{"id":209987,"date":"2025-10-24T02:43:09","date_gmt":"2025-10-23T18:43:09","guid":{"rendered":"https:\/\/www.server.hk\/blog\/209987\/"},"modified":"2025-10-24T02:43:10","modified_gmt":"2025-10-23T18:43:10","slug":"cdn-227","status":"publish","type":"post","link":"https:\/\/server.hk\/cnblog\/209987\/","title":{"rendered":"CDN\u8fd0\u7ef4\u5b89\u5168\u5de1\u68c0\u5b9e\u6218\u6307\u5357\uff1a\u5173\u952e\u68c0\u67e5\u9879\u4e0e\u5feb\u901f\u4fee\u590d\u7b56\u7565"},"content":{"rendered":"<p>\u968f\u7740\u7f51\u7ad9\u6d41\u91cf\u5168\u7403\u5316\u548c\u653b\u51fb\u624b\u6bb5\u4e0d\u65ad\u6f14\u8fdb\uff0cCDN \u5df2\u6210\u4e3a\u63d0\u5347\u8bbf\u95ee\u901f\u5ea6\u4e0e\u62b5\u5fa1\u6d41\u91cf\u653b\u51fb\u7684\u91cd\u8981\u57fa\u7840\u8bbe\u65bd\u3002\u5bf9\u4e8e\u7ad9\u957f\u3001\u4f01\u4e1a\u7528\u6237\u4e0e\u5f00\u53d1\u8005\u800c\u8a00\uff0c\u5b9a\u671f\u5bf9 CDN \u8fd0\u7ef4\u4e0e\u5b89\u5168\u8fdb\u884c\u5de1\u68c0\uff0c\u4e0d\u4ec5\u53ef\u4ee5\u4fdd\u8bc1\u4e1a\u52a1\u6301\u7eed\u53ef\u7528\uff0c\u8fd8\u80fd\u5728\u6f0f\u6d1e\u4e0e\u914d\u7f6e\u8bef\u5dee\u6269\u5927\u4e4b\u524d\u5feb\u901f\u4fee\u590d\u3002\u672c\u6587\u7ed3\u5408\u5b9e\u6218\u7ecf\u9a8c\uff0c\u56f4\u7ed5\u5173\u952e\u68c0\u67e5\u9879\u3001\u68c0\u6d4b\u65b9\u6cd5\u4e0e\u5feb\u901f\u4fee\u590d\u7b56\u7565\u63d0\u4f9b\u4e00\u5957\u53ef\u6267\u884c\u7684\u5de1\u68c0\u6307\u5357\uff0c\u5e2e\u52a9\u4f60\u628a\u63e1 CDN \u5b89\u5168\u8fd0\u7ef4\u7684\u91cd\u70b9\u3002<\/p>\n<h2>\u4e3a\u4f55\u8981\u8fdb\u884c\u5b9a\u671f\u5de1\u68c0\uff1a\u539f\u7406\u4e0e\u4ef7\u503c<\/h2>\n<p>CDN\uff08\u5185\u5bb9\u5206\u53d1\u7f51\u7edc\uff09\u901a\u8fc7\u8fb9\u7f18\u8282\u70b9\u7f13\u5b58\u9759\u6001\u53ca\u90e8\u5206\u52a8\u6001\u5185\u5bb9\uff0c\u51cf\u8f7b\u6e90\u7ad9\u538b\u529b\u3001\u7f29\u77ed\u7528\u6237\u5ef6\u8fdf\u5e76\u63d0\u4f9b\u6d41\u91cf\u7f13\u89e3\u80fd\u529b\u3002CDN \u7684\u5b89\u5168\u5de1\u68c0\u65e8\u5728\u786e\u8ba4\u4ee5\u4e0b\u51e0\u65b9\u9762\uff1a<\/p>\n<ul>\n<li>\u7f13\u5b58\u7b56\u7565\u4e0e\u7f13\u5b58\u4e00\u81f4\u6027\u662f\u5426\u6b63\u786e\uff0c\u907f\u514d\u654f\u611f\u4fe1\u606f\u5916\u6cc4\u6216\u7f13\u5b58\u6c61\u67d3\uff1b<\/li>\n<li>\u4f20\u8f93\u5b89\u5168\uff08TLS\/HTTPS\uff09\u914d\u7f6e\u662f\u5426\u5b8c\u5907\uff0c\u907f\u514d\u4e2d\u95f4\u4eba\u653b\u51fb\u6216\u8bc1\u4e66\u95ee\u9898\u5bfc\u81f4\u8bbf\u95ee\u4e2d\u65ad\uff1b<\/li>\n<li>\u9632\u62a4\u7b56\u7565\uff08WAF\u3001\u901f\u7387\u9650\u5236\u3001IP \u9ed1\u767d\u540d\u5355\uff09\u662f\u5426\u8986\u76d6\u5e38\u89c1\u653b\u51fb\u77e2\u91cf\uff1b<\/li>\n<li>\u6e90\u7ad9\u4e0e\u56de\u6e90\u94fe\u8def\uff08DNS\u3001\u88ab\u5c01\u9501\u98ce\u9669\u3001\u5e26\u5bbd\u4e0eBGP\u8def\u7531\uff09\u662f\u5426\u5065\u58ee\uff1b<\/li>\n<li>\u65e5\u5fd7\u4e0e\u544a\u8b66\u662f\u5426\u5b8c\u6574\u3001\u53ef\u8ffd\u6eaf\u3001\u5e76\u80fd\u652f\u6301\u81ea\u52a8\u5316\u54cd\u5e94\u3002 <\/li>\n<\/ul>\n<p>\u901a\u8fc7\u5de1\u68c0\uff0c\u53ef\u4ee5\u63d0\u524d\u66b4\u9732\u914d\u7f6e\u7f3a\u9677\u3001\u8bc1\u4e66\u5230\u671f\u3001\u8def\u7531\u5f02\u5e38\u3001\u7f13\u5b58\u9519\u914d\u7b49\u95ee\u9898\uff0c\u4ece\u800c\u5728\u4e1a\u52a1\u9ad8\u5cf0\u6216\u653b\u51fb\u53d1\u751f\u65f6\u51cf\u5c11\u6545\u969c\u8303\u56f4\u4e0e\u4fee\u590d\u6210\u672c\u3002<\/p>\n<h2>\u5173\u952e\u68c0\u67e5\u9879\u4e0e\u68c0\u6d4b\u65b9\u6cd5<\/h2>\n<h3>1. TLS\/\u8bc1\u4e66\u4e0e\u534f\u8bae\u914d\u7f6e<\/h3>\n<p>\u68c0\u67e5\u70b9\uff1a<\/p>\n<ul>\n<li>\u8bc1\u4e66\u6709\u6548\u671f\u4e0e\u94fe\u8def\u5b8c\u6574\u6027\uff08\u5305\u62ec\u4e2d\u95f4\u8bc1\u4e66\uff09\uff1b<\/li>\n<li>\u662f\u5426\u542f\u7528\u5f3a\u534f\u8bae\uff08TLS 1.2+\uff09\uff0c\u5173\u95ed\u5df2\u77e5\u4e0d\u5b89\u5168\u7684 SSLv3\/TLS 1.0\/1.1\uff1b<\/li>\n<li>\u542f\u7528 HTTP\/2\u3001QUIC\uff08\u5982\u679c CDN \u652f\u6301\uff09\uff0c\u5e76\u786e\u8ba4 ALPN \u914d\u7f6e\uff1b<\/li>\n<li>OCSP stapling \u4e0e\u8bc1\u4e66\u900f\u660e\u5ea6\uff08CT\uff09\u662f\u5426\u914d\u7f6e\uff0c\u51cf\u5c11\u8bc1\u4e66\u540a\u9500\u6216\u5ef6\u8fdf\u9a8c\u8bc1\u95ee\u9898\uff1b<\/li>\n<li>\u662f\u5426\u9488\u5bf9\u8fb9\u7f18\u8282\u70b9\u4f7f\u7528\u72ec\u7acb\u8bc1\u4e66\u6216\u901a\u914d\u7b26\u8bc1\u4e66\uff0c\u907f\u514d\u5355\u70b9\u5931\u6548\u3002 <\/li>\n<\/ul>\n<p>\u68c0\u6d4b\u65b9\u6cd5\uff1a<\/p>\n<ul>\n<li>\u4f7f\u7528 openssl\u3001ssllabs.com API \u6216 <code>testssl.sh<\/code> \u811a\u672c\u68c0\u6d4b\u534f\u8bae\u4e0e\u8bc1\u4e66\u94fe\uff1b<\/li>\n<li>\u81ea\u52a8\u5316\u76d1\u63a7\u8bc1\u4e66\u5230\u671f\uff08\u544a\u8b66\u9608\u503c\u5982 30 \u5929\u300114 \u5929\uff09\uff1b<\/li>\n<li>\u5728\u4e0d\u540c\u5730\u533a\uff08\u4f8b\u5982\u9999\u6e2f\u3001\u7f8e\u56fd\u3001\u65e5\u672c\u3001\u97e9\u56fd\u3001\u65b0\u52a0\u5761\uff09\u6267\u884c\u5916\u90e8\u63a2\u6d4b\uff0c\u786e\u8ba4\u8fb9\u7f18\u8282\u70b9 TLS \u4e00\u81f4\u6027\u3002 <\/li>\n<\/ul>\n<h3>\u5feb\u901f\u4fee\u590d\u7b56\u7565<\/h3>\n<ul>\n<li>\u4e34\u8fd1\u5230\u671f\u7acb\u5373\u7eed\u8bc1\u5e76\u5728 CDN \u63a7\u5236\u53f0\u5e73\u6ed1\u66ff\u6362\u8bc1\u4e66\uff1b<\/li>\n<li>\u82e5\u53d1\u73b0\u5f31\u534f\u8bae\uff0c\u4f7f\u7528 CDN \u6216\u8fb9\u7f18\u914d\u7f6e\u5f3a\u5236\u5347\u7ea7\uff0c\u5fc5\u8981\u65f6\u56de\u6eda\u4e0d\u517c\u5bb9\u8bbe\u7f6e\uff1b<\/li>\n<li>\u542f\u7528 OCSP stapling \u5e76\u5728\u6e90\u7ad9\u914d\u5408\u4f18\u5316\uff0c\u51cf\u5c11\u5ba2\u6237\u7aef\u9a8c\u8bc1\u5ef6\u8fdf\u3002 <\/li>\n<\/ul>\n<h3>2. \u7f13\u5b58\u7b56\u7565\u4e0e\u7f13\u5b58\u6c61\u67d3\u68c0\u6d4b<\/h3>\n<p>\u68c0\u67e5\u70b9\uff1a<\/p>\n<ul>\n<li>\u7f13\u5b58\u8fc7\u671f\u7b56\u7565\uff08Cache-Control\u3001Expires\u3001Vary\uff09\u662f\u5426\u4e0e\u4e1a\u52a1\u9700\u6c42\u4e00\u81f4\uff1b<\/li>\n<li>\u662f\u5426\u5bf9\u654f\u611f\u54cd\u5e94\uff08\u5e26\u6709 Set-Cookie\u3001Authorization\u3001\u7528\u6237\u4e2a\u4eba\u4fe1\u606f\uff09\u8bbe\u7f6e\u4e0d\u7f13\u5b58\u6216\u79c1\u6709\u7f13\u5b58\uff1b<\/li>\n<li>CDN \u8fb9\u7f18\u662f\u5426\u542f\u7528\u952e\uff08cache key\uff09\u89c4\u8303\u5316\uff0c\u907f\u514d\u56e0\u53c2\u6570\u3001Cookie \u9020\u6210\u7f13\u5b58\u788e\u7247\u6216\u6c61\u67d3\uff1b<\/li>\n<li>\u662f\u5426\u5b58\u5728\u7f13\u5b58\u51fb\u7a7f\u3001\u7f13\u5b58\u96ea\u5d29\u98ce\u9669\uff08\u5927\u91cf\u540c\u4e00\u8d44\u6e90\u5931\u6548\u540c\u65f6\u56de\u6e90\uff09\u3002<\/li>\n<\/ul>\n<p>\u68c0\u6d4b\u65b9\u6cd5\uff1a<\/p>\n<ul>\n<li>\u901a\u8fc7 curl \u6216\u6d4f\u89c8\u5668\u5f00\u53d1\u8005\u5de5\u5177\u68c0\u67e5\u54cd\u5e94\u5934\uff08X-Cache\u3001Age\u3001Via\u3001Cache-Control\uff09\uff1b<\/li>\n<li>\u6a21\u62df\u4e0d\u540c\u8bf7\u6c42\u53c2\u6570\u3001Cookie \u7684\u547d\u4e2d\u7387\uff0c\u89c2\u5bdf\u8fb9\u7f18\u8282\u70b9\u662f\u5426\u8fd4\u56de\u9884\u671f\u7f13\u5b58\uff1b<\/li>\n<li>\u4f7f\u7528\u538b\u529b\u6d4b\u8bd5\u5de5\u5177\uff08\u5982 wrk\u3001hey\uff09\u5728\u975e\u751f\u4ea7\u73af\u5883\u6f14\u7ec3\u5e76\u89c2\u5bdf\u56de\u6e90\u538b\u529b\u3002 <\/li>\n<\/ul>\n<h3>\u5feb\u901f\u4fee\u590d\u7b56\u7565<\/h3>\n<ul>\n<li>\u5bf9\u53ef\u7f13\u5b58\u8d44\u6e90\u8bbe\u7f6e\u5408\u7406\u7684 max-age\uff0c\u5bf9\u4e8e\u5e38\u53d8\u5185\u5bb9\u4f7f\u7528\u77ed TTL \u5e76\u7ed3\u5408\u7248\u672c\u5316\uff08URL \u6307\u7eb9\u5316\uff09\u7b56\u7565\uff1b<\/li>\n<li>\u5bf9\u654f\u611f\u63a5\u53e3\u8bbe\u7f6e no-store \u6216 private\uff0c\u786e\u4fdd\u4e0d\u4f1a\u88ab\u8fb9\u7f18\u8282\u70b9\u6216\u5171\u4eab\u7f13\u5b58\u4fdd\u5b58\uff1b<\/li>\n<li>\u542f\u7528\u8bf7\u6c42\u53bb\u91cd\u6216\u9501\u673a\u5236\uff08cache lock\uff09\u4ee5\u53ca\u9884\u70ed\u811a\u672c\uff0c\u7f13\u89e3\u7f13\u5b58\u51fb\u7a7f\u3002 <\/li>\n<\/ul>\n<h3>3. WAF \u4e0e\u5e94\u7528\u5c42\u9632\u62a4<\/h3>\n<p>\u68c0\u67e5\u70b9\uff1a<\/p>\n<ul>\n<li>\u662f\u5426\u542f\u7528 WAF \u57fa\u672c\u7b56\u7565\uff08OWASP Top 10 \u9632\u62a4\uff09\uff0c\u5e76\u5b9a\u671f\u66f4\u65b0\u89c4\u5219\u5e93\uff1b<\/li>\n<li>\u662f\u5426\u6709\u81ea\u5b9a\u4e49\u89c4\u5219\u6765\u963b\u65ad\u4e1a\u52a1\u7279\u6709\u7684\u653b\u51fb\u6a21\u5f0f\uff08\u6bd4\u5982\u975e\u6807\u51c6 