内容linux运维-2014教程cache p

SquidPhpinfo()→opcodeNginxReverse

proxyLNAMP

=

Nginx

→

Apache+php+MySQL

Php:

CPU

MySQL:

CPU

Php

→

mysql.sock

MySQL

Php→

Memcached

MySQL

(query

cache)

LNAMPLNMPLAMPPHPXCacheopcodememcachelibmemcached2020/11/24Cryptographypage:2What

is

Squid?Squid的诞生Squid功能An

ever-growing

number

ofcompanies

use

Squid

tosave

on

their

internet web

traffic,

improveperformance,

deliver

faster

browsing

to

their

end-clients

and

provide

static,

dynamicand

streamingcontent

to millions

of

internet

users

worldwideSquid

的特点offers

a

rich

access

control,

authorizationandlogging

environment

to

develop

web

proxy

and

contentserving

applications2020/11/24Cryptographypage:3What

are

cachable

objects?An

Internet

Object

is

a

file, or

response

to

aqueryfor

an

Internet

service

such

as

FTP,

HTTP,

or

gopherNot

dnsA

client

requests

an

Internet

object

from

a

caching

proxy

if

the

object

is

not

already

cached,

the

proxy

server

fetchesthe

object

(either

from

the

host

specified

in

the

URL

or

froma

parent

or

sibling

cache)

and

delivers

it

to

the

client2020/11/24Cryptographypage:42020/11/24Cryptographypage:5ICP

protocol:

Internet

Cache

ProtocolUsed

for

communication

among

squid

cachesICP

is

primarily

used

within

a

cache

hierarchy

to

locatespecific

objects

in

sibling

cachesICP

is

currently

implemented

on

top

of

3130/UDPSquid基本配置squid包包名：squid-2.6.STABLE6服务名：squid主程序：/usr/sbin/squid配置

：/etc/squid/主配置文件：/etc/squid/squid.conf默认 端口：TCP

3128默认 日志文件：/var/log/squid/access.log2020/11/24Cryptographypage:6主配置文件squid.conf常用配置项http_port

3128cache_mem

64

MBum_object_size

4096

KBreply_body_max_size

10240000

allow

allaccess_log

/var/log/squid/access.log

squidvisible_hostname

cache_dir

ufs

/var/spool/squid

100

16

256为缓存

分配的磁盘空间（MB）缓存空间的一级子 个数缓存空间的二级子 个数缓存数据的存储格式2020/11/24Cryptographypage:7exporthttp_proxy=2020/11/24Cryptographypage:82020/11/24Cryptographypage:9acl

all

/http_access

deny

allACL

控制ACL（Access

ControlList，控制列表）可以从客户机的IP地址、请求 的URL/ /文件类型、时间、并发请求数等各方面进行控制应用 控制的方式定义acl列表acl

列表名称列表类型列表内容…针对acl列表进行限制http_access

allow或deny

列表名……2020/11/24Cryptographypage:10ACL

控制最基本的ACL控制示例任何客户机使用 服务acl

all

src

/http_access

deny

all2020/11/24Cryptographypage:112020/11/24Cryptographypage:12reply_body_max_size

10240000

allow

allACL

控制常用的acl列表类型srcdstportsrcdsttimemaxconnurl_regexurlpath_regex2020/11/24Cryptographypage:132020/11/24Cryptographypage:148:00-18:002020/11/24Cryptographypage:15acl

worktime

time08:00-12:00acl

worktime

time

14:00-18:00http_access

allow

worktime

mynetwork2020/11/24Cryptographypage:16arp2020/11/24Cryptographypage:172020/11/24Cryptographypage:182020/11/24Cryptographypage:192020/11/24Cryptographypage:202020/11/24Cryptographypage:212020/11/24Cryptographypage:222020/11/24Cryptographypage:232020/11/24Cryptographypage:242020/11/24Cryptographypage:252020/11/24Cryptographypage:262020/11/24Cryptographypage:272020/11/24Cryptographypage:282020/11/24Cryptographypage:292020/11/24Cryptographypage:302020/11/24Cryptographypage:312020/11/24Cryptographypage:32localnet,denytime:

