ProHoster > Блог > Gudanarwa > Gina da daidaita CDN ɗin ku

Gina da daidaita CDN ɗin ku

Ana amfani da hanyoyin sadarwa na Isar da abun ciki (CDNs) a cikin gidajen yanar gizo da aikace-aikace da farko don hanzarta loda abubuwan da ke tsaye. Wannan yana faruwa ne saboda caching na fayiloli akan sabar CDN dake cikin yankuna daban-daban. Ta hanyar neman bayanai ta CDN, mai amfani yana karɓa daga sabar mafi kusa.

Ka'idar aiki da ayyuka na duk hanyoyin sadarwar isar da abun ciki kusan iri ɗaya ne. Bayan samun buƙatun don saukar da fayil, uwar garken CDN yana ɗaukar shi lokaci ɗaya daga asalin uwar garken kuma yana ba mai amfani, a lokaci guda yana ɓoye shi na ƙayyadadden lokaci. Ana amsa duk buƙatun da ke biyo baya daga ma'ajin. Duk CDNs suna da zaɓuɓɓuka don preload fayiloli, share cache, saita ranar karewa, da ƙari.

Yana faruwa cewa, saboda dalili ɗaya ko wani, kuna buƙatar tsara hanyar sadarwar isar da abun cikin ku, sannan - bari umarnin haɗa keken na gaba ya taimaka mana.

Gina da daidaita CDN ɗin ku
source: Infographic vector halitta ta pikisuperstar - www.freepik.com

Lokacin da kuke buƙatar CDN ku

Yi la'akari da lamuran inda gudanar da CDN na ku yana da ma'ana:

  • lokacin da akwai sha'awar adana kuɗi, da kuma kashe kuɗi koda lokacin amfani da CDN marasa tsada kamar BunnyCDN adadin daloli da yawa a wata
  • idan muna so mu sami cache na dindindin ko cache ba tare da uwar garken da maƙwabta ta tashar ba
  • Ayyukan CDN ba su da wuraren zama a yankin da kuke buƙata
  • duk wani saitunan isar da abun ciki na musamman da ake buƙata
  • muna so mu hanzarta isar da abun ciki mai ƙarfi ta hanyar sanya uwar garken samarwa kusa da masu amfani
  • akwai damuwa cewa sabis na CDN na ɓangare na uku na iya tattarawa ba bisa ka'ida ba ko amfani da bayanai game da halayen mai amfani (sannu ayyukan da ba su dace da GDPR ba) ko shiga cikin wasu ayyukan da ba bisa ka'ida ba.

A mafi yawancin lokuta, ya fi dacewa a yi amfani da shirye-shiryen da aka ƙera.

Me kuke bukata don farawa

Yana da ban sha'awa idan kuna da Tsarin Mulkin ku (AS). Tare da shi, zaku iya sanya IP iri ɗaya zuwa sabar da yawa kuma bisa ga wannan umarni a matakin cibiyar sadarwa, kai tsaye masu amfani zuwa mafi kusa. Yana da kyau a faɗi cewa ko da tare da toshe adireshin /24, yana yiwuwa a gina hanyar sadarwar isar da abun ciki. Wasu masu samar da uwar garken suna ba ku damar yin sanarwa don amfani a duk yankuna da ke gare su.

Idan ba ku da farin ciki mai bulo na adiresoshin IP, to don gudanar da CDN mai sauƙi kuna buƙatar:

  • domain name ko reshen yanki
  • aƙalla sabobin biyu a yankuna daban-daban. Sabar na iya zama ko dai sadaukarwa ko kama-da-wane
  • geoDNS kayan aiki. Da shi, mai amfani, bayan ya yi jawabi kan yankin, za a tura shi zuwa uwar garken mafi kusa

Yi rijistar yanki kuma oda sabobin

Tare da rajistar yanki, komai yana da sauƙi - muna yin rajista a kowane yanki tare da kowane mai rejista. Hakanan zaka iya amfani da reshen yanki don CDN, misali wani abu kamar cdn.domainname.com. A gaskiya, a cikin misalinmu, za mu yi haka.

