The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "Package:Varnish"
Threesixes (talk | contribs) m (remove toc, link to apache-tools, change curl -I to reflect funtoos use of varnish.) |
Threesixes (talk | contribs) m |
||
Line 64: | Line 64: | ||
== Verification == | == Verification == | ||
To verify that your traffic is going through varnish | To verify that your traffic is going through varnish, and see if you're getting hits or misses: | ||
<console>$##i## curl -I http://www.funtoo.org/Welcome</console> | <console>$##i## curl -I http://www.funtoo.org/Welcome</console> | ||
Line 82: | Line 82: | ||
== SSL support == | == SSL support == | ||
Varnish does not support ssl. There are packages to get around this limitation: | Varnish does not support ssl. There are packages to get around this limitation: | ||
* {{package|stunnel}} | * {{package|net-misc/stunnel}} | ||
* {{package|pound}} | * {{package|www-servers/pound}} | ||
== Media == | == Media == |
Revision as of 08:15, December 1, 2014
Varnish
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
Varnish is a webcache & http accelerator. Varnish will either serve cached content, or retireve content from the server, and cache it. Varnish will reduce I/O pressure from webservers.
Install
Emerge
Install www-servers/varnish:
root # emerge www-servers/varnish
Configuration
as your varnish is local to your server, your server needs to be aware that it is behind a proxy, and configured for x-forwarded-for or similar to fetch real users ip addresses instead of displaying 127.0.0.1 or localhost.
Configuration is controlled by /etc/varnish/default.vcl & /etc/conf.d/varnishd
/etc/varnish/default.vcl
- varnish configuration filevcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
}
/etc/conf.d/varnishd
- varnish configuration fileVARNISHD="/usr/sbin/varnishd"
VARNISHADM="/usr/bin/varnishadm"
CONFIGFILE="/etc/varnish/default.vcl"
VARNISHD_OPTS="-a 127.0.0.1:80"
VARNISHD_OPTS="${VARNISHD_OPTS} -u varnish -g varnish"
Varnish will fetch data from localhost:8080 and serve accelerated proxy data on localhost:80
c10k
For 10,000 concurrent connections (or not) a few configuration settings control the power of varnish. If you're having varnish directly serve to the outside world, dial back concurrency to say 50 or 100 connections per ip. You must take into account corporations, and universities hammering several connections from a singular ip. c10k is useful information for if varnish is behind a load balancer such as pound, nginx, or tengine, and all requests are internal and local.
/etc/conf.d/varnishd
- varnish concurrency settingsVARNISHD_OPTS="-a 127.0.0.1:80 -p thread_pool_min=20 -p thread_pool_max=1000 -p thread_pool_add_delay=2 -s malloc,700M"
/etc/varnish/default.vcl
- varnish concurrency settingsbackend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 10000;
# .port = "80" led to issues with competing for the port with apache.
}
BootService
To start varnish immediately:
root # rc-service varnishd start
To start varnish at boot:
root # rc-update add varnishd default
Verification
To verify that your traffic is going through varnish, and see if you're getting hits or misses:
user $ curl -I http://www.funtoo.org/Welcome
Benchmarking
app-admin/apache-tools apache benchmark can show the power of varnish. The examples shown are running 500 requests with concurrency of 100 hits.
ab against a 3 worker cluster mode puma server
root # ab -n 500 -c 100 http://127.0.0.1:3000/index.html | grep Request
Requests per second: 110.92 [#/sec] (mean)
ab against the same server served through varnish
root # ab -n 500 -c 100 http://127.0.0.1/index.html | grep Request
Requests per second: 10268.42 [#/sec] (mean)
SSL support
Varnish does not support ssl. There are packages to get around this limitation:
- No results
- No results
Media