CDN詳情查看我這篇文章:https://blog.csdn.net/qq_43442524/article/details/106924003
前期準備
- Centos7 四臺
- Xshell
1. Squid
Squid 常常被用作代理緩存服務器,在自建CDN中處於源站和客戶端的中間位置,使得用戶無需訪問源站便可獲取內容資源,提高了用戶的訪問速度。作爲代理服務器,Squid 可以支持多種協議,如 HTTP 、 FTP , SSL 協議等,Squid 使用 的是單獨的 I/O 驅動進程來獲取並響應客戶端的請求,這是 Squid 獨特的地方。
Squid 作爲代理服務器,可以獲取並響應用戶的訪問請求 。當用戶向 Squid 發出訪 問某個內容的請求時,Squid 會將用戶請求轉發到需要的網站,然後,網站響應該請求並將內容返回給 Squid,最後 Squid 將內容返回給用戶,同時也會在本地存放一份備份內 容,以後遇到同樣的用戶請求時則將備份傳送給用戶,以此提高用戶的響應速度。
由於Squid 存在己久,導致其與近年來流行的系統特性有很多不兼容之處。所以,目前很多公司在引用 Squid 的時候都會對其核心功能進行修改,比如,修改 Squid 以使得它支持多進程等。對 CDN 的提供服務商而言,也需要根據不同需求對 Squid 進行特定的修改。
雖然 Squid 存在時間比較長,也有很多特性無法支持,但是作爲代理緩存服務器, Squid仍然能爲用戶訪問網站起到很好的加速作用,並且在提高訪問速度的同時,也擁有身份驗證以及流量管理等高級功能。基於此,流服務緩存節點採用 Squid 實現代理緩存功能 。
1.1 安裝Squid
[root@localhost ~]# yum install -y squid
[root@localhost ~]# vim /etc/squid/squid.conf
文件最後添加
# Httpd
http_port 80 accel vhost vport
cache_peer 192.168.0.100 parent 80 0 proxy-only
http_access allow all
1.2 啓動Squid
[root@localhost ~]# squid -k parse
2020/06/27 15:35:35| Startup: Initializing Authentication Schemes ...
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'basic'
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'digest'
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'negotiate'
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'ntlm'
2020/06/27 15:35:35| Startup: Initialized Authentication.
2020/06/27 15:35:35| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2020/06/27 15:35:35| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
2020/06/27 15:35:35| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
2020/06/27 15:35:35| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
2020/06/27 15:35:35| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range
2020/06/27 15:35:35| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
2020/06/27 15:35:35| Processing: acl SSL_ports port 443
2020/06/27 15:35:35| Processing: acl Safe_ports port 80 # http
2020/06/27 15:35:35| Processing: acl Safe_ports port 21 # ftp
2020/06/27 15:35:35| Processing: acl Safe_ports port 443 # https
2020/06/27 15:35:35| Processing: acl Safe_ports port 70 # gopher
2020/06/27 15:35:35| Processing: acl Safe_ports port 210 # wais
2020/06/27 15:35:35| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2020/06/27 15:35:35| Processing: acl Safe_ports port 280 # http-mgmt
2020/06/27 15:35:35| Processing: acl Safe_ports port 488 # gss-http
2020/06/27 15:35:35| Processing: acl Safe_ports port 591 # filemaker
2020/06/27 15:35:35| Processing: acl Safe_ports port 777 # multiling http
2020/06/27 15:35:35| Processing: acl CONNECT method CONNECT
2020/06/27 15:35:35| Processing: http_access deny !Safe_ports
2020/06/27 15:35:35| Processing: http_access deny CONNECT !SSL_ports
2020/06/27 15:35:35| Processing: http_access allow localhost manager
2020/06/27 15:35:35| Processing: http_access deny manager
2020/06/27 15:35:35| Processing: http_access allow localnet
2020/06/27 15:35:35| Processing: http_access allow localhost
2020/06/27 15:35:35| Processing: http_access deny all
2020/06/27 15:35:35| Processing: http_port 3128
2020/06/27 15:35:35| Processing: coredump_dir /var/spool/squid
2020/06/27 15:35:35| Processing: refresh_pattern ^ftp: 1440 20% 10080
2020/06/27 15:35:35| Processing: refresh_pattern ^gopher: 1440 0% 1440
2020/06/27 15:35:35| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2020/06/27 15:35:35| Processing: refresh_pattern . 0 20% 4320
2020/06/27 15:35:35| Processing: http_port 80 accel vhost vport
2020/06/27 15:35:35| Processing: cache_peer 192.168.0.100 parent 80 0 proxy-only
2020/06/27 15:35:35| Processing: http_access allow all
2020/06/27 15:35:35| Initializing https proxy context
[root@localhost ~]# squid -k reconfigure
[root@localhost ~]# systemctl start squid
[root@localhost ~]# systemctl status squid
● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2020-06-27 15:36:40 CST; 11s ago
Process: 2471 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
Process: 2466 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Main PID: 2473 (squid)
CGroup: /system.slice/squid.service
├─2473 /usr/sbin/squid -f /etc/squid/squid.conf
├─2475 (squid-1) -f /etc/squid/squid.conf
└─2476 (logfile-daemon) /var/log/squid/access.log
6月 27 15:36:40 localhost.localdomain systemd[1]: Starting Squid caching proxy...
