Question

在过去的几天里，我试图在Ubuntu 16.04上使用Nginx 1.12.2设置Varnish 4.1。我阅读了文档和许多不同的来源，但我似乎无法很好地处理事情。该网站处于重定向循环，当我使用命令时：varnishd -f /etc/varnish/default.vcl -d我收到此错误：无法打开套接字:: 80：地址已在使用中。

为了澄清，我正在尝试设置nginx以接收HTTPS（也是重定向HTTP到HTTPS）将此发送到Varnish，然后如果缓存未命中则返回nginx。非常感谢任何能指出我正确方向的人。

我已将我的nginx设置为这样（/etc/nginx/sites-available/fujiorganics.com）：

EXE1    email1@gmail.com        Name 1
EXE14   email14@gmail.com       Name 14
EXE15   email15@gmail.com       Name 15
EXE37   email37@example.com     User ID 37
EXE40   email40@example.com     User ID 40
EXE43   email43@example.com     User ID 43
EXE5    email5@gmail.com        Name 5

我的varnish配置文件看起来像这样（/etc/varnish/default.vcl）：

server {
listen 80;
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fujiorganics.com/fullchain.pem; 
# managed by Certbot
ssl_certificate_key 
/etc/letsencrypt/live/fujiorganics.com/privkey.pem; # managed by 
Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by 
Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by 
Certbot
    if ($scheme != "https") {
            return 301 https://$host$request_uri;
        }

 # managed by Certbot

root /var/www/fujiorganics.com/html;
    index index.php index.html index.htm;

    server_name fujiorganics.com www.fujiorganics.com;
# Proxy Pass to Varnish
    # Add headers to recognize SSL
    location / {
        proxy_pass  http://127.0.0.2;
        # Pass a bunch of headers to the downstream server, so 
they'll know what's going on.
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # Most web apps can be configured to read this header and 
understand that the current session is actually HTTPS.
    proxy_set_header X-Forwarded-Proto https;

    # We expect the downsteam servers to redirect to the right 
hostname, so don't do any rewrites here.
    proxy_redirect     off;
    }
}

这个（/etc/systemd/system/varnish.service.d/customexec.conf）：

    vcl 4.0;

# List of upstream proxies we trust to set X-Forwarded-For correctly.
backend default {
  .host = "127.0.0.1";
  .port = "8080";
}


backend fujiorganics {
  .host = "127.0.0.2";
  .port = "8080";
}


sub vcl_recv {

 # Remove any Google Analytics based cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
  set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");

  # Remove Optimizely Cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "optim.=[^;]+(; )?", "");
  # Remove Gauges Cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "_gau.=[^;]+(; )?", "");


# Remove a ";" prefix in the cookie if present
  set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");

  # Are there cookies left with only spaces or that are empty?
  if (req.http.cookie ~ "^\s*$") {
    unset req.http.cookie;
  }

   if (req.restarts == 0) {
    if (req.http.x-forwarded-for) {
      set req.http.X-Forwarded-For =
        req.http.X-Forwarded-For + ", " + client.ip;
      } else {
        set req.http.X-Forwarded-For = client.ip;
      }
  }

  if (req.method != "GET" &&
      req.method != "HEAD" &&
      req.method != "PUT" &&
      req.method != "POST" &&
      req.method != "TRACE" &&
      req.method != "OPTIONS" &&
      req.method != "DELETE") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
   }
   if (req.method != "GET" && req.method != "HEAD") {
        /* We only deal with GET and HEAD by default */
      return (pass);
  }

  if ( (req.http.host ~ "^(?i)fujiorganics.com") && req.http.X-Forwarded-Proto !~ "(?i)https") {

        set req.backend_hint = fujiorganics;
        set req.http.x-redir = "https://" + req.http.host + req.url;
        return (synth(750, ""));
  }
 return (hash);
}

# handles redirecting from http to https
sub vcl_synth {
  if (resp.status == 750) {
    set resp.status = 301;
    set resp.http.Location = req.http.x-redir;
    return(deliver);
  }
}

sub vcl_backend_response {
  set beresp.ttl = 10s;
  set beresp.grace = 1h;
}

sub vcl_deliver {
  if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
    set resp.http.X-Cache = "HIT";
  } else {
    set resp.http.X-Cache = "MISS";
  }
}

最后，此服务器块包含在与上面第一个

相同的文件中

[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :8080 -T localhost:6082 -f 
/etc/varnish/default.vcl -S /etc/varnish/secret -s default,1G

我可以确认该网站在没有清漆重定向的情况下运行良好。

Answer 1

Varnish试图在端口8080上与Nginx交谈，但Nginx在端口80上收听，这也是Varnish想要收听的端口。将Varnish配置为侦听端口80，Nginx监听8080，它应该可以工作。

在多个站点上使用Nginx设置清漆

1 个答案: