libtool yum -y install rsyslog gcc gcc-c++ libstdc++-devel httpd-devel pcre perl pcre-devel zlib zlib-devel GeoIP GeoIP-devel cd /data/software/ wget http://repo.varnish-cache.org/source/varnish-3.0.3.tar.gz cd /data/src/ tar zxf ../software/varnish-3.0.3.tar.gz cd varnish-3.0.3 ./autogen.sh ./configure --prefix=/usr/local/varnish PKG_CONFIG_PATH=/usr/lib/pkgconfig make && make install #指定一下命令的快捷方式 ln -s /usr/local/varnish/sbin/varnishd /usr/bin/varnishd ln -s /usr/local/varnish/sbin/varnishd /usr/sbin/varnishd ln -s /usr/local/varnish/bin/varnishlog /usr/bin/varnishlog ln -s /usr/local/varnish/bin/varnishncsa /usr/bin/varnishncsa ln -s /usr/local/varnish/bin/varnishadm /usr/bin/varnishadm ln -s /usr/local/varnish/bin/varnishstat /usr/bin/varnishstat #配置文件也指定到熟悉的位置 ln -s /usr/local/varnish/etc/varnish/default.vcl /etc/varnish.conf #看看是否已正确安装了 varnishd -V
vi /etc/varnish.conf
# This is a basic VCL configuration file for varnish. See the vcl(7)
# man page for details on VCL syntax and semantics.
#
# Default backend definition. Set this to point to your content
# server.
#
backend web1 {
.host = "172.26.11.73";
.port = "8080";
.connect_timeout = 1s;
.first_byte_timeout = 5s;
.between_bytes_timeout = 2s;
}
backend web2 {
.host = "172.26.11.74";
.port = "8080";
.connect_timeout = 1s;
.first_byte_timeout = 5s;
.between_bytes_timeout = 2s;
}
director load random {
{
.backend = web1;
.weight = 5;
}
{
.backend = web2;
.weight = 5;
}
}
#
# Below is a commented-out copy of the default VCL logic. If you
# redefine any of these subroutines, the built-in logic will be
# appended to your code.
acl purge {
"localhost";
"127.0.0.1";
}
sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
return (lookup);
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.request == "GET" && req.url ~ "\.(js|css|html|jpg|png|gif|swf|jpeg|ico)$") {
unset req.http.cookie;
}
if (req.http.host ~ "^(.*)ijie.com$") {
set req.backend = load;
if (req.request != "GET" && req.request != "HEAD") {
return (pipe);
}
elseif(req.url ~ "\.(php|cgi)($|\?)") {
return (pass);
#return (lookup);
}
else {
return (lookup);
}
}
else {
error 404 "Tyler's Server";
return (lookup);
}
}
#
sub vcl_pipe {
# # Note that only the first request to the backend will have
# # X-Forwarded-For set. If you use X-Forwarded-For and want to
# # have it set for all requests, make sure to have:
# # set bereq.http.connection = "close";
# # here. It is not set by default as it might break some broken web
# # applications, like IIS with NTLM authentication.
return (pipe);
}
#
sub vcl_pass {
return (pass);
}
#
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (hash);
}
#
sub vcl_hit {
# if(req.http.Cache-Control~"no-cache"||req.http.Cache-Control~"max-age=0"||req.http.Pragma~"no-cache"){
# set obj.ttl=0s;
# return (restart);
# }
return (deliver);
}
#
sub vcl_miss {
return (fetch);
}
sub vcl_fetch {
# if (beresp.ttl
"} + obj.status + " " + obj.response + {"
Error "} + obj.status + " " + obj.response + {"
"} + obj.response + {"
Guru Meditation:
XID: "} + req.xid + {"
Varnish cache server
"};
return (deliver);
}
#
sub vcl_init {
return (ok);
}
sub vcl_fini {
return (ok);
}
#建立Varnish用户以及用户组
useradd -s /sbin/nologin varnish
#将varnish配置文件和服务写入到系统:
cp /data/src/varnish-3.0.3/redhat/varnish.initrc /root/varnish
cp /data/src/varnish-3.0.3/redhat/varnish.sysconfig /etc/sysconfig/varnish
cp /data/src/varnish-3.0.3/redhat/varnish_reload_vcl /usr/local/varnish/bin/
#生成一个secret用于varnish 的 reload,这样以后修改了 /etc/varnish.conf,可以不用重启就可以重新载入新的配置了!
