Directadmin 使用apache,由于apache的工作原理是一个访客一个进程。17ce一下就有无数的php-cgi进程,负载轻松上60.....
试过很多优化方法:限制连接数(照死..)、用limit.conf限制单用户连接数(这个有时不管用...),也试过网上广为流传的evasive20_module 防C模块和mod_cache缓存模块,貌似都没啥用。折腾mod_pagespeed安装失败...
后来想到给apache上个前端,首先想到的就是nginx,装好之后问题来了,把请求全部转向后端,apache不认....貌似必须一个站一个server,不方便控制。
后来有人说varnish可以解决这个问题,折腾了一个小时安装成功。记录下安装方法:
1、添加varnish官方源并安装
for Debian:
curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add - echo "deb http://repo.varnish-cache.org/debian/ squeeze varnish-3.0" >> /etc/apt/sources.list apt-get update apt-get install varnish
for CentOS:
rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.noarch.rpm yum install varnish
2、修改/etc/varnish/default.vcl配置
backend apache2 {
.host = "1.2.3.4"; #改成公网ip
.port = "800";
.connect_timeout = 60s;
.first_byte_timeout = 120s;
.between_bytes_timeout = 60s;
}
acl purgeallow { //定义控制访问列表,允许哪些IP清除varnish缓存
"127.0.0.1";
}
#
# Below is a commented-out copy of the default VCL logic. If you
# redefine any of these subroutines, the built-in logic will be
# appended to your code.
sub vcl_recv {
###开启压缩模式,图片格式取消压缩
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|jpeg|flv)" ) {
remove req.http.Accept-Encoding;
remove req.http.Cookie;
} else if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} else if (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
remove req.http.Accept-Encoding;
}
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
}
###发送PURGE请求的客户端不是在ACL设定的地址时,讲返回405状态代码
if(req.request == "PURGE") {
if(!client.ip ~ purgeallow) {
error 405 "not allowed.";
}
return(lookup);
}
###清除url中有jpg|png|gif等文件的cookie
if (req.request == "GET" && req.url ~ "\.(jpg|png|gif|swf|flv|ico|jpeg)$") {
unset req.http.cookie;
}
###对get请求,且url里以.php和.php?结尾的,直接转发给后端服务器
if (req.request =="GET"&&req.url ~ "(?i)\.php($|\?)"){
return (pass);
}
###判断req.http.x-forwarded-for,如果前端多重反向代理,这样可以获得客户端的IP地址
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
###对非GET|HEAD请求的直接转发给后端服务器 调用 pipe 函数,建立客户端和后端服务器之间的直接连接,从后端服务器调用数据
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
###对非get和head请求直接转发给后端服务器
if (req.request != "GET" && req.request != "HEAD") {
return (pass);
}
###对请求中有验证及cookie,直接转发给后端服务器
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
###判断host请求针对哪个后端服务器
if (req.http.host ~ "^(.*)") {
set req.backend = apache2;
}
else {
error 404 "Unknown HostName!";
}
return (lookup);
}
###进入pass模式,请求被送往后端,后端返回数据给客户端,但不进入缓存处理
sub vcl_pipe {
return (pipe);
}
sub vcl_pass {
return (pass);
}
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (hash);
}
####在lookup后如果在cache中找到请求的缓存,一般以下面几个关键词结束
sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "purged";
}
return (deliver);
}
####lookup后没有找到缓存时调用,以下面几个关键词结束,及调用fetch参数重新测试是否加入缓存
sub vcl_miss {
if(req.request == "PURGE") {
error 404 "not in cache.";
}
return (fetch);
}
####这里是设置对象的缓存生命期
sub vcl_fetch {
if (beresp.ttl <= 0s ||
beresp.http.Set-Cookie ||
beresp.http.Vary == "*") {
/*
* Mark as "Hit-For-Pass" for the next 2 minutes
*/
set beresp.ttl = 3 s;
return (hit_for_pass);
}
return (deliver);
}
#
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
synthetic {"
<!--?xml version="1.0" encoding="utf-8"?-->
"} + obj.status + " " + obj.response + {"
<h1>Error "} + obj.status + " " + obj.response + {"</h1>
"} + obj.response + {"
<h3>Guru Meditation:</h3>
XID: "} + req.xid + {"
<hr />
Varnish cache server
"};
return (deliver);
}
#
sub vcl_init {
return (ok);
}
#
sub vcl_fini {
return (ok);
}
3、修改各种端口(不保证成功,推荐自己手动搜索修改。)...