API \u8c03\u7528\u3001\u5f02\u5e38 UA\u3001\u5f02\u5e38 Referer\uff09\uff1b<\/li>\n<li>\u8de8\u7ad9\u811a\u672c\uff08XSS\uff09\u3001SQL \u6ce8\u5165\u3001RCE \u7b49\u662f\u5426\u6709\u8db3\u591f\u68c0\u6d4b\u4e0e\u62e6\u622a\u80fd\u529b\uff1b<\/li>\n<li>\u662f\u5426\u5bf9\u8bef\u62a5\u548c\u6f0f\u62a5\u5efa\u7acb\u53cd\u9988\u95ed\u73af\uff0c\u6301\u7eed\u8c03\u4f18\u89c4\u5219\u3002 <\/li>\n<\/ul>\n<p>\u68c0\u6d4b\u65b9\u6cd5\uff1a<\/p>\n<ul>\n<li>\u4f7f\u7528\u5b89\u5168\u6d4b\u8bd5\u5de5\u5177\uff08\u5982 Burp Suite\u3001OWASP ZAP\uff09\u8fdb\u884c\u88ab\u52a8\u4e0e\u4e3b\u52a8\u626b\u63cf\uff1b<\/li>\n<li>\u76d1\u63a7 WAF \u65e5\u5fd7\uff0c\u7edf\u8ba1\u963b\u65ad\u4e0e\u6311\u6218\uff08challenge\uff09\u4e8b\u4ef6\uff0c\u5e76\u5206\u6790\u8bef\u62a5\u7387\uff1b<\/li>\n<li>\u7ed3\u5408\u65e5\u5fd7\u8ffd\u8e2a\uff08trace id\uff09\u56de\u6eaf\u653b\u51fb\u8def\u5f84\u3002 <\/li>\n<\/ul>\n<h3>\u5feb\u901f\u4fee\u590d\u7b56\u7565<\/h3>\n<ul>\n<li>\u5bf9\u9ad8\u98ce\u9669\u6d41\u91cf\u8bbe\u7f6e\u6311\u6218\u673a\u5236\uff08CAPTCHA\u3001JS \u68c0\u9a8c\uff09\uff0c\u5e76\u901a\u8fc7\u7070\u5ea6\u7b56\u7565\u9010\u6b65\u653e\u5f00\u8bef\u62a5\uff1b<\/li>\n<li>\u9488\u5bf9\u81ea\u52a8\u5316\u722c\u866b\u6216\u6ee5\u7528\uff0c\u8bbe\u5b9a\u901f\u7387\u9650\u5236\u4e0e IP\/ASN \u9ed1\u540d\u5355\uff1b<\/li>\n<li>\u5efa\u7acb\u89c4\u5219\u6a21\u677f\u4e0e\u56de\u6eda\u811a\u672c\uff0c\u9047\u5230\u4e1a\u52a1\u5f71\u54cd\u80fd\u5feb\u901f\u56de\u9000\u3002 <\/li>\n<\/ul>\n<h3>4. DNS \u4e0e\u56de\u6e90\u94fe\u8def\u5065\u58ee\u6027<\/h3>\n<p>\u68c0\u67e5\u70b9\uff1a<\/p>\n<ul>\n<li>DNS \u89e3\u6790\u662f\u5426\u5197\u4f59\uff08\u591a\u4e2a\u6743\u5a01 DNS \u63d0\u4f9b\u5546\uff09\u3001TTL \u8bbe\u7f6e\u662f\u5426\u5408\u7406\uff1b<\/li>\n<li>\u56de\u6e90 IP\/\u57df\u540d\u662f\u5426\u88ab\u6c61\u67d3\u6216\u906d\u9047\u52ab\u6301\u98ce\u9669\uff0c\u5c24\u5176\u662f\u5728\u6d77\u5916\u90e8\u7f72\u65f6\uff08\u5982\u7f8e\u56fd\u670d\u52a1\u5668\u6216\u5176\u4ed6\u5730\u533a\uff09\uff1b<\/li>\n<li>BGP \u8def\u7531\u3001\u5e26\u5bbd\u94fe\u8def\u5065\u5eb7\u4e0e\u9632 DDoS \u80fd\u529b\uff1b<\/li>\n<li>\u6e90\u7ad9\u662f\u5426\u9650\u5236\u8fb9\u7f18\u8282\u70b9 IP \u8bbf\u95ee\uff08\u767d\u540d\u5355\uff09\uff0c\u907f\u514d\u610f\u5916\u963b\u65ad\u3002 <\/li>\n<\/ul>\n<p>\u68c0\u6d4b\u65b9\u6cd5\uff1a<\/p>\n<ul>\n<li>\u4f7f\u7528 dig\u3001nslookup \u5728\u4e0d\u540c\u5730\u533a\u89e3\u6790\uff0c\u786e\u8ba4\u89e3\u6790\u4e00\u81f4\u6027\uff1b<\/li>\n<li>\u5229\u7528 traceroute\u3001mtr \u68c0\u67e5\u56de\u6e90\u8def\u5f84\u5ef6\u8fdf\u4e0e\u4e22\u5305\uff1b<\/li>\n<li>\u5728\u9999\u6e2f\u3001\u7f8e\u56fd\u3001\u65e5\u672c\u3001\u97e9\u56fd\u3001\u65b0\u52a0\u5761 \u7b49\u8282\u70b9\u505a\u5916\u90e8\u76d1\u6d4b\uff0c\u9a8c\u8bc1\u5730\u7406\u8bbf\u95ee\u8868\u73b0\u4e0e\u662f\u5426\u5b58\u5728\u88ab\u52ab\u6301\u3002 <\/li>\n<\/ul>\n<h3>\u5feb\u901f\u4fee\u590d\u7b56\u7565<\/h3>\n<ul>\n<li>\u5bf9\u91cd\u8981\u57df\u540d\u8bbe\u7f6e\u591a\u5730\u76d1\u63a7\u4e0e\u5907\u7528 DNS\uff0cTTL \u5728\u7d27\u6025\u5207\u6362\u65f6\u8c03\u4f4e\u4fbf\u4e8e\u5feb\u901f\u751f\u6548\uff1b<\/li>\n<li>\u5982\u53d1\u73b0\u56de\u6e90\u88ab\u5c01\u6216\u52ab\u6301\uff0c\u4e34\u65f6\u5207\u6362\u5230\u5907\u7528\u6e90\u6216\u901a\u8fc7\u8bbe\u7acb\u4e2d\u8f6c\u8282\u70b9\uff08\u4f8b\u5982\u9999\u6e2fVPS\u3001\u7f8e\u56fdVPS\uff09\u6062\u590d\u670d\u52a1\uff1b<\/li>\n<li>\u4e0e\u7f51\u7edc\u670d\u52a1\u5546\u6c9f\u901a\uff0c\u8c03\u6574 BGP \u7b56\u7565\u5e76\u542f\u7528\u6d41\u91cf\u6e05\u6d17\u670d\u52a1\u3002 <\/li>\n<\/ul>\n<h3>5. \u65e5\u5fd7\u3001\u76d1\u63a7\u4e0e\u81ea\u52a8\u5316\u544a\u8b66<\/h3>\n<p>\u68c0\u67e5\u70b9\uff1a<\/p>\n<ul>\n<li>\u8fb9\u7f18\u65e5\u5fd7\uff08\u8bbf\u95ee\u65e5\u5fd7\u3001WAF \u65e5\u5fd7\u3001\u5f02\u5e38\u65e5\u5fd7\uff09\u662f\u5426\u5b8c\u6574\u4e14\u53ef\u5bfc\u51fa\uff1b<\/li>\n<li>\u76d1\u63a7\u6307\u6807\u5305\u62ec\u547d\u4e2d\u7387\u3001\u56de\u6e90 QPS\u3001\u9519\u8bef\u7387\uff084xx\/5xx\uff09\u3001\u54cd\u5e94\u65f6\u95f4\u5206\u4f4d\u3001\u5e26\u5bbd\u5cf0\u503c\uff1b<\/li>\n<li>\u544a\u8b66\u9608\u503c\u662f\u5426\u5408\u7406\uff0c\u80fd\u5728 SLA \u4e34\u754c\u524d\u89e6\u53d1\u5e76\u901a\u77e5\u76f8\u5173\u56e2\u961f\uff1b<\/li>\n<li>\u662f\u5426\u6709\u81ea\u52a8\u5316\u811a\u672c\u6216 Runbook \u652f\u6301\u5e38\u89c1\u573a\u666f\u7684\u5feb\u901f\u54cd\u5e94\u3002 <\/li>\n<\/ul>\n<p>\u68c0\u6d4b\u65b9\u6cd5\uff1a<\/p>\n<ul>\n<li>\u96c6\u6210 Prometheus + Grafana \u6216 CDN \u63d0\u4f9b\u7684\u76d1\u63a7\u9762\u677f\uff1b<\/li>\n<li>\u5b9a\u671f\u6f14\u7ec3\u544a\u8b66\u6d41\u7a0b\uff08\u684c\u9762\u6f14\u7ec3\uff09\u5e76\u8bb0\u5f55\u4e8b\u4ef6\u54cd\u5e94\u65f6\u95f4\uff1b<\/li>\n<li>\u4fdd\u5b58\u65e5\u5fd7\u81f3\u96c6\u4e2d\u5316\u5e73\u53f0\uff08ELK\/EFK\u3001Splunk\uff09\uff0c\u5e76\u5bf9\u5f02\u5e38\u8fdb\u884c\u5386\u53f2\u5173\u8054\u5206\u6790\u3002 <\/li>\n<\/ul>\n<h3>\u5feb\u901f\u4fee\u590d\u7b56\u7565<\/h3>\n<ul>\n<li>\u9488\u5bf9\u5e38\u89c1\u6545\u969c\u7f16\u5199 Runbook\uff08\u542b\u547d\u4ee4\u3001API \u4e0e\u56de\u6eda\u65b9\u6848\uff09\uff0c\u5e76\u653e\u5728\u6613\u8bbf\u95ee\u7684\u4f4d\u7f6e\uff1b<\/li>\n<li>\u4f7f\u7528\u81ea\u52a8\u5316\u811a\u672c\uff08\u4f8b\u5982\u901a\u8fc7 