Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cloudflare 优化 #7

Open
tiancheng91 opened this issue Jun 2, 2018 · 8 comments
Open

cloudflare 优化 #7

tiancheng91 opened this issue Jun 2, 2018 · 8 comments

Comments

@tiancheng91
Copy link
Owner

tiancheng91 commented Jun 2, 2018

cf回源ip段信息, 用户请求到的节点(机房)直接回源, 不会优化到到源站链路,

  • 172.64.0.0/13 : 移动, 电信, 香港, 美国
  • 162.158.0.0/15: 电信, 联通, 香港, 日本, 美国
  • 173.245.48.0/20 : 联通
  • 108.162.192.0/18: 日本
  • 188.114.96.0/20 : 欧盟
  • 141.101.64.0/18 : 欧盟

电信推荐百度云合作ip
162.159.208.4-162.159.208.103
162.159.209.4-162.159.209.103
162.159.210.4-162.159.210.103
162.159.211.4-162.159.211.103
联通日本
141.101.113.59

目前国内连接状况

  • 移动,香港节点, 速度很不错. yb 流畅4k
  • 电信, 163 peer直连, 延迟低, 不丢包. 速度一般
  • 联通, 相对较差
awk
    -F  [],  中括号里指定分隔符, 或关系
  . (过滤条件){操作}

CloudFlare Partners 自定义

  • 访问 http://cloudcdn.herokuapp.com/
  • 添加需要加速的域名记录,源站只支持域名, 可以使用 nip.io 指向
  • 主域名解析中添加cname指向到 amp.cloudflare.com (别用cf给的cname别名,指向的免费节点绕道), 或者a记录指向到自定义IP上.

节点测速

工具: https://github.com/digineo/go-ping
windows & linux 可执行文件: pingtest.tar.gz

下载后, 终端或cmd下执行

./pingtest -c 1 -P 300 -w 145ms -f 104.18.0.0/16

Usage: ./pingnet [options] CIDR [CIDR [...]]
  -4 string
    	IPv4 bind address (default "0.0.0.0")
  -6 string
    	IPv6 bind address (default "::")
  -I string
    	interface name/IPv6 zone
  -P int
    	concurrency level (default 2)
  -c int
    	number of ping attempts per address (default 3)
  -f	sanity flag needed if you want to ping more than 4096 hosts (/20)
  -i duration
    	CIDR iteration interval (default 100ms)
  -s uint
    	size of additional payload data (default 56)
  -v	also print out unreachable addresses
  -w duration
    	timeout for a single echo request (default 5s)
@tiancheng91
Copy link
Owner Author

tiancheng91 commented Jun 2, 2018

高延迟情况下, 用户侧优化

<link rel="dns-prefetch" href="hostname">
<link rel="subresource" href="/static/f.js">
<link rel="prefetch" href="/path">
<link rel="prerender" href="//host/path">

// 根据用户操作动态添加
// prefetch 不同浏览器中行为不一样, 建议加上 Cache-Control: public, max-age=60
var hint = document.createElement('link');
hint.setAttribute('rel', 'prerender');
hint.setAttribute('href', 'next-page.html');

document.getElementsByTagName('head')[0].appendChild(hint);

// prerender 生效因素比较多, 可以尝试public cache & prefetch
  • pjax类 + loading效果 (https://github.com/luruke/barba.js)
  • alt-svc 重定向到国内就近节点
  • 支持离线模式, cache & webworker
  • jsdelivr.com 配合github托管静态文件

服务器端优化

  • 无状态页面静态化并缓存, 用户相关数据由客户端自己渲染补齐 (public cache)
  • 程序侧分层缓存页面元素, 减少处理时间
  • 动态内容chunked分段返回, 建议路由入口预先返回缓存住的header+body.head, 能明显减少 ttfb
  • nginx 加短时间缓存并允许返回过期内容, 防止cc时资源耗尽 . 参考

链路及cdn缓存优化

  • 安装Railgun, 动态内容差分更新, 减少回源数据量
  • Argo(付费): 边缘节点与源站间链路优化
  • ignore query
  • 优化Cache-Control头, Cache-Control: public, max-age=3600, stale-if-error=300, stale-while-revalidate=300
    • revalidation: 自上次回源请求后大约一小时, 边缘节点回重新发起变动校验
      • 加前置过滤器, 针对header 包含 If-None-Match的请求, 直接返回304状态码
    • immutable: 不可变对象, 客户端不需要定期校验
    • no-transform: 原样返回源站内容, 不做gzip, brotli压缩
    • stale-if-error: 源站挂掉时,允许返回过期内容
    • stale-while-revalidate: 边缘节点revalidate过程中直接返回过期内容

chrome debug timeline 部分情况下会显示 local cache 加载缓慢(500ms以上), 一般是插件影响了, 可以关闭后重试

curl -w "TCP handshake: %{time_connect}, SSL handshake: %{time_appconnect}\n" -so /dev/null https://www.alipay.com
cloudflare ssl 握手时间比较大可能超过5s以上,如果只有cf, 建议走http

@tiancheng91
Copy link
Owner Author

tiancheng91 commented Jun 2, 2018

国内各运营商连到的节点

  • 电信: SJC圣何塞, LAX洛杉矶
  • 联通: SJC圣何塞, LAX洛杉矶
  • 移动: HKG 香港

源站建议选California

@tiancheng91 tiancheng91 changed the title cloudflare cloudflare 优化 Jun 2, 2018
@tiancheng91
Copy link
Owner Author

tiancheng91 commented Jun 7, 2018

curl -w "TCP handshake: %{time_connect}, SSL handshake: %{time_appconnect}, Trans: %{time_starttransfer}, Total: %{time_total}\n" -so /dev/null https://www.buf.bid

@tiancheng91
Copy link
Owner Author

@tiancheng91
Copy link
Owner Author

cloudflare partner
cloudcdn.herokuapp.com

docker run --name railgun-memcached -d --restart=always memcached:latest

docker run -d --name=railgun -p 2408:2408 -e RG_ACT_TOKEN=ENTERTOKENHERE \
-e RG_ACT_HOST=192.0.2.1 \
-e RG_LOG_LEVEL=1 \
-e RG_WAN_PORT=2408 \
--link railgun-memcached:memcached \
--restart=always \
vostro/cloudflare-railgun

@tiancheng91
Copy link
Owner Author

cloudflared.tar.gz

@tiancheng91
Copy link
Owner Author

cloudflared.amd64.tar.gz

@tiancheng91
Copy link
Owner Author

tiancheng91 commented Jul 3, 2019

// 寻找 cloudflare速度比较快的节点
// ping ip段 返回ping值小于 150 的节点
fping -a -A -e -r1 -t200 -i1 -g 104.16.0.0/15 2> /dev/null | awk -F"[ (]" '($3 < 150){print $0}'
masscan -p80 162.158.118.0/24 | awk '{print $6}' > iplist.txt

echo "range = 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
ports = 80" > scan.txt
masscan -c scan.txt | awk '{print $6}' > scan_out.txt

// 扫描ping值小于130节点
fping -a -A -e -r1 -t200 -i1 -f scan_out.txt 2> /dev/null > scan_ping.txt
// 过滤 122ms以下
cat scan_ping.txt | awk -F"[ (]" '($3 < 122){print $0}'

@tiancheng91 tiancheng91 mentioned this issue Oct 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant