Apache Traffic Serve(ATS或TS)
加速互联网访问,提高网站性能,并提供前所未有的web托管能力。
部署模式
进程
traffic_server
进程是ats的服务进程,负责代理缓存的事务处理。traffic_manager
进程是ats的管理进程,负责启动、监控、配置等等,会监护traffic_server进程。traffic_cop
进程是traffic_server
和traffic_manager
进程的监护者,发现异常会重启traffic_server
和traffic_manager
进程
安装
系统优化
cat << 'EOT' >> /etc/security/limits.d/nofile.conf
* soft nofile 655350
* hard nofile 655350
EOT
cat <<EOF>>/etc/rc.local
#open files
ulimit -HSn 655350
#stack size
ulimit -s 655350
EOF
CentOS/Redhat 安装
yum install trafficserver -y
Ubuntu 安装
apt install trafficserver -y
源码安装
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh epel-release*.rpm
yum install pkgconfig automake autoconf wget curl tar openssl openssl-devel pcre-devel tcl tcl-devel gcc gcc-c++ expat-devel libcap-devel hwloc ncurses-devel libcurl-devel perl perl-libxml-perl perl-ExtUtils-MakeMaker perl-Digest-SHA bzip2 yaml-cpp yaml-cpp-devel luajit-devel luajit -y
wget https://www.apache.org/dyn/closer.cgi/trafficserver/trafficserver-9.0.0.tar.bz2
tar -vxjf trafficserver-9.0.0.tar.bz2
cd trafficserver-9.0.0/
groupadd ats
useradd -g ats ats
yum install centos-release-scl -y
yum install devtoolset-8 -y
scl enable devtoolset-8 bash
gcc --version
./configure \
--enable-layout=Gentoo \
--prefix=/ \
--with-user=ats --with-group=ats \
--enable-example-plugins \
--enable-experimental-plugins \
--with-luajit=/usr
make -j $(nproc)
make install
常用命令:
trafficserver start
: 启动trafficserver stop
: 关闭trafficserver restart
: 重启,停止和关闭trafficserver进程,内存缓存会清理掉traffic_server -R 1
: reinstalltraffic_server -Cclear
: 清理所有缓存,需要停止atstraffic_server -C check
: 使用量查看traffic_server -C clear_cache
: 清空缓存
配置
命令行:
traffic_ctl config diff
: 配置修改和默认值对比traffic_ctl config status
: 查看当前进程使用的配置是否被修改traffic_ctl config reload
: 使修改的配置生效- 其他命令
traffic_cache_tool
traffic_layout traffic_manager traffic_via
traffic_crashlog traffic_logcat traffic_server traffic_wccp
traffic_ctl traffic_logstats traffic_top
配置文件位于 /etc/trafficserver
目录下,以下示例为 trafficserver 8.0.5 版本
- 配置文件夹权限:
chown trafficserver:trafficserver -R /etc/trafficserver/
records.config
通用配置
CONFIG proxy.config.http.cache.http INT 1
CONFIG proxy.config.reverse_proxy.enabled INT 1
CONFIG proxy.config.url_remap.remap_required INT 1
CONFIG proxy.config.url_remap.pristine_host_hdr INT 1
CONFIG proxy.config.http.server_ports STRING 8080 8080:ipv6
- 打开 HTTP 请求头
age
和 via
(参考)
# via
CONFIG proxy.config.http.insert_response_via_str INT 2
# Via: http/1.1 cdn-1 (cdn1 [cMsEf ])
CONFIG proxy.config.proxy_name STRING cdn-1
CONFIG proxy.config.http.response_via_str STRING cdn1
# age
CONFIG proxy.config.http.insert_age_in_response INT 1
proxy.config.cache.min_average_object_size
修改 CONFIG proxy.config.cache.min_average_object_size INT 9000
,重启服务后,内存和磁盘缓存重新积累
[Mar 8 14:12:06.164] [ET_NET 7] NOTE: no good directory, clearing '/data_sdf/ats/cache.db 4066261647360:140378112' since sync_serials on both A and B copies are invalid
