Nginx, Varnish – obecnie to najczęściej spotykana para programów znacznie przyspieszającą prace magento.
W tym artykule opiszę konfigurację jaką najczęściej stosujemy w firmie smartmage.pl.
Oczywiście programy muszą być zainstalowane w systmie. Do zainstalowania Nginxa można użyć poleceń:
Do zainstalowania Varnisha musimy dodać dodatkowe repozytoria:
Konfiguracja programów: Varnish na porcie 80, Nginx na porcie 8080.
Konfiguracja nginxa na porcie 8080:
Plik nginx.conf:
2 | worker_processes 4; # Liczbę ustawiamy taką samą jak liczba procesorów |
7 | worker_connections 1024; |
12 | # Zabezpieczenie przed atakami DDOS |
15 | limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s; |
16 | limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; |
26 | types_hash_max_size 2048; |
28 | client_max_body_size 20m; |
29 | client_body_buffer_size 128k; |
31 | include /etc/nginx/mime.types; |
32 | default_type application/octet-stream; |
35 | # Logging Settings / Zmiana logowania ip. W standardowej konfiguracje bedzie tylko logowania ip z Varnisha |
38 | log_format varnish_log '$http_x_forwarded_for - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent "$http_referer" ' '"$http_user_agent"' ; |
39 | access_log /var/log/nginx/access.log; |
40 | error_log /var/log/nginx/error.log; |
54 | gzip_http_version 1.1; |
55 | gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript applicacion/x-font-ttf; |
60 | # Uncomment it if you installed nginx-naxsi |
63 | #include /etc/nginx/naxsi_core.rules; |
66 | # Virtual Host Configs |
69 | include /etc/nginx/conf.d/*.conf; |
70 | include /etc/nginx/sites-enabled/*; |
Przykladowy plik vhosta:
2 | listen 10.0.0.10:8080; # Przykładowy ip |
4 | server_name www.domena.pl; ## Domain is here twice so server_name_in_redirect will favour the www |
5 | root /var/www/domena/web; |
8 | index index.php index.html; ## Allow a static html file to be shown first |
9 | try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler |
10 | expires 30d; ## Assume all files are cachable |
13 | ## These locations downloadable would be hidden by .htaccess normally |
14 | location ^~ /app/ { deny all; } |
15 | location ^~ /includes/ { deny all; } |
16 | location ^~ /lib/ { deny all; } |
17 | location ^~ /media/downloadable/ { deny all; } |
18 | location ^~ /pkginfo/ { deny all; } |
19 | location ^~ /report/config.xml { deny all; } |
20 | location ^~ /var/ { deny all; } |
22 | location /var/export/ { ## Allow admins only to view export folder |
23 | auth_basic "Restricted"; ## Message shown in login window |
24 | auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword |
28 | location /. { ## Disable .htaccess and other hidden files |
32 | location @handler { ## Magento uses a common front handler |
36 | location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler |
37 | rewrite ^(.*.php)/ $1 last; |
40 | location ~ .php$ { ## Execute PHP scripts |
41 | if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss |
43 | expires off; ## Do not cache dynamic content |
44 | fastcgi_read_timeout 1200s; |
45 | fastcgi_send_timeout 1200s; |
46 | fastcgi_connect_timeout 1200s; |
47 | fastcgi_pass unix:/var/run/php5-fpm.sock; |
48 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
49 | fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores |
50 | fastcgi_param MAGE_RUN_TYPE store; |
51 | fastcgi_param PHP_ADMIN_VALUE sendmail_path = /usr/sbin/sendmail -t -i -fadres@email.pl; |
52 | include fastcgi_params; ## See /etc/nginx/fastcgi_params |
54 | # Ograniczenie polaczen DDOS |
55 | limit_req zone=req_limit_per_ip burst=10 nodelay; |
56 | limit_conn conn_limit_per_ip 10; |
59 | access_log /var/log/nginx/access-domena.pl.log varnish_log; |
60 | error_log /var/log/nginx/error-domena.pl.log; |
Konfiguracja Varnisha na porcie 80:
Konfiguracja pliku varnish w katalogu /etc/default:
3 | # Maximum number of open files (for ulimit -n) |
6 | # Maximum locked memory size (for ulimit -l) |
7 | # Used for locking the shared memory log in memory. If you increase log size, |
8 | # you need to increase this number as well |
11 | DAEMON_OPTS="-a 10.0.0.10:80 \ |
13 | -f /etc/varnish/default.vcl \ |
14 | -S /etc/varnish/secret \ |
Konfiguracja pliku default.vcl w katalogu /etc/varnish:
1 | # default backend definition. Set this to point to your content server. |
7 | # admin backend with longer timeout values. Set this to the same IP & port as your default server. |
