黑帽联盟
标题:
用varnish缓存discuz相关静态资源
[打印本页]
作者:
定位
时间:
2019-10-8 20:01
标题:
用varnish缓存discuz相关静态资源
haproxy+varnish(缓存相关静态内容)+(nginx+php 两台主机,处理动态请求)+(nginx 1台主机,处理静态请求)+mysql(1台mysql)+nfs(一台共享存)
varnish
子程序调用流程图,通过大部分子程序的return返回值进入下一步行动:
2019-10-8 20:00 上传
下载附件
(84.04 KB)
官方的图示:
2019-10-8 20:48 上传
下载附件
(130.5 KB)
相关文章:
haproxy实现discuz论坛的动静分离和负载均衡
继上面链接之后,我们继续配置varnish,用varnish来缓存静态资源,这里我使用的是varnish4.0
varnish主机ip:192.168.1.108
default.vcl内容如下:
vcl 4.0;
import directors;
import std;
backend web_app_01 {
.host = "192.168.1.114";
.port = "80";
.first_byte_timeout = 9s;
.connect_timeout = 3s;
.between_bytes_timeout = 1s;
}
acl purgers {
"127.0.0.1";
"localhost";
"192.168.1.0/24";
}
sub vcl_init {
new web = directors.round_robin();
web.add_backend(web_app_01);
}
sub vcl_recv {
set req.backend_hint = web.backend();
if (req.method == "PURGE") {
if (!client.ip ~ purgers) {
return (synth(405, "NotAllowed."));
}
return (purge);
}
if (req.method != "GET"&&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE"&&
req.method != "OPTIONS"&&
req.method != "PATCH"&&
req.method != "DELETE") {
return (pipe);
}
if (req.method != "GET"&& req.method != "HEAD") {
return (pass);
}
if (req.url ~"\.(php|asp|aspx|jsp|do|ashx|shtml)($|\?)") {
return (pass);
}
if (req.http.Authorization) {
return (pass);
}
if (req.http.Accept-Encoding) {
if (req.url ~"\.(bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)[ DISCUZ_CODE_0 ]quot;){
unset req.http.Accept-Encoding;
} elseif (req.http.Accept-Encoding ~"gzip") {
set req.http.Accept-Encoding ="gzip";
} elseif (req.http.Accept-Encoding ~"deflate") {
set req.http.Accept-Encoding ="deflate";
} else {
unset req.http.Accept-Encoding;
}
}
if (req.url ~"\.(css|js|html|htm|bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)($|\?)"){
unset req.http.cookie;
return (hash);
}
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For =req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For =client.ip;
}
}
return (hash);
}
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (lookup);
}
sub vcl_hit {
if (req.method == "PURGE") {
return (synth(200,"Purged."));
}
return (deliver);
}
sub vcl_miss {
if (req.method == "PURGE") {
return (synth(404,"Purged."));
}
return (fetch);
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache ="HIT";
set resp.http.X-Cache-Hits = obj.hits;
} else {
set resp.http.X-Cache ="MISS";
}
unset resp.http.X-Powered-By;
unset resp.http.Server;
unset resp.http.X-Drupal-Cache;
unset resp.http.Via;
unset resp.http.Link;
unset resp.http.X-Varnish;
set resp.http.xx_restarts_count =req.restarts;
set resp.http.xx_Age = resp.http.Age;
set resp.http.hit_count = obj.hits;
unset resp.http.Age;
return (deliver);
}
sub vcl_pass {
return (fetch);
}
sub vcl_backend_response {
set beresp.grace = 5m;
if (beresp.status == 499 || beresp.status== 404 || beresp.status == 502) {
set beresp.uncacheable = true;
}
if (bereq.url ~"\.(php|jsp)(\?|$)") {
set beresp.uncacheable = true;
} else {
if (bereq.url ~ "\.(css|js|html|htm|bmp|png|gif|jpg|jpeg|ico)($|\?)"){
set beresp.ttl = 15m;
unset beresp.http.Set-Cookie;
} elseif (bereq.url ~"\.(gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)($|\?)") {
set beresp.ttl = 30m;
unset beresp.http.Set-Cookie;
} else {
set beresp.ttl = 10m;
unset beresp.http.Set-Cookie;
}
}
return (deliver);
}
sub vcl_purge {
return(synth(200,"success"));
}
sub vcl_backend_error {
if (beresp.status == 500 ||
beresp.status == 501 ||
beresp.status == 502 ||
beresp.status == 503 ||
beresp.status == 504) {
return (retry);
}
}
sub vcl_fini {
return (ok);
}
复制代码
修改HAproxy的配置文件,把静态资源的调度IP改为varnish:
#---------------------------------------------------------------------
global #全局配置
log 127.0.0.1 local2 #日志纪录位置
chroot /var/lib/haproxy #haproxy的工作目录
pidfile /var/run/haproxy.pid #pid文件位置
maxconn 4000 #最大连接数
user haproxy #运行时使用的用户身份
group haproxy #运行时使用的组身份
daemon #启动为守护进程,不加此处运行在前台
stats socket /var/lib/haproxy/stats #本地访问stats统计信息时以套接字方式通信
defaults #默认配置
mode http #已http模式运行
log global #默认日志为全局配置中日志的设置
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8 #除本机外所有发往服务器的请求首部中加入“X-Forwarded-For”首部
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000 #前端最大并发连接数
listen static #设置统计报告页面
bind *:9000 #监听在本机9000端口
stats enable #打开
stats hide-version #隐藏haproxy版本
stats uri /hadzadmin?stats #统计页面路径
stats realm "HAProxy/ Static" #打开统计页面的认证功能
stats auth hasts:123 #进入统计页面所使用的账号hasts和密码123
stats admin if TRUE #条件满足时进入管理级别
frontend dz #前端设置
bind *:80 #监听在80端口
acl url_static path_beg -i /data /static /images /javascript /stylesheets #url开头为这些的静态内容
acl url_static path_end -i .jpg .gif .png .css .js .html .ico #url结尾带为这些的静态内容
use_backend staser if url_static #如果静态内容符合url_static的条件,就调度到staser中的服务器
default_backend dyser #其他默认调度到dyser中的服务器
backend dyser #后端动态内容服务器设置
cookie srv insert nocache #在cookie中插入srv字串防止登录信息丢失
balance roundrobin #调度算法为轮询
server cs3 192.168.1.113:80 check
server cs4 192.168.1.115:80 check
rspadd X-Via:dynamic
backend staser #后端静态内容服务器设置
balance roundrobin
server cs1 <font color="#ff0000">192.168.1.108</font>:80 check
rspadd X-Via:static
复制代码
最后访问192.168.1.107测试一下:(经多次ctrl+F5强制刷新)
2019-10-8 19:55 上传
下载附件
(128 KB)
可以看到已命中缓存,并且
X-Via:static
动态内容被转发到对应的机器上
2019-10-8 19:57 上传
下载附件
(128.13 KB)
可以看到X-Via:dynamic,说明内容来自动态内容主机
相关参照:https://blog.51cto.com/zpf666/1924816
欢迎光临 黑帽联盟 (https://bbs.cnblackhat.com/)
Powered by Discuz! X2.5