下面是 Varnish 容器及其日志和应用程序容器及其日志。
在我将 varnish 分离到容器中之前,varnish 在具有相同以下设置的应用程序容器中工作正常,但是在我分离到容器中后 varnish 抛出 503/500 错误
下面的日志,我在尝试更新应用程序内容时看到的。 varnish容器IP:172.100.0.10暴露8443端口, 应用容器IP:172.100.0.2
清漆容器原木
/etc/varnish # varnishlog
* << Session >> 98305
- Begin sess 0 PROXY
- SessOpen 172.100.0.2 42968 proxy 172.100.0.10 8443 1682051212.332568 26
- SessClose RX_TIMEOUT 5.004
- End
* << BeReq >> 6
- Begin bereq 5 pass
- VCL_use boot
- Timestamp Start: 1682051211.655727 0.000000 0.000000
- BereqMethod PUT
- BereqURL /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645
- BereqProtocol HTTP/1.1
- BereqHeader Host: cms-application.dev.abc.eu
- BereqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- BereqHeader Content-Type: application/json
- BereqHeader X-Requested-With: XMLHttpRequest
- BereqHeader sec-ch-ua-mobile: ?0
- BereqHeader User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- BereqHeader sec-ch-ua-platform: "Linux"
- BereqHeader Accept: */*
- BereqHeader Origin: https://cms-application.dev.abc.eu
- BereqHeader Sec-Fetch-Site: same-origin
- BereqHeader Sec-Fetch-Mode: cors
- BereqHeader Sec-Fetch-Dest: empty
- BereqHeader Referer: https://cms-application.dev.abc.eu/application/
- BereqHeader Accept-Encoding: gzip, deflate, br
- BereqHeader Accept-Language: en-GB,en;q=0.9
- BereqHeader Cookie: Laminas_Auth=ctmm16mcsu765iuljdsvlf90t3
- BereqHeader X-Forwarded-Port: 443
- BereqHeader X-Forwarded-Proto: https
- BereqHeader X-Forwarded-Host: cms-application.dev.abc.eu
- BereqHeader X-Forwarded-Server: proxy.dev.abc.eu
- BereqHeader Content-Length: 1282
- BereqHeader X-Forwarded-For: 172.100.0.1, 172.100.0.2
- BereqHeader Via: 1.1 varnish-container (Varnish/7.2)
- BereqHeader X-Varnish: 6
- VCL_call BACKEND_FETCH
- VCL_return fetch
- Timestamp Fetch: 1682051211.655792 0.000065 0.000065
- Timestamp Connected: 1682051211.656080 0.000353 0.000288
- BackendOpen 31 default 172.100.0.2 8080 172.100.0.10 44590 connect
- Timestamp Bereq: 1682051211.656426 0.000699 0.000345
- Timestamp Beresp: 1682051217.350016 5.694289 5.693590
- BerespProtocol HTTP/1.1
- BerespStatus 500
- BerespReason Internal Server Error
- BerespHeader Date: Fri, 21 Apr 2023 04:26:51 GMT
- BerespHeader Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
- BerespHeader X-Powered-By: PHP/7.4.33
- BerespHeader Cache-Control: max-age=0, must-revalidate, no-cache, public
- BerespHeader Edge-Control: no-store
- BerespHeader X-Varnish-Tags: #website_5#
- BerespHeader Edge-Cache-Tag: #website_5#
- BerespHeader X-Webserver: Unknown
- BerespHeader Connection: close
- BerespHeader Transfer-Encoding: chunked
- BerespHeader Content-Type: text/html; charset=UTF-8
- VCL_call BACKEND_RESPONSE
- BerespHeader x-url: /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645
- BerespHeader x-host: cms-application.dev.abc.eu
- VCL_return abandon
- BackendClose 31 default close Backend/VCL requested close
- BereqAcct 1002 1282 2284 404 0 404
- End
* << Request >> 5
- Begin req 4 rxreq
- Timestamp Start: 1682051211.655401 0.000000 0.000000
- Timestamp Req: 1682051211.655475 0.000073 0.000073
- VCL_use boot
- ReqStart 172.100.0.2 44296 http
- ReqMethod PUT
- ReqURL /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645
- ReqProtocol HTTP/1.1
- ReqHeader Host: cms-application.dev.abc.eu
- ReqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- ReqHeader Content-Type: application/json
- ReqHeader X-Requested-With: XMLHttpRequest
- ReqHeader sec-ch-ua-mobile: ?0
- ReqHeader User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- ReqHeader sec-ch-ua-platform: "Linux"
- ReqHeader Accept: */*
- ReqHeader Origin: https://cms-application.dev.abc.eu
- ReqHeader Sec-Fetch-Site: same-origin
- ReqHeader Sec-Fetch-Mode: cors
- ReqHeader Sec-Fetch-Dest: empty
- ReqHeader Referer: https://cms-application.dev.abc.eu/application/
