Kupanga ndi kukonza CDN yanu

Content Delivery Networks (CDNs) amagwiritsidwa ntchito m'mawebusayiti ndi mapulogalamu makamaka kuti afulumizitse kutsitsa kwazinthu zokhazikika. Izi zimachitika chifukwa cha kusungitsa mafayilo pa seva za CDN zomwe zili m'malo osiyanasiyana. Popempha deta kudzera pa CDN, wogwiritsa ntchito amalandira kuchokera ku seva yapafupi.

Mfundo ya ntchito ndi magwiridwe antchito a maukonde onse operekera zinthu ndi ofanana. Atalandira pempho lotsitsa fayilo, seva ya CDN imatenga nthawi imodzi kuchokera pa seva yoyambirira ndikuipereka kwa wogwiritsa ntchito, nthawi yomweyo ndikuyisunga kwa nthawi yodziwika. Zopempha zonse zotsatila zimayankhidwa kuchokera ku cache. Ma CDN onse ali ndi zosankha zotsitsa mafayilo, kufufuta cache, kukhazikitsa tsiku lotha ntchito, ndi zina zambiri.

Zimachitika kuti, pazifukwa zina, muyenera kukonza maukonde anu operekera zinthu, ndiyeno - lolani malangizo osonkhanitsira njinga yotsatira kuti atithandize.

Source: Infographic vector yopangidwa ndi pikisuperstar - www.freepik.com

Mukafuna CDN yanu

Ganizirani zochitika zomwe kuyendetsa CDN yanu ndikomveka:

• pakakhala chikhumbo chofuna kusunga ndalama, ndikuyendetsa ndalama ngakhale mutagwiritsa ntchito ma CDN otsika mtengo ngati Mtengo wa BunnyCDN ndalama zokwana madola mazana angapo pamwezi
• ngati tikufuna kupeza cache yokhazikika kapena cache popanda seva ndi oyandikana nawo ma channel
• Ntchito za CDN zilibe malo opezeka m'dera lomwe mukufuna
• makonda aliwonse apadera operekera zinthu zofunika
• tikufuna kufulumizitsa kutumiza zinthu zamphamvu poyika seva yopanga pafupi ndi ogwiritsa ntchito
• pali nkhawa kuti gulu lachitatu la CDN litha kusonkhanitsa kapena kugwiritsa ntchito zidziwitso za ogwiritsa ntchito (moni zomwe sizikugwirizana ndi GDPR) kapena kuchita zinthu zina zosaloledwa.

Nthawi zambiri, ndi koyenera kugwiritsa ntchito njira zomwe zakonzedwa kale.

Zomwe muyenera kuyambitsa

Ndizodabwitsa ngati muli ndi Autonomous System (AS) yanu. Ndi izo, mutha kugawa IP yomweyo ku maseva angapo ndi molingana ndi malangizo awa pamlingo wa netiweki, wongolerani ogwiritsa ntchito omwe ali pafupi kwambiri. Ndikoyenera kunena kuti ngakhale ndi block / 24 adilesi, ndizotheka kupanga netiweki yotumizira zinthu. Ena opereka ma seva amakulolani kuti mulengeze kuti mugwiritse ntchito m'madera onse omwe ali nawo.

Ngati simuli eni ake okondwa a ma adilesi a IP, ndiye kuti mugwiritse ntchito CDN yosavuta muyenera:

• dzina lachidziwitso kapena subdomain
• ma seva osachepera awiri m'magawo osiyanasiyana. Seva ikhoza kukhala yodzipereka kapena yeniyeni
• chida cha geoDNS. Ndi iyo, wogwiritsa ntchito, atalankhula ndi domain, adzatumizidwa ku seva yapafupi

Lembetsani domeni ndikuyitanitsa ma seva

Ndi kulembetsa kwa domain, chilichonse ndi chosavuta - timalembetsa m'dera lililonse ndi registrar aliyense. Mukhozanso kugwiritsa ntchito subdomain kwa CDN, mwachitsanzo, monga cdn.domainname.com. Kwenikweni, mu chitsanzo chathu, tidzachita zimenezo.

