#! /Bin/bash
# By kerryhu
# Mail: king_819@163.com
# Blog: http://kerry.blog.51cto.com
# Please manual operation Yum of before operation .....
#============================== Update the system time ========== ================================
Yum install-y NTP
Ntpdate time.nist.gov
Echo "00 01 **** ntpdate time.nist.gov">/etc/crontab
#============================ Varnish installation ========== ================================
For a RedHat/centos system, install the following software package before installing varnish.
Automake
Autoconf
Libtool
Ncurses-devel
Libxslt
Groff
PCRE-devel
Pkgconfig
Groupadd WWW
Useradd www-G www-S/sbin/nologin
Mkdir-P/data/Varnish/{cache, logs}
Chmod + w/data/varnish/{cache, logs}
Chown-R www: www/data/varnish/{cache, logs}
Cd/opt
Yum install-y automake autoconf libtool ncurses-devel libxslt groff pcre-devel pkgconfig
Wget http://sourceforge.net/projects/varnish/files/varnish/2.1.3/varnish-2.1.3.tar.gz/download
Tar-zxvf varnish-2.1.3.tar.gz
Cd varnish-2.1.3
./Configure -- prefix =/usr/local/varnish
Make; make install
#============================ Varnish configuration ========== ============================
Vi/usr/local/varnish/etc/varnish/kerry. vcl
Backend kerry {# define the backend server name
. Host = "192.168.9.203"; # define the IP address of the backend server
. Port = "80"; # define the backend server port
}
Backend king {
. Host = "192.168.9.204 ";
. Port = "80 ";
}
# Define the access control list and clear the varnish cache with those IP addresses
Acl local {
"Localhost ";
"127.0.0.1 ";
}
# Determine which backend server the host request is targeting
Sub vcl_recv {
If (req. http. host ~ "^ (Www .)? Kerry.com $ ") {# How to Write a wildcard domain name" ^ (.*.)? Kerry.com $"
Set req. backend = kerry;
}
Elsif (req. http. host ~ "^ (Www .)? King.com $ "){
Set req. backend = king;
}
Else {
Error 404 "Unknown HostName! "; # If none of them match, Error 404 is returned.
}
# Clear varnish cache without filling IP addresses in the non-Access Control List
If (req. request = "PURGE "){
If (! Client. ip ~ Local ){
Error 405 "Not Allowed .";
Return (lookup );
}
}
# Clear jpg, png, gif, and other files in the url.
If (req. request = "GET" & req. url ~ "\. (Jpg | png | gif | swf | jpeg | ico) $ "){
Unset req. http. cookie;
}
# Cancel the cookie for all files in the images directory on the server
If (req. url ~ "^/Images "){
Unset req. http. cookie;
}
# Judge req. http. X-Forwarded-For. If the front end has multiple reverse proxies, you can obtain the Client IP address.
If (req. http. x-forwarded-){
Set req. http. X-Forwarded-For =
Req. http. X-Forwarded-For "," client. ip;
}
Else {
Set req. http. X-Forwarded-For = client. ip;
}
If (req. request! = "GET "&&
Req. request! = "HEAD "&&
Req. request! = "PUT "&&
Req. request! = "POST "&&
Req. request! = "TRACE "&&
Req. request! = "OPTIONS "&&
Req. request! = "DELETE "){
Return (pipe );
}
# Determine whether to search for requests and URLs in the varnish Cache
If (req. request! = "GET" & req. request! = "HEAD "){
Return (pass );
### Direct forwarding of non-GET | HEAD requests to backend servers
If (req. http. Authorization | req. http. Cookie ){
Return (pass );
}
If (req. Request = "get" & Req. url ~ "\. (PHP) ($ | \?) "){
Return (PASS );
} # For the GET request, and the URL is in. php and. php? And directly forward it to the backend server.
Return (lookup );
} # In addition to the above access, all are found in the varnish Cache
Sub vcl_pipe {
Return (PIPE );
}
Sub vcl_pass {
Return (PASS );
}
Sub vcl_hash {
Set Req. Hash + = Req. url;
If (req. http. HOST ){
Set Req. Hash + = Req. http. Host;
} Else {
Set Req. Hash + = server. IP;
}
Return (hash );
}
Sub vcl_hit {
If (! OBJ. cacheable ){
Return (PASS );
}
If (req. request = "PURGE "){
Set obj. ttl = 0 s;
Error 200 "Purged .";
}
Return (deliver );
}
Sub vcl_miss {
Return (fetch );
}
Sub vcl_fetch {
If (! Beresp. cacheable ){
Return (pass );
}
If (beresp. http. Set-Cookie ){
Return (pass );
}
# The WEB server indicates that the content is not cached. The varnish server does not cache the content.
If (beresp. http. Pragma ~ "No-cache" |
Beresp. http. Cache-Control ~ "No-cache" |
Beresp. http. Cache-Control ~ "Private "){
Return (pass );
}
Then, set the URL cache time ending with .txt. js. shtml to 1 hour, and the cache time for other URLs to 10 days.
