Shabakadaha gudbinta nuxurka (CDNs) ayaa loo isticmaalaa mareegaha iyo codsiyada ugu horrayn si loo dedejiyo rarista walxaha taagan. Tani waxay ku dhacdaa iyadoo ay ugu wacan tahay kaydinta faylasha CDN server-yada ee ku yaal gobollo kala duwan. Codsashada xogta CDN, isticmaaluhu wuxuu ka helayaa server-ka kuugu dhow.
Mabda'a hawlgalka iyo shaqaynta dhammaan shabakadaha gudbinta nuxurku waa isku mid. Ka dib markii uu helay codsi ah in la soo dejiyo faylka, server-ka CDN wuxuu ka qaataa hal mar server-kii asalka ahaa wuxuuna siinayaa isticmaalaha, isla markaana kaydinaya muddo cayiman. Dhammaan codsiyada soo socda waxaa laga soo jawaabay khasnadda. Dhammaan CDN-yadu waxay leeyihiin ikhtiyaar ay ku hor-gudbiyaan faylalka, nadiifinta kaydka, dejiyaan taariikhda uu dhacayo, iyo in ka badan.
Waxay dhacdaa, hal sabab ama mid kale, waxaad u baahan tahay inaad habayso shabakadaada gudbinta nuxurka, ka dibna - u ogolow tilmaamaha ururinta baaskiilka soo socda inay nagu caawiyaan.
Source:
Markaad u baahan tahay CDN-gaaga
Tixgeli kiisaska halka socodsiinta CDN-gaaga ay macno samaynayso:
- marka ay jirto rabitaan lagu badbaadinayo lacag, iyo kharashaadka socodsiinta xitaa marka la isticmaalayo CDN-yada aan qaali ahayn sida waa dhowr boqol oo doolar bishii
- haddii aan rabno in aan helno kayd joogto ah ama kayd aan lahayn server iyo channel deriska
- Adeegyada CDN kuma laha dhibco joogitaan gobolka aad u baahan tahay
- dejimaha gaarsiinta nuxurka gaarka ah ee loo baahan yahay
- waxaan rabnaa in aan dedejinno gaarsiinta nuxurka firfircoon annagoo gelinaya server-ka wax soo saarka ee u dhow dadka isticmaala
- waxaa jira walaac laga qabo in adeega CDN qolo saddexaad ay si sharci darro ah u ururin karto ama u isticmaali karto macluumaadka ku saabsan hab-dhaqanka isticmaalaha (hello adeegyada aan u hoggaansanayn GDPR) ama ku lug yeesho hawlo kale oo sharci darro ah
Inta badan kiisaska kale, way ku habboon tahay in la isticmaalo xalal diyaarsan oo jira.
Maxaad u baahan tahay si aad u bilowdo
Waa wax cajiib ah haddii aad leedahay Nidaamka Madax-bannaanidaada (AS). Iyada, waxaad ku meelayn kartaa isla IP dhowr server iyo heerka shabakada, toos isticmaalayaasha kan ugu dhow. Waxaa habboon in la sheego in xitaa iyada oo leh / 24 block block, ay suurtagal tahay in la dhiso shabakad gudbinta nuxurka. Adeeg bixiyayaasha server-yada qaarkood ayaa kuu oggolaanaya inaad ku dhawaaqdo isticmaalka dhammaan gobollada ay heli karaan.
Haddii aadan ku faraxsanayn mulkiilaha block of cinwaanada IP, markaas si aad u maamusho CDN fudud waxaad u baahan doontaa:
- Magaca domain ama subdomain
- ugu yaraan laba server oo ku kala sugan gobolo kala duwan. Server-ku wuxuu noqon karaa mid go'an ama mid toos ah
- qalab geoDNS. Iyadoo la adeegsanayo, isticmaaluhu, isaga oo ka hadlaya domainka, waxaa lagu hagaajin doonaa server-ka kuugu dhow
Diiwaangeli domain oo dalbo adeegayaasha
Diiwaangelinta domainka, wax walbaa waa sahlan yihiin - waxaan ka diiwaan gashaneynaa aag kasta oo leh diiwaangeliye kasta. Waxa kale oo aad u isticmaali kartaa subdomain CDN, tusaale ahaan wax la mid ah cdn.domainname.com. Dhab ahaantii, tusaale ahaan, waxaanu samayn doonaa taas.
