Linux web服务器初始化设置

1Linux系统安装   
软件包安装
   Development Libraries
   Development Tools
   Editors
   Base
   System Tools

2Linux系统环境优化

2.1、优化Linux系统文件描述符

# vi /etc/security/limits.conf
*  soft  nofile  65535
*  hard  nofile  65535  

2.2、让系统启动环境添加文件描述符

# vi /etc/rc.local
      ulimit -HSn 65536  

2.3、优化Linux内核参数

                #  vi /etc/sysctl.conf
                     net.ipv4.ip_local_port_range = 1024 65536
      net.core.rmem_max=16777216
      net.core.wmem_max=16777216
      net.ipv4.tcp_rmem=4096 87380 16777216
      net.ipv4.tcp_wmem=4096 65536 16777216
      net.ipv4.tcp_fin_timeout = 3
      net.core.netdev_max_backlog = 30000
      net.ipv4.tcp_no_metrics_save=1
      net.core.somaxconn = 262144
      net.ipv4.tcp_syncookies = 1
      net.ipv4.tcp_max_orphans = 262144
      net.ipv4.tcp_max_syn_backlog = 262144
      net.ipv4.tcp_synack_retries = 2
      net.ipv4.tcp_syn_retries = 2
      net.ipv4.tcp_tw_reuse = 1
      net.ipv4.tcp_tw_recycle = 1
          以上参数,主要优化 Linux 系统网络参数,优化 TCP 连接
          详细参数请见 http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/
2.4、防止密码被修改  
         # chattr +i /etc/passwd
         # chattr +i /etc/shadow
        注:如要修改密码,先执行
            chattr -i /etc/passwd
            chattr -i /etc/shadow 
2.5、记录用户登录和历史记录  
    # vi /etc/profile
    在文件尾加入以下内容
        HISTSIZE=5000
        export HISTTIMEFORMAT="%F %T "
        user=`whoami`
        ip=`who -u am i | awk '{print $NF}' | sed 's/[()]//g'`
        dt=`who -u am i | awk '{print $3" "$4}'`
        date=`date "+%Y-%m-%d"`
        user_date=/tmp/history/$user/$date
        history_file=$user_date/$user\_history_$date.txt
        login_file=$user_date/$user\_login_$date.txt
        if [ ! -d $user_date ]
        then
                mkdir -p $user_date
        fi
        printf "$user\t$dt\t$ip\n" >> $login_file
        chmod 600 $login_file
        touch $history_file
        export HISTFILE="$history_file"
        chmod 600 $history_file
结果如下所示:
/tmp/history/                                                       #历史记录目录
|-- root                                                               #用户名
|   `-- 2012-11-20                                                #日期
|       |-- root_history_2012-11-20.txt                     #历史操作记录
|       `-- root_login_2012-11-20.txt                       #用户登录信息(用户名,时间,登录IP)
3Web环境优化
3.1、Nginx参数优化
      # vi /opt/nginx/conf/nginx.conf
  worker_rlimit_nofile 51200;
  events {
                   use epoll;
                 worker_connections  51200;
  }
        备注:使用 Linux 系统 epoll 网络模型,减少系统资源占用,增加 IO 并发量
增加进程描述符和连接数

3.2Php参数优化

                   # vi /opt/php/etc/php-fpm.conf
      <value name="max_children">128</value>
      <value name="rlimit_files">51200</value>
备注:增加 php 连接数和文件描述符

3.3Mysql参数优化

                   # vi /etc/my.cnf
                            skip-name-resolve
                            max_connections = 500
        table_open_cache = 2048
        sort_buffer_size = 8M
        join_buffer_size = 8M
        query_cache_size = 64M
        key_buffer_size = 32M
                    备注:增加 mysql 连接数,数据库表,排序,查询,索引缓存

4、配置yum更新源

    # mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
    # cd /etc/yum.repos.d
    # wget http://mirrors.163.com/.help/CentOS5-Base-163.repo
    # yum makecache
    详细见 http://mirrors.163.com/.help/centos.html

你可能感兴趣的:(linux,系统,web服务器)