LAMP这是我第一次完全安装,系统是基于CentOs 5.3,以下是我安装的笔记,为了方便以后更好的学习与提高,现将自己的笔记以书面的形式记录下来.
保证安装系统时的定制选择正确.
一、apache
1.先安装gcc
cpp-3.4.6-3.i386.rpm
glibc-headers-2.3.4-2.25.i386.rpm
glibc-devel-2.3.4-2.25.i386.rpm
gcc4-4.1.0-18.EL4.i386.rpm
libstdc++-devel-3.4.6-3.i386.rpm
gcc-3.4.6-3.i386.rpm ,
gcc-c++-3.4.6-3.i386.rpm
2.解压释放apache压缩归档
tar zxvf httpd-2.2.8.tar.gz
cd httpd-2.2.8
./configure --prefix=/usr/local/apache2 --with-included-apr --with-mpm=worker --enable-so --enable-cache --enable-disk-cache --enable-mem-cache --enable-file-cache --enable-rewrite --enable-mods-shared="most"
-----------------------------------------------------------------------------------
如果提示出错:Cannot use an external APR with the bundled APR-util (x86_64)
那要先进行安装APR
#cd srclib/apr
#./configure --prefix=/usr/local/apr
#make
#make install
安装APR-util
#cd srclib/apr-util
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --libdir=/usr/lib64 --with-expat=builtin
#make
#make install
/sbin/ldconfig
----------------------------------------------------------------------------------------
./configure --prefix=/usr/local/apache2 --enable-so --with-included-apr --with-mpm=worker --enable-modules="cache disk-cache mem-cache file-cache rewrite" --enable-mods-shared="most"
./configure --prefix=/usr/local/apache2 --with-included-apr --with-mpm=worker --enable-so --enable-cache --enable-disk-cache --enable-mem-cache --enable-file-cache --enable-rewrite --enable-mods-shared="most"
#make
#make install
5.修改配置文件
#vi /usr/local/apache/conf/httpd.conf
查找ServerAdmin,ServerName 并将ServerName前的#去掉
6.启动服务
#/usr/local/apache/bin/apachectl start
7.创建主页
#vi /usr/local/apache/htdocs/index.html
此时可以用别的机子进行访问http://服务器的IP.如果发现访问不到。就应检查一下服务器的防火墙是否开启。
这边也可以将apache做成服务,让它开机的时候自动启动,我增加的内容如下:
cp /usr/local/apache/bin/apachectl /etc/init.d/httpd #拷贝启动文件,让系统启动时自动运行httpd服务
把# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
这些内容拷贝到/etc/init.d/httpd文件#!/bin/bash下面行。
想让服务支持chkconfig工具必须在脚本里有chkconfig和description相关内容的描述。
想了解chkconfig更多信息可参看man文档说明。
chkconfig --add httpd #添加httpd服务到系统
chkconfig httpd on #打开httpd服务
service httpd start #启动httpd服务
netstart -ant | grep :80 #查看服务是否启动
配置Apache
vi /usr/local/apache/conf/httpd.conf
取消ServerName前的#,添加ip或是域名及端口。
例: ServerName 192.168.0.11:80
测试APache:
用浏览器输入自己的ip及端口进行测试。
例:浏览器中输入: http://192.168.0.11:80
-------------------------------------------------------------------------------------------------
二、mysql
①二进制安装mysql
1.先检查系统是否安装过mysql
#rpm �Cqa | grep mysql
有的话一个一个删除掉,用rpm -e命令,然后查找一下残留的文件:
#find / -name mysql
#find / -name my.cnf
#find / -name .my.cnf
2.下面安装准备工作
#groupadd -g 200 mysql
#useradd -g mysql -u 200 -d /usr/local/mysql/data -M mysql
编译安装mysql
#tar -zxvf mysql-5.1.38.tar.gz
#./configure --prefix=/usr/local/mysql --with-extra-charsets=all --with-tcp-port=3306 --with-unix-socket-path=/tmp/mysql.sock --with-mysqld-user=mysql --without-debug --with-client-ldflags=-all-static --with-mysqld-ldflags=-all-static --enable-assembler --with-pthread --enable-thread-safe-client
编译过程中遇到的问题:checking for termcap functions library... configure: error: No curses/termcap library found
解决方法:rpm -ivh ncurses-*.*.rpm,rpm -ivh ncurses-devel-*.*.rpm
nginx--mysql
./configure --prefix=/usr/local/mysql/ --localstatedir=/usr/local/mysql/data --sysconfdir=/usr/local/mysql/ --with-unix-socket-path=/tmp/mysql.sock --with-charset=gbk --with-collation=gbk_chinese_ci --with-extra-charsets=gbk,gb2312,utf8 --with-client-ldflags=-all-static --with-mysqld-ldflags=-all-static --enable-assembler --without-debug --with-big-tables --with-readline --with-ssl --with-pthread --enable-thread-safe-client --with-embedded-server --enable-local-infile --with-plugins=innobase
make && make install
===========================================================================================
#l
#vi /etc/my.cnf mysql4.1.x以下支持的字符gb2313,如何新版本则可用utf8
[client]
socket=/tmp/mysql.sock
[mysql]
default-character-set=utf8
[mysqld]
datadir=/usr/local/mysql/data
socket=/tmp/mysql.sock
user=mysql
[mysql.server]
user=mysql
basedir=/usr/local/mysql
[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/usr/local/mysql/data/mysqld.pid
#cd /usr/local/mysql
#chown -R root:mysql .
#cd /file/mysql-4.0.25
#vi scripts/mysql_install_db
datadir=/usr/local/mysql/data
basedir=/usr/local/mysql
user=mysql
#scripts/mysql_install_db --user=mysql
#cd /usr/local/mysql
#chown -R root:mysql .
#chown -R mysql:mysql data
#chmod -R 775 .
#bin/mysqld_safe --user=mysql --socket=/tmp/mysql.sock --port=3306 &
# cp /file/mysql-5.1.38/support-files/mysql.server /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig --level 345 mysqld on
# /etc/init.d/mysqld start
用编辑器打开/etc/rc.local文件,在exit 0前面加上,/usr/local/mysql/bin/mysqld_safe --user=mysql &
# bin/mysqladmin --socket=/tmp/mysql.sock --port=3306 -u root -h localhost password '123456'
# bin/mysql --port=3306 -u root -p -S /tmp/mysql.sock
============================================================================================================
配置mysql
groupadd mysql #添加mysql组
useradd -g mysql mysql #添加mysql用户并加入到mysql组
cd /usr/local/mysql/ #切换到cd /usr/local/mysql/目录下
chown -R mysql . #改变当前目录下的所有者为mysql用户
chgrp -R mysql . #改变当前目录下的mysql用户的文件为mysql组
cd /usr/local/src/mysql-5.0.22/support-files #到源码mysql目录下的support-files下
cp my-medium.cnf /etc/my.cnf #拷贝文件到/etc/覆盖my.cnf 文件
cd /usr/local/mysql/bin #改变目录到/usr/local/mysql/bin
./mysql_install_db --user=mysql #以mysql身份初始化数据库
cd /usr/local/mysql #改变目录到/usr/local/mysql
chown -R mysql:mysql var #改变var目录所属mysql用户到mysql组
chmod 755 var #改变var目录权限
cd /usr/local/mysql/bin #改变目录到/usr/local/mysql/bin
./mysqld_safe --user=mysql & #以mysql用户启动库生成套接字
netstat -ant | grep 3306 #查看mysql是否启动,mysql用的是3306端口
mysqladmin -u root password 'admin' #给mysql的root用户设置密码
cd /usr/local/src/mysql-5.0.22/support-files/ #改变目录到cd /usr/local/src/mysql-5.0.22/support-files/
cp mysql.server /etc/init.d/mysqld #拷贝文件用于开机自动启动
chmod 755 /etc/init.d/mysqld #给mysqld权限
chkconfig --add mysqld #添加mysqld服务到系统
chkconfig mysqld on #打开myslqd服务
service mysqld restart #启动mysql服务
测试mysql:
cd /usr/local/mysql/bin #改变目录到cd /usr/local/mysql/bin
mysql -u root -p #登陆mysql
show databases; #查看数据库表
三、gd+php
PHP添加GD库支持,首先下载软件如下:
将所有软件放到/root/software/目录下,解包安装过程如下:
[root@TestServer software]# tar zxvf zlib-1.2.3.tar.gz
[root@TestServer software]# cd zlib-1.2.3/
[root@TestServer zlib-1.2.3]# ./configure
[root@TestServer zlib-1.2.3]# make
[root@TestServer zlib-1.2.3]# make install
[root@TestServer zlib-1.2.3]# cd ../
[root@TestServer software]# bunzip2 libpng-1.2.10.tar.bz2
[root@TestServer software]# tar xvf libpng-1.2.10.tar
[root@TestServer software]# cd libpng-1.2.10
[root@TestServer libpng-1.2.10]# ./configure --prefix=/usr/local/libpng
[root@TestServer libpng-1.2.10]# make
[root@TestServer libpng-1.2.10]# make install
[root@TestServer libpng-1.2.10]# cd ../
[root@TestServer software]# tar zxvf freetype-2.3.5.tar.gz
[root@TestServer software]# cd freetype-2.3.5
[root@TestServer freetype-2.3.5]# ./configure
[root@TestServer freetype-2.3.5]# make
[root@TestServer freetype-2.3.5]# make install
[root@TestServer freetype-2.3.5]# cd ../
[root@TestServer software]# tar zxvf jpegsrc.v6b.tar.gz
[root@TestServer software]# mkdir -p /usr/local/jpeg/bin
[root@TestServer software]# mkdir /usr/local/jpeg/include
[root@TestServer software]# mkdir /usr/local/jpeg/lib
[root@TestServer software]# mkdir -p /usr/local/jpeg/man/man1
[root@TestServer software]# cd jpeg-6b/
[root@TestServer jpeg-6b]# ./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
[root@TestServer jpeg-6b]# make
[root@TestServer jpeg-6b]# make install
[root@TestServer jpeg-6b]# cd ../
JPEG安装的时候不会自动生成目录,需要手工建立,否则可能出现编译异常
5.install libxml2
tar xzvf libxml2-2.6.30.tar.gz
cd libxml2-2.6.30
./configure
make
make install
# cp /usr/bin/xml2-config /usr/bin/xml2-configBAK
# cp xml2-config /usr/bin
cp:是否覆盖“/usr/bin/xml2-config”? y
这个是libxml2这个模块的BUG,通过对比这两个配置文件可以看出,程序安装到/usr/bin下的配置文件并不包含--prefix
信息,而且版本信息也是错误,如果不手动从编译目录中copy一个配置文件过去会出现以下gd库和php安装无法顺利完成。
因为找不到文件。
这个我在配置过程中在/usr/bin/下面根本没有xml2-config.
6 # tar zxvf fontconfig-2.4.91.tar.gz
# cd fontconfig-2.4.91
# ./configure --prefix=/usr/local/fontconfig --with-freetype-config=/usr/local/bin/freetype-config
===========================================================================================
这里遇到的错误问题:checking for LIBXML2... configure: error: Package requirements (libxml-2.0 >= 2.6) were not met:
No package 'libxml-2.0' found
解决方法:确定 /usr/local/libxml2/lib/pkgconfig 目录下有 libxml-2.0.pc
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
紧接重新编译
./configure --prefix=/usr/local/fontconfig --with-freetype-config=/usr/local/bin/freetype-config
====================================================================================================================
# make
# make install
# cd ../
7 tar zxvf autoconf-2.60.tar.gz
# cd autoconf-2.60
#./configure
# make
# make install
# cd ../
tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13/
./configure --prefix=/usr/local/libiconv
make
make install
cd ../
# tar zxvf gd-2.0.35.tar.gz
# cd gd-2.0.35
# ./configure --with-freetype=/usr/local/include/freetype2/ --with-fontconfig=/usr/local/fontconfig/ --with-jpeg=/usr/local/jpeg/ --with-png=/usr/local/libpng/ --with-libiconv-prefix=/usr/local/libiconv
gd_png.c:731: error: 'prow_pointers' undeclared (first use in this function)
gd_png.c:747: error: expected ')' before 'gdMalloc'
gd_png.c:804: error: expected ')' before 'gdMalloc'
make[2]: *** [gd_png.lo] 错误 1
make[2]: Leaving directory `/backup/file/gd+php-/gd/gd-2.0.35'
make[1]: *** [all-recursive] 错误 1
make[1]: Leaving directory `/backup/file/gd+php-/gd/gd-2.0.35'
make: *** [all] 错误 2
解决办法
vi gd_png.c
找到“png.h”改成“/usr/local/libpng/include/png.h”
或
解决办法 需要复制/usr/local/libpng/include/目录下的
cp /usr/local/libpng/include/pngconf.h /.../gd-2.0.35
cp /usr/local/libpng/include/png.h /..../gd-2.0.35
# make
# make install
# cd ..
tar xzvf libxslt-1.1.26.tar.gz
cd libxslt-1.1.26
./configure --with-libxml-prefix=/usr/local/ \
--with-libxml-include-prefix=/usr/local/include \
--with-libxml-libs-prefix=/usr/local/lib
make
make install
tar xzvf curl-7.17.1.tar.gz
cd curl-7.17.1
./configure
make
make install
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../
在LAMP上安装oracle10201_client_linux32.zip
安装方式与oracle服务器相同,只是在运行安装类型时,选择‘运行时’。
编辑/opt/oracle/u01/app/oracle/product/10.2.0/db_1/network/admin/tnsnames.ora
tnsnames.ora
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle服务器IP地址)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)
su - oracle
sqlplus xly/xly@orcl 连接成功之后,继续下面内容.
编译PHP
php for nginx
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir=/usr/local/jpeg --with-png-dir --with-zlib --with-libxml-dir=/usr/local/libxml2 --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap --without-pear --enable-lib64-libdir=/usr/lib64 --with-expat=builtin
php for apache
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-apxs2=/usr/local/apache2/bin/apxs --\with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-\libxml --with-libxml-dir=/usr/local/ --with-xsl --with-gd --with-jpeg-dir=/usr/local/jpeg --with-png-dir=/usr/local/libpng\ --with-zlib-dir=/usr/local --with-freetype-dir=/usr/local/ --with-curl --with-iconv=/usr/local/libiconv/ --with-mcrypt --\enable-mbstring --enable-soap --enable-gd-native-ttf --enable-sockets --enable-maintainer-zts --enable-ftp --enable-\inline-optimization --disable-ipv6 --disable-debug
--with-oci8=/opt/oracle/u01/app/oracle/product/10.2.0/db_1
--with-mm不适用于线程WEB
# make
# make install
cd /install/lamp/php-5.2.5/ext/mbstring
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../
tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3/
/usr/local/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql
make
make install
cd ../
tar zxvf ImageMagick.tar.gz
cd ImageMagick-6.5.1-2/
./configure
make
make install
cd ../
tar zxvf imagick-2.2.2.tgz
cd imagick-2.2.2/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../
cp php.ini-dist /usr/local/php/etc/php.ini
vi /usr/local/php/etc/php.ini
手工修改:查找/usr/local/php/etc/php.ini中的extension_dir = "./"
修改为extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
并在此行后增加以下几行,然后保存:
extension = "memcache.so"
extension = "pdo_mysql.so"
extension = "imagick.so"
再查找output_buffering = Off
修改为output_buffering = On
file_uploads = on ;是否允许通过HTTP上传文件的开关。默认为ON即是开
upload_tmp_dir ;文件上传至服务器上存储临时文件的地方,如果没指定就会用系统默认的临时文件夹
upload_max_filesize = 8m ;望文生意,即允许上传文件大小的最大值。默认为2M
post_max_size = 8m ;指通过表单POST给PHP的所能接收的最大值,包括表单里的所有值。默认为8M
一般地,设置好上述四个参数后,上传<=8M的文件是不成问题,在网络正常的情况下。
但如果要上传>8M的大体积文件,只设置上述四项还不一定能行的通。
进一步配置以下的参数
max_execution_time = 600 ;每个PHP页面运行的最大时间值(秒),默认30秒
max_input_time = 600 ;每个PHP页面接收数据所需的最大时间,默认60秒
memory_limit = 8m ;每个PHP页面所吃掉的最大内存,默认8M
把上述参数修改后,在网络所允许的正常情况下,就可以上传大体积文件了
max_execution_time = 600
max_input_time = 600
memory_limit = 32m
file_uploads = on
;upload_tmp_dir = /tmp
upload_max_filesize = 32m
post_max_size = 32m
[eaccelerator]
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="64"
eaccelerator.cache_dir="/usr/local/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
tar zxvf ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz
cd ZendOptimizer-3.3.3-linux-glibc23-x86_64
./install.sh
cp /usr/local/Zend/etc/php.ini /usr/local/php/etc/php.ini
修改httpd.conf
①AddType application/x-httpd-php .php .php5 .phtml
AddType application/x-httpd-php-source .phps
②DirectoryIndex index.phtml index.php index.html index.html.var index.htm index.phcp login.phtml login.php
③User oracle
Group oinstall
④修改主目录,以及与主目录相关的内容
⑤去除ServerName之前的#
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-vhosts.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
Satisfy all
</Directory>
Timeout 300
Timeout定义客户程序和服务器连接的超时间隔,超过这个时间间隔(秒)后服务器将断开与客户机的连接。
KeepAlive On
在HTTP 1.0中,一次连接只能作传输一次HTTP请求,而KeepAlive参数用于支持HTTP 1.1版本的一次连接、多次传输功能,这样就可以在一次连接中传递多个HTTP请求。虽然只有较新的浏览器才支持这个功能,但还是打开使用这个选项。
MaxKeepAliveRequests 100
MaxKeepAliveRequests为一次连接可以进行的HTTP请求的最大请求次数。将其值设为0将支持在一次连接内进行无限次的传输请求。事实上没有客户程序在一次连接中请求太多的页面,通常达不到这个上限就完成连接了。
KeepAliveTimeout 15
KeepAliveTimeout测试一次连接中的多次请求传输之间的时间,如果服务器已经完成了一次请求,但一直没有接收到客户程序的下一次请求,在间隔超过了这个参数设置的值之后,服务器就断开连接。
MinSpareServers 5MaxSpareServers 10
去除Include conf/extra/httpd-mpm.conf之前的#
Apache就可以加大MaxClients。下面是笔者的prefork配置段:
<IfModule prefork.c>
StartServers 10
MinSpareServers 10
MaxSpareServers 15
ServerLimit 2000
MaxClients 1000
MaxRequestsPerChild 10000
</IfModule>
<IfModule mpm_worker_module>
StartServers 3 //apache已启动马上创建3个httpd进程(ps aux可以看到)
MaxClients 2000 //同一时间最大接受2000个请求(其实就是2000个线程)
ServerLimit 25 //apache最大能启动25个进程。
MinSpareThreads 50 //apache至少要有50个空闲线程,用来等待接下来的请求,不满则由进程创建线程
MaxSpareThreads 200 //apache最多能有200个线程,超出了200个线程,则杀死多余的线程
ThreadLimit 200 //限制一个进程最多只能创建200个线程
ThreadsPerChild 100 //设定一个进程固定创建100个线程
MaxRequestsPerChild 10000 //设定当一个进程一共接受过10000此请求之后被杀死。以释放内存。
上述配置中,ServerLimit的最大值是20000,对于大多数站点已经足够。如果一定要再加大这个数值,对位于源代码树下server/mpm/prefork/prefork.c中以下两行做相应修改即可:
#define DEFAULT_SERVER_LIMIT 256
#define MAX_SERVER_LIMIT 20000
worker的工作原理是,由主控制进程生成“StartServers”个子进程,每个子进程中包含固定的ThreadsPerChild线程数,各个线程独立地处理请求。同样,为了不在请求到来时再生成线程,MinSpareThreads和MaxSpareThreads设置了最少和最多的空闲线程数;而MaxClients设置了所有子进程中的线程总数。如果现有子进程中的线程总数不能满足负载,控制进程将派生新的子进程。
MinSpareThreads和MaxSpareThreads的最大缺省值分别是75和250。这两个参数对Apache的性能影响并不大,可以按照实际情况相应调节。
ThreadsPerChild是worker MPM中与性能相关最密切的指令。ThreadsPerChild的最大缺省值是64,如果负载较大,64也是不够的。这时要显式使用ThreadLimit指令,它的最大缺省值是20000。上述两个值位于源码树server/mpm/worker/worker.c中的以下两行:
#define DEFAULT_THREAD_LIMIT 64
#define MAX_THREAD_LIMIT 20000
这两行对应着ThreadsPerChild和ThreadLimit的限制数。最好在configure之前就把64改成所希望的值。注意,不要把这两个值设得太高,超过系统的处理能力,从而因Apache不起动使系统很不稳定。
Worker模式下所能同时处理的请求总数是由子进程总数乘以ThreadsPerChild值决定的,应该大于等于MaxClients。如果负载很大,现有的子进程数不能满足时,控制进程会派生新的子进程。默认最大的子进程总数是16,加大时也需要显式声明ServerLimit(最大值是20000)。这两个值位于源码树server/mpm/worker/worker.c中的以下两行:
#define DEFAULT_SERVER_LIMIT 16
#define MAX_SERVER_LIMIT 20000
vi /home/httpd/html/db/oem_query.phtml
修改23行 如:$this->conn=ocilogon("xue","xue","ORCL"); 指定用户用以连接ORACLE服务器.
--------------------------------------------------------------------------------------------------------
[root@web conf]# /usr/local/apache2/bin/apachectl -M
/usr/local/apache2/bin/httpd: error while loading shared libraries: libiconv.so.2: cannot open shared object file: No such file or directory
在/etc/ld.so.conf中加一行/usr/local/lib,运行ldconfig
测试APACHE
Linux下查看apache连接数
Linux命令:
ps -ef | grep httpd | wc -l
查看Apache的并发请求数及其TCP连接状态:
Linux命令:
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
返回结果示例:
LAST_ACK 5
SYN_RECV 30
ESTABLISHED 1597
FIN_WAIT1 51
FIN_WAIT2 504
TIME_WAIT 1057
说明:
SYN_RECV表示正在等待处理的请求数;
ESTABLISHED表示正常数据传输状态;
TIME_WAIT表示处理完毕,等待超时结束的请求数。
curl -o /dev/null -s -w %{time_connect}:%{time_starttransfer}:%{time_total}\
http://www.canada.com
0.081:0.272:0.779
清单 1 给出对一个流行的新闻站点执行 curl 命令的情况。输出通常是 HTML 代码,通过 -o 参数发送到 /dev/null。-s 参数去掉所有状态信息。-w 参数让 curl 写出表 1 列出的计时器的状态信息:
表 1. curl 使用的计时器
计时器 描述
time_connect 建立到服务器的 TCP 连接所用的时间
time_starttransfer 在发出请求之后,Web 服务器返回数据的第一个字节所用的时间
time_total 完成请求所用的时间
这些计时器都相对于事务的起始时间,甚至要先于 Domain Name Service(DNS)查询。因此,在发出请求之后,Web 服务器处理请求并开始发回数据所用的时间是 0.272 - 0.081 = 0.191 秒。客户机从服务器下载数据所用的时间是 0.779 - 0.272 = 0.507 秒。
通过观察 curl 数据及其随时间变化的趋势,可以很好地了解站点对用户的响应性。
-------------------------------------------------------------------------------------------------------------
mod_security
<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On
分析每一个http请求
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
URL编码确认
# Only allow bytes from this range
SecFilterForceByteRange 32 126
字节范围检查, 以有效防止stack overflow attacks(栈溢出攻击).
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis
SecAuditEngine RelevantOnly
有效解决apache日志对某个用户或攻击者信息记录的不足. 如果要
对某一个用户或攻击者发出的一个请求的详细记录, 可以访问
/var/log/httpd/audit_log文件.
# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
SecFilterDebugLog /var/log/httpd/modsec_debug_log
SecFilterDebugLevel 0
设置调试模式下的输出文件.
# Should mod_security inspect POST payloads
#SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:406"
设置特别的行动, 406为行动名称, 前面的三个为行动参数.
# Redirect user on filter match
#SecFilter xxx redirect:http://www.webkreator.com
# Execute the external script on filter match
#SecFilter yyy log,exec:/home/ivanr/apache/bin/report-attack.pl
# Simple filter
#SecFilter 111
# Only check the QUERY_STRING variable
#SecFilterSelective QUERY_STRING 222
# Only check the body of the POST request
#SecFilterSelective POST_PAYLOAD 333
# Only check arguments (will work for GET and POST)
#SecFilterSelective ARGS 444
# Test filter
#SecFilter "/cgi-bin/keyword"
# Another test filter, will be denied with 404 but not logged
# action supplied as a parameter overrides the default action
#SecFilter 999 "deny,nolog,status:404"
# Prevent OS specific keywords
#SecFilter /etc/password
# Prevent path traversal (..) attacks
SecFilter "../"
阻止目录周游攻击.
# Weaker XSS protection but allows common HTML tags
SecFilter "<( | )*script"
对不安全的(跨站点脚本)XSS进行保护, 但允许普通的HTML标识.
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.| )+>"
防止XSS攻击 (HTML/Javascript注射)
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
防止SQL注射攻击
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
需要 HTTP_USER_AGENT和HTTP_HOST头.
# Forbid file upload
#SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
# Only watch argument p1
#SecFilterSelective "ARG_p1" 555
# Watch all arguments except p1
#SecFilterSelective "ARGS|!ARG_p2" 666
# Only allow our own test utility to send requests (or Mozilla)
#SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
# Do not allow variables with this name
#SecFilterSelective ARGS_NAMES 777
# Do now allow this variable value (names are ok)
#SecFilterSelective ARGS_VALUES 888
# Stop spamming through FormMail
# note the exclamation mark at the beginning
# of the filter - only requests that match this regex will
# be allowed
#<Location /cgi-bin/FormMail>
#SecFilterSelective "ARG_recipient" "
[email protected]$"
#</Location>
# when allowing upload, only allow images
# note that this is not foolproof, a determined attacker
# could get around this
#<Location /fileupload.php>
#SecFilterInheritance Off
#SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
#</Location>
</IfModule>
mod_evasive
查看历史编译参数:
1、nginx编译参数:
#/usr/local/nginx/sbin/nginx -V
2、apache编译参数:
# cat /usr/local/apache/build/config.nice
3、php编译参数:
# /usr/local/php/bin/php -i |grep configure
4、mysql编译参数:
# cat /usr/local/mysql/bin/mysqlbug|grep configure
11、把基于文件的会话切换到基于共享内存的会话。编译 PHP 时采用 --with-mm 选项,在 php.ini 中设置 set session.save_handler=mm 。这个简单的修改能让会话管理时间缩短一半。
12、采用最新版本的 Apache ,并把 PHP 编译其中,或者采用 DSO 模式,不要采用 CGI 方式。
13、编译 PHP 时,建议采用如下的参数:
--enable-inline-optimization --disable-debug
1、nginx编译参数:
#/usr/local/nginx/sbin/nginx -V
2、apache编译参数:
# cat /usr/local/apache/build/config.nice
3、php编译参数:
# /usr/local/php/bin/php -i |grep configure
4、mysql编译参数:
# cat /usr/local/mysql/bin/mysqlbug|grep configure