mkdir -p /etc/varnish/
uuidgen > /etc/varnish/secret
chmod 600 /etc/varnish/secret
mkdir -p /data/varnish/cache/
vi /etc/init.d/varnish
#! /bin/sh
. /etc/init.d/functions
retval=0
pidfile=/var/run/varnish.pid
exec="/usr/bin/varnishd" #attention this...
reload_exec="/usr/local/varnish/bin/varnish_reload_vcl" #attention this...
prog="varnishd" #attention this...
config="/etc/sysconfig/varnish" #attention this...
lockfile="/var/lock/subsys/varnish"
# Include varnish defaults
[ -e /etc/sysconfig/varnish ] && . /etc/sysconfig/varnish
start() {
if [ ! -x $exec ]
then
echo $exec not found
exit 5
fi
if [ ! -f $config ]
then
echo $config not found
exit 6
fi
echo -n "Starting Varnish Cache: "
# Open files (usually 1024, which is way too small for varnish)
ulimit -n ${NFILES:-131072}
# Varnish wants to lock shared memory log in memory.
ulimit -l ${MEMLOCK:-82000}
# $DAEMON_OPTS is set in /etc/sysconfig/varnish. At least, one
# has to set up a backend, or /tmp will be used, which is a bad idea.
if [ "$DAEMON_OPTS" = "" ]; then
echo "\$DAEMON_OPTS empty."
echo -n "Please put configuration options in $config"
return 6
else
# Varnish always gives output on STDOUT
daemon --pidfile $pidfile $exec -P $pidfile "$DAEMON_OPTS" > /dev/null 2>&1
retval=$?
if [ $retval -eq 0 ]
then
touch $lockfile
echo_success
echo
else
echo_failure
echo
fi
return $retval
fi
}
stop() {
echo -n "Stopping Varnish Cache: "
killproc -p $pidfile $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
if [ "$RELOAD_VCL" = "1" ]
then
$reload_exec
else
force_reload
fi
}
force_reload() {
restart
}
rh_status() {
status -p $pidfile $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
configtest() {
if [ -f "$VARNISH_VCL_CONF" ]; then
$exec -f "$VARNISH_VCL_CONF" -C -n /tmp > /dev/null && echo "Syntax ok"
else
echo "VARNISH_VCL_CONF is unset or does not point to a file"
fi
}
# See how we were called.
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
configtest)
configtest
;;
*)
echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?
vi /etc/init.d/varnish
NFILES=131072
MEMLOCK=82000
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish.conf #attention this...
VARNISH_LISTEN_ADDRESS=0.0.0.0
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=2000
VARNISH_SECRET_FILE=/etc/varnish/secret #attention this...
VARNISH_MIN_THREADS=50
VARNISH_MAX_THREADS=1000
VARNISH_THREAD_TIMEOUT=120 #attention this...
VARNISH_STORAGE_FILE=/data/varnish/cache/varnish_cache.data #attention this...
VARNISH_STORAGE_SIZE=1G
VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" #attention this...
