lnmp安装
2012-11-01
重新安装centos5.5 32bit 独立内核版本系统后,ssh登入。
###########################################
# 对用户进行修改。
###########################################
修改root密码:
1 2 | passwdroot# 输入密码两次 |
去掉无用的用户组和用户。
1 2 3 4 5 6 | cp/etc/passwd/etc/passwd.savcp/etc/group/etc/group.savfora inadm lp syncnews uucp operator games gopher mailnull nscd rpc; \do/usr/sbin/userdel$a -f; donefora inlp news uucp games gopher usersfloopy nscd rpc rpcuser nfsnobody; \do/usr/sbin/groupdel$a -f; done |
升级系统并安装所需的组件
1 2 3 4 5 6 7 8 9 | yum update -yyum install-y at iptables mailx sendmail vixie-cronntp ntsysv irqbalance \patch vim-enhanced sudoflex bison automake pam-devel gcc gcc-c++ autoconf \libjpeg libjpeg-devel libpng libpng-devel libtiff libtiff-devel libtool \freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc \glibc-devel glib2 glib2-devel bzip2bzip2-devel ncurses ncurses-devel curl \curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel \openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients \openldap-servers gd gd-devel unzip |
修改用户组权限sudo权限,只允许abc用户使用sudo
1 2 3 | chmodu+w /etc/sudoersecho'abc ALL=(ALL) ALL'>> /etc/sudoerschmodu-w /etc/sudoers |
修改系统时区,设置cron定期同步时间。
1 2 3 4 | rm-f /etc/localtimeln-s /usr/share/zoneinfo/Asia/Shanghai/etc/localtime/usr/sbin/ntpdate210.72.145.44crontab-e |
# 加入下面一行:
1 | 1 */6* * * /usr/sbin/ntpdate210.72.145.44 > /dev/null2&>1 |
运行ntsysv精简系统启动服务,只留下atd、crond、iptables、irqbalance、network、sendmail、sshd、syslog。
1 | ntsysv |
添加用户abc并增加密码,并将abc添加到wheel组(以便sudo提权)
1 2 3 4 5 | useraddabcpasswdabc# 输入密码两次/usr/sbin/usermod-G wheel xuyan |
只允许wheel用户组使用su命令。
1 2 3 4 5 6 7 | vim /etc/pam.d/su# 去掉#auth required /lib/security/$ISA/pam_wheel.so use_uid的注释#echo"SU_WHEEL_ONLY yes">> /etc/login.defsecho"root: admin@caiblog.com">> /etc/aliasesnewaliasesservice sendmail start |
如果想要发送测试邮件,使用命令
1 | echotest| mail root |
关闭ipv6
1 2 | echo"alias net-pf-10 off">> /etc/modprobe.confecho"alias ipv6 off">> /etc/modprobe.conf |
重启机器
1 | init 6 |
###########################################
# 创建下载目录
###########################################
1 2 | mkdir-p /data/srccd/data/src |
###########################################
# 安装rzsz
###########################################
安装rzsz,便于SecureCRT连接vps上传下载
1 2 3 4 5 6 7 8 9 10 | cd/data/srcwget http://freeware.sgi.com/source/rzsz/rzsz-3.48.tar.gztarzxf rzsz-3.48.tar.gzcdsrcsed-i "s#OFLAG= -O#OFLAG= -O -DREGISTERED#g"Makefilemakeposixcprz sz /usr/binexportRZSZLINE=/dev/modemcd../rm-rf src |
###########################################
# 升级openssl和openssh
###########################################
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | # 下载相关文件cd/data/srcwget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gzwget http://www.openssl.org/source/openssl-1.0.0d.tar.gzwget http://www.dnaphp.com/downloads/server/linux/30-zlib-1-2-5-tar/download-O zlib-1.2.5.tar.gz# 升级zlibtar-zxf zlib-1.2.5.tar.gzcdzlib-1.2.5./configuremake&& makeinstallcd../# 升级openssltarzxf openssl-1.0.0d.tar.gzcdopenssl-1.0.0d./configshared zlibmakemakeinstallmv/usr/bin/openssl/usr/bin/openssl.OFFmv/usr/include/openssl/usr/include/openssl.OFFln-s /usr/local/ssl/bin/openssl/usr/bin/opensslln-s /usr/local/ssl/include/openssl/usr/include/opensslecho"/usr/local/ssl/lib">> /etc/ld.so.conf/sbin/ldconfig-vcd../# 升级opensshtarzxf openssh-5.8p2.tar.gzcdopenssh-5.8p2./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam \--with-ssl-dir=/usr/local/ssl--with-md5-passwords --with-zlibmakemakeinstallcd../ |
配置ssh
修改ssh端口为5678,禁止root用户通过ssh登陆,禁止空密码用户通过ssh登陆等,加强安全设置。
修改ssh端口为5678,禁止root用户通过ssh登陆,禁止空密码用户通过ssh登陆等,加强安全设置。
1 2 3 4 5 6 7 8 9 10 11 | sed-i "s/#Port 22/Port 5678/g"/etc/ssh/sshd_configsed-i "s/#PermitRootLogin yes/PermitRootLogin no/g"/etc/ssh/sshd_configsed-i "s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g"/etc/ssh/sshd_configsed-i "s/UsePAM yes/UsePAM no/g"/etc/ssh/sshd_configsed-i "s/#UseDNS yes/UseDNS no/g"/etc/ssh/sshd_configsed-i "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g"/etc/ssh/sshd_configsed-i "s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g"/etc/ssh/sshd_configsed-i "s/#MaxAuthTries 6/MaxAuthTries 3/g"/etc/ssh/sshd_configsed-i "s/#X11Forwarding no/X11Forwarding no/g"/etc/ssh/sshd_configsed-i "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g"/etc/ssh/ssh_config |
重启ssh后,查看版本
1 2 | service sshd restartssh-V |
###########################################
# 防火墙设置
###########################################
增加firewall.sh脚本控制防火墙,记住,ssh上去,改防火墙,直接运行/sbin/iptables -P INPUT DROP后,你连vps都连不上了,ssh端口也被关了。
请注意你的ssh端口。我修改的是5678,请修改成自己的端口。
1 | vim /etc/init.d/firewall.sh |
添加以下代码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | #!/bin/sh#PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:~/binexportPATHcase"$1"instart) echo-n "Staring to write your Iptbales:..." /sbin/iptables-P INPUT DROP /sbin/iptables-P OUTPUT ACCEPT /sbin/iptables-P FORWARD DROP /sbin/iptables-A INPUT -i lo -j ACCEPT /sbin/iptables-A INPUT -m state --state ESTABLISHED -j ACCEPT /sbin/iptables-A INPUT -p tcp --dport 5678 -j ACCEPT /sbin/iptables-A INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables-A INPUT -i lo -p all -j ACCEPT /sbin/iptables-A OUTPUT -p tcp --sport 31337 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 31340 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 31335 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 20034 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 27665 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 27444 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 9704 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 2049 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 137 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 138 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 139 -j DROP /etc/rc.d/init.d/iptablessave echo"Ok";;stop) echo-n "Cleaning your Iptables:..." /sbin/iptables-F /sbin/iptables-X /sbin/iptables-Z /sbin/iptables-P INPUT ACCEPT /sbin/iptables-P OUTPUT ACCEPT /etc/rc.d/init.d/iptablessave echo"Ok";;restart) echo-n "Cleaning your Iptables:..." /sbin/iptables-F /sbin/iptables-X /sbin/iptables-Z echo"Ok" echo-n "Staring to write your Iptbales:..." /sbin/iptables-P INPUT DROP /sbin/iptables-P OUTPUT ACCEPT /sbin/iptables-P FORWARD DROP /sbin/iptables-A INPUT -p tcp --dport 5678 -j ACCEPT /sbin/iptables-A INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables-A INPUT -i lo -p all -j ACCEPT /sbin/iptables-A OUTPUT -p tcp --sport 31337 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 31340 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 31335 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 20034 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 27665 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 27444 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 9704 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 2049 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 137 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 138 -j DROP /sbin/iptables-A OUTPUT -p tcp --sport 139 -j DROP /etc/rc.d/init.d/iptablessave echo"Ok";;*) echo"Usage: $0 {start|stop|restart}"esacexit0 |
修改防火墙设置,并重启防火墙。
1 2 3 | sh /etc/init.d/firewall.sh stopsh /etc/init.d/firewall.sh startservice iptables restart |
###########################################
# 安装mysql
###########################################
1 2 3 | # 下载相关文件cd/data/srcwget http://blog.s135.com/soft/linux/nginx_php/mysql/mysql-5.5.3-m3.tar.gz |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | # 安装mysqltarzxf mysql-5.5.3-m3.tar.gzcdmysql-5.5.3-m3./configure--prefix=/usr/local/mysql/--enable-assembler \--with-extra-charsets=complex --enable-thread-safe-client \--with-big-tables --with-readline --with-ssl --with-embedded-server \--enable-local-infile --with-plugins=partition,innobase,myisammrgmakemakeinstall# 添加mysql用户,修改mysql目录权限/usr/sbin/groupaddmysql/usr/sbin/useradd-g mysql mysql -s /sbin/nologinchown-R mysql:mysql /usr/local/mysqlcd../ |
创建MySQL数据库存放目录
1 2 3 4 | mkdir-p /data/mysql/data/mkdir-p /data/mysql/binlog/mkdir-p /data/mysql/relaylog/chown-R mysql:mysql /data/mysql/ |
以mysql用户帐号的身份建立数据表,创建my.cnf配置文件:
1 2 3 | /usr/local/mysql/bin/mysql_install_db--basedir=/usr/local/mysql\--datadir=/data/mysql/data--user=mysqlvi/data/mysql/my.cnf |
添加以下代码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | [client]default-character-set= utf8port = 3306socket = /tmp/mysql.sock[mysqld]character-set-server = utf8user = mysqlport = 3306socket = /tmp/mysql.sockbasedir = /usr/local/mysqldatadir = /data/mysql/datalog-error = /data/mysql/mysql_error.logpid-file= /data/mysql/mysql.pidslow-query-log = /data/mysql/slow.loglog-bin = /data/mysql/binlog/binlogopen_files_limit = 600back_log = 20max_connections = 100max_connect_errors = 200table_cache = 60external-locking = FALSEmax_allowed_packet = 16Msort_buffer_size = 128Kjoin_buffer_size = 128Kthread_cache_size = 10query_cache_size = 0Mquery_cache_limit = 2Mquery_cache_min_res_unit = 2kdefault-storage-engine = MyISAMthread_stack = 192Ktmp_table_size = 512Kmax_heap_table_size = 32Mlong_query_time = 1server-id= 1binlog_cache_size = 2Mmax_binlog_cache_size = 4Mmax_binlog_size = 1Gexpire_logs_days = 7key_buffer_size = 4Mread_buffer_size = 1Mread_rnd_buffer_size = 2Mbulk_insert_buffer_size = 2Mmyisam_sort_buffer_size = 4Mmyisam_max_sort_file_size = 10Gmyisam_repair_threads = 1myisam_recover[mysqldump]quickmax_allowed_packet = 16M |
创建/etc/my.cnf链接,增加/usr/local/mysql/bin/mysql环境变量,添加mysql系统启动,启动mysql。
1 2 3 4 5 6 7 8 | ln-s /data/mysql/my.cnf /etc/my.cnfln-s /usr/local/mysql/bin/mysql/usr/bincp/usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysqldchmod+x /etc/init.d/mysqldchkconfig --add mysqldchkconfig mysqld on/usr/local/mysql/bin/mysqld_safe--user=mysql &service mysqld restart |
通过命令行登录管理MySQL服务器(提示输入密码时直接回车):
1 | /usr/local/mysql/bin/mysql-u root -p -S /tmp/mysql.sock |
输入以下SQL语句,删除多余用户,设置root密码(123456):
1 2 3 4 | DELETEFROMmysql.userWHEREuser=''orhost='::1';UPDATEmysql.userSETpassword=PASSWORD("123456") WHEREuser='root';flush privileges;exit; |
###########################################
# php编译安装
###########################################
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | #安装memcached服务端(可选)cd/data/srcwget http://monkey.org/~provos/libevent-2.0.12-stable.tar.gzwget http://memcached.googlecode.com/files/memcached-1.4.5.tar.gzwget http://pecl.php.net/get/memcached-1.0.2.tgzwget http://launchpad.net/libmemcached/1.0/0.49/+download/libmemcached-0.49.tar.gztarzxf libevent-2.0.12-stable.tar.gzcdlibevent-2.0.12-stable./configure--prefix=/usr/local/libeventmake&& makeinstallcd../ln-s /usr/local/libevent/lib/libevent-2.0.so.5 /usr/lib/libevent-2.0.so.5ln-s /usr/local/libevent/lib/libevent.a /usr/lib/libevent.atarzxf memcached-1.4.5.tar.gzcdmemcached-1.4.5./configure--with-libevent=/usr/local/libevent/make&& makeinstallcd../tarzxf libmemcached-0.49.tar.gzcdlibmemcached-0.49./configuremake&& makeinstallcd../ |
编写memcached启动脚本
1 | vi/etc/init.d/memcached |
添加以下内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | #!/bin/sh## memcached: MemCached Daemon## chkconfig: - 90 25# description: MemCached Daemon## Source function library.. /etc/rc.d/init.d/functions. /etc/sysconfig/network start(){ echo-n $"Starting memcached: " daemon /usr/bin/memcached-u daemon -d -m 8 -c 256 -l 127.0.0.1 -p 11211 -P /tmp/memcached.pid echo}stop(){ echo-n $"Shutting down memcached: " killproc memcached echo} [ -f /usr/bin/memcached] || exit0# See how we were called.case"$1"in start) start ;; stop) stop ;; restart|reload) stop start ;; condrestart) stop start ;; *) echo$"Usage: $0 {start|stop|restart|reload|condrestart}" exit1esacexit0 |
添加到系统启动
1 2 | chkconfig --add memcachedchkconfig memcached on |
编译安装PHP 5.2.17所需的其他支持库:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | cd/data/srcwget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gzwget http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0wget http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0wget http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0tarzxf libiconv-1.13.1.tar.gzcdlibiconv-1.13.1/./configure--prefix=/usr/localmakemakeinstallcd../tarzxf libmcrypt-2.5.8.tar.gzcdlibmcrypt-2.5.8/./configuremakemakeinstall/sbin/ldconfigcdlibltdl/./configure--enable-ltdl-installmakemakeinstallcd../../ln-s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.laln-s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.soln-s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4ln-s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8ln-s /usr/local/lib/libmhash.a /usr/lib/libmhash.aln-s /usr/local/lib/libmhash.la /usr/lib/libmhash.laln-s /usr/local/lib/libmhash.so /usr/lib/libmhash.soln-s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2ln-s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1ln-s /usr/local/bin/libmcrypt-config/usr/bin/libmcrypt-configtarzxf mcrypt-2.6.8.tar.gzcdmcrypt-2.6.8//sbin/ldconfig./configuremakemakeinstallcd../tarzxf mhash-0.9.9.9.tar.gzcdmhash-0.9.9.9/./configuremakemakeinstallcd../ |
编译安装php5.2.17
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | cd/data/srcwget http://www.php.net/get/php-5.2.17.tar.gz/from/this/mirrorwget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gztarzxf php-5.2.17.tar.gzgzip-cdphp-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1cdphp-5.2.17/./configure--prefix=/usr/local/php--with-config-file-path=/usr/local/php/etc\--with-mysql=/usr/local/mysql--with-mysqli=/usr/local/mysql/bin/mysql_config\--with-iconv-dir=/usr/local--with-freetype-dir--with-jpeg-dir--with-png-dir\--with-zlib --with-libxml-dir=/usr--enable-xml --disable-rpath \--enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop \--enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers \--enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect \--enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl \--with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl \--with-xmlrpc --enable-zip --enable-soapmakeZEND_EXTRA_LIBS='-liconv'makeinstallcpphp.ini-dist /usr/local/php/etc/php.inicd../ |
#安装其他拓展(可选,但是建议一定要把APC装上)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | cd/data/srcwget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.12.tar.gzwget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgzwget http://blog.s135.com/soft/linux/nginx_php/imagick/ImageMagick.tar.gzwget http://pecl.php.net/get/imagick-2.3.0.tgzwget http://pecl.php.net/get/APC-3.1.9.tgztarzxf APC-3.1.9.tgzcdAPC-3.1.9/usr/local/php/bin/phpize./configure--enable-apc --enable-apc-mmap \--with-php-config=/usr/local/php/bin/php-config--prefix=/usr/local/apcmakemakeinstallcd../tarzxf memcached-1.0.2.tgzcdmemcached-1.0.2/usr/local/php/bin/phpize./configure--enable-memcached --with-php-config=/usr/local/php/bin/php-config--with-zlib-dirmakemakeinstallcd../tarzxf PDO_MYSQL-1.0.2.tgzcdPDO_MYSQL-1.0.2//usr/local/php/bin/phpize./configure--with-php-config=/usr/local/php/bin/php-config--with-pdo-mysql=/usr/local/mysqlmakemakeinstallcd../tarzxf PDO_MYSQL-1.0.2.tgzcdPDO_MYSQL-1.0.2//usr/local/php/bin/phpize./configure--with-php-config=/usr/local/php/bin/php-config--with-pdo-mysql=/usr/local/mysqlmakemakeinstallcd../tarzxf ImageMagick.tar.gzcdImageMagick-6.5.1-2/./configuremakemakeinstallcd../tarzxf imagick-2.3.0.tgzcdimagick-2.3.0//usr/local/php/bin/phpize./configure--with-php-config=/usr/local/php/bin/php-configmakemakeinstallcd../ |
修改php.ini文件
1 2 3 4 5 6 7 8 9 10 | sed-i 's#extension_dir = "./"#\extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"\n\extension = "memcached.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#g' \/usr/local/php/etc/php.inised-i 's#output_buffering = Off#output_buffering = On#g'/usr/local/php/etc/php.inised-i 's#allow_url_fopen = Off#allow_url_fopen = On#g'/usr/local/php/etc/php.inised-i 's#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g'\/usr/local/php/etc/php.inised-i 's#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g'/usr/local/php/etc/php.inised-i 's#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g'/usr/local/php/etc/php.ini |
在php.ini中配置APC
1 2 3 | echo-e '[apc]\nextension="apc.so"\napc.enabled = 1\napc.cache_by_default = on\n\apc.shm_segments = 1\napc.shm_size = 64M\napc.ttl = 7200\napc.user_ttl = 7200\n\apc.num_files_hint = 0\napc.write_lock = On\n' >> /usr/local/php/etc/php.ini |
创建www用户和web目录
1 2 3 4 | /usr/sbin/groupaddwww/usr/sbin/useradd-g www www -s /sbin/nologinmkdir-p /data/www/abcchown-R www:www /data/www/abc |
创建php-fpm配置文件:
在/usr/local/php/etc/目录中创建php-fpm.conf文件:
1 2 | mv/usr/local/php/etc/php-fpm.conf /usr/local/php/etc/php-fpm.conf.bakvi/usr/local/php/etc/php-fpm.conf |
添加以下代码(<value name=”max_children”>10</value>中10为php-cgi的进程数,可以自行修改,1个进程大约消耗20MB左右内存)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 | <?xml version="1.0"?><configuration> All relative paths inthis config are relative to php's installprefix <section name="global_options"> Pid file <value name="pid_file">/usr/local/php/logs/php-fpm.pid</value> Error log file <value name="error_log">/usr/local/php/logs/php-fpm.log</value> Log level <value name="log_level">notice</value> When this amount of php processes exited with SIGSEGV or SIGBUS ... <value name="emergency_restart_threshold">10</value> ... ina lessthan this interval of time, a graceful restart will be initiated. Useful to work around accidental curruptions inaccelerator's shared memory. <value name="emergency_restart_interval">1m</value> Time limit on waiting child's reaction on signals from master <value name="process_control_timeout">5s</value> Set to 'no'to debug fpm <value name="daemonize">yes</value> </section> <workers> <section name="pool"> Name of pool. Used inlogs and stats. <value name="name">default</value> Address to accept fastcgi requests on. Valid syntax is 'ip.ad.re.ss:port'or just 'port'or '/path/to/unix/socket' <value name="listen_address">/tmp/php-cgi.sock</value> <value name="listen_options"> Set listen(2) backlog <value name="backlog">-1</value> Set permissions forunix socket, ifone used. In Linux read/writepermissions must be setinorder to allow connections from web server. Many BSD-derrived systems allow connections regardless of permissions. <value name="owner"></value> <value name="group"></value> <value name="mode">0666</value> </value> Additional php.ini defines, specific to this pool of workers. <value name="php_defines"> <value name="sendmail_path">/usr/sbin/sendmail-t -i</value> <value name="display_errors">0</value> </value> Unix user of processes <value name="user">www</value> Unix group of processes <value name="group">www</value> Process manager settings <value name="pm"> Sets style of controling worker process count. Valid values are 'static'and 'apache-like' <value name="style">static</value> Sets the limit on the number of simultaneous requests that will be served. Equivalent to Apache MaxClients directive. Equivalent to PHP_FCGI_CHILDREN environment inoriginal php.fcgi Used with any pm_style. <value name="max_children">10</value> Settings group for'apache-like'pm style <value name="apache_like"> Sets the number of server processes created on startup. Used only when 'apache-like'pm_style is selected <value name="StartServers">20</value> Sets the desired minimum number of idle server processes. Used only when 'apache-like'pm_style is selected <value name="MinSpareServers">5</value> Sets the desired