SUCKUP.de

Nginx + Varnish auf Debian/Ubuntu

This blog post has been published on 2010-10-29 and may be out of date.

Zurück zur “Webseiten beschleunigen” – Übersicht

5.4) Nginx mit Varnish


“Varnish ist ein Web-Beschleuniger für dynamische Web-Seiten mit viel Inhalt. Im Gegensatz zu anderen Web-Beschleunigern, die häufig aus clientseitigen Proxies oder aus Servern entstanden, wurde Varnish von Grund auf als Web-Beschleuniger konzipiert.” – Wiki


Als erstes erweitern wir unsere sources.list, so dass wir die Varnish-Software einfach installieren / updaten können:


Ubuntu:

echo "http://repo.varnish-cache.org/ubuntu/ lucid varnish-2.1" >> /etc/apt/sources.list


Debian:

echo "deb http://repo.varnish-cache.org/debian/ lenny varnish-2.1" >> /etc/apt/sources.list


Nun installieren wir Varnish…

curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
aptitude install varnish


Nun müssen wir einige Eistellungen an Varnish vornehmen, so dass dieser als erstes angesprochen wird…

vim /etc/default/varnish
# Configuration file for varnish
#
# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
# to be set from this shell script fragment.
#

# Should we start varnishd at boot?  Set to "yes" to enable.
START=yes

# Maximum number of open files (for ulimit -n)
NFILES=131072

# Maximum locked memory size (for ulimit -l)
# Used for locking the shared memory log in memory.  If you increase log size,
# you need to increase this number as well
MEMLOCK=82000

# Default varnish instance name is the local nodename.  Can be overridden with
# the -n switch, to have more instances on a single server.
INSTANCE=$(uname -n)

## Configuration with VCL
#
DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"

## TEST
#
#DAEMON_OPTS="-a :80 \
#             -T localhost:6082 \
#             -f /etc/varnish/default.vcl \
#             -s malloc,512M \
#             -p lru_interval=3600 \
#             -p thread_pool_max=2000 \
#             -p listen_depth=2048 \
#             -p 'cc_command=exec cc -fpic -shared -Wl,-x -L/usr/include/libmemcached/memcached.h -lmemcached -o %o %s' \
#             -h classic,500009 \
#             -t 0"

## Alternative 3, Advanced configuration
#
# See varnishd(1) for more information.
#
# # Main configuration file. You probably want to change it :)
# VARNISH_VCL_CONF=/etc/varnish/default.vcl
#
# # Default address and port to bind to
# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=
# VARNISH_LISTEN_PORT=6081

#
# # Telnet admin interface listen address and port
# VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
# VARNISH_ADMIN_LISTEN_PORT=6082
#
# # The minimum number of worker threads to start
# VARNISH_MIN_THREADS=1
#
# # The Maximum number of worker threads to start
# VARNISH_MAX_THREADS=1000
#
# # Idle timeout for worker threads
# VARNISH_THREAD_TIMEOUT=120
#
# # Cache file location
# VARNISH_STORAGE_FILE=/var/lib/varnish/$INSTANCE/varnish_storage.bin
#
# # Cache file size: in bytes, optionally using k / M / G / T suffix,
# # or in percentage of available disk space using the % suffix.
# VARNISH_STORAGE_SIZE=1G
#
# # File containing administration secret
# VARNISH_SECRET_FILE=/etc/varnish/secret
#
# # Backend storage specification
# VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
#
# # Default TTL used when the backend does not specify one
# VARNISH_TTL=120
#
# # DAEMON_OPTS is used by the init script.  If you add or remove options, make
# # sure you update this section, too.
# DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
#              -f ${VARNISH_VCL_CONF} \
#              -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
#              -t ${VARNISH_TTL} \
#              -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
#              -S ${VARNISH_SECRET_FILE} \
#              -s ${VARNISH_STORAGE}"
#


