Nginx 反向代理+Varnish 技术

 一、Nginx 反向代理

1、安装条件：

Nginx: http://sysoev.ru/nginx/nginx-0.6.32.tar.gz

SSL: http://www.openssl.org/source/openssl-0.9.8g.tar.gz

Pcre:ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz

Zlib:http://www.zlib.net/zlib-1.2.3.tar.gz

2、安装：

lSsl安装：

[root@RedhatAS4U4-Oracleoracle]# tar -zxvf openssl-0.9.8g.tar.gz

[root@RedhatAS4U4-Oracleoracle]# cd openssl-0.9.8g

[root@RedhatAS4U4-Oracleopenssl-0.9.8g]#./config --prefix=/usr/local/openssl/

[root@RedhatAS4U4-Oracleopenssl-0.9.8g]# make

[root@RedhatAS4U4-Oracleopenssl-0.9.8g]# make install

lPcre 安装：

[root@RedhatAS4U4-Oracleoracle]# tar -zxvf pcre-7.7.tar.gz

[root@RedhatAS4U4-Oracleoracle]# cd pcre-7.7

[root@RedhatAS4U4-Oraclepcre-7.7]# ./configure --prefix=/usr/local/pcre

[root@RedhatAS4U4-Oraclepcre-7.7]# make

[root@RedhatAS4U4-Oraclepcre-7.7]# make install

Make 时报错：

libtool: ignoring unknown tagCXX

libtool: unrecognized option`-DHAVE_CONFIG_H'

Try `libtool --help' for moreinformation.

make[1]: *** [pcrecpp.lo] Error1

make[1]: Leaving directory`/home/beijing/pcre-7.7'

make: *** [all] Error 2

原因：

pcre-7.7 configuration summary:

Install prefix .................. :/usr/local/pcre

C preprocessor .................. : gcc -E

C compiler ...................... : gcc

C++preprocessor ................ :

C++compiler .................... :

Linker .......................... :/usr/bin/ld

C preprocessor flags ............ :

C compiler flags ................ : -O2

C++ compiler flags .............. :

Linker flags .................... :

Extra libraries ................. :

没有装GCC C++包：

gcc-c++-3.4.6-8.i386.rpmlibstdc++-devel-3.4.6-8.i386.rpm

lZlib 安装：

[root@RedhatAS4U4-Oracleoracle]# tar -zxvf zlib-1.2.3.tar.gz

[root@RedhatAS4U4-Oracleoracle]# cd zlib-1.2.3

[root@RedhatAS4U4-Oraclezlib-1.2.3]#

[root@RedhatAS4U4-Oraclezlib-1.2.3]# make

[root@RedhatAS4U4-Oraclezlib-1.2.3]# make install

lNginx 安装：

[root@RedhatAS4U4-Oracleoracle]# tar -zxvf nginx-0.6.32.tar.gz

[root@RedhatAS4U4-Oracleoracle]# cd nginx-0.6.32

[root@RedhatAS4U4-Oraclenginx-0.6.32]# ./configure--prefix=/usr/local/nginx--with-http_ssl_module --with-pcre=/root/pcre-7.7 --with-zlib=/root/zlib-1.2.3--with-http_stub_status_module --with-http_realip_module--with-http_addition_module --with-http_sub_module --with-http_dav_module--with-http_flv_module --with-openssl=/root/openssl-0.9.8g

[root@RedhatAS4U4-Oraclenginx-0.6.32]# make

[root@RedhatAS4U4-Oraclenginx-0.6.32]# make install

3、配置：

[root@RedhatAS4U4-Oracleoracle]# cat /usr/local/nginx/conf/nginx.conf

usernobodynobody;

worker_processes30;

error_loglogs/error.log notice;

pidlogs/nginx.pid;

events {

useepoll;

worker_connections40960;

}

http {

includemime.types;

default_typeapplication/octet-stream;

log_format main'$remote_addr - $remote_user [$time_local] '

'"$request" $status $bytes_sent '

'"$http_referer""$http_user_agent" '

'"$gzip_ratio"';

keepalive_timeout150;

server_names_hash_bucket_size64;

upstream cache{

ip_hash;

server 10.167.26.166:8080;//varnish server 1

server 10.167.26.3;