maximum number of idle server processes. Used only when 'apache-like'pm_style is selected <value name="MaxSpareServers">35</value> </value> </value> The timeout (inseconds) forserving a single request after whichthe worker process will be terminated Should be used when 'max_execution_time'ini option does not stop script execution forsome reason '0s'means 'off' <value name="request_terminate_timeout">0s</value> The timeout (inseconds) forserving of single request after whicha php backtrace will be dumped to slow.log file '0s'means 'off' <value name="request_slowlog_timeout">0s</value> The log fileforslow requests <value name="slowlog">logs/slow.log</value> Set openfiledesc rlimit <value name="rlimit_files">65535</value> Set max core size rlimit <value name="rlimit_core">0</value> Chroot to this directory at the start, absolute path <value name="chroot"></value> Chdir to this directory at the start, absolute path <value name="chdir"></value> Redirect workers' stdout and stderr into main error log. If not set, they will be redirected to /dev/null, according to FastCGI specs <value name="catch_workers_output">yes</value> How much requests each process should execute before respawn. Useful to work around memory leaks in3rd party libraries. For endless request processing please specify 0 Equivalent to PHP_FCGI_MAX_REQUESTS <value name="max_requests">1024</value> Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect. Equivalent to FCGI_WEB_SERVER_ADDRS environment inoriginal php.fcgi (5.2.2+) Makes sense only with AF_INET listening socket. <value name="allowed_clients">127.0.0.1</value> Pass environment variables like LD_LIBRARY_PATH All $VARIABLEs are taken from current environment <value name="environment"> <value name="HOSTNAME">$HOSTNAME</value> <value name="PATH">/usr/local/bin:/usr/bin:/bin</value> <value name="TMP">/tmp</value> <value name="TMPDIR">/tmp</value> <value name="TEMP">/tmp</value> <value name="OSTYPE">$OSTYPE</value> <value name="MACHTYPE">$MACHTYPE</value> <value name="MALLOC_CHECK_">2</value> </value> </section> </workers></configuration> |
增加php-fpm中chkconfig参数,添加php-fpm到系统启动项。
注:/usr/local/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload。
注:/usr/local/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload。
1 2 3 4 5 | sed-i "s@#! /bin/bash@#! /bin/bash\n#chkconfig:345 61 61\n#description:php-fpm@g"\/usr/local/php/sbin/php-fpmln-s /usr/local/php/sbin/php-fpm/etc/init.d/chkconfig --add php-fpmservice php-fpm start |
###########################################
# nginx编译安装
###########################################
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | cd/data/srcwget http://sysoev.ru/nginx/nginx-1.0.4.tar.gzwget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.12.tar.gz# 安装pcre库tarzxf pcre-8.12.tar.gzcdpcre-8.12/./configuremakemakeinstallcd../#安装nginxtarzxf nginx-1.0.4.tar.gzcdnginx-1.0.4/./configure--user=www --group=wwwmakemakeinstallcd../ |
创建日志目录
1 2 | mkdir-p /data/logschown-R www:www /data/logs |
创建Nginx配置文件
在/usr/local/nginx/conf/目录中创建vhosts目录及虚拟主机配置文件
在/usr/local/nginx/conf/目录中创建vhosts目录及虚拟主机配置文件
1 2 3 4 | mkdir-p /usr/local/nginx/conf/vhostsmkdir-p /data/www/abc/blogchown-R www:www /data/www/abc/blogvi/usr/local/nginx/conf/vhosts/www.abc.com |
加入以下内容(记得替换server_name和日志文件名abc)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | server{ listen 80; server_name www.abc.tk; index index.html index.htm index.php; root /data/www/abc/blog; #limit_conn crawler 20; location ~ .*\.(php|php5)?$ { fastcgi_pass unix:/tmp/php-cgi.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 15d; } location ~ .*\.(js|css)?$ { expires 1d; } log_format abc '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; access_log /data/logs/abc_access.log abc;} |
在/usr/local/nginx/conf/目录中修改nginx.conf文件:
1 2 | mv/usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bakvi/usr/local/nginx/conf/nginx.conf |