Nun muss du die Konfig anpassen, ich zeige hier ein Beispiel für meinen WordPress Blog… ggf. musst du für deine Webseiten jedoch noch weitere Einstellungen ändern.


vim /etc/varnish/default.vcl
backend default {
        .host = "127.0.0.1";
        .port = "8080";
}

acl purge {
        "localhost";
}

sub vcl_fetch {
        set beresp.ttl = 12h;
        set req.grace = 24h;
        if (req.url ~ "wp-(login|admin)") {
                return (pass);
        }
        if (req.url ~ "feed") {
                return (pass);
        }
        return (deliver);
        unset beresp.http.set-cookie;
        if (req.url ~ "\.(jpeg|jpg|png|gif|ico|swf|js|css|txt|gz|zip|rar|bz2|tgz|tbz|html|htm|pdf|pls|torrent)$") {
                set beresp.ttl = 48h;
        }

        remove req.http.X-Forwarded-For;
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
        return(deliver);
}

sub vcl_deliver {
        if (obj.hits > 0) {
                set resp.http.X-Cache = "HIT";
                set resp.http.X-Cache-Hits = obj.hits;
        } else {
                set resp.http.X-Cache = "MISS";
        }
        remove resp.http.X-Varnish;
        remove resp.http.Via;
        remove resp.http.Age;
        remove resp.http.X-Powered-By;
}

sub vcl_recv {
        set req.grace = 6h;
        if (req.request == "PURGE") {
                if(!client.ip ~ purge) {
                        error 405 "Not allowed.";
                }
                purge("req.url ~ ^" req.url "$ && req.http.host == "req.http.host);
        }
        if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|lzma|tbz)(\?.*|)$") {
                remove req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
                set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate") {
                set req.http.Accept-Encoding = "deflate";
        } else {
                remove req.http.Accept-Encoding;
        }
        if( req.url ~ "^/wp-(login|admin)" || req.http.Cookie ~ "wordpress_logged_in_" ) {
                return (pass);
        }
        if (!(req.url ~ "wp-(login|admin)")) {
                unset req.http.cookie;
        }
        if (req.request != "GET" &&
                req.request != "HEAD" &&
                req.request != "PUT" &&
                req.request != "POST" &&
                req.request != "TRACE" &&
                req.request != "OPTIONS" &&
                req.request != "DELETE") {
                return (pipe);
        }
        if (req.request != "GET" && req.request != "HEAD") {
                return (pass);
        }
        if (req.http.Authorization || req.http.Cookie) {
                return (pass);
        }
        if (req.url ~ "\.(jpeg|jpg|png|gif|ico|swf|js|css|txt|gz|zip|rar|bz2|tgz|tbz|html|htm|pdf|pls|torrent)(\?.*|)$") {
                unset req.http.Authenticate;
                unset req.http.POSTDATA;
                set req.request = "GET";
                set req.url = regsub(req.url, "\?.*$", "");
                return (lookup);
        }
        unset req.http.cookie;
        return (lookup);
}

sub vcl_pipe {
        set bereq.http.connection = "close";
        if (req.http.X-Forwarded-For) {
                set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
        } else {
                set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
        }
}

sub vcl_pass {
        set bereq.http.connection = "close";
        if (req.http.X-Forwarded-For) {
                set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
        } else {
                set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
        }
}


Parallel müssen wir nun unseren Webserver, egal ob Apache oder in diesem Fall Nginx, auf den Port 8080 lauschen lassen.  Beim Nginx ist dies relativ simpel, du muss nur “listen 80” -> “listen 8080” ändern. Ich zeige an dieser Stelle jedoch einmal meine Nginx-Konfiguration für meinen WordPress Blog.

