Varnish and nginx setup
来源:互联网 发布:navras 知乎 编辑:程序博客网 时间:2024/06/05 23:06
Setup
We will be using nginx as SSL offloader forwarding regular HTTP traffic to the varnish proxy on port 8080 on the same host.
Update and upgrade the server
sudo apt-get update && sudo apt-get upgrade && sudo apt-get autoremove && sudo reboot now
Install packages
sudo apt-get install nginx varnish
Configure nginx (nginx 代理)
Since nginx does the SSL offloading you need both the private key and the crt. For nginx we just have to update the default site.
/etc/nginx/sites-available/default
server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 listen 443 ssl; keepalive_timeout 70; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers ALL:!kEDH!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; access_log off; error_log off; ssl_certificate /home/ubuntu/multidomain.crt; ssl_certificate_key /home/ubuntu/multidomain.key; location / { proxy_pass http://127.0.0.1:8080/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }
查看端口: sudo netstat -nlpt
修改apache 端口为8080
sudo vi /etc/apache2/sites-enabled/000-defaultsudo vi /etc/apache2/ports.conf
Configure varnish
/etc/default/varnish
START=yesNFILES=131072MEMLOCK=82000DAEMON_OPTS="-a :8080 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -u varnish -g varnish \ -S /etc/varnish/secret \ -p thread_pool_add_delay=2 \ -p thread_pools=4 \ -p thread_pool_min=200 \ -p thread_pool_max=4000 \ -p session_linger=50 \ -p sess_workspace=262144 \ -s malloc,4096m"
/etc/varnish/default.vcl
# This is a basic VCL configuration file for varnish. See the vcl(7)# man page for details on VCL syntax and semantics.## Default backend definition. Set this to point to your content# server.#backend default { .host = "127.0.0.1"; .port = "80";} # admin backend with longer timeout values. Set this to the same IP & port as your default server.backend admin { .host = "127.0.0.1"; .port = "80"; .first_byte_timeout = 18000s; .between_bytes_timeout = 18000s;} # add your Magento server IP to allow purges from the backendacl purge { "localhost"; "127.0.0.1";} sub vcl_recv { if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && req.request != "POST" && req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE" && req.request != "PURGE") { /* Non-RFC2616 or CONNECT which is weird. */ return (pipe); } # purge request if (req.request == "PURGE") { if (!client.ip ~ purge) { error 405 "Not allowed."; } ban("obj.http.X-Purge-Host ~ " + req.http.X-Purge-Host + " && obj.http.X-Purge-URL ~ " + req.http.X-Purge-Regex + " && obj.http.Content-Type ~ " + req.http.X-Purge-Content-Type); error 200 "Purged."; } # switch to admin backend configuration if (req.http.cookie ~ "adminhtml=") { set req.backend = admin; } # we only deal with GET and HEAD by default if (req.request != "GET" && req.request != "HEAD") { return (pass); } # normalize url in case of leading HTTP scheme and domain set req.url = regsub(req.url, "^http[s]?://[^/]+", ""); # static files are always cacheable. remove SSL flag and cookie if (req.url ~ "^/(media|js|skin)/.*\.