varnish 再入門

https://varnish-cache.org/

varnish - external storage 1 2015

CDN 導入時のキャッシュ設定の考え方 - Qiita 2021

バージョン

7.1

https://varnish-cache.org/releases/rel7.1.0.html#rel7-1-0

https://www.varnish-software.com/developers/tutorials/varnish-versions/

Varnish Cache 6.6
Varnish Cache 7.0

Varnish Cache 6.0 LTS
Varnish Enterprise 6

https://varnish-cache.org/docs/7.0/whats-new/upgrading-7.0.html

vcl

デフォルトで用意されている設定ファイルの先頭のコメントを読むと、この設定ファイルの後にビルトインの内容が動くように
読めますね。

$ head -n 6 /etc/varnish/default.vcl 
#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.

VarnishのVCLのデフォルト設定を見つつ、設定を変更して遊んでみる - CLOVER🍀 2019 Varnish 6.0

builtin VCLは、明示的なreturn文がない場合に呼び出される

https://serverfault.com/questions/205768/how-to-make-varnish-ignore-not-delete-cookies

  • vcl_recv 特定のURLはpass()、それ以外は unset req.http.Cookie
  • vcl_backend_response 特定のURL set beresp.uncacheable = true; 、それ以外は header.remove(beresp.http.Set-Cookie, で Set-Cookie を削除

ポート

Debian/Ubuntu は 6081 6082 を使用

https://varnish-cache.org/docs/trunk/tutorial/putting_varnish_on_port_80.html

Fastly

https://developer.fastly.com/reference/vcl/

Varnish 2.1.5 ベース

https://developer.fastly.com/learning/vcl/using/

nginx 移行を通じて学んだ Fastly のはじめかた - Retty Tech Blog 2021

参考

Reload Varnish VCL without losing cache data 2014

1975 年のプログラミング - Backnumbers: Steps to Phantasien 2007

ngx_headers_more

https://github.com/openresty/headers-more-nginx-module

https://mogile.web.fc2.com/nginx_wiki/nginx_wiki201510/modules/headers_more.html

現在のコンテキストに add_header が書かれいていない場合に限り、上位コンテキストで記載されている add_header の設定を引き継ぐという説明です。
よって、下位のコンテキストで add_header を宣言する場合には同じ設定を書くか、more_set_headers を使用するとよいと思います。
【Nginx】add_headerを複数箇所に記載すると消える(上書きされる) – すこぶる.net 2018

headers-more-nginx-module でヘッダー情報を変更する - kakakakakku blog 2016

FreeBSD

Update your ports tree and select the appropriate option during the installation of nginx port:

Code:
[ ] HEADERS_MORE 3rd party headers_more module

https://forums.freebsd.org/threads/nginx-headers-more.35577/post-199162

/usr/local/etc/nginx/nginx.conf

load_module "/usr/local/libexec/nginx/ngx_http_headers_more_filter_module.so";

Unlike the standard headers module, this module does not automatically take care of the constraint among the Expires, Cache-Control, and Last-Modified headers. You have to get them right yourself or use the headers module together with this module.

https://github.com/openresty/headers-more-nginx-module#limitations

部分インデックス

Partial indexes
Up to now, an index covered the entire table. This is not always necessarily the case. There are also partial indexes. When is a partial index useful? Consider the following example:

test=# CREATE TABLE t_invoice (
   id     serial,
   d     date,
   amount   numeric,
   paid     boolean);
CREATE TABLE
test=# CREATE INDEX idx_partial
   ON   t_invoice (paid)
   WHERE   paid = false;
CREATE INDEX

In our case, we create a table storing invoices. We can safely assume that the majority of the invoices are nicely paid. However, we expect a minority to be pending, so we want to search for them. A partial index will do the job in a highly space efficient way. Space is important because saving on space has a couple of nice side effects, such as cache efficiency and so on.

https://www.packt.com/indexing-and-performance-tuning/

3. Only index data that you need to look up
If you have a proportion of a table that you rarely look up, and almost always filter out, there is little benefit to having it indexed. A common example given is a table containing soft-deleted data, where queries will normally contain WHERE deleted_at IS NULL

For these cases, Postgres has partial indexes. These are smaller, faster, and don’t need to be updated as often as full indexes. You do need to be careful, though, as they can only be used for queries that Postgres can guarantee matches the WHERE condition.

https://www.pgmustard.com/blog/indexing-best-practices-postgresql

https://dba.stackexchange.com/questions/278353/tuning-clustered-indexes-in-case-of-soft-logical-delete

アカウントロック ssh

Linux ユーザーアカウントをロック・アンロックする

Ubuntu

(ロック)
 passwd -l hoge_user
(アンロック)
 passwd -u hoge_user
(確認)
 passwd -S hoge_user

パスワードを設定していないユーザで ssh ログインしようとすると公開鍵認証でもログインに失敗する - tkuchikiの日記

FreeBSD

pw lock hoge_user

pw unlock hoge_user

Why is just locking the account with usermod not sufficient?

This comes down to the fact that an account is ‘locked’ in the traditional UNIX sense by making it such that no matter what password the user tries to use, it will never match what is in the password database. This means, rather importantly, that locking the account with usermod only affects those services which are authenticating against the system password database (on a modern Linux system this would mean those services which are configured to use the pam_unix PAM module for authentication).

However, SSHD only actually authenticates against the system password database if the password or challenge-response authentication mechanism is being used. Public key authentication, as well as any other authentication mechanisms (such as GSSAPI or s/key) only involve the system password database to check that the account exists, so they will generally work just fine with a locked account.

Completely lock user account on server, including ssh - Unix & Linux Stack Exchange

/etc/ssh/sshd_config
...
DenyUsers hoge_user piyo_user

(Ubuntu)
systemctl restart ssh

(CentOS8)
systemctl restart sshd

https://www.cyberciti.biz/faq/how-do-i-restart-sshd-daemon-on-linux-or-unix/

Phalcon php-fpm error log

To get PHP error logging on when using Nginx with PHP-FPM you need may need to set catch_workers_output = yes in your pool configuration, on Debian and Ubuntu this would be /etc/php5/fpm/pool.d/www.conf by default.

https://forum.phalcon.io/discussion/9279/500-internal-server-error#C25763

初心者向け補足
プール向け設定ファイル = /etc/php-fpm.d/www.conf
全体の設定ファイル = /etc/php-fpm.conf

php-fpmのログまとめ

error.log

php-fpm 全体で出す Errorログです。これは global ディレクティブでしか設定出来ません。 このファイルは、デフォルトでは各プールの標準エラーなどを出力されることはありません。各プールのエラーを出力したいならば catch_workers_output = yes を、プールの設定ファイルに記載します。 ただし、このパラーメータには注釈があります。

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no

パフォーマンスに若干影響するということなので、気になる人はデフォルトの noが良いでしょう。

このファイルはphp-fpm マスタープロセスがつかみます。ので、logrotate時にシグナルを打つ必要があります。
nginx + php-fpm の組み合わせのErrorログ出力を理解する - 続 カッコの付け方 2016

FreeBSD

/usr/local/etc/logrotate.d/php-fpm 

/var/log/php-fpm.log {
    rotate 12
    weekly
    missingok
    notifempty
    compress
    delaycompress
    postrotate
        [ ! -f /var/run/php-fpm.pid ] || kill -USR1 `cat /var/run/php-fpm.pid`
    endscript
}

pgpool munin plugin

https://github.com/vpetersson/munin_pgpool

Work around patch for munin/pgpool_connections | /var/log/azumakuniyuki 2013

Python 3 対応

https://github.com/kurita0/munin_pgpool/blob/python3-support/pgpool_connections

subprocess.check_output のパラメータに text=True を追加したのでPython 3.7以降

https://docs.python.org/3/library/subprocess.html

SyntaxError: Missing parentheses in call to 'print' と言われました - Qiita