CDN API \u6279\u91cf\u4fee\u6539\u89c4\u5219\u3001\u6e05\u7406\u7f13\u5b58\u3001\u5207\u6362\u8bc1\u4e66\uff09\u51cf\u5c11\u4eba\u5de5\u5ef6\u8fdf\uff1b<\/li>\n<li>\u5efa\u7acb\u7194\u65ad\u4e0e\u964d\u7ea7\u7b56\u7565\uff0c\u5728\u65e0\u6cd5\u5feb\u901f\u6062\u590d\u65f6\u4fdd\u62a4\u540e\u7aef\u5e76\u7ef4\u6301\u6838\u5fc3\u4e1a\u52a1\u53ef\u7528\u3002 <\/li>\n<\/ul>\n<h2>\u5e94\u7528\u573a\u666f\u4e0e\u4f18\u52bf\u5bf9\u6bd4<\/h2>\n<p>\u4e0d\u540c\u89c4\u6a21\u7684\u4e1a\u52a1\u4e0e\u90e8\u7f72\u5730\u70b9\u4f1a\u5f71\u54cd CDN \u5de1\u68c0\u91cd\u70b9\uff1a<\/p>\n<ul>\n<li>\u9762\u5411\u672c\u5730\u7528\u6237\uff08\u4f8b\u5982\u9999\u6e2f\u670d\u52a1\u5668 \u6216 \u9999\u6e2fVPS\uff09\u7684\u7f51\u7ad9\uff0c\u9700\u91cd\u70b9\u5173\u6ce8\u672c\u5730\u7f51\u7edc\u5065\u5eb7\u3001DNS \u4e0e\u8fb9\u7f18\u8282\u70b9\u7684\u672c\u5730\u7f13\u5b58\u7b56\u7565\uff1b<\/li>\n<li>\u5168\u7403\u4e1a\u52a1\uff08\u8986\u76d6\u7f8e\u56fd\u670d\u52a1\u5668\u3001\u65e5\u672c\u670d\u52a1\u5668\u3001\u97e9\u56fd\u670d\u52a1\u5668\u3001\u65b0\u52a0\u5761\u670d\u52a1\u5668 \u7b49\uff09\u9700\u5173\u6ce8\u591a\u533a\u57df TLS \u4e00\u81f4\u6027\u3001\u8fb9\u7f18\u7b56\u7565\u7edf\u4e00\u6027\u4e0e\u56de\u6e90\u5e26\u5bbd\u5206\u5e03\uff1b<\/li>\n<li>\u4f7f\u7528\u6d77\u5916\u670d\u52a1\u5668 \u6216 \u591a\u4e91\u67b6\u6784\u7684\u4f01\u4e1a\uff0c\u5e94\u66f4\u5173\u6ce8 BGP\u3001\u8de8\u533a\u57df\u8def\u7531\u4e0e\u5408\u89c4\u6027\uff08\u6570\u636e\u4e3b\u6743\uff09\u95ee\u9898\u3002 <\/li>\n<\/ul>\n<p>\u901a\u8fc7\u5de1\u68c0\u53ef\u4ee5\u5f97\u5230\u76f4\u63a5\u6536\u76ca\uff1a\u964d\u4f4e\u56de\u6e90\u538b\u529b\u3001\u51cf\u5c11\u5b89\u5168\u4e8b\u6545\u5bfc\u81f4\u7684\u5b95\u673a\u65f6\u95f4\u3001\u63d0\u5347\u9875\u9762\u52a0\u8f7d\u4f53\u9a8c\u5e76\u4f18\u5316\u6210\u672c\uff08\u5408\u7406 TTL\u3001\u7f13\u5b58\u547d\u4e2d\u7387\u63d0\u5347\u53ef\u663e\u8457\u964d\u4f4e\u5e26\u5bbd\u8d39\u7528\uff09\u3002<\/p>\n<h2>\u9009\u8d2d\u5efa\u8bae\u4e0e\u8fd0\u7ef4\u6d41\u7a0b\u4f18\u5316<\/h2>\n<p>\u5728\u9009\u62e9 CDN \u670d\u52a1\u4e0e\u914d\u5957\u57fa\u7840\u8bbe\u65bd\u65f6\uff0c\u5efa\u8bae\u8003\u8651\uff1a<\/p>\n<ul>\n<li>\u652f\u6301\u8be6\u7ec6\u65e5\u5fd7\u5bfc\u51fa\u3001\u63d0\u4f9b\u4e30\u5bcc API \u7684\u4f9b\u5e94\u5546\uff0c\u4fbf\u4e8e\u4e8c\u6b21\u96c6\u6210\u4e0e\u81ea\u52a8\u5316\u8fd0\u7ef4\uff1b<\/li>\n<li>\u8fb9\u7f18\u8282\u70b9\u5206\u5e03\u662f\u5426\u8986\u76d6\u76ee\u6807\u7528\u6237\u6240\u5728\u5730\u533a\uff08\u5305\u62ec\u9999\u6e2f\u3001\u7f8e\u56fd\u3001\u65e5\u672c\u3001\u97e9\u56fd\u3001\u65b0\u52a0\u5761\uff09\uff1b<\/li>\n<li>\u662f\u5426\u4e0e\u73b0\u6709\u670d\u52a1\u5668\uff08\u5982\u9999\u6e2f\u670d\u52a1\u5668\u3001\u7f8e\u56fd\u670d\u52a1\u5668\uff09\u548c