Memcache is a project of danga.com. It was originally used to serve LiveJournal. At present, many people around the world use this cache project to build their own websites with heavy loads to share the pressure of the database.
It can handle any number of connections, using non-blocking network IO. Because its working mechanism is to open up a space in memory, and then create a HashTable, Memcached manages these HashTables by itself.
Memcache official website:http://www.danga.com/memcached, more detailed information can come here to understand 🙂
Why are there two names Memcache and memcached?
Memchache is the name of the project, and memcached is the main program file name of the server
The installation of Memcache is divided into the installation of memcache server and memcached client. The server is the server that provides data caching service. It is usually installed on the Linux server. The client installs the extensions of various development languages, such as the extension of PHP.
Because Mecache runs with root privileges, and there may be some unknown bugs or buffer overflows in it, these are unknown to us, so the danger is predictable. For the sake of safety, I make two suggestions, which can slightly prevent hackers from intruding or data leakage.
It is best to make the access between the two servers in the form of intranet, usually between the web server and the Memcache server. A common server has two network cards, one pointing to the Internet and one pointing to the intranet, then let the Web server access the Memcache server through the network card of the intranet, and when our Memcache server starts, it monitors the IP address of the intranet and Ports, access between intranets can effectively prevent other illegal access.
memcached -d -m 1024 -u root -l 192.168.0.200 -p 11211 -c 1024 -P /tmp/memcached.pid”
The Memcache server is set to listen on the 11211 port of the 192.168.0.200 ip on the intranet, occupies 1024MB of memory, and allows a maximum of 1024 concurrent connections
set up firewall
A firewall is a simple and effective way. If the two servers are connected to the Internet and you need to access Memcache through the external network IP, you can consider using a firewall or proxy program to filter illegal access.
Generally, under Linux, we can use iptables or ipfw under FreeBSD to specify some rules to prevent some illegal access. For example, we can set only our web server to access our Memcache server, while preventing other access.
iptables -F iptables -P INPUT DROP iptables -A INPUT -p tcp -s 192.168.0.2 --dport 11211 -j ACCEPT iptables -A INPUT -p udp -s 192.168.0.2 --dport 11211 -j ACCEPT
The above iptables rule is to only allow the 192.168.0.2 web server to access the Memcache server, which can effectively prevent some illegal access. Correspondingly, some other rules can be added to strengthen security. This can be done according to your own needs .