18:00-23:59ACL

控制ACL列表定义示例acl

LAN1

src

/24acl

PC1

src

2/32acl

Blk_

dstacl

Work_Hours

timeMTWHF

08:30-17:30acl

Max20_Conn

maxconn

20acl

Blk_URL

url_regex

-i

^rtsp://

^mms://acl

Blk_Words

urlpath_regex

-i

sexadultacl

RealFile

urlpath_regex

-i

\.rmvb$

\.rm$2020/11/24Cryptographypage:33ACL

控制根据已经定义的部分ACL列表进行 控制http_access

deny

LAN1

Blk_URLhttp_access

deny

LAN1

Blk_Wordshttp_access

deny

PC1

RealFilehttp_access

deny

PC1

Max20_Connhttp_access

allow

LAN1

Work_Hours2020/11/24Cryptographypage:34ACL

控制控制规则的匹配顺序没有设置任何规则时——

将 所有客户端的 请求有规则但找不到相匹配的项时——

将采用与最后一条规则相反的权限，即如果最后一条规则是allow，那么就

客户端的请求，否则允许该请求2020/11/24Cryptographypage:35配置的基本条件实现前提：

客户机的Web数据要能经过服务构建在网关（

）主机中配置要求：服务程序能够支持规则，将客户机的Web

数据自动重定向给

服

设置务程序处理2020/11/24Cryptographypage:36配置服务的典型应用环境Internet服务器局域网PC机1/24eth0:1/30eth1:/249/302020/11/24Cryptographypage:37配置基本实现步骤修改squid.conf配置文件，并重新加载该配置

http_port

:8080

transparent添加iptables规则

iptables

-t

nat

-I

PREROUTING

-i

eth1

-s

/24

-ptcp

--dport

80

-j

REDIRECT

--to-ports

8080客户机浏览器

不需要在浏览器中指定 服务器的地址、端口验证 的实施效果2020/11/24Cryptographypage:382020/11/24Cryptographypage:39Iptables

–t

nat

–A

POSTROUTING

–s/24–j

SNAT

–to-source42020/11/24Cryptographypage:40http_port

:3128

transparent配置反向Internet反向服务器Internet中的客户机9/30eth1:/24eth0:1/30/24/24服务器群2020/11/24Cryptographypage:41accelAccelerator

mode.

Also

needs

at

least

one

ofvhost/vport/defaultsitedefaultsite=

nameWhat

to

use

for

the

Host:

header

if

it

is

not

present

in

arequest.

Determines

what

site

(not

origin

server)

acceleratorsshould

consider

the

default.

Implies

accel.vhostAccelerator

mode

using

Host

header

for

virtualsupport.

Implies

accel.2020/11/24Cryptographypage:422020/11/24Cryptographypage:43cache_peerTo

specify

other

caches

in

a

hierarchy,

use

the

format:

cache_peer

hostname

type

http-port

icp-port

[options]For

example

cache_peer

cache_peer

cache_peer

parentsiblingsibling3128

3130

proxy-only

default3128

3130

proxy-only3128

3130

proxy-onlytype:

either

'parent',

'sibling',

or

'multicast‘proxy-port: The

port

number

where

the

cache

listens

forproxy

requestsicp-port: Used

for

queryingneighborcaches

about

objects5,2,12020/11/24Cryptographypage:44weight=nTo

affect

the

selection

of

a

peerduring

any

weighted

peer-selection

mechanismsThe

weight

must

be

an

integer;

default

is

1,

larger

weights

arefavored

moremax-conn=nTo

limit

the

amount

of

connections

Squid

may

open

to

thispeeroriginserverCauses

this

parent

peer

to

be

contacted

as

a

origin

serverMeant

to

be

used

in

accelerator

setups2020/11/24Cryptographypage:45配置反向基本实现步骤修改squid.conf文件，并重新加载该配置http_port

1:80

vhostcache_peer

parent

80

0

originserver

weight=5

max-conn=30cache_peer

parent

80

0

originserver

weight=5

max-conn=30cache_peer

parent

80

0

originserver

weight=5

max-conn=30cache_peer

parent

80

0

originserver

weight=1

max-conn=8cache_peer

Web服务器地址

服务器类型

http端口

icp端口

[可选项]memcachedtext,

binaryiptcp,

udpnet

ip

802020/11/24Cryptographypage:4710k,

34K2020/11/24Cryptographypage:484k10M已用，空闲2020/11/24Cryptographypage:4948bytes80bytes72增长因子growth

factor,

1.25

48bytes:

slab

class,

slab

chunk

80bytes2020/11/24Cryptographyindex.html/42020/11/24Cryptographypage:512020/11/24Cryptographypage:52perl

modulecache::memcachedphpmemcachememcachedC/C++libmemecached

命令行工具memadmin1-2^322020/11/24Cryptographypage:532020/11/24Cryptographypage:54GetURIPUT/etc/issueget,put,

mget,

mputsimple

protocol,http:

textftp:

text,

binary不互相通信的分布式2020/11/24Cryptographypage:55consistent

hash2020/11/24Cryptographypage:562020/11/24Cryptographypage:57HAProxynginx

→

tenginea.jpg2020/11/24Cryptographypage:59web

monitor655352020/11/24Cryptographypage:60url:

