Long Time No See! Recently I was busy with testing mod_cache, which was more sophicated than expected. Here I want to present guys with mod_deflate before mod_cache's annoncement.
mod_deflate is a lighttpd plugin to compress content on fly. It's useful when you want to reduce your bandwidth consumption to 30% or lower:) my patch is based on jakabosky's 1.4.11 patch and fixed several big bugs includes:
1) fix loop bug when content-length is bigger than work-block-size*k
2) prevent compress on buggy http 1.0 client with Accept Encoding: gzip, deflate
3) fix bug with chunk transfer encoding (for examples in mod_fastcgi+php environment)
mod_deflate don't compress uri matched deflate.nocompress-url which is a pcre regex string.
I had used mod_deflate in production environments and found no noticable bugs or memory leak. Usually mod_deflate takes less than 10% CPU and eats up less than 100M memory. Full document is here
Here I want to say big thanks to Jakabosky, his mod_deflate patch makes mod_cache on lighttpd possible.
lighttpd 1.4.11自带的mod_trigger_b4_dl 只支持memcache和gdbm,所以把squid srcip补丁的功能移植过来。原来的mod_trigger_b4_dl也不支持在一个域名trigger控制其它域名的download功能,顺便一起改进了。
增加了trigger-before-download.udpaddr 配置参数,使用方法举例:
trigger-before-download.udpaddr = "10.10.1.1:20000″
$HTTP["host"] == "xxx.abc.com" {
trigger-before-download.trigger-url = ".html$"
}
$HTTP["host"] == "video.xxx.abc.com" {
trigger-before-download.deny-url = "http://xxx.abc.com/deny.jpg" #这个地方不要设置xxx.abc.com/,否则拒绝后访问xxx.abc.com 一般会触发上面的trigger-url
trigger-before-download.download-url = "^/"
trigger-before-download.trigger-timeout = 360
}
例子中的trigger-before-download.trigger-url和trigger-before-download.download-url 都是pcre的正则表达式。
lighttpd作者jan从rails conference 得到的最紧迫要求就是改进mod_proxy。上周jan痛下决心开始重写新的plugin mod_proxy_core,四天前发表在lighttpd blog上。mod_proxy_core 最终要实现的功能是:
- 通用基于lemon的http response分析器,将用于fastcgi, cgi,scgi,proxy module
- 底层使用滑动窗口(sliding window)发送数据
- 通用底层技术,支持failover,balancer,streaming等等
- 支持Fastcgi和HTTP的Keep Alive
- 在插件中使用连接队列,而不是使用lighttpd kernel里的队列,管理方便
- 发送到proxy之前可以重写request;接收proxy结果后可以重写response
功能还是很赞,mod_proxy_core最近频繁更新,大家盯紧lighttpd blog
贡献最近研究lighttpd的一个小成果:让mod_accesslog 支持COOKIE格式已经把访问日志发送到udp server的功能。
增加的控制参数是:accesslog.udpaddr = "10.1.1.1:6789″ # 格式 "ip:port"
accesslog.udpaddr可和accesslog.filename共存,也就是说能写访问日志到本地,同时也能用udp发送访问日志。
access.format 可以用COOKIE了,举例如下:
accesslog.format = "%h %l %u %t \"%m http://%v%U %H\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{my_uniq_ckid}C\""
今天公司某些服务器升级,变成只允许内网IP可以访问,需要跑socks5服务器。我选择dante,它缺省用/etc/passwd做用户认证。为保证安全,我改成用/etc/sockd.passwd做认证,文件格式用htpasswd的。
用法:htpasswd -c /etc/sockd.passwd user
补丁如下(缺省用/etc/sockd.passwd做认证文件):
sockd.conf:
上个补丁只提供了从udp server读ip的acl,小尹同学启发我为什么不做个写ip到udp server的acl呢?于是就有了第二个补丁(本补丁包含了第一个补丁)。
新提供的acl是 srcip_write2udp,参数和srcip_udp 一样。srcip_write2udp总返回1,并把连接squid的ip地址发到udp server里,随后的srcip_udp就允许该ip的访问了。
通过中间的udp server,就可以多个squid共享允许ip数据,因此也支持多台squid做负载均衡。
squid的src acl 只能写固定的ip列表,srcip_udp acl 补丁扩展了src acl功能。srcip_udp 从指定的udp server检查访问squid的ip是否存在,存在则返回1,否则返回0。为减少udp请求的量,srcip_udp记录了udp server返回1的ip缓存,缓存过期时间缺省是30分钟。srcip_udp使用方法如下:
srcip_udp ip port expires
ip是udp server的ip;port是udp server listen的端口;expires是缓存过期时间,可以不写,缺省过期时间1800秒(30分钟)。
srcip_udp acl 需要UDP server,我写了个简单udp server。该udp server里记录的ip过期时间是1小时,不合适可自行修改代码,代码使用libevent库;如果没有libevent,把Makefile中-DHAVE_LIBEVENT删除,然后运行make nolibevent。
补丁下载
UDP Server 下载