Varnish reverse proxy server introduction, varnish Proxy Server

Varnish reverse proxy server introduction, varnish Proxy Server

First, we will introduce the cache system:

Two logics for running the program: 1. run on a single host 2. run collaboratively on different hosts (1. transverse cut 2. vertical Cut ----> 1. only responsible for one level 2. server expansion: 1. up (scale up) 2. scale out: a business can be divided into multiple small businesses to complete the http protocol independently. It is the most common protocol for communication between users and web servers in various mainstream programs: Please sum up the response process. The result of an application running is data. to beautify the data, you need to define the data display interface. That is, you need to process the css and js tools designed by the front-end to form files one by one, some can be parsed directly by the browser after the client is loaded, and some need to run the engine. Backend development includes gsp and php. The front-end development includes js and so on. js is used as a program, instead of displaying the result directly to the client after running on the server, but as a static file, directly respond to the client, and the client executes the command to get the result ------------------------------------------------. Therefore, the running on the server is called dynamic, and the opposite is static. Static resources can be returned to the client intact. The web server page consists of many resources. Each resource requires a separate request from the browser. The Browser needs multiple requests to load the resource locally. The server should respond multiple times, there is only one client, so requests do not have a one-to-one relationship with the client. Cache type: 1. proxy Cache: indicates the client to search for resources. side-mounted cache: If the cache server cannot find the resource, the client needs to search for the resource Proxy Cache by itself. The cache is divided into forward proxy and reverse proxy 1. forward Proxy: send a request on behalf of the client 2. reverse Proxy: Provides services on behalf of the server Varnish: reverse proxy server. The cache function is powerful. The cache software before varnish is squid.Varnish works between the client and the Web server, and sometimes uses nginx as the Scheduler:
First, the scheduler accesses user requests. This layer is called the access layer; then the cache server, which is the cache layer; then the business layer that processes the business. The business layer is divided into two types: 1. execute dynamic content 2. response to static content
For the protocol layer, the http protocol has a request message and a response message, which organizes Protocol items through the protocol header. For example, the protocol header can control the working mechanism of the cache by notifying the server that the cache cannot be used to respond to users. The browser cache is called private cache (private cache); the proxy server cache in the middle is called public cache. The cache system has two working logics for Web Services: 1. expiration mechanism: the server notifies the client of how long the cache can be used. During this period, the client does not send a request to the server, but obtains the content from the cache server. Once the server updates the content, the client cannot know, will continue to use the old content. Another case: the original content is not updated, but the cache has expired. The client also needs to send a request to the server. 2. Conditional cache: solves the problem of expired cache. When the client sends a request for the first time, it caches the server's response data. When it is used again, it sends a request to the server to verify whether the cached content has changed. If the content has not changed, it uses 304 to respond, notify the client that the content has not changed. If the content changes, the server will respond to 200 and the normal response (if the content is not changed, the server will respond to the new content). The server will determine whether the content has changed: 1. timestamp of the last file modification 2. extended Tag (Etag): the server responds to a random code and is used as a tag. After the content is updated, a new random code is added to reduce the pressure on the server, the two mechanisms can be used in combination (expiration mechanism and conditional cache). The above mechanisms are implemented through the header of the request and Response Message:

Expiration mechanism header: Expires: defines the expiration time. The defect is that the absolute time is used (accurate to seconds), and the global host has a time deviation. Therefore, http1.1 introduces a new cache header: cache-control: You can tell the cache system how to cache (indicating whether the cache can be private or public, indicating the cache time and the relative time). If the program runs with local characteristics, you can use the cache: temporal locality: After a data is accessed, it may soon be accessed again; spatial locality: when a data is accessed, its surrounding data may also be accessed; the program running locality makes the data have a hot zone and a hot zone has a local feature: frequently accessed data is loaded into the cache, and infrequently accessed cold data is put on the server. When the cache space is full, you need to clear the cache: 1. LRU: least recently used algorithm 2. cache Expiration: the expired cache is cleared, but the cache expiration does not mean that the original data changes. Cleaning will lead to accidental damage. Therefore, the cache effective metric is ----- cache hit rate: hit/(hit + miss) (number of hits divided by the total number of visits) page hit rate: byte hit rate measured based on the number of pages: whether the cache is determined based on the size of the page: private data: private, private cache; (browser cache) public Data: public, public or private cache; (Cache Server Cache) the following types of cached packets: Expires: expiration time; Expires: Thu, 22 Oct 2026 06:34:30 GMT Cache-Control: max-age = Etag If-None-Match Last-Modified If-Modified-Since: 1. ctrl + F5 is used to forcibly refresh the request message header, which means that content is not obtained from the cache. It is equivalent to adding a header to the request message, Attackers can bypass the cache to request the original content. Cache-request-directive = "no-cache" indicates that the cache can be used for response, but it must go to the server for verification. | "no-store" indicates that the cache cannot be used for response. | "max-age" "=" delta-seconds | "max-stale" ["= "delta-seconds] |" min-fresh "" = "delta-seconds |" no-transform "|" only-if-cached "| cache-extension 2. used to respond to the packet header: cache-response-directive = "public" can be cached in the public cache | "private" ["=" <"> 1 # field-name <">] can only be cached in the private cache | "no-cache" ["=" <"> 1 # field-name <">], can be cached, but before the response is sent to the client Revalidation is required (re-verification), that is, a conditional request must be issued to verify the validity of the cache; | "no-store", and the response content cannot be stored in the cache; | "no-transform" | "must-revalidate" | "proxy-revalidate" | "max-age" "=" delta-seconds defines the Maximum Cache Time (applied to all caches) | "s-maxage" "=" delta-seconds defines the Maximum cache Time (only used to control public Cache) | cache-extension is used for two Web Page Cache tools: squid (previous generation products can run stably under high concurrency pressure) varnish (new product, unstable under high concurrency pressure) two versions: community edition Enterprise has a graphical management tool varnish Working Process: Manager Process (main process) Cacher Process, including multiple types of threads: accept, worker, expiry ,... shared memory log (shared memory log) structure: This log is directly recorded in the memory statistical data: counter; records the number of requests received, the number of hits, and other log regions: log records; the time when the request occurred. (If there is a fixed size area to record the log content, the earliest information will be overwritten once it is filled up) varnish's program architecture diagram:
The master process can also load Cache control configuration files, which are programmed using VCL. VCL is a domain-type configuration language, that is, some configuration items can only be used at a certain location, the scope of the configuration item. However, the VCL language will eventually be converted to the c language, and then the c language will be compiled into the c module. The role of the quilt process loading using varnish is as follows:
A dedicated thread (worker threads) is used to respond to client requests, and backend communication is used to communicate with the server ). It can be seen that varnish requires two NICs, one connecting the Intranet and the other connecting the internet. Experiment: two virtual machines, with 67 addresses as varnish (node 1) and 68 addresses as http server (node 2) 1. Install the service
2. When coordinating the communication between hosts, synchronize the host time.
3. Install varnish. Version 4.0 has been included in the epel source. Installation Method: download and install the official website; install the epel Source
4. Provide test pages for web Services

