Varnish安装及配置

1. 什么是 Varnish？

Varnish Cache 是一个高性能 HTTP 加速器/反向代理，常用来做 前端缓存。
运行在 Nginx/Apache 之前，直接接收用户请求。
对静态内容（CSS/JS/图片）、动态内容（HTML/PHP生成的页面）做缓存，加速访问。
可以结合 ESI（Edge Side Includes） 做片段缓存。

2. 安装 Varnish

Debian/Ubuntu

sudo apt update
sudo apt install varnish

CentOS/RHEL

sudo yum install epel-release -y
sudo yum install varnish -y

安装完成后，你可以查看版本：

varnishd -V

3. 配置 Varnish

Varnish 默认监听 6081 端口。一般我们做两层代理：

客户端 -> Varnish (80端口) -> Nginx/Apache (8080端口)

修改监听端口

编辑配置文件（不同系统位置可能不同）：

Ubuntu/Debian: /etc/default/varnish 或 /lib/systemd/system/varnish.service
CentOS: /etc/systemd/system/varnish.service

修改：

ExecStart=/usr/sbin/varnishd \
  -a :80 \
  -T localhost:6082 \
  -f /etc/varnish/default.vcl \
  -s malloc,1G

不修改原启动配置方法

新建文件/etc/systemd/system/varnish.service.d/customexec.conf，写入如下启动配置：

[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,1G

说明：

-a :80 → 监听 80 端口
-T localhost:6082 → 管理接口
-f /etc/varnish/default.vcl → Varnish 配置文件
-s malloc,1G → 缓存使用 1G 内存

4. 配置 VCL 文件VCL

（Varnish Configuration Language）是 Varnish 的规则配置文件。
默认在 /etc/varnish/default.vcl。

示例配置（对接 Nginx 后端 8080）：

vcl 4.1;

backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

sub vcl_recv {
    # 如果是后台 /wp-admin 或者带 query 参数，直接 pass
    if (req.url ~ "wp-admin|wp-login.php" || req.url ~ "\?") {
        return (pass);
    }

    # 删除无关 cookie
    if (req.http.Cookie) {
        if (req.http.Cookie ~ "wordpress_logged_in" ||
            req.http.Cookie ~ "woocommerce_items_in_cart" ||
            req.http.Cookie ~ "woocommerce_cart_hash") {
            return (pass);
        } else {
            unset req.http.Cookie;
        }
    }
}

sub vcl_backend_response {
    # 设置默认缓存时间
    if (bereq.url ~ "\.(png|jpg|jpeg|gif|css|js)$") {
        set beresp.ttl = 1h;
    } else {
        set beresp.ttl = 120s;
    }
}

sub vcl_deliver {
    # 在响应头里加缓存命中信息
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT";
    } else {
        set resp.http.X-Cache = "MISS";
    }
}

5. 启动 & 检查

重启 Varnish：

sudo systemctl daemon-reload
sudo systemctl restart varnish

检查状态：

systemctl status varnish

测试：

curl -I http://yourdomain.com

如果看到 X-Cache: HIT，说明命中缓存。

6. 配合 Nginx 使用

Nginx 修改监听端口

Nginx 需要改为监听 8080，而不是 80：

server {
    listen 8080;
    server_name yourdomain.com;
    root /var/www/html;
}

这样：

用户请求 80 → Varnish 接收 → 命中缓存直接返回
未命中 → 转发到 Nginx(8080) → 生成 → Varnish 缓存

7. 管理工具

varnishlog → 实时日志
varnishstat → 状态统计
varnishadm → 管理工具，可以清理缓存，例如： varnishadm ban "req.url ~ /product/"

8. 日志检查

root@LG:~# varnishlog -g request -q 'ReqURL ~ "/about/"'


*   << Request  >> 5046282
-   Begin          req 5046281 rxreq
-   Timestamp      Start: 1757300212.556672 0.000000 0.000000
-   Timestamp      Req: 1757300212.556672 0.000000 0.000000
-   VCL_use        boot
-   ReqStart       127.0.0.1 40182 a0
-   ReqMethod      GET
-   ReqURL         /about/
-   ReqProtocol    HTTP/1.1
-   ReqHeader      Host: www.dian.com
-   ReqHeader      Connection: keep-alive
-   ReqHeader      Pragma: no-cache
-   ReqHeader      Cache-Control: no-cache
-   ReqHeader      DNT: 1
-   ReqHeader      Upgrade-Insecure-Requests: 1
-   ReqHeader      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
-   ReqHeader      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
-   ReqHeader      Accept-Encoding: gzip, deflate
-   ReqHeader      Accept-Language: zh-CN,zh;q=0.9
-   ReqHeader      Cookie: sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2025-09-08%2001%3A38%3A51%7C%7C%7Cep%3Dhttp%3A%2F%2Fwww.dian.com%2F%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2025-09-08%2001%3A38%3A51%7C%7C%7Cep%3Dhttp%3A%2F%2Fwww.dian.com%2F%7C%7C%7C
-   ReqHeader      X-Forwarded-For: 127.0.0.1
-   VCL_call       RECV
-   ReqUnset       Cookie: sbjs_migrations=1418474375998%3D1; sbjs_current_add=fd%3D2025-09-08%2001%3A38%3A51%7C%7C%7Cep%3Dhttp%3A%2F%2Fwww.dian.com%2F%7C%7C%7Crf%3D%28none%29; sbjs_first_add=fd%3D2025-09-08%2001%3A38%3A51%7C%7C%7Cep%3Dhttp%3A%2F%2Fwww.dian.com%2F%7C%7C%7C
-   VCL_return     hash
-   ReqUnset       Accept-Encoding: gzip, deflate
-   ReqHeader      Accept-Encoding: gzip
-   VCL_call       HASH
-   VCL_return     lookup
-   Hit            3 16.351606 10.000000 0.000000
-   VCL_call       HIT
-   VCL_return     deliver
-   RespProtocol   HTTP/1.1
-   RespStatus     200
-   RespReason     OK
-   RespHeader     Server: nginx/1.18.0 (Ubuntu)
-   RespHeader     Date: Mon, 08 Sep 2025 02:55:08 GMT
-   RespHeader     Content-Type: text/html; charset=UTF-8
-   RespHeader     Vary: Accept-Encoding
-   RespHeader     Link: <http://www.dian.com/wp-json/>; rel="https://api.w.org/"
-   RespHeader     Link: <http://www.dian.com/wp-json/wp/v2/pages/471>; rel="alternate"; title="JSON"; type="application/json"
-   RespHeader     Link: <http://www.dian.com/?p=471>; rel=shortlink
-   RespHeader     Content-Encoding: gzip
-   RespHeader     X-Varnish: 5046282 3
-   RespHeader     Age: 103
-   RespHeader     Via: 1.1 varnish (Varnish/6.6)
-   VCL_call       DELIVER
-   RespHeader     X-Cache: HIT
-   VCL_return     deliver
-   Timestamp      Process: 1757300212.556756 0.000083 0.000083
-   Filters
-   RespHeader     Accept-Ranges: bytes
-   RespHeader     Content-Length: 37447
-   RespHeader     Connection: keep-alive
-   Timestamp      Resp: 1757300212.556840 0.000167 0.000084
-   ReqAcct        1547 0 1547 545 37447 37992
-   End

常见示例

只看 /about/ 请求：

varnishlog -g request -q 'ReqURL ~ "/about/"'

看所有 HTML 请求：

varnishlog -g request -q 'ReqURL ~ "\.html$"'

查看 Cache 决策（比如 pass / hit / miss）：

varnishlog -g request -q 'ReqURL ~ "/about/"' | grep -E "Cache|VCL_return"