Xagga dalbashada server-yada, waa in laga kireeyaa gobollada iyo waddamada ay ku yaalliin dhageystayaasha adeegsadahaaga. Haddii mashruucu yahay mid ka dhexeeya qaaradaha, markaa way ku habboon tahay in la doorto bixiyeyaasha martigelinta kuwaas oo bixiya server-yada adduunka oo dhan hal mar. Tusaalooyinka: , ΠΈ - loogu talagalay server-yada gaarka ah, ΠΈ - loogu talagalay Cloud Virtual*.
CDN-gayada gaarka ah, waxaan ka dalban doonaa 3 server-ka casriga ah ee qaaradaha kala duwan. Marka Vultr on server-ka loogu talagalay $5/bishii waan heli doonaa 25GB SSD meelaha iyo 1TB ee taraafikada. Markaad rakibayso, dooro Debian-kii ugu dambeeyay. Adeegayaashayada:
Frankfurt, IP: 199.247.18.199
Chicago, IP: 149.28.121.123
Saaxiib, IP: 157.230.240.216
* Vultr iyo DigitalOcean waxay ballan qaadayaan $100 credit isticmaaleyaasha iska diiwaangeliya isku xirka maqaalka isla markaaba ka dib marka lagu daro habka lacag bixinta. Waxa kale oo uu qoraagu ka helay ammaan yar, taas oo hadda isaga aad muhiim ugu ah. Fadlan fahan
Dejinta geoDNS
Si isticmaaluhu loogu jiheeyo serverka la rabo (ugu dhow) marka la gelayo domain ama CDN subdomain, waxaan u baahanahay server DNS ah oo leh shaqada geoDNS.
Mabda'a iyo hawlgalka geoDNS waa sida soo socota:
- Wuxuu qeexayaa IP-ga macmiilka soo diray codsiga DNS, ama IP-ga server-ka DNS ee soo noqnoqda ee la isticmaalo marka la farsameynayo codsiga macmiilka. Adeegayaasha soo noqnoqda ee noocan oo kale ah badanaa waa DNS-s bixiyeyaasha.
- IP-ga macmiilku wuu aqoonsanayaa waddankiisa ama gobolkiisa. Taas awgeed, xog-ururinta GeoIP ayaa loo isticmaalaa, kuwaas oo ay jiraan kuwo aad u badan maanta. Waxaa jira wanaagsan .
- Iyada oo ku xidhan goobta uu macmiilku joogo, waxa ay siinaysaa ciwaanka IP-ga ee serfarka CDN ee kuugu dhow.
Adeegga DNS ee leh shaqada geoDNS wuxuu noqon karaa , laakiin way fiicantahay in la isticmaalo xalal diyaarsan oo leh shabakad ka mid ah server-yada DNS ee adduunka oo dhan iyo laga bilaabo sanduuqa:
- ka $9.95/bishii, GeoDNS tariff, asal ahaan waxaa jira hal DNS Failover
- ka $25/bishii, DNS Failover waa la furay
- ka $35/bishii Codsiyada juqraafiyeed ee 50M ah. Failover DNS si gaar ah ayaa loo dalacayaa
- ka $125/bishii, waxaa jira 10 DNS Failvers
- , "Geo Steering" sifada ayaa laga heli karaa qorshayaasha ganacsiga
Markaad dalbanayso geoDNS, waa inaad fiiro gaar ah u yeelataa tirada codsiyada ee ku jira tariifada oo maskaxda ku hay in tirada dhabta ah ee codsiyada domainka ay ka badan karto filashooyinka dhowr jeer. Malaayiin caaro-caaro ah, sawir-qaadayaal, spammers iyo jinniyada kale ee sharka leh ayaa si aan daal lahayn u shaqeeya.
Ku dhawaad ββdhammaan adeegyada DNS waxaa ka mid ah adeegga lagama maarmaanka u ah dhisidda CDN - Failover DNS. Caawinteeda, waxaad dejin kartaa la socodka hawlgalka server-yadaada iyo, maqnaanshaha calaamadaha nolosha, si toos ah u beddel cinwaanka server-ka aan shaqaynayn mid ka mid ah jawaabaha DNS.
Si loo dhiso CDN-kayaga, waxaan isticmaali doonaa , GeoDNS qiimaha.
