用nginx+squid搭建分布式web服务器 | CDN

显示全部楼层 · 发表于 2013-10-2 22:31:51

本帖最后由 kxmp 于 2013-10-4 01:26 编辑

nginx  squid集群
在nginx配置文件里面的server短之内. location段之外写

upstream squid {
ip_hash;
server s1.kxmp.com:3128; weight=2;
server s2.kxmp.com:444; max_fails=3;
server unix:/tmp/backend3;  weight=3;
server s3.kxmp.com:3571 backup;  weight=3;
server s4.kxmp.com:3891 backup;  weight=3;
}

location squid / {
proxy_pass http://squid;
} #nginx with php的化要放到php的location里面...
不过还是dns那个方法最省事....

拓扑图以后在画个...

squid 关键部分的配置
acl localnet src  192.168.1.2  #cdn1
acl localnet src  192.168.1.3  #cdn2
acl localnet src  192.168.1.4  #cdn3
acl localnet src  192.168.1.5  #cdn4
visible_hostname KxMP CDN
http_port 3400 accel vhost
https_port 3401 cert=/home/kxmp/ssl/ca.pem key=/home/kxmp/ssl/ca.pem accel vhost
cache_peer 192.168.1.2 parent 80 0 no-query originserver round-robin name=web #web主机
cache_peer 192.168.1.3 parent 3128 0 no-query no-digest round-robin weight=3 name=CDN2
cache_peer 192.168.1.4 parent 3128 0 no-query no-digest round-robin weight=3 name=CDN3
cache_peer 192.168.1.5 parent 3128 0 no-query no-digest round-robin weight=3 name=CDN4
acl cdn dstdomain kxmp.com
http_access allow localnet
cache_peer_access web CDN2 CDN3 CDN4 allow cdn
cache_peer_access web CDN2 CDN3 CDN4 deny all

2楼放完整配置文件.供参考

显示全部楼层 · 发表于 2013-10-2 22:32:03

本帖最后由 kxmp 于 2013-10-4 01:29 编辑

Nginx完整配置

#user  nobody;
worker_processes  2;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid       logs/nginx.pid;

events {
worker_connections  10240;
}

http {
include    mime.types;
default_type  application/octet-stream;

#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                '$status $body_bytes_sent "$http_referer" '
#                '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  logs/access.log  main;

sendfile       on;
#tcp_nopush    on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;
upstream squid {
server localhost:3400;
server s2.kxmp.com:3400;
server s3.kxmp.com:3400;
server s4.kxmp.com:3400;
}
server {
      listen    80;
      server_name  localhost;

      #charset koi8-r;

      #access_log  logs/host.access.log  main;

location squid / {
      proxy_pass http://squid;
}

      location / {
         root /home/kxmp/web;
         index  index.html index.htm index.php;
      }

      location ~ \.php$ {
         root          /home/kxmp/web;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  /home/kxmp/web$fastcgi_script_name;
         include       fastcgi_params;
      }
listen 443 ssl;
ssl_certificate /home/kxmp/ssl/kxmp.pem;
ssl_certificate_key /home/kxmp/ssl/kxmp.pem;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
      #error_page  404             /404.html;

      # redirect server error pages to the static page /50x.html
      #
      error_page 500 502 503 504  /50x.html;
      location = /50x.html {
         root html;
      }

      # proxy the PHP scripts to Apache listening on 127.0.0.1:80
      #
      #location ~ \.php$ {
      # proxy_pass http://127.0.0.1;
      #}

      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
      #
      #location ~ \.php$ {
      # root          html;
      # fastcgi_pass 127.0.0.1:9000;
      # fastcgi_index  index.php;
      # fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
      # include       fastcgi_params;
      #}

      # deny access to .htaccess files, if Apache's document root
      # concurs with nginx's one
      #
      #location ~ /\.ht {
      # deny  all;
      #}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen    8000;
# listen    somename:8080;
# server_name  somename  alias  another.alias;

# location / {
#       root html;
#       index  index.html index.htm;
# }
#}

# HTTPS server
#
#server {
# listen    443;
# server_name  localhost;

# ssl                on;
# ssl_certificate    cert.pem;
# ssl_certificate_key  cert.key;

# ssl_session_timeout  5m;

# ssl_protocols  SSLv2 SSLv3 TLSv1;
# ssl_ciphers  HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;

# location / {
#       root html;
#       index  index.html index.htm;
# }
#}

}

SQUID
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7    # RFC 4193 local private network range
acl localnet src fe80::/10    # RFC 4291 link-local (directly plugged) machines
acl localnet src localhost
acl localnet src  192.168.1.2  #cdn1
acl localnet src  192.168.1.3  #cdn2
acl localnet src  192.168.1.4  #cdn3
acl localnet src  192.168.1.5  #cdn4

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all
http_access allow all

# Squid normally listens to port 3128
http_port 3128
https_port 444 cert=/home/kxmp/ssl/ca.pem key=/home/kxmp/ssl/ca.pem
cache_mem 128 MB

# Uncomment and adjust the following to add a disk cache directory.
cache_dir aufs /sft/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /sft/squid/var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

visible_hostname KxMP CDN
http_port 3400 accel vhost
https_port 3401 cert=/home/kxmp/ssl/ca.pem key=/home/kxmp/ssl/ca.pem accel vhost
cache_peer s1.kxmp.com parent 3400 0 no-query  round-robin name=web
cache_peer s2.kxmp.com parent 3400 0 no-query  round-robin name=cdn2
cache_peer s3.kxmp.com parent 3400 0 no-query  round-robin name=cdn3
cache_peer s4.kxmp.com parent 3400 0 no-query  round-robin name=cdn4
cache_peer_domain web kxmp localhost
acl cdn dstdomain kxmp.com localhost kxmp
cache_peer_access web cdn2 cdn3 cdn4 allow cdn
cache_peer_access web cdn2 cdn3 cdn4 deny all

CDN1 CDN2 CDN3
visible_hostname KxMP CDN
http_port 3400 accel vhost
https_port 3401 cert=/home/kxmp/ssl/ca.pem key=/home/kxmp/ssl/ca.pem accel vhost
cache_peer localhost parent 80 0 no-query  originserver name=web
cache_peer_domain web kxmp.com
acl cdn dstdomain kxmp.com
cache_peer_access web allow cdn
cache_peer_access web deny all

显示全部楼层 · 发表于 2013-10-2 23:52:21

现在varnish 应用挺广的, 不知道varnish用于cdn效果怎么样

[其他] 用nginx+squid搭建分布式web服务器 | CDN

评分