#!/bin/bash
# BY kerryhu
# MAIL:[email protected]
# BLOG:http://kerry.blog.51cto.com
# Please manual operation yum of before Operation.....
#============================ 更新系統時間 ============================
yum install -y ntp
ntpdate time.nist.gov
echo "00 01 * * * ntpdate time.nist.gov" >> /etc/crontab
#============================ Varnish安裝 =============================
如果是RedHat/CentOS系統,在安裝varnish的時候首先要安裝以下軟體包
automake
autoconf
libtool
ncurses-devel
libxslt
groff
pcre-devel
pkgconfig
groupadd www
useradd www -g www -s /sbin/nologin
mkdir -p /data/varnish/{cache,logs}
chmod +w /data/varnish/{cache,logs}
chown -R www:www /data/varnish/{cache,logs}
cd /opt
yum install -y automake autoconf libtool ncurses-devel libxslt groff pcre-devel pkgconfig
wget http://sourceforge.net/projects/varnish/files/varnish/2.1.3/varnish-2.1.3.tar.gz/download
tar -zxvf varnish-2.1.3.tar.gz
cd varnish-2.1.3
./configure --prefix=/usr/local/varnish
make;make install
#============================ varnish配置 ===========================
vi /usr/local/varnish/etc/varnish/kerry.vcl
backend kerry { #定義後端伺服器名
.host = "192.168.9.203"; #定義後端伺服器IP
.port = "80"; #定義後端伺服器端口
}
backend king {
.host = "192.168.9.204";
.port = "80";
#定義通路控制清單,充許那些IP清除varnish 緩存
acl local {
"localhost";
"127.0.0.1";
#判斷host請求針對那個後端伺服器
sub vcl_recv {
if (req.http.host ~ "^(www.)?kerry.com$") { #泛域名的寫法"^(.*.)?kerry.com$"
set req.backend = kerry;
}
elsif (req.http.host ~ "^(www.)?king.com$") {
set req.backend = king;
else {
error 404 "Unknown HostName!"; #如果都不比對,傳回404錯誤
#不充許非通路控制清單的IP進行varnish緩存清除
if(req.request == "PURGE") {
if (!client.ip ~ local) {
error 405 "Not Allowed.";
return (lookup);
}
#清除url中有jpg|png|gif等檔案的cookie
if (req.request == "GET" && req.url ~ "\.(jpg|png|gif|swf|jpeg|ico)$") {
unset req.http.cookie;
#取消伺服器上p_w_picpaths目錄下所有檔案的cookie
if (req.url ~ "^/p_w_picpaths") {
#判斷req.http.X-Forwarded-For,如果前端有多重反向代理,這樣可以擷取用戶端IP位址。
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For ", " client.ip;
set req.http.X-Forwarded-For = client.ip;
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
return (pipe);
#針對請求和url位址判斷,是否在varnish緩存裡查找
if (req.request != "GET" && req.request != "HEAD") {
return (pass);
} ## 對非GET|HEAD請求的直接轉發給後端伺服器
if (req.http.Authorization || req.http.Cookie) {
if (req.request == "GET" && req.url ~ "\.(php)($|\?)") {
} #對GET請求,且url裡以.php和.php?結尾的,直接轉發給後端伺服器
return (lookup);
} #除了以上的通路以外,都在varnish緩存裡查找
sub vcl_pipe {
return (pipe);
sub vcl_pass {
return (pass);
sub vcl_hash {
set req.hash += req.url;
if (req.http.host) {
set req.hash += req.http.host;
} else {
set req.hash += server.ip;
return (hash);
sub vcl_hit {
if (!obj.cacheable) {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
return (deliver);
sub vcl_miss {
return (fetch);
sub vcl_fetch {
if (!beresp.cacheable) {
if (beresp.http.Set-Cookie) {
#WEB伺服器指明不緩存的内容,varnish伺服器不緩存
if (beresp.http.Pragma ~ "no-cache" ||
beresp.http.Cache-Control ~ "no-cache" ||
beresp.http.Cache-Control ~ "private") {
}
#對.txt .js .shtml結尾的URL緩存時間設定1小時,對其他的URL緩存時間設定為10天
if (req.request == "GET" && req.url ~ "\.(txt|js|css|shtml|html|htm)$") {
set beresp.ttl = 3600s;
set beresp.ttl = 10d;
#添加在頁面head頭資訊中檢視緩存命中情況
sub vcl_deliver {
set resp.http.x-hits = obj.hits ;
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT cqtel-bbs";
set resp.http.X-Cache = "MISS cqtel-bbs";
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>"} obj.status " " obj.response {"</title>
</head>
<body>
<h1>Error "} obj.status " " obj.response {"</h1>
<p>"} obj.response {"</p>
<h3>Guru Meditation:</h3>
<p>XID: "} req.xid {"</p>
<hr>
<address>
<a href="http://www.bbs.com/">bbs cache server</a>
</address>
</body>
</html>
"};
注意:在2.1後的版本裡,原"obj.*"的變量全部變為"beresp.*"了,需要留意一下
啟動varnish
/usr/local/varnish/sbin/varnishd -u www -g www -f /usr/local/varnish/etc/varnish/kerry.vcl -a 192.168.9.201:80 -s file,/data/varnish/cache/varnish_cache.data,1G -w 1024,51200,10 -t 3600 -T 192.168.9.201:3000
echo "/usr/local/varnish/sbin/varnishd -u www -g www -f /usr/local/varnish/etc/varnish/kerry.vcl -a 192.168.9.201:80 -s file,/data/varnish/cache/varnish_cache.data,1G -w 1024,51200,10 -t 3600 -T 192.168.9.201:3000" >> /etc/rc.local
參數:
-u 以什麼用運作
-g 以什麼組運作
-f varnish配置檔案
-a 綁定IP和端口
-s varnish緩存檔案位置與大小
-w 最小,最大線程和逾時時間
-T varnish管理端口,主要用來清除緩存
-p client_http11=on 支援http1.1協定
-P(大P) /usr/local/varnish/var/varnish.pid 指定其程序碼檔案的位置,實作管理
停止varnish
pkill varnishd #結束varnishd程序
啟動日志,友善分析網站通路情況
