我在 Wordpress MU 安装中启用 2 个域时卡住了。主要问题:如何正确配置 Varnish 以理解这两个领域?
我有下一个配置:
Nginx 前端 -> Varnish 缓存 -> Varnish 后端
网络配置如下: 所有对我的真实 IP 端口 :80 和 :443 的请求都被转换为本地 IP 192.168.1.70 到 Nginx。 Nginx 将所有请求从 80 转移到 443。然后所有请求都转到 Varnish。如果没有缓存,Varnish 会询问后端。
nginx 的 4 个配置文件: frontend-domain1.com frontend-domain2.com
除了“server_name”“proxy_set_header Host”选项外,前端的配置类似
server {
listen 192.168.1.70:80;
server_name domain1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 192.168.1.70:443 ssl;
server_name domain1.com;
keepalive_timeout 60 60;
gzip on;
gzip_comp_level 1;
gzip_min_length 512;
gzip_buffers 8 64k;
gzip_types text/plain;
gzip_proxied any;
ssl on;
ssl_stapling on;
resolver 8.8.8.8 8.8.4.4;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_certificate /chain.crt;
ssl_certificate_key /private.key;
ssl_dhparam /dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:E$
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
location / {
proxy_pass http://127.0.0.1:6081/;
proxy_set_header Host domain1.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
}
}
backend-domain1.com 后端域2.com 后端配置类似,除了 server_name 选项
server {
listen 127.0.0.1:81;
root /web/sites/domain1;
index index.php;
gzip on;
gzip_comp_level 1;
gzip_min_length 512;
gzip_buffers 8 64k;
gzip_types text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
gzip_proxied any;
server_name domain1.com;
location ~ /\. {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~ \.php$ {
try_files $uri =404;
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
}
}
Varnish 配置: 默认.vcl
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "81";
}
acl purge {
"localhost";
"127.0.0.1";
"192.168.1.70";
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
return(synth(405, "This IP is not allowed to send PURGE
requests."));
}
return (purge);
}
}
include "/etc/varnish/domain1.vcl";
include "/etc/varnish/domain2.vcl";
domain1.vcl 和 domain2.vcl 不同之处在于:“req.http.host”
sub vcl_recv {
if (req.http.host == "domain1.com") {
if (req.url !~ "^/wp-(login|admin)") {
unset req.http.cookie;
}
}
set req.http.host = regsub(req.http.host, "^www\.", "");
set req.http.host = regsub(req.http.host, ":[0-9]+", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
if (req.http.Authorization || req.method == "POST") {
return (pass);
}
if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
return (pass);
}
if (req.url ~ "sitemap" || req.url ~ "robots") {
return (pass);
}
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
# if (req.http.cookie ~ "^ *$") {
# unset req.http.cookie;
# }
if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico|woff|svg|htm|html)") {
unset req.http.cookie;
if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
return (pass);
}
if (!req.http.cookie) {
unset req.http.cookie;
}
if (req.http.Authorization || req.http.Cookie) {
# Not cacheable by default
return (pass);
}
return (hash);
}
sub vcl_pass {
return (fetch);
}
sub vcl_hash {
hash_data(req.url);
return (lookup);
}
sub vcl_backend_response {
unset beresp.http.Server;
unset beresp.http.X-Powered-By;
if (bereq.url ~ "sitemap" || bereq.url ~ "robots") {
set beresp.uncacheable = true;
set beresp.ttl = 30s;
return (deliver);
}
if (bereq.url ~ "\.(css|js|png|gif|jp(e?)g)|swf|ico|woff|svg|htm|html")
{
unset beresp.http.cookie;
set beresp.ttl = 7d;
unset beresp.http.Cache-Control;
set beresp.http.Cache-Control = "public, max-age=604800";
set beresp.http.Expires = now + beresp.ttl;
}
if (bereq.url ~ "wp-(login|admin)" || bereq.url ~ "preview=true") {
set beresp.uncacheable = true;
set beresp.ttl = 30s;
return (deliver);
}
if (!(bereq.url ~ "(wp-login|wp-admin|preview=true)")) {
unset beresp.http.set-cookie;
}
if ( bereq.method == "POST" || bereq.http.Authorization ) {
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
}
if ( bereq.url ~ "\?s=" ){
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
if ( beresp.status != 200 ) {
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
}
set beresp.ttl = 1d;
set beresp.grace = 30s;
return (deliver);
}
sub vcl_deliver {
unset resp.http.X-Powered-By;
unset resp.http.Server;
unset resp.http.Via;
unset resp.http.X-Varnish;
return (deliver);
}
如果我取消注释
# if (req.http.cookie ~ "^ *$") {
# unset req.http.cookie;
# }
它显示第一个打开域的索引。并忽略了第二个域。所有其他链接都可以正常工作。如果我重新启动 Varnish 并询问第二个域,- 它不会显示第一个域的主页。
主要问题:如何正确配置 Varnish 以理解这两个领域?
rus: как корректно заставвить варниш обрабатівать два\несколько домена\доменов?
最佳答案
软件版本: varnish-4.1.1 修订版 66bb824 nginx版本:nginx/1.10.3 PHP 7.0-fpm
操作系统:Ubuntu 16.04.3 LTS
关于wordpress - varnish nginx wordpress ssl 几个域,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47530632/