Ponena za ma seva oyitanitsa, ayenera kubwerekedwa kumadera ndi mayiko omwe omvera anu ali. Ngati polojekitiyi ndi intercontinental, ndiye kuti ndi bwino kusankha operekera omwe amapereka ma seva padziko lonse lapansi nthawi imodzi. Zitsanzo: OVH, lease web и 100tb ku - kwa ma seva odzipatulira, Vultr и DigitalOcean - kwa mtambo weniweni *.

Pa CDN yathu yachinsinsi, tidzayitanitsa ma seva a 3 m'makontinenti osiyanasiyana. Pa Vultr pa seva ya $5/mwezi tipeza 25GB SSD malo ndi 1TB ya magalimoto. Mukayika, sankhani Debian yaposachedwa. Ma seva athu:

FrankfurtIP: 199.247.18.199

ChicagoIP: 149.28.121.123

СингапурIP: 157.230.240.216

* Vultr ndi DigitalOcean amalonjeza ngongole ya $ 100 kwa ogwiritsa ntchito omwe amalembetsa ulalo wa nkhaniyi atangowonjezera njira yolipira. Wolembayo amalandiranso chiyamikiro chaching'ono kuchokera ku izi, zomwe ziri zofunika kwambiri kwa iye tsopano. Chonde khalani omvetsetsa.

Kukhazikitsa geoDNS

Kuti wogwiritsa ntchito alowetsedwe ku seva yofunidwa (yapafupi) pamene akulowa mu domain kapena CDN subdomain, timafunikira seva ya DNS ndi ntchito ya geoDNS.

Mfundo ndi kagwiritsidwe ntchito ka geoDNS ndi motere:

1. Imatchula IP ya kasitomala yemwe adatumiza pempho la DNS, kapena IP ya seva yobwereza ya DNS yomwe imagwiritsidwa ntchito pokonza pempho la kasitomala. Ma seva obwereza ngati awa nthawi zambiri amakhala ma DNS-s opereka.
2. IP ya kasitomala imazindikira dziko kapena dera lake. Pachifukwa ichi, ma database a GeoIP amagwiritsidwa ntchito, omwe alipo ambiri masiku ano. Pali zabwino zosankha zaulere.
3. Kutengera komwe kasitomala ali, amamupatsa adilesi ya IP ya seva yapafupi ya CDN.

Seva ya DNS yokhala ndi ntchito ya geoDNS ikhoza kukhala sonkhanani nokha, koma ndibwino kugwiritsa ntchito mayankho okonzeka ndi ma seva a DNS padziko lonse lapansi komanso Aliyense kuchokera ku bokosi:

• Zithunzi za CloudDNS от $9.95/mwezi, GeoDNS tariff, mwachisawawa pali DNS Failover imodzi
• Zilore от $25/mwezi, DNS Failover yathandizidwa
• Amazon Route 53 от $35/mwezi pazofunsira zonse za 50M za geo. DNS Failover imalipidwa padera
• DNS Yosavuta от $125/mwezi, pali 10 DNS Failvers
• Cloudflare, gawo la "Geo Steering" likupezeka mu mapulani a Enterprise

Mukayitanitsa geoDNS, muyenera kulabadira kuchuluka kwa zopempha zomwe zikuphatikizidwa mumitengo ndikukumbukira kuti kuchuluka kwa zopempha kuderali kumatha kupitilira zomwe zikuyembekezeredwa kangapo. Mamiliyoni a akangaude, ma scanner, spammers ndi mizimu ina yoipa imagwira ntchito mosatopa.

Pafupifupi ntchito zonse za DNS zikuphatikiza ntchito yofunikira pakumanga CDN - DNS Failover. Ndi chithandizo chake, mutha kukhazikitsa kuwunika momwe ma seva anu akugwirira ntchito ndipo, ngati palibe zizindikiro za moyo, mumangosintha adilesi ya seva yosagwira ntchito ndi zosunga zobwezeretsera mumayankho a DNS.

Kuti tipange CDN yathu, tidzagwiritsa ntchito CloudDNS, GeoDNS tariff.

Tiyeni tiwonjeze malo atsopano a DNS muakaunti yanu, kutchula domeni yanu. Ngati tikumanga CDN pa subdomain, ndipo dera lalikulu likugwiritsidwa ntchito kale, ndiye mwamsanga mutangowonjezera chigawocho, musaiwale kuwonjezera zolemba za DNS zomwe zilipo. Chotsatira ndikupanga ma A-rekodi angapo a CDN domain / subdomain, iliyonse idzagwiritsidwa ntchito kudera lomwe tafotokoza. Mutha kutchula makontinenti kapena maiko monga zigawo, madera ang'onoang'ono akupezeka ku USA ndi Canada.

Kwa ife, CDN idzakwezedwa pa subdomain cdn.sayt.in. Powonjezera zone sat.in, pangani A-rekodi yoyamba ya subdomain ndikulozera ku North America ku seva ku Chicago:

Tiyeni tibwereze zomwe zikuchitika kumadera ena, kukumbukira kupanga cholowera chimodzi cha zigawo zosasinthika. Nazi zomwe zimachitika pamapeto pake:

Kulowa komaliza pazithunzithunzi kumatanthauza kuti madera onse osatchulidwa (ndipo awa ndi Europe, Africa, ogwiritsa ntchito intaneti satana, etc.) adzatumizidwa ku seva ku Frankfurt.

Izi zimamaliza kukhazikitsa koyambira kwa DNS. Zimatsalira kupita kutsamba la registrar domain ndikusintha ma NS omwe alipo ndi omwe aperekedwa ndi CloudDNS. Ndipo pamene ma NS adzasinthidwa, tidzakonzekera ma seva.

Kuyika ziphaso za SSL

CDN yathu idzagwira ntchito pa HTTPS, kotero ngati muli ndi ziphaso za SSL za domain kapena subdomain, zikwezeni ku ma seva onse, mwachitsanzo, ku chikwatu. /etc/ssl/yourdomain/

Ngati palibe satifiketi, mutha kupeza yaulere kuchokera ku Let's Encrypt. Wangwiro kwa izi ACME Shellscript. Wothandizirayo ndi wosavuta komanso wosavuta kukhazikitsa, ndipo chofunika kwambiri, amakulolani kutsimikizira domain/subdomain ndi DNS kudzera pa CloudDNS API.

Tidzayika acme.sh pa seva imodzi yokha - European 199.247.18.199, kumene ziphaso zidzakopera kwa ena onse. Kuti muyike, yesani:

root@cdn:~# wget -O - https://get.acme.sh | bash; source ~/.bashrc

Pakuyika script, ntchito ya CRON idzapangidwa kuti ipititsensonso satifiketi popanda kutenga nawo gawo.

Mukamapereka satifiketi, dera lidzayang'aniridwa pogwiritsa ntchito DNS pogwiritsa ntchito API, kotero mu akaunti yanu ya CloudDNS mu menyu ya Reseller API, muyenera kupanga API yatsopano ndikuyika mawu achinsinsi. Zotsatira za auth-id yokhala ndi mawu achinsinsi zidzalembedwa mufayilo ~/.acme.sh/dnsapi/dns_cloudns.sh (osasokonezedwa ndi fayilo dns_clouddns.sh). Nayi mizere yomwe ikuyenera kusinthidwa ndikusinthidwa:

CLOUDNS_AUTH_ID=<auth-id>
CLOUDNS_AUTH_PASSWORD="<пароль>"

Tsopano tipempha satifiketi ya SSL cdn.sayt.in

root@cdn:~# acme.sh --issue --dns dns_cloudns -d cdn.sayt.in --reloadcmd "service nginx reload"

Muzosankha, m'tsogolomu, tatchula lamulo loti mukhazikitsenso kasinthidwe ka seva yapaintaneti pambuyo pa kukonzanso kulikonse kwa nthawi yovomerezeka ya satifiketi mtsogolomo.