proxy.config.cache.ram_cache.size INT 1G
(配置不当回出现 oom-kill 的情况,参考)
CONFIG proxy.config.cache.ram_cache.size INT -1
CONFIG proxy.config.cache.ram_cache_cutoff INT 4194304
proxy.config.cache.ram_cache.size
用来配置RAM cache
的大小,proxy.config.cache.ram_cache_cutoff
配置小于多大的包缓存到内存中
By default the RAM cache size is automatically determined, based on disk cache size; approximately 10 MB of RAM cache per GB of disk cache
CONFIG proxy.config.diags.output.status STRING O
CONFIG proxy.config.diags.output.note STRING O
CONFIG proxy.config.diags.output.warning STRING O
CONFIG proxy.config.diags.output.error STRING E
CONFIG proxy.config.diags.output.fatal STRING E
CONFIG proxy.config.diags.output.alert STRING E
CONFIG proxy.config.diags.output.emergency STRING E
# 缓存任何结果(包括设置cookie)
CONFIG proxy.config.http.cache.cache_responses_to_cookies INT 1
# 缓存带问号在网址
CONFIG proxy.config.http.cache.cache_urls_that_look_dynamic INT 1
# 忽略客户端 no-cache
CONFIG proxy.config.http.cache.ignore_client_no_cache INT 1
CONFIG proxy.config.http.cache.ims_on_client_no_cache INT 1
CONFIG proxy.config.http.cache.ignore_client_cc_max_age INT 1
remap.config
作用:
- 重写 URL(从客户端),然后再将其发送到源服务器
- 保护代理服务器,只允许某些请求
配置参数:
<map_type> client-URL origin-server-URL <tag_value> <filtering>
<map_type>
支持以下参数,或以 regex_
开头的如下参数- map
- map_with_referer
- map_with_recv_port
- reverse_map
- redirect
- redirect_temporary
client-URL and origin-server-URL format
: <scheme>://<host>:<port>/<path_prefix>
map http://www.xiexianbin.cn/ http://localhost:8080/
map http://www.xiexianbin.cn/api/ http://api-origin.xiexianbin.cn/
map http://static.xiexianbin.cn/ http://origin-static.xiexianbin.cn/ \
@plugin=cachekey.so @pparam=--remove-all-params=true @pparam=--include-headers=Range \
@plugin=cache_range_requests.so @pparam=--no-modify-cachekey
cache.config
目的:更改特定对象或对象集的缓存参数
Each line must include exactly one primary specifier
Primary destination specifiers are
dest_domain=
dest_host=
dest_ip=
url_regex=
Lines may include any number of the secondary specifiers but
secondary specifiers may not be duplicated on the same line
Secondary specifiers are
port=
scheme=
prefix=
suffix=
method=
time=
src_ip=
internal={true,false}
Each line must include exactly one cache directive
Cache directives are
action=never-cache
action=ignore-no-cache (client & server no cache)
action=ignore-client-no-cache (only client no cache)
action=ignore-server-no-cache (only server no cache)
pin-in-cache=<time>
revalidate=<time>
ttl-in-cache=<time> (force caching and expire after <time>)
Each line may also contain various "tweaks" which adjust caching parameters.
Tweaks are
cache-responses-to-cookies=<value>
- Change the style of caching with regard to cookies. This effectively
overrides the configuration parameter
proxy.config.http.cache.cache_responses_to_cookies
and uses the same values with the same semantics. The override happens
only for requests that match.
示例:
dest_domain=www.example.com scheme=http revalidate=2h
dest_host=10.0.0.1 scheme=http action=never-cache
# ttl-in-cache > revalidate > expires(nginx)
dest_domain=www.xiexianbin.cn scheme=http ttl-in-cache=1m
# 假设 remap.config 配置如下
# map http://www.xiexianbin.cn http://127.0.0.1:8000/
# 匹配 http://www.xiexianbin.cn/resource/xxx.jpg http://www.xiexianbin.cn/resource/xxx.jpg?a
# 不匹配 http://www.xiexianbin.cn/resource/xxx.png?aaa.jpg
dest_domain=. suffix=jpg action=never-cache
# 匹配 http://www.xiexianbin.cn/resource/xxx.jpg
dest_domain=. prefix=resource action=never-cache
ssl_multicert.config
dest_ip=* ssl_cert_name=/path/to/secret/privatekey/acme.rsa
ssl_server_name.yaml
- 根据 SSL 握手阶段(SNI 扩展)提供的服务器名称,设置要执行的 SSL 操作
- 设置与下一跳或原服务器建立 SSL 连接所需的 SSL 属性。
- fqdn: one.com
disable_h2: true
verify_origin_server: STRICT
client_cert: somepem.pem
verify_client: MODERATE
- fqdn: two.com
tunnel_route: two.com
ip_allow = '10.0.0.1-10.0.0.255'
- fqdn: mirrors.aliyun.com
disable_h2: false
verify_origin_server: NONE
verify_client: NONE
storage.config
# /var/cache/trafficserver 256M
# chown -R trafficserver:trafficserver /cache/trafficserver
/cache/trafficserver 500G
若直接挂载物理盘,需要修改权限:
setfacl -m u:ats:rw /dev/sdb
volume.config
该文件指定了各种卷、卷的大小以及它们所属的协议,与 hosting.config
文件结合使用
volume=1 scheme=http size=10%
volume=2 scheme=http size=1024
hosting.config
目的:指定特定主机名或域应存储在哪个卷中
hostname=* volume=3,4
ip_allow.config
src_ip=0.0.0.0-255.255.255.255 action=ip_allow method=GET
logging.yaml
配置日志,默认为 squid
格式,使用命令 traffic_log
在日志文件查看
启动服务
systemctl status trafficserver
systemctl start trafficserver
systemctl stop trafficserver
清理缓存
traffic_server -Cclear
日志
traffic_logcat -f /var/log/trafficserver/squid.blog
: 查看 blog
类型日志traffic_logstats
: 日志统计traffic_logstats -o <domain>
: 指定域名的统计信息
缓存码含义
TCP_HIT
请求对象的一份合法拷贝被缓存,ATS将发送该对象给clientTCP_MISS
请求对象未缓存,ATS会从源站或是父代理那里获取请求对象,并发送给clientTCP_REFRESH_HIT
请求对象已缓存,但是旧的(stale),ATS向源站发送if-modified-since请求,源站回应304 not-modified响应,ATS发送(依然fresh的)缓存对象给clientTCP_REF_FAIL_HIT
请求对象已缓存,但是旧的(stale),ATS向源站发送if-modified-since请求但是源站没有响应,ATS发送缓存的旧对象给clientTCP_REFRESH_MISS
请求对象已缓存,但是旧的(stale),ATS向源站发送if-modified-since请求,源站回应一个新对象,ATS缓存后将该对象返回给clientTCP_CLIENT_REFRESH
client发送一个带有no-cache的请求,ATS回源得到一个请求对象将拷贝返回给client,ATS从缓存中删除该对象的copyTCP_IMS_HIT
client发送一个if-modified-since的请求,缓存对象比IMS date新,或者ATS向源站发送if-modified-since请求发现缓存对象是新的,ATS将该缓存对象返回给clientTCP_IMS_MISS
client发送一个if-modified-since的请求,缓存对象要么未缓存,要么缓存了但是stale了,ATS向源站发送if-modified-since请求并接收到一个新对象,ATS缓存后将该对象返回给clientTCP_SWAPFAIL
对象已缓存但是不能访问,client未能收到该objectERR_CLIENT_ABORT
客户端在未完整接收object前断开连接ERR_CONNECT_FAIL
源站不可达ERR_DNS_FAIL
DNS服务器不能解析源站域名,或是DNS不可达ERR_INVALID_REQ
client发送的HTTP请求非法,ATS不知道使用何方法转发该请求到源站ERR_READ_TIMEOUT
源站在超时时间内没有响应ATSERR_PROXY_DENIED
client服务被拒ERR_UNKNOWN
客户端建连了,但随后又断开了,没有发送任何请求
ref:
监控
traffic_top
: 监控ats指标traffic_ctl metric get <name>
traffic_ctl metric get proxy.process.cache.bytes_total
traffic_ctl metric get proxy.process.http.cache_hit_fresh
traffic_ctl metric match cache
traffic_ctl metric match key
traffic_ctl metric match connection
traffic_ctl metric match hit
traffic_ctl metric match bytes_used
: 获取使用量traffic_ctl alarm list
: 查看告警信息
via
- traffic_via [cRs f ] #查看via头状态
xdebug plugin and do curls with -H 'X-Debug: X-Cache-Key
Plugin
Health checks
Load the healthchecks
plugin:
# /etc/trafficserver/plugin.config
healthchecks.so /etc/trafficserver/healtchecks.conf
Define health check:
# /etc/trafficserver/healtchecks.conf
/check /etc/trafficserver/ts-alive text/plain 200 403
Cache inspector
启用缓存检查器功能,在remap.config
添加如下配置,重启生效:
map /cache-internal/ http://{cache-internal}
map /cache/ http://{cache}
map /stat/ http://{stat}
map /test/ http://{test}
map /hostdb/ http://{hostdb}
map /net/ http://{net}
map /http/ http://{http}
Debugging
The XDebug plugin allows clients to check various aspects of ATS operation.
To enable the plugin, add xdebug.so
(/usr/lib/trafficserver/modules/xdebug.so) to plugin.config
, add the following lines to records.config
, and restart trafficserver.
CONFIG proxy.config.diags.debug.enabled INT 1
CONFIG proxy.config.diags.debug.tags STRING xdebugs.tag
curl -H “X-Debug: X-Milestones” http://localhost 2>&1 | grep Milestones
range request
概念
- directory bucket: A contiguous fixed sized group of directory entries. This is used for hash bucket maintenance optimization.
- directory entry: An in memory entry that describes a cache fragment.
- cache fragment: The unit of storage in the cache. All reads from the cache always read exactly one fragment. Fragments may be written in groups, but every write is always an integral number of fragments. Each fragment has a corresponding directory entry which describes its location in the cache storage.
测试
在源代码 trafficserver/tools/jtest/
目录:
./jtest -s 9080 -S localhost -p 8080 -P localhost -c 100 -z 0.4
con new ops 1B lat bytes/per svrs new ops total time err
100 1258 6295.5 13 13 95944145/959441 943 943 3773 155152060 800.6 0
100 1262 6311.8 13 13 95902706/959027 946 946 3784 154575295 801.6 0
100 1258 6291.5 13 13 97125292/971252 942 942 3770 156337208 802.6 0
100 1268 6340.4 13 13 98399648/983996 953 953 3816 158590976 803.6 0
./jtest -s 9080 -S localhost -p 8080 -P localhost -c 500 -z 0.4
con new ops 1B lat bytes/per svrs new ops total time err
500 3714 18569.3 11 25 281815004/563630 2788 2788 11136 454806352 224.6 0
500 3728 18651.2 11 25 282589047/565178 2797 2797 11200 455576289 225.6 0
500 3744 18715.2 11 25 284094136/568188 2809 2809 11243 457485676 226.6 0
500 3727 18638.8 11 25 283210508/566421 2801 2801 11206 458050525 227.6 0
500 3709 18545.6 11 25 283534678/567069 2782 2782 11128 457766034 228.6 0
500 3711 18552.1 11 25 283190775/566381 2787 2787 11142 456621347 229.6 0
500 3698 18497.9 11 25 282393015/564786 2776 2776 11106 453590175 230.6 0
查看内存使用量
$ traffic_ctl metric match ram_cache
类似软件
- OpenAFS 是一套开放源代码的分布式文件系统,允许系统之间通过局域和广域网来分享档案和资源
- squid
F&Q
Unable to locate the server requested xxx the server does not have a DNS entry. Perhaps there is a misspelling in the server name, or the server no longer exists
ats 在解析 remap.config
的域名时,不读取 /etc/hosts
配置本地解析,需要在 records.config
配置 DNS 服务器
CONFIG proxy.config.dns.nameservers STRING 10.0.x.x
或在 remap.config
中将源域名配置为 IP 形式
regex_map http://(.*)/ http://127.0.0.1/
且在 records.config
中配置
CONFIG proxy.config.url_remap.pristine_host_hdr INT 1
ERROR: SSL connection failed for ‘www.xiexianbin.cn’: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Out of memory: Killed process 24105 ([TS_MAIN]) total-vm:6493962824kB, anon-rss:7626640kB, file-rss:0kB, shmem-rss:0kB, UID:106 pgtables:16380kB oom_score_adj:0