Linode VPS CentOS+ Nginx+ MySql + PHP (LNMP) 安装配置笔记

Linode VPS CentOS+ Nginx+ MySql + PHP (LNMP) 安装配置笔记

去年的 Linode 512 型主机上面才跑了几个小网站。LAMP安装，总感觉跑不快。曾听说用 Nginx 会比 Apache 性能更高，于是找算测试一下。 在这里记录一下安装调试的各个过程、便于以后查阅。注：本文 90%  抄自 : http://blog.s135.com/nginx_php_v6/

一、基础运行环境

1、新建 Image + Swap 。

2、部署 安装 Linux 内核操作系统 ，继续选择 Cent OS 5.5 。

3、启动系统

4、ssh、sftp登陆管理、安装系统安全补丁

5、系统设置 ( 主机别名、时间等)

二、CentOS 5 下 NMP  ( Ngnix+ MySql + PHP ) 网站服务器工作环境搭建

(一)、获取相关开源程序

1、CentOS 基础更新

sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers
yum install patch

2、下载程序源码包

mkdir -p /data0/software
cd /data0/software
wget http://blog.s135.com/soft/linux/nginx_php/nginx/nginx-0.8.46.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/php/php-5.2.14.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/phpfpm/php-5.2.14-fpm-0.5.14.diff.gz
wget http://blog.s135.com/soft/linux/nginx_php/mysql/mysql-5.5.3-m3.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/libiconv/libiconv-1.13.1.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/mcrypt/libmcrypt-2.5.8.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/mcrypt/mcrypt-2.6.8.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/memcache/memcache-2.2.5.tgz
wget http://blog.s135.com/soft/linux/nginx_php/mhash/mhash-0.9.9.9.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/pcre/pcre-8.10.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/eaccelerator/eaccelerator-0.9.6.1.tar.bz2
wget http://blog.s135.com/soft/linux/nginx_php/pdo/PDO_MYSQL-1.0.2.tgz
wget http://blog.s135.com/soft/linux/nginx_php/imagick/ImageMagick.tar.gz
wget http://blog.s135.com/soft/linux/nginx_php/imagick/imagick-2.3.0.tgz

(二)、安装PHP 5.2.14（FastCGI模式）

1、编译安装PHP 5.2.14所需的支持库：

tar zxvf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure –prefix=/usr/local
make
make install
cd ../

tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure –enable-ltdl-install
make
make install
cd ../../

tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config

tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../

2、编译安装MySQL 5.5.3-m3

/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
tar zxvf mysql-5.5.3-m3.tar.gz
cd mysql-5.5.3-m3/
./configure –prefix=/usr/local/webserver/mysql/ –enable-assembler –with-extra-charsets=complex –enable-thread-safe-client –with-big-tables –with-readline –with-ssl –with-embedded-server –enable-local-infile –with-plugins=partition,innobase,myisammrg
make && make install
chmod +w /usr/local/webserver/mysql
chown -R mysql:mysql /usr/local/webserver/mysql
cd ../

①、创建MySQL数据库存放目录

mkdir -p /data0/mysql/3306/data/
mkdir -p /data0/mysql/3306/binlog/
mkdir -p /data0/mysql/3306/relaylog/
chown -R mysql:mysql /data0/mysql/

②、以mysql用户帐号的身份建立数据表：

/usr/local/webserver/mysql/bin/mysql_install_db –basedir=/usr/local/webserver/mysql –datadir=/data0/mysql/3306/data –user=mysql

③、创建my.cnf配置文件：

vi /data0/mysql/3306/my.cnf

输入内容：

[client]
character-set-server = utf8
port = 3306
socket = /tmp/mysql.sock

[mysqld]
character-set-server = utf8
replicate-ignore-db = mysql
replicate-ignore-db = test
replicate-ignore-db = information_schema
user = mysql
port = 3306
socket = /tmp/mysql.sock
basedir = /usr/local/webserver/mysql
datadir = /data0/mysql/3306/data
log-error = /data0/mysql/3306/mysql_error.log
pid-file = /data0/mysql/3306/mysql.pid
open_files_limit = 10240
back_log = 600
max_connections = 5000
max_connect_errors = 6000
table_cache = 614
external-locking = FALSE
max_allowed_packet = 32M
sort_buffer_size = 1M
join_buffer_size = 1M
thread_cache_size = 300
#thread_concurrency = 8
query_cache_size = 512M
query_cache_limit = 2M
query_cache_min_res_unit = 2k
default-storage-engine = MyISAM
thread_stack = 192K
transaction_isolation = READ-COMMITTED
tmp_table_size = 246M
max_heap_table_size = 246M
long_query_time = 3
log-slave-updates
log-bin = /data0/mysql/3306/binlog/binlog
binlog_cache_size = 4M
binlog_format = MIXED
max_binlog_cache_size = 8M
max_binlog_size = 1G
relay-log-index = /data0/mysql/3306/relaylog/relaylog
relay-log-info-file = /data0/mysql/3306/relaylog/relaylog
relay-log = /data0/mysql/3306/relaylog/relaylog
expire_logs_days = 30
key_buffer_size = 256M
read_buffer_size = 1M
read_rnd_buffer_size = 16M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 128M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover

interactive_timeout = 120
wait_timeout = 120

skip-name-resolve
#master-connect-retry = 10
slave-skip-errors = 1032,1062,126,1114,1146,1048,1396

