varnish部署与配置https

部署环境:

  • Ubuntu18.04
  • Nginx1.14.0
  • Varnish5.2.1

(varnish相关信息在这里不过多介绍了,直接开始部署)

在Ubuntu下安装varnish

sudo apt update && sudo apt install varnish
测试安装是否成功
varnishd -V
输出如下表示成功

1
2
3
varnishd (varnish-5.2.1 revision 67e562482)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2015 Varnish Software AS

(如果没有成功安装则搜索下如何更换镜像源8)

最基本的配置

目标是 varnish:80 ->nginx:8080

修改nginx站点配置, 使其监听8080端口

1
2
3
4
5
6
server {
listen 8080;
server_name _;
index index.html;
root /var/www/html;
}

配置varnish, 使其监听80端口
修改 /etc/default/varnish

原配置片段:

1
2
3
4
5
DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"

修改为:

1
2
3
4
5
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"

然后修改 vim /lib/systemd/system/varnish.service
原配置片段:

1
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

修改为

1
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

再让varnish代理到nginx:8080
修改 /etc/varnish/default.vcl
原配置片段:

1
2
3
4
backend default {
.host = "127.0.0.1";
.port = "8080";
}

这里默认就是8080,因此不用做修改

测试

启动服务
sudo service varnish start
sudo service nginx restart
然后访问测试站点,查看响应头包含via: varnish则表示成功

varnish 配置ssl

申请证书这里也不做说明了哦,直接开始部署

思路: nginx:80 ->nginx:443 ->varnish:79 ->nginx:8080

首先又需要修改nginx的配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
server {
listen 80;
server_name _ default_server;
location / {
return 301 https://$host$request_uri; # http访问跳转443
}
}
# 到此处实现了 nginx:80 ->nginx:443

server {
listen 443 ssl http2;
server_name _ default_server;

ssl on;
ssl_certificate /var/www/ssl/.crt; # 你的证书密钥
ssl_certificate_key /var/www/ssl/.key; # 你的证书密钥

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://127.0.0.1:79; # 到此处实现了 nginx:80 ->nginx:443 ->varnish:79
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
}
}

# 实际访问的配置, 在步骤
# nginx:80 ->nginx:443 ->varnish:79 -> nginx:8080
# 中是第四步
server {
listen 8080;
server_name _;
index index.html;
root /var/www/html;
}

然后再修改刚刚打开过的varnish配置文件/etc/default/varnish
修改配置片段

1
2
3
4
5
6
# 把这里的80改成79
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"

再修改/lib/systemd/system/varnish.service

1
2
# 把这里的 :80 改成 :79
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

然后重启服务
systemctl daemon-reload
sudo service varnish restart
sudo service nginx restart
再次以http协议访问测试站点,nginx可以自动跳转https。https代理回varnish的79端口, varnish又会回到实际要访问的nginx:8080端口

支付宝打赏 微信打赏

赞赏是不耍流氓的鼓励