If (req. request = "GET" & req. url ~ "\. (Txt | js | css | shtml | html | htm) $ "){
Set beresp. ttl = 3600 s;
}
Else {
Set beresp. ttl = 10d;
}
Return (deliver );
}
# Add the header to the page to View cache hits
Sub vcl_deliver {
Set resp. http. x-hits = obj. hits;
If (obj. hits> 0 ){
Set resp. http. X-Cache = "HIT cqtel-bbs ";
}
Else {
Set resp. http. X-Cache = "MISS cqtel-bbs ";
}
}
Sub vcl_error {
Set obj. http. Content-Type = "text/html; charset = UTF-8 ";
Synthetic {"
<? Xml version = "1.0" encoding = "UTF-8"?>
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Strict // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<Html>
<Head>
<Title> "} obj. status" "obj. response {" </title>
</Head>
<Body>
<H1> Error "} obj. status" "obj. response {"
"} Obj. response {"
<H3> Guru Meditation:
XID: "} req. xid {"
<Hr>
<Address>
<A href = "http://www.bbs.com/"> bbs cache server
</Address>
</Body>
</Html>
"};
Return (deliver );
}
Note: In Versions later than 2.1, all the variables of the original "obj. *" have changed to "beresp. *". Pay attention to this.
Start varnish
/Usr/local/varnish/sbin/varnishd-u www-g www-f/usr/local/varnish/etc/varnish/kerry. vcl-a 192.168.9.201: 80-s file,/data/varnish/cache/varnish_cache.data, 1G-w 1024,51200, 10-t 3600-T 192.168.9.201: 3000
Echo "/usr/local/varnish/sbin/varnishd-u www-g www-f/usr/local/varnish/etc/varnish/kerry. vcl-a 192.168.9.201: 80-s file,/data/varnish/cache/varnish_cache.data, 1G-w 1024,51200, 10-t 3600-T 192.168.9.201: 3000 ">/etc/rc. local
Parameters:
-What is the purpose of u?
-G
-F varnish configuration file
-A: bind the IP address and port
-S varnish cache file location and size
-W minimum, maximum thread and timeout
-T varnish Management port, mainly used to clear the cache
-P client_http11 = on supports http1.1 Protocol
-P (large P)/usr/local/varnish/var/varnish. pid specifies the location of the Process Code file for management
Stop varnish
Pkill varnishd # end the varnishd Process
Start log to analyze Website access
/Usr/local/varnish/bin/varnishncsa-w/data/varnish/logs/varnish. log &
Echo "/usr/local/varnish/bin/varnishncsa-w/data/varnish/logs/varnish. log &">/etc/rc. local
Parameter:-w specifies the Directory and file to be written to the varnish access log
Varnish log Cutting
Vi/root/cut_varnish_log.sh
#! /Bin/sh
Logs_path =/data/varnish/logs
Vlog =$ {logs_path}/varnish. log
Date = $ (date-d "yesterday" + "% Y-% m-% d ")
Pkill-9 varnishncsa
Mkdir-p $ {logs_path}/$ (date-d "yesterday" + "% Y")/$ (date-d "yesterday" + "% m ")/
Mv/data/varnish/logs/varnish. log $ {logs_path}/$ (date-d "yesterday" + "% Y")/$ (date-d "yesterday" + "% m ") /varnish-$ {date }. log
/Usr/local/varnish/bin/varnishncsa-w/data/varnish/logs/varnish. log &
Run the log cutting script at every night using scheduled tasks
Echo "0 0 ****/root/cut_varnish_log.sh">/etc/crontab
CAT/etc/rc. Local
Ulimit-shn 51200
/Usr/local/Varnish/sbin/varnishd-u www-G www-F/usr/local/Varnish/etc/Varnish/Kerry. VCL-A 192.168.9.201: 80-s file,/data/Varnish/Cache/varnish_cache.data, 1g-W 1024,51200, 10-T 3600-T 192.168.9.201: 3000
/Usr/local/Varnish/bin/varnishncsa-W/data/Varnish/logs/varnish. log &
#============================ Varnish cache cleanup ========== ====================
/Usr/local/Varnish/bin/varnishadm-T 192.168.9.201: 3000 purge "Req. http. Host ~
Www.kerry.com $ & Req. url ~ /Static/image/TP. php"
Note:
192.168.9.201: 3000 indicates the address of the cache server to be cleared.
Www.kerry.com is the domain name to be cleared.
