安然小屋 安然之家

安然小屋 安然之家

lnmp安装
2012-11-01

 

重新安装centos5.5 32bit 独立内核版本系统后,ssh登入。


###########################################
#                                           对用户进行修改。 
###########################################

修改root密码:
1
2
passwdroot
# 输入密码两次
去掉无用的用户组和用户。
1
2
3
4
5
6
cp/etc/passwd/etc/passwd.sav
cp/etc/group/etc/group.sav
forinadm lp syncnews uucp operator games gopher mailnull nscd rpc; \
do/usr/sbin/userdel$a -f; done
forinlp news uucp games gopher usersfloopy nscd rpc rpcuser nfsnobody; \
do/usr/sbin/groupdel$a -f; done
升级系统并安装所需的组件
1
2
3
4
5
6
7
8
9
yum update -y
yum install-y at iptables mailx sendmail vixie-cronntp ntsysv irqbalance \
patch vim-enhanced sudoflex bison automake pam-devel gcc gcc-c++ autoconf \
libjpeg libjpeg-devel libpng libpng-devel libtiff libtiff-devel libtool \
freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc \
glibc-devel glib2 glib2-devel bzip2bzip2-devel ncurses ncurses-devel curl \
curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel \
openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients \
openldap-servers gd gd-devel unzip
修改用户组权限sudo权限,只允许abc用户使用sudo
1
2
3
chmodu+w /etc/sudoers
echo'abc ALL=(ALL) ALL'>> /etc/sudoers
chmodu-w /etc/sudoers
修改系统时区,设置cron定期同步时间。
1
2
3
4
rm-f /etc/localtime
ln-s /usr/share/zoneinfo/Asia/Shanghai/etc/localtime
/usr/sbin/ntpdate210.72.145.44
crontab-e
# 加入下面一行:
1
1 */6* * * /usr/sbin/ntpdate210.72.145.44 > /dev/null2&>1
运行ntsysv精简系统启动服务,只留下atd、crond、iptables、irqbalance、network、sendmail、sshd、syslog。
1
ntsysv
添加用户abc并增加密码,并将abc添加到wheel组(以便sudo提权)
1
2
3
4
5
useraddabc
passwdabc
# 输入密码两次
 
/usr/sbin/usermod-G wheel xuyan
只允许wheel用户组使用su命令。
1
2
3
4
5
6
7
vim /etc/pam.d/su
# 去掉#auth required /lib/security/$ISA/pam_wheel.so use_uid的注释#
 
echo"SU_WHEEL_ONLY yes">> /etc/login.defs
echo"root: admin@caiblog.com">> /etc/aliases
newaliases
service sendmail start
如果想要发送测试邮件,使用命令
1
echotest| mail root
关闭ipv6
1
2
echo"alias net-pf-10 off">> /etc/modprobe.conf
echo"alias ipv6 off">> /etc/modprobe.conf
重启机器
1
init 6


###########################################
#                                           创建下载目录 
###########################################

1
2
mkdir-p /data/src
cd/data/src


###########################################
#                                                安装rzsz 
###########################################

安装rzsz,便于SecureCRT连接vps上传下载
1
2
3
4
5
6
7
8
9
10
cd/data/src
wget http://freeware.sgi.com/source/rzsz/rzsz-3.48.tar.gz
tarzxf rzsz-3.48.tar.gz
cdsrc
sed-i "s#OFLAG= -O#OFLAG= -O -DREGISTERED#g"Makefile
makeposix
cprz sz /usr/bin
exportRZSZLINE=/dev/modem
cd../
rm-rf src


###########################################
#                                 升级openssl和openssh 
###########################################

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# 下载相关文件
cd/data/src
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz
wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
wget http://www.dnaphp.com/downloads/server/linux/30-zlib-1-2-5-tar/download-O zlib-1.2.5.tar.gz
 
# 升级zlib
tar-zxf zlib-1.2.5.tar.gz
cdzlib-1.2.5
./configure
make&& makeinstall
cd../
 
# 升级openssl
tarzxf openssl-1.0.0d.tar.gz
cdopenssl-1.0.0d
./configshared zlib
make
makeinstall
mv/usr/bin/openssl/usr/bin/openssl.OFF
mv/usr/include/openssl/usr/include/openssl.OFF
ln-s /usr/local/ssl/bin/openssl/usr/bin/openssl
ln-s /usr/local/ssl/include/openssl/usr/include/openssl
echo"/usr/local/ssl/lib">> /etc/ld.so.conf
/sbin/ldconfig-v
cd../
 
# 升级openssh
tarzxf openssh-5.8p2.tar.gz
cdopenssh-5.8p2
./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam \
--with-ssl-dir=/usr/local/ssl--with-md5-passwords --with-zlib
make
makeinstall
cd../
配置ssh
修改ssh端口为5678,禁止root用户通过ssh登陆,禁止空密码用户通过ssh登陆等,加强安全设置。
1
2
3
4
5
6
7
8
9
10
11
sed-i "s/#Port 22/Port 5678/g"/etc/ssh/sshd_config
sed-i "s/#PermitRootLogin yes/PermitRootLogin no/g"/etc/ssh/sshd_config
sed-i "s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g"/etc/ssh/sshd_config
sed-i "s/UsePAM yes/UsePAM no/g"/etc/ssh/sshd_config
sed-i "s/#UseDNS yes/UseDNS no/g"/etc/ssh/sshd_config
sed-i "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g"/etc/ssh/sshd_config
sed-i "s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g"/etc/ssh/sshd_config
sed-i "s/#MaxAuthTries 6/MaxAuthTries 3/g"/etc/ssh/sshd_config
sed-i "s/#X11Forwarding no/X11Forwarding no/g"/etc/ssh/sshd_config
 
sed-i "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g"/etc/ssh/ssh_config
重启ssh后,查看版本
1
2
service sshd restart
ssh-V


###########################################
#                                               防火墙设置 
###########################################

增加firewall.sh脚本控制防火墙,记住,ssh上去,改防火墙,直接运行/sbin/iptables -P INPUT DROP后,你连vps都连不上了,ssh端口也被关了。
请注意你的ssh端口。我修改的是5678,请修改成自己的端口。
1
vim /etc/init.d/firewall.sh
添加以下代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/sh
#
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:~/bin
exportPATH
 
case"$1"in
start)
 echo-n "Staring to write your Iptbales:..."
 /sbin/iptables-P INPUT DROP
 /sbin/iptables-P OUTPUT ACCEPT
 /sbin/iptables-P FORWARD DROP
 /sbin/iptables-A INPUT -i lo -j ACCEPT
 /sbin/iptables-A INPUT -m state --state ESTABLISHED -j ACCEPT
 /sbin/iptables-A INPUT -p tcp --dport 5678 -j ACCEPT
 /sbin/iptables-A INPUT -p tcp --dport 80 -j ACCEPT
 /sbin/iptables-A INPUT -i lo -p all -j ACCEPT
 /sbin/iptables-A OUTPUT -p tcp --sport 31337 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 31340 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 31335 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 20034 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 27665 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 27444 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 9704 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 2049 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 137 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 138 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 139 -j DROP
 /etc/rc.d/init.d/iptablessave
 echo"Ok"
;;
stop)
 echo-n "Cleaning your Iptables:..."
 /sbin/iptables-F
 /sbin/iptables-X
 /sbin/iptables-Z
 /sbin/iptables-P INPUT ACCEPT
 /sbin/iptables-P OUTPUT ACCEPT
 /etc/rc.d/init.d/iptablessave
 echo"Ok"
;;
restart)
 echo-n "Cleaning your Iptables:..."
 /sbin/iptables-F
 /sbin/iptables-X
 /sbin/iptables-Z
 echo"Ok"
 echo-n "Staring to write your Iptbales:..."
 /sbin/iptables-P INPUT DROP
 /sbin/iptables-P OUTPUT ACCEPT
 /sbin/iptables-P FORWARD DROP
 /sbin/iptables-A INPUT -p tcp --dport 5678 -j ACCEPT
 /sbin/iptables-A INPUT -p tcp --dport 80 -j ACCEPT
 /sbin/iptables-A INPUT -i lo -p all -j ACCEPT
 /sbin/iptables-A OUTPUT -p tcp --sport 31337 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 31340 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 31335 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 20034 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 27665 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 27444 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 9704 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 2049 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 137 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 138 -j DROP
 /sbin/iptables-A OUTPUT -p tcp --sport 139 -j DROP
 /etc/rc.d/init.d/iptablessave
 echo"Ok"
;;
*)
 echo"Usage: $0    {start|stop|restart}"
esac
exit0
修改防火墙设置,并重启防火墙。
1
2
3
sh /etc/init.d/firewall.sh stop
sh /etc/init.d/firewall.sh start
service iptables restart


###########################################
#                                             安装mysql 
###########################################

1
2
3
# 下载相关文件
cd/data/src
wget http://blog.s135.com/soft/linux/nginx_php/mysql/mysql-5.5.3-m3.tar.gz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 安装mysql
tarzxf mysql-5.5.3-m3.tar.gz
cdmysql-5.5.3-m3
./configure--prefix=/usr/local/mysql/--enable-assembler \
--with-extra-charsets=complex --enable-thread-safe-client \
--with-big-tables --with-readline --with-ssl --with-embedded-server \
--enable-local-infile --with-plugins=partition,innobase,myisammrg
make
makeinstall
 
# 添加mysql用户,修改mysql目录权限
/usr/sbin/groupaddmysql
/usr/sbin/useradd-g mysql mysql -s /sbin/nologin
chown-R mysql:mysql /usr/local/mysql
cd../
创建MySQL数据库存放目录
1
2
3
4
mkdir-p /data/mysql/data/
mkdir-p /data/mysql/binlog/
mkdir-p /data/mysql/relaylog/
chown-R mysql:mysql /data/mysql/
以mysql用户帐号的身份建立数据表,创建my.cnf配置文件:
1
2
3
/usr/local/mysql/bin/mysql_install_db--basedir=/usr/local/mysql\
--datadir=/data/mysql/data--user=mysql
vi/data/mysql/my.cnf
添加以下代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
[client]
default-character-set= utf8
port = 3306
socket = /tmp/mysql.sock
 
[mysqld]
character-set-server = utf8
user    = mysql
port    = 3306
socket = /tmp/mysql.sock
basedir = /usr/local/mysql
datadir = /data/mysql/data
log-error = /data/mysql/mysql_error.log
pid-file/data/mysql/mysql.pid
slow-query-log  = /data/mysql/slow.log
log-bin = /data/mysql/binlog/binlog
open_files_limit    = 600
back_log = 20
max_connections = 100
max_connect_errors = 200
table_cache = 60
external-locking = FALSE
max_allowed_packet = 16M
sort_buffer_size = 128K
join_buffer_size = 128K
thread_cache_size = 10
query_cache_size = 0M
query_cache_limit = 2M
query_cache_min_res_unit = 2k
default-storage-engine = MyISAM
thread_stack = 192K
tmp_table_size = 512K
max_heap_table_size = 32M
long_query_time = 1
server-id= 1
binlog_cache_size = 2M
max_binlog_cache_size = 4M
max_binlog_size = 1G
expire_logs_days = 7
key_buffer_size = 4M
read_buffer_size = 1M
read_rnd_buffer_size = 2M
bulk_insert_buffer_size = 2M
myisam_sort_buffer_size = 4M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover
 
[mysqldump]
quick
max_allowed_packet = 16M
创建/etc/my.cnf链接,增加/usr/local/mysql/bin/mysql环境变量,添加mysql系统启动,启动mysql。
1
2
3
4
5
6
7
8
ln-s /data/mysql/my.cnf /etc/my.cnf
ln-s /usr/local/mysql/bin/mysql/usr/bin
cp/usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysqld
chmod+x /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
/usr/local/mysql/bin/mysqld_safe--user=mysql &
service mysqld restart
通过命令行登录管理MySQL服务器(提示输入密码时直接回车):
1
/usr/local/mysql/bin/mysql-u root -p -S /tmp/mysql.sock
输入以下SQL语句,删除多余用户,设置root密码(123456):
1
2
3
4
DELETEFROMmysql.userWHEREuser=''orhost='::1';
UPDATEmysql.userSETpassword=PASSWORD("123456"WHEREuser='root';
flush privileges;
exit;


###########################################
#                                             php编译安装 
###########################################

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#安装memcached服务端(可选)
 
cd/data/src
wget http://monkey.org/~provos/libevent-2.0.12-stable.tar.gz
wget http://memcached.googlecode.com/files/memcached-1.4.5.tar.gz
wget http://pecl.php.net/get/memcached-1.0.2.tgz
wget http://launchpad.net/libmemcached/1.0/0.49/+download/libmemcached-0.49.tar.gz
 
tarzxf libevent-2.0.12-stable.tar.gz
cdlibevent-2.0.12-stable
./configure--prefix=/usr/local/libevent
make&& makeinstall
cd../
ln-s /usr/local/libevent/lib/libevent-2.0.so.5 /usr/lib/libevent-2.0.so.5
ln-s /usr/local/libevent/lib/libevent.a /usr/lib/libevent.a
 
tarzxf memcached-1.4.5.tar.gz
cdmemcached-1.4.5
./configure--with-libevent=/usr/local/libevent/
make&& makeinstall
cd../
 
tarzxf libmemcached-0.49.tar.gz
cdlibmemcached-0.49
./configuremake&& makeinstall
cd../
编写memcached启动脚本
1
vi/etc/init.d/memcached
添加以下内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/sh
#
# memcached: MemCached Daemon
#
# chkconfig: - 90 25
# description:  MemCached Daemon
#
# Source function library.
/etc/rc.d/init.d/functions
/etc/sysconfig/network   
 
start()
{
    echo-n $"Starting memcached: "
    daemon /usr/bin/memcached-u daemon -d -m 8 -c 256 -l 127.0.0.1 -p 11211 -P /tmp/memcached.pid
    echo
}
 
stop()
{
    echo-n $"Shutting down memcached: "
    killproc memcached
    echo
}   
 
[ -f /usr/bin/memcached] || exit0
 
# See how we were called.
case"$1"in
    start)
    start
    ;;
    stop)
    stop
    ;;
    restart|reload)
    stop
    start
    ;;
    condrestart)
    stop
    start
    ;;
    *)
    echo$"Usage: $0 {start|stop|restart|reload|condrestart}"
    exit1
esac
exit0
添加到系统启动
1
2
chkconfig --add memcached
chkconfig memcached on
编译安装PHP 5.2.17所需的其他支持库:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
cd/data/src
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
wget http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0
wget http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0
wget http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0
 
tarzxf libiconv-1.13.1.tar.gz
cdlibiconv-1.13.1/
./configure--prefix=/usr/local
make
makeinstall
cd../
 
tarzxf libmcrypt-2.5.8.tar.gz
cdlibmcrypt-2.5.8/
./configure
make
makeinstall
/sbin/ldconfig
cdlibltdl/
./configure--enable-ltdl-install
make
makeinstall
cd../../
 
ln-s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln-s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln-s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln-s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln-s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln-s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln-s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln-s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln-s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln-s /usr/local/bin/libmcrypt-config/usr/bin/libmcrypt-config
 
tarzxf mcrypt-2.6.8.tar.gz
cdmcrypt-2.6.8/
/sbin/ldconfig
./configure
make
makeinstall
cd../
 
tarzxf mhash-0.9.9.9.tar.gz
cdmhash-0.9.9.9/
./configure
make
makeinstall
cd../
编译安装php5.2.17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
cd/data/src
wget http://www.php.net/get/php-5.2.17.tar.gz/from/this/mirror
wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
 
tarzxf php-5.2.17.tar.gz
gzip-cdphp-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1
cdphp-5.2.17/
./configure--prefix=/usr/local/php--with-config-file-path=/usr/local/php/etc\
--with-mysql=/usr/local/mysql--with-mysqli=/usr/local/mysql/bin/mysql_config\
--with-iconv-dir=/usr/local--with-freetype-dir--with-jpeg-dir--with-png-dir\
--with-zlib --with-libxml-dir=/usr--enable-xml --disable-rpath \
--enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop \
--enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers \
--enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect \
--enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl \
--with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl \
--with-xmlrpc --enable-zip --enable-soap
makeZEND_EXTRA_LIBS='-liconv'
makeinstall
cpphp.ini-dist /usr/local/php/etc/php.ini
cd../
#安装其他拓展(可选,但是建议一定要把APC装上)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
cd/data/src
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.12.tar.gz
wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
wget http://blog.s135.com/soft/linux/nginx_php/imagick/ImageMagick.tar.gz
wget http://pecl.php.net/get/imagick-2.3.0.tgz
wget http://pecl.php.net/get/APC-3.1.9.tgz
 
tarzxf APC-3.1.9.tgz
cdAPC-3.1.9
/usr/local/php/bin/phpize
./configure--enable-apc --enable-apc-mmap \
--with-php-config=/usr/local/php/bin/php-config--prefix=/usr/local/apc
make
makeinstall
cd../
 
tarzxf memcached-1.0.2.tgz
cdmemcached-1.0.2
/usr/local/php/bin/phpize
./configure--enable-memcached --with-php-config=/usr/local/php/bin/php-config--with-zlib-dir
make
makeinstall
cd../
 
tarzxf PDO_MYSQL-1.0.2.tgz
cdPDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure--with-php-config=/usr/local/php/bin/php-config--with-pdo-mysql=/usr/local/mysql
make
makeinstall
cd../
 
tarzxf PDO_MYSQL-1.0.2.tgz
cdPDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure--with-php-config=/usr/local/php/bin/php-config--with-pdo-mysql=/usr/local/mysql
make
makeinstall
cd../
 
tarzxf ImageMagick.tar.gz
cdImageMagick-6.5.1-2/
./configure
make
makeinstall
cd../
 
tarzxf imagick-2.3.0.tgz
cdimagick-2.3.0/
/usr/local/php/bin/phpize
./configure--with-php-config=/usr/local/php/bin/php-config
make
makeinstall
cd../
修改php.ini文件
1
2
3
4
5
6
7
8
9
10
sed-i 's#extension_dir = "./"#\
extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"\n\
extension = "memcached.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#g' \
/usr/local/php/etc/php.ini
sed-i 's#output_buffering = Off#output_buffering = On#g'/usr/local/php/etc/php.ini
sed-i 's#allow_url_fopen = Off#allow_url_fopen = On#g'/usr/local/php/etc/php.ini
sed-i 's#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g'\
/usr/local/php/etc/php.ini
sed-i 's#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g'/usr/local/php/etc/php.ini
sed-i 's#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g'/usr/local/php/etc/php.ini
在php.ini中配置APC
1
2
3
echo-e '[apc]\nextension="apc.so"\napc.enabled = 1\napc.cache_by_default = on\n\
apc.shm_segments = 1\napc.shm_size = 64M\napc.ttl = 7200\napc.user_ttl = 7200\n\
apc.num_files_hint = 0\napc.write_lock = On\n' >> /usr/local/php/etc/php.ini
创建www用户和web目录
1
2
3
4
/usr/sbin/groupaddwww
/usr/sbin/useradd-g www www -s /sbin/nologin
mkdir-p /data/www/abc
chown-R www:www /data/www/abc
创建php-fpm配置文件:
在/usr/local/php/etc/目录中创建php-fpm.conf文件:
1
2
mv/usr/local/php/etc/php-fpm.conf /usr/local/php/etc/php-fpm.conf.bak
vi/usr/local/php/etc/php-fpm.conf
添加以下代码(<value name=”max_children”>10</value>中10为php-cgi的进程数,可以自行修改,1个进程大约消耗20MB左右内存)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?xml version="1.0"?>
<configuration>
 
    All relative paths inthis config are relative to php's installprefix
 
    <section name="global_options">
 
        Pid file
        <value name="pid_file">/usr/local/php/logs/php-fpm.pid</value>
 
        Error log file
        <value name="error_log">/usr/local/php/logs/php-fpm.log</value>
 
        Log level
        <value name="log_level">notice</value>
 
        When this amount of php processes exited with SIGSEGV or SIGBUS ...
        <value name="emergency_restart_threshold">10</value>
 
        ... inlessthan this interval of time, a graceful restart will be initiated.
        Useful to work around accidental curruptions inaccelerator's shared memory.
        <value name="emergency_restart_interval">1m</value>
 
        Time limit on waiting child's reaction on signals from master
        <value name="process_control_timeout">5s</value>
 
        Set to 'no'to debug fpm
        <value name="daemonize">yes</value>
 
    </section>
 
    <workers>
 
    <section name="pool">
 
        Name of pool. Used inlogs and stats.
        <value name="name">default</value>
 
        Address to accept fastcgi requests on.
        Valid syntax is 'ip.ad.re.ss:port'or just 'port'or '/path/to/unix/socket'
        <value name="listen_address">/tmp/php-cgi.sock</value>
 
        <value name="listen_options">
 
            Set listen(2) backlog
            <value name="backlog">-1</value>
 
            Set permissions forunix socket, ifone used.
            In Linux read/writepermissions must be setinorder to allow connections from web server.
            Many BSD-derrived systems allow connections regardless of permissions.
            <value name="owner"></value>
            <value name="group"></value>
            <value name="mode">0666</value>
 
        </value>
 
        Additional php.ini defines, specific to this pool of workers.
        <value name="php_defines">
            <value name="sendmail_path">/usr/sbin/sendmail-t -i</value>
            <value name="display_errors">0</value>
        </value>
 
        Unix user of processes
        <value name="user">www</value>
 
        Unix group of processes
        <value name="group">www</value>
 
        Process manager settings
        <value name="pm">
 
            Sets style of controling worker process count.
            Valid values are 'static'and 'apache-like'
            <value name="style">static</value>
 
            Sets the limit on the number of simultaneous requests that will be served.
            Equivalent to Apache MaxClients directive.
            Equivalent to PHP_FCGI_CHILDREN environment inoriginal php.fcgi
            Used with any pm_style.
            <value name="max_children">10</value>
 
            Settings group for'apache-like'pm style
            <value name="apache_like">
 
                Sets the number of server processes created on startup.
                Used only when 'apache-like'pm_style is selected
                <value name="StartServers">20</value>
 
                Sets the desired minimum number of idle server processes.
                Used only when 'apache-like'pm_style is selected
                <value name="MinSpareServers">5</value>
 
                Sets the desired maximum number of idle server processes.
                Used only when 'apache-like'pm_style is selected
                <value name="MaxSpareServers">35</value>
 
            </value>
 
        </value>
 
        The timeout (inseconds) forserving a single request after whichthe worker process will be terminated
        Should be used when 'max_execution_time'ini option does not stop script execution forsome reason
        '0s'means 'off'
        <value name="request_terminate_timeout">0s</value>
 
        The timeout (inseconds) forserving of single request after whicha php backtrace will be dumped to slow.log file
        '0s'means 'off'
        <value name="request_slowlog_timeout">0s</value>
 
        The log fileforslow requests
        <value name="slowlog">logs/slow.log</value>
 
        Set openfiledesc rlimit
        <value name="rlimit_files">65535</value>
 
        Set max core size rlimit
        <value name="rlimit_core">0</value>
 
        Chroot to this directory at the start, absolute path
        <value name="chroot"></value>
 
        Chdir to this directory at the start, absolute path
        <value name="chdir"></value>
 
        Redirect workers' stdout and stderr into main error log.
        If not set, they will be redirected to /dev/null, according to FastCGI specs
        <value name="catch_workers_output">yes</value>
 
        How much requests each process should execute before respawn.
        Useful to work around memory leaks in3rd party libraries.
        For endless request processing please specify 0
        Equivalent to PHP_FCGI_MAX_REQUESTS
        <value name="max_requests">1024</value>
 
        Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
        Equivalent to FCGI_WEB_SERVER_ADDRS environment inoriginal php.fcgi (5.2.2+)
        Makes sense only with AF_INET listening socket.
        <value name="allowed_clients">127.0.0.1</value>
 
        Pass environment variables like LD_LIBRARY_PATH
        All $VARIABLEs are taken from current environment
        <value name="environment">
            <value name="HOSTNAME">$HOSTNAME</value>
            <value name="PATH">/usr/local/bin:/usr/bin:/bin</value>
            <value name="TMP">/tmp</value>
            <value name="TMPDIR">/tmp</value>
            <value name="TEMP">/tmp</value>
            <value name="OSTYPE">$OSTYPE</value>
            <value name="MACHTYPE">$MACHTYPE</value>
            <value name="MALLOC_CHECK_">2</value>
        </value>
 
    </section>
 
    </workers>
 
</configuration>
增加php-fpm中chkconfig参数,添加php-fpm到系统启动项。
注:/usr/local/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload。
1
2
3
4
5
sed-i "s@#! /bin/bash@#! /bin/bash\n#chkconfig:345 61 61\n#description:php-fpm@g"\
/usr/local/php/sbin/php-fpm
ln-s /usr/local/php/sbin/php-fpm/etc/init.d/
chkconfig --add php-fpm
service php-fpm start


###########################################
#                                          nginx编译安装 
###########################################

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
cd/data/src
wget http://sysoev.ru/nginx/nginx-1.0.4.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.12.tar.gz
 
# 安装pcre库
tarzxf pcre-8.12.tar.gz
cdpcre-8.12/
./configure
make
makeinstall
cd../
 
#安装nginx
tarzxf nginx-1.0.4.tar.gz
cdnginx-1.0.4/
./configure--user=www --group=www
make
makeinstall
cd../
创建日志目录
1
2
mkdir-p /data/logs
chown-R www:www /data/logs
创建Nginx配置文件
在/usr/local/nginx/conf/目录中创建vhosts目录及虚拟主机配置文件
1
2
3
4
mkdir-p /usr/local/nginx/conf/vhosts
mkdir-p /data/www/abc/blog
chown-R www:www /data/www/abc/blog
vi/usr/local/nginx/conf/vhosts/www.abc.com
加入以下内容(记得替换server_name和日志文件名abc)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
server
{
    listen 80;
    server_name www.abc.tk;
    index index.html index.htm index.php;
    root  /data/www/abc/blog;
 
    #limit_conn crawler  20;    
 
    location ~ .*\.(php|php5)?$
    {
        fastcgi_pass unix:/tmp/php-cgi.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fcgi.conf;
    }
 
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires 15d;
    }
 
    location ~ .*\.(js|css)?$
    {
        expires 1d;
    }
 
    log_format  abc  '$remote_addr - $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" $http_x_forwarded_for';
    access_log  /data/logs/abc_access.log  abc;
}
在/usr/local/nginx/conf/目录中修改nginx.conf文件:
1
2
mv/usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
vi/usr/local/nginx/conf/nginx.conf
加入以下内容(worker_processes 表示开启的nginx进程数。可以自行修改,1个进程大约消耗10MB左右内存):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
user  www www;
 
worker_processes 2;
 
error_log /data/logs/nginx_error.log  crit;
 
pid /usr/local/nginx/nginx.pid;
 
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
 
events
{
    use epoll;
    worker_connections 65535;
}
 
http
{
    include       mime.types;
    default_type  application/octet-stream;
 
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;
 
    sendfile on;
    tcp_nopush     on;
 
    keepalive_timeout 60;
 
    tcp_nodelay on;
 
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
 
    gzipon;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 2;
    gzip_types text/plainapplication/x-javascripttext/cssapplication/xml;
    gzip_vary on;
 
    include vhosts/www.abc.com;
 
}
在/usr/local/nginx/conf/目录中创建fcgi.conf文件:
1
vi/usr/local/nginx/conf/fcgi.conf
输入以下内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
fastcgi_param  GATEWAY_INTERFACE    CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
 
fastcgi_param  QUERY_STRING    $query_string;
fastcgi_param  REQUEST_METHOD    $request_method;
fastcgi_param  CONTENT_TYPE    $content_type;
fastcgi_param  CONTENT_LENGTH    $content_length;
 
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME    $fastcgi_script_name;
fastcgi_param  REQUEST_URI    $request_uri;
fastcgi_param  DOCUMENT_URI    $document_uri;
fastcgi_param  DOCUMENT_ROOT    $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 
fastcgi_param  REMOTE_ADDR    $remote_addr;
fastcgi_param  REMOTE_PORT    $remote_port;
fastcgi_param  SERVER_ADDR    $server_addr;
fastcgi_param  SERVER_PORT    $server_port;
fastcgi_param  SERVER_NAME    $server_name;
 
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
nginx配置文件创建链接到/etc/下
1
ln-s /usr/local/nginx/conf/etc/nginx
编写nginx服务启动脚本
1
vi/etc/init.d/nginx
添加以下内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   345 60 60
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /etc/nginx/nginx.conf
# config:      /etc/sysconfig/nginx
# pidfile:     /var/run/nginx.pid 
 
# Source function library.
/etc/rc.d/init.d/functions
 
# Source networking configuration.
/etc/sysconfig/network
 
# Check that networking is up.
"$NETWORKING""no"] && exit
 
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename$nginx) 
 
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
 
[ -f /etc/sysconfig/nginx] && . /etc/sysconfig/nginx
 
lockfile=/var/lock/subsys/nginx
 
start() {
    [ -x $nginx ] || exit5
    [ -f $NGINX_CONF_FILE ] || exit6
    echo-n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq0 ] && touch$lockfile
    return$retval
 
stop() {
    echo-n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq0 ] && rm-f $lockfile
    return$retval
killall -9 nginx
 
restart() {
    configtest || return$?
    stop
    sleep1
    start
 
reload() {
    configtest || return$?
    echo-n $"Reloading $prog: "
    killproc $nginx -HUP
RETVAL=$?
    echo
 
force_reload() {
    restart
 
configtest() {
$nginx -t -c $NGINX_CONF_FILE
 
rh_status() {
    status $prog
 
rh_status_q() {
    rh_status >/dev/null2>&1
 
case"$1"in
    start)
        rh_status_q && exit0
    $1
        ;;
    stop)
        rh_status_q || exit0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit0
            ;;
    *)
      echo$"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit2
esac
添加到系统启动
1
2
3
chmod+x /etc/init.d/nginx
chkconfig --add nginx
service nginx start
创建每天定时切割日志的脚本,需要切割的日志文件可自行添加,mv这一行,修改文件名即可。
1
vi/usr/local/sbin/cut_log.sh
输入以下内容:
1
2
3
4
5
6
7
8
9
10
#!/bin/bash
# This script run at 00:00
 
# The nginx logs path
logs_path="/data/logs/"
 
mkdir-p ${logs_path}$(date-d "yesterday"+"%Y")/$(date-d "yesterday"+"%m")/
mv${logs_path}abc_access.log ${logs_path}$(date-d "yesterday"+"%Y")/$(date-d "yesterday"+"%m")/abc_access_$(date-d "yesterday"+"%Y%m%d").log
mv${logs_path}nginx_error.log ${logs_path}$(date-d "yesterday"+"%Y")/$(date-d "yesterday"+"%m")/nginx_error_$(date-d "yesterday"+"%Y%m%d").log
kill-USR1 `cat/usr/local/nginx/nginx.pid`