Njira yonse yopezera satifiketi imatha kutenga mphindi 2, osasokoneza. Ngati vuto lotsimikizira domeni lichitika, yesaninso kuyitanitsanso lamulolo. Pamapeto pake tiwona komwe ma satifiketi adakwezedwa:

Kumbukirani njira izi, ziyenera kufotokozedwa pokopera satifiketi kumaseva ena, komanso pazokonda zapaintaneti. Sitikulabadira cholakwika pakukwezanso ma configs a Nginx - sizikhala pa seva yokhazikika pokonzanso ziphaso.

Zomwe tasiya ku SSL ndikukopera satifiketi yolandila ku ma seva ena awiri ndikusunga njira yopita kumafayilo. Tiyeni tipange zolemba zomwezo pa iliyonse ya iwo ndikupanga kope:

root@cdn:~# mkdir -p /root/.acme.sh/cdn.sayt.in/
root@cdn:~# scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/

Kuti musinthe satifiketi pafupipafupi, pangani ntchito ya CRON tsiku lililonse pamaseva onse ndi lamulo:

scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/ && service nginx reload

Pankhaniyi, mwayi wofikira ku seva yakutali kuyenera kukhazikitsidwa pa kiyi,ndi. popanda kulowa mawu achinsinsi. Osayiwala kuchita izo.

Kukhazikitsa ndi kukonza Nginx

Kuti tigwiritse ntchito zokhazikika, tidzagwiritsa ntchito Nginx yokonzedwa ngati seva ya proxy caching. Sinthani mndandanda wa phukusi ndikuyiyika pa maseva onse atatu:

root@cdn:~# apt update
root@cdn:~# apt install nginx

M'malo mokhazikika, timagwiritsa ntchito config kuchokera kwa spoiler pansipa:
nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 4096;
    multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log off;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_disable "msie6";
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_vary on;
    gzip_types text/plain application/javascript text/javascript text/css application/json application/xml text/xml application/rss+xml;
    gunzip on;            

    proxy_temp_path    /var/cache/tmp;
    proxy_cache_path   /var/cache/cdn levels=1:2 keys_zone=cdn:64m max_size=20g inactive=7d;
    proxy_cache_bypass $http_x_update;

server {
  listen 443 ssl;
  server_name cdn.sayt.in;

  ssl_certificate /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.cer;
  ssl_certificate_key /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.key;

  location / {
    proxy_cache cdn;
    proxy_cache_key $uri$is_args$args;
    proxy_cache_valid 90d;
    proxy_pass https://sayt.in;
    }
  }
}

Sinthani mu config:

• kukula_kwambiri - kukula kwa cache, osapitirira malo a disk omwe alipo
• wosagwira - nthawi yosungira deta yosungidwa yomwe palibe amene adapeza
• ssl_certificate и ssl_certificate_key - njira zopita ku satifiketi ya SSL ndi mafayilo ofunikira
• proxy_cache_valid - nthawi yosungirako deta yosungidwa
• proxy_pass - adilesi ya seva yoyambirira pomwe CDN idzapempha mafayilo kuti asungidwe. Mu chitsanzo chathu, izi sat.in

Monga mukuonera, zonse ndi zosavuta. Vuto likhoza kubwera pokhazikitsa nthawi ya caching chifukwa cha kufanana kwa malangizowo wosagwira и proxy_cache_valid. Tiyeni tiwapende ndi chitsanzo chathu. Izi ndi zomwe zimachitika pamene osagwira =7d и proxy_cache_valid 90d:

• ngati pempho silinabwerezedwe mkati mwa masiku 7, ndiye kuti deta idzachotsedwa ku cache pambuyo pa nthawiyi
• ngati pempho libwerezedwa kamodzi masiku 7 aliwonse, ndiye kuti zomwe zili mu cache zidzatengedwa kuti ndi zachikale pambuyo pa masiku a 90 ndipo Nginx idzasintha ndi pempho lotsatira, ndikuyitenga kuchokera ku seva yoyambirira.

Anamaliza kusintha nginx.conf, kwezaninso kasinthidwe:

root@cdn:~# service nginx reload

CDN yathu yakonzeka. Kwa $15/mwezi. tinalandira mfundo zopezeka m'makontinenti atatu ndi 3 TB yamagalimoto: 1 TB pamalo aliwonse.

