LNMP环境部署

纯粹笔记整理，非原创

一、内核参数修改

# Disable IPv6

echo "install ipv6/bin/true" >> /etc/modprobe.d/disable-ipv6.conf

echo "IPV6INIT=no">> /etc/sysconfig/network

chkconfig iptables off

chkconfig ip6tables off

 

# Disable SELinux

sed -i'/SELINUX/s/enforcing/disabled/' /etc/selinux/config

 

# Remove ifcfg-ethX DNS

sed -i '/DNS/d'/etc/sysconfig/network-scripts/ifcfg-eth*

 

# Vim

mv /bin/vi /bin/vi.default

ln -s /usr/bin/vim /bin/vi

 

# Limits

echo "* - nofile 524288">> /etc/security/limits.conf

sed -i 's/1024/102400/'/etc/security/limits.d/90-nproc.conf

 

# Libraries

echo"/usr/local/lib" >> /etc/ld.so.conf

echo"/usr/local/lib64" >> /etc/ld.so.conf

 

# SSH

sed -i 's/#Port 22/Port 3322/'/etc/ssh/sshd_config

sed -i 's/#ListenAddress0.0.0.0/ListenAddress 0.0.0.0/' /etc/ssh/sshd_config

sed -i 's/#PermitRootLoginyes/PermitRootLogin no/' /etc/ssh/sshd_config

 

# Sysctl

cat >>/etc/sysctl.conf<

 

# Swappiness

vm.swappiness = 10

 

# Local Port Range

net.ipv4.ip_local_port_range= 16384 61000

net.ipv4.ip_local_reserved_ports= 18071-18089,22121,22122,32121,32122,45671-45679

 

# Keepalive

net.ipv4.tcp_keepalive_time =3600

net.ipv4.tcp_keepalive_intvl= 60

net.ipv4.tcp_keepalive_probes= 3

 

# Disable Timestamps

net.ipv4.tcp_timestamps = 0

 

# Performance

net.core.somaxconn = 32768

net.core.netdev_max_backlog =32768

net.ipv4.tcp_max_syn_backlog= 65535

EOF

 

# Profile

cat >>/etc/profile<

 

# HisttimeFormat

HISTFILESIZE=2048

HISTSIZE=2048

HISTTIMEFORMAT="%Y-%m-%d%H:%M:%S "

export HISTTIMEFORMAT

 

# Editor

export EDITOR=vim

EOF

 

# Grep

echo "alias grep='grep--color=auto'">> /etc/bashrc

 

# Root crontab

cat>>/var/spool/cron/root <

# NTP

15 6 * * * /usr/sbin/ntpdate0.centos.pool.ntp.org > /dev/null 2>&1

30 6 * * * /usr/sbin/ntpdate1.centos.pool.ntp.org > /dev/null 2>&1

45 6 * * * /usr/sbin/ntpdate2.centos.pool.ntp.org > /dev/null 2>&1

 

# Synchronize time

50 6 * * * /sbin/hwclock -w> /dev/null 2>&1

 

# Monitor gmond

0 * * * * ( /etc/init.d/gmondstatus | grep running || /etc/init.d/gmond restart ) > /dev/null 2>&1

 

# Monitor ipfm

* * * * * ( ps aux | grep -vgrep | grep ipfm || /usr/local/ipfm/sbin/ipfm -c /usr/local/ipfm/etc/ipfm.conf) > /dev/null 2>&1

EOF

 

# Optimize DNS query

echo "options timeout:1attempts:1 rotate" >> /etc/resolv.conf

 

# Optimize fstab

sed -i '/home/ s/1 2/0 0/'/etc/fstab

 

# Set label for each patition

for dev in `df | grep/dev/sda | awk '{print $1}'`

do

        label=`df | grep $dev| awk '{print$NF}'`

        e2label $dev $label

done

 

# Add killps command

cat >>/usr/local/bin/killps << EOF

#!/bin/sh

USER=\$1

ps -ef |grep \$1 |grep -vgrep |grep -v \$0 >/tmp/\$USER.pslist

cut -c9-15 /tmp/\$USER.pslist>/tmp/\$USER.klist

cat /tmp/\$USER.pslist

for i in \`cat/tmp/\$USER.klist\`

do

kill -9 \$i

echo \$i Killed

done

rm /tmp/\$USER.pslist

rm /tmp/\$USER.klist

EOF

chmod +x/usr/local/bin/killps

 

二、安装前准备

#用rpm卸载以下3个包，-e表示卸载，--nodeps表示忽略检查依赖性

rpm -e --nodeps mysql

rpm -e --nodeps php

 

#安装必须的环境

yum -y install wget autoconf automake bison bzip2 bzip2-devel curl curl-devel cmake cpp crontabs diffutils elinks e2fsprogs-devel expat-devel file flex freetype-devel gcc gcc-c++ gd glibc-devel glib2-devel gettext-devel gmp-devel icu kernel-devel libaio libtool-libs libjpeg-devel libpng-devel libxslt libxslt-devel libxml2 libxml2-devel libidn-devel libcap-devel libtool-ltdl-devel libc-client-devel libicu libicu-devel lynx make mlocate ncurses-devel openldap openldap-devel openssl openssl-devel patch pam-devel pcre pcre-devel perl-DBD-MySQL readline readline-devel sendmail unzip vim vim-minimal zip zlib zlib-devel gd-devel libmcrypt-devel libcurl-devel

三、编译安装Nginx

wget https://nginx.org/download/nginx-1.10.2.tar.gz

tar zxf nginx-1.10.2.tar.gz

cd nginx-1.10.2.tar.gz

--user=nginx \

--group=nginx \

--prefix=/home/nginx/nginx \

--with-http_ssl_module \

--with-http_realip_module \

--with-http_sub_module \

--with-http_gzip_static_module\

--with-http_stub_status_module

make && make install

 

四、编译安装Mysql Community Server

tar zxf mysql-5.6.25.tar.gz

cd mysql-5.6.25

cmake \

-DCMAKE_INSTALL_PREFIX=/home/mysql/mysql\

-DMYSQL_UNIX_ADDR=/home/mysql/mysql/scripts/mysql.sock\

-DDEFAULT_CHARSET=utf8 \

-DDEFAULT_COLLATION=utf8_general_ci\

-DWITH_EXTRA_CHARSETS=all \

-DWITH_INNOBASE_STORAGE_ENGINE=1\

-DENABLED_LOCAL_INFILE=1 \

-DWITH_PARTITION_STORAGE_ENGINE=1\

-DWITH_FEDERATED_STORAGE_ENGINE=1\

-DWITH_BLACKHOLE_STORAGE_ENGINE=1\

-DWITH_MYISAM_STORAGE_ENGINE=1\

-DWITH_EMBEDDED_SERVER=1

make && make install

mkdir -p /home/mysql/data/{logs,mysqldata}

mkdir -p  /home/mysql/mysql/conf/

/home/mysql/mysql/scripts/mysql_install_db --basedir=/home/mysql/mysql--datadir=/home/ftas/data/mysqldata/ --user=mysql

 

创建my.cnf配置文件：

cat>/home/mysql/mysql/conf/my.cnf << EOF

[client]

character-set-server = utf8

port    =3306

socket  = /home/mysql/mysql/scripts/mysql.sock

 

[mysqld]

character-set-server = utf8

replicate-ignore-db = mysql

replicate-ignore-db = test

replicate-ignore-db =information_schema

user    = mysql

port    = 3306

socket  = /home/mysql/mysql/scripts/mysql.sock

basedir = /home/mysql/mysql

datadir = /home/mysql/data/mysqldata/

log-error = /home/mysql/data/logs/mysql_error.log

pid-file = /home/mysql/mysql/scripts/mysql.pid

open_files_limit    = 10240

back_log = 600

max_connections = 5000

max_connect_errors = 6000

external-locking = FALSE

max_allowed_packet = 32M

sort_buffer_size = 1M

join_buffer_size = 1M

thread_cache_size = 300

query_cache_size = 512M

query_cache_limit = 2M

query_cache_min_res_unit = 2k

default-storage-engine =MyISAM

thread_stack = 192K

transaction_isolation =READ-COMMITTED

tmp_table_size = 246M

max_heap_table_size = 246M

long_query_time = 3

log-slave-updates

log-bin = /home/mysql/data/logs/binlog

binlog_cache_size = 4M

binlog_format = MIXED

max_binlog_cache_size = 8M

max_binlog_size = 1G

relay-log-index = /home/mysql/data/logs/relaylog

relay-log-info-file = /home/mysql/data/logs/relaylog

relay-log = /home/mysql/data/logs/relaylog

expire_logs_days = 30

key_buffer_size = 256M

read_buffer_size = 1M

read_rnd_buffer_size = 16M

bulk_insert_buffer_size = 64M

myisam_sort_buffer_size =128M

myisam_max_sort_file_size =10G

myisam_repair_threads = 1

myisam_recover

 

explicit_defaults_for_timestamp=true

interactive_timeout = 120

wait_timeout = 120

 

skip-name-resolve

 

 

[mysqldump]

quick

max_allowed_packet = 32M

EOF

 

创建管理MySQL数据库的shell脚本：

cat>/home/mysql/mysql/scripts/mysql << EOF

#!/bin/sh

 

mysql_port=3306

mysql_username="admysql"

mysql_password="12345678"

 

function_start_mysql(){

    printf "Starting MySQL...\n"

    /bin/sh /home/mysql/mysql/bin/mysqld_safe --defaults-file=/home/mysql/mysql/conf/my.cnf2>&1 > /dev/null &

}

 

function_stop_mysql(){

    printf "Stoping MySQL...\n"

    /home/mysql/mysql/bin/mysqladmin -u${mysql_username} -p${mysql_password} -S /home/mysql/mysql/mysql.sock shutdown

}

 

function_restart_mysql(){

    printf "Restarting MySQL...\n"

    function_stop_mysql

    sleep 5

    function_start_mysql

}

 

function_kill_mysql(){

    kill -9 $(ps x |grep 'bin/mysqld_safe'|grep-v grep|awk '{print $1}')

    kill -9 $(ps x|grep 'bin/mysqld'|grep3306|grep -v grep|awk '{print $1}')

}

 

if [ "$1" ="start" ]; then

    function_start_mysql

elif [ "$1" ="stop" ]; then

    function_stop_mysql

elif [ "$1" ="restart" ]; then

function_restart_mysql

elif [ "$1" ="kill" ]; then

function_kill_mysql

else

    printf "Usage: /home/mysql/mysql/scripts/mysql{start|stop|restart|kill}\n"

fi

EOF

/home/msql/mysql/scripts/mysqlstart

/home/mysql/mysql/bin/mysql-u root -p -S /home/mysql/mysql/scripts/mysql.sock

GRANTALL PRIVILEGES ON *.* TO admysql@'%' IDENTIFIED BY '12345678';

flushprivileges;

五、编译安装PHP

1、安装libiconv（iconv模块）

wget http://ftp.gnu.org/gnu/libiconv/libiconv-1.14.tar.gz

tar -zxf libiconv-1.14.tar.gz

cd libiconv-1.14

./configure--prefix=/usr/local/libiconv

make && make install

2、安装libmcrypt、mhash、mcrypt(mcrypt模块)

mcrypt模块使PHP可以使用除了自带的几种加密函数外功能更全面的mhash和mcrypt。该模块在默认情况下不开启，所以Linux的PHP自身也不打包该库，需要自行到官方网站下载代码进行编译安装。

libmcrypt

wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz

tar zxflibmcrypt-2.5.8.tar.gz

cd libmcrypt-2.5.8

./configure

make && make install

ldconfig

cd libltdl/

./configure--enable-ltdl-install

make && make install

mhash\mcrypt

wget http://downloads.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz

wget http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz

tar -zxf mhash-0.9.9.9.tar.gz

tar -zxf mcrypt-2.6.8.tar.gz

cd mhash-0.9.9.9 &&./configure

make && make install

ldconfig

cd ../mcrypt-2.6.8 &&./configure

make && make install  

3、安装PHP5.5

Mysql我们将使用PHP的Mysqlnd驱动，所以关于Mysql的编译选项都设置为mysqlnd。

 

注：若您的内存低于1G，请加上–disable-fileinfo，不然编译报错，或者增加Swap分区，教程见《Linux手动创建Swap交换分区》。若在make时出现not find liconv的报错，请去除make后面的 ZEND_EXTRA_LIBS=’-liconv’。

wget http://cn2.php.net/distributions/php-5.6.29.tar.gz

cp -frp /usr/lib64/libldap*/usr/lib  #这里对64位系统拷贝文件，为了支持ldap

ln -s/usr/lib64/libc-client.so /usr/lib/libc-client.so #为了支持imap链接lib64的文件到lib

tar -zxf php-5.6.29.tar.gz

cd php-5.6.29

./configure \

--prefix=/home/php/php \

--with-config-file-path=/home/php/php/etc\

--with-mysql=mysqlnd \

--with-mysqli=mysqlnd \

--with-pdo-mysql=mysqlnd \

--with-iconv-dir=/usr/local/libiconv\

--with-libxml-dir=/usr \

--with-icu-dir=/usr \

--with-mhash \

--with-bz2 \

--with-curl \

--with-freetype-dir \

--with-jpeg-dir \

--with-png-dir \

--with-gd \

--with-gettext \

--with-gmp \

--with-ldap \

--with-ldap-sasl \

--with-mcrypt \

--with-openssl \

--with-xmlrpc \

--with-xsl \

--with-zlib \

--with-imap \

--with-imap-ssl \

--with-kerberos \

--without-pear \

--enable-opcache \

--enable-bcmath \

--enable-calendar \

--enable-sysvsem \

--enable-exif \

--enable-ftp \

--enable-fpm \

--enable-gd-native-ttf \

--enable-intl \

--enable-mbstring \

--enable-pcntl \

--enable-shmop \

--enable-soap \

--enable-sockets \

--enable-wddx \

--enable-zip

makeZEND_EXTRA_LIBS='-liconv'

make install

#若内存低于1G，请把 --enable-zip改为 --enable-zip --disable-fileinfo ，也就是加上 --disable-fileinfo 这项配置

#若编译出现有关于liconv的报错，请去掉make 后面的ZEND_EXTRA_LIBS='-liconv'

mkdir -p /home/ftas/data/phplog

cp php.ini-production /home/ftas/php/etc/php.ini

ln -s /usr/local/php/bin/php/usr/bin/php

chown -R ftas:ftas /home/ftas/php

sed -i 's@^short_open_tag = Off@short_open_tag= On@' /home/ftas/php/etc/php.ini

sed -i's@^disable_functions.*@disable_functions =passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,pfsockopen@'/home/ftas/php/etc/php.ini

sed -i 's@^expose_php =On@expose_php = Off@' /home/ftas/php/etc/php.ini

sed -i's@^allow_url_fopen.*@allow_url_fopen = Off@' /home/ftas/php/etc/php.ini

sed -i's@^max_execution_time.*@max_execution_time = 300@' /home/ftas/php/etc/php.ini

sed -i's@^;upload_tmp_dir.*@upload_tmp_dir = /tmp@' /home/ftas/php/etc/php.ini

sed -i's@^post_max_size.*@post_max_size = 50M@' /home/ftas/php/etc/php.ini

sed -i "s@extension_dir= \"ext\"@extension_dir = \"ext\"\nextension_dir =\"/usr/local/php/lib/php/extensions/`ls/home/ftas/php/lib/php/extensions/`\"@" /home/ftas/php/etc/php.ini

sed -i's@^upload_max_filesize.*@upload_max_filesize = 2M@' /home/ftas/php/etc/php.ini

sed -i's@^;date.timezone.*@date.timezone = Asia/Shanghai@' /home/ftas/php/etc/php.ini

sed -i's@^session.cookie_httponly.*@session.cookie_httponly = 1@'/home/ftas/php/etc/php.ini

sed -i's@^request_order.*@request_order = "CGP"@'/home/ftas/php/etc/php.ini

#以上配置了php.ini部分

 

sed -i 's@^\[opcache\]@[opcache]\nzend_extension=opcache.so@'/home/ftas/php/etc/php.ini

sed -i's@^;opcache.enable=.*@opcache.enable=1@' /home/ftas/php/etc/php.ini

sed -i's@^;opcache.enable_cli.*@opcache.enable_cli=1@' /home/ftas/php/etc/php.ini

sed -i 's@^;opcache.memory_consumption.*@opcache.memory_consumption=128@'/home/ftas/php/etc/php.ini

sed -i's@^;opcache.interned_strings_buffer.*@opcache.interned_strings_buffer=8@'/home/ftas/php/etc/php.ini

sed -i's@^;opcache.max_accelerated_files.*@opcache.max_accelerated_files=4000@'/home/ftas/php/etc/php.ini

sed -i's@^;opcache.max_wasted_percentage.*@opcache.max_wasted_percentage=5@'/home/ftas/php/etc/php.ini

sed -i's@^;opcache.validate_timestamps.*@opcache.validate_timestamps=1@'/home/ftas/php/etc/php.ini

sed -i's@^;opcache.revalidate_freq.*@opcache.revalidate_freq=60@'/home/ftas/php/etc/php.ini

sed -i's@^;opcache.fast_shutdown.*@opcache.fast_shutdown=1@'/home/ftas/php/etc/php.ini

#以上配置了php.ini的OPCache部分

 

cd /home/ftas/php/etc

cp php-fpm.conf.default php-fpm.conf

修改如下配置：

[global]

pid = sbin/php-fpm.pid

error_log = //home/ftas/data/phplog/php-fpm.log

log_level = notice

emergency_restart_threshold =10

emergency_restart_interval =1m

process_control_timeout = 5s

daemonize = yes

 

[www]

user = ftas

group = ftas

listen = 127.0.0.1:9000

listen.mode = 0666

pm = dynamic

pm.max_children = 64

pm.start_servers = 15

pm.min_spare_servers = 5

pm.max_spare_servers = 25

pm.max_requests = 1024

slowlog = logs/slow.log

rlimit_files = 65535

rlimit_core = 0

catch_workers_output = yes

php_admin_value[sendmail_path]= /usr/sbin/sendmail -t -i

 

 

cat >/home/cztuser/crontab/moni_mysql.sh <

#!/bin/bash

 

source ~/.bash_profile

 

process=`ps x|grep'bin/mysqld_safe'|grep -v grep|wc -l`

monilog="/home/mysql/crontab/log/moni_mysql.log"

 

if [ $process -eq 0 ];then

        /home/mysql/mysql/scripts/mysqlkill  >/dev/null 2>&1

        sleep 0.5

        /home/mysql/mysql/scripts/mysqlstart  >/dev/null 2>&1

        if [ $? -eq 0 ];then

                echo `date "+%Y-%m-%d%H:%M:%S"` [SUCC]  Starting Mysql...>>$monilog

        else

                echo `date "+%Y-%m-%d%H:%M:%S"` [FAILE] Starting Mysql... >>$monilog

        exit 1

        fi

fi

EOF