[stextbox id=”warning”]Wie immer gilt, erst verstehen, dann kopieren… :-)[/stextbox]

server {
        listen 8080;
        server_name suckup.de www.suckup.de blog.voku-online.de linux.voku-online.de windows.voku-online.de ubuntu.voku-online.de allgemein.voku-online.de cdn1.voku-online.de cdn2.voku-online.de cdn3.voku-online.de cdn4.voku-online.de cdn5.voku-online.de *.suckup.de;
        root /var/www/www.suckup.de/web/;
        index index.php;
        access_log /var/log/nginx/suckup.access.log main;
        error_log /var/log/nginx/suckup.error.log;
        log_not_found on;

        ## Cache - testen
        open_file_cache max=2500 inactive=24h;
        open_file_cache_valid    24h;
        open_file_cache_min_uses 2;
        open_file_cache_errors   on;

        location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)(\?[0-9]+)?$ {
                root /var/www/www.suckup.de/web/;
                access_log off;
                expires max;
                break;
        }

        ## Optimierung - "(css/js).php" to "(css/js)"
        location /wp-content/plugins/wp-special-textboxes/css/ {
                location ~* \.(css.php)$ {
                        if ($args ~* ver=(.*)$) {
                                rewrite ^ $scheme://$host/wp-content/cache/wp-special-textboxes.css? permanent;
                        }
                }
        }
        location /wp-content/plugins/wp-special-textboxes/js/ {
                location ~* \.(js.php)$ {
                        if ($args ~* ver=(.*)$) {
                                rewrite ^ $scheme://$host/wp-content/cache/wstb.js? permanent;
                        }
                }
        }
        if ($args ~* ver=3.0.1$) {
                rewrite ^ $scheme://$host/wp-content/cache/wp-special-textboxes.css? permanent;
        }

        if (-f $request_filename) {
                break;
        }
        if (!-e $request_filename) {
                rewrite ^(.+)$ /index.php?q=$1 last;
        }

        # -----------------------------------------
        # http://wiki.nginx.org/Wordpress

        ## remove any multislashes //
        if ($request_uri ~* "\/\/") {
                rewrite ^/(.*) $scheme://$host/$1 permanent;
        }

        ## Slash am Ende anfuegen ?!?
        #if ($request_uri ~* "^[\w\-\/]+[^\/?]$") {
                #rewrite ^(.*)$ $scheme://$host$1/ permanent;
        #}

        ## www eifuegen
        #if ($host !~* ^(www|subdomain)) {
                #rewrite ^/(.*)$ $scheme://www.$host/$1 permanent;
        #}

        ## www vorne entfernen
        if ($host ~* ^www\.(.*)) {
                set $host_without_www $1;
                rewrite ^(.*)$ http://$host_without_www$1 permanent;
        }

        ## immer SSL verwenden
        #rewrite ^(.*) https://$server_name$1 permanent;

        ## immer HTTP verwenden
        #rewrite ^(.*) http://$server_name$1 permanent;

        ## Feedburner
        rewrite ^/e107_plugins/rss_menu/rss.php?(.*)$ http://suckup.de/feed/ last;
        if ($http_user_agent !~ (FeedBurner|Googlebot)) {
                rewrite ^/feed/?$ http://feeds.feedburner.com/suckup last;
                break;
        }

        ## WordPress3
        #if (!-e $request_filename) {
                #rewrite ^(.+)$ /index.php?q=$1 last;
                #break;
        #}

        ## WordPress3 MU
        #if (!-e $request_filename) {
                #rewrite ^.+/?(/wp-.*) $1 last;
                #rewrite ^.+/?(/.*\.php)$ $1 last;
                #rewrite ^(.+)$ /index.php?q=$1 last;
                #break;
        #}

