一、Varnish介绍
1、varnish
Varnish是一款高性能、开源的缓存反向代理服务器。它从客户端接受请求,并尝试从缓存中响应请求,如果无法从缓存中提供响应,Varnish向后端服务器发起请求,获取响应,将响应存储在缓存中,然后把响应发送给客户端。
2、varnish架构图
从架构来看并不复杂,varnish充当了客户端和WEB服务器直接的桥梁,客户端可以访问varnish获取WEB内容,varnish缓存web服务器的相关数据,发送给客户端使用,如果客户端请求数据不在缓存服务器当中,varnish则会向后端服务器发送请求,把相应结果发送给客户端。
如果Varnish能够从Cache中响应一个请求,所消耗的时间是微秒级别的,这个响应速度比直接从HTTP服务器响应请求的速度要快两个数量级,缓存命中率越高,网站的访问速度就越快。
二、环境准备
1、实验拓扑
2、 设备说明
操作系统 | IP地址 | 说明 |
centos1 | 172.16.10.1/24 | Varnish缓存服务器(访问外网) |
centos2 | 172.16.10.2/24 | 后端服务器1(内网主机1) |
centos3 | 172.16.10.3/24 | 后端服务器2(内网主机2) |
centos4 | 172.16.10.4/24 | 后端服务器3(内网主机3) |
三、Varnish端口配置
1、 安装软件包
[root@fronted ~]# yum -y install varnish
2、 开启服务
[root@fronted ~]# systemctl enable varnish --now
3、 查看服务运行状态
[root@fronted ~]# systemctl status varnish
● varnish.service - Varnish Cache, a high-performance HTTP accelerator
Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-02-03 13:33:56 CST; 3s ago
Process: 13241 ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m (code=exited, status=0/SUCCESS)
Main PID: 13242 (varnishd)
Tasks: 217
Memory: 94.4M
CGroup: /system.slice/varnish.service
├─13242 /usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m
└─13252 /usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m
Feb 03 13:33:56 fronted varnishd[13241]: Warnings:
Feb 03 13:33:56 fronted varnishd[13241]: VCL compiled.
Feb 03 13:33:56 fronted varnishd[13241]: Debug: Version: varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a
Feb 03 13:33:56 fronted varnishd[13242]: Version: varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a
Feb 03 13:33:56 fronted varnishd[13242]: Platform: Linux,4.18.0-269.el8.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit
Feb 03 13:33:56 fronted varnishd[13241]: Debug: Platform: Linux,4.18.0-269.el8.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit
Feb 03 13:33:56 fronted varnishd[13241]: Debug: Child (13252) Started
Feb 03 13:33:56 fronted varnishd[13242]: Child (13252) Started
Feb 03 13:33:56 fronted varnishd[13242]: Child (13252) said Child starts
Feb 03 13:33:56 fronted systemd[1]: Started Varnish Cache, a high-performance HTTP accelerator.
4、 查看配置文件
[root@fronted ~]# cat /usr/lib/systemd/system/varnish.service
[Unit]
Description=Varnish Cache, a high-performance HTTP accelerator
After=network-online.target
[Service]
Type=forking
KillMode=process
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072
# Locked shared memory - should suffice to lock the shared memory log
# (varnishd -l argument)
# Default log size is 80MB vsl + 1M vsm + header -> 82MB
# unit is bytes
LimitMEMLOCK=85983232
# Enable this to avoid "fork failed" on reload.
TasksMax=infinity
# Maximum size of the corefile.
LimitCORE=infinity
ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m
ExecReload=/usr/sbin/varnishreload
[Install]
WantedBy=multi-user.target
5、 添加额外新配置
[root@fronted ~]# mkdir /etc/systemd/system/varnish.service.d
[root@fronted ~]# cat > /etc/systemd/system/varnish.service.d/httpport.conf <<END
[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m
END
6、 重新加载systemctl
[root@fronted ~]# systemctl daemon-reload
7、重启服务&查看状态
[root@fronted ~]# systemctl restart varnish
[root@fronted ~]# systemctl status varnish
● varnish.service - Varnish Cache, a high-performance HTTP accelerator
Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/varnish.service.d
└─httpport.conf
Active: active (running) since Fri 2023-02-03 14:26:02 CST; 7s ago
Process: 15546 ExecStart=/usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m (code=exited, status=0/SUCCESS)
Main PID: 15547 (varnishd)
Tasks: 217
Memory: 94.2M
CGroup: /system.slice/varnish.service
├─15547 /usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m
└─15560 /usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m
Feb 03 14:26:02 fronted varnishd[15546]: Warnings:
Feb 03 14:26:02 fronted varnishd[15546]: VCL compiled.
Feb 03 14:26:02 fronted varnishd[15546]: Debug: Version: varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a
Feb 03 14:26:02 fronted varnishd[15546]: Debug: Platform: Linux,4.18.0-269.el8.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit
Feb 03 14:26:02 fronted varnishd[15547]: Version: varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a
Feb 03 14:26:02 fronted varnishd[15547]: Platform: Linux,4.18.0-269.el8.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit
Feb 03 14:26:02 fronted varnishd[15546]: Debug: Child (15560) Started
Feb 03 14:26:02 fronted varnishd[15547]: Child (15560) Started
Feb 03 14:26:02 fronted varnishd[15547]: Child (15560) said Child starts
Feb 03 14:26:02 fronted systemd[1]: Started Varnish Cache, a high-performance HTTP accelerator.
8、放行防火墙
[root@fronted ~]# firewall-cmd --add-service=http --permanent
[root@fronted ~]# firewall-cmd --reload
9、设置selinux
[root@fronted ~]# semanage port -l | grep -w -e varnishd_port_t -e http_cache_port_t -e http_port_t | grep tcp
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
varnishd_port_t tcp 6081-6082
# 放行所有varnish流量
[root@fronted ~]# setsebool -P varnishd_connect_any on
四、局域网安装软件
1、 下载软件包
例如:下载httpd软件
[root@fronted ~]# yum -y --downloadonly install httpd
2、复制文件
[root@fronted ~]# mkdir httpd
[root@fronted ~]# find /var/ -name "*.rpm" -exec cp -a {} /root/httpd/ \;
3、将文件发送至局域网主机
[root@fronted ~]# scp -r /root/httpd/ 172.16.10.1:~/.
4、 进入局域网主机,安装软件
[root@fronted ~]# ssh 172.16.10.2
[root@backend-web1 ~]# cd httpd/
[root@backend-web1 ~/httpd]# rpm -vih * --force --nodeps
5、 开启软件&查看运行状态
[root@backend-web1 ~]# systemctl enable httpd --now
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@backend-web1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-02-03 15:30:30 CST; 3s ago
Docs: man:httpd.service(8)
Main PID: 8470 (httpd)
Status: "Started, listening on: port 80"
Tasks: 213 (limit: 23656)
Memory: 38.3M
CGroup: /system.slice/httpd.service
├─8470 /usr/sbin/httpd -DFOREGROUND
├─8471 /usr/sbin/httpd -DFOREGROUND
├─8472 /usr/sbin/httpd -DFOREGROUND
├─8502 /usr/sbin/httpd -DFOREGROUND
└─8534 /usr/sbin/httpd -DFOREGROUND
Feb 03 15:30:29 backend-web1 systemd[1]: Starting The Apache HTTP Server...
Feb 03 15:30:30 backend-web1 httpd[8470]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::9b81:f>
Feb 03 15:30:30 backend-web1 systemd[1]: Started The Apache HTTP Server.
Feb 03 15:30:30 backend-web1 httpd[8470]: Server configured, listening on: port 80
6、修改WEB监听端口
[root@backend-web1 ~]# cat /etc/httpd/conf/httpd.conf | grep ^Listen
Listen 8080
7、放行防火墙
[root@backend-web1 ~]# firewall-cmd --add-port=8080/tcp --permanent
[root@backend-web1 ~]# firewall-cmd --reload
8、varnish缓存服务器配置
[root@fronted ~]# cat /etc/varnish/default.vcl | grep -e .host* -e .port*
.host = "172.16.10.2";
.port = "8080";
9、重启varnish缓存服务器
[root@fronted ~]# systemctl restart varnish
[root@fronted ~]# systemctl status varnish
● varnish.service - Varnish Cache, a high-performance HTTP accelerator
Loaded: loaded (/usr/lib/systemd/system/varnish.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/varnish.service.d
└─httpport.conf
Active: active (running) since Sat 2023-02-04 11:31:39 CST; 3s ago
Process: 3828 ExecStart=/usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m (code=exited, status=0/SUCCESS)
Main PID: 3829 (varnishd)
Tasks: 217
Memory: 94.3M
CGroup: /system.slice/varnish.service
├─3829 /usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m
└─3839 /usr/sbin/varnishd -a :80 -f /etc/varnish/default.vcl -s malloc,256m
Feb 04 11:31:39 fronted varnishd[3828]: Warnings:
Feb 04 11:31:39 fronted varnishd[3828]: VCL compiled.