}

server{

listen10.167.26.5:80;

server_namecacti.chinarenservice.com;

access_loglogs/cacti.wizardial.com.access.logmain;

location / {

proxy_passhttp://cache;

proxy_redirecthttp://cacti.chinarenservice.com/ /;

proxy_set_headerHost $host;

proxy_set_headerX-Real-IP $remote_addr;

proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;

proxy_set_headerX-Is-EDU0;

client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 10;
proxy_send_timeout 15;
proxy_read_timeout 15;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

}

}

server{

listen10.167.26.5:81;

server_name nginxstatus.chinarenservice.com10.167.26.5;

location /NginxStatus {

stub_statuson;

access_logoff;

allow210.22.7.147;

allow127.0.0.1;

denyall;

}

}

}

以上配置为nginx 做反向代理，监听10.167.26.5:80的IP，接收cacti.wizardial.com 的域名请求，转发到后端varnish缓存服务器

4、优化：

修改open files数

显示open files数

[root@RedhatAS4U4-Oracle oracle]# ulimit -a

core file size(blocks, -c) 0

data seg size(kbytes, -d) unlimited

file size(blocks, -f) unlimited

pendingsignals(-i) 1024

max lockedmemory(kbytes, -l) 32

max memorysize(kbytes, -m) unlimited

open files(-n) 1024

……

修改open files数

[root@RedhatAS4U4-Oracle oracle]# ulimit -n 8192

优化Linux内核参数

[root@RedhatAS4U4-Oracle oracle]# vi  /etc/sysctl.conf

在末尾增加以下内容：

net.ipv4.tcp_fin_timeout= 30

net.ipv4.tcp_keepalive_time= 300

net.ipv4.tcp_syncookies= 1

net.ipv4.tcp_tw_reuse= 1

net.ipv4.tcp_tw_recycle= 1

net.ipv4.ip_local_port_range= 500065000

使配置立即生效：

[root@RedhatAS4U4-Oracle oracle]# /sbin/sysctl -p

不停止Nginx服务的情况下平滑变更Nginx配置

[root@RedhatAS4U4-Oracle oracle]# kill -HUP `cat  /usr/local/nginx/logs/nginx.pid`

二、Varnish缓存

Varnish优点：
1、Varnish采用了“Visual Page Cache”技术，在内存的利用上，Varnish比Squid具有优势，它避免了Squid频繁在内存、磁盘中交换文件，性能要比Squid高。
2、Varnish的稳定性非常好

3、通过Varnish管理端口，可以使用正则表达式快速、批量地清除部分缓存，这一点是Squid不能具备的。

Varnish网站缓存加速器安装：
1、创建www用户和组，以及Varnish缓存文件存放目录（/var/InfiNET/cache）：

[root@RedhatAS4U4-Oracle oracle]# /usr/sbin/groupadd www -g 48
[root@RedhatAS4U4-Oracle oracle]#/usr/sbin/useradd -u 48 -gwww www
[root@RedhatAS4U4-Oracle oracle]#mkdir -p /var/InfiNET/cache
[root@RedhatAS4U4-Oracle oracle]#chmod +w /var/InfiNET/cache
[root@RedhatAS4U4-Oracle oracle]#chown -R www:www /var/InfiNET/cache

2、创建Varnish日志目录（/var/logs/）：

[root@RedhatAS4U4-Oracle oracle]# mkdir -p /usr/local/varnish/logs

[root@RedhatAS4U4-Oracle oracle]# chmod +w /usr/local/varnish/logs

[root@RedhatAS4U4-Oracle oracle]# chown -R www:www /usr/local/varnish/logs

3、编译安装varnish：

下载：

http://sourceforge.net/project/showfiles.php?group_id=155816&package_id=173643&release_id=563022

[root@RedhatAS4U4-Oracle oracle]# wget http://blog.s135.com/soft/linux/varnish/varnish-1.1.2.tar.gz
[root@RedhatAS4U4-Oracle oracle]#tar zxvf varnish-1.1.2.tar.gz
[root@RedhatAS4U4-Oracle oracle]#cd varnish-1.1.2
[root@RedhatAS4U4-Oracle oracle]#./configure--prefix=/usr/local/varnish
[root@RedhatAS4U4-Oracle oracle]#make && make install

./configure -enable-debugging-symbols-enable-developer-warnings -enable-dependency-tracking --prefix=/usr/local/varnish
注意,我在进行make步骤时,出现如下错误:
"varnishhist.c:35:20: error: curses.h: No such file or directory"
造成该问题的原因是因为系统中少了ncurses-devel包

4、创建Varnish配置文件：

[root@RedhatAS4U4-Oracle oracle]# vi /usr/local/varnish/vcl.conf

backend myblogserver {
      set backend.host = "10.167.26.3";
      set backend.port = "80";
}

acl purge {
      "localhost";
      "127.0.0.1";
      "10.167.0.0"/16;

"210.22.7.147"/32;
}

sub vcl_recv {
      if (req.request == "PURGE") {
              if (!client.ip ~ purge){
                     error 405 "Not allowed.";
              }
              lookup;
      }

      if (req.http.host ~ "^cacti.chinarenservice.com"){
              set req.backend = mymonitorserver;
              if (req.request !="GET" && req.request != "HEAD") {
                     pipe;
              }
              else {
                     lookup;
              }
      }
      else {
              error 404 "ZhangYan Cache Server";
              lookup;
      }
}

sub vcl_hit {
      if (req.request == "PURGE") {
              set obj.ttl = 0s;
              error 200"Purged.";
      }
}

sub vcl_miss {
      if (req.request == "PURGE") {
              error 404 "Not incache.";
      }
}

sub vcl_fetch {
      if (req.request == "GET" &&req.url ~ "\.(txt|js|gif|jpg||jpeg|tom|swf|css)$") {
              set obj.ttl = 3600s;
      }
      else {
              set obj.ttl = 30d;
      }
}

　　对以上配置文件解释一下：
(1)、Varnish通过反向代理请求后端IP为10.167.26.3，端口为80的apache服务器；
(2)、Varnish允许localhost、127.0.0.1、10.167.0.***源IP通过PURGE方法清除缓存；
(3)、Varnish对域名为cacti.chinarenservice.com的请求进行处理，非cacti.chinarenservice.com域名的请求则返回“freeke Cache Server”；
(4)、Varnish对HTTP协议中的GET、HEAD请求进行缓存，对POST请求透过，让其直接访问后端Web服务器。之所以这样配置，是因为POST请求一般是发送数据给服务器的，需要服务器接收、处理，所以不缓存；
(5)、Varnish对以.txt和.js等结尾的URL缓存时间设置1小时，对其他的URL缓存时间设置为30天。

5、启动Varnish

[root@RedhatAS4U4-Oracle oracle]# limit -SHn 51200

[root@RedhatAS4U4-Oracle oracle]# /usr/local/varnish/sbin/varnishd -n/var/InfiNET/cache -f /usr/local/varnish/vcl.conf -a 0.0.0.0:80-s file,/var/InfiNET/cache/varnish_cache.data,1G -g www -u www -w 30000,51200,10 -T 127.0.0.1:3500-p client_http11=on

6、启动varnishncsa用来将Varnish访问日志写入日志文件：

[root@RedhatAS4U4-Oracle oracle]# /usr/local/varnish/bin/varnishncsa -n/var/InfiNET/cache -w /usr/local/varnish/logs/varnish.log &

7、配置开机自动启动Varnish

[root@RedhatAS4U4-Oracle oracle]# vi /etc/rc.local

ulimit -SHn 51200

/usr/local/varnish/sbin/varnishd -n /var/InfiNET/cache -f/usr/local/varnish/vcl.conf -a 0.0.0.0:80 -sfile,/var/InfiNET/cache/varnish_cache.data,1G-g www -u www -w 30000,51200,10 -T 127.0.0.1:3500 -p client_http11=on

/usr/local/varnish/bin/varnishncsa -n/var/InfiNET/cache -w /usr/local/varnish/logs/varnish.log &

FAQ:

1、配置 泛域名 的主机

很多二级域名，比如xx.chinarenservice.com    ，一个一个加好麻烦。。。squid 或者nginx 都支持 .chinarenservice.com 的

if (req.http.host ~ "^www.chinarenservice.com"){
改成
if (req.http.host ~ ".chinarenservice.com") {

2、附varnish多站点配置

backend www {

set backend.host = "www.chinarenservice.com";

set backend.port = "80";

}

backend blog {

set backend.host = "blog.chinarenservice.com";

set backend.port = "80";

}

backend image {

set backend.host = "image.chinarenservice.com";

set backend.port = "80";

}

sub vcl_recv {

if (req.http.host ~ "^(www.)?chinarenservice.com$") {

set req.http.host = "www.chinarenservice.com";

set req.backend = www;

} elsif (req.http.host ~ "^blog.chinarenservice.com$") {

set req.backend = blog;

} elsif (req.http.host ~ "^image.chinarenservice.com$") {

set req.backend = image;

} else {

error 404 "Unknown host";

}