sed -i "s#ips.conf#ips_hack.conf#g" /etc/httpd/conf/extra/httpd-vhosts.conf cp /etc/httpd/conf/ips.conf /etc/httpd/conf/ips_hack.conf sed -i "s#:80#:800#g" /etc/httpd/conf/ips_hack.conf sed -i "s#:80#:800#g" /etc/httpd/conf/extra/httpd-vhosts.conf sed -i "s#:80#:800#g" /usr/local/directadmin/data/templates/ips_virtual_host.conf sed -i "s#:|PORT_80|#:800#g" /usr/local/directadmin/data/templates/virtual_host2_sub.conf sed -i "s#:80#:800#g" /usr/local/directadmin/data/templates/virtual_host2_sub.conf sed -i "s# |MULTI_IP|##g" /usr/local/directadmin/data/templates/virtual_host2_sub.conf sed -i "s/CustomLog/#CustomLog/g" /usr/local/directadmin/data/templates/virtual_host2_sub.conf sed -i "s#:|PORT_80|#:800#g" /usr/local/directadmin/data/templates/virtual_host.conf sed -i "s#:80#:800#g" /usr/local/directadmin/data/templates/virtual_host.conf sed -i "s# |MULTI_IP|##g" /usr/local/directadmin/data/templates/virtual_host.conf sed -i "s/CustomLog/#CustomLog/g" /usr/local/directadmin/data/templates/virtual_host.conf sed -i "s#:|PORT_80|#:800#g" /usr/local/directadmin/data/templates/virtual_host_sub.conf sed -i "s#:80#:800#g" /usr/local/directadmin/data/templates/virtual_host_sub.conf sed -i "s# |MULTI_IP|##g" /usr/local/directadmin/data/templates/virtual_host_sub.conf sed -i "s/CustomLog/#CustomLog/g" /usr/local/directadmin/data/templates/virtual_host_sub.conf sed -i "s#:|PORT_80|#:800#g" /usr/local/directadmin/data/templates/redirect_virtual_host.conf sed -i "s#:80#:800#g" /usr/local/directadmin/data/templates/redirect_virtual_host.conf sed -i "s# |MULTI_IP|##g" /usr/local/directadmin/data/templates/redirect_virtual_host.conf sed -i "s#:|PORT_80|#:800#g" /usr/local/directadmin/data/templates/virtual_host2.conf sed -i "s#:80#:800#g" /usr/local/directadmin/data/templates/virtual_host2.conf sed -i "s# |MULTI_IP|##g" /usr/local/directadmin/data/templates/virtual_host2.conf sed -i "s/CustomLog/#CustomLog/g" /usr/local/directadmin/data/templates/virtual_host2.conf sed -i "s#Port 80#Port 800#g" /usr/local/directadmin/data/templates/httpd.conf sed -i "s#Listen 80#Listen 800#g" /usr/local/directadmin/data/templates/httpd.conf sed -i "s#Listen 80#Listen 800#g" /etc/httpd/conf/httpd.conf sed -i "s#:80#:800#g" /usr/local/directadmin/data/users/*/httpd.conf
4、重启httpd并启动varnish
service httpd restart varnishd -f /etc/varnish/default.vcl -s malloc,500M -T 127.0.0.1:2000 -a 1.2.3.4:80 #500M为最大占用内存 #1.2.3.4改为外网ip
如无意外,此时访问域名,应该是生效的,并且可以在主机头看到
| Via | 1.1 varnish |
5、禁用访客访问800端口
iptables -I INPUT -p TCP --dport 800 -j DROP iptables -I INPUT -s 1.2.3.4 -p TCP --dport 800 -j ACCEPT #1.2.3.4改为外网ip
6、修改启动项...
for Debian:
#vi /etc/rc.local pkill varnishd varnishd -f /etc/varnish/default.vcl -s malloc,230M -T 127.0.0.1:2000 -a 1.2.3.4:80 iptables -F iptables -I INPUT -p TCP --dport 800 -j DROP iptables -I INPUT -s 1.2.3.4 -p TCP --dport 800 -j ACCEPT
其他系统的修改方法未知- -
已知问题:
1、有时访问会503,刷新一下就正常,这应该是varnish的超时时间太短。
2、为什么要用外网ip?我尝试过用内网ip不能识别访客的真实ip....
最近看了海哥的lamp,貌似海哥那边有解决方案???
什么意思?
海哥就是 centos.bz
就是我也想用varnish,可是懒得动,好麻烦啊,还得改端口,然后我用的nginx,又怕缓存有问题,罢了,暂时不改了
其實我本來是想用nginx的,但是裝好後反代失敗,我以為是nginx的問題,換成了varnish。。。原來是apache配置問題- – 現在懶得換nginx了,先用著varnish吧
varnish压缩http头信息,很不错的
varnish的资料还是比较少的,我等菜鸟直接lnmp傻瓜化
资料不算少,直接看官方wiki可以解决很多问题- –
哦,Windowws+Nginx
那nginx相当于残废。。。
必须的……
挂着流量精灵只能跑nginx
– -跑nginx干嘛…
做网站……
– -做网站还跑流量精灵…
又不是什么大型网站= =打算跑个下载站
没啥技术含量…
哦,采尼玛!
你的博客速度比我的还快..尼玛,谁让你这么快的
ooo
卧槽,原来你在…妹的
。。。。
不行么…
。。。。。。。。。。我喜欢你,我爱你!嫁给我吧
X采花,尼玛的月妹纸是我的
我的!
– -我的!
等月妹纸去泰国后再说是谁的吧
– -要不先把你拿下?没有月妹纸,你也可以解渴~~
怕被摘蛋 – –
乖,别怕~
你想干嘛。。
次奥 太快了 DDCC让他慢点。。。
好猪意!这么艰巨的任务就交给你了!