/usr/local/varnish/bin/varnishncsa -w /data/varnish/logs/varnish.log &
echo "/usr/local/varnish/bin/varnishncsa -w /data/varnish/logs/varnish.log &" >> /etc/rc.local
參數: -w 指定varnish通路日志要寫入的目錄與檔案
varnish日志切割
vi /root/cut_varnish_log.sh
#!/bin/sh
logs_path=/data/varnish/logs
vlog=${logs_path}/varnish.log
date=$(date -d "yesterday" +"%Y-%m-%d")
pkill -9 varnishncsa
mkdir -p ${logs_path}/$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv /data/varnish/logs/varnish.log ${logs_path}/$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/varnish-${date}.log
使用計劃任務,每天晚上淩晨00點運作日志切割腳本
echo "0 0 * * * /root/cut_varnish_log.sh" >> /etc/crontab
cat /etc/rc.local
ulimit -SHn 51200
#============================ Varnish 緩存清除 ======================
/usr/local/varnish/bin/varnishadm -T 192.168.9.201:3000 purge "req.http.host ~ www.kerry.com$ && req.url ~ /static/p_w_picpath/tp.php"
說明:
192.168.9.201:3000 為被清除緩存伺服器位址
www.kerry.com 為被清除的域名
/static/p_w_picpath/tp.php 為被清除的url位址清單
清除所有緩存
/usr/local/varnish/bin/varnishadm -T 192.168.9.201:3000 url.purge *$
清除p_w_picpath目錄下所有緩存
/usr/local/varnish/bin/varnishadm -T 192.168.9.201:3000 url.purge /p_w_picpath/
檢視Varnish伺服器連接配接數與命中率
/usr/local/varnish/bin/varnishstat –n /data/varnish/cache/varnish_cache.data
#============================ 核心優化 ==============================
vi /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
/sbin/sysctl -p
#===================== Varnish添加到服務自啟動 ======================
配置啟動檔案
vi /etc/init.d/varnish
#! /bin/sh
#
# varnish Control the varnish HTTP accelerator
# chkconfig: - 90 10
# description: Varnish is a high-perfomance HTTP accelerator
# processname: varnishd
# config: /etc/sysconfig/varnish
# pidfile: /var/run/varnish/varnishd.pid
### BEGIN INIT INFO
# Provides: varnish
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog
# Short-Description: start and stop varnishd
# Description: Varnish is a high-perfomance HTTP accelerator
### END INIT INFO
# Source function library.
. /etc/init.d/functions
retval=0
pidfile=/var/run/varnish.pid
exec="/usr/local/varnish/sbin/varnishd"
prog="varnishd"
config="/usr/local/varnish/etc/varnish/varnish"
lockfile="/var/lock/subsys/varnish"
# Include varnish defaults
[ -e /usr/local/varnish/etc/varnish/varnish ] && . /usr/local/varnish/etc/varnish/varnish
start() {
if [ ! -x $exec ]
then
echo $exec not found
exit 5
fi
if [ ! -f $config ]
echo $config not found
exit 6
echo -n "Starting varnish HTTP accelerator: "
# Open files (usually 1024, which is way too small for varnish)
ulimit -n ${NFILES:-131072}
# Varnish wants to lock shared memory log in memory.
ulimit -l ${MEMLOCK:-82000}
# $DAEMON_OPTS is set in /etc/sysconfig/varnish. At least, one
# has to set up a backend, or /tmp will be used, which is a bad idea.
if [ "$DAEMON_OPTS" = "" ]; then
echo "\$DAEMON_OPTS empty."
echo -n "Please put configuration options in $config"
return 6
else
# Varnish always gives output on STDOUT
daemon $exec -P $pidfile "$DAEMON_OPTS" > /dev/null 2>&1
retval=$?
if [ $retval -eq 0 ]
then
touch $lockfile
echo_success
echo
else
echo_failure
fi
return $retval
stop() {
echo -n "Stopping varnish HTTP accelerator: "
killproc $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
restart() {
stop
start
reload() {
restart
force_reload() {
rh_status() {
status $prog
rh_status_q() {
rh_status >/dev/null 2>&1
# See how we were called.
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
restart)
reload)
rh_status_q || exit 7
force-reload)
force_reload
status)
rh_status
condrestart|try-restart)
restart
*)
echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?
varnish的配置調用檔案,是用來告訴程式從哪裡讀取配置檔案,啟動參數有哪些等
vi /usr/local/varnish/etc/varnish
# Configuration file for varnish
# /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this
# shell script fragment.
# Maximum number of open files (for ulimit -n)
NFILES=131072
# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
MEMLOCK=1000000
## Alternative 2, Configuration with VCL
DAEMON_OPTS="-a 192.168.9.201:80 \
-f /usr/local/varnish/etc/varnish/kerry.vcl \
-T 192.168.9.201:3000 \
-u www -g www \
-n /data/varnish/cache \
-s file,/data/varnish/cache/varnish_cache.data,1G"
添加到系統服務,開機自啟動
chmod +x /etc/init.d/varnish
/sbin/chkconfig --add varnish
/sbin/chkconfig --level 2345 varnish on
開啟varnish
/etc/init.d/varnish start
關閉varnish
/etc/init.d/varnish stop
![網絡視訊監控入門指南:安裝配置、裝置選擇和實時監控一網打盡[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)