6月 27 15:36:40 localhost.localdomain systemd[1]: Started Squid caching proxy.
6月 27 15:36:40 localhost.localdomain squid[2473]: Squid Parent: will start 1 kids
6月 27 15:36:40 localhost.localdomain squid[2473]: Squid Parent: (squid-1) process 2475 started
2. Apache
2.1 安裝Httpd服務
[root@localhost ~]# yum install httpd -y
2.2 編寫首頁
#index.php
<?php
function serverIp(){ //獲取服務器IP地址
if(isset($_SERVER)){
if($_SERVER['SERVER_ADDR']){
$server_ip=$_SERVER['SERVER_ADDR'];
}else{
$server_ip=$_SERVER['LOCAL_ADDR'];
}
}else{
$server_ip = getenv('SERVER_ADDR');
}
return $server_ip;
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>CDN測試</title>
</head>
<body>
<div class="banner">
<ul>
<li><img src="1.jpg" /></li>
</ul>
</div>
<div class="main_list">
<ul>
<li><a href="#">CDN測試...</a></li>
</ul>
</div>
<span><?php echo serverIp(); ?></span>
</body>
</html>
2.3 測試
通過192.168.0.101
訪問到源站192.168.0.100
查看日誌:
分兩次訪問,發現/var/log/squid/access.log
第一次訪問時是從源站(192.168.0.100)拉取資源,並且在本機緩存
第二次訪問,直接訪問本機(192.168.0.101)資源
3. 安裝LVS實現負載均衡
[root@localhost ~]# yum install -y ipvsadm
[root@localhost ~]# lsmod |grep ip_vs
[root@localhost ~]# modprobe ip_vs
[root@localhost ~]# lsmod |grep ip_vs
ip_vs 145497 0
nf_conntrack 139224 1 ip_vs
libcrc32c 12644 3 xfs,ip_vs,nf_conntrack
[root@localhost ~]#
3.1 創建VIP調度地址
[root@localhost ~]# ifconfig ens33:0 192.168.0.200 netmask 255.255.255.255
[root@localhost ~]# ipvsadm -At 192.168.0.200:80 -s rr
[root@localhost ~]# ipvsadm -at 192.168.0.200:80 -r 192.168.0.101:80 -g
[root@localhost ~]# ipvsadm -at 192.168.0.200:80 -r 192.168.0.102:80 -g
[root@localhost ~]#
在squid1和squid2兩臺服務器節點,創建VIP應答地址
[root@localhost ~]# ifconfig lo:0 192.168.0.200 netmask 255.255.255.255
在squid1和squid2兩臺服務器節點,屏蔽ARP請求
[root@localhost ~]# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@localhost ~]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@localhost ~]# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@localhost ~]# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
[root@localhost ~]#
在LVS中,#ipvsadm -L 檢查配置情況
[root@localhost ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP localhost.localdomain:http rr
-> 192.168.0.101:http Route 1 0 0
-> 192.168.0.102:http Route 1 0 0
[root@localhost ~]#
3.2 測試
在Windows10訪問(192.168.0.200),可以看到從VIP地址通過負載均衡訪問到了Squid資源地址
查看日誌:
宿主機通過LVS-VIP(192.168.0.200)訪問到了Squid2(192.168.0.102),並且Squid2從源站(192.168.0.100)緩存了資源
原理
此CDN方案原理就是客戶端通過訪問LVS暴露在外的虛擬地址192.168.0.200
,將流量負載均衡到Squid1192.168.0.101
或者Squid2192.168.0.102
機器上,並且Squid實現了從源站192.168.0.100
緩存了資源,當以後的流量想要訪問源站時,直接從Squid服務器緩存中得到,大幅度減少了源站的壓力。