- ReqHeader Accept-Encoding: gzip, deflate, br
- ReqHeader Accept-Language: en-GB,en;q=0.9
- ReqHeader Cookie: Laminas_Auth=ctmm16mcsu765iuljdsvlf90t3
- ReqHeader X-Forwarded-Port: 443
- ReqHeader X-Forwarded-Proto: https
- ReqHeader X-Forwarded-For: 172.100.0.1
- ReqHeader X-Forwarded-Host: cms-application.dev.abc.eu
- ReqHeader X-Forwarded-Server: proxy.dev.abc.eu
- ReqHeader Connection: Keep-Alive
- ReqHeader Content-Length: 1282
- ReqUnset X-Forwarded-For: 172.100.0.1
- ReqHeader X-Forwarded-For: 172.100.0.1, 172.100.0.2
- ReqHeader Via: 1.1 varnish-container (Varnish/7.2)
- VCL_call RECV
- VCL_return pass
- VCL_call HASH
- VCL_return lookup
- VCL_call PASS
- VCL_return fetch
- Link bereq 6 pass
- Storage malloc Transient
- Timestamp ReqBody: 1682051211.656364 0.000962 0.000889
- Timestamp Fetch: 1682051217.350135 5.694733 5.693770
- RespProtocol HTTP/1.1
- RespStatus 503
- RespReason Service Unavailable
- RespHeader Date: Fri, 21 Apr 2023 04:26:57 GMT
- RespHeader Server: Varnish
- RespHeader X-Varnish: 5
- VCL_call SYNTH
- RespHeader Content-Type: text/html; charset=utf-8
- RespHeader Retry-After: 5
- VCL_return deliver
- Timestamp Process: 1682051217.350186 5.694785 0.000051
- RespHeader Content-Length: 275
- Storage malloc Transient
- Filters
- RespHeader Connection: keep-alive
- Timestamp Resp: 1682051217.350264 5.694862 0.000077
- ReqAcct 958 1282 2240 205 275 480
- End
* << Session >> 4
- Begin sess 0 HTTP/1
- SessOpen 172.100.0.2 44296 http 172.100.0.10 80 1682051211.655293 24
- Link req 5 rxreq
- SessClose RX_CLOSE_IDLE 10.697
- End
应用容器日志
[root@application-container www]# tail -f /var/log/httpd/ssl_request_log
[21/Apr/2023:06:26:51 +0200] 172.100.0.1 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "PUT /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645 HTTP/1.1" 275
default.vcl
# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
import std;
# Default backend definition. Set this to point to your content server.
backend default {
.host = "application-container";
.port = "8080";
}
backend blogproxy {
.host = "ip";
.port = "80";
}
acl abc {
"application-container";
}
acl abc_loadbalancer {
"application-container";
}
sub vcl_recv {
# Use true client ip from Akamai CDN
if (req.http.True-Client-IP) {
set req.http.X-Forwarded-For = req.http.True-Client-IP;
}
if (req.restarts == 0) {
if (req.http.X-Forwarded-For && client.ip !~ abc_loadbalancer) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} elseif (client.ip !~ abc_loadbalancer) {
set req.http.X-Forwarded-For = client.ip;
}
}
if(req.method == "BAN") {
if (client.ip !~ abc) {
return(synth(405, "Not allowed"));
}
ban("obj.http.x-url == " + req.url);
return(synth(200, "Ban added"));
}
if (req.http.host ~ "^nl-s_app" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.nl";
return(pass);
}
if (req.http.host ~ "^www\.s_app\.de" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.de";
return(pass);
}
if (req.http.host ~ "^www\.s_app\.fr" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.fr";
return(pass);
}
if (req.http.host ~ "^www\.s_app\.co\.uk" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.co.uk";
return(pass);
}
if (req.http.host ~ "^nl-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.nl";
return(pass);
}
if (req.http.host ~ "^de-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.de";
return(pass);
}
if (req.http.host ~ "^fr-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.fr";
return(pass);
}
if (req.http.host ~ "^en-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.co.uk";
return(pass);
}
if (req.http.url ~ "^/xml.*") {
return (pass);
}
if (req.http.host ~ "^api") {
return (pipe);
}
# Only bypass cache for development
if (req.http.Cache-Control ~ "(private|no-cache|no-store)" || req.http.Pragma == "no-cache") {
return (pipe);
}
if (
req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
# Non-RFC2616 or CONNECT which is weird.
return (pass);
}
# Never cache POST or HEAD requests
if (
req.method == "HEAD" ||
req.method == "POST" ||
req.method == "PUT") {
return (pass);
}
# Set a header announcing Surrogate Capability to the origin
if (req.http.Surrogate-Control ~ "content\x3D\x22ESI\/1\.0\x22\x3BAkamai") {
set req.http.Surrogate-Capability = "akamai=ESI/1.0";
} else {
set req.http.Surrogate-Capability = "varnish=ESI/1.0";
}
# Skip Varnish for the CMS
if (req.http.host ~ "^cms-application") {
return (pass);
}
# Sync jobs should also not use Varnish
if (req.url ~ "sync") {
return (pass);
}
if (req.url ~ "logout" || req.url ~ "callback" || req.url ~ "account" || req.url ~ "/affiliate/") {
return (pass);
}
# Normalize the accept encoding header
call normalize_accept_encoding;
# Strip cookies from static assets
if (req.url ~ "(?i)\.(css|js|txt|xml|bmp|png|gif|jpeg|jpg|svg|ico|mp3|mp4|swf|flv|ttf|woff|pdf)(\?.*)?$") {
unset req.http.Cookie;
}
# Serving ESI
if (req.esi_level > 0) {
set req.http.X-Esi = 1;
set req.http.X-Esi-Parent = req_top.url;
} else {
unset req.http.X-Esi;
}
# Strip not allowed cookies
call strip_not_allowed_cookies;
# Strip out all Google query parameters
call strip_google_query_params;
# Strip hash, server doesn't need it.
if (req.url ~ "\#") {
set req.url = regsub(req.url, "\#.*$", "");
}
# if (req.http.X-Forwarded-For ~ "80.95.169.59") {
# if (client.ip ~ abc) {
# Enable the feature toggle button via cookie
# set req.http.Cookie = "abcToggle-abc-feature-toggles=true;" + req.http.Cookie;
# }
return (hash);
}
sub vcl_backend_response {
set beresp.http.x-url = bereq.url;
set beresp.http.x-host = bereq.http.host;
if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
return (abandon);
}
# Stop Caching 302 or 301 or 303 redirects
if (beresp.status == 302 || beresp.status == 301 || beresp.status == 303) {
set beresp.ttl = 0s;
set beresp.uncacheable = true;
return (deliver);
}
# Don't cache 404 responses
if ( beresp.status == 404 ) {
set beresp.ttl = 0s;
set beresp.uncacheable = true;
return (deliver);
}
# Set cache-control headers for 410
if (beresp.status == 410) {
set beresp.ttl = 2d;
}
if (bereq.http.Surrogate-Control ~ "content\x3D\x22ESI\/1\.0\x22\x3BAkamai") {
set beresp.do_esi = false;
set beresp.http.X-Esi-Processor = bereq.http.Surrogate-Control;
} elseif (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
set beresp.http.X-Esi-Processor = bereq.http.Surrogate-Control;
}
unset beresp.http.Vary;
# Strip cookies from static assets
if (bereq.url ~ "\.(css|js|txt|xml|bmp|png|gif|jpeg|jpg|svg|ico|mp3|mp4|swf|flv|ttf|woff|pdf)$") {
unset beresp.http.Set-cookie;
}
# Mark as "Hit-For-Pass" for the next 5 minutes
# Zend-Auth (EC session handling) cookie isset, causing no page to be cached anymore.
# if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") {
if (beresp.ttl <= 0s || beresp.http.Vary == "*") {
set beresp.uncacheable = true;
set beresp.ttl = 300s;
}
# Grace: when several clients are requesting the same page Varnish will send one request to the webserver and
# serve old cache to the others for x secs
set beresp.grace = 30s;
return (deliver);
}
sub vcl_deliver {
# Add a header indicating the response came from Varnish, only for ABC IP addresses
# if (std.ip(regsub(req.http.X-Forwarded-For, "[, ].*$", ""), "0.0.0.0") ~ abc) {
set resp.http.X-Varnish-Client-IP = client.ip;
set resp.http.X-Varnish-Server-IP = server.ip;
set resp.http.X-Varnish-Local-IP = local.ip;
set resp.http.X-Varnish-Remote-IP = remote.ip;
set resp.http.X-Varnish-Forwarded-For = req.http.X-Forwarded-For;
set resp.http.X-Varnish-Webserver = "abc-cache-dev";
set resp.http.X-Varnish-Cache-Control = resp.http.Cache-Control;
set resp.http.X-Edge-Control = resp.http.Edge-Control;
if (resp.http.x-varnish ~ " ") {
set resp.http.X-Varnish-Cache = "HIT";
set resp.http.X-Varnish-Cached-Hits = obj.hits;
} else {
set resp.http.X-Varnish-Cached = "MISS";
}
# Add a header indicating the feature toggle status
set resp.http.X-Varnish-FeatureToggle = req.http.FeatureToggle;
#} else {
# unset resp.http.x-varnish-tags;
#}
# strip host and url headers, no need to send it to the client
unset resp.http.x-url;
unset resp.http.x-host;
return (deliver);
}
# strip host and url headers, no need to send it to the client
sub strip_not_allowed_cookies {
if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(abcToggle-[^;]*)=", "; \1=");
# set req.http.Cookie = regsuball(req.http.Cookie, ";(redirect_url)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
unset req.http.Cookie;
}
}
}
# Remove the Google Analytics added parameters, useless for our backend
sub strip_google_query_params {
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|_ga|PHPSESSID)=" && req.url !~ "(tradedoubler|index\.html|deeplink|affiliate)" && req.url !~ "^\/[0-9]{6}") {
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|_ga|PHPSESSID)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|_ga|PHPSESSID)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
}
# Normalize the accept-encoding header to minimize the number of cache variations
sub normalize_accept_encoding {
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# Skip, files are already compressed
unset req.http.Accept-Encoding;
} elseif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm
unset req.http.Accept-Encoding;
}
}
}
sub vcl_hash {
# Add the feature toggles to the hash
if (req.http.Cookie ~ "abcToggle-") {
set req.http.FeatureToggle = regsuball(req.http.cookie, "(abcToggle-[^;]*)", "\1");
hash_data(req.http.FeatureToggle);
}
if (req.http.X-Akamai-Staging ~ "ESSL") {
hash_data(req.http.x-akamai-staging);
}
# When the ESI handling is not done by Akamai, create a new cache set, because varnish will process the ESI tags.
if (req.http.Surrogate-Control !~ "content\x3D\x22ESI\/1\.0\x22\x3BAkamai") {
hash_data("varnish-handles-ESI");
}
if (req.http.Cookie ~ "redirect_url") {
hash_data("redirect_url");
}
hash_data(req.http.X-Forwarded-Proto);
}
代码库调试后的最新发现
while (!feof($this->socket)) {
if (($response = fgets($this->socket, 1024)) === false) {
$metaData = stream_get_meta_data($this->socket);
if ($metaData['timed_out']) {
throw new RuntimeException('Varnish CLI timed out');
}
throw new RuntimeException('Unable to read from Varnish CLI');
}
if (strlen($response) === 13 && preg_match('/^(\d{3}) (\d+)/', $response, $matches)) {
$statusCode = (int) $matches[1];
$responseLength = (int) $matches[2];
break;
}
}
fgets($this->socket, 1024) return values incase of varnish 作为服务安装在应用程序容器中
fgets($this->socket, 1024) return false incase of varnish 作为一个单独的容器安装
哼...
您是否看到您的应用程序抛出 500 HTTP 错误?
- BerespStatus 500
- BerespReason Internal Server Error
应用程序容器日志可能不是对您的情况有帮助的日志。它指的是 HTTP 连接(并且您可能在 varnish 和您的应用程序之间没有 HTTPS)...以及请求 IP (172.100.0.1)不是 varnish 容器 IP (172.100.0.10)。您可能正在查看代理容器日志,它似乎位于您的清漆配置之上。
很明显,HTTP 503错误返回给客户端,因为后端返回HTTP 500错误。
如果您通过调试得出结论,由于无法访问 Varnish CLI,您的代码中抛出了异常,您应该在 Docker 中公开 CLI 端口,挂载秘密文件并连接到应用程序中的该端点。
你能分享你的
Dockerfile
和docker run
命令或你的docker-compose.yml
文件吗?这将使我能够弄清楚您正在运行哪个 Varnish 容器映像以及它的功能。