在过去的几天里,我试图在Ubuntu 16.04上使用Nginx 1.12.2设置Varnish 4.1。我阅读了文档和许多不同的资料,但似乎无法很好地处理这些事情。该网站处于重定向循环中,当我使用以下命令时:varnishd -f/etc/varnish/default.vcl -d我收到此错误:无法打开套接字::80:地址已在使用中。
为了澄清起见,我正在尝试设置nginx来接收HTTPS(也将HTTP重新转换为HTTPS),然后将其发送给Varnish,然后在缓存未命中时返回到nginx。非常感谢任何可以向我指出正确方向的人。
我已经将我的nginx设置为如下所示(/etc/nginx/sites-available/fujiorganics.com):
server {
listen 80;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fujiorganics.com/fullchain.pem;
# managed by Certbot
ssl_certificate_key
/etc/letsencrypt/live/fujiorganics.com/privkey.pem; # managed by
Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by
Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by
Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
# managed by Certbot
root /var/www/fujiorganics.com/html;
index index.php index.html index.htm;
server_name fujiorganics.com www.fujiorganics.com;
# Proxy Pass to Varnish
# Add headers to recognize SSL
location / {
proxy_pass http://127.0.0.2;
# Pass a bunch of headers to the downstream server, so
they'll know what's going on.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Most web apps can be configured to read this header and
understand that the current session is actually HTTPS.
proxy_set_header X-Forwarded-Proto https;
# We expect the downsteam servers to redirect to the right
hostname, so don't do any rewrites here.
proxy_redirect off;
}
}
我的 Varnish 配置文件看起来像这样(/etc/varnish/default.vcl):
vcl 4.0;
# List of upstream proxies we trust to set X-Forwarded-For correctly.
backend default {
.host = "127.0.0.1";
.port = "8080";
}
backend fujiorganics {
.host = "127.0.0.2";
.port = "8080";
}
sub vcl_recv {
# Remove any Google Analytics based cookies
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
# Remove Optimizely Cookies
set req.http.Cookie = regsuball(req.http.Cookie, "optim.=[^;]+(; )?", "");
# Remove Gauges Cookies
set req.http.Cookie = regsuball(req.http.Cookie, "_gau.=[^;]+(; )?", "");
# Remove a ";" prefix in the cookie if present
set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
# Are there cookies left with only spaces or that are empty?
if (req.http.cookie ~ "^\s*$") {
unset req.http.cookie;
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.method != "GET" && req.method != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if ( (req.http.host ~ "^(?i)fujiorganics.com") && req.http.X-Forwarded-Proto !~ "(?i)https") {
set req.backend_hint = fujiorganics;
set req.http.x-redir = "https://" + req.http.host + req.url;
return (synth(750, ""));
}
return (hash);
}
# handles redirecting from http to https
sub vcl_synth {
if (resp.status == 750) {
set resp.status = 301;
set resp.http.Location = req.http.x-redir;
return(deliver);
}
}
sub vcl_backend_response {
set beresp.ttl = 10s;
set beresp.grace = 1h;
}
sub vcl_deliver {
if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
}
而这个(/etc/systemd/system/varnish.service.d/customexec.conf):
[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :8080 -T localhost:6082 -f
/etc/varnish/default.vcl -S /etc/varnish/secret -s default,1G
最后,此服务器块与上述第一个文件包含在同一文件中
server {
listen 8080;
listen [::]:8080;
root /var/www/fujiorganics.com/html;
index index.php index.html index.htm;
server_name 127.0.0.2;
location / {
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php7.0-cgi alone:
#fastcgi_pass 127.0.0.1:9000;
# With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
我可以确认该网站无需进行 Varnish 重定向即可正常运行。
最佳答案
Varnish试图通过端口8080与Nginx进行通信,但是Nginx监听80端口,这也是Varnish想要监听的端口。
COnfigure Varnish可以监听端口80,Nginx可以监听8080,它应该可以工作。
关于nginx - 在多个站点上使用Nginx设置Varnish,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48336775/