Dangane da odar sabar, yakamata a yi hayar su a yankuna da ƙasashe inda masu sauraron mai amfani suke. Idan aikin yana tsaka-tsaki, to yana da dacewa don zaɓar masu ba da sabis waɗanda ke ba da sabobin a duk faɗin duniya lokaci ɗaya. Misalai: OVH, haya yanar gizo и 100 Tb - don sadaukarwa sabobin, Nuna и DigitalOcean - don kama-da-wane girgije*.

Don CDN ɗin mu masu zaman kansu, za mu yi odar sabar sabar guda 3 a nahiyoyi daban-daban. A Nuna a kan uwar garke don $5/mo za mu samu 25GB SSD wurare da 1TB na zirga-zirga. Lokacin shigarwa, zaɓi sabuwar Debian. Sabbin mu:

Gina da daidaita CDN ɗin ku Frankfurt, IP: 199.247.18.199

Gina da daidaita CDN ɗin ku Chicago, IP: 149.28.121.123

Gina da daidaita CDN ɗin ku Сингапур, IP: 157.230.240.216

*Vultr da DigitalOcean sun yi alkawarin bashi $100 ga masu amfani waɗanda suka yi rajista ta hanyar haɗin yanar gizon da ke cikin labarin nan da nan bayan ƙara hanyar biyan kuɗi. Har ila yau marubucin ya sami ƙaramin yabo daga wannan, wanda ke da mahimmanci a gare shi a yanzu. Da fatan za a fahimta.

Saita geoDNS

Domin a kai mai amfani zuwa uwar garken da ake so (mafi kusa) lokacin samun damar yanki ko yanki na CDN, muna buƙatar uwar garken DNS tare da aikin geoDNS.

Ka'ida da aiki na geoDNS sune kamar haka:

  1. Yana ƙayyade IP na abokin ciniki wanda ya aika buƙatar DNS, ko IP na uwar garken DNS mai maimaitawa wanda ake amfani dashi lokacin sarrafa buƙatar abokin ciniki. Irin waɗannan sabar masu maimaitawa yawanci DNS-s na masu samarwa ne.
  2. IP na abokin ciniki ya gane ƙasarsa ko yankinsa. Don wannan, ana amfani da bayanan bayanan GeoIP, wanda akwai da yawa da yawa a yau. Akwai masu kyau free zažužžukan.
  3. Dangane da wurin da abokin ciniki yake, yana ba shi adireshin IP na uwar garken CDN mafi kusa.

Sabar DNS tare da aikin geoDNS na iya zama tara da kanku, amma yana da kyau a yi amfani da shirye-shiryen da aka yi tare da hanyar sadarwa na sabobin DNS a duniya da Anycast daga akwatin:

  • Cloud daga $9.95/mo, GeoDNS jadawalin kuɗin fito, ta hanyar tsoho akwai gazawar DNS guda ɗaya
  • Zilore daga $25/mo, An kunna gazawar DNS
  • Hanyar Amazon 53 daga $35/mo don net 50M geo-buƙatun. An yi lissafin Failover DNS daban
  • DNS Mai Sauƙi daga $125/mo, akwai 10 DNS Failovers
  • Cloudflare, "Geo Steering" yana samuwa a cikin tsare-tsaren Kasuwanci

Lokacin yin odar geoDNS, ya kamata ku kula da adadin buƙatun da aka haɗa a cikin jadawalin kuɗin fito kuma ku tuna cewa ainihin adadin buƙatun zuwa yankin na iya wuce tsammanin sau da yawa. Miliyoyin gizo-gizo, na'urorin daukar hoto, masu satar bayanai da sauran mugayen ruhohi suna aiki tukuru.

Kusan duk ayyukan DNS sun haɗa da sabis ɗin da ba makawa don gina CDN - Failover DNS. Tare da taimakonsa, zaku iya saita saka idanu akan ayyukan sabar ku kuma, idan babu alamun rayuwa, ta atomatik maye gurbin adireshin uwar garken da ba ya aiki tare da ajiyar ajiya a cikin martanin DNS.

Don gina CDN ɗin mu, za mu yi amfani da shi Cloud, GeoDNS jadawalin kuɗin fito.

Bari mu ƙara sabon yankin DNS a cikin keɓaɓɓen asusun ku, yana tantance yankinku. Idan muna gina CDN a kan yanki na yanki, kuma an riga an fara amfani da babban yanki, to nan da nan bayan ƙara yankin, kar a manta da ƙara bayanan DNS masu aiki. Mataki na gaba shine ƙirƙirar rikodin A da yawa don yanki / yanki na CDN, kowannensu za a yi amfani da shi zuwa yankin da muka ayyana. Kuna iya ƙayyade nahiyoyi ko ƙasashe a matsayin yankuna, ƙananan yankuna suna samuwa ga Amurka da Kanada.

A cikin yanayinmu, za a tayar da CDN akan wani yanki na yanki cdn.sait.in. Ta ƙara yanki sai in, ƙirƙiri rikodin A na farko don yanki kuma nuna duk Arewacin Amurka zuwa uwar garken a Chicago:

Gina da daidaita CDN ɗin ku
Bari mu sake maimaita aikin don wasu yankuna, tunawa da ƙirƙirar shigarwa guda ɗaya don yankunan da aka saba. Ga abin da ya faru a ƙarshe:

Gina da daidaita CDN ɗin ku

Shigar da tsoho ta ƙarshe a cikin hoton hoton yana nufin cewa duk yankuna da ba a bayyana ba (kuma waɗannan su ne Turai, Afirka, masu amfani da Intanet na tauraron dan adam, da sauransu) zuwa uwar garken a Frankfurt.

Wannan yana kammala ainihin saitin DNS. Ya rage don zuwa gidan yanar gizon mai rejista kuma maye gurbin NSs na yanzu tare da waɗanda ClouDNS suka bayar. Kuma yayin da za a sabunta NSs, za mu shirya sabobin.

Shigar da takaddun shaida na SSL

CDN ɗin mu zai yi aiki akan HTTPS, don haka idan kun riga kuna da takaddun shaida na SSL don yanki ko yanki, loda su zuwa duk sabobin, misali, zuwa kundin adireshi. /da sauransu/ssl/domain ku/

Idan babu takaddun shaida, zaku iya samun kyauta daga Mu Encrypt. Cikakke don wannan ACME Shellscript. Abokin ciniki ya dace da sauƙi don saitawa, kuma mafi mahimmanci, yana ba ku damar inganta yanki / yanki ta hanyar DNS ta hanyar Cloud API.

Za mu shigar da acme.sh a kan ɗaya daga cikin sabobin - Turai 199.247.18.199, daga abin da takaddun shaida za a kwafi ga duk sauran. Don shigarwa, gudu:

root@cdn:~# wget -O - https://get.acme.sh | bash; source ~/.bashrc

Yayin shigar da rubutun, za a ƙirƙiri aikin CRON don ƙarin sabunta takaddun shaida ba tare da sa hannunmu ba.

Lokacin bayar da takaddun shaida, za a bincika yankin ta amfani da DNS ta amfani da API, don haka a cikin asusun sirri na ClouDNS a cikin menu na API mai sake siyarwa, kuna buƙatar ƙirƙirar API ɗin sabon mai amfani kuma saita kalmar sirri don shi. Za a rubuta sakamakon auth-id tare da kalmar sirri a cikin fayil ɗin ~/.acme.sh/dnsapi/dns_cloudns.sh (kada ku ruɗe tare da fayil DNS_clouddns.sh). Ga layukan da ya kamata a ba su bayani kuma a gyara su:

CLOUDNS_AUTH_ID=<auth-id>
CLOUDNS_AUTH_PASSWORD="<пароль>"

Yanzu za mu nemi takardar shaidar SSL don cdn.sait.in

root@cdn:~# acme.sh --issue --dns dns_cloudns -d cdn.sayt.in --reloadcmd "service nginx reload"

A cikin zaɓuɓɓukan, don nan gaba, mun ƙayyadaddun umarni don sake shigar da saitin sabar gidan yanar gizo ta atomatik bayan kowane sabuntawa na lokacin ingancin takaddun shaida a nan gaba.