Feb 04 11:31:39 fronted varnishd[3828]: Debug: Version: varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a
Feb 04 11:31:39 fronted varnishd[3828]: Debug: Platform: Linux,4.18.0-269.el8.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit
Feb 04 11:31:39 fronted varnishd[3829]: Version: varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a
Feb 04 11:31:39 fronted varnishd[3829]: Platform: Linux,4.18.0-269.el8.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit
Feb 04 11:31:39 fronted varnishd[3828]: Debug: Child (3839) Started
Feb 04 11:31:39 fronted varnishd[3829]: Child (3839) Started
Feb 04 11:31:39 fronted varnishd[3829]: Child (3839) said Child starts
Feb 04 11:31:39 fronted systemd[1]: Started Varnish Cache, a high-performance HTTP accelerator.
五、 varnish操作
varnishadm进入控制台可以使用一些命令操作缓存内容
ban '表达式' 或者外部varnishadm "ban 'XX'"
命令 | 说明 |
ban req.url == /XXX | 清除指定缓存 |
ban req.url ~ .* | 清除所有缓存 |
param.show default_ttl | 查看TTL值 |
param.set default_ttl 43200 | 设置TTl值 |
vcl.show boot | 查看当前配置文件 |
1、varnishadm命令行方式
[root@fronted ~]# varnishadm
200
-----------------------------
Varnish Cache CLI 1.0
-----------------------------
Linux,4.18.0-269.el8.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit
varnish-6.0.8 revision 97e54ada6ac578af332e52b44d2038bb4fa4cd4a
Type 'help' for command list.
Type 'quit' to close CLI session.
# 清除缓存index.html
varnish> ban req.url == /index.html
varnish> ban req.url ~ .*
# 显示默认ttl值
varnish> param.show default_ttl
200
default_ttl
Value is: 120.000 [seconds] (default)
Minimum is: 0.000
The TTL assigned to objects if neither the backend nor the VCL
code assigns one.
NB: This parameter is evaluated only when objects are created.
To change it for all objects, restart or ban everything.
# 设置ttl值
varnish> param.set default_ttl 43200
200
varnish> param.show default_ttl
200
default_ttl
Value is: 43200.000 [seconds]
Default is: 120.000
Minimum is: 0.000
The TTL assigned to objects if neither the backend nor the VCL
code assigns one.
NB: This parameter is evaluated only when objects are created.
To change it for all objects, restart or ban everything.
varnish> vcl.show boot
200
#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples.
# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
# Default backend definition. Set this to point to your content server.
backend default {
# .host = "127.0.0.1";
.host = "172.16.10.2";
.port = "8080";
}
sub vcl_recv {
# Happens before we check if we have this in cache already.
#
# Typically you clean up the request here, removing cookies you don't need,
# rewriting the request, etc.
}
sub vcl_backend_response {
# Happens after we have read the response headers from the backend.
#
# Here you clean the response headers, removing silly Set-Cookie headers
# and other mistakes your backend does.
}
sub vcl_deliver {
# Happens when we have all the pieces we need, and are about to send the
# response to the client.
#
# You can do accounting or modifying the final object here.
}
2、外部命令方式
# 清除缓存
[root@fronted ~]# varnishadm 'ban req.url == /index.html'
# 显示TTL
[root@fronted ~]# varnishadm 'param.show default_ttl'
# 设置TTL
[root@fronted ~]# 'param.set default_ttl 43200'
# 查看当前配置
[root@fronted ~]# 'vcl.show boot'
六、测试
1、在linux终端测测试
# 测试web后端8080是否能访问
[root@fronted ~]# curl 172.16.10.2:8080
mmx_good
# 测试本地80端口是否能访问
[root@fronted ~]# curl localhost
mmx_good
2、在浏览器上测试