11 | .first_byte_timeout = 18000s; |
12 | .between_bytes_timeout = 18000s; |
15 | # add your Magento server IP to allow purges from the backend |
25 | if (req.restarts == 0) { |
26 | if (req.http.x-forwarded-for) { |
27 | set req.http.X-Forwarded-For = |
28 | req.http.X-Forwarded-For + ", " + client.ip; |
30 | set req.http.X-Forwarded-For = client.ip; |
33 | if (req.request != "GET" && |
34 | req.request != "HEAD" && |
35 | req.request != "PUT" && |
36 | req.request != "POST" && |
37 | req.request != "TRACE" && |
38 | req.request != "OPTIONS" && |
39 | req.request != "DELETE" && |
40 | req.request != "PURGE") { |
46 | if (req.request == "PURGE") { |
47 | if (!client.ip ~ purge) { |
48 | error 405 "Not allowed."; |
50 | ban("obj.http.X-Purge-Host ~ " + req.http.X-Purge-Host + " && obj.http.X-Purge-URL ~ " + req.http.X-Purge-Regex + " && obj.http.Content-Type ~ " + req.http.X-Purge-Content-Type); |
54 | # switch to admin backend configuration |
55 | if (req.http.cookie ~ "adminhtml=") { |
56 | set req.backend = admin; |
59 | # we only deal with GET and HEAD by default |
60 | if (req.request != "GET" && req.request != "HEAD") { |
64 | # normalize url in case of leading HTTP scheme and domain |
65 | set req.url = regsub(req.url, "^http[s]?://[^/]+", ""); |
68 | std.collect(req.http.Cookie); |
70 | # static files are always cacheable. remove SSL flag and cookie |
71 | if (req.url ~ "^/(media|js|skin)/.*\.(png|jpg|jpeg|gif|css|js|swf|ico)$") { |
73 | unset req.http.Cookie; |
76 | # not cacheable by default |
77 | if (req.http.Authorization || req.http.Https) { |
81 | # do not cache any page from index files |
82 | if (req.url ~ "^/(index)") { |
86 | # as soon as we have a NO_CACHE cookie pass request |
87 | if (req.http.cookie ~ "NO_CACHE=") { |
91 | # remove Google gclid parameters |
92 | set req.url = regsuball(req.url,"\?gclid=[^&]+$",""); # strips when QS = "?gclid=AAA" |
93 | set req.url = regsuball(req.url,"\?gclid=[^&]+&","?"); # strips when QS = "?gclid=AAA&foo=bar" |
94 | set req.url = regsuball(req.url,"&gclid=[^&]+",""); # strips when QS = "?foo=bar&gclid=AAA" or QS = "?foo=bar&gclid=AAA&bar=baz" |
102 | hash_data(req.http.host); |
104 | hash_data(server.ip); |
107 | if (req.http.cookie ~ "PAGECACHE_ENV=") { |
108 | set req.http.pageCacheEnv = regsub( |
110 | "(.*)PAGECACHE_ENV=([^;]*)(.*)", |
113 | hash_data(req.http.pageCacheEnv); |
114 | remove req.http.pageCacheEnv; |
117 | if (!(req.url ~ "^/(media|js|skin)/.*\.(png|jpg|jpeg|gif|css|js|swf|ico)$")) { |
118 | call design_exception; |
124 | if (beresp.status == 500) { |
125 | set beresp.saintmode = 10s; |
128 | set beresp.grace = 5m; |
130 | # enable ESI feature if needed |
131 | if (beresp.http.X-Cache-DoEsi == "1") { |
132 | set beresp.do_esi = true; |
135 | # add ban-lurker tags to object |
136 | set beresp.http.X-Purge-URL = req.url; |
137 | set beresp.http.X-Purge-Host = req.http.host; |
139 | if (beresp.status == 200 || beresp.status == 301 || beresp.status == 404) { |
140 | if (beresp.http.Content-Type ~ "text/html" || beresp.http.Content-Type ~ "text/xml") { |
141 | if ((beresp.http.Set-Cookie ~ "NO_CACHE=") || (beresp.ttl < 1s)) { set beresp.ttl = 0s; return (hit_for_pass); } # marker for vcl_deliver to reset Age: set beresp.http.magicmarker = "1"; # Don't cache cookies unset beresp.http.set-cookie; } else { # set default TTL value for static content set beresp.ttl = 4h; } return (deliver); } return (hit_for_pass); } sub vcl_deliver { # debug info if (resp.http.X-Cache-Debug) { if (obj.hits > 0) { |
142 | set resp.http.X-Cache = "HIT"; |
143 | set resp.http.X-Cache-Hits = obj.hits; |
145 | set resp.http.X-Cache = "MISS"; |
147 | set resp.http.X-Cache-Expires = resp.http.Expires; |
149 | #remove Varnish/proxy header |
150 | remove resp.http.X-Powered-By; |
151 | remove resp.http.X-Varnish; |
152 | remove resp.http.Via; |
153 | remove resp.http.Age; |
154 | remove resp.http.X-Purge-URL; |
155 | remove resp.http.X-Purge-Host; |
158 | if (resp.http.magicmarker) { |
159 | # Remove the magic marker |
160 | unset resp.http.magicmarker; |
162 | set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"; |
163 | set resp.http.Pragma = "no-cache"; |
164 | set resp.http.Expires = "Mon, 31 Mar 2008 10:00:00 GMT"; |
165 | set resp.http.Age = "0"; |
Na koniec restartujemy Nginx-a oraz Varnish-a. System jest gotowy do pracy.