(png|jpg|jpeg|gif|css|js|swf|ico)$") { unset req.http.Https; unset req.http.Cookie; } # not cacheable by default if (req.http.Authorization || req.http.Https) { return (pass); } # do not cache any page from # - index files # - ... if (req.url ~ "^/(index)") { return (pass); } # as soon as we have a NO_CACHE cookie pass request if (req.http.cookie ~ "NO_CACHE=") { return (pass); } # normalize Aceept-Encoding header # http://varnish.projects.linpro.no/wiki/FAQ/Compression if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") { # No point in compressing these remove req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") { set req.http.Accept-Encoding = "deflate"; } else { # unkown algorithm remove req.http.Accept-Encoding; } } # remove Google gclid parameters set req.url = regsuball(req.url,"\?gclid=[^&]+$",""); # strips when QS = "?gclid=AAA" set req.url = regsuball(req.url,"\?gclid=[^&]+&","?"); # strips when QS = "?gclid=AAA&foo=bar" set req.url = regsuball(req.url,"&gclid=[^&]+",""); # strips when QS = "?foo=bar&gclid=AAA" or QS = "?foo=bar&gclid=AAA&bar=baz" return (lookup);} sub vcl_hash { hash_data(req.url); if (req.http.host) { hash_data(req.http.host); } else { hash_data(server.ip); } if (!(req.url ~ "^/(media|js|skin)/.*\.(png|jpg|jpeg|gif|css|js|swf|ico)$")) { call design_exception; } return (hash);} sub vcl_fetch { if (beresp.status == 500) { set beresp.saintmode = 10s; return (restart); } set beresp.grace = 5m; # add ban-lurker tags to object set beresp.http.X-Purge-URL = req.url; set beresp.http.X-Purge-Host = req.http.host; if (beresp.status == 200 || beresp.status == 301 || beresp.status == 404) { if (beresp.http.Content-Type ~ "text/html" || beresp.http.Content-Type ~ "text/xml") { if ((beresp.http.Set-Cookie ~ "NO_CACHE=") || (beresp.ttl < 1s)) { set beresp.ttl = 0s; return (hit_for_pass); } # marker for vcl_deliver to reset Age: set beresp.http.magicmarker = "1"; # Don't cache cookies unset beresp.http.set-cookie; } else { # set default TTL value for static content set beresp.ttl = 4h; } return (deliver); } return (hit_for_pass);} sub vcl_deliver { # debug info if (resp.http.X-Cache-Debug) { if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; set resp.http.X-Cache-Hits = obj.hits; } else { set resp.http.X-Cache = "MISS"; } set resp.http.X-Cache-Expires = resp.http.Expires; } else { # remove Varnish/proxy header # remove resp.http.X-Varnish; remove resp.http.Via; remove resp.http.Age; remove resp.http.X-Purge-URL; remove resp.http.X-Purge-Host; } if (resp.http.magicmarker) { # Remove the magic marker unset resp.http.magicmarker; set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"; set resp.http.Pragma = "no-cache"; set resp.http.Expires = "Mon, 31 Mar 2008 10:00:00 GMT"; set resp.http.Age = "0"; }} sub design_exception {}
remove req.http.X-Forwarded-Proto;
set req.http.X-Forwarded-Proto = "https";
set req.http.X-Forwarded-Port = "443";
0 0
- Varnish and nginx setup
- Varnish+Nginx 配置----Varnish
- A Django setup using Nginx and Gunicorn
- How to log the correct Ip having Varnish and Nginx
- Varnish+Nginx 配置----Nginx
- nginx学习,varnish学习
- Setup NGINX, PHP-FPM, and MariaDB on Debian 8
- Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver,Yaws and Boa log escape sequence injection
- Nginx 反向代理+Varnish 技术
- Nginx 反向代理+Varnish 技术
- squid+nginx+varnish资料整理
- server config(nginx apache varnish)
- php 与varnish nginx分离
- Nginx 反向代理+Varnish 技术
- Varnish+Nginx搭建缓存服务器
- varnish/squid/nginx cache比较
- varnish + nginx搭建初试验
- Nginx Setup CentOS-6.3
- 解决SYS本地登录或远程登录引起ORA-01031错误方法
- 每天一个linux命令(1):ls命令
- How To Support Old iOS SDK’s in Xcode 5
- 第一次安装bugfree
- Android listview与adapter用法
- Varnish and nginx setup
- Oracle数据库REMOTE_LOGIN_PASSWORDFILE参数的设置
- [RabbitMQ+Python入门经典] 兔子和兔子窝
- Thinking in Java 接口
- LLVM--如何在代码中调用遍(Pass)
- Android VNC Server
- 1021:恶搞指数 分form sdjzuacm
- cocos2d-x在android下添加插屏广告 (转)
- linux怎么运行.SH文件