#master-host = 192.168.1.2
#master-user = username
#master-password = password
#master-port = 3306

server-id = 1

innodb_additional_mem_pool_size = 16M
innodb_buffer_pool_size = 512M
innodb_data_file_path = ibdata1:256M:autoextend
innodb_file_io_threads = 4
innodb_thread_concurrency = 8
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 16M
innodb_log_file_size = 128M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120
innodb_file_per_table = 0

#log-slow-queries = /data0/mysql/3306/slow.log
#long_query_time = 10

[mysqldump]
quick
max_allowed_packet = 32M

④、创建管理MySQL数据库的shell脚本：

vi /data0/mysql/3306/mysql

输入内容 (附： UID : wwuu || pwd: uu1234 )

#!/bin/sh

mysql_port=3306
mysql_username=”wwuu”
mysql_password=”uu1234″

function_start_mysql()
{
printf “Starting MySQL…\n”
/bin/sh /usr/local/webserver/mysql/bin/mysqld_safe –defaults-file=/data0/mysql/${mysql_port}/my.cnf 2>&1 > /dev/null &
}

function_stop_mysql()
{
printf “Stoping MySQL…\n”
/usr/local/webserver/mysql/bin/mysqladmin -u ${mysql_username} -p${mysql_password} -S /tmp/mysql.sock shutdown
}

function_restart_mysql()
{
printf “Restarting MySQL…\n”
function_stop_mysql
sleep 5
function_start_mysql
}

function_kill_mysql()
{
kill -9 $(ps -ef | grep ‘bin/mysqld_safe’ | grep ${mysql_port} | awk ‘{printf $2}’)
kill -9 $(ps -ef | grep ‘libexec/mysqld’ | grep ${mysql_port} | awk ‘{printf $2}’)
}

if [ "$1" = "start" ]; then
function_start_mysql
elif [ "$1" = "stop" ]; then
function_stop_mysql
elif [ "$1" = "restart" ]; then
function_restart_mysql
elif [ "$1" = "kill" ]; then
function_kill_mysql
else
printf “Usage: /data0/mysql/${mysql_port}/mysql {start|stop|restart|kill}\n”
fi

⑤、赋予shell脚本可执行权限：

chmod +x /data0/mysql/3306/mysql

⑥、启动MySQL：

/data0/mysql/3306/mysql start

⑦、通过命令行登录管理MySQL服务器（提示输入密码时直接回车）：

/usr/local/webserver/mysql/bin/mysql -u root -p -S /tmp/mysql.sock

⑧、输入以下SQL语句，创建一个具有root权限的用户（wwuu）和密码（uu1234）：

GRANT ALL PRIVILEGES ON *.* TO ‘wwuu’@'localhost’ IDENTIFIED BY ‘uu1234′;
GRANT ALL PRIVILEGES ON *.* TO ‘wwuu’@’127.0.0.1′ IDENTIFIED BY ‘uu1234′;

⑨、停止MySQL：

/data0/mysql/3306/mysql stop

3、编译安装PHP（FastCGI模式）

tar zxvf php-5.2.14.tar.gz
gzip -cd php-5.2.14-fpm-0.5.14.diff.gz | patch -d php-5.2.14 -p1
cd php-5.2.14/
./configure –prefix=/usr/local/webserver/php –with-config-file-path=/usr/local/webserver/php/etc –with-mysql=/usr/local/webserver/mysql –with-mysqli=/usr/local/webserver/mysql/bin/mysql_config –with-iconv-dir=/usr/local –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-discard-path –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-ldap –with-ldap-sasl –with-xmlrpc –enable-zip –enable-soap
make ZEND_EXTRA_LIBS=’-liconv’
make install
cp php.ini-dist /usr/local/webserver/php/etc/php.ini
cd ../

4、编译安装PHP5扩展模块

tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/usr/local/webserver/php/bin/phpize
./configure –with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../

tar jxvf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1/
/usr/local/webserver/php/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../

tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/webserver/php/bin/phpize
./configure –with-php-config=/usr/local/webserver/php/bin/php-config –with-pdo-mysql=/usr/local/webserver/mysql
make
make install
cd ../

tar zxvf ImageMagick.tar.gz
cd ImageMagick-6.5.1-2/
./configure
make
make install
cd ../

tar zxvf imagick-2.3.0.tgz
cd imagick-2.3.0/
/usr/local/webserver/php/bin/phpize
./configure –with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../

5、修改php.ini文件

sed -i ‘s#extension_dir = “./”#extension_dir = “/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/”\nextension = “memcache.so”\nextension = “pdo_mysql.so”\nextension = “imagick.so”\n#’ /usr/local/webserver/php/etc/php.ini
sed -i ‘s#output_buffering = Off#output_buffering = On#’ /usr/local/webserver/php/etc/php.ini
sed -i “s#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g” /usr/local/webserver/php/etc/php.ini
sed -i “s#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g” /usr/local/webserver/php/etc/php.ini