Dukkanin tsarin samun takardar shaidar na iya ɗaukar har zuwa mintuna 2, kar a katse shi. Idan kuskuren tabbatar da yanki ya auku, gwada sake gudanar da umarnin. A ƙarshe za mu ga inda aka loda takaddun shaida:

Gina da daidaita CDN ɗin ku

Ka tuna waɗannan hanyoyin, za su buƙaci a ƙayyade lokacin yin kwafin takardar shaidar zuwa wasu sabar, da kuma a cikin saitunan sabar yanar gizo. Ba mu kula da kuskuren sake shigar da saitunan Nginx ba - ba zai kasance akan sabar da aka daidaita ba yayin sabunta takaddun shaida.

Duk abin da muka bari don SSL shine kwafin takardar shaidar da aka karɓa zuwa wasu sabar guda biyu yayin kiyaye hanyar zuwa fayilolin. Bari mu ƙirƙiri kundayen adireshi iri ɗaya akan kowannen su kuma mu yi kwafi:

root@cdn:~# mkdir -p /root/.acme.sh/cdn.sayt.in/
root@cdn:~# scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/

Don sabunta takaddun shaida akai-akai, ƙirƙirar aikin CRON na yau da kullun akan sabobin biyu tare da umarni:

scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/ && service nginx reload

A wannan yanayin, dole ne a saita damar zuwa uwar garken tushen nesa ta key, i.e. ba tare da shigar da kalmar sirri ba. Kar a manta da yin shi.

Shigarwa da daidaitawa Nginx

Don ba da abun ciki a tsaye, za mu yi amfani da Nginx da aka saita azaman uwar garken wakili na caching. Sabunta jerin fakitin kuma shigar da shi akan duk sabobin uku:

root@cdn:~# apt update
root@cdn:~# apt install nginx

Maimakon tsoho, muna amfani da saitin daga mai ɓarna da ke ƙasa:
nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 4096;
    multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log off;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_disable "msie6";
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_vary on;
    gzip_types text/plain application/javascript text/javascript text/css application/json application/xml text/xml application/rss+xml;
    gunzip on;            

    proxy_temp_path    /var/cache/tmp;
    proxy_cache_path   /var/cache/cdn levels=1:2 keys_zone=cdn:64m max_size=20g inactive=7d;
    proxy_cache_bypass $http_x_update;

server {
  listen 443 ssl;
  server_name cdn.sayt.in;

  ssl_certificate /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.cer;
  ssl_certificate_key /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.key;

  location / {
    proxy_cache cdn;
    proxy_cache_key $uri$is_args$args;
    proxy_cache_valid 90d;
    proxy_pass https://sayt.in;
    }
  }
}

Gyara a cikin tsarin:

  • max_size - girman cache, bai wuce sararin faifai da ke akwai ba
  • m - lokacin ajiya na bayanan da aka adana wanda babu wanda ya isa
  • ssl_certificate и ssl_certificate_key - hanyoyin zuwa takardar shaidar SSL da fayilolin maɓalli
  • proxy_cache_valid - lokacin ajiya na bayanan da aka adana
  • proxy_pass - adireshin asalin uwar garken wanda CDN zai buƙaci fayiloli don caching. A cikin misalinmu, wannan sai in

Kamar yadda kake gani, komai yana da sauki. Wahala kawai zai iya tasowa wajen saita lokacin caching saboda kamanni na umarnin m и proxy_cache_valid. Bari mu bincika su da misalinmu. Ga abin da zai faru lokacin rashin aiki=7d и proxy_cache_valid 90d:

  • idan ba a maimaita buƙatar a cikin kwanaki 7 ba, to za a share bayanan daga cache bayan wannan lokacin
  • idan aka maimaita buƙatar aƙalla sau ɗaya a kowane kwanaki 7, to bayanan da ke cikin cache za a yi la'akari da su ba su da amfani bayan kwanaki 90 kuma Nginx zai sabunta shi tare da buƙatun na gaba, ɗauka daga asalin sabar.

An gama gyarawa nginx.conf, sake loda tsarin:

root@cdn:~# service nginx reload

CDN ɗin mu yana shirye. Don $15/mo. mun sami maki na kasancewa a nahiyoyi uku da 3 TB na zirga-zirga: 1 tarin fuka a kowane wuri.