/Static/image/TP. php is the list of cleared URLs
Clear all caches
/Usr/local/Varnish/bin/varnishadm-T 192.168.9.201: 3000 URL. Purge * $
Clear all caches in the image directory
/Usr/local/varnish/bin/varnishadm-T 192.168.9.201: 3000 url. purge/image/
View Varnish server connections and hit rate
/Usr/local/varnish/bin/varnishstat-n/data/varnish/cache/varnish_cache.data
#============================ Kernel optimization ========== ==================================
Vi/etc/sysctl. conf
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
# Net. ipv4.tcp _ fin_timeout = 30
# Net. ipv4.tcp _ keepalive_time = 300
Net. ipv4.ip _ local_port_range = 1024 65000
Net. ipv4.tcp _ max_syn_backlog = 8192
Net. ipv4.tcp _ max_tw_buckets = 5000
Net. ipv4.tcp _ max_syn_backlog = 65536
Net. core. netdev_max_backlog = 32768
Net. core. somaxconn = 32768
Net. core. wmem_default = 8388608
Net. Core. rmem_default = 8388608
Net. Core. rmem_max = 16777216
Net. Core. wmem_max = 16777216
Net. ipv4.tcp _ timestamps = 0
Net. ipv4.tcp _ synack_retries = 2
Net. ipv4.tcp _ syn_retries = 2
Net. ipv4.tcp _ tw_recycle = 1
# Net. ipv4.tcp _ tw_len = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ mem = 94500000 915000000 927000000
Net. ipv4.tcp _ max_orphans = 3276800
/Sbin/sysctl-P
#================================ Varnish ==========
Configure the Startup File
VI/etc/init. d/Varnish
#! /Bin/sh
#
# Varnish control the varnish HTTP accelerator
#
# Chkconfig:-90 10
# Description: varnish is a high-perfomance HTTP accelerator
# Processname: varnishd
# Config:/etc/sysconfig/varnish
# Pidfile:/var/run/varnish/varnishd. pid
### BEGIN INIT INFO
# Provides: varnish
# Required-Start: $ network $ local_fs $ remote_fs
# Required-Stop: $ network $ local_fs $ remote_fs
# Shocould-Start: $ syslog
# Short-Description: start and stop varnishd
# Description: Varnish is a high-perfomance HTTP accelerator
### END INIT INFO
# Source function library.
./Etc/init. d/functions
Retval = 0
Pidfile =/var/run/varnish. pid
Exec = "/usr/local/varnish/sbin/varnishd"
Prog = "varnishd"
Config = "/usr/local/varnish/etc/varnish"
Lockfile = "/var/lock/subsys/varnish"
# Include varnish defaults
[-E/usr/local/varnish/etc/varnish] &./usr/local/varnish/etc/varnish
Start (){
If [! -X $ exec]
Then
Echo $ exec not found
Exit 5
Fi
If [! -F $ config]
Then
Echo $ config not found
Exit 6
Fi
Echo-n "Starting varnish HTTP accelerator :"
# Open files (usually 1024, which is way too small for varnish)
Ulimit-n $ {NFILES:-131072}
# Varnish wants to lock shared memory log in memory.
Ulimit-l $ {MEMLOCK:-82000}
# $ DAEMON_OPTS is set in/etc/sysconfig/varnish. At least, one
# Has to set up a backend, or/tmp will be used, which is a bad idea.
If ["$ DAEMON_OPTS" = ""]; then
Echo "\ $ DAEMON_OPTS empty ."
Echo-n "Please put configuration options in $ config"
Return 6
Else
# Varnish always gives output on STDOUT
Daemon $ Exec-p $ pidfile "$ daemon_opts">/dev/null 2> & 1
Retval =$?
If [$ retval-EQ 0]
Then
Touch $ lockfile
Echo_success
Echo
Else
Echo_failure
Fi
Return $ retval
Fi
}
Stop (){
Echo-n "Stopping varnish HTTP accelerator :"
Killproc $ prog
Retval =$?
Echo
[$ Retval-eq 0] & rm-f $ lockfile
Return $ retval
}
Restart (){
Stop
Start
}
Reload (){
Restart
}
Force_reload (){
Restart
}
Rh_status (){
Status $ prog
}
Rh_status_q (){
Rh_status>/dev/null 2> & 1
}
# See how we were called.
Case "$1" in
Start)
Rh_status_q & Exit 0
$1
;;
Stop)
Rh_status_q | exit 0
$1
;;
Restart)
$1
;;
Reload)
Rh_status_q | exit 7
$1
;;
Force-reload)
Force_reload
;;
Status)
Rh_status
;;
Condrestart | try-restart)
Rh_status_q | exit 0
Restart
;;
*)
Echo "Usage: $0 {start | stop | status | restart | condrestart | try-restart | reload | force-reload }"
Exit 2
Esac
Exit $?
The varnish configuration call file is used to tell the program where to read the configuration file and what startup parameters are there.
Vi/usr/local/varnish/etc/varnish
# Configuration file for varnish
#
#/Etc/init. d/varnish expects the variable $ daemon_opts to be set from this
# Shell script fragment.
#
# Maximum number of open files (for ulimit-N)
Nfiles = 131072
# Locked shared memory (for ulimit-l)
# Default log size is 82 MB + Header
Memlock = 1000000
# Alternative 2, configuration with VCL
Daemon_opts = "-A 192.168.9.201: 80 \
-F/usr/local/Varnish/etc/Varnish/Kerry. VCL \
-T 192.168.9.201: 3000 \
-U www-G www \
-N/data/varnish/cache \
-S file,/data/varnish/cache/varnish_cache.data, 1G"
Add to system service and start automatically
Chmod + x/etc/init. d/varnish
/Sbin/chkconfig -- add varnish
/Sbin/chkconfig -- level 2345 varnish on
Enable varnish
/Etc/init. d/varnish start
Disable varnish
/Etc/init. d/varnish stop