IiNethiwekhi zokuThuthukiswa koMxholo (CDNs) zisetyenziswa kwiiwebhusayithi kunye nezicelo ngokuyintloko ukukhawuleza ukulayishwa kwezinto ezimile. Oku kwenzeka ngenxa yogcino lweefayile kwiiseva ze-CDN ezibekwe kwimimandla eyahlukeneyo yejografi. Ngokucela idatha nge-CDN, umsebenzisi uyifumana kwiseva ekufutshane.
Umgaqo wokusebenza kunye nokusebenza kwawo onke amanethiwekhi okuhanjiswa komxholo uphantse ufana. Emva kokufumana isicelo sokukhuphela ifayile, iseva ye-CDN ithatha ixesha elinye kwi-server yokuqala kwaye inike umsebenzisi, ngexesha elifanayo ukuyigcina ixesha elithile. Zonke izicelo ezilandelayo ziphendulwa kwi-cache. Zonke ii-CDN zineenketho zokulayisha kwangaphambili iifayile, ukucima i-cache, ukuseta umhla wokuphelelwa kwexesha, kunye nokunye.
Kwenzeka ukuba, ngenxa yesizathu esinye okanye esinye, kufuneka uququzelele inethiwekhi yakho yokuhanjiswa komxholo, kwaye emva koko - vumela imiyalelo yokudibanisa ibhayisekile elandelayo ibe luncedo kuthi.
umthombo:
Xa ufuna iCDN yakho
Qwalasela iimeko apho ukuqhuba eyakho iCDN kunengqiqo:
- xa kukho umnqweno wokonga imali, kunye neendleko zokuqhuba naxa usebenzisa ii-CDN ezingabizi njenge ifikelela kumakhulu aliqela eedola ngenyanga
- ukuba sifuna ukufumana i-cache esisigxina okanye i-cache ngaphandle komncedisi kunye nabamelwane besiteshi
- Iinkonzo ze-CDN azinawo amanqaku obukho kwindawo oyifunayo
- naziphi na iisetingi zokuhanjiswa komxholo ezifunekayo
- sifuna ukukhawulezisa ukuhanjiswa komxholo oguquguqukayo ngokubeka iseva yemveliso kufutshane nabasebenzisi
- kukho inkxalabo yokuba inkonzo ye-CDN yomntu wesithathu inokuqokelela ngokungekho mthethweni okanye isebenzise ulwazi malunga nokuziphatha komsebenzisi (hello iinkonzo ezingahambelani ne-GDPR) okanye zibandakanyeke kwezinye izinto ezingekho mthethweni.
Kwiimeko ezininzi, kufaneleka ngakumbi ukusebenzisa izisombululo esele zenziwe.
Kufuneka uqale ntoni
Kuhle ukuba uneyakho iNkqubo yokuZimela (AS). Ngayo, unokwabela i-IP efanayo kwiiseva ezininzi kunye kwinqanaba lothungelwano, ngqo abasebenzisi kwelona likufutshane. Kuyafaneleka ukuthetha ukuba kunye nebhloko yedilesi ye-24, kunokwenzeka ukwakha inethiwekhi yokuhanjiswa komxholo. Abanye ababoneleli beseva bayakuvumela ukuba wenze isibhengezo sokusetyenziswa kuyo yonke imimandla ekhoyo kubo.
Ukuba awungomnini owonwabileyo webhloko yeedilesi ze-IP, emva koko ukuqhuba i-CDN elula uya kuyidinga:
- igama lesizinda okanye isizinda
- ubuncinane abancedisi ababini kwimimandla eyahlukeneyo. Umncedisi unokuthi anikezelwe okanye anyaniseke
- isixhobo se-geoDNS. Ngayo, umsebenzisi, emva kokujongana nesizinda, uya kubhekiswa kwiseva ekufutshane
Bhalisa indawo kunye neeseva ze-odolo
Ngokubhaliswa kwesizinda, yonke into ilula - sibhalisa kuyo nayiphi na indawo kunye nayiphi na umbhalisi. Ungasebenzisa kwakhona i-subdomain ye-CDN, umzekelo into enje cdn.domainname.com. Enyanisweni, kumzekelo wethu, siya kwenza loo nto kanye.
