如何建立Varnish CDN集群

在构建CDN系统的架构上,Varnish和squid会使用得是最多的,它们各有优劣点,本文以Varnish为基础创建Varnish的CDN,加速网站,可以用DNS解析的方式,把吃灰小鸡利用起来,比如某小鸡对移动线路优秀,那么把来自移动的流量导向此小鸡,联通电信同理,在结合Varnish集群,大大减轻源站的负载压力并合理利用吃灰小鸡。

参考:Nginx 反向代理+缓存加速

宝塔面板利用反向代理加速CDN

 

Varnish架构图

如何建立Varnish CDN集群

集群实验环境:Centos-7.6  Varnish-6.2  Nginx-1.16.0

一般情况下,会在Nginx或者Haproxy负载均衡层,进行心跳检测和浮动IP,而且会加上健康检测,来避免宕机的危险,正常流程是外网映射内网,内网机器之间实现LVS的VIP功能,由于本站小鸡全部是外网,没有内网所以只能实现在外网之间的通信。

 

流程:
http->https->varnish集群->源站
https->varnish集群->源站

由于Varnish 暂不支持 https协议,收费版支持https协议,所以我们用Nginx来反代实现HTTPS协议,Nginx负载均衡鸡配置如下:

如何建立Varnish CDN集群

cat /etc/nginx/conf.d/yunwei114.conf 

server {
    listen 80;
    server_name  xqt.io xqt.io;
 
    rewrite ^/(.*) https://xqt.io/$1 permanent;}
    
    upstream yunwei114_com
    {#    ip_hash;
    server 127.0.0.1:6081;
    server Varnish节点外网IP:6081;}server {
        listen 443 ssl http2 fastopen=3 reuseport;

	server_name  xqt.io xqt.io;

	error_log  /var/log/nginx/error.log  crit;
        ssl_certificate      /etc/letsencrypt/live/xqt.io/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/xqt.io/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/xqt.io/chain.pem;
	ssl_dhparam /etc/nginx/ssl/dhparam.pem;

	ssl_protocols TLSv1.2;
	ssl_prefer_server_ciphers on;

	ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";



	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;


	# OCSP Stapling ---
	# fetch OCSP records from URL in ssl_certificate and cache them
	ssl_stapling on;
	ssl_stapling_verify on;

	location /status {
            stub_status on;
            access_log off;
	}



        location / {
            proxy_pass http://yunwei114_com;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
 
 

        }}

Varnish节点,只需要安装Varnish即可,并按以下进行Varnish节点配置,Varnish(1-N)配置文件一致,唯一不一致的是运行配置文件,运行配置文件需要指定监听Varnish节点外网IP,配置如下:

###Varnish配置文件:cat /etc/varnish/default.vcl 
vcl 4.0;backend default {
  .host = "源站外网IP";
  .port = "8081";           
  .connect_timeout = 600s;
  .first_byte_timeout = 600s;
  .between_bytes_timeout = 600s;
  .max_connections = 128;}acl purger {
   "localhost";
   "127.0.0.1";}sub vcl_recv {

	if (req.method == "PURGE") {
		if (!client.ip ~ purger) {
			return(synth(405, "This IP is not allowed to send PURGE requests."));
  		}
		return (purge);
	}


	if (req.restarts == 0) {
		if (req.http.X-Forwarded-For) {
		set req.http.X-Forwarded-For = client.ip;
  		}
	}


	if (req.http
.Authorization || req.http.Cookie ~ "wordpress_logged" || req.http.Cookie ~ "comment_") {
         /* Not cacheable by default */         	return (pass);
	}

	if (req.url ~ "/feed") {
		return (pass);
	}
	if (req.url ~ "wp-admin|wp-login") {
		return (pass);
	}

	if (req.url ~ "^(.*)\.(jpg|png|gif|jpeg|flv|bmp|gz|tgz|bz2|tbz|js|css|html|htm)($|\?)" ) { 
         #移除cookie,以便能缓存到varnish 
        unset req.http.cookie; 
	} 



	set req.http.cookie = regsuball(req.http.cookie, "wp-settings-\d+=[^;]+(; )?", "");
	set req.http.cookie = regsuball(req.http.cookie, "wp-settings-time-\d+=[^;]+(; )?", "");

	if (req.http.cookie == "") {
		unset req.http.cookie;
  	}}sub vcl_purge {
 	set req.method = "GET";
 	set req.http.X-Purger = "Purged";
	return (restart);}sub vcl_backend_response {


	set beresp.ttl = 24h;
 	set beresp.grace = 1h;
	if (bereq.url !~ "wp-admin|wp-login|product|cart|checkout|my-account|/?remove_item=") {
		unset beresp.http.set-cookie;
	}}sub vcl_deliver {

	unset resp.http.Via;
	unset resp.http.X-Varnish;


	if (obj.hits > 0) {
	set resp.http.X-Cache =  "HIT from " + server.hostname;
	} else {
	set resp.http.X-Cache =  "MISS from " + server.hostname;
	}}sub vcl_synth {if (resp.status == 404) {

    set resp.http.Content-Type = "text/html; charset=utf-8";
    set resp.http.Retry-After = "5";
    synthetic( {"<!DOCTYPE html>
<html>
  <head>
    <title>"} + resp.status + " " + resp.reason + {"</title>
  </head>
  <body>
    <h1>Error "} + resp.status + " " + resp.reason + {"</h1>
    <p>"} + resp.reason + {"</p>
    <h3>Guru Meditation:</h3>
    <p>XID: "} + req.xid + {"</p>
    <hr>
    <p>Varnish cache server</p>
  </body>
</html>
"} );
}
    return (deliver);
    }

Varnish运行配置文件:

### Varnish运行配置文件,如果Nginx负载均衡鸡和Varnish在同台机器,那么Varnish鸡运行配置文件不需要指定IP,默认是127.0.0.1:
ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s file,/tmp/varnish/cache.bin,5G

### Varnish运行配置文件,如果Nginx负载均衡鸡和Varnish不在同台机器,那么Varnish鸡需要指定运行配置文件的外网IP:
cat /usr/lib/systemd/system/varnish.service
ExecStart=/usr/sbin/varnishd -a 外网IP:6081 -f /etc/varnish/default.vcl -s file,/tmp/varnish/cache.bin,5G

源站Nginx配置文件:

cat /etc/nginx/conf.d/yunwei114.conf
    server {
        listen 8081;
        server_name  xqt.io;
	port_in_redirect off;



    location / {
        root   /home/yunwei114;
        index   index.php index.html index.htm;
      try_files $uri $uri/ /index.php?$args;
   
    }


    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    ##    location ~ \.php$ {
    location ~ .*\.php(\/.*)*$ {
        root           /home/yunwei114;
        
        #       try_files $uri =404;
        #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        fastcgi_param HTTPS on;

	fastcgi_pass   unix:/dev/shm/php7-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME  /home/affdalao$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
    }

检验Varnish集群是否生效,关闭任意一台Varnish机器,网站正常运行:
Varnish关闭命令:systemctl stop varnish

如何建立Varnish CDN集群

至此Varnish集群搭建完毕。

 

正文完
 
评论(没有评论)