Navigation
Nouveautés
Varnish est un accélérateur HTTP. En résumé, ce logiciel a la capacité de mettre en cache ce qu'on lui dicte (bien souvent en RAM pour la rapidité d'accès). De fait, si Varnish dispose de l'objet demandé dans son cache, il le délivre sans créer de requêtes vers le serveur Backend (WEB par exemple) et dans le cas contraire il va chercher l'information.
curl "http://repo.varnish-cache.org/debian/GPG-key.txt" | apt-key add -
vi /etc/apt/sources.list.d/varnish.list
deb http://repo.varnish-cache.org/debian/ wheezy varnish-3.0
aptitude update
aptitude show varnish
Paquet : varnish État: installé Automatiquement installé: non Version : 3.0.2-2 Priorité : optionnel Section : web Responsable : Varnish Package Maintainers <pkg-varnish-devel@lists.alioth.debian.org> Architecture : amd64
aptitude install varnish
vi /etc/default/varnish
START=yes NFILES=131072 MEMLOCK=82000 VARNISH_VCL_CONF=/etc/varnish/default.vcl VARNISH_LISTEN_ADDRESS= VARNISH_LISTEN_PORT=80 VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 VARNISH_ADMIN_LISTEN_PORT=6082 VARNISH_MIN_THREADS=50 VARNISH_MAX_THREADS=5000 VARNISH_THREAD_POOLS=4 VARNISH_THREAD_DELAY=2 VARNISH_THREAD_TIMEOUT=120 VARNISH_STORAGE_SIZE=2G VARNISH_SECRET_FILE=/etc/varnish/secret VARNISH_STORAGE="malloc,${VARNISH_STORAGE_SIZE}" VARNISH_TTL=120 DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ -f ${VARNISH_VCL_CONF} \ -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ -t ${VARNISH_TTL} \ -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \ -S ${VARNISH_SECRET_FILE} \ -s ${VARNISH_STORAGE}"
vi /etc/varnish/default.vcl
# This is a basic VCL configuration file for varnish. See the vcl(7) # man page for details on VCL syntax and semantics. # # DECLARATION BACKEND # backend default { .host = "127.0.0.1"; .port = "8080"; } # # DECLARATION ACL # acl whitelist { "localhost"; "$WHITE_IP"; } # # RULES ON RECV # sub vcl_recv { # # RESTRICTION IP if (req.http.host ~ "$HOSTNAME") { if (!(client.ip ~ whitelist)) { error 403 "RESTRICTED URL .."; } else { return(pass); } } # # FORWARD IP SRC TO APACHE LOG if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # #ONLY DEAL WITH GET AND HEAD REQUESTS if (req.request != "GET" && req.request != "HEAD") { return (pass); } # #FORWARD AUTHENTIFICATION if (req.http.Authorization) { return (pass); } return (lookup); # # DONT CACHE THIS if ((req.url ~ "(update\.php$|apc\.php$|status\.php$|cron\.php$|awstats|user|users|admin|admin-menu|server-status)")) { return (pass); } # # SUPPRESSION DES COOKIES ENVOYES PAR LE CLIENT if (!(req.url ~ "^!/(user|users|admin|awstats|phpmyadmin)")) { unset req.http.cookie; } # # NORMALISER LES ACCEPT ENCODING if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { # NON COMPRESSION POUR CES DEMANDES remove req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # UNKNOWN ALGORYTHM remove req.http.Accept-Encoding; } } } # # RULES ON FETCH # sub vcl_fetch { # # CACHE IMAGES/CSS/JS if (req.url ~ "\.(png|jpeg|jpg|gif|css|js|ico|woff|ttf)$") { set beresp.ttl = 2h; } # # SUPPRESSION COOKIE ENVOYER PAR LE SITE if (!(req.url ~ "^/(user|users|admin|awstats)")) { unset beresp.http.set-cookie; # # IGNORE CACHE HEADERS FROM THE BACKEND if (beresp.ttl < 120s) { set beresp.ttl = 120s; } } # # CHANGE WEB SERVE SIGNATURE unset beresp.http.Server; unset beresp.http.X-Powered-By; return (deliver); } # # RULES ON DELIVER # sub vcl_deliver { # # HIDE SERVER INFO unset resp.http.Server; unset resp.http.X-Varnish; unset resp.http.Via; unset resp.http.Age; # # HIDE DRUPAL INFO unset resp.http.X-Generator; unset resp.http.X-Drupal-Cache; # # HEADER TO TRACK CACHE HIT/MISS. if (client.ip ~ whitelist) { set resp.http.X-Served-By = server.hostname; # # HEADER TO TRACK CACHE HIT/MISS. if (obj.hits > 0) { set resp.http.X-Varnish-Cache = "HIT"; } else { set resp.http.X-Varnish-Cache = "MISS"; } } }
Le language VCL est propre à chaque configuration selon votre backend et les applications hébergées.
# FORWARD IP SRC TO APACHE LOG if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } }
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" varnishcombined CustomLog ${APACHE_LOG_DIR}/www.exemple.com-access.log varnishcombined
varnishd -C -f /etc/varnish/default.vcl
varnishlog -c -i RxURL
varnishlog -b -i TxURL
varnishtop -i RxHeader -I '^Host:'
varnishtop -i RxHeader -I Cookie
varnishlog -c -i RxHeader -I 'Host.*repo'