我有一个由 apache+tomcat 提供服务的网站和一个由 Varnish 4.1 提供服务的缓存
当 apache 停机时,varnish 总是返回 503 错误。
我希望 varnish 返回其缓存中的页面副本,但我尝试使用 ttl 和 grace 均未成功。
我想我已经阅读了所有能找到的关于 varnish 4.1 的文档,任何帮助都将不胜感激。
提前致谢
编辑:varnishlog -g 请求 -q "ReqUrl eq'/'"
卷曲
* << Request >> 1410492
- Begin req 1410491 rxreq
- Timestamp Start: 1646995409.603391 0.000000 0.000000
- Timestamp Req: 1646995409.603391 0.000000 0.000000
- ReqStart 10.xxx.xxx.xxx 57472
- ReqMethod GET
- ReqURL /
- ReqProtocol HTTP/1.1
- ReqHeader host: akamai5.rsi.ch
- ReqHeader user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0
- ReqHeader accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
- ReqHeader accept-language: it,en-US;q=0.7,en;q=0.3
- ReqHeader accept-encoding: gzip, deflate, br
- ReqHeader cookie: wt_rla=292330999892453%2C2%2C1646731482026; _pipe_c=do_not_track; _ga=GA1.2.836346559.1644414441; __gads=ID=453223b8518b57e5-22f191e137cd00c3:T=1644414444:RT=1644414444:S=ALNI_MbCUi8liJ5sbhjlTe68z1BhLhZJCQ; __utma=46365988.836346559.1644414441.16
- ReqHeader upgrade-insecure-requests: 1
- ReqHeader sec-fetch-dest: document
- ReqHeader sec-fetch-mode: navigate
- ReqHeader sec-fetch-site: none
- ReqHeader sec-fetch-user: ?1
- ReqHeader cache-control: max-age=0
- ReqHeader x-forwarded-proto: https
- ReqHeader x-forwarded-ssl: on
- ReqHeader x-forwarded-port: 443
- ReqHeader x-forwarded-for: 1178.xxx.xxx.xxx
- ReqHeader connection: close
- ReqUnset x-forwarded-for: 1178.xxx.xxx.xxx
- ReqHeader X-Forwarded-For: 1178.xxx.xxx.xxx, 10.xxx.xxx.xxx
- VCL_call RECV
- ReqUnset cookie: wt_rla=292330999892453%2C2%2C1646731482026; _pipe_c=do_not_track; _ga=GA1.2.836346559.1644414441; __gads=ID=453223b8518b57e5-22f191e137cd00c3:T=1644414444:RT=1644414444:S=ALNI_MbCUi8liJ5sbhjlTe68z1BhLhZJCQ; __utma=46365988.836346559.1644414441.16
- ReqHeader Cookie: wt_rla=292330999892453%2C2%2C1646731482026; _pipe_c=do_not_track; _ga=GA1.2.836346559.1644414441; __gads=ID=453223b8518b57e5-22f191e137cd00c3:T=1644414444:RT=1644414444:S=ALNI_MbCUi8liJ5sbhjlTe68z1BhLhZJCQ; cs_fpid=1645804349272_22538249; wt_geid
- ReqUnset Cookie: wt_rla=292330999892453%2C2%2C1646731482026; _pipe_c=do_not_track; _ga=GA1.2.836346559.1644414441; __gads=ID=453223b8518b57e5-22f191e137cd00c3:T=1644414444:RT=1644414444:S=ALNI_MbCUi8liJ5sbhjlTe68z1BhLhZJCQ; cs_fpid=1645804349272_22538249; wt_geid
- ReqHeader Cookie: wt_rla=292330999892453%2C2%2C1646731482026; _pipe_c=do_not_track; _ga=GA1.2.836346559.1644414441; __gads=ID=453223b8518b57e5-22f191e137cd00c3:T=1644414444:RT=1644414444:S=ALNI_MbCUi8liJ5sbhjlTe68z1BhLhZJCQ; cs_fpid=1645804349272_22538249; wt_geid
- ReqUnset Cookie: wt_rla=292330999892453%2C2%2C1646731482026; _pipe_c=do_not_track; _ga=GA1.2.836346559.1644414441; __gads=ID=453223b8518b57e5-22f191e137cd00c3:T=1644414444:RT=1644414444:S=ALNI_MbCUi8liJ5sbhjlTe68z1BhLhZJCQ; cs_fpid=1645804349272_22538249; wt_geid
- ReqHeader Cookie: wt_rla=292330999892453%2C2%2C1646731482026; _pipe_c=do_not_track; _ga=GA1.2.836346559.1644414441; __gads=ID=453223b8518b57e5-22f191e137cd00c3:T=1644414444:RT=1644414444:S=ALNI_MbCUi8liJ5sbhjlTe68z1BhLhZJCQ; cs_fpid=1645804349272_22538249; wt_geid
- VCL_return hash
- ReqUnset accept-encoding: gzip, deflate, br
- ReqHeader Accept-Encoding: gzip
- VCL_call HASH
- VCL_return lookup
- Hit 1410469
- VCL_call HIT
- VCL_return deliver
- RespProtocol HTTP/1.1
- RespStatus 200
- RespReason OK
- RespHeader Date: Fri, 11 Mar 2022 10:42:05 GMT
- RespHeader Server: Apache-Coyote/1.1
- RespHeader Content-Type: text/html;charset=UTF-8
- RespHeader Set-Cookie: JSESSIONID=F8D07853DF7D90A3F381B316F64FA285; Path=/; HttpOnly
- RespHeader X-Varnish: 1410492 1410469
- RespHeader Age: 84
- RespHeader Via: 1.1 varnish-v4
- VCL_call DELIVER
- RespHeader X-Cache-Host: rsi-prod-varnish45
- RespHeader X-Frame-Options: SAMEORIGIN
- RespHeader X-XSS-Protection: 1; mode=block
- RespHeader X-Content-Type-Options: nosniff
- RespHeader Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *
- RespHeader X-Cache: HIT
- RespHeader X-Cache-Hits: 3
- RespHeader X-Grace-Hit: yes
- VCL_return deliver
- Timestamp Process: 1646995409.603614 0.000222 0.000222
- RespHeader Accept-Ranges: bytes
- RespHeader Content-Length: 191244
- Debug "RES_MODE 2"
- RespHeader Connection: close
- Timestamp Resp: 1646995409.608024 0.004632 0.004410
- ReqAcct 1130 0 1130 574 191244 191818
- End
浏览器
* << Request >> 1410496
- Begin req 1410495 rxreq
- Timestamp Start: 1646995426.730217 0.000000 0.000000
- Timestamp Req: 1646995426.730217 0.000000 0.000000
- ReqStart 10.xxx.xxx.xxx 60908
- ReqMethod GET
- ReqURL /
- ReqProtocol HTTP/1.1
- ReqHeader host: www.example.com
- ReqHeader user-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
- ReqHeader accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
- ReqHeader accept-language: it,it-IT;q=0.8,en-US;q=0.5,en;q=0.3
- ReqHeader accept-encoding: gzip, deflate, br
- ReqHeader cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; __utma=46365988.1217589648.1620392041.1638545296.1642173864.10; __utmz=46365988.16
- ReqHeader upgrade-insecure-requests: 1
- ReqHeader cache-control: max-age=0
- ReqHeader x-forwarded-proto: https
- ReqHeader x-forwarded-ssl: on
- ReqHeader x-forwarded-port: 443
- ReqHeader x-forwarded-for: 178.xxx.xxx.xxx
- ReqHeader connection: close
- ReqUnset x-forwarded-for: 178.xxx.xxx.xxx
- ReqHeader X-Forwarded-For: 178.xxx.xxx.xxx, 10.xxx.xxx.xxx
- VCL_call RECV
