#cd /usr/ports/www/varnish 
#make install clean //安装(此时可能会下载一大堆东西，目前最新版本是3.0.2)

backend myblogserver { 
       .host = "192.168.1.254"; 
       .port = "80"; 
}

acl purge {
       "localhost";
       "127.0.0.1";
       "192.168.1.0"/24;
}

sub vcl_recv {
       if (req.request == "PURGE") {
               if (!client.ip ~ purge) {
                       error 405 "Not allowed.";
               }
               return (lookup);
       }

       if (req.http.host ~ "^www.wszf.com") {
               set req.backend = myblogserver; 
               if (req.request != "GET" && req.request != "HEAD") {
                       return (pipe);
               }
               else {
                       return (lookup);
               }
       }
       else {
               error 404 "bad"; 
               return (lookup);
       }
}

sub vcl_hit {
       if (req.request == "PURGE") {
               set obj.ttl = 0s;
               error 200 "Purged.";
       }
}

sub vcl_miss {
       if (req.request == "PURGE") {
               error 404 "Not in cache.";
       }
}

sub vcl_fetch {
       if (req.request == "GET" && req.url ~ "\.(css|txt|js)$") {
               set beresp.ttl = 3600s;
       }
       else {
               set beresp.ttl = 30d;
       }
}

# pw groupadd varnish   //创建varnish组
#pw useradd varnish -g varnish  //创建varnish用户
#mkdir /var/vcache 
#chown -R varnish:varnish /var/vcache  //赋予权限
#chmod -R 750 /var/vcache

net.ipv4.tcp_fin_timeout = 30  //连接关闭时间
net.ipv4.tcp_keepalive_time = 300 //连接时间
net.ipv4.tcp_tw_reuse = 1  //tcp开启重用
net.ipv4.tcp_tw_recycle = 1  //tcp快速回收开启
net.ipv4.tcp_syncookies = 1 //开启SYN Cookies,可防止商量SYN攻击
net.ipv4.ip_local_port_range = 5000    65000 //端口访问范围
#sysctl -p  //应用修改过的内核

varnishd -a 0.0.0.0:80 -f /usr/local/etc/varnish/wszf,conf -T 127.0.0.1:2000 -s file,/var/vcache/,1G -u varnish //参数说明：-f指定了配置文件，-T是指定命令行管理界面监听地址，-s file指定了使用文件做缓存，1G是缓存文件大小，-u就是进程的用户了。