一、CDN概述CDNContent Delivery Network内容分发网络通过将内容缓存到离用户最近的节点来加速访问CDN的核心价值加速访问速度减少物理距离减轻源站压力扛住流量高峰提升用户体验减少等待时间节省带宽成本边缘节点分流二、CDN架构1. 架构组件用户请求 → DNS解析 → CDN边缘节点 → 缓存命中 │ ┌───────────────┼───────────────┐ ▼ ▼ ▼ 边缘节点 区域节点 源站 (Last Mile) (Middle Mile) (Origin) └───────────────┴───────────────┘ │ 缓存未命中时回源2. 工作流程1. 用户访问 www.example.com/logo.png 2. 本地DNS解析到CDN 3. CDN智能调度选择最近节点 4. 边缘节点检查缓存 ├── 命中 → 直接返回 └── 未命中 → 回源获取 → 缓存 → 返回三、主流CDN服务商服务商特点价格阿里云CDN节点多生态完善中等腾讯云CDN国内访问快中等Cloudflare全球覆盖免费套餐便宜Akamai全球第一昂贵CloudFrontAWS生态集成按量付费四、CDN配置实战1. 阿里云CDN配置ConfigurationpublicclassAliyunCDNConfig{Value(${aliyun.cdn.domain})privateStringcdnDomain;Value(${aliyun.cdn.accessKeyId})privateStringaccessKeyId;Value(${aliyun.cdn.accessKeySecret})privateStringaccessKeySecret;BeanpublicCdnClientcdnClient(){returnnewCdnClientBuilder().build(accessKeyId,accessKeySecret);}}ServicepublicclassCDNService{AutowiredprivateCdnClientcdnClient;// 刷新缓存publicvoidrefreshCache(Stringurl){RefreshObjectCachesRequestrequestnewRefreshObjectCachesRequest();request.setObjectPath(url);request.setObjectType(File);cdnClient.refreshObjectCaches(request);}// 预热缓存publicvoidpreloadCache(Stringurl){PushObjectCacheRequestrequestnewPushObjectCacheRequest();request.setObjectPath(url);cdnClient.pushObjectCache(request);}}2. Nginx配置CDN回源# nginx.conf upstream origin { server origin.example.com:8080; } server { listen 80; server_name cdn.example.com; # 缓存配置 proxy_cache my_cache; proxy_cache_key $scheme$host$request_uri; proxy_cache_valid 200 10m; proxy_cache_valid 404 1m; proxy_cache_use_stale error timeout updating; # 回源配置 proxy_pass http://origin; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; # 缓存控制 add_header X-Cache-Status $upstream_cache_status; }五、缓存策略1. 缓存Key设计// 合理的缓存Key设计publicclassCacheKeyBuilder{// 基础KeypublicstaticStringbuildProductKey(LongproductId){returnproduct:productId;}// 带版本的Key版本更新时自动失效旧缓存publicstaticStringbuildProductKeyV(LongproductId,Stringversion){returnproduct:productId:vversion;}// 带用户分组的Key不同用户看到不同价格publicstaticStringbuildProductPriceKey(LongproductId,LonguserGroupId){returnproduct:price:productId:guserGroupId;}}2. 缓存失效策略ServicepublicclassProductCacheService{AutowiredprivateCdnClientcdnClient;publicvoidupdateProduct(Productproduct){// 1. 更新数据库productMapper.updateById(product);// 2. 删除Redis缓存redisTemplate.delete(product:product.getId());// 3. 刷新CDN缓存StringcdnUrlhttps://cdn.example.com/product/product.getId().html;cdnClient.refreshObjectCaches(newRefreshObjectCachesRequest(cdnUrl));// 4. 如果是大面积更新使用刷新目录if(isBigUpdate()){cdnClient.refreshObjectCaches(newRefreshObjectCachesRequest(https://cdn.example.com/product/list/));}}}3. 