Ngokuphathelele iiseva zokuodola, kufuneka ziqeshwe kwimimandla kunye namazwe apho abaphulaphuli bakho abasebenzisi. Ukuba iprojekthi i-intercontinental, ngoko kulungele ukukhetha ababoneleli bokusingatha ababonelela ngeeseva kwihlabathi jikelele kanye. Imizekelo: , ΠΈ - kwiiseva ezinikezelweyo, ΠΈ β kwilifu elibonakalayo*.
Kwi-CDN yethu yabucala, siya kuodola iiseva ezi-3 zenyani kumazwekazi ahlukeneyo. Nge Vultr kumncedisi we $5/mo siya kufumana 25GB SSD iindawo kunye 1TB yezithuthi. Xa ufaka, khetha iDebian yamva nje. Iiseva zethu:
EFranfurt, ip: 199.247.18.199
Chicago, ip: 149.28.121.123
Π‘ΠΈΠ½Π³Π°ΠΏΡΡ, ip: 157.230.240.216
* I-Vultr kunye ne-DigitalOcean zithembisa i-$ 100 yekhredithi kubasebenzisi ababhalisa ngokusebenzisa amakhonkco kwinqaku ngokukhawuleza emva kokufaka indlela yokuhlawula. Umbhali naye ufumana izincomo ezincinci kule nto, ebaluleke kakhulu kuye ngoku. Nceda uqonde.
Ukumisela i-geoDNS
Ukuze umsebenzisi aqondiswe kwi-server efunwayo (ekufutshane) xa efikelela kwi-domain okanye i-CDN subdomain, sidinga iseva ye-DNS kunye nomsebenzi we-geoDNS.
Umgaqo kunye nokusebenza kwe-geoDNS imi ngolu hlobo lulandelayo:
- Ichaza i-IP yomxhasi othumele isicelo se-DNS, okanye i-IP ye-recursive DNS iseva esetyenziswa xa kusetyenzwa isicelo somthengi. Iiseva ezinjalo eziphindaphindayo zidla ngokuba zii-DNS-s zababoneleli.
- I-IP yomxhasi iyalazi ilizwe lakhe okanye ummandla. Kule nto, i-database ye-GeoIP iyasetyenziswa, apho zininzi kakhulu namhlanje. Kukho okulungileyo .
- Ngokuxhomekeke kwindawo yomxhasi, imnika idilesi ye-IP yomncedisi we-CDN okufutshane.
Iseva ye-DNS enomsebenzi we-geoDNS ingaba , kodwa kungcono ukusebenzisa izisombululo esele zenziwe ngenethiwekhi yeeseva ze-DNS emhlabeni jikelele kunye ukusuka kwibhokisi:
- ukusuka $9.95/mo, GeoDNS intlawulo, ngokungagqibekanga kukho iDNS Failover enye
- ukusuka $25/mo, DNS Failover yenziwe yasebenza
- ukusuka $35/mo ngenani le-50M yezicelo ze-geo. I-DNS Failover ihlawuliswa ngokwahlukeneyo
- ukusuka $125/mo, kukho i-10 DNS Failvers
- , inqaku elithi "Geo Steering" liyafumaneka kwizicwangciso zeShishini
Xa u-odola i-geoDNS, kufuneka ubeke ingqalelo kwinani lezicelo ezibandakanyiweyo kwintlawulo kwaye ugcine engqondweni ukuba inani langempela lezicelo kwi-domain linokugqithisa okulindelweyo ngamaxesha amaninzi. Izigidi zezigcawu, izixhobo zokuskena, ii-spammers kunye nabanye oomoya abangendawo basebenza ngokungadinwa.
Phantse zonke iinkonzo ze-DNS ziquka inkonzo eyimfuneko yokwakha i-CDN-DNS Failover. Ngoncedo lwayo, unokuseta ukubeka iliso ekusebenzeni kweeseva zakho kwaye, ngokungabikho kweempawu zobomi, utshintshe ngokuzenzekelayo idilesi yeseva engasebenziyo kunye ne-backup enye kwiimpendulo ze-DNS.
Ukwakha i-CDN yethu, siya kusebenzisa , GeoDNS intlawulo.
Makhe songeze indawo entsha ye-DNS kwiakhawunti yakho yobuqu, sichaza indawo yakho. Ukuba sakha i-CDN kwi-subdomain, kwaye i-domain engundoqo sele isetyenziswa, ngoko nangoko emva kokongeza ummandla, ungakulibali ukongeza iirekhodi ze-DNS ezikhoyo ezisebenzayo. Isinyathelo esilandelayo kukudala iirekhodi ezininzi ze-A ze-CDN domain / subdomain, nganye apho iya kusetyenziswa kummandla esiwuchazile. Ungakhankanya amazwekazi okanye amazwe njengemimandla, imimandla engaphantsi iyafumaneka kwi-USA naseCanada.
Kwimeko yethu, i-CDN iya kuphakanyiswa kwi-subdomain cdn.sayt.in. Ngokudibanisa indawo sathi.in, yenza i-A-record yokuqala ye-subdomain kwaye ubonise yonke i-North America kumncedisi e-Chicago:
Masiphinde isenzo seminye imimandla, sikhumbula ukwenza ingeniso enye yemimandla engagqibekanga. Nantsi into eyenzekayo ekugqibeleni:
Ukungena kokugqibela okungagqibekanga kwi-screenshot kuthetha ukuba yonke imimandla engachazwanga (kwaye le yiYurophu, i-Afrika, abasebenzisi be-intanethi ye-satellite, njl.) baya kuthunyelwa kumncedisi eFrankfurt.
Oku kugqiba ukuseta iDNS esisiseko. Kuhlala ukuya kwiwebhusayithi yombhalisi wesizinda kwaye ubeke indawo ye-NS yangoku kunye nezo zikhutshwe yi-CloudDNS. Kwaye ngelixa i-NS iya kuhlaziywa, siya kulungiselela iiseva.
Ukufakwa kwezatifikethi ze-SSL
I-CDN yethu iya kusebenza ngaphezulu kwe-HTTPS, ke ukuba sele unezatifikethi ze-SSL zesizinda okanye isizinda, zilayishe kuzo zonke iiseva, umzekelo, kulawulo. /etc/ssl/yourdomain/
Ukuba azikho izatifikethi, unokufumana esimahla kwiLet Encrypt. Iphelele kule nto . Umxhasi ulungele kwaye kulula ukuseta, kwaye okona kubaluleke kakhulu, kukuvumela ukuba uqinisekise i-domain / subdomain nge-DNS nge-CloudDNS API.
Siza kufaka i-acme.sh kwi-server enye kuphela - yaseYurophu 199.247.18.199, apho izatifikethi ziya kukopishwa kubo bonke abanye. Ukuhlohla, sebenzisa:
root@cdn:~# wget -O - https://get.acme.sh | bash; source ~/.bashrcNgethuba lofakelo lweskripthi, umsebenzi we-CRON uya kudalwa ukuhlaziya ngakumbi izatifikethi ngaphandle kokuthatha inxaxheba kwethu.
Xa ukhupha isatifikethi, i-domain iya kutshekishwa usebenzisa i-DNS usebenzisa i-API, ngoko ke kwi-akhawunti ye-ClouDNS yomntu kwimenyu ye-Reseller API, kufuneka udale i-API yomsebenzisi omtsha kwaye usethe igama eliyimfihlo kuyo. Isiphumo se auth-id enegama lokugqitha iya kubhalwa kwifayile ~/.acme.sh/dnsapi/dns_cloudns.sh (ungabhidaniswa nefayile dns_clouddns.sh). Nantsi imigca efuna ukungaphawulwa kwaye ihlelwe:
CLOUDNS_AUTH_ID=<auth-id>
CLOUDNS_AUTH_PASSWORD="<ΠΏΠ°ΡΠΎΠ»Ρ>"
Ngoku siza kucela isatifikethi se-SSL cdn.sayt.in
root@cdn:~# acme.sh --issue --dns dns_cloudns -d cdn.sayt.in --reloadcmd "service nginx reload"Kwiinketho, kwixesha elizayo, sichaze umyalelo wokuphinda ulayishe ngokuzenzekelayo ulungelelwaniso lweseva yewebhu emva kohlaziyo ngalunye lwexesha lokuqinisekiswa kwesatifikethi kwixesha elizayo.
Yonke inkqubo yokufumana isatifikethi inokuthatha ukuya kwimizuzu emi-2, musa ukuyiphazamisa. Ukuba impazamo yokuqinisekisa isizinda yenzeka, zama ukusebenzisa umyalelo kwakhona. Ekugqibeleni siza kubona apho izatifikethi zifakwe khona:
Khumbula ezi ndlela, kuya kufuneka zixelwe xa kukotshwa isatifikethi kwabanye abancedisi, kunye nakwisetingi zeseva yewebhu. Asiyi kuqwalasela impazamo yokulayisha kwakhona i-Nginx configs - ayiyi kuba kwiseva eqwalaselwe ngokupheleleyo xa uhlaziywa izatifikethi.
