歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

Linux LTMP手動編譯安裝以及全自動化部署實踐

\

 

前言

現在很多朋友都了解或者已經在使用LNMP架構,一般可以理解為Linux Shell為CentOS/RadHat/Fedora/Debian/Ubuntu/等平台安裝LNMP(Nginx/MySQL/PHP),LNMPA(Nginx/MySQL/PHP/Apache),LAMP(Apache/MySQL/PHP)等類似的開發或生產環境。我自己是從SuSE/Oracle商業化環境走出來的,對於開源的部署方案也是在一點一點摸索,我相信其中也必然包含某些坑爹的配置。這篇文章較為詳細的描述了基於LTMP架構的部署過程,之後會再考慮獨立各個模塊分享細節和技巧。

LTMP版本

CentOS_6.5_64Tengine-2.1.0MySQL_5.6.25PHP_5.5.27Apache_2.2.31(醬油)

准備工作

如果允許公網訪問會方便很多

#優化History歷史記錄

vi /etc/bashrc

#設置保存歷史命令的文件大小

export HISTFILESIZE=1000000000

#保存歷史命令條數

export HISTSIZE=1000000

#實時記錄歷史命令,默認只有在用戶退出之後才會統一記錄,很容易造成多個用戶間的相互覆蓋。

export PROMPT_COMMAND="history -a"

#記錄每條歷史命令的執行時間

export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S "

#設置時區(可選)

rm -rf /etc/localtime

ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

#禁用NetworkManager(可選)

/etc/init.d/NetworkManager stop

chkconfig NetworkManager off

/etc/init.d/network restart

#關閉iptables(可選)

/etc/init.d/iptables stop

chkconfig iptables off

#設置dns(可選)

echo "nameserver 114.114.114.114" > /etc/resolv.conf

#關閉maildrop

#cd /var/spool/postfix/maildrop;ls | xargs rm -rf;

sed 's/MAILTO=root/MAILTO=""/g' /etc/crontab

service crond restart

#關閉selinux

setenforce 0

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#文件打開數量,

echo ulimit -SHn 65535 >> /etc/profile

source /etc/profile

#修改最大進程和最大文件打開數限制

vi /etc/security/limits.conf

* soft nproc 11000

* hard nproc 11000

* soft nofile 655350

* hard nofile 655350

sed -i -e '/# End of file/i\* soft nofile 65535\n* hard nofile 65535' /etc/security/limits.conf

#優化TCP

vi /etc/sysctl.conf

#禁用包過濾功能

net.ipv4.ip_forward = 0

#啟用源路由核查功能

net.ipv4.conf.default.rp_filter = 1

#禁用所有IP源路由

net.ipv4.conf.default.accept_source_route = 0

#使用sysrq組合鍵是了解系統目前運行情況,為安全起見設為0關閉

kernel.sysrq = 0

#控制core文件的文件名是否添加pid作為擴展

kernel.core_uses_pid = 1

#開啟SYN Cookies,當出現SYN等待隊列溢出時,啟用cookies來處理

net.ipv4.tcp_syncookies = 1

#每個消息隊列的大小(單位:字節)限制

kernel.msgmnb = 65536

#整個系統最大消息隊列數量限制

kernel.msgmax = 65536

#單個共享內存段的大小(單位:字節)限制,計算公式64G*1024*1024*1024(字節)

kernel.shmmax = 68719476736

#所有內存大小(單位:頁,1頁 = 4Kb),計算公式16G*1024*1024*1024/4KB(頁)

kernel.shmall = 4294967296

#timewait的數量,默認是180000

net.ipv4.tcp_max_tw_buckets = 6000

#開啟有選擇的應答

net.ipv4.tcp_sack = 1

#支持更大的TCP窗口. 如果TCP窗口最大超過65535(64K), 必須設置該數值為1

net.ipv4.tcp_window_scaling = 1

#TCP讀buffer

net.ipv4.tcp_rmem = 4096 131072 1048576

#TCP寫buffer

net.ipv4.tcp_wmem = 4096 131072 1048576

#為TCP socket預留用於發送緩沖的內存默認值(單位:字節)

net.core.wmem_default = 8388608

#為TCP socket預留用於發送緩沖的內存最大值(單位:字節)

net.core.wmem_max = 16777216

#為TCP socket預留用於接收緩沖的內存默認值(單位:字節)

net.core.rmem_default = 8388608

#為TCP socket預留用於接收緩沖的內存最大值(單位:字節)

net.core.rmem_max = 16777216

#每個網絡接口接收數據包的速率比內核處理這些包的速率快時,允許送到隊列的數據包的最大數目

net.core.netdev_max_backlog = 262144

#web應用中listen函數的backlog默認會給我們內核參數的net.core.somaxconn限制到128,而nginx定義的NGX_LISTEN_BACKLOG默認為511,所以有必要調整這個值

net.core.somaxconn = 262144

#系統中最多有多少個TCP套接字不被關聯到任何一個用戶文件句柄上。這個限制僅僅是為了防止簡單的DoS攻擊,不能過分依靠它或者人為地減小這個值,更應該增加這個值(如果增加了內存之後)

net.ipv4.tcp_max_orphans = 3276800

#記錄的那些尚未收到客戶端確認信息的連接請求的最大值。對於有128M內存的系統而言,缺省值是1024,小內存的系統則是128

net.ipv4.tcp_max_syn_backlog = 262144

#時間戳可以避免序列號的卷繞。一個1Gbps的鏈路肯定會遇到以前用過的序列號。時間戳能夠讓內核接受這種“異常”的數據包。這裡需要將其關掉

net.ipv4.tcp_timestamps = 0

#為了打開對端的連接,內核需要發送一個SYN並附帶一個回應前面一個SYN的ACK。也就是所謂三次握手中的第二次握手。這個設置決定了內核放棄連接之前發送SYN+ACK包的數量

net.ipv4.tcp_synack_retries = 1

#在內核放棄建立連接之前發送SYN包的數量

net.ipv4.tcp_syn_retries = 1

#開啟TCP連接中time_wait sockets的快速回收

net.ipv4.tcp_tw_recycle = 1

#開啟TCP連接復用功能,允許將time_wait sockets重新用於新的TCP連接(主要針對time_wait連接)

net.ipv4.tcp_tw_reuse = 1

#1st低於此值,TCP沒有內存壓力,2nd進入內存壓力階段,3rdTCP拒絕分配socket(單位:內存頁)

net.ipv4.tcp_mem = 94500000 915000000 927000000

#如果套接字由本端要求關閉,這個參數決定了它保持在FIN-WAIT-2狀態的時間。對端可以出錯並永遠不關閉連接,甚至意外當機。缺省值是60 秒。2.2 內核的通常值是180秒,你可以按這個設置,但要記住的是,即使你的機器是一個輕載的WEB服務器,也有因為大量的死套接字而內存溢出的風險,FIN- WAIT-2的危險性比FIN-WAIT-1要小,因為它最多只能吃掉1.5K內存,但是它們的生存期長些。

net.ipv4.tcp_fin_timeout = 15

#表示當keepalive起用的時候,TCP發送keepalive消息的頻度(單位:秒)

net.ipv4.tcp_keepalive_time = 30

#對外連接端口范圍

net.ipv4.ip_local_port_range = 2048 65000

#表示文件句柄的最大數量

fs.file-max = 102400

#雲主機上的優化

# Kernel sysctl configuration file for Red Hat Linux

#

# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and

# sysctl.conf(5) for more details.

# Controls IP packet forwarding

net.ipv4.ip_forward = 0

# Controls source route verification

net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

# Controls the use of TCP syncookies

net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.

net.bridge.bridge-nf-call-ip6tables = 0

net.bridge.bridge-nf-call-iptables = 0

net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue

kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes

kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes

kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages

kernel.shmall = 4294967296

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.netfilter.nf_conntrack_max = 1000000

kernel.unknown_nmi_panic = 0

kernel.sysrq = 0

fs.file-max = 1000000

vm.swappiness = 10

fs.inotify.max_user_watches = 10000000

net.core.wmem_max = 327679

net.core.rmem_max = 327679

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

/sbin/sysctl -p

#自動選擇最快的yum源

yum -y install yum-fastestmirror

#移除系統自帶的rpm包的http mysql php

#yum remove httpd* php*

yum remove httpd mysql mysql-server php php-cli php-common php-devel php-gd -y

#升級基礎庫

yum install -y wget gcc gcc-c++ openssl* curl curl-devel libxml2 libxml2-devel glibc glibc-devel glib2 glib2-devel gd gd2 gd-devel gd2-devel libaio autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel

#yum安裝基礎必備環境包,可以先將yum源更換為阿裡雲的源

阿裡:http://mirrors.aliyun.com/

搜狐:http://mirrors.sohu.com/

網易:http://mirrors.163.com/

#備份原先的yum源信息

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

#從阿裡雲鏡像站下載centos6的repo

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

#最後yum重新生成緩存

yum makecache

#yum安裝軟件包(可選)

yum -y install tar zip unzip openssl* gd gd-devel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel openldap-clients openldap-servers make libmcrypt libmcrypt-devel fontconfig fontconfig-devel libXpm* libtool* libxml2 libxml2-devel t1lib t1lib-devel

#定義目錄結構,下載安裝包

mkdir -p /app/{local,data}

cd /app/local

#PCRE - Perl Compatible Regular Expressions

wget "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz"

#Tengine

wget "http://tengine.taobao.org/download/tengine-2.1.0.tar.gz"

#MySQL

wget "https://downloads.mariadb.com/archives/mysql-5.6/mysql-5.6.25-linux-glibc2.5-x86_64.tar.gz"

#PHP

wget "http://cn2.php.net/distributions/php-5.6.11.tar.gz"

#Mhash

wget "http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz"

#libmcrypt

wget "http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz"

#Mcrypt

wget "http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz"

配置Tengine

安裝PCRE

tar zxvf pcre-8.37.tar.gz

cd pcre-8.37

./configure

make && make install

cd ../

安裝Tengine

#添加www用戶和組

groupadd www

useradd -g www www

#安裝Tengine

tar zxvf tengine-2.1.0.tar.gz

cd tengine-2.1.0

./configure --user=www --group=www \

--prefix=/app/local/nginx \

--with-http_stub_status_module \

--with-http_ssl_module \

--with-pcre=/app/local/pcre-8.37

make && make install

cd ../
配置Nginx

Nginx配置文件的優化很重要,理解每一步的意義



#修改nginx.conf

vi /app/local/nginx/conf/nginx.conf

#用戶和用戶組

user www www;

#工作進程,一般可以按CPU核數設定

worker_processes auto;

worker_cpu_affinity auto;

#全局錯誤日志級別

# [ debug | info | notice | warn | error | crit ]

error_log logs/error.log error;

#PID文件位置

pid logs/nginx.pid;

#更改worker進程的最大打開文件數限制,避免"too many open files"

worker_rlimit_nofile 65535;

#events事件指令是設定Nginx的工作模式及連接數上限

events{

#epoll是Linux首選的高效工作模式

use epoll;

#告訴nginx收到一個新連接通知後接受盡可能多的連接

multi_accept on;

#用於定義Nginx每個進程的最大連接數

worker_connections 65536;

}

#HTTP模塊控制著nginx http處理的所有核心特性

http {

include mime.types;

#設置文件使用的默認的MIME-type

default_type application/octet-stream;

#對日志格式的設定,main為日志格式別名

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

#設置nginx是否將存儲訪問日志。關閉這個選項可以讓讀取磁盤IO操作更快

access_log off;

# access_log logs/access.log main buffer=16k;

#開啟gzip壓縮,實時壓縮輸出數據流

gzip on;

#設置IE6或者更低版本禁用gzip功能

gzip_disable "MSIE [1-6]\.";

#前端的緩存服務器緩存經過gzip壓縮的頁面

gzip_vary on;

#允許壓縮基於請求和響應的響應流

gzip_proxied any;

#設置數據的壓縮等級

gzip_comp_level 4;

#設置對數據啟用壓縮的最少字節數

gzip_min_length 1k;

#表示申請16個單位為64K的內存作為壓縮結果流緩存

gzip_buffers 16 64k;

#用於設置識別HTTP協議版本

gzip_http_version 1.1;

#用來指定壓縮的類型

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

#打開緩存的同時也指定了緩存最大數目,以及緩存的時間

open_file_cache max=200000 inactive=20s;

#在open_file_cache中指定檢測正確信息的間隔時間

open_file_cache_valid 30s;

#定義了open_file_cache中指令參數不活動時間期間裡最小的文件數

open_file_cache_min_uses 2;

#指定了當搜索一個文件時是否緩存錯誤信息,也包括再次給配置中添加文件

open_file_cache_errors on;

#設置允許客戶端請求的最大的單個文件字節數

client_max_body_size 30M;

#設置客戶端請求主體讀取超時時間

client_body_timeout 10;

#設置客戶端請求頭讀取超時時間

client_header_timeout 10;

#指定來自客戶端請求頭的headerbuffer大小

client_header_buffer_size 32k;

#設置客戶端連接保持活動的超時時間

keepalive_timeout 60;

#關閉不響應的客戶端連接

reset_timedout_connection on;

#設置響應客戶端的超時時間

send_timeout 10;

#開啟高效文件傳輸模式

sendfile on;

#告訴nginx在一個數據包裡發送所有頭文件,而不一個接一個的發送

tcp_nopush on;

#告訴nginx不要緩存數據,而是一段一段的發送

tcp_nodelay on;

#設置用於保存各種key(比如當前連接數)的共享內存的參數

limit_conn_zone $binary_remote_addr zone=addr:5m;

#給定的key設置最大連接數,允許每一個IP地址最多同時打開有100個連接

limit_conn addr 100;

#FastCGI相關參數是為了改善網站的性能:減少資源占用,提高訪問速度

fastcgi_buffers 256 16k;

fastcgi_buffer_size 128k;

fastcgi_connect_timeout 3s;

fastcgi_send_timeout 120s;

fastcgi_read_timeout 120s;

server_names_hash_bucket_size 128;

#不在error_log中記錄不存在的錯誤

log_not_found off;

#關閉在錯誤頁面中的nginx版本數字,提高安全性

#server_tag Apache;

server_tokens off;

#tengine

server_tag off;

server_info off;

#添加虛擬主機的配置文件

include vhosts/*.conf;

#負載均衡配置(暫時略過)

#upstream test.com

#設定虛擬主機配置

server {

#偵聽80端口

listen 80;

#定義使用localhost訪問

server_name localhost;

#定義首頁索引文件的名稱

index index.html index.htm index.php;

#定義服務器的默認網站根目錄位置

root /app/data/localhost/;

#定義錯誤提示頁面

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

#PHP 腳本請求全部轉發到 FastCGI處理. 使用FastCGI默認配置.

location ~ .*\.(php|php5)?$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

#靜態文件

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$

{

#過期30天,頻繁更新可設置小一點

expires 30d;

}

location ~ .*\.(js|css)?$

{

#過期1小時,不更新可設置大一些

expires 1h;

}

#禁止訪問

location ~ /\. {

deny all;

}

}

}

配置Nginx

Nginx配置文件的優化很重要,理解每一步的意義

 

#修改nginx.conf

vi /app/local/nginx/conf/nginx.conf

#用戶和用戶組

user www www;

#工作進程,一般可以按CPU核數設定

worker_processes auto;

worker_cpu_affinity auto;

#全局錯誤日志級別

# [ debug | info | notice | warn | error | crit ]

error_log logs/error.log error;

#PID文件位置

pid logs/nginx.pid;

#更改worker進程的最大打開文件數限制,避免"too many open files"

worker_rlimit_nofile 65535;

#events事件指令是設定Nginx的工作模式及連接數上限

events{

#epoll是Linux首選的高效工作模式

use epoll;

#告訴nginx收到一個新連接通知後接受盡可能多的連接

multi_accept on;

#用於定義Nginx每個進程的最大連接數

worker_connections 65536;

}

#HTTP模塊控制著nginx http處理的所有核心特性

http {

include mime.types;

#設置文件使用的默認的MIME-type

default_type application/octet-stream;

#對日志格式的設定,main為日志格式別名

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

#設置nginx是否將存儲訪問日志。關閉這個選項可以讓讀取磁盤IO操作更快

access_log off;

# access_log logs/access.log main buffer=16k;

#開啟gzip壓縮,實時壓縮輸出數據流

gzip on;

#設置IE6或者更低版本禁用gzip功能

gzip_disable "MSIE [1-6]\.";

#前端的緩存服務器緩存經過gzip壓縮的頁面

gzip_vary on;

#允許壓縮基於請求和響應的響應流

gzip_proxied any;

#設置數據的壓縮等級

gzip_comp_level 4;

#設置對數據啟用壓縮的最少字節數

gzip_min_length 1k;

#表示申請16個單位為64K的內存作為壓縮結果流緩存

gzip_buffers 16 64k;

#用於設置識別HTTP協議版本

gzip_http_version 1.1;

#用來指定壓縮的類型

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

#打開緩存的同時也指定了緩存最大數目,以及緩存的時間

open_file_cache max=200000 inactive=20s;

#在open_file_cache中指定檢測正確信息的間隔時間

open_file_cache_valid 30s;

#定義了open_file_cache中指令參數不活動時間期間裡最小的文件數

open_file_cache_min_uses 2;

#指定了當搜索一個文件時是否緩存錯誤信息,也包括再次給配置中添加文件

open_file_cache_errors on;

#設置允許客戶端請求的最大的單個文件字節數

client_max_body_size 30M;

#設置客戶端請求主體讀取超時時間

client_body_timeout 10;

#設置客戶端請求頭讀取超時時間

client_header_timeout 10;

#指定來自客戶端請求頭的headerbuffer大小

client_header_buffer_size 32k;

#設置客戶端連接保持活動的超時時間

keepalive_timeout 60;

#關閉不響應的客戶端連接

reset_timedout_connection on;

#設置響應客戶端的超時時間

send_timeout 10;

#開啟高效文件傳輸模式

sendfile on;

#告訴nginx在一個數據包裡發送所有頭文件,而不一個接一個的發送

tcp_nopush on;

#告訴nginx不要緩存數據,而是一段一段的發送

tcp_nodelay on;

#設置用於保存各種key(比如當前連接數)的共享內存的參數

limit_conn_zone $binary_remote_addr zone=addr:5m;

#給定的key設置最大連接數,允許每一個IP地址最多同時打開有100個連接

limit_conn addr 100;

#FastCGI相關參數是為了改善網站的性能:減少資源占用,提高訪問速度

fastcgi_buffers 256 16k;

fastcgi_buffer_size 128k;

fastcgi_connect_timeout 3s;

fastcgi_send_timeout 120s;

fastcgi_read_timeout 120s;

server_names_hash_bucket_size 128;

#不在error_log中記錄不存在的錯誤

log_not_found off;

#關閉在錯誤頁面中的nginx版本數字,提高安全性

#server_tag Apache;

server_tokens off;

#tengine

server_tag off;

server_info off;

#添加虛擬主機的配置文件

include vhosts/*.conf;

#負載均衡配置(暫時略過)

#upstream test.com

#設定虛擬主機配置

server {

#偵聽80端口

listen 80;

#定義使用localhost訪問

server_name localhost;

#定義首頁索引文件的名稱

index index.html index.htm index.php;

#定義服務器的默認網站根目錄位置

root /app/data/localhost/;

#定義錯誤提示頁面

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

#PHP 腳本請求全部轉發到 FastCGI處理. 使用FastCGI默認配置.

location ~ .*\.(php|php5)?$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

#靜態文件

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$

{

#過期30天,頻繁更新可設置小一點

expires 30d;

}

location ~ .*\.(js|css)?$

{

#過期1小時,不更新可設置大一些

expires 1h;

}

#禁止訪問

location ~ /\. {

deny all;

}

}

}

簡化配置文件

vi /app/local/nginx/conf/nginx.conf

 


vents

{

use epoll;

multi_accept on;

worker_connections 51200;

}

http

{

include mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log off;

#access_log logs/access.log main buffer=16k;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 50M;

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 60;

server_tokens off;

server_tag off;

server_info off;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 256k;

#gzip on;

#gzip_min_length 1k;

#gzip_buffers 4 16k;

#gzip_http_version 1.1;

#gzip_comp_level 5;

#gzip_types text/plain application/x-javascript text/css application/xml;

#gzip_vary on;

include vhosts/*.conf;

}

分離server寫入vhosts

mkdir -p /app/local/nginx/conf/vhosts/

vi /app/local/nginx/conf/vhosts/localhost.conf

server {

listen 80;

server_name localhost;

index index.php index.html index.htm;

access_log logs/localhost.log main;

root /app/data/localhost/;

location / {

index index.php index.html index.htm;

}

#error_page 404 /404.html;

#error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

location ~ .*\.(php|php5)?$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi.conf;

}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 1h;

}

location ~ /\. {

deny all;

}

}

 

#檢查語法

/app/local/nginx/sbin/nginx -t

# ./nginx -t

the configuration file /app/local/nginx/conf/nginx.conf syntax is ok

configuration file /app/local/nginx/conf/nginx.conf test is successful

#測試用例

mkdir -p /app/data/localhost

chmod +w /app/data/localhost

echo "{C}" > /app/data/localhost/phpinfo.php

chown -R www:www /app/data/localhost

#設置nginx系統變量

echo 'export PATH=$PATH:/app/local/nginx/sbin'>>/etc/profile && source /etc/profile

#測試訪問

curl -I http://localhost

HTTP/1.1 200 OK

Server: Tengine/2.1.0

Date: Mon, 27 Jul 2015 06:42:25 GMT

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

X-Powered-By: PHP/5.6.11

添加Tengine到服務

配置服務後便於統一管理

vi /etc/rc.d/init.d/nginx

#!/bin/sh

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ "$NETWORKING" = "no" ] && exit 0

nginx="/app/local/nginx/sbin/nginx"

prog=$(basename $nginx)

NGINX_CONF_FILE="/app/local/nginx/conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {

# make required directories

user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`

if [ -z "`grep $user /etc/passwd`" ]; then

useradd -M -s /bin/nologin $user

fi

options=`$nginx -V 2>&1 | grep 'configure arguments:'`

for opt in $options; do

if [ `echo $opt | grep '.*-temp-path'` ]; then

value=`echo $opt | cut -d "=" -f 2`

if [ ! -d "$value" ]; then

# echo "creating" $value

mkdir -p $value && chown -R $user $value

fi

fi

done

}

start() {

[ -x $nginx ] || exit 5

[ -f $NGINX_CONF_FILE ] || exit 6

make_dirs

echo -n $"Starting $prog: "

daemon $nginx -c $NGINX_CONF_FILE

retval=$?

echo

[ $retval -eq 0 ] && touch $lockfile

return $retval

}

stop() {

echo -n $"Stopping $prog: "

killproc $prog -QUIT

retval=$?

echo

[ $retval -eq 0 ] && rm -f $lockfile

return $retval

}

restart() {

configtest || return $?

stop

sleep 1

start

}

reload() {

configtest || return $?

echo -n $"Reloading $prog: "

killproc $nginx -HUP

RETVAL=$?

echo

}

force_reload() {

restart

}

configtest() {

$nginx -t -c $NGINX_CONF_FILE

}

rh_status() {

status $prog

}

rh_status_q() {

rh_status >/dev/null 2>&1

}

case "$1" in

start)

rh_status_q && exit 0

$1

;;

stop)

rh_status_q || exit 0

$1

;;

restart|configtest)

$1

;;

reload)

rh_status_q || exit 7

$1

;;

force-reload)

force_reload

;;

status)

rh_status

;;

condrestart|try-restart)

rh_status_q || exit 0

;;

*)

echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

exit 2

esac

#修改執行權限

chmod +x /etc/init.d/nginx

ulimit -SHn 65535

service nginx start

安裝MySQL

注意目錄和字符集等配置文件,推薦使用InnoDB作為存儲引擎

 

#解壓mysql

mkdir -p /app/local/mysql

tar zxvf mysql-5.6.25-linux-glibc2.5-x86_64.tar.gz

mv mysql-5.6.25-linux-glibc2.5-x86_64/* /app/local/mysql

#增加mysql用戶組

groupadd mysql

useradd -g mysql mysql

mkdir -p /app/data/mysql/data/

mkdir -p /app/data/mysql/binlog/

mkdir -p /app/data/mysql/relaylog/

chown -R mysql:mysql /app/data/mysql/

#安裝mysql

/app/local/mysql/scripts/mysql_install_db --basedir=/app/local/mysql --datadir=/app/data/mysql/data --user=mysql

#修改mysqld_safe配置路徑

sed -i "s#/usr/local/mysql#/app/local/mysql#g" /app/local/mysql/bin/mysqld_safe

#修改my.cnf配置文件

vi /app/local/mysql/my.cnf

#MySQL客戶端

[client]

character-set-server = utf8

port = 3306

socket = /tmp/mysql.sock

[mysql]

#prompt="(\u:HOSTNAME:)[\d]> "

#mysql提示符中顯示當前用戶、數據庫、時間等信息

prompt="\u@\h \R:\m:\s [\d]> "

#取消自動補全

no-auto-rehash

#MySQL服務端

[mysqld]

#唯一的服務標識號,主從同步會涉及

server-id = 1

port = 3306

user = mysql

basedir = /app/local/mysql

datadir = /app/data/mysql/data

socket = /tmp/mysql.sock

log-error = /app/data/mysql/mysql_error.log

pid-file = /app/data/mysql/mysql.pid

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

#默認存儲引擎

default-storage-engine = InnoDB

#設置最大並發連接數,如果前端程序是PHP,可適當加大,但不可過大。如果前端程序采用連接池,可適當調小,避免連接數過大

max_connections = 512

#最大連接錯誤次數,可適當加大,防止頻繁連接錯誤後,前端host被mysql拒絕掉

max_connect_errors = 100000

#所有線程所打開表的數量

table_open_cache = 512

#不允許外部文件級別的鎖. 打開文件鎖會對性能造成負面影響

external-locking = FALSE

#服務所能處理的請求包的最大大小以及服務所能處理的最大的請求大小

max_allowed_packet = 32M

#啟用慢查詢日志

slow_query_log = 1

slow_query_log_file = /app/data/mysql/slow.log

#MySQL打開的文件描述符限制

open_files_limit = 10240

#操作系統在監聽隊列中所能保持的連接數

back_log = 600

#每個連接都會分配的一些排序、連接等緩沖

sort_buffer_size = 16M

join_buffer_size = 16M

read_buffer_size = 16M

read_rnd_buffer_size = 16M

#在cache中保留多少線程用於重用

thread_cache_size = 300

#查詢緩沖

query_cache_size = 128M

#只有小於此設定值的結果才會被緩沖

query_cache_limit = 4M

#設置查詢緩存分配內存的最小單位

query_cache_min_res_unit = 2k

#線程使用的堆大小

thread_stack = 512K

#設置事務隔離級別為 READ-COMMITED,提高事務效率,通常都滿足事務一致性要求

transaction_isolation = READ-COMMITTED

#臨時表的最大大小

tmp_table_size = 256M

#獨立的內存表所允許的最大容量

max_heap_table_size = 256M

#設置慢查詢閥值

long_query_time = 3

#表示slave將復制事件寫進自己的二進制日志

log-slave-updates

#打開二進制日志功能

log-bin = /app/data/mysql/binlog/binlog

sync_binlog = 1

#在一個事務中binlog為了記錄SQL狀態所持有的cache大小

binlog_cache_size = 4M

#設置混合模式

binlog_format = MIXED

#表示的是binlog能夠使用的最大cache 內存大小

max_binlog_cache_size = 8M

#binlog最大值

max_binlog_size = 1G

#啟用中繼日志

relay-log-index = /app/data/mysql/relaylog/relaylog

relay-log-info-file = /app/data/mysql/relaylog/relaylog

relay-log = /app/data/mysql/relaylog/relaylog

#設置了只保留7天binlog

expire_logs_days = 7

#MyISAM 相關選項

#關鍵詞緩沖的大小, 一般用來緩沖MyISAM表的索引塊

key_buffer_size = 128M

#排序緩存

read_rnd_buffer_size = 64M

#限制每個進程中緩沖樹的字節數

bulk_insert_buffer_size = 256M

#MyISAM表發生變化時重新排序所需的緩沖

myisam_sort_buffer_size = 256M

#MySQL重建索引時所允許的最大臨時文件的大小

myisam_max_sort_file_size = 10G

#如果一個表擁有超過一個索引, MyISAM 可以通過並行排序使用超過一個線程去修復他們

myisam_repair_threads = 1

#自動檢查和修復沒有適當關閉的 MyISAM 表

myisam_recover

#InnoDB 相關選項

#InnoDB存儲數據字典、內部數據結構的緩沖池,16MB 已經足夠大了

innodb_additional_mem_pool_size = 16M

#InnoDB用於緩存數據、索引、鎖、插入緩沖、數據字典等

#如果是專用的DB服務器,且以InnoDB引擎為主的場景,通常可設置物理內存的50%

#如果是非專用DB服務器,可以先嘗試設置成內存的1/4,如果有問題再調整

innodb_buffer_pool_size = 4G

#InnoDB共享表空間初始化大小,默認是 10MB,也非常坑X,改成 1GB,並且自動擴展

innodb_data_file_path = ibdata1:1G:autoextend

#如果將此參數設置為1,將在每次提交事務後將日志寫入磁盤,能較好保護數據可靠性。為提供性能可以設置為0或2,但要承擔在發生故障時丟失數據的風險

innodb_flush_log_at_trx_commit = 1

#InnoDB的log buffer,通常設置為 64MB 就足夠了

innodb_log_buffer_size = 64M

#InnoDB redo log大小,通常設置256MB 就足夠了

innodb_log_file_size = 256M

#InnoDB redo log文件組,通常設置為 2 就足夠了

innodb_log_files_in_group = 2

#Buffer_Pool中Dirty_Page所占的數量,直接影響InnoDB的關閉時間

innodb_max_dirty_pages_pct = 90

#啟用InnoDB的獨立表空間模式,便於管理

innodb_file_per_table = 1

#控制innodb是否對gap加鎖

innodb_locks_unsafe_for_binlog = 0

#設置連接超時閥值,如果前端程序采用短連接,建議縮短這2個值

#如果前端程序采用長連接,可直接注釋掉這兩個選項,是用默認配置(8小時)

interactive_timeout = 120

wait_timeout = 120

#不再進行反解析(ip不反解成域名),這樣可以加快數據庫的反應時間

skip-name-resolve

#主從復制跳過錯誤

slave-skip-errors = 1032,1062,126,1114,1146,1048,1396

[mysqldump]

#不要在將內存中的整個結果寫入磁盤之前緩存. 在導出非常巨大的表時需要此項

quick

max_allowed_packet = 32M

#添加mysql到服務

vi /etc/rc.d/init.d/mysqld

#!/bin/sh

basedir=/app/local/mysql

datadir=/app/data/mysql/data

service_startup_timeout=900

lockdir='/var/lock/subsys'

lock_file_path="$lockdir/mysql"

mysqld_pid_file_path=/app/data/mysql/mysql.pid

if test -z "$basedir"

then

basedir=/usr/local/mysql

bindir=/usr/local/mysql/bin

if test -z "$datadir"

then

datadir=/usr/local/mysql/data

fi

sbindir=/usr/local/mysql/bin

libexecdir=/usr/local/mysql/bin

else

bindir="$basedir/bin"

if test -z "$datadir"

then

datadir="$basedir/data"

fi

sbindir="$basedir/sbin"

libexecdir="$basedir/libexec"

fi

datadir_set=

lsb_functions="/lib/lsb/init-functions"

if test -f $lsb_functions ; then

. $lsb_functions

else

log_success_msg()

{

echo " SUCCESS! $@"

}

log_failure_msg()

{

echo " ERROR! $@"

}

fi

PATH="/sbin:/usr/sbin:/bin:/usr/bin:$basedir/bin"

export PATH

mode=$1 # start or stop

[ $# -ge 1 ] && shift

other_args="$*" # uncommon, but needed when called from an RPM upgrade action

# Expected: "--skip-networking --skip-grant-tables"

# They are not checked here, intentionally, as it is the resposibility

# of the "spec" file author to give correct arguments only.

case `echo "testing\c"`,`echo -n testing` in

*c*,-n*) echo_n= echo_c= ;;

*c*,*) echo_n=-n echo_c= ;;

*) echo_n= echo_c='\c' ;;

esac

parse_server_arguments() {

for arg do

case "$arg" in

--basedir=*) basedir=`echo "$arg" | sed -e 's/^[^=]*=//'`

bindir="$basedir/bin"

if test -z "$datadir_set"; then

datadir="$basedir/data"

fi

sbindir="$basedir/sbin"

libexecdir="$basedir/libexec"

;;

--datadir=*) datadir=`echo "$arg" | sed -e 's/^[^=]*=//'`

datadir_set=1

;;

--pid-file=*) mysqld_pid_file_path=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;

--service-startup-timeout=*) service_startup_timeout=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;

esac

done

}

wait_for_pid () {

verb="$1" # created | removed

pid="$2" # process ID of the program operating on the pid-file

pid_file_path="$3" # path to the PID file.

i=0

avoid_race_condition="by checking again"

while test $i -ne $service_startup_timeout ; do

case "$verb" in

'created')

# wait for a PID-file to pop into existence.

test -s "$pid_file_path" && i='' && break

;;

'removed')

# wait for this PID-file to disappear

test ! -s "$pid_file_path" && i='' && break

;;

*)

echo "wait_for_pid () usage: wait_for_pid created|removed pid pid_file_path"

exit 1

;;

esac

# if server isn't running, then pid-file will never be updated

if test -n "$pid"; then

if kill -0 "$pid" 2>/dev/null; then

: # the server still runs

else

# The server may have exited between the last pid-file check and now.

if test -n "$avoid_race_condition"; then

avoid_race_condition=""

continue # Check again.

fi

# there's nothing that will affect the file.

log_failure_msg "The server quit without updating PID file ($pid_file_path)."

return 1 # not waiting any more.

fi

fi

echo $echo_n ".$echo_c"

i=`expr $i + 1`

sleep 1

done

if test -z "$i" ; then

log_success_msg

return 0

else

log_failure_msg

return 1

fi

}

# Get arguments from the my.cnf file,

# the only group, which is read from now on is [mysqld]

if test -x ./bin/my_print_defaults

then

print_defaults="./bin/my_print_defaults"

elif test -x $bindir/my_print_defaults

then

print_defaults="$bindir/my_print_defaults"

elif test -x $bindir/mysql_print_defaults

then

print_defaults="$bindir/mysql_print_defaults"

else

# Try to find basedir in /etc/my.cnf

conf=/etc/my.cnf

print_defaults=

if test -r $conf

then

subpat='^[^=]*basedir[^=]*=\(.*\)$'

dirs=`sed -e "/$subpat/!d" -e 's//\1/' $conf`

for d in $dirs

do

d=`echo $d | sed -e 's/[ ]//g'`

if test -x "$d/bin/my_print_defaults"

then

print_defaults="$d/bin/my_print_defaults"

break

fi

if test -x "$d/bin/mysql_print_defaults"

then

print_defaults="$d/bin/mysql_print_defaults"

break

fi

done

fi

# Hope it's in the PATH ... but I doubt it

test -z "$print_defaults" && print_defaults="my_print_defaults"

fi

#

# Read defaults file from 'basedir'. If there is no defaults file there

# check if it's in the old (depricated) place (datadir) and read it from there

#

extra_args=""

if test -r "$basedir/my.cnf"

then

extra_args="-e $basedir/my.cnf"

else

if test -r "$datadir/my.cnf"

then

extra_args="-e $datadir/my.cnf"

fi

fi

parse_server_arguments `$print_defaults $extra_args mysqld server mysql_server mysql.server`

#

# Set pid file if not given

#

if test -z "$mysqld_pid_file_path"

then

mysqld_pid_file_path=$datadir/`hostname`.pid

else

case "$mysqld_pid_file_path" in

/* ) ;;

* ) mysqld_pid_file_path="$datadir/$mysqld_pid_file_path" ;;

esac

fi

case "$mode" in

'start')

# Start daemon

# Safeguard (relative paths, core dumps..)

cd $basedir

echo $echo_n "Starting MySQL"

if test -x $bindir/mysqld_safe

then

# Give extra arguments to mysqld with the my.cnf file. This script

# may be overwritten at next upgrade.

$bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null 2>&1 &

wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$?

# Make lock for RedHat / SuSE

if test -w "$lockdir"

then

touch "$lock_file_path"

fi

exit $return_value

else

log_failure_msg "Couldn't find MySQL server ($bindir/mysqld_safe)"

fi

;;

'stop')

# Stop daemon. We use a signal here to avoid having to know the

# root password.

if test -s "$mysqld_pid_file_path"

then

mysqld_pid=`cat "$mysqld_pid_file_path"`

if (kill -0 $mysqld_pid 2>/dev/null)

then

echo $echo_n "Shutting down MySQL"

kill $mysqld_pid

# mysqld should remove the pid file when it exits, so wait for it.

wait_for_pid removed "$mysqld_pid" "$mysqld_pid_file_path"; return_value=$?

else

log_failure_msg "MySQL server process #$mysqld_pid is not running!"

rm "$mysqld_pid_file_path"

fi

# Delete lock for RedHat / SuSE

if test -f "$lock_file_path"

then

rm -f "$lock_file_path"

fi

exit $return_value

else

log_failure_msg "MySQL server PID file could not be found!"

fi

;;

'restart')

# Stop the service and regardless of whether it was

# running or not, start it again.

if $0 stop $other_args; then

$0 start $other_args

else

log_failure_msg "Failed to stop running server, so refusing to try to start."

exit 1

fi

;;

'reload'|'force-reload')

if test -s "$mysqld_pid_file_path" ; then

read mysqld_pid < "$mysqld_pid_file_path"

kill -HUP $mysqld_pid && log_success_msg "Reloading service MySQL"

touch "$mysqld_pid_file_path"

else

log_failure_msg "MySQL PID file could not be found!"

exit 1

fi

;;

'status')

# First, check to see if pid file exists

if test -s "$mysqld_pid_file_path" ; then

read mysqld_pid < "$mysqld_pid_file_path"

if kill -0 $mysqld_pid 2>/dev/null ; then

log_success_msg "MySQL running ($mysqld_pid)"

exit 0

else

log_failure_msg "MySQL is not running, but PID file exists"

exit 1

fi

else

# Try to find appropriate mysqld process

mysqld_pid=`pidof $libexecdir/mysqld`

# test if multiple pids exist

pid_count=`echo $mysqld_pid | wc -w`

if test $pid_count -gt 1 ; then

log_failure_msg "Multiple MySQL running but PID file could not be found ($mysqld_pid)"

exit 5

elif test -z $mysqld_pid ; then

if test -f "$lock_file_path" ; then

log_failure_msg "MySQL is not running, but lock file ($lock_file_path) exists"

exit 2

fi

log_failure_msg "MySQL is not running"

exit 3

else

log_failure_msg "MySQL is running but PID file could not be found"

exit 4

fi

fi

;;

*)

# usage

basename=`basename "$0"`

echo "Usage: $basename {start|stop|restart|reload|force-reload|status} [ MySQL server options ]"

exit 1

;;

esac

exit 0

#修改權限

chmod +x /etc/init.d/mysqld

service mysqld start

#增加MySQL系統環境變量

echo 'export PATH=$PATH:/app/local/mysql/bin'>>/etc/profile && source /etc/profile

#查看錯誤日志

tail -f /var/log/mysqld.log

#用root賬戶登錄並作簡單的安全設置

/app/local/mysql/bin/mysql -uroot -p

直接回車空密碼

 

#進入數據庫

use mysql;

#設置root密碼

UPDATE mysql.user SET Password=password('root') WHERE User='root';

#清除root密碼

update user set password='' where user='root';

#刪除無名用戶

DELETE FROM mysql.user WHERE User='';

#刪除root遠程訪問(可選)

#DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');

#刪除“test”數據庫

DROP database test;

#允許遠程訪問

update user set host='%' where user='root' AND host='localhost';

#查看所有用戶權限

SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;

#立即生效並退出MYSQL命令窗體

FLUSH PRIVILEGES;QUIT;

#創建數據庫

create database ooxx;

#創建用戶

create user ooxx@'%' identified by 'ooxx';

#對用戶授權

grant all privileges on ooxx.* to ooxx;

#刷新MySQL的系統權限相關表

flush privileges;

#查看所有用戶權限

SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;

安裝Apache

 

cd /app/local

tar zxvf httpd-2.2.29.tar.gz

cd httpd-2.2.29

./configure --prefix=/app/local/apache \

--enable-so \

--enable-rewrite \

--enable-modes-shared=most

make && make install

vi /app/local/apache/conf/httpd.conf

#修改主機名

ServerName localhost:80

#查找AddType application/x-gzip .gz .tgz,在該行下面添加

AddType application/x-httpd-php .php

#查找DirectoryIndex index.html 把該行修改成

DirectoryIndex index.html index.htm index.php

/app/local/apache/bin/apachectl -t

cp /app/local/apache/bin/apachectl /etc/init.d/httpd

安裝PHP

PHP基礎環境

 

#yum安裝或者使用下面源包編譯安裝

yum install libmcrypt libmcrypt-devel mcrypt mhash

#下載地址

http://sourceforge.net/projects/mcrypt/files/Libmcrypt/

http://sourceforge.net/projects/mcrypt/files/MCrypt/

http://sourceforge.net/projects/mhash/files/mhash/

#安裝Libmcrypt

tar -zxvf libmcrypt-2.5.8.tar.gz

cd libmcrypt-2.5.8

./configure

make && make install

cd ../

3.安裝mhash

tar -zxvf mhash-0.9.9.9.tar.gz

cd mhash-0.9.9.9

./configure

make && make install

cd ../

4.安裝mcrypt

tar -zxvf mcrypt-2.6.8.tar.gz

cd mcrypt-2.6.8

LD_LIBRARY_PATH=/usr/local/lib ./configure

make && make install

cd ../

### 安裝PHP

>extension按需定制,支持phpize動態增加,新增的OPcache建議酌情開啟

``` bash

tar zxvf php-5.5.27.tar.gz

cd php-5.5.27

./configure --prefix=/app/local/php \

--with-config-file-path=/app/local/php/etc \

--enable-fpm \

--enable-mbstring \

--with-mhash \

--with-mcrypt \

--with-curl \

--with-openssl \

--with-mysql=mysqlnd \

--with-mysqli=mysqlnd \

--with-pdo-mysql=mysqlnd \

--with-apxs2=/app/local/apache/bin/apxs

#--enable-opcache

make && make install

#配置php.ini

cp php.ini-development /app/local/php/etc/php.ini

#設置時區

sed -i "s#;date.timezone =#date.timezone = Asia/Shanghai#g" /app/local/php/etc/php.ini

#防止nginx文件類型錯誤解析漏洞

sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=0#g" /app/local/php/etc/php.ini

#禁止顯示php版本的信息

sed -i "s#expose_php = On#expose_php = Off#g" /app/local/php/etc/php.ini

#禁用危險函數(可選)

#sed -i "s#disable_functions =#disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source#g" /app/local/php/etc/php.ini

#enable-opcache後設置(可選)

[OPcache]

zend_extension = opcache.so

opcache.enable=1

opcache.memory_consumption=128

opcache.interned_strings_buffer=8

opcache.max_accelerated_files=4000

opcache.revalidate_freq=1

opcache.fast_shutdown=1

opcache.enable_cli=1

配置php-fpm

 

#編輯php-fpm

cp /app/local/php/etc/php-fpm.conf.default /app/local/php/etc/php-fpm.conf

vi /app/local/php/etc/php-fpm.conf

[global]

;錯誤日志

error_log = log/php-fpm.log

;錯誤日志級別

log_level = notice

[www]

;php-fpm監聽端口

listen = 127.0.0.1:9000

;啟動進程的帳戶和組

user = www

group = www

;如果選擇static,則由pm.max_children指定固定的子進程數。如果選擇dynamic,則由後面3個參數動態決定

pm = dynamic

;子進程最大數

pm.max_children = 384

;啟動時的進程數

pm.start_servers = 20

;保證空閒進程數最小值,如果空閒進程小於此值,則創建新的子進程

pm.min_spare_servers = 5

;保證空閒進程數最大值,如果空閒進程大於此值,此進行清理

pm.max_spare_servers = 35

;設置每個子進程重生之前服務的請求數。對於可能存在內存洩漏的第三方模塊來說是非常有用的。如果設置為 '0' 則一直接受請求。等同於 PHP_FCGI_MAX_REQUESTS 環境變量。默認值: 0。

pm.max_requests = 1000

;每個子進程閒置多長時間就自殺

pm.process_idle_timeout = 10s

;設置單個請求的超時中止時間。該選項可能會對php.ini設置中的'max_execution_time'因為某些特殊原因沒有中止運行的腳本有用。設置為 '0' 表示 'Off'.當經常出現502錯誤時可以嘗試更改此選項。

request_terminate_timeout = 120

;當一個請求該設置的超時時間後,就會將對應的PHP調用堆棧信息完整寫入到慢日志中。設置為 '0' 表示 'Off'

request_slowlog_timeout = 3s

;慢請求的記錄日志,配合request_slowlog_timeout使用

slowlog = /app/local/php/var/log/php-fpm.slow.log

;設置文件打開描述符的rlimit限制。默認值: 系統定義值默認可打開句柄是1024,可使用 ulimit -n查看,ulimit -n 2048修改。

rlimit_files = 65535

 

#設置php環境變量

echo 'export PATH=$PATH:/app/local/php/bin'>>/etc/profile && source /etc/profile

touch /app/local/php/var/log/php-fpm.slow.log

#添加php-fpm服務

cp /app/local/php-5.5.27/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm

chmod +x /etc/rc.d/init.d/php-fpm

service php-fpm start

#設置開機自動啟動服務

vi /etc/rc.local

ulimit -SHn 65535

service php-fpm start

service nginx start

service mysqld start

配置memcache/mongo/redis

其它extension擴展都可以動態添加,沒事的

#memcache

cd /app/local

tar zxvf memcache-3.0.8.tgz

cd memcache-3.0.8

/app/local/php/bin/phpize

./configure --enable-memcache \

--with-php-config=/app/local/php/bin/php-config \

--with-zlib-dir

make && make install

#mongo

cd /app/local

tar zxvf mongo-1.6.10.tgz

cd mongo-1.6.10

/app/local/php/bin/phpize

./configure --with-php-config=/app/local/php/bin/php-config

make && make install

#redis

cd /app/local

tar zxvf redis-2.2.7.tgz

cd redis-2.2.7

/app/local/php/bin/phpize

./configure --with-php-config=/app/local/php/bin/php-config

make && make install

#php.ini

vi /app/local/php/etc/php.ini

[memcached]

extension=memcached.so

[mongodb]

extension=mongo.so

[redis]

extension=redis.so

#重啟生效

service php-fpm restart

php -i | grep php.ini

php -m

自動化部署

服務器的上傳目錄可以自定義,安裝目錄默認統一修改為/app/{local,data},執行腳本為web.sh

 

#web.sh

#!/bin/bash

## alias

ltmp_local=$(cd "$(dirname "$0")"; pwd)

mkdir -p /app/{local,data}

unalias cp

ltmp_init=$ltmp_local/init/

ltmp_src=$ltmp_local/src/

## system

#history

cp ${ltmp_init}bashrc /etc/

#time

rm -rf /etc/localtime

ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

#maildrop

sed 's/MAILTO=root/MAILTO=""/g' /etc/crontab

service crond restart

#selinux

setenforce 0

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#limits

echo ulimit -SHn 65535 >> /etc/profile

source /etc/profile

cp ${ltmp_init}limits.conf /etc/security/

#tcp

cp ${ltmp_init}sysctl.conf /etc/

#yum

yum -y install yum-fastestmirror

yum remove httpd mysql mysql-server php php-cli php-common php-devel php-gd -y

yum install -y wget gcc gcc-c++ openssl* curl curl-devel libxml2 libxml2-devel glibc glibc-devel glib2 glib2-devel gd gd2 gd-devel gd2-devel libaio autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel

#download

cd /app/local

##PCRE - Perl Compatible Regular Expressions

#wget "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz"

##Tengine

#wget "http://tengine.taobao.org/download/tengine-2.1.0.tar.gz"

##MySQL

#wget "https://downloads.mariadb.com/archives/mysql-5.6/mysql-5.6.25-linux-glibc2.5-x86_64.tar.gz"

##PHP

#wget "http://cn2.php.net/distributions/php-5.6.11.tar.gz"

##Mhash

#wget "http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz"

##libmcrypt

#wget "http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz"

##Mcrypt

#wget "http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz"

## soft

cd $ltmp_local

#pcre

tar zxvf pcre-8.37.tar.gz 1> /dev/null

cd pcre-8.37

./configure

make && make install

cd ../

#tengine

groupadd www

useradd -g www www

#安裝Tengine

cd $ltmp_local

tar zxvf tengine-2.1.0.tar.gz 1> /dev/null

cd tengine-2.1.0

./configure --user=www --group=www \

--prefix=/app/local/nginx \

--with-http_stub_status_module \

--with-http_ssl_module \

--with-pcre=${ltmp_local}/pcre-8.37

make && make install

cd ../

#nginx config

cd $ltmp_local

cp ${ltmp_init}nginx.conf /app/local/nginx/conf/

cp -r ${ltmp_init}vhosts /app/local/nginx/conf/

mkdir -p /app/data/localhost

chmod +w /app/data/localhost

echo "{C}" > /app/data/localhost/phpinfo.php

chown -R www:www /app/data/localhost

echo 'export PATH=$PATH:/app/local/nginx/sbin'>>/etc/profile && source /etc/profile

cp ${ltmp_init}nginx /etc/rc.d/init.d/

chmod +x /etc/init.d/nginx

ulimit -SHn 65535

service nginx start

#libmcrypt

cd $ltmp_src

tar -zxvf libmcrypt-2.5.8.tar.gz 1> /dev/null

cd libmcrypt-2.5.8

./configure

make && make install

cd ../

#mhash

cd $ltmp_src

tar -zxvf mhash-0.9.9.9.tar.gz 1> /dev/null

cd mhash-0.9.9.9

./configure

make && make install

cd ../

#mcrypt

cd $ltmp_src

tar -zxvf mcrypt-2.6.8.tar.gz 1> /dev/null

cd mcrypt-2.6.8

LD_LIBRARY_PATH=/usr/local/lib ./configure

make && make install

cd ../

#php

cd $ltmp_local

tar zxvf php-5.5.27.tar.gz 1> /dev/null

cd php-5.5.27

./configure --prefix=/app/local/php \

--with-config-file-path=/app/local/php/etc \

--enable-fpm \

--enable-mbstring \

--with-mhash \

--with-mcrypt \

--with-curl \

--with-openssl \

--with-mysql=mysqlnd \

--with-mysqli=mysqlnd \

--with-pdo-mysql=mysqlnd

make && make install

#memcache

cd $ltmp_src

tar zxvf memcache-3.0.8.tgz 1> /dev/null

cd memcache-3.0.8

/app/local/php/bin/phpize

./configure --enable-memcache \

--with-php-config=/app/local/php/bin/php-config \

--with-zlib-dir

make && make install

#mongo

cd $ltmp_src

tar zxvf mongo-1.6.10.tgz 1> /dev/null

cd mongo-1.6.10

/app/local/php/bin/phpize

./configure --with-php-config=/app/local/php/bin/php-config

make && make install

#redis

cd $ltmp_src

#redis

tar zxvf redis-2.2.7.tgz 1> /dev/null

cd redis-2.2.7

/app/local/php/bin/phpize

./configure --with-php-config=/app/local/php/bin/php-config

make && make install

#php-fpm

cp ${ltmp_init}php.ini /app/local/php/etc/

cp ${ltmp_init}php-fpm.conf /app/local/php/etc/

echo 'export PATH=$PATH:/app/local/php/bin'>>/etc/profile && source /etc/profile

touch /app/local/php/var/log/php-fpm.slow.log

cp ${ltmp_local}/php-5.5.27/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm

chmod +x /etc/rc.d/init.d/php-fpm

service php-fpm start

GitHub源碼倉庫

 

file://E:\QQDownload\LTMP (2 folders, 5 files, 27.66 MB, 30.76 MB in total.)

│ httpd-2.2.29.tar.gz 7.19 MB

│ pcre-8.37.tar.gz 1.95 MB

│ php-5.5.27.tar.gz 16.95 MB

│ tengine-2.1.0.tar.gz 1.58 MB

│ web.sh 4.10 KB

├─init (1 folders, 12 files, 91.42 KB, 92.23 KB in total.)

│ │ allow.conf 35 bytes

│ │ bashrc 2.99 KB

│ │ deny.conf 35 bytes

│ │ limits.conf 1.86 KB

│ │ my.cnf 1.99 KB

│ │ mysqld 8.39 KB

│ │ nginx 2.22 KB

│ │ nginx.conf 1.34 KB

│ │ php-fpm 2.30 KB

│ │ php-fpm.conf 416 bytes

│ │ php.ini 67.83 KB

│ │ sysctl.conf 2.03 KB

│ └─vhosts (0 folders, 1 files, 826 bytes, 826 bytes in total.)

│ localhost.conf 826 bytes

└─src (0 folders, 6 files, 3.01 MB, 3.01 MB in total.)

libmcrypt-2.5.8.tar.gz 1.27 MB

mcrypt-2.6.8.tar.gz 460.85 KB

memcache-3.0.8.tgz 68.87 KB

mhash-0.9.9.9.tar.gz 909.61 KB

mongo-1.6.10.tgz 204.19 KB

redis-2.2.7.tgz 131.19 KB

LTMP - https://github.com/wsgzao/LTMP

Copyright © Linux教程網 All Rights Reserved