#it can also be fixed as this: VARNISH_STORAGE="malloc,1G"
VARNISH_TTL=120
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-f ${VARNISH_VCL_CONF} \
-T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-t ${VARNISH_TTL} \
-w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
-u varnish -g varnish \
-S ${VARNISH_SECRET_FILE} \
-s ${VARNISH_STORAGE}"
chmod 755 /root/varnish
chmod 755 /usr/local/varnish/bin/varnish_reload_vcl
#可以用的命令:
/root/varnish {start|stop|status|restart|condrestart|try-restart|reload|force-reload}
#查看实时运行状况
varnishstat
#查看日志 方式一(varnish的特有方式):
varnishlog
#查看日志 方式二(与nginx日志相似方式):
varnishncsa
#清除缓存:
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban.url ^/index.html
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban.url ^.* #清除所有的
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban.list
清除www.bbs.com域名下的/static/image/tt.jpg
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret ban “req.http.host ~www.bbs.com$ && req.url ~ /static/image/tt.jpg”
varnishadm -T 127.0.0.1:2000 -S /etc/varnish/secret BAN “req.http.host ~www.aipinp.com$ && req.url ~ /index.html”
#优化Linux内核参数
vi /etc/sysctl.conf
net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 5000 65000
原文地址:【原创】haproxy + varnish + nginx + fastCGi + mysql 搭建, 感谢原作者分享。
内存飙升!记一次nginx拦截爬虫Mar 30, 2023 pm 04:35 PM本篇文章给大家带来了关于nginx的相关知识,其中主要介绍了nginx拦截爬虫相关的,感兴趣的朋友下面一起来看一下吧,希望对大家有帮助。
如何在HAProxy中实现SSL通过Mar 20, 2024 am 09:30 AM保持Web服务器负载平衡是预防停机的关键措施之一。使用负载平衡器是一种可靠的方法,其中HAProxy是一个备受推崇的选择。使用HAProxy,您可以精确配置负载平衡方式,同时支持SSL直通,从而保障客户端与服务器之间的通信安全。首先探讨在HAProxy中实现SSL直通的重要性,随后详细讨论了实施此功能所需的步骤,并提供了一个示例以便更好理解。什么是SSL通过?为什么它很重要?作为负载均衡器,HAProxy接受并分配流向您Web服务器的负载,在已配置的服务器上进行分发。负载的分配是针对客户端设备和
nginx+rsync+inotify怎么配置实现负载均衡May 11, 2023 pm 03:37 PM实验环境前端nginx:ip192.168.6.242,对后端的wordpress网站做反向代理实现复杂均衡后端nginx:ip192.168.6.36,192.168.6.205都部署wordpress,并使用相同的数据库1、在后端的两个wordpress上配置rsync+inotify,两服务器都开启rsync服务,并且通过inotify分别向对方同步数据下面配置192.168.6.205这台服务器vim/etc/rsyncd.confuid=nginxgid=nginxport=873ho
nginx php403错误怎么解决Nov 23, 2022 am 09:59 AMnginx php403错误的解决办法:1、修改文件权限或开启selinux;2、修改php-fpm.conf,加入需要的文件扩展名;3、修改php.ini内容为“cgi.fix_pathinfo = 0”;4、重启php-fpm即可。
如何解决跨域?常见解决方案浅析Apr 25, 2023 pm 07:57 PM跨域是开发中经常会遇到的一个场景,也是面试中经常会讨论的一个问题。掌握常见的跨域解决方案及其背后的原理,不仅可以提高我们的开发效率,还能在面试中表现的更加
nginx部署react刷新404怎么办Jan 03, 2023 pm 01:41 PMnginx部署react刷新404的解决办法:1、修改Nginx配置为“server {listen 80;server_name https://www.xxx.com;location / {root xxx;index index.html index.htm;...}”;2、刷新路由,按当前路径去nginx加载页面即可。
nginx怎么禁止访问phpNov 22, 2022 am 09:52 AMnginx禁止访问php的方法:1、配置nginx,禁止解析指定目录下的指定程序;2、将“location ~^/images/.*\.(php|php5|sh|pl|py)${deny all...}”语句放置在server标签内即可。
如何分析Haproxy端口复用May 29, 2023 am 09:25 AM本文作者:Spark(Ms08067内网安全小组成员)一、概述Haproxy是一个使用c语言开发的高性能负载均衡代理软件,提供tcp和http的应用程序代理,免费、快速且可靠。类似frp,使用一个配置文件+一个server就可以运行。优点:大型业务领域应用广泛支持四层代理(传输层)以及七层代理(应用层)支持acl(访问控制列表),可灵活配置路由windows使用cygwin编译后可运行(可跨平台)访问控制列表(AccessControlLists,ACL)是应用在路由器接口的指令列表,这些指令列
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver Mac version
Visual web development tools
Atom editor mac version download
The most popular open source editor
WebStorm Mac version
Useful JavaScript development tools
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
Notepad++7.3.1
Easy-to-use and free code editor
