Am 07.02.2013 15:14, schrieb Jan-Frode Myklebust: > On Thu, Feb 07, 2013 at 02:19:55PM +0100, Reindl Harald wrote: >>>> >>>> map http://www.rhsoft.net http://www.rhsoft.net >>>> reverse_map http://www.rhsoft.net http://www.rhsoft.net >>> >>> Does that reverse_map make any sense ? >> >> it makes pretty much sense >> you missed the part with dnsmasq :-) >> >> * trafficserver is using DNS 127.0.0.1 >> * this is dnsmasq configured with /etc/hosts.dnsmasq >> * /etc/hosts.dnsmasq and the mappings are configured based on a webservice >> * this way i can decide with the public DNS if a host should use >> the trafficserver or directly the origin because trafficserver >> here is useed to reduce image-loads fro high-traffic projects >> by caching them for 60 seconds which makes not much sense >> for small sites > > No, I didn't miss the dnsmasq part, but I might not fully understand > reverse_maps. As far as I understand it, your origin server should > return "Location: http://www.rhsoft.net"; both when it's accessed > directly, and when it's accessed trough the traffic server. And mapping > http://www.rhsoft.net to http://www.rhsoft.net seems kind of redundant :-)
i try to explain it again by a example [root@proxy:~]$ nslookup www.rhsoft.net Non-authoritative answer: www.rhsoft.net canonical name = proxy.thelounge.net. Name: proxy.thelounge.net Address: 91.118.73.4 [root@proxy:~]$ nslookup www.rhsoft.net 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.rhsoft.net Address: 10.0.0.6 so if DNS points to 91.118.73.4 = Trafficserver, well it will be happy and fetch content from 10.0.0.6, if DNS points to 10.0.0.6 origin is already happy too the mapping are 100% automated generated so i can at any moment in time point a DNS server to the trafficserver-IP and it will just work - no maintainance ever needed >>>> LimitNOFILE=100000 >>>> LimitMEMLOCK=infinity >>>> OOMScoreAdjust=-1000 >>>> PrivateTmp=yes >>>> CapabilityBoundingSet=~CAP_SYS_PTRACE >>>> InaccessibleDirectories=/boot >>>> InaccessibleDirectories=/home >>>> InaccessibleDirectories=/usr/local/scripts >>>> InaccessibleDirectories=/var/lib/rpm >>>> InaccessibleDirectories=/var/spool >>> >> >> the first 3 values where already there, we will see >> for me "stack_dump_enabled" is new and unclear what >> it is supposed to do > > I would rather try a less restrictive systemd environment. Drop > CapabilityBoundingSet, PrivateTmp and limits, just to make sure they're > not influencing uhm the limits raise them up OOMScoreAdjust=-1000 -> OOM-killer will never kill trafficserver LimitNOFILE=100000 -> 100000 open files is normally not allowed LimitMEMLOCK=infinity -> do not restrict memory usage for trafficserver PrivateTmp should not matter because it is transparent InaccessibleDirectories should never be touch by TS CapabilityBoundingSet is the only questionable but should never be needed by a reverse-proxy
signature.asc
Description: OpenPGP digital signature