提高缓存2020/11/24Cryptographypage:612020/11/24Cryptographypage:622020/11/24Cryptographypage:632020/11/24Cryptographypage:64/bbs/X-Forward-For2020/11/24Cryptographypage:652020/11/24Cryptographypage:66varnishExpire:2013-05-21

14:59:30publicprivate2020/11/24Cryptographypage:68Cache-Control:

max-age=600If-Modify-Since:2020/11/24Cryptographypage:69CDN:

Content

DeliveryNetwork1inCNAMEinCNAME2020/11/24Cryptographypage:702020/11/24Cryptographypage:71Bind,viewBind-dlz

+

MySQL

Pgsql,

Oracle,

db4Squid:

varnishHttpd:

nginxNginx

+

varnishNginx

+

SquidWeb

Cache的类型浏览器Cache私有缓存

可以缓存“private”响应Cache

ProxySurrogates-缓存Web加速共享缓存

只能缓存“public”响应2020/11/24Cryptographypage:72一些数据多至43%的Web请求 不可缓存的内容Web缓存

为40%左右是比较现实的2020/11/24Cryptographypage:73页面静态化理想状态：静态化所有页面——实际做不到如何静态化？由模板生成静态页面定时或有更新时：成千上万个页面的静态化不现实页面有变体，不适合静态化多台服务器 麻烦页面既包含静态内容，又包含动态内容2020/11/24Cryptographypage:74页面缓存动态页面内容按需静态化前端cachemod_cacheSquidVarnish*遵循HTTP的Cache规范可精细控制CacheExpiresCache-control适合GET类CGI请求2020/11/24Cryptographypage:75HTTP的Cache规范要充分发挥Cache的效用，就必须了解HTTPCache规范和机制条件请求ExpirationCache-control2020/11/24Cryptographypage:76条件请求2020/11/24Cryptographypage:77If-Modified-Since/Last-Modified1.服务器响应：

200OK

Last-Modified:

…2.浏览器请求

GET

…

HTTP/1.1

If-Modified-Since:

…3.服务器响应

200

OK

或

304

Not

Modified条件请求(2)2020/11/24Cryptographypage:78If-None-Match

/

ETag1.Server响应

200OK

ETag:

abcdef2.浏览器请求

GET

…

HTTP/1.1

If-None-Match:

abcdef3.Server响应

200

OK

或

304

Not

ModifiedExpirationExpires设置对象的绝对失效时间是HTTP/1.0规范max-age是Cache-control的一个指令设置对象的 （秒数）是HTTP/1.1规范max-age优先于Expires2020/11/24Cryptographypage:79Cache-controlno-cache=[Set-

]浏览器和squid都不可以缓存再次使用前需发送条件请求max-age=NNN指定缓存有效时间（秒）public浏览器和squid都可以缓存max-age指定缓存时间private只有浏览器可以缓存2020/11/24Cryptographypage:80s,=day-traderHTTP请求携带

s:

:

name=profile,domaipath=mysecrets.html,HTTP响应设置

s:Set- :name=profile,domaipath=mysecrets.html,

=day-trader,s——太理想化Cached

content需要的时候才设置Squid添加一个IMS头2020/11/24Cryptographypage:81一些典型的Cache场景2020/11/24Cryptographypage:82返回个人信息Cache-control:

private,

max-age=NNNCGI写操作Cache-control:

no-store,

no-cacheCGI获取状态等信息Cache-control:

public,

max-age=NNNrecvpipeerrorerror2020/11/24Cryptographypage:83passpasslookuplookupGET,

HEADVia:

Expire:

2012-12-21

00:00:00ETag:If-Modified-Since:Last-Modified：If-None-Match2020/11/24Cryptographypage:84reverse

proxy2020/11/24Cryptographypage:85apache,

mod_proxy,

cache

(disk,

memory)Nginx,

cache

(disk,

)squidvarnish

(disk,

memory)6002020/11/24Cryptographypage:862020/11/24Cryptographypage:87Cache-Control:

max-age=10s-maxage=10Varnish

Architecture2020/11/24Cryptographypage:882020/11/24Cryptographypage:89Varnish2020/11/24Cryptographypage:902020/11/24Cryptographypage:91rpmsubroutinesVCL2020/11/24Cryptographypage:922020/11/24Cryptographypage:93Threading

mode2020/11/24Cryptographypage:94Threading

parameters2020/11/24Cryptographypage:95LAMPLAMP2020/11/24Cryptographypage: