Varnish Cache Installation unter Debian Wheezy

Varnish Cache ist ein Web-Beschleuniger für dynamische Webseiten mit viel Inhalt. Ich möchte euch eine Installationsanleitung + Beispiel Konfiguration, wie ich sie zum Teil auch selbst benutze, erläutern.

Punkt 1: Die Installation

Die Installation der aktuellen Version 3.0.5 gestaltet sich recht einfach. (FreeBSD/RHEL/Ubuntu)

curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo "deb http://repo.varnish-cache.org/debian/ wheezy varnish-3.0" >> /etc/apt/sources.list
apt-get update
apt-get install varnish

Punkt 2: Daemon Konfiguration auf Port 80

Wir öffnen in einem Editor /etc/default/varnish und setzen die DAEMON_OPTS.

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -u varnish -g varnish \
             -S /etc/varnish/secret \
             -p thread_pool_add_delay=2 \
             -p thread_pools=8 \
             -p thread_pool_min=100 \
             -p thread_pool_max=4000 \
             -p session_linger=50 \
             -p sess_workspace=262144 \
             -s malloc,1024m"

Ausgelegt ist dieses Beispiel für eine CPU mit 8 Kernen.

# -p thread_pools=<Number of CPU cores> \
# -p thread_pool_min=<800 / Number of CPU cores> \

Punkt 3: Die default.vcl Konfiguration

Der eigentliche Hauptteil ist die Konfiguration der einzelnen VCL’s. Die offizielle Dokumentation gibt es hier und Beispiele hier.
Wir passen /etc/varnish/default.vcl wie folgt an, der Webserver ist in diesem Beispiel unter Port 8000 angesiedelt.

# List of upstream proxies we trust to set X-Forwarded-For correctly.
acl upstream_proxy {
  "127.0.0.1";
}

acl purge {
        "localhost";
        "127.0.0.1"/8;
}

# Redirect requests to Apache, running on port 8000 on localhost
backend apache {
        .host = "127.0.0.1";
        .port = "8000";
        .connect_timeout = 300s;
        .first_byte_timeout = 300s;
        .between_bytes_timeout = 300s;
}

# Subroutine called at the beginning of a request that decides whether or not to serve the request.
sub vcl_recv {
        # allow PURGE from localhost and 127.0.0.1/8...
        if (req.request == "PURGE") {
                if (!client.ip ~ purge) {
                        error 405 "Not allowed.";
                }
                return (lookup);
        }

        # Allow the backend to serve up stale content if it is responding slowly.
        set req.grace = 6h;

        # Use anonymous, cached pages if all backends are down.
        if (!req.backend.healthy) {
          unset req.http.Cookie;
        }

        # Set the X-Forwarded-For header so the backend can see the original
        # IP address. If one is already set by an upstream proxy, we'll just re-use that.
        if (client.ip ~ upstream_proxy && req.http.X-Forwarded-For) {
          set req.http.X-Forwarded-For = req.http.X-Forwarded-For;
        } else {
          set req.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
        }

        # Always cache the following file types for all users.
        if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|swf|css|js|htm|html)(\?[a-z0-9]+)?$") {
          unset req.http.Cookie;
        }

        # Handle compression correctly. Different browsers send different
        # "Accept-Encoding" headers, even though they mostly all support the same
        # compression mechanisms. By consolidating these compression headers into
        # a consistent format, we can reduce the size of the cache and get more hits.
        # @see: http://varnish.projects.linpro.no/wiki/FAQ/Compression
        if (req.http.Accept-Encoding) {
          if (req.http.Accept-Encoding ~ "gzip") {
            # If the browser supports it, we'll use gzip.
            set req.http.Accept-Encoding = "gzip";
          }
          else if (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
            # Next, try deflate if it is supported.
            set req.http.Accept-Encoding = "deflate";
          }
          else {
            # Unknown algorithm. Remove it and send unencoded.
            unset req.http.Accept-Encoding;
          }
        }