Aan ku darno aag cusub oo DNS ah akoonkaaga gaarka ah, adoo tilmaamaya boggaga. Haddii aan ku dhiseyno CDN subdomain, iyo domainka ugu weyn ayaa horeyba loo isticmaalay, ka dibna isla markiiba ka dib markaad ku darto aagga, ha ilaawin inaad ku darto diiwaannada DNS ee shaqeynaya. Tallaabada xigta waa in la abuuro dhowr A-rikoob oo loogu talagalay domainka CDN / subdomain, mid kasta oo ka mid ah waxaa lagu dabaqi doonaa gobolka aan cayimnay. Waxaad u cayimi kartaa qaaradaha ama wadamada gobol ahaan, gobolo-hoosaadyadu waxay diyaar u yihiin USA iyo Kanada.
Xaaladeena, CDN-ga waxa lagu sara kicin doonaa subdomain cdn.sayt.in. Adigoo ku daray aag sayt.in, U samee diiwaanka A-ka ugu horreeya ee subdomain-ka oo ku tilmaam dhammaan Waqooyiga Ameerika server-ka Chicago:
Aan ku soo celino ficilka gobolada kale, anagoo xasuusaneyno inaan hal galno u sameyno gobolada aan caadiga ahayn. Waa tan waxa dhacaya dhamaadka:
Gelitaanka ugu dambeeya ee shaashadda waxay ka dhigan tahay in dhammaan gobollada aan la cayimin (iyo kuwani waa Yurub, Afrika, isticmaalayaasha internetka ee satellite-ka, iwm.) waxaa loo diri doonaa server-ka Frankfurt.
Tani waxay dhamaystiraysaa dejinta aasaasiga ah ee DNS. Way hadhsan tahay in la aado barta internetka ee diiwaan-hayaha oo lagu beddelo domain-ka NS ee hadda jira kuwa ay bixiso ClouDNS. Iyo inta NS-yada la cusboonaysiin doono, waxaanu diyaarin doonaa server-yada.
Rakibaadda shahaadooyinka SSL
CDN-kayagu wuxuu ka shaqayn doonaa HTTPS, markaa haddii aad hore u haysatid shahaadooyin SSL domain ama domain-hoosaad, u rar dhammaan server-yada, tusaale ahaan, hagaha. / iwm/ssl/domain-kaaga/
Haddii aysan jirin shahaadooyin, waxaad ka heli kartaa mid bilaash ah Aynu Sirinno. Ku fiican tan . Macmiilku waa ku habboon yahay oo fududahay in la dejiyo, iyo tan ugu muhiimsan, waxay kuu oggolaaneysaa inaad ku ansixiso domain / subdomain-ka DNS iyada oo loo marayo ClouDNS API.
Waxaan ku rakibi doonaa acme.sh mid ka mid ah server-yada - Yurub 199.247.18.199, kuwaas oo shahaadooyin laga koobi doono dhammaan kuwa kale. Si loo rakibo, socodsii:
root@cdn:~# wget -O - https://get.acme.sh | bash; source ~/.bashrcInta lagu jiro rakibidda qoraalka, shaqo CRON ah ayaa loo abuuri doonaa si loo cusboonaysiiyo shahaadooyinka anaga oo aan ka qaybgelin.
Marka la soo saarayo shahaado, domainka waxa lagu eegi doonaa iyada oo la isticmaalayo DNS iyada oo la adeegsanayo API-ga, markaa koontada gaarka ah ee ClouDNS ee ku jirta liiska dib-u-iibiyeyaasha API, waxaad u baahan tahay inaad abuurto API isticmaale cusub oo aad u dejiso furaha sirta ah. Xaqiijinta ka dhalata ee leh furaha sirta ah ayaa lagu qori doonaa faylka ~/.acme.sh/dnsapi/dns_cloudns.sh (ma aha in lagu khaldo faylka DNS_cloudDNS.sh). Waa kuwan khadadka u baahan in aan faallo laga bixin oo la tafatiro:
CLOUDNS_AUTH_ID=<auth-id>
CLOUDNS_AUTH_PASSWORD="<ΠΏΠ°ΡΠΎΠ»Ρ>"
Hadda waxaan codsan doonaa shahaadada SSL cdn.sayt.in
root@cdn:~# acme.sh --issue --dns dns_cloudns -d cdn.sayt.in --reloadcmd "service nginx reload"Ikhtiyaarada, mustaqbalka, waxaanu cayimnay amar si toos ah dib loogu soo dejiyo qaabaynta server-ka webka kadib cusboonaysiinta wakhtiga ansaxinta shahaadada mustaqbalka.
Nidaamka oo dhan ee helitaanka shahaadada waxay qaadan kartaa ilaa 2 daqiiqo, ha joojin. Haddii cilad xaqiijinta domain dhaco, isku day inaad mar kale socodsiiso amarka. Dhamaadka waxaan arki doonaa halka shahaadooyinka la soo galiyay:
Xusuusnow waddooyinkan, waxay u baahan doonaan in la caddeeyo markaad nuqul ka samaynayso shahaadada server-yada kale, iyo sidoo kale goobaha server-ka shabakadda. Ma daneyneyno qaladka dib u dejinta Nginx - kuma jiri doonto server si buuxda loo habeeyay marka la cusbooneysiinayo shahaadooyinka.
Waxa kaliya ee aan u dhaafnay SSL waa in aan nuqul ka samayno shahaadada la helay laba server oo kale iyada oo la ilaalinayo dariiqa faylalka. Aan ku abuurno buugag isku mid ah mid kasta oo iyaga ka mid ah oo aan ka samayno nuqul:
root@cdn:~# mkdir -p /root/.acme.sh/cdn.sayt.in/
root@cdn:~# scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/
Si loo cusboonaysiiyo shahaadooyinka si joogto ah, u samee shaqo maalinle ah CRON labada adeegayaal ee wata amarka:
scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/ && service nginx reload
Xaaladdan oo kale, gelitaanka server-ka isha fog waa in la habeeyaa , i.e. adigoon gelin furaha sirta ah. Ha iloobin inaad sameyso.
Ku rakibida iyo habaynta Nginx
Si loogu adeego nuxurka taagan, waxaanu isticmaali doonaa Nginx oo loo habeeyey sidii server wakiil kaydiya. Cusbooneysii liisaska xirmada oo ku rakib dhammaan seddexda server:
root@cdn:~# apt update
root@cdn:~# apt install nginxHalkii aan ka ahaan lahayn default, waxaan isticmaalnaa qaabeynta ka soo qaadka hoose:
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 4096;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain application/javascript text/javascript text/css application/json application/xml text/xml application/rss+xml;
gunzip on;
proxy_temp_path /var/cache/tmp;
proxy_cache_path /var/cache/cdn levels=1:2 keys_zone=cdn:64m max_size=20g inactive=7d;
proxy_cache_bypass $http_x_update;
server {
listen 443 ssl;
server_name cdn.sayt.in;
ssl_certificate /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.cer;
ssl_certificate_key /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.key;
location / {
proxy_cache cdn;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 90d;
proxy_pass https://sayt.in;
}
}
}Wax ka beddel qaabka:
- cabbirka ugu badan - cabbirka khasnadda, oo aan dhaafin meesha diskooga bannaan
- firfircoon - wakhtiga kaydinta xogta kaydsan oo aan cidina gaadhin
- ssl_shahaadad ΠΈ ssl_certificate_key - wadooyinka shahaadada SSL iyo faylasha muhiimka ah
- proxy_cache_valid - wakhtiga kaydinta xogta kaydsan
- proxy_pass - ciwaanka server-ka asalka ah kaas oo CDN uu ka codsan doono faylasha kaydinta. Tusaalahayaga, tani sayt.in
Sida aad arki karto, wax walba waa sahlan yihiin. Dhibaato ayaa ka dhalan karta oo kaliya in la dejiyo wakhtiga kaydinta sababtoo ah isku midka ah ee dardaaranka firfircoon ΠΈ proxy_cache_valid. Aynu ku lafo-gurno iyaga oo tusaale u ah. Waa kan waxa dhaca marka aan shaqayn=7d ΠΈ proxy_cache_valid 90d:
- haddii codsiga lagu soo celin waayo 7 maalmood gudahood, markaas xogta waa laga tirtiri doonaa kaydinta muddadan ka dib
- haddii codsiga lagu soo celiyo ugu yaraan hal mar 7dii maalmoodba mar, xogta ku jirta khasnadda waxaa loo tixgalin doonaa inay duugowday 90 maalmood ka dib Nginx waxay u cusbooneysiin doontaa codsiga soo socda, iyadoo ka qaadanaysa server-kii asalka ahaa
Dhammaatay in wax laga beddelo nginx.conf, dib u soo rar qaabka:
root@cdn:~# service nginx reloadCDN-keena waa diyaar. $15/bishii Waxaan helnay dhibco joogitaanka saddex qaaradood iyo 3 TB oo taraafikada: 1 TB meel kasta.
Hubinta shaqada CDN
Aynu eegno pings-yada CDN-kayaga meelo kala duwan oo juqraafi ah. Adeeg kasta oo ping ah ayaa u shaqayn doona kan.
Barta bilowga
Martigeliyaha
IP
Celceliska wakhtiga, ms
Jarmalka Berlin
cdn.sayt.in
199.247.18.199
9.6
Netherlands, Amsterdam
cdn.sayt.in
199.247.18.199
10.1
Faransiiska Paris
cdn.sayt.in
199.247.18.199
16.3
Boqortooyada Ingiriiska, London
cdn.sayt.in
199.247.18.199
14.9
Kanada, Toronto
cdn.sayt.in
149.28.121.123
16.2
USA, San Francisco
cdn.sayt.in
149.28.121.123
52.7
USA, Dallas
cdn.sayt.in
149.28.121.123
23.1
USA, Chicago
cdn.sayt.in
149.28.121.123
2.6
USA, New York
cdn.sayt.in
149.28.121.123
19.8
Saaxiib
cdn.sayt.in
157.230.240.216
1.7
Japan Tokyo
cdn.sayt.in
157.230.240.216
74.8
Australia, Sydney
cdn.sayt.in
157.230.240.216
95.9
Natiijadu waa wanaagsan tahay. Hadda waxaan dhigi doonaa sawirka tijaabada xididka goobta ugu weyn imtixaan oo hubi xawaarihiisa soo dejinta CDN Waxaa la yiri- . Waxa ku jira si degdeg ah ayaa loo geeyaa
Aynu qorno qoraal yar haddii ay dhacdo inaan rabno inaan nadiifinno kaydka barta CDN.
nadiifin.sh
#!/bin/bash
if [ -z "$1" ]
then
echo "Purging all cache"
rm -rf /var/cache/cdn/*
else
echo "Purging $1"
FILE=`echo -n "$1" | md5sum | awk '{print $1}'`
FULLPATH=/var/cache/cdn/${FILE:31:1}/${FILE:29:2}/${FILE}
rm -f "${FULLPATH}"
fi
Si aad u tirtirto kaydka oo dhan, kaliya socodsii, fayl gaar ah ayaa loo nadiifin karaa sidan:
root@cdn:~# ./purge.sh /test.jpgHalkii gunaanadka
Ugu dambayntii, waxaan rabaa in aan bixiyo tabo waxtar leh si aan isla markiiba uga talaabsado qaadkii madaxa iga dhaawacay wakhtigaas:
- Si loo kordhiyo dulqaadka qaladka ee CDN, waxaa lagu talinayaa in la habeeyo DNS Failover, kaas oo gacan ka geysanaya in si degdeg ah loo beddelo rikoorka A haddii ay dhacdo burbur server ah. Tan waxaa lagu sameeyaa guddiga kantaroolka diiwaanka DNS ee domainka.
- Goobaha leh daboolka juqraafiyeed ee ballaadhan shaki la'aan waxay u baahan yihiin tiro badan oo CDN ah, laakiin yeynaan noqon kuwo firfircoon. Waxay u badan tahay in isticmaaluhu uusan dareemi doonin farqi weyn marka la barbar dhigo CDN-ga la bixiyo haddii aad dhigto server-yada 6-7 goobood: Yurub, Waqooyiga Ameerika (bari), Waqooyiga Ameerika (galbeed), Singapore, Australia, Hong Kong ama Japan
- Mararka qaarkood martigeliyayaasha ma ogola isticmaalka adeegaha kirada ah ee ujeedooyinka CDN. Sidaa darteed, haddii aad si lama filaan ah u go'aansato inaad u dirto shabakad gudbinta nuxurka adeeg ahaan, ha ilaawin inaad horay u sii akhrido xeerarka adeeg bixiyaha martigelinta.
- Daraasad si ay u matalaan sida qaaradaha ay isugu xiran yihiin oo ay tan xisaabta ku darsadaan marka la dhisayo shabakad gudbinta nuxurka
- Isku day inaad hubiso serverkaaga. Sidan waxaad ku arki kartaa gobollada ugu dhow dhibcaha CDN oo aad u habeyn kartaa GeoDNS si sax ah
- Iyadoo ku xiran hawlaha, waxay noqon doontaa mid waxtar leh in si fiican loo hagaajiyo Nginx shuruudaha kaydinta gaarka ah iyo iyadoo la tixgelinayo culeyska serverka. Maqaallada ku saabsan kaydka Nginx ayaa wax badan iga caawiyay tan - iyo dardargelinta shaqada culaysyo culus saaran: ΠΈ
Source: www.habr.com