获取相关开源软件包
本文中提到的所有开源软件包为截止到2009年10月20日的最新稳定版,且均从官方网站下载。
mkdir -p /home/software
cd /home/software
fetch http://sysoev.ru/nginx/nginx-0.8.24.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.00.tar.gz
wget ftp://xmlsoft.org/libxml2/libxml2-2.7.6.tar.gz
wget http://www.zlib.net/zlib-1.2.3.tar.gz
wget ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.40.tar.gz
wget http://www.ijg.org/files/jpegsrc.v7.tar.gz
wget http://ftp.twaren.net/Unix/NonGNU/freetype/freetype-2.3.11.tar.gz
wget http://www.libgd.org/releases/gd-2.0.35.tar.gz
wget http://www.php.net/get/php-5.2.11.tar.gz/from/this/mirror
wget http://php-fpm.org/downloads/php-5.2.11-fpm-0.5.13.diff.gz
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.tar.gz
安装、升级所需的程序库
利用CentOS Linux系统自带的yum命令安装、升级所需的程序库
yum -y install gcc gcc-c++ autoconf libtool* openssl openssl-devel
安装 Mysql5.1.40
Mysql5.1.40 下载地址: http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.40.tar.gz/from/pick
/usr/sbin/groupadd mysql
/usr/sbin/useradd mysql -g mysql -d /dev/null -s /sbin/nologin
tar zxvf mysql-5.1.40.tar.gz
cd mysql-5.1.40
./configure --prefix=/usr/local/webserver/mysql/ --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=innobase
make && make install clean
chmod +w /usr/local/webserver/mysql
chown -R mysql:mysql /usr/local/webserver/mysql
cp /usr/local/webserver/mysql/share/mysql/my-medium.cnf /usr/local/webserver/mysql/my.cnf
cd ..
以mysql用户帐号的身份建立数据表
/usr/local/webserver/mysql/bin/mysql_install_db --datadir=/usr/local/webserver/mysql/data --user=mysql
创建 Mysql 开机启动脚本
cp /usr/local/webserver/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod +x /etc/init.d/mysql
添加 Nginx 为系统服务(开机自动启动)
chkconfig --add mysql
chkconfig mysql on
启动 Mysql
service mysql start
安 装 Nginx
安装Nginx所需的pcre库
tar zxvf pcre-8.00.tar.gz
cd pcre-8.00
./configure
make && make install clean
cd ..
安 装 Nginx0.8.24
tar zxvf nginx-0.8.24.tar.gz
cd nginx-0.8.24
./configure --user=www --group=www --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install clean
cd ..
创建www组、用 户、Nginx 日志目录
/usr/sbin/groupadd www
/usr/sbin/useradd www -g www -d /dev/null -s /sbin/nologin
mkdir -p /var/log/nginx
chmod +w /var/log/nginx
chown -R www:www /var/log/nginx
创建 Nginx 配置文件
rm -f /usr/local/webserver/nginx/conf/nginx.conf
vi /usr/local/webserver/nginx/conf/nginx.conf
输入以下内容:
user www www;
worker_processes 8;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml
gzip_vary on;
server {
listen 80;
server_name localhost;
root /home/excms;
index index.html index.htm index.php;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /nginx_status {
stub_status on;
access_log off;
}
}
}
创建 Nginx 开机启动脚本
vi /etc/init.d/nginx
加入以下内容
#!/bin/bash
#
# chkconfig: - 85 15
# description: Nginx is a World Wide Web server.
# processname: nginx
nginx=/usr/local/webserver/nginx/sbin/nginx
conf=/usr/local/webserver/nginx/conf/nginx.conf
case $1 in
start)
echo -n "Starting Nginx"
$nginx -c $conf
echo " done"
;;
stop)
echo -n "Stopping Nginx"
killall -9 nginx
echo " done"
;;
test)
$nginx -t -c $conf
;;
reload)
echo -n "Reloading Nginx"
ps auxww | grep nginx | grep master | awk '{print $2}' | xargs kill -HUP
echo " done"
;;
restart)
$0 stop
$0 start
;;
show)
ps -aux|grep nginx
;;
*)
echo -n "Usage: $0 {start|restart|reload|stop|test|show}"
;;
esac
为 nginx.sh 脚本设置可执行属性
chmod +x /etc/init.d/nginx
添加 Nginx 为系统服务(开机自动启动)
chkconfig --add nginx
chkconfig nginx on
启动 Nginx
service nginx start
在不停止 Nginx 服务的情况下平滑变更 Nginx 配置
修改 /usr/local/webserver/nginx/conf/nginx.conf 配置文件后,请执行以下命令检查配置文件是否正确:
service nginx test
如果屏幕显示以下两行信息,说明配置文件正确:
the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok
the configuration file /usr/local/webserver/nginx/conf/nginx.conf was tested successfully
平滑变更 Nginx 配置
service nginx reload
安装 GD
安装 zlib
tar zxvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make && make install clean
cd ..
安装 libpng
tar zxvf libpng-1.2.40.tar.gz
cd libpng-1.2.40
./configure
make && make install clean
cd ..
安装 jpeg
tar zxvf jpegsrc.v7.tar.gz
cd jpeg-7
./configure -enable-shared -enable-static
make && make install clean
cd ..
安装 freetype
tar zxvf freetype-2.3.11.tar.gz
cd freetype-2.3.11
./configure
make && make install clean
cd ..
安装 gd2.0.35
tar zxvf gd-2.0.35.tar.gz
cd gd-2.0.35
./configure
make && make install clean
cd ..
安装 libxml2
tar -zxvf libxml2-2.7.6.tar.gz
cd libxml2-2.7.6
./configure
make && make install clean
cd ..
安装 PHP
编译安装PHP 5.2.11所需的支持库 libiconv
tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13
./configure --prefix=/usr/local
make && make install clean
cd ..
编译安装PHP(FastCGI模式)
tar zxvf php-5.2.11.tar.gz
gzip -cd php-5.2.11-fpm-0.5.13.diff.gz | patch -d php-5.2.11 -p1
cd php-5.2.11
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-gd --enable-gd-native-ttf --with-libxml-dir --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-openssl --enable-pcntl --enable-sockets
make ZEND_EXTRA_LIBS='-liconv'
make install clean
cp php.ini-dist /usr/local/webserver/php/etc/php.ini
cd ..
安装 ZendOptimizer
ZendOptimizer 官方下载地址: http://www.zend.com/en/products/guard/downloads
tar zxvf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
cd ZendOptimizer-3.3.9-linux-glibc23-i386
cp data/5_2_x_comp/ZendOptimizer.so /usr/local/webserver/php/include/
修改 php.ini 在末尾添加以下内容
[zend]
zend_optimizer.optimization_level=15
zend_extension="/usr/local/webserver/php/include/ZendOptimizer.so"
修改php-fpm配置文件
php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi
vi /usr/local/webserver/php/etc/php-fpm.conf
将 nobody和 nobody 中的 nobody 改为 www, 并去掉前后的注释标签 ;
如要显示PHP调试的错误信息将 0 修改为 1 ,并去掉前后的注释标签 , 以显示PHP错误信息,否则,Nginx 会报状态为500的空白错误页。
修改 php-fpm 启动脚本
ln -s /usr/local/webserver/php/sbin/php-fpm /etc/init.d/php-fpm
vi /usr/lcaol/webserver/php/sbin/php-fpm
在 #!/bin/sh 下添加以下内容
#
# chkconfig: - 85 15
# description: php-fpm is PHP FastCGI Process Manage.
# processname: php-fpm
添加 php-fpm 为系统服务
chkconfig --add php-fpm
chkconfig php-fpm on
启动 php-fpm
service php-fpm start
在不停止 PHP-fpm 服务的情况下平滑变更 php.ini 配置
修改 /usr/local/webserver/php/etc/php.ini 或者 /usr/loca/webserver/php/etc/php-fpm.conf 配置文件后,请执行以下命令检查配置文件是否正确:
service php-fpm reload
测试
在/home/excms 目录下新建 phpinfo.php
vi /home/excms/phpinfo.php
加入如下文本
打开浏览器,在地址栏里输入 http://您服务器的IP/phpinfo.php
优化Linux内核 参数
vi /etc/sysctl.conf
在末尾增加如下文本
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65535
使配置立即生效:
/sbin/sysctl -p
防ddos攻击
Sysctl 修改
vi /etc/rc.local
加入如下文本
sysctl kern.ipc.maxsockets=100000 ##增加并发的socket,对于ddos很有用
sysctl kern.ipc.somaxconn=65535 ##打开文件数
sysctl net.inet.tcp.msl=2500 ##timeout时间
2010.1.8更新 :
基于CentOS 5.5 搭建nginx +php +php-fpm+mysql高性能php平台
一、安装准备
1.1 平台环境
:
CODE:
CentOS 5.5 i686 GNU/Linux
1.2 系统安装及分区
Nginx 0.8.38
PHP 5.3.2
PHP-FPM 0.6.5
MYSQL 5.5.3 M3
1.2.1操作系统安装
:
安装过程中选择最少的包,采用文本模式安装,不安装图形。
1.2.3系统分区
:
/boot 100M (大约100左右)
SWAP 4G 物理内存的2倍(如果你的物理内存大于4G,分配4G即可)
/ 50G
/data 剩余所有空间.
注:具体分区请根据相关业务划分
1.2.4系统软件包安装规范
系统约定:
软件源代码包存放位置 /usr/local/src
源码包编译安装位置(prefix) /usr/local/software_name
脚本以及维护程序存放位置 /usr/local/sbin
MySQL 数据库位置 /data/mysql/data(可按情况设置)
网站根目录 /data/www/wwwroot(可按情况设置)
虚拟主机日志根目录 /data/logs(可按情况设置)
Nginx运行账户 www:www
install_software_name.sh //存放编译参数脚本习
惯将所有编译脚本存放在install_software_name.sh便于升级和更新软件.
1.3.系统初始化
#vi init_network.sh
CODE:
#welcome
cat << EOF
+--------------------------------------------------------------+
| === Welcome to Centos System init === |
+--------------------------------------------------------------+
+----------------------Author:NetSeek--------------------------+
EOF
#disable ipv6
cat << EOF
+--------------------------------------------------------------+
| === Welcome to Disable IPV6 === |
+--------------------------------------------------------------+
EOF
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
/sbin/chkconfig --level 35 ip6tables off
echo "ipv6 is disabled!"
#disable selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
echo "selinux is disabled,you must reboot!"
#vim
sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
echo 'syntax on' > /root/.vimrc
#zh_cn
sed -i -e 's/^LANG=.*/LANG="en"/' /etc/sysconfig/i18n
#init_ssh
ssh_cf="/etc/ssh/sshd_config"
sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf
sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf
#client
sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' $ssh_cf
echo "ssh is init is ok.............."
#chkser
#tunoff services
#--------------------------------------------------------------------------------
cat << EOF
+--------------------------------------------------------------+
| === Welcome to Tunoff services === |
+--------------------------------------------------------------+
EOF
#---------------------------------------------------------------------------------
for i in `ls /etc/rc3.d/S*`
do
CURSRV=`echo $i|cut -c 15-`
echo $CURSRV
case $CURSRV in
crond | irqbalance | microcode_ctl | network | random | sendmail | sshd | syslog | local | mysqld )
echo "Base services, Skip!"
;;
*)
echo "change $CURSRV to off"
chkconfig --level 235 $CURSRV off
service $CURSRV stop
;;
esac
done
1.4 系统环境部署及调整
检查系统是否正常
# tail -n100 /var/log/messages (检查有无系统级错误信息)
# dmesg (检查硬件设备是否有错误信息)
# ifconfig (检查网卡设置是否正确)
# ping www.linuxtone.org (检查网络是否正常)
1.5使用 yum 程序安装所需开发包
1.5.1 更换快源
#cd /etc/yum.repos.d/
#mv CentOS-Base.repo CentOS-Base.repo.linuxtone
#wget http://docs.linuxtone.org/soft/lemp/CentOS-Base.repo
--EOF--