加入以下内容(worker_processes 表示开启的nginx进程数。可以自行修改,1个进程大约消耗10MB左右内存):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | user www www;worker_processes 2;error_log /data/logs/nginx_error.log crit;pid /usr/local/nginx/nginx.pid;#Specifies the value for maximum file descriptors that can be opened by this process.worker_rlimit_nofile 65535;events{ use epoll; worker_connections 65535;}http{ include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzipon; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 2; gzip_types text/plainapplication/x-javascripttext/cssapplication/xml; gzip_vary on; include vhosts/www.abc.com;} |
在/usr/local/nginx/conf/目录中创建fcgi.conf文件:
1 | vi/usr/local/nginx/conf/fcgi.conf |
输入以下内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | fastcgi_param GATEWAY_INTERFACE CGI/1.1;fastcgi_param SERVER_SOFTWARE nginx;fastcgi_param QUERY_STRING $query_string;fastcgi_param REQUEST_METHOD $request_method;fastcgi_param CONTENT_TYPE $content_type;fastcgi_param CONTENT_LENGTH $content_length;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param SCRIPT_NAME $fastcgi_script_name;fastcgi_param REQUEST_URI $request_uri;fastcgi_param DOCUMENT_URI $document_uri;fastcgi_param DOCUMENT_ROOT $document_root;fastcgi_param SERVER_PROTOCOL $server_protocol;fastcgi_param REMOTE_ADDR $remote_addr;fastcgi_param REMOTE_PORT $remote_port;fastcgi_param SERVER_ADDR $server_addr;fastcgi_param SERVER_PORT $server_port;fastcgi_param SERVER_NAME $server_name;# PHP only, required if PHP was built with --enable-force-cgi-redirectfastcgi_param REDIRECT_STATUS 200; |
nginx配置文件创建链接到/etc/下
1 | ln-s /usr/local/nginx/conf/etc/nginx |
编写nginx服务启动脚本
1 | vi/etc/init.d/nginx |
添加以下内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 | #!/bin/sh## nginx - this script starts and stops the nginx daemon## chkconfig: 345 60 60# description: Nginx is an HTTP(S) server, HTTP(S) reverse \# proxy and IMAP/POP3 proxy server# processname: nginx# config: /etc/nginx/nginx.conf# config: /etc/sysconfig/nginx# pidfile: /var/run/nginx.pid # Source function library.. /etc/rc.d/init.d/functions# Source networking configuration.. /etc/sysconfig/network# Check that networking is up.[ "$NETWORKING"= "no"] && exit0 nginx="/usr/local/nginx/sbin/nginx"prog=$(basename$nginx) NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"[ -f /etc/sysconfig/nginx] && . /etc/sysconfig/nginxlockfile=/var/lock/subsys/nginxstart() { [ -x $nginx ] || exit5 [ -f $NGINX_CONF_FILE ] || exit6 echo-n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq0 ] && touch$lockfile return$retval} stop() { echo-n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq0 ] && rm-f $lockfile return$retvalkillall -9 nginx} restart() { configtest || return$? stop sleep1 start} reload() { configtest || return$? echo-n $"Reloading $prog: " killproc $nginx -HUPRETVAL=$? echo} force_reload() { restart} configtest() {$nginx -t -c $NGINX_CONF_FILE} rh_status() { status $prog} rh_status_q() { rh_status >/dev/null2>&1} case"$1"in start) rh_status_q && exit0 $1 ;; stop) rh_status_q || exit0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit0 ;; *) echo$"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit2esac |
添加到系统启动
1 2 3 | chmod+x /etc/init.d/nginxchkconfig --add nginxservice nginx start |
创建每天定时切割日志的脚本,需要切割的日志文件可自行添加,mv这一行,修改文件名即可。
1 | vi/usr/local/sbin/cut_log.sh |
输入以下内容:
1 2 3 4 5 6 7 8 9 10 | #!/bin/bash# This script run at 00:00# The nginx logs pathlogs_path="/data/logs/"mkdir-p ${logs_path}$(date-d "yesterday"+"%Y")/$(date-d "yesterday"+"%m")/mv${logs_path}abc_access.log ${logs_path}$(date-d "yesterday"+"%Y")/$(date-d "yesterday"+"%m")/abc_access_$(date-d "yesterday"+"%Y%m%d").logmv${logs_path}nginx_error.log ${logs_path}$(date-d "yesterday"+"%Y")/$(date-d "yesterday"+"%m")/nginx_error_$(date-d "yesterday"+"%Y%m%d").logkill-USR1 `cat/usr/local/nginx/nginx.pid` |
发表评论: