Varnish（4.0.1）无法访问网站经常请求超时

Question

我已经在Centos上安装了Varnish 4.0.1以及Apache 2.4.6。问题是为什么我无法访问该网站。看看下面的netstat

要检查什么以使其像往常一样运行。以下是来自httpd.conf

的更多配置

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 127.0.0.1:8080
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName example.my:8080

我从这个website开始逐步修改SELinux，但我撤消了以前的值disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

并且教程也让我修改iptables，同样如上所述，我将它恢复为原始

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

这是我的default.vcl

# Default backend definition. Set this to point to your content server.
backend default {
    .host = "127.0.0.1";
    .port = "8080";
    .max_connections = 15;
    .connect_timeout = 4.0s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
}

和varnish.params

# Varnish environment configuration description. This was derived from
# the old style sysconfig/defaults settings

# Set this to 1 to make systemd reload try to switch vcl without restart.
RELOAD_VCL=1

# Main configuration file. You probably want to change it.
VARNISH_VCL_CONF=/etc/varnish/default.vcl

# Default address and port to bind to. Blank address means all IPv4
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
# quad, or an IPv6 address in brackets.
#VARNISH_LISTEN_ADDRESS=127.0.0.1
VARNISH_LISTEN_PORT=80

# Admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082

# Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret

# Backend storage specification, see Storage Types in the varnishd(5)
# man page for details.
#VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
VARNISH_STORAGE="malloc,256m"

# Default TTL used when the backend does not specify one
VARNISH_TTL=120

# User and group for the varnishd worker processes
VARNISH_USER=varnish
VARNISH_GROUP=varnish

# Other options, see the man page varnishd(1)
#DAEMON_OPTS="-a :80 -p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300"

httpd文件夹中的

access_log

127.0.0.1 - - [19/Dec/2014:10:10:29 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:10:10:29 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:10:10:29 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:08:39 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:08:39 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:08:39 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:08:39 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:08:39 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:24:16 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:24:16 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
127.0.0.1 - - [19/Dec/2014:11:24:16 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"

以及我在error_log

上找到的内容

[Fri Dec 19 11:50:38.318727 2014] [mpm_prefork:notice] [pid 8182] AH00170: caught SIGWINCH, shutting down gracefully
[Fri Dec 19 11:50:39.495826 2014] [suexec:notice] [pid 8610] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Dec 19 11:50:39.587231 2014] [mpm_prefork:notice] [pid 8610] AH00163: Apache/2.4.6 (CentOS) configured -- resuming normal operations
[Fri Dec 19 11:50:39.587286 2014] [core:notice] [pid 8610] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

这里是varnishstat

Uptime mgt:   0+00:25:46
Uptime child: 0+00:25:46

  NAME                                                                                            CURRENT       CHANGE      AVERAGE       AVG_10      AVG_100     AVG_1000
MAIN.uptime                                                                                          1546         1.00         1.00         1.00         1.00         1.00
MAIN.pools                                                                                              2         0.00          .           2.00         2.00         2.00
MAIN.threads                                                                                          200         0.00          .         200.00       200.00       200.00
MAIN.threads_created                                                                                  200         0.00          .           0.00         0.00         0.00
MAIN.n_backend                                                                                          1         0.00          .           1.00         1.00         1.00
MAIN.n_vcl                                                                                              1         0.00          .           0.00         0.00         0.00
MAIN.bans                                                                                               1         0.00          .           1.00         1.00         1.00
MGT.uptime                                                                                           1546         1.00         1.00         1.00         1.00         1.00
SMA.s0.g_space                                                                                  268435456         0.00          .   268435456.00 268435456.00 268435456.00

我还有什么要检查的。 Apreciate你的帮助。感谢

Answer 1

您需要允许从Internet到端口80的流量。编辑iptables配置，如下所示：

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

即添加 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 在线下面 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

然后重启iptables或重新加载配置。