VPS\uff08\u9999\u6e2fVPS\u3001\u7f8e\u56fdVPS\uff09\u8054\u901a\u6027\u826f\u597d\uff0c\u652f\u6301\u81ea\u5b9a\u4e49\u56de\u6e90\u7aef\u53e3\u4e0e\u8ba4\u8bc1\u673a\u5236\uff1b<\/li>\n<li>\u63d0\u4f9b WAF\u3001DDoS \u6e05\u6d17\u3001\u901f\u7387\u9650\u5236\u4e0e HTTP\/2\u3001QUIC \u652f\u6301\uff0c\u5c06\u5927\u5e45\u63d0\u5347\u5b89\u5168\u4e0e\u6027\u80fd\uff1b<\/li>\n<li>\u57df\u540d\u6ce8\u518c\u4e0e DNS \u670d\u52a1\u662f\u5426\u7a33\u5b9a\uff0c\u5efa\u8bae\u4e0e CDN \u670d\u52a1\u6216\u53ef\u4fe1\u7684 DNS \u63d0\u4f9b\u5546\u914d\u5408\uff0c\u51cf\u5c11\u5207\u6362\u590d\u6742\u5ea6\u3002 <\/li>\n<\/ul>\n<p>\u8fd0\u7ef4\u6d41\u7a0b\u4f18\u5316\u5efa\u8bae\uff1a<\/p>\n<ul>\n<li>\u5efa\u7acb\u5b9a\u671f\u5de1\u68c0\u8868\u5355\uff08\u5468\u3001\u6708\u3001\u5b63\u5ea6\u7ef4\u5ea6\uff09\uff0c\u8986\u76d6 TLS\u3001\u7f13\u5b58\u3001WAF\u3001DNS \u4e0e\u56de\u6e90\u94fe\u8def\uff1b<\/li>\n<li>\u91c7\u7528\u57fa\u7840\u76d1\u63a7 + \u5916\u90e8\u5408\u6210\u76d1\u63a7\uff08\u4e0d\u540c\u5730\u533a\u7684\u5b9a\u65f6\u8bbf\u95ee\uff09\u76f8\u7ed3\u5408\uff0c\u5feb\u901f\u53d1\u73b0\u5730\u57df\u6027\u95ee\u9898\uff1b<\/li>\n<li>\u901a\u8fc7 IaC\uff08\u5982 Terraform\uff09\u7ba1\u7406 CDN \u4e0e DNS \u914d\u7f6e\uff0c\u4fdd\u8bc1\u914d\u7f6e\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\uff1b<\/li>\n<li>\u5b9a\u671f\u6f14\u7ec3\u6545\u969c\u6062\u590d\uff0c\u5e76\u4fdd\u6301\u4e0e CDN \u670d\u52a1\u5546\u7684 SRE \u8054\u7cfb\u901a\u9053\uff0c\u5fc5\u8981\u65f6\u8bf7\u6c42\u5feb\u901f\u652f\u63f4\u3002 <\/li>\n<\/ul>\n<h2>\u603b\u7ed3<\/h2>\n<p>\u5bf9\u4e8e\u4f9d\u8d56 CDN \u7684\u7f51\u7ad9\u4e0e\u5e94\u7528\uff0c\u5b9a\u671f\u7684\u5b89\u5168\u5de1\u68c0\u662f\u4fdd\u969c\u53ef\u7528\u6027\u4e0e\u6297\u653b\u51fb\u80fd\u529b\u7684\u57fa\u7840\u5de5\u4f5c\u3002\u91cd\u70b9\u5305\u62ec TLS\/\u8bc1\u4e66\u7ba1\u7406\u3001\u7f13\u5b58\u7b56\u7565\u3001WAF \u914d\u7f6e\u3001DNS \u4e0e\u56de\u6e90\u94fe\u8def\u5065\u58ee\u6027\u3001\u4ee5\u53ca\u65e5\u5fd7\u4e0e\u81ea\u52a8\u5316\u544a\u8b66\u3002\u5c06\u68c0\u6d4b\u4e0e\u5feb\u901f\u4fee\u590d\u7b56\u7565\u843d\u5730\u2014\u2014\u7ed3\u5408\u81ea\u52a8\u5316\u5de5\u5177\u4e0e\u6e05\u6670\u7684 