DATA: 2011-04-20
AUTHOR:andy.feng(FH.CN)
Email:
[email protected]
BLOG:linuxguest.blog.51cto.com
RHEL5.4 安装nginx-1.0 + php-5.2.17(fastcgi)+mysql-5.1.40
一、下载需要的软件包
#创建存放软件包的目录
mkdir -p /soft/diy
#下载nginx-1.0
wget http://www.nginx.org/download/nginx-1.0.0.tar.gz
下载php5.2.17
wget http://cn.php.net/get/php-5.2.17.tar.bz2/from/this/mirror
#下载fastcgi补丁
wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
#下载mysql,由于mysql官网现在需要登录才能下载,所以我使用自己的源码仓库、顺便鄙视一下oracle公司
wget http://122.225.32.131/icons/mysql-5.1.40.tar.gz
#下载字符转换库libiconv
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz (下载太慢,最后我还是使用以前的1.13版本)
#下载PHP的memcache扩展
http://pecl.php.net/get/memcache-2.2.6.tgz
#下载PHP的imagick扩展
wget http://pecl.php.net/get/imagick-3.0.1.tgz
ftp://mirror.aarnet.edu.au/pub/imagemagick/ImageMagick-6.6.5-10.tar.bz2 imagick扩展的依耐包
#下载PHP的PDO扩展
wget http://pecl.php.net/get/PDO-1.0.3.tgz
wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
#PHP加速器相关下载,一般选择一种,这里我们讲4种常见的加速软件
#下载eaccelerator加速
wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
#下载ZendOptimizer,由于官网下载需要注册,所以我们在opser上下载
wget http://soft.vpser.net/web/zend/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
#下载PHP的apc扩展
wget http://pecl.php.net/get/APC-3.1.7.tgz
#xcache加速
wget http://xcache.lighttpd.net/pub/Releases/1.3.2-rc1/xcache-1.3.2-rc1.tar.bz2
上面是一些软件的下载地址,如果没有的情自己google找,官网都可以下载,不过速度比较慢
MD5值 软件名
94239866e5d1b90e02675e988a5cbad4 APC-3.1.7.tgz
e2167713316639705202cf9b6cb1fdb1 imagick-3.0.1.tgz
048032a3032ebd182150bdee30a5d533 libiconv-1.13.tar.gz
0821830d930a86a5c69110837c55b7da libmcrypt-2.5.8.tar.gz
97639f8821b10f80943fa17da302607e mcrypt-2.6.8.tar.gz
9542f1886b72ffbcb039a5c21796fe8a memcache-2.2.6.tgz
ee66b7d5947deb760aeff3f028e27d25 mhash-0.9.9.9.tar.gz
32e7373c16271606007374396e6742ad mysql-5.1.40.tar.gz
5751c920c266ea5bb5fc38af77e9c71c nginx-1.0.0.tar.gz
2256d0a1d0a358265165ca70e7cfc47a pcre-7.9.tar.gz
74bff68b3f1caaf745edaddbd4df7291 PDO-1.0.3.tgz
6121f450488dd4893f5702051c1f84fb PDO_MYSQL-1.0.2.tgz
5339a2a9c6a0b015b7ce5fcb8d90de84 php-5.2.17-fpm-0.5.14.diff.gz
150586c3af37fbdfa504cf142c447e57 ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
32ccd838e06ef5613c2610c1c65ed228 eaccelerator-0.9.6.1.tar.bz2
305bc145200ef5c1f7bba08a12c5f4f2 ImageMagick-6.6.5-10.tar.bz2
b27947f3045220faf16e4d9158cbfe13 php-5.2.17.tar.bz2
5f6ac6f6f4f8ec2322f0bb040559663b xcache-1.3.2-rc1.tar.bz2
3d0a037e73ffe40ea55b521cbff7ff8d go-pear.phar
二、安装前的准备工作
1、检查是否已经安装apache,php和mysql的rpm包
rpm -qa | egrep 'httpd|mysql|php'
如果有
yum remove 对应的软件
2、安装必须的软件
yum -y install patch make gcc gcc-c++ gcc-g77 flex bison file
yum -y install libtool libtool-libs autoconf kernel-devel
yum -y install libjpeg libjpeg-devel libpng libpng-devel gd gd-devel
yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel
yum -y install glib2 glib2-devel bzip2 bzip2-devel libevent libevent-devel
yum -y install ncurses ncurses-devel curl curl-devel e2fsprogs
yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel
yum -y install openssl openssl-devel vim-minimal nano sendmail
yum -y install fonts-chinese gettext gettext-devel
yum -y install ncurses-devel
yum -y install gmp-devel pspell-devel
yum -y install unzip
三、开始安装
1、安装PHP需要的库
libiconv-1.13.tar.gz加强系统对支持字符编码转换的功能
tar -zxvf libiconv-1.13.tar.gz
cd libiconv-1.13
./configure --prefix=/usr/local/
make && make install
cd ..
libmcrypt-2.5.8.tar.gz加密算法库,php扩展mcrypt功能对此库有依耐关系,要使用mcrypt必须先安装此库
tar -zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure && make && make install
ldconfig
cd libltdl/
./configure --enable-ltdl-install
make && make install
cd ../..
mhash-0.9.9.9.tar.gz hash加密算法库
tar -zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure && make && make install
cd ..
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
mcrypt-2.6.8.tar.gz简单的加密程序,php的加密扩展,必须先安装libmcrypt库
tar -zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
ldconfig
./configure
make && make install
cd ..
2、安装mysql数据库,略过.
3、安装PHP(重点)
tar -jxvf php-5.2.17.tar.bz2
gzip -cd php-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1
cd php-5.2.17
./configure --prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--with-mysql=/usr/local/mysql/ \
--with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local/ \
--with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr/ \
--enable-xml --disable-rpath --enable-discard-path --enable-bcmath \
--enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers \
--enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring \
--with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl \
--enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap
--enable-safe-mode \\此选项可选,如果使用可以增加安全性,但是一些功能会被制约
编译完成后认真阅读php的反馈信息,看看是否有debug.log文件,如果有就仔细阅读,并解决存在的问题。
确认没有问题后,继续:
make ZEND_EXTRA_LIBS='-liconv'
完成后,如果有时间可以 make test 需要10分钟左右
make install
cp php.ini-dist /usr/local/php/etc/php.ini
安装pear支持
老版本的php和新版本的php不同,记得在5.2.10版本上,是执行go-pear文件,新版本中执行的是phar。
wget http://pear.php.net/go-pear.phar
/usr/local/php/bin/php go-pear.phar
4、安装PHP扩展模块
memcache扩展接口,如果想要使用memcache功能,还要单独安装memcached软件。
memcache简介:memcache相当一个简单的内存数据库
tar -zxvf memcache-2.2.6.tgz
cd memcache-2.2.6
/usr/local/php/bin/phpize
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
pdo_mysql扩展
pdo简介:pdo是PHP连接数据库的统一接口,连接对应数据库需要对应的pdo驱动。
tar -zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql/
make && make install
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
安装PHP扩展imagick,处理图像。
如果PHP版本 >= 5.1.3 依耐的 ImageMagick版本就要大于 >= 6.2.4 。
tar -jxvf ImageMagick-6.6.5-10.tar.bz2
./configure
make && make install
tar -zxvf imagick-3.0.1.tgz
cd imagick-3.0.1
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
nstalling shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
常用扩展安装完成,下面我们配置PHP
5、配置PHP
编辑/usr/local/php/etc/php.ini文件,找到"extension_dir = "./""此行,使用下面的类容替换此行
;extension_dir = "./"
extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/" #保存扩展库的位置,下面是扩展库的名字,在这个目录中要能找到下面的库文件
extension = "memcache.so"
extension = "pdo_mysql.so"
extension = "imagick.so"
6、配置PHP加速有多种方法,我们暂时不配置加速[当你的LNMP环境搭建完成以后,再倒回来安装这部分]
a、安装APC加速器
tar -zxvf APC-3.1.7.tgz
cd APC-3.1.7
/usr/local/php/bin/phpize
./configure --enable-apc --enable-apc-mmap --with-php-config=/usr/local/php/bin/php-config
make && make install
结果:
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
Installing header files: /usr/local/php/include/php/
编辑php.ini,查找extension_dir行,修改此行内容如下(如果按照上面的方法,提前安装了其他模块,这行应该是不用修改的),并且添加下面没有的部分,在最后加入[APC]下面的代码:
extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
[APC]
extension = apc.so
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 64M
apc.optimization = 1
apc.num_files_hint = 0
apc.ttl = 0
apc.gc_ttl = 3600
apc.cache_by_default = on
完成后,重新启动fastcgi,通过phpinfo函数看到下面信息就算成功了
apc
APC Support enabled
Version 3.1.7
APC Debugging Disabled
MMAP Support Enabled
MMAP File Mask no value
Locking type pthread mutex Locks
Serialization Support php
Revision $Revision: 307215 $
Build Date Apr 26 2011 23:08:03
b、安装eaccelerator加速器
tar -jxvf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1
/usr/local/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
make && make install
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
修改php.ini,注释刚才关于APC的代码
extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
extension = "memcache.so"
extension = "pdo_mysql.so"
;extension = "apc.so"
;[APC]
;apc.enabled = 1
;apc.shm_segments = 1
;apc.shm_size = 64M
;apc.optimization = 1
;apc.num_files_hint = 0
;apc.ttl = 0
;apc.gc_ttl = 3600
;apc.cache_by_default = on
;##############eaccelerator################
extension = "eaccelerator.so"
[eAccelerator]
eaccelerator.shm_size="128"
eaccelerator.cache_dir="/tmp/accelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="300"
eaccelerator.shm_prune_period="120"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
mkdir -p /tmp/accelerator_cache
chown -R nobody:nobody /tmp/accelerator_cache
完成后,重新启动fastcgi,phpinfo中出现如下信息,即为成功
eAccelerator
eAccelerator support enabled
Version 0.9.6.1
Caching Enabled true
Optimizer Enabled true
Check mtime Enabled true
Memory Size 134,217,688 Bytes
Memory Available 134,215,092 Bytes
Memory Allocated 2,596 Bytes
Cached Scripts 1
Removed Scripts 0
c、安装ZendOptimizer加速器
tar zxvf ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz
mkdir -p /usr/local/zend/
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/zend/
然后修改php.ini文件,把刚才关于eaccelerator相关的代码注释掉。在文件结尾,加入如下代码:
[Zend Optimizer]
zend_optimizer.optimization_level=1
zend_extension="/usr/local/zend/ZendOptimizer.so"
完成后,从新启动fastcgi,看到如下信息,即为成功
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
d、安装xcache加速器(由于我们使用php是5.2里面最新的版本,所以对应的xcache还是rc版本)
tar -jxvf xcache-1.3.2-rc1.tar.bz2
cd xcache-1.3.2-rc1
/usr/local/php/bin/phpize
./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php/bin/php-config
make && make install
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
修改php.ini,注释zendoptimizer相关代码,在extension_dir那句代码下面加入,如下代码:
[xcache]
extension = xcache.so
xcache.admin.user = "admin"
;xcache.admin.pass = "(执行) echo ’(你的密码)’|md5sum(得出的密文)"下面的密码是123456
xcache.admin.pass = "f447b20a7fcbf53a5d5be013ea0b15af"
xcache.size = 24M
xcache.shm_scheme = "mmap"
xcache.count = 2
xcache.slots = 8k
xcache.ttl = 0
xcache.gc_interval = 0
xcache.var_size = 8M
xcache.var_count = 1
xcache.var_slots = 8k
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300
xcache.test = Off
xcache.readonly_protection = On
xcache.mmap_path = "/tmp/xcache"
xcache.coredump_directory = ""
xcache.cacher = On
xcache.stat = On
;xcache.optimizer = Off/On
xcache.coverager = On
xcache.coveragedump_directory = ""
mkdir /tmp/xcache
chmod 777 /tmp/xcache
完成后,从新启动fastcgi,看到如下信息,即为成功
XCache
XCache Support enabled
Version 1.3.2-rc1
Modules Built cacher coverager
Readonly Protection enabled
Cache Init Time 2011-04-28 16:57:25
Cache Instance Id 20336
Opcode Cache enabled, 25,165,824 bytes, 2 split(s), with 8192 slots each