Konke esikushiyileyo kwi-SSL kukukopisha isatifikethi esifunyenweyo kwezinye iiseva ezimbini ngelixa sigcina indlela eya kwiifayile. Masenze abalawuli abafanayo kuzo zonke kwaye senze ikopi:
root@cdn:~# mkdir -p /root/.acme.sh/cdn.sayt.in/
root@cdn:~# scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/
Ukuhlaziya izatifikethi rhoqo, yenza umsebenzi we-CRON mihla le kuzo zombini iiseva ngomyalelo:
scp -r [email protected]:/root/.acme.sh/cdn.sayt.in/* /root/.acme.sh/cdn.sayt.in/ && service nginx reload
Kulo mzekelo, ufikelelo kumncedisi wemvelaphi ekude kufuneka iqwalaselwe , o.k. ngaphandle kokufaka igama lokugqithisa. Ungalibali ukuyenza.
Ukufakela kunye nokuqwalasela iNginx
Ukukhonza umxholo omileyo, siya kusebenzisa i-Nginx eqwalaselwe njengomncedisi we-caching we-caching. Hlaziya uluhlu lwepakethe kwaye uyifake kuzo zontathu iiseva:
root@cdn:~# apt update
root@cdn:~# apt install nginxEndaweni yokungagqibekanga, sisebenzisa uqwalaselo olusuka kumbhuqi ongezantsi:
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 4096;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain application/javascript text/javascript text/css application/json application/xml text/xml application/rss+xml;
gunzip on;
proxy_temp_path /var/cache/tmp;
proxy_cache_path /var/cache/cdn levels=1:2 keys_zone=cdn:64m max_size=20g inactive=7d;
proxy_cache_bypass $http_x_update;
server {
listen 443 ssl;
server_name cdn.sayt.in;
ssl_certificate /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.cer;
ssl_certificate_key /root/.acme.sh/cdn.sayt.in/cdn.sayt.in.key;
location / {
proxy_cache cdn;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 90d;
proxy_pass https://sayt.in;
}
}
}Hlela kuqwalaselo:
- ubukhulu_ubukhulu - ubungakanani be-cache, engagqithisi kwi-disk space ekhoyo
- ayisebenzi - ixesha lokugcinwa kwedatha efihliweyo ekungekho mntu ufikelele kuyo
- ssl_ isatifikethi ΠΈ ssl_certificate_key β iindlela zesatifikethi se-SSL kunye neefayile eziphambili
- iproxy_cache_valid - ixesha lokugcinwa kwedatha egciniweyo
- iproxy_pass β idilesi yomncedisi woqobo apho i-CDN iya kucela iifayile zogcino. Kumzekelo wethu, oku sathi.in
Njengoko ubona, yonke into ilula. Ubunzima bunokuvela kuphela ekuseteni ixesha le-caching ngenxa yokufana kwezikhokelo ayisebenzi ΠΈ iproxy_cache_valid. Makhe sizihlalutye ngomzekelo wethu. Nantsi into eyenzekayo xa engasebenziyo=7d ΠΈ iproxy_cache_esebenzayo 90d:
- ukuba isicelo asiphindanga phakathi kweentsuku ezi-7, ke idatha iya kususwa kwi-cache emva kweli xesha
- ukuba isicelo siphindaphindwa ubuncinane kanye ngeentsuku ze-7, ngoko idatha kwi-cache iya kuthathwa njengento engasebenziyo emva kweentsuku ze-90 kwaye i-Nginx iya kuyihlaziya ngesicelo esilandelayo, iyithatha kwi-server yokuqala.
Kugqityiwe ukuhlela nginx.conf, layisha kwakhona ubumbeko:
root@cdn:~# service nginx reloadI-CDN yethu ilungile. I-$ 15 / ngenyanga. sifumene amanqaku obukho kumazwekazi amathathu kunye ne-3 TB yezithuthi: 1 TB kwindawo nganye.
Ukujonga umsebenzi we-CDN
Makhe sijonge iipings kwi-CDN yethu ukusuka kwiindawo ezahlukeneyo zejografi. Nayiphi na inkonzo ye-ping iya kusebenza kule nto.