- ReqUnset cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; __utma=46365988.1217589648.1620392041.1638545296.1642173864.10; __utmz=46365988.16
- ReqHeader Cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; wt_rla=292330999892453%2C2%2C1646995242972; cs_fpid=1645855325408_55998969; JSESSI
- ReqUnset Cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; wt_rla=292330999892453%2C2%2C1646995242972; cs_fpid=1645855325408_55998969; JSESSI
- ReqHeader Cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; wt_rla=292330999892453%2C2%2C1646995242972; cs_fpid=1645855325408_55998969; JSESSI
- ReqUnset Cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; wt_rla=292330999892453%2C2%2C1646995242972; cs_fpid=1645855325408_55998969; JSESSI
- ReqHeader Cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; wt_rla=292330999892453%2C2%2C1646995242972; cs_fpid=1645855325408_55998969; JSESSI
- VCL_return hash
- ReqUnset accept-encoding: gzip, deflate, br
- ReqHeader Accept-Encoding: gzip
- VCL_call HASH
- VCL_return lookup
- VCL_call MISS
- VCL_return fetch
- Link bereq 1410497 fetch
- Timestamp Fetch: 1646995426.730455 0.000238 0.000238
- RespProtocol HTTP/1.1
- RespStatus 503
- RespReason Backend fetch failed
- RespHeader Date: Fri, 11 Mar 2022 10:43:46 GMT
- RespHeader Server: Varnish
- RespHeader Content-Type: text/html; charset=utf-8
- RespHeader Retry-After: 5
- RespHeader X-Varnish: 1410496
- RespHeader Age: 0
- RespHeader Via: 1.1 varnish-v4
- VCL_call DELIVER
- RespHeader X-Cache-Host: rsi-prod-varnish45
- RespHeader X-Frame-Options: SAMEORIGIN
- RespHeader X-XSS-Protection: 1; mode=block
- RespHeader X-Content-Type-Options: nosniff
- RespHeader Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *
- RespHeader X-Cache: HIT
- RespHeader X-Cache-Hits: 0
- RespHeader X-Grace-Hit: yes
- VCL_return deliver
- Timestamp Process: 1646995426.730495 0.000278 0.000040
- RespHeader Content-Length: 284
- Debug "RES_MODE 2"
- RespHeader Connection: close
- Timestamp Resp: 1646995426.730527 0.000310 0.000032
- ReqAcct 929 0 929 490 284 774
- End
** << BeReq >> 1410497
-- Begin bereq 1410496 fetch
-- Timestamp Start: 1646995426.730367 0.000000 0.000000
-- BereqMethod GET
-- BereqURL /
-- BereqProtocol HTTP/1.1
-- BereqHeader host: www.example.com
-- BereqHeader user-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
-- BereqHeader accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
-- BereqHeader accept-language: it,it-IT;q=0.8,en-US;q=0.5,en;q=0.3
-- BereqHeader upgrade-insecure-requests: 1
-- BereqHeader x-forwarded-proto: https
-- BereqHeader x-forwarded-ssl: on
-- BereqHeader x-forwarded-port: 443
-- BereqHeader X-Forwarded-For: 178.xxx.xxx.xxx, 10.xxx.xxx.xxx