Tabbatar da aikin CDN

Bari mu kalli pings zuwa CDN ɗin mu daga wurare daban-daban. Duk wani sabis na ping zai yi aiki don wannan.

Ƙaddamar da batu
Mai watsa shiri
IP
Matsakaicin lokaci, ms

Jamus Berlin
cdn.sait.in
199.247.18.199
9.6

Netherlands, Amsterdam
cdn.sait.in
199.247.18.199
10.1

Faransa Paris
cdn.sait.in
199.247.18.199
16.3

United Kingdom, London
cdn.sait.in
199.247.18.199
14.9

Kanada, Toronto
cdn.sait.in
149.28.121.123
16.2

Amurka, San Francisco
cdn.sait.in
149.28.121.123
52.7

Amurka, Dallas
cdn.sait.in
149.28.121.123
23.1

Amurka, Chicago
cdn.sait.in
149.28.121.123
2.6

Amurka, New York
cdn.sait.in
149.28.121.123
19.8

Сингапур
cdn.sait.in
157.230.240.216
1.7

Japan Tokyo
cdn.sait.in
157.230.240.216
74.8

Australia, Sydney
cdn.sait.in
157.230.240.216
95.9

Sakamakon yana da kyau. Yanzu za mu sanya hoton gwaji a tushen babban shafin gwaji.jpg kuma duba saurin zazzagewarsa ta CDN. An ce - yi. Ana isar da abun ciki cikin sauri.

Bari mu rubuta ƙaramin rubutun idan muna son share cache akan ma'aunin CDN.
tsarkakewa.sh

#!/bin/bash
if [ -z "$1" ]
then
    echo "Purging all cache"
    rm -rf /var/cache/cdn/*
else
    echo "Purging $1"
    FILE=`echo -n "$1" | md5sum | awk '{print $1}'`
    FULLPATH=/var/cache/cdn/${FILE:31:1}/${FILE:29:2}/${FILE}
    rm -f "${FULLPATH}"
fi

Don share cache gabaɗaya, kawai gudanar da shi, ana iya share fayil daban kamar haka:

root@cdn:~# ./purge.sh /test.jpg

Maimakon yanke shawara

A ƙarshe, ina so in ba da wasu shawarwari masu amfani don in taka ragon da ya sa kaina ya yi zafi a lokacin:

  • Don haɓaka rashin haƙuri na CDN, ana ba da shawarar saita Failover na DNS, wanda ke taimakawa da sauri canza rikodin A yayin fashewar sabar. Ana yin wannan a cikin rukunin kula da bayanan DNS na yankin.
  • Shafukan da ke da faffadan keɓancewar ƙasa ba shakka suna buƙatar ɗimbin CDNs, amma kada mu kasance masu tsattsauran ra'ayi. Mai yiwuwa mai amfani ba zai lura da wani gagarumin bambanci idan aka kwatanta da CDN da aka biya idan kun sanya sabobin a wurare 6-7: Turai, Arewacin Amirka (gabas), Arewacin Amirka (yamma), Singapore, Australia, Hong Kong ko Japan
  • Wasu lokuta masu ba da izini ba sa ƙyale amfani da sabar hayar don dalilan CDN. Don haka, idan ba zato ba tsammani kun yanke shawarar tura hanyar sadarwar isar da abun ciki azaman sabis, kar ku manta da karanta ƙa'idodin wani mai ba da sabis a gaba.
  • Gano Taswirar sadarwa ta karkashin ruwadon wakiltar yadda ake haɗa nahiyoyi da kuma yin la'akari da wannan lokacin gina hanyar sadarwar isar da abun ciki
  • Yi ƙoƙarin dubawa pings daga wurare daban-daban zuwa sabobin ku. Ta wannan hanyar zaku iya ganin yankuna mafi kusa da maki CDN kuma ku daidaita GeoDNS daidai
  • Dangane da ayyukan, zai zama da amfani don daidaita Nginx don takamaiman buƙatun caching da la'akari da nauyin sabar. Labarun game da cache Nginx sun taimaka mini da yawa a cikin wannan - a nan da hanzarin aiki a ƙarƙashin nauyi mai nauyi: a nan и a nan

source: www.habr.com