optimizing a multi-tier webserver arch: improving on nginx/SSL -> varnish -> apache/php-fpm CDN ?

grantksupport at operamail.com grantksupport at operamail.com
Tue Dec 16 04:01:16 CET 2014

I'm consolidating servers.  I have yest another server with Varnish4 in-between an nginx SSL-terminator, and an apache/php-fpm backend.

I'm looking for some experienced comments on reorganizing them -- still around Varnish -- for best performance, and lowest resource.

Digging through the server, the backend was (supposedly) setup for use as a self-hosted CDN (to facilitate parallel request processing) / reverse proxy cache, specifically in Drupal.
I'm moving away from Drupal to Symfony/Laravel sites.  Still PHP, but, obviously, nothing Drupal-specific.

Making some efforts to reevaluate the server stack for performance, and simple common sense.  Frankly, I'm not convinced that what follows is optimal, is at all functional.

My goal is to migrate if/as necessary to a well-justified, robust stack.

Currently, in the VCL,

    backend X_def { .port = "10000"; ... }
    backend X_css { .port = "10001"; ... }
    backend X_js  { .port = "10002"; ... }
    backend X_img { .port = "10003"; ... }

	sub backend_assign {
		    if (req.url ~ "\.(css|css?.*)$") { set req.backend_hint = X_css; }
		elseif (req.url ~ "\.(js|js?.*)$"  ) { set req.backend_hint = X_js;  }
		elseif (req.url ~ "\.(jp(e?)g|gif|png|ti(f?)f)$" )
		                                     { set req.backend_hint = X_img; }
		else                                 { set req.backend_hint = X_def; }

	sub vcl_recv {
		call backend_assign;

Which, IIUC, results in

	nginx:443 -> varnish:8000 -- default --> httpd/php-fpm:10000
	                  |--------- css     --> httpd/php-fpm:10001
	                  |--------- js      --> httpd/php-fpm:10002
	                  |--------- img     --> httpd/php-fpm:10003

This allows *varnish* to make parallel requests to the backend server.  But the 'net <--> nginx <--> varnish stream is not parallel.

There are a variety of possible options for streamlining the above --

	- swapping nginx in for the httpd instances
	- putting some parallelization in-FRONT of varnish
	- service some static assets from the front-side nginx+cache only (no varnish + httpd)
	- etc

The current arch seems to work well enough, but my gut tells me it's unncessarily heavy/fat.  As yet, I've not compared to any of the aforementioned alternatives.

We definitely want to continue to make best use of varnish's scaling/flexibility in the mix. 

To that end, I'd appreciate any insight/comments on the best arch to plug 'around' varnish.



More information about the varnish-misc mailing list