后端服务器健康检查 # vim /etc/varnish/health_check.vcl probe backend_healthcheck { .interval = 5s; .timeout = 3s; .window = 10; .threshold = 8; .request = "GET /favicon.ico HTTP/1.1" "Host: v5.ele.me" "Connection: close" "Accept-Encoding: foo/bar"; } #后端服务器地址池配置 vim /etc/varnish/backends.vcl import directors; include "health_check.vcl"; ## 实体机(restapi、v5、r、m) backend 102_app_07 { .host = "10.11.11.145"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##102_app_07 backend 102_app_08 { .host = "10.10.11.146"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##102_app_08 backend 102_app_09 { .host = "10.10.11.147"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##102_app_09 backend 102_app_10 { .host = "10.10.11.148"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##102_app_10 backend 110_app_01 { .host = "10.10.11.41"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##110_app_01 backend 110_app_02 { .host = "10.10.11.42"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##110_app_02 backend 110_app_03 { .host = "10.10.11.43"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##110_app_03 backend 110_app_04 { .host = "10.10.11.44"; .port = "80"; .first_byte_timeout = 9s; .connect_timeout = 3s; .between_bytes_timeout = 1s; .probe = backend_healthcheck; } ##110_app_04 ## 负载均衡池 sub vcl_init { new web = directors.random(); ## 实体机 web.add_backend(102_app_07, 4); web.add_backend(102_app_08, 4); web.add_backend(102_app_09, 4); web.add_backend(102_app_10, 4); web.add_backend(110_app_01, 4); web.add_backend(110_app_02, 4); web.add_backend(110_app_03, 4); web.add_backend(110_app_04, 4); } 缓存规则主配置 # vim /etc/varnish/default.vcl vcl 4.0; import std; include "backends.vcl"; acl allow_purge_cache { "127.0.0.1"; "10.0.0.0"/8; "172.0.0.0"/8; } sub vcl_recv { if (req.method == "PURGE") { if (!client.ip ~ allow_purge_cache) { return (synth(405, "Not Allowed.")); } return (purge); } set req.backend_hint = web.backend(); if (req.url ~ "\.(php|asp|aspx|jsp|do|ashx|shtml)($|\?)") { return (pass); } if (req.url ~ "\.(css|js|html|htm|bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)($|\?)") { unset req.http.cookie; return (hash); } if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } if (req.http.Cache-Control ~ "(?i)no-cache") { if (!(req.http.Via || req.http.User-Agent ~ "(?i)bot" || req.http.X-Purge)) { return (purge); } } if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "PATCH" && req.method != "DELETE") { return (pipe); } if (req.method != "GET" && req.method != "HEAD") { return (pass); } if (req.http.Authorization) { return (pass); } if (req.http.Accept-Encoding) { if (req.url ~ "\.(bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)$") { unset req.http.Accept-Encoding; } elseif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elseif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { unset req.http.Accept-Encoding; } } if (req.http.Upgrade ~ "(?i)websocket") { return (pipe); } if (!std.healthy(req.backend_hint)) { unset req.http.Cookie; } if (req.http.x-pipe && req.restarts > 0) { unset req.http.x-pipe; return (pipe); } return (hash); } sub vcl_pipe { if (req.http.upgrade) { set bereq.http.upgrade = req.http.upgrade; } return (pipe); } sub vcl_pass { if (req.method == "PURGE") { return (synth(502, "PURGE on a passed object.")); } } sub vcl_hash { hash_data(req.url); if (req.http.host) { hash_data(req.http.host); } else { hash_data(server.ip); } if (req.http.Cookie) { hash_data(req.http.Cookie); } if (req.http.Accept-Encoding ~ "gzip") { hash_data("gzip"); } elseif (req.http.Accept-Encoding ~ "deflate") { hash_data("deflate"); } } sub vcl_hit { if (req.method == "PURGE") { return (synth(200, "Purged.")); } if (obj.ttl >= 0s) { return (deliver); } if (std.healthy(req.backend_hint)) { if (obj.ttl + 10s > 0s) { return (deliver); } else { return(fetch); } } else { if (obj.ttl + obj.grace > 0s) { return (deliver); } else { return (fetch); } } return (deliver); } sub vcl_miss { if (req.method == "PURGE") { return (synth(404, "Purged.")); } return (fetch); } sub vcl_backend_response { set beresp.grace = 5m; set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*s-maxage=([0-9]+).