        # Only cache this
        if (req.request != "GET" &&
                req.request != "HEAD" &&
                req.request != "PUT" &&
                req.request != "POST" &&
                req.request != "TRACE" &&
                req.request != "OPTIONS" &&
                req.request != "DELETE") {
                return (pipe);
        }
        if (req.request != "GET" && req.request != "HEAD") {
                return (pass);
        }

}

# Subroutine called after a document has been retrieved from the backend.
sub vcl_fetch {
        # Ignore cache headers from the backend
        if (beresp.ttl < 120s) {
                set beresp.ttl = 120s;
        }

        # Don't allow static files to set cookies.
        if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm)(\?[a-z0-9]+)?$") {
                set beresp.http.cache-control = "max-age=2678400";
                set beresp.ttl = 31d;
                unset beresp.http.set-cookie;
        }

        # Allow items to be stale if needed.
        set beresp.grace = 6h;

        # remove /w00tw00t requests
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
}

sub vcl_deliver {

        # Add cache hit data
        if (obj.hits > 0) {
          # If hit add hit count
          set resp.http.X-Cache = "HIT";
          set resp.http.X-Cache-Hits = obj.hits;
        } else {
          set resp.http.X-Cache = "MISS";
        }

        # We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
        # Since we're not caching (yet), why bother telling people we use it?
        remove resp.http.X-Varnish;
        remove resp.http.Via;
        remove resp.http.Age;

        # We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
        remove resp.http.X-Powered-By;
}

# In the event of an error, show friendlier messages.
sub vcl_error {
  # Retry up to four times if the web site is temporarily unavailable.
  #if (obj.status == 503 && req.restarts < 5) {
  #  set obj.http.X-Restarts = req.restarts;
  #  return(restart);
  #}

  # Redirect to some other URL in the case of a homepage failure.
  #if (req.url ~ "^/?$") {
  #  set obj.status = 302;
  #  set obj.http.Location = "http://backup.example.com/";
  #}

  # Otherwise redirect to the homepage, which will likely be in the cache.
  set obj.http.Content-Type = "text/html; charset=utf-8";
  synthetic {"
<html>
<head>
  <title>Page Unavailable</title>
  <style>
    body { background: #303030; text-align: center; color: white; }
    #page { border: 1px solid #CCC; width: 500px; margin: 100px auto 0; padding: 30px; background: #323232; }
    a, a:link, a:visited { color: #CCC; }
    .error { color: #fff; font-weight:bold; }
  </style>
</head>
<body onload="setTimeout(function() { window.location = '/' }, 5000)">
  <div id="page">
    <h1 class="title">Page Unavailable</h1>
    <p>The page you requested is temporarily unavailable.</p>
    <p>We're redirecting you to the <a href="/">homepage</a> in 5 seconds.</p>
    <div class="error">Error "} + obj.status + " " + obj.response + {"</div>
  </div>
</body>
</html>
"};
  return (deliver);
}

sub vcl_hit {
        if (req.request == "PURGE") {
                purge;
                error 200 "Purged.";
        }

  # Allow users force refresh
  if (!obj.ttl > 0s) {
    return(pass);
  }
}

sub vcl_miss {
        if (req.request == "PURGE") {
                purge;
                error 200 "Purged.";
        }
}

sub vcl_hash {
  # URL and hostname/IP are the default components of the vcl_hash
  # implementation. We add more below.
  hash_data(req.url);
  if (req.http.host) {
      hash_data(req.http.host);
  } else {
      hash_data(server.ip);
  }

  # Include the X-Forward-Proto header, since we want to treat HTTPS
  # requests differently, and make sure this header is always passed
  # properly to the backend server.
  if (req.http.X-Forwarded-Proto) {
    hash_data(req.http.X-Forwarded-Proto);
  }

  return (hash);
}

Mit dieser Konfiguration sollte Varnish Cache für das Erste gut funktionieren. Jeder Administrator sollte die VCL’s Setup bedingt anpassen und erweitern.
Eine Anleitung um in Plesk den Apache Port zu ändern findet ihr hier.

Dominion

Dominion

Linux Systemadministrator

Das könnte Dich auch interessieren …

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.