Kuwona ntchito ya CDN

Tiyeni tiwone ma pings ku CDN yathu kuchokera kumadera osiyanasiyana. Ntchito iliyonse ya ping idzagwira ntchito pa izi.

Poyambira
Wolandira
IP
Avg nthawi, ms

Germany Berlin
cdn.sayt.in
199.247.18.199
9.6

Netherlands, Amsterdam
cdn.sayt.in
199.247.18.199
10.1

France Paris
cdn.sayt.in
199.247.18.199
16.3

Great Britain, London
cdn.sayt.in
199.247.18.199
14.9

Canada, Toronto
cdn.sayt.in
149.28.121.123
16.2

USA, San Francisco
cdn.sayt.in
149.28.121.123
52.7

USA, Dallas
cdn.sayt.in
149.28.121.123
23.1

USA, Chicago
cdn.sayt.in
149.28.121.123
2.6

USA, New York
cdn.sayt.in
149.28.121.123
19.8

Сингапур
cdn.sayt.in
157.230.240.216
1.7

Japan Tokyo
cdn.sayt.in
157.230.240.216
74.8

Australia, Sydney
cdn.sayt.in
157.230.240.216
95.9

Zotsatira zake ndi zabwino. Tsopano tiyika chithunzi choyesera muzu wa tsamba lalikulu test.jpg ndikuwona kuthamanga kwake kotsitsa kudzera pa CDN. Akuti - zopangidwa. Zomwe zili mkati zimaperekedwa mwachangu.

Tiyeni tilembe script yaing'ono ngati tikufuna kuchotsa cache pa CDN point.
purge.sh

#!/bin/bash
if [ -z "$1" ]
then
    echo "Purging all cache"
    rm -rf /var/cache/cdn/*
else
    echo "Purging $1"
    FILE=`echo -n "$1" | md5sum | awk '{print $1}'`
    FULLPATH=/var/cache/cdn/${FILE:31:1}/${FILE:29:2}/${FILE}
    rm -f "${FULLPATH}"
fi

Kuti muchotse cache yonse, ingoyendetsani, fayilo ina imatha kutsukidwa motere:

root@cdn:~# ./purge.sh /test.jpg

M'malo momaliza

Pomaliza, ndikufuna kupereka malangizo othandiza kuti ndidutse nthawi yomweyo zomwe zidandipweteka mutu panthawiyo:

• Kuti muwonjezere kulekerera kwa zolakwika za CDN, tikulimbikitsidwa kuti mukonze DNS Failover, zomwe zimathandiza kusintha mwamsanga mbiri ya A pakagwa seva. Izi zimachitika mu gulu lowongolera la DNS zolemba za domain.
• Masamba omwe ali ndi madera ambiri mosakayikira amafunikira ma CDN ambiri, koma tisamatengeke. Mwinamwake wogwiritsa ntchito sangazindikire kusiyana kwakukulu poyerekeza ndi CDN yolipidwa ngati muyika maseva m'malo 6-7: Europe, North America (kum'mawa), North America (kumadzulo), Singapore, Australia, Hong Kong kapena Japan.
• Nthawi zina osungira salola kugwiritsa ntchito ma seva obwereketsa pazifukwa za CDN. Chifukwa chake, ngati mwadzidzidzi mwaganiza zotumiza netiweki yobweretsera zinthu ngati ntchito, musaiwale kuwerenga malamulo a woperekera alendo pasadakhale.
• Onani mapu olumikizirana pansi pamadzikuyimira momwe makontinenti amalumikizidwira ndikuganizira izi pomanga maukonde operekera zinthu
• Yesani kufufuza pings kuchokera kumalo osiyanasiyana ku ma seva anu. Mwanjira iyi mutha kuwona madera omwe ali pafupi kwambiri ndi ma CDN ndikukhazikitsa GeoDNS molondola
• Kutengera ndi ntchitozo, zingakhale zothandiza kukonza bwino Nginx pazofunikira zenizeni za caching ndikuganizira zomwe zili pa seva. Zolemba za cache ya Nginx zandithandiza kwambiri pa izi - apa ndi kufulumizitsa ntchito pansi pa katundu wolemetsa: apa и apa

Source: www.habr.com