*", "\1") + "s", 0s); if (beresp.ttl > 0s) { unset beresp.http.Set-Cookie; } if (beresp.http.Set-Cookie) { set beresp.uncacheable = true; return (deliver); } if (beresp.http.Cache-Control && beresp.ttl > 0s) { set beresp.grace = 1m; unset beresp.http.Set-Cookie; } if (beresp.http.Content-Length ~ "[0-9]{8,}") { set bereq.http.x-pipe = "1"; return (retry); } if (bereq.url ~ "\.(php|asp|aspx|jsp|do|ashx|shtml)($|\?)") { set beresp.uncacheable = true; return (deliver); } if (bereq.url ~ "\.(css|js|html|htm|bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)($|\?)") { unset beresp.http.set-cookie; } if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|gz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") { unset beresp.http.set-cookie; set beresp.do_stream = true; set beresp.do_gzip = false; } if ((!beresp.http.Cache-Control && !beresp.http.Expires) || beresp.http.Pragma ~ "no-cache" || beresp.http.Cache-Control ~ "(no-cache|no-store|private)") { set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } if (bereq.url ~ "\.(css|js|html|htm|bmp|png|gif|jpg|jpeg|ico)($|\?)") { set beresp.ttl = 15m; } elseif (bereq.url ~ "\.(gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)($|\?)") { set beresp.ttl = 30m; } else { set beresp.ttl = 10m; } return (deliver); } sub vcl_purge { if (req.method != "PURGE") { set req.http.X-Purge = "Yes"; return (restart); } } sub vcl_deliver { if (obj.hits > 0) { set resp.http.X-Cache = "HIT from " + req.http.host; set resp.http.X-Cache-Hits = obj.hits; } else { set resp.http.X-Cache = "MISS from " + req.http.host; } unset resp.http.X-Powered-By; unset resp.http.Server; unset resp.http.Via; unset resp.http.X-Varnish; unset resp.http.Age; } sub vcl_backend_error { if (beresp.status == 500 || beresp.status == 501 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) { return (retry); } } sub vcl_fini { return (ok); } 启动参数配置 # vim /etc/sysconfig/varnish NFILES=131072 MEMLOCK=25165824 NPROCS="unlimited" RELOAD_VCL=1 VARNISH_VCL_CONF=/etc/varnish/default.vcl VARNISH_LISTEN_ADDRESS=0.0.0.0 VARNISH_LISTEN_PORT=6081 VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 VARNISH_ADMIN_LISTEN_PORT=6082 VARNISH_SECRET_FILE=/etc/varnish/secret VARNISH_MIN_THREADS=240 VARNISH_MAX_THREADS=4800 VARNISH_THREAD_TIMEOUT=120 VARNISH_STORAGE_SIZE=24G VARNISH_STORAGE="malloc,${VARNISH_STORAGE_SIZE}" VARNISH_TTL=120 DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} -f ${VARNISH_VCL_CONF} -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} -t ${VARNISH_TTL} -p thread_pools=24 -p thread_pool_min=${VARNISH_MIN_THREADS} -p thread_pool_max=${VARNISH_MAX_THREADS} -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} -u varnish -g varnish -S ${VARNISH_SECRET_FILE} -s ${VARNISH_STORAGE} -p timeout_idle=60 -p timeout_linger=1 -p http_resp_hdr_len=16k -p http_max_hdr=256 -p http_req_hdr_len=16k -p lru_interval=120 -p listen_depth=8192 启动脚本调整 # vim /etc/init.d/varnish 由 exec="/usr/sbin/varnishd" 修改为 exec="/usr/bin/numactl --interleave all /usr/sbin/varnishd"
原文地址:http://rickyhui.blog.51cto.com/10570875/1680758