-- BereqHeader Cookie: _pipe_c=do_not_track; _ga=GA1.2.1217589648.1620392041; __gads=ID=1a22b33c44d55e6f-1a22b33c44d55e6f:T=1620392042:RT=1620392042:S=ALNI_MYR9nyXrxcQ8QV1Y2pNVDp67Gn9-w; wt_rla=292330999892453%2C2%2C1646995242972; cs_fpid=1645855325408_55998969; JSESSI
-- BereqHeader Accept-Encoding: gzip
-- BereqHeader X-Varnish: 1410497
-- VCL_call BACKEND_FETCH
-- VCL_Log Backend fetch: v_ssl_ece
-- VCL_return fetch
-- FetchError Director v_ssl_ece returned no backend
-- FetchError No backend
-- Timestamp Beresp: 1646995426.730387 0.000020 0.000020
-- Timestamp Error: 1646995426.730390 0.000023 0.000003
-- BerespProtocol HTTP/1.1
-- BerespStatus 503
-- BerespReason Service Unavailable
-- BerespReason Backend fetch failed
-- BerespHeader Date: Fri, 11 Mar 2022 10:43:46 GMT
-- BerespHeader Server: Varnish
-- VCL_call BACKEND_ERROR
-- BerespHeader Content-Type: text/html; charset=utf-8
-- BerespHeader Retry-After: 5
-- VCL_return deliver
-- Storage malloc Transient
-- ObjProtocol HTTP/1.1
-- ObjStatus 503
-- ObjReason Backend fetch failed
-- ObjHeader Date: Fri, 11 Mar 2022 10:43:46 GMT
-- ObjHeader Server: Varnish
-- ObjHeader Content-Type: text/html; charset=utf-8
-- ObjHeader Retry-After: 5
-- Length 284
-- BereqAcct 0 0 0 0 0 0
-- End
编辑2:哈希和 cookie
经过大量调查,我们发现问题出在以下配置上:
sub vcl_hash {
hash_data( req.url );
if( req.http.host ) {
hash_data( req.http.host );
} else {
hash_data( server.ip );
}
# hash cookies for object with auth
if( req.http.Cookie ) {
hash_data( req.http.Cookie );
}
return( lookup );
}
如果从 varnish 哈希中删除 cookie,它将正确返回缓存。将 cookie 包含在哈希中是否有用?乍一看,我认为是的,如果使用 cookie 来跟踪用户身份验证。我们如何才能在哈希中仅包含某些 cookie(例如来自经过身份验证的会话的 cookie),而不包含那些对缓存无用的 cookie(例如与分析相关的 cookie)?
答案1
只要 TTL 值和宽限值的总和大于零,就不会进行后端提取。
如果您的 TTL 过期,宽限模式将确保在尝试获取时提供过时的内容。
Grace,是重新验证时过期机制,实际上可能会被滥用,并变成错误时失效机制。通过将宽限期设置得足够高,用户将永远不会遇到后端停机的情况。
以下是一些 VCL:
vcl 4.1;
import std;
sub vcl_recv {
if (std.healthy(req.backend_hint)) {
set req.grace = 10s;
}
}
sub vcl_backend_response {
set beresp.grace = 24h;
}
此 VCL 代码将强制执行 24 小时宽限期。这意味着您的后端可以停机一天而不会被任何人注意到。但是,只要后端运行正常,Varnish 只会使用 10 秒的宽限期。
重要的是,您的后端定义具有.probe引用健康检查探测的属性,否则std.healthy(req.backend_hint)将永远无法产生正确的结果。
我使用的set beresp.grace = 24h可能有点过长。通过将宽限期设置为如此长的持续时间,这些对象在过期时仍会保留在缓存中。如果您有大量需要缓存的内容,这可能会影响您的命中率,并且可能会在缓存已满时导致强制缓存驱逐。
重要的:Varnish Cache 4.1 已停用,不应再使用。请安装 Varnish 6.0 LTS 或 Varnish 7。
我的 VCL 示例包含一个
vcl 4.1;版本标记,该标记仅适用于 Varnish 6 或 Varnish 7。我这样做的目的是鼓励用户使用较新版本的 Varnish。通过切换到旧版本,vcl 4.0;代码可能会适用于较旧的 Varnish 版本。请考虑升级。
503 错误
根据您添加到问题中的 VSL 输出,我可以得出结论,您已经在 VCL 中定义并使用了没有任何后端的导演对象。
这是我在您的 VSL 输出中发现的错误:
Director v_ssl_ece returned no backend
请看一下这位名叫的导演v_ssl_ece。
- 检查您是否需要此导演
req.backend_hint检查是否通过invcl_recv或通过bereq.backendin正确分配vcl_backend_fetch- 检查为什么
v_ssl_ece没有任何后端
如果您找不到解决方案,请分享您的完整 VCL 文件以便我提供帮助。