Indawo yokuqalisa
Umgcini
IP
Ixesha eliphakathi, Nksz
EJamani Berlin
cdn.sayt.in
199.247.18.199
9.6
ENetherlands, eAmsterdam
cdn.sayt.in
199.247.18.199
10.1
EFransi eParis
cdn.sayt.in
199.247.18.199
16.3
EUnited Kingdom, eLondon
cdn.sayt.in
199.247.18.199
14.9
ECanada, eToronto
cdn.sayt.in
149.28.121.123
16.2
EUnited States, eSan Francisco
cdn.sayt.in
149.28.121.123
52.7
eMelika, eDallas
cdn.sayt.in
149.28.121.123
23.1
USA, Chicago
cdn.sayt.in
149.28.121.123
2.6
eMelika, eNew York
cdn.sayt.in
149.28.121.123
19.8
Π‘ΠΈΠ½Π³Π°ΠΏΡΡ
cdn.sayt.in
157.230.240.216
1.7
EJapan eTokyo
cdn.sayt.in
157.230.240.216
74.8
EOstreliya, eSydney
cdn.sayt.in
157.230.240.216
95.9
Imiphumo mihle. Ngoku siza kubeka umfanekiso wovavanyo kwingcambu yesiza esiphambili uvavanyo.jpg kwaye khangela isantya sayo sokukhuphela nge-CDN. Kuthiwa - . Umxholo uhanjiswa ngokukhawuleza.
Masibhale iskripthi esincinci xa sifuna ukucima i-cache kwindawo ye-CDN.
purge.sh
#!/bin/bash
if [ -z "$1" ]
then
echo "Purging all cache"
rm -rf /var/cache/cdn/*
else
echo "Purging $1"
FILE=`echo -n "$1" | md5sum | awk '{print $1}'`
FULLPATH=/var/cache/cdn/${FILE:31:1}/${FILE:29:2}/${FILE}
rm -f "${FULLPATH}"
fi
Ukucima yonke i-cache, yiqhube nje, ifayile eyahlukileyo inokucocwa ngolu hlobo:
root@cdn:~# ./purge.sh /test.jpgEndaweni yezigqibo
Okokugqibela, ndifuna ukunika iingcebiso eziluncedo ukuze ndikhawuleze ukunyathela phezu kweraki eyayenza intloko yam yabuhlungu ngelo xesha:
- Ukwandisa ukunyamezela kwephutha kwi-CDN, kucetyiswa ukuba uqwalasele i-DNS Failover, enceda ukuguqula ngokukhawuleza irekhodi ye-A xa kwenzeka ukuchithwa kweseva. Oku kwenziwa kwiphaneli yokulawula iirekhodi zeDNS zesizinda.
- Iisayithi ezinobubanzi bejografi ngaphandle kwamathandabuzo zifuna inani elikhulu lee-CDN, kodwa masingabi nenzondelelo yempambano. Kusenokwenzeka ukuba umsebenzisi akayi kuqaphela umahluko omkhulu xa kuthelekiswa ne-CDN ehlawulweyo ukuba ubeka abancedisi kwiindawo ze-6-7: iYurophu, uMntla Melika (empuma), eMntla Melika (entshona), eSingapore, e-Australia, eHong Kong okanye eJapan.
- Ngamanye amaxesha ababungazi abavumeli ukusetyenziswa kweeseva eziqeshiweyo ngeenjongo ze-CDN. Ngoko ke, ukuba ngokukhawuleza uthatha isigqibo sokusebenzisa inethiwekhi yokuhanjiswa komxholo njengenkonzo, ungakulibali ukufunda imigaqo yomboneleli othile wokubamba kwangaphambili.
- Phonononga ukumela indlela amazwekazi adityaniswe ngayo kwaye athathele ingqalelo oku xa kusakha inethiwekhi yokuhanjiswa komxholo
- Zama ukujonga kwiiseva zakho. Ngale ndlela unokubona iingingqi ezikufutshane namanqaku e-CDN kwaye uqwalasele i-GeoDNS ngokuchanekileyo
- Ngokuxhomekeke kwimisebenzi, kuya kuba luncedo ukulungisa kakuhle i-Nginx kwiimfuno ezithile ze-caching kunye nokuqwalasela umthwalo kumncedisi. Amanqaku malunga ne-Nginx cache andincede kakhulu kule nto- kunye nokukhawuleza komsebenzi phantsi kwemithwalo enzima: ΠΈ
umthombo: www.habr.com