        ## WordPress3 Multi-Domain
        rewrite ^.*/files/(.*)$ /wp-includes/ms-files.php?file=$1 last;
        if (!-e $request_filename) {
                rewrite ^.+/?(/ms-.*) $1 last;
                rewrite ^/files/(.+) /wp-includes/ms-files.php?file=$1 last;
                rewrite ^.+/?(/wp-.*) $1 last;
                rewrite ^.+/?(/.*.php)$ $1 last;
                rewrite ^(.+)$ /index.php?q=$1 last;
                break;
        }
        location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)(\?[0-9]+)?$ {
                access_log off;
                expires max;
                root /var/www/www.suckup.de/web/;
                rewrite ^/.(/wp-.*/.*.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js))(\?[0-9]+)?$ $1 last;
                break;
                rewrite ^.*/files/(.*(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js))(\?[0-9]+)?$ /wp-includes/ms-files.php?file=$1 last;
                break;
                if (!-e $request_filename) {
                        rewrite ^.+/?(/wp-.*) $1 last;
                        rewrite ^.+/?(/.*.php)$ $1 last;
                        rewrite ^(.+)$ /index.php?q=$1 last;
                        break;
                }
        }

        ## WordPress-Forum
        if (!-e $request_filename) {
                rewrite ^/forums/topic/(.*)$ /forums/topic.php?q=$1 last;
                rewrite ^/forums/forum/(.*)$ /forums/forum.php?q=$1 last;
                rewrite ^/forums/profile/(.*)$ /forums/profile.php?q=$1 last;
                rewrite ^/forums/view/(.*)$ /forums/view.php?q=$1 last;
                rewrite ^/forums/tags/(.*)$ /forums/tags.php?q=$1 last;
                rewrite ^/forums/rss/(.*)$ /forums/rss.php?q=$1 last;
                rewrite ^/forums/bb-admin/ /forums/bb-admin/index.php last;
                rewrite ^/forums/ /forums/index.php last;
                break;
        }

        ## WordPress W3 Total Cache
        set $totalcache_file '';
        set $totalcache_uri $request_uri;
        if ($request_method = POST) {
                set $totalcache_uri '';
        }
        if ($query_string) {
                set $totalcache_uri '';
        }
        if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) {
                set $totalcache_uri '';
        }
        if ($totalcache_uri ~ ^(.+)$) {
                set $totalcache_file /wp-content/w3tc-suckup.de/pgcache/$1/_default_.html.gzip;
        }
        if (-f $document_root$totalcache_file) {
                rewrite ^(.*)$ $totalcache_file break;
        }

        ## WordPress SuperCache
        #set $supercache_file '';
        #set $supercache_uri $request_uri;
        #if ($request_method = POST) {
                #set $supercache_uri '';
        #}
        #if ($query_string) {
                #set $supercache_uri '';
        #}
        #if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) {
                #set $supercache_uri '';
        #}
        #if ($supercache_uri ~ ^(.+)$) {
                #set $supercache_file /wp-content/cache/supercache/$http_host/$1index.html;
        #}
        #if (-f $document_root$supercache_file) {
                #rewrite ^(.*)$ $supercache_file break;
        #}

        #if (!-e $request_filename) {
                #rewrite . /index.php last;
        #}

        # -----------------------------------------

        ## memchached test
        #location / {
                #default_type text/html;
                #add_header "Content" "text/html; charset=utf8";
                #charset utf-8;
                #set $memcached_key $uri;
                #memcached_pass 127.0.0.1:11211;
                #error_page 500 404 405 = @fallback;
        #}
        #location @fallback {
                #try_files $uri $uri/ @suckup;
        #}

        location / {
                try_files $uri $uri/ @suckup;
                sub_filter suckup.de:8080
                'suckup.de:80';
                sub_filter_once on;
        }

        location @suckup {
                include /etc/nginx/fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root/index.php;
                fastcgi_param QUERY_STRING q=$uri&$args;
                fastcgi_param SCRIPT_NAME /index.php;
                fastcgi_pass 127.0.0.1:11000;
        }

        location ~ \.php$ {
                try_files $uri @suckup;
                ## memchached test
                #set $memcached_key $uri;
                #memcached_pass  127.0.0.1:11211;
                fastcgi_index index.php;
                fastcgi_pass 127.0.0.1:11000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /etc/nginx/fastcgi_params;
        }

        ## .htaccess & .htpassword sperren
        location ~ /\.ht {
                deny  all;
        }
}