缓存控制头ConfigurationpublicclassCacheControlFilterimplementsFilter{OverridepublicvoiddoFilter(ServletRequestreq,ServletResponseres,FilterChainchain)throwsIOException,ServletException{HttpServletRequestrequest(HttpServletRequest)req;HttpServletResponseresponse(HttpServletResponse)res;Stringpathrequest.getRequestURI();// 静态资源长时间缓存if(isStaticResource(path)){response.setHeader(Cache-Control,public, max-age31536000);response.setHeader(Expires,LocalDateTime.now().plusYears(1).format(DateTimeFormatter.RFC_1123_DATE_TIME));}// API接口短时间缓存或不缓存elseif(isAPI(path)){response.setHeader(Cache-Control,no-cache, no-store, must-revalidate);}// 动态页面短时间缓存else{response.setHeader(Cache-Control,public, max-age300);}chain.doFilter(req,res);}}六、CDN安全1. 防盗链# Nginx防盗链配置 server { location /images/ { # 允许的域名 valid_referers none blocked server_names ~\.google\. ~\.baidu\. ~\.example\.com; if ($invalid_referer) { return 403; } } }2. IP限流// CDN IP限流配置publicvoidconfigureIPLimit(CdnClientclient){CreateIpFcRequestrequestnewCreateIpFcRequest();request.setDomainName(cdn.example.com);request.setConfigId(ip_limit_config);// 限制单IP请求频率request.setRules(Arrays.asList(newIpAclRule().setIpList(Arrays.asList(1.2.3.4,5.6.7.8)).setType(allow)));client.createIpFc(request);}3. HTTPS配置// CDN HTTPS配置publicvoidconfigureHTTPS(CdnClientclient,Stringdomain){// 上传证书SetCdnDomainSSLCertificateRequestcertRequestnewSetCdnDomainSSLCertificateRequest();certRequest.setDomainName(domain);certRequest.setCertType(free);// 免费证书certRequest.setSSLProtocol(TLSv1.2);client.setCdnDomainSSLCertificate(certRequest);}七、性能优化1. 预热策略ServicepublicclassPreloadService{AutowiredprivateCdnClientcdnClient;// 秒杀开始前预热publicvoidpreloadSeckillProducts(ListLongproductIds){for(LongproductId:productIds){Stringurlhttps://cdn.example.com/product/productId.html;PushObjectCacheRequestrequestnewPushObjectCacheRequest();request.setObjectPath(url);cdnClient.pushObjectCache(request);log.info(预热CDN: {},url);}}// 批量预热publicvoidbatchPreload(Stringpattern){// 预热整个目录PushObjectCacheRequestrequestnewPushObjectCacheRequest();request.setObjectPath(https://cdn.example.com/products/);cdnClient.pushObjectCache(request);}}2. 访问日志分析ServicepublicclassCDNLogAnalysis{// 分析CDN访问日志publicvoidanalyzeLogs(){// 获取热门资源StringlogPath/var/log/cdn/access.log;try(StreamStringlinesFiles.lines(Paths.get(logPath))){MapString,LongtopResourceslines.map(this::parseLogLine).filter(Objects::nonNull).collect(Collectors.groupingBy(LogEntry::getUrl,Collectors.counting())).entrySet().stream().sorted(Map.Entry.String,LongcomparingByValue().reversed()).limit(100).collect(Collectors.toMap(Map.Entry::getKey,Map.Entry::getValue,(a,b)-a,LinkedHashMap::new));log.info(热门资源TOP10: {},topResources);}catch(IOExceptione){log.error(日志分析失败,e);}}}八、总结CDN是提升访问速度的重要手段架构理解边缘节点→区域节点→源站缓存策略合理设置缓存Key和失效策略安全防护防盗链、IP限流、HTTPS性能优化预热、缓存控制头最佳实践静态资源使用CDN合理设置缓存时间使用版本号实现缓存更新监控CDN命中率个人观点仅供参考