Runbook\uff0c\u53ef\u5927\u5e45\u7f29\u77ed\u54cd\u5e94\u65f6\u95f4\u5e76\u964d\u4f4e\u8bef\u64cd\u4f5c\u98ce\u9669\u3002\u65e0\u8bba\u4f60\u7684\u57fa\u7840\u8bbe\u65bd\u90e8\u7f72\u5728\u672c\u5730\uff08\u5982\u9999\u6e2f\u670d\u52a1\u5668\u3001\u9999\u6e2fVPS\uff09\uff0c\u8fd8\u662f\u6d77\u5916\uff08\u5982\u7f8e\u56fd\u670d\u52a1\u5668\u3001\u7f8e\u56fdVPS\u3001\u65e5\u672c\u670d\u52a1\u5668\u3001\u97e9\u56fd\u670d\u52a1\u5668\u3001\u65b0\u52a0\u5761\u670d\u52a1\u5668\uff09\uff0c\u90fd\u5e94\u6839\u636e\u5730\u57df\u7279\u70b9\u5b9a\u5236\u5de1\u68c0\u9891\u7387\u4e0e\u573a\u666f\u6f14\u7ec3\u3002<\/p>\n<p>\u82e5\u5e0c\u671b\u7ed3\u5408\u5feb\u901f\u90e8\u7f72\u6216\u5907\u4efd\u6e90\u7ad9\u6765\u63d0\u5347\u5f39\u6027\uff0c\u53ef\u4ee5\u53c2\u8003 Server.HK \u63d0\u4f9b\u7684\u76f8\u5173\u4ea7\u54c1\u548c\u89e3\u51b3\u65b9\u6848\uff0c\u4e86\u89e3\u9999\u6e2f\u670d\u52a1\u5668\u4e0e\u5176\u4ed6\u6d77\u5916\u670d\u52a1\u5668\u7684\u9009\u62e9\u4e0e\u914d\u7f6e\u8be6\u60c5\uff1a<a href=\"https:\/\/server.hk\/server.php\">\u9999\u6e2f\u670d\u52a1\u5668<\/a>\u3002\u6b64\u5916\uff0cServer.HK \u4e5f\u63d0\u4f9b\u5305\u62ec VPS \u4e0e\u57df\u540d\u6ce8\u518c\u5728\u5185\u7684\u670d\u52a1\uff0c\u4fbf\u4e8e\u6784\u5efa\u591a\u533a\u57df\u5197\u4f59\u67b6\u6784\u4e0e\u5feb\u901f\u5207\u6362\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5728\u5168\u7403\u5316\u6d41\u91cf\u4e0e\u590d\u6742\u653b\u51fb\u9762\u524d\uff0c\u5b9a\u671f\u7684 CDN \u5b89\u5168\u5de1\u68c0\u80fd\u5e2e\u7ad9\u957f\u4e0e\u8fd0\u7ef4\u5feb\u901f\u53d1\u73b0\u914d\u7f6e\u8bef\u5dee\u3001\u7f13\u5b58\u6c61\u67d3\u4e0e\u4f20\u8f93\u6f0f\u6d1e\uff0c\u786e\u4fdd\u4e1a\u52a1\u7a33\u5b9a\u4e0e\u6570\u636e\u5b89\u5168\u3002\u672c\u6587\u7ed3\u5408\u5b9e\u6218\u7ecf\u9a8c\uff0c\u63d0\u4f9b\u5173\u952e\u68c0\u67e5\u9879\u3001\u68c0\u6d4b\u65b9\u6cd5\u4e0e\u5feb\u901f\u4fee\u590d\u7b56\u7565\uff0c\u52a9\u4f60\u7528\u53ef\u6267\u884c\u7684\u6b65\u9aa4\u628a\u63e1 CDN \u5b89\u5168\u8fd0\u7ef4\u91cd\u70b9\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4928],"tags":[4138,3995,4139,4141,4140,4142,3386,2142],"class_list":{"0":"post-209987","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-4928","7":"tag-cdn-","10":"tag-ddos-","11":"tag-tls-","12":"tag-4142","13":"tag-3386","14":"tag-2142"},"_links":{"self":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/209987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/comments?post=209987"}],"version-history":[{"count":1,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/209987\/revisions"}],"predecessor-version":[{"id":209988,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/209987\/revisions\/209988"}],"wp:attachment":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/media?parent=209987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/categories?post=209987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/tags?post=209987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}