Advanced architects must see: tengxunyun CDN dynamic separation cache strategy and security anti-brush actual combat!
No more streaking websites! Dismantling Tencent Cloud CDN Acceleration Principle and Pit Avoidance Configuration Tutorial
In cross-border independent stations, App circles or high-traffic websites, there is a big truth in operation and maintenance:
"No CDN, no compliance; No CDN, no cross-border."
Many small white or personal webmasters who have just entered the industry always feel that the slow website access is because the server (CVM/ECS) configuration is not high enough, and they are crazy to upgrade CPU and memory. But often the result is that money is spent, and users from overseas or other provinces are still stuck like constipation.
In fact, what you lack is not more expensive servers, but CDN. Today, we will talk about the underlying acceleration principle of tengxunyun CDN (content distribution network) in the most down-to-earth and human-speaking way, and attach a set of "bankruptcy prevention, wind prevention and control" actual combat configuration tutorials summarized by old birds.
The first part: how does tengxunyun CDN make you "faster?
If you don't use CDN, the user visits your website like this: a user in Xinjiang or the United States initiates a request, and the traffic has to span thousands of kilometers and pass through countless public network routers before you can touch the server you put in Guangzhou computer room. As long as there is a traffic jam or packet loss in the middle, the user's web page will circle indefinitely.
Tengxunyun CDN, in fact, has deployed thousands of "cache server clusters (edge nodes)" around the world (especially in major provinces, cities and operators in China) ".
Its acceleration principle, to put it bluntly, is four words:
"Nearby Distribution"
.
First visit (back to the source): When the first Xinjiang user visits your picture logo.png, the nearest Xinjiang Tengxun cloud node finds that it does not have this picture. It will run to the source station in Guangzhou for the user and bring the picture over. This is called "back to the source".
Second to 10,000 accesses (cache hit): when the second and third Xinjiang users visit again, the Xinjiang node directly sends the logo.png just saved to the user from its hard disk. Traffic does not need to take a long distance back to Guangzhou. This is called a "cache hit".
Live experience: After accessing CDN, due to the extremely short physical distance between users and edge nodes, DNS resolution and handshake time drop precipitously, and the loading speed of websites can usually be increased by more than 3 to 5 times.
Part II: Tengxun Cloud CDN Fool Configuration Tutorial and Life-saving Pit
Understand the principle, directly on the actual combat. It is very simple to open CDN in the background of tengxunyun, but in the specific parameter configuration, there are several hidden pits that can make you "go bankrupt overnight" or "paralyze the website. Please follow these steps:
Step 1: Add Domain Name and Origin Site Settings
In the Tengxun Cloud CDN console, click Add Domain Name ".
Accelerated domain name: Fill in your website domain name (such as www.yourdomain.com).
Source station type: if your server is in tengxun cloud, select "tengxun cloud server (CVM)" or enter your server public network IP.
Back-to-source agreement: [big pit 1] if you
The server of is enabled with SSL(HTTPS). HTTPS must be checked here and 443 must be selected for the back source port. If HTTP 80 back to the source is selected, the website may fall into an endless loop of "infinite redirection (301/302)" and the webpage cannot be opened directly.
Step 2: Configure the HTTPS certificate (strongly recommended)
There are almost no websites running pure HTTP anymore. In [Advanced Configuration], find the HTTPS certificate configuration:
Tencent Cloud supports free application for hosting certificates. After binding the certificate to the CDN, turn on HTTP force jump to HTTPS ".
Definitely turn on HTTP/2 or HTTP/3(QUIC): this allows multiple images and scripts to be transmitted concurrently in the same network channel, and the speed can soar by another 30%.
Step 3: Configure Cache Expiration Rules (Performance Core)
[Big pit 2]]
Many novices use the default rules directly, resulting in background data not being updated or sensitive files being cached.
Remember the old bird.
Dynamic Detach Cache Tips
:
Static resources (major changes and few changes): for. jpg, .png, .css, .js, etc., the cache time is set to be longer, for example, 30 days. Let the node cache hard, save your server bandwidth.
Dynamic pages (frequently changed): for. php, .jsp, .asp or paths containing/api/, the cache time is directly set to 0 seconds (no cache)! Otherwise, once the personal background and shopping cart data after the user logs in are cached by CDN and distributed to others, it is a serious privacy accident.
The third part: operation and maintenance of the old bird "anti-brush anti-bankruptcy" security settings
CDN is billed by traffic (or bandwidth). On the Internet, malicious peers often use scripts to frantically brush your CDN traffic. If they ignore it, they can give you a bill of tens of thousands of dollars a night.
In the background of Tencent Cloud CDN,
The following safety switches are your "life-saving"
:
1. Turn on "usage cap alarm/automatic offline"
In the cap setting, set an upper limit. For example: "When the traffic reaches 50G on that day, CDN acceleration will be automatically turned off or the source station will be switched back." This trick can ensure that your wallet is absolutely safe, even if it is targeted by hackers, most websites cannot be opened, and you will never receive sky-high bills.
2. Open "IP frequency limit configuration"
Normal real users, a second up to 3-5 times a page. The hacker's brush flow script can generate hundreds of requests a second.
Gold recommended configuration: single IP access single node, QPS frequency limit set to 30-50. IP exceeding this frequency is directly blacked out for 1 hour, perfectly blocking 90% of malicious orders.
3. UA black and white list and area anti-brush
If your business is only domestic, you can directly use the regional access control
Banned overseas IP
Access
.
At the same time, it can intercept some common malicious crawler User-Agent (such
python-requests
,
Scrapy
Etc.) to shut out robots that rub traffic.
Summary
Configuring Tengxunyun CDN is like inviting a group of "distributed takeout workers" all over the country to your server ". You only need to cook at ease in Guangzhou's "central kitchen (source station)", and the delivery staff will put the dishes (web content) to the nearest site to the user in advance.
Take a little money to configure CDN cache rules and do enough anti-brush security measures, which will not only make your website fly up fast, but also make your source server CPU utilization plummet directly. This is the standard starting style for high-level operations and architects.