Variable Cache enabled, 8,388,608 bytes, 1 split(s), with 8192 slots each
Shared Memory Schemes mmap
Coverage Auto Dumper disabled
到这里常用的PHP加速器软件就算安装完成了,任选其一即可,推荐APC和xcache
7、创建php-fpm配置文件,php-fpm是开源社区为php开发的一个补丁,可以平滑变更php.ini,而无需重启php-cgi
php-fpm.conf文件的详细解释 http://php-fpm.org/wiki/Configuration_File
vim /usr/local/php/etc/php-fpm.conf ,使用 :set nu显示行号。
需要注意的几行,给大家说说
(原)41 <value name="listen_address">127.0.0.1:9000</value>
(改)41 <value name="listen_address">/tmp/php-cgi.sock</value> #个人习惯,比较喜欢使用sock。
(原)63 <!-- <value name="user">nobody</value> -->#进程的所有者
(原)66 <!-- <value name="group">nobody</value> -->#进程的所有组,默认都为nobody
(改) <value name="user">nobody</value>
(改) <value name="group">nobody</value>
59 <!-- <value name="display_errors">0</value> --> #是否显示错误,1为关闭显示错误,0为打开错误显示,调试期间可以打开
79 <value name="max_children">5</value> #为客户端服务的最大进程数
86 <value name="StartServers">20</value> #启动时创建的进程数
<value name="MinSpareServers">5</value> #最小空闲进程数
94 <value name="MaxSpareServers">35</value>#最大空闲进程数
(原)107 <value name="request_slowlog_timeout">0s</value> #默认关闭慢查询,建议还是打开,对性能分析有好处
(改)107 <value name="request_slowlog_timeout">5s</value>
(原)113 <value name="rlimit_files">1024</value> #设定打开文件的限制
(改)113 <value name="rlimit_files">51200</value>
132 <value name="max_requests">5000</value> #设置大可以接受的请求数
137 <value name="allowed_clients">127.0.0.1</value> #允许连接的客户端
启动php-cgi
Usage: /usr/local/php/sbin/php-fpm {start|stop|quit|restart|reload|logrotate}
/usr/local/php/sbin/php-fpm start
8、安装nginx-1.0
安装pcre-7.9.tar.gz,perl扩展正则表达式的支持,主要用于支持url rewrite
tar -zxvf pcre-7.9.tar.gz
cd pcre-7.9
./configure
make && make install
cd ..
安装ngnx-1.0
tar -zxvf nginx-1.0.0.tar.gz
cd nginx-1.0.0
./configure --prefix=/usr/local/nginx --user=nobody --group=nobody --with-http_stub_status_module --with-http_ssl_module
#config完成后,查看结果,使用了哪些库,如果有些你希望使用的库没有使用,需要安装或者添加配置参数
Configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ md5: using OpenSSL library
+ sha1 library is not used
+ using system zlib library
make && make install
修改配置文件
vim /usr/local/nginx/conf/nginx.conf
2 user nobody; #取消注释
12 events {
13 use epoll;
14 worker_connections 51200;
15 }
36 server {
37 listen 80;
38 server_name 122.225.32.135;
66 location ~ \.php$ {
67
68 if ( $fastcgi_script_name ~ \..*\/.*php ) {
69 return 403;
70 }
71 root html;
72 fastcgi_pass unix:/tmp/php-cgi.sock;
73 fastcgi_index index.php;
74 fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
75 include fastcgi.conf;
76 }
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf #测试配置文件是否正确
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf 或者/usr/local/nginx/sbin/nginx
四、测试
cd /usr/local/nginx/html/
echo "<?phpinfo();?>" >phpinfo.php
使用浏览器访问 http://122.225.32.135/phpinfo.php
如果能够正常显示PHP的信息,基本就算成功了。
五、优化和安全
1、
关于fastcgi存在的一个上传漏洞,
详见:
http://www.80sec.com/nginx-securit.html
2、php禁用函数,注意,是一行
disable_functions = set_time_limit,system,exec,shell_exec,,passthru,proc_open,proc_close,proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport,syslog,popen,show_source,highlight_file,posix_ctermid,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,dl,socket_listen,socket_create,socket_bind,socket_accept,socket_connect,stream_socket_server,stream_socket_accept,stream_socket_client,ftp_connect,ftp_login,ftp_pasv,ftp_get,zlib.compress,gzopen,gzpassthru,gzcompress,phpinfo