yum install varnish -y # or dnf install varnish -y
Version
1 2 3 4
varnishd -V varnishd (varnish-6.0.2 revision 0458b54db26cfbea79af45ca5c4767c7c2925a91) Copyright (c) 2006 Verdens Gang AS Copyright (c) 2006-2018 Varnish Software AS
cat /etc/varnish/default.vcl # # This is an example VCL file for Varnish. # # It does not do anything by default, delegating control to the # builtin VCL. The builtin VCL is called when there is no explicit # return statement. # # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ # and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples. # Marker to tell the VCL compiler that this VCL has been adapted to the # new 4.0 format. vcl 4.0; # Default backend definition. Set this to point to your content server. backend default { .host = "127.0.0.1"; .port = "8080"; }
sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. }
sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. }
sub vcl_deliver { # Happens when we have all the pieces we need, and are about to send the # response to the client. # # You can do accounting or modifying the final object here. }
安装 Hitch 1.5(EPEL)
hitch requires:
1 2
libev >= 4 openssl (recent, >=1.0.0 recommended)
hitch currently works on Linux, OpenBSD, FreeBSD, and MacOSX. It has been tested the most heavily on Linux/x86_64.
cat /etc/hitch/hitch.conf # Run 'man hitch.conf'for a description of all options.
frontend = { host = "*" port = "443" } backend = "[127.0.0.1]:6086" # 6086 is the default Varnish PROXY port. workers = 4 # number of CPU cores
daemon = on # We strongly recommend you create a separate non-privileged hitch # user and group user = "hitch" group = "hitch" # Enable to let clients negotiate HTTP/2 with ALPN. (default off) # alpn-protos = "h2, http/1.1" # run Varnish as backend over PROXY; varnishd -a :80 -a localhost:6086,PROXY .. write-proxy-v2 = on # Write PROXY header
syslog = on log-level = 1 # Add pem files to this directory pem-dir = "/etc/pki/tls/private"
Enable/Disable various minor features. none Disable all features.
Use +/- prefix to enable/disable inpidual feature: short_panic Short panic message. wait_silo Wait for persistent silo. no_coredump No coredumps. esi_ignore_https Treat HTTPS as HTTP in ESI:includes esi_disable_xml_check Don't check of body looks like XML esi_ignore_other_elements Ignore non-esi XML-elements esi_remove_bom Remove UTF-8 BOM https_scheme Also split https URIs http2 Support HTTP/2 protocol http_date_postel Relax parsing of timestamps in HTTP headers
echo ' # Run 'man hitch.conf'for a description of all options.
frontend = { host = "*" port = "443" } backend = "[127.0.0.1]:6086" # 6086 is the default Varnish PROXY port. workers = 4 # number of CPU cores
daemon = on # We strongly recommend you create a separate non-privileged hitch # user and group user = "hitch" group = "hitch" # Enable to let clients negotiate HTTP/2 with ALPN. (default off) # Varnish 启动参数必须增加 `-p feature=+http2`,开启 HTTP/2 特性(默认关闭) alpn-protos = "h2, http/1.1" # run Varnish as backend over PROXY; varnishd -a :80 -a localhost:6086,PROXY .. write-proxy-v2 = on # Write PROXY header
syslog = on log-level = 1 # Add pem files to this directory #pem-dir = "/etc/pki/tls/private" ## PEM 文件包含 key、cert 和 chain 的组合,可以支持多个 PEM 文件 ## cat sysin.org.key sysin.org.crt my-ca-bundle.crt > sysin.org.pem pem-file = "/etc/hitch/varnish.pem" # 定义第二个 PEM 文件 #pem-file = "/etc/hitch/mydomain.pem" ## 官方推荐默认 cipher ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" ## Hitch supports TLS (1.0, 1.1, 1.2, 1.3) and SSL 3. By default tls-protos = TLSv1.2 TLSv1.3 ## TCP Fast Open saves up to one full round-trip time (RTT) over the standard three-way connection handshake during a TCP session. tcp-fastopen = on ' > /etc/hitch/hitch.conf