You can also generate multiple test pages at the same time:
5. Start the http service:
Test
6. view the files generated after installing varnish:
Reload_vcl is a tool for compiling two languages at a time and Loading modules again.
Varnish has two types of configuration: 1. configuration process: varnish params 2. configure the cache system and VCL language: default vcl/etc/varnish. params: configure the working characteristics of the varnish service process, such as the listening address and port, cache mechanism;/etc/varnish/default. vcl: configure the Cache policies for each Child/Cache thread. Client command line interface:/usr/bin/varnishadm Shared Memory Log interactive tool: /usr/bin/varnishhist/usr/bin/varnishlog/usr/bin/varnishncsa/usr/bin/varnishstat/usr/bin/varnishtop test tool program: /usr/bin/varnishtest VCL configuration file overload program:/usr/sbin/varnish_reload_vcl/usr/lib/systemd/system/varnish. service varnish service/usr/lib/systemd/system/varnishlog. service Log service (to prevent overwriting of earlier information, you need to start the service to synchronize the information to the disk)/usr/lib/systemd/system/varnishncsa. service starts logs in another way (log format)
Builtin. vcl file content: There are many sub-routines
Vcl is a domain configuration language. Each sub defines a domain:
Varnish4.0 logic:
Applicable to front-end threads, that is, client requests, where: 1. vcl_pass: The second processing method regardless of whether the request hits. For example, if the request does not respond when hit, the pass processing is forwarded to the backend server. vcl_purge: One of the cache cleanup methods. If the cached content is inconsistent with the metadata, the response is sent to the user, and the metadata cannot be directly obtained by the user, the entire response content will be chaotic, you need to intervene in external force to forcibly clear the cache. There are two cache cleanup methods: (1) purge: if the request content hits the cache, the cache continues to take effect. If the request content does not hit the cache, it becomes invalid, that is, the cache is cleared. (2) ban mechanism: You can customize the regular expression mode. content matching the mode is forbidden to respond from the cache. You need to obtain the metadata and then cache it again to overwrite the previous cached content, to clear the cache. 3. vcl_pipe: requests that cannot be cached. Contact the backend directly. Two cases: (1) normal http request, but only get and head can be cached, other methods cannot be cached (2) Non-http requests
This method is applicable to sending requests to the server. vcl_synth is used to clean up the cache. The previous vcl_purge is used to monitor whether the cache clearance permission exists. In the preceding two figures, the elliptical represents the subroutine, that is, the domain, It is also called the status engine.
View the VCL configuration file:
The sub content is empty, but does not mean that no content is defined. Instead, it has the default content, that is, the builtin file (built-in file)
View the configuration file of the varnish process:
The content of the params configuration file can be defined using the command line option:
You can use the environment configuration file (params) to define some variables so that you can use some interfaces to modify the option values or options in the command line options.
Key File defined in the configuration file: When you log on to a different host, the client and server must have the key for authentication and generate a domain sharing key. Varnish_storage defines the cache mechanism, uses malloc, and defines that the memory uses MB space. Cache items are divided into two parts: Key and value; key in memory, value in disk, the two through hash ing. Varnish has two caching mechanisms: memory-based (here the value is also stored in the memory) ---- malloc Based on disk ------ memory-based file means that the cache needs to be allocated memory space in the memory; here, jemalloc is a concurrent system call that can complete memory allocation, similar to ------- malloc, which indicates that the value is stored in the memory. Disadvantage: the cache will produce a lot of memory fragments in the memory, which affects the system performance. Therefore, the memory cache space should not be too large. Disk-based storage refers to storing the cache on a disk as a file, but the entire cache item is made into a black box. There is an efficient mechanism in it to organize how the cached data is used, However, if When the varnish process is restarted, the Black Box cache will disappear. The current service is highly dependent on the cache, And the cache will be damaged, and the backend server will crash. Therefore, services cannot be restarted at will in production.