6、配置eAccelerator加速PHP：

mkdir -p /usr/local/webserver/eaccelerator_cache
vi /usr/local/webserver/php/etc/php.ini

快捷键 Shift+g 跳至文档结尾处插入内容

[eaccelerator]
zend_extension=”/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”64″
eaccelerator.cache_dir=”/usr/local/webserver/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=”"
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”3600″
eaccelerator.shm_prune_period=”3600″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″

7、创建www用户和组，以及供blog.abc.com和www.abc.com两个虚拟主机使用的目录：

/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /data0/htdocs/blog
chmod +w /data0/htdocs/blog
chown -R www:www /data0/htdocs/blog
mkdir -p /data0/htdocs/www
chmod +w /data0/htdocs/www
chown -R www:www /data0/htdocs/www

8、创建php-fpm配置文件（php-fpm是为PHP打的一个FastCGI管理补丁，可以平滑变更php.ini配置而无需重启php-cgi）：
在/usr/local/webserver/php/etc/目录中创建php-fpm.conf文件：

rm -f /usr/local/webserver/php/etc/php-fpm.conf
vi /usr/local/webserver/php/etc/php-fpm.conf

输入内容:

All relative paths in this config are relative to php’s install prefix

Pid file
/usr/local/webserver/php/logs/php-fpm.pid

Error log file
/usr/local/webserver/php/logs/php-fpm.log

Log level
notice

When this amount of php processes exited with SIGSEGV or SIGBUS …
10

… in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator’s shared memory.
1m

Time limit on waiting child’s reaction on signals from master
5s

Set to ‘no’ to debug fpm
yes

Name of pool. Used in logs and stats.
default

Address to accept fastcgi requests on.
Valid syntax is ‘ip.ad.re.ss:port’ or just ‘port’ or ‘/path/to/unix/socket’
127.0.0.1:9000

Set listen(2) backlog
-1

Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.

0666

Additional php.ini defines, specific to this pool of workers.

/usr/sbin/sendmail -t -i
0

Unix user of processes
www

Unix group of processes
www

Process manager settings

Sets style of controling worker process count.
Valid values are ‘static’ and ‘apache-like’
static

Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
128

Settings group for ‘apache-like’ pm style

Sets the number of server processes created on startup.
Used only when ‘apache-like’ pm_style is selected
20

Sets the desired minimum number of idle server processes.
Used only when ‘apache-like’ pm_style is selected
5

Sets the desired maximum number of idle server processes.
Used only when ‘apache-like’ pm_style is selected
35

The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when ‘max_execution_time’ ini option does not stop script execution for some reason
’0s’ means ‘off’
0s

The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
’0s’ means ‘off’
0s

The log file for slow requests
logs/slow.log

Set open file desc rlimit
65535

Set max core size rlimit
0

Chroot to this directory at the start, absolute path

Chdir to this directory at the start, absolute path

Redirect workers’ stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
yes

How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
1024

Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
127.0.0.1

Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment

$HOSTNAME
/usr/local/bin:/usr/bin:/bin
/tmp
/tmp
/tmp
$OSTYPE
$MACHTYPE
2

9、启动php-cgi进程，监听127.0.0.1的9000端口，进程数为128（如果服务器内存小于3GB，可以只开启64个进程），用户为www：Linode 512 VPS ，此数值设为 24-32是合适的。

ulimit -SHn 65535
/usr/local/webserver/php/sbin/php-fpm start

注：/usr/local/webserver/php/sbin/php-fpm还有其他参数，包括：start|stop|quit|restart|reload|logrotate，修改php.ini后不重启php-cgi，重新加载配置文件使用reload。

(三)、安装Nginx 0.8.46
1、安装Nginx所需的pcre库：

tar zxvf pcre-8.10.tar.gz
cd pcre-8.10/
./configure
make && make install
cd ../

2、安装Nginx

tar zxvf nginx-0.8.46.tar.gz
cd nginx-0.8.46/
./configure –user=www –group=www –prefix=/usr/local/webserver/nginx –with-http_stub_status_module –with-http_ssl_module
make && make install
cd ../

3、创建Nginx日志目录

mkdir -p /data1/logs
chmod +w /data1/logs
chown -R www:www /data1/logs

4、创建Nginx配置文件
①、在/usr/local/webserver/nginx/conf/目录中创建nginx.conf文件：

rm -f /usr/local/webserver/nginx/conf/nginx.conf
vi /usr/local/webserver/nginx/conf/nginx.conf

输入内容：

user www www;

worker_processes 8;

error_log /data1/logs/nginx_error.log crit;

pid /usr/local/webserver/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
use epoll;
worker_connections 65535;
}

http
{
include mime.types;
default_type application/octet-stream;

#charset gb2312;

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;

sendfile on;
tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

server
{
listen 80;
server_name blog.abc.com;
index index.html index.htm index.php;
root /data0/htdocs/blog;

#limit_conn crawler 20;

location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}

location ~ .*\.(js|css)?$
{
expires 1h;
}

log_format access ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” $http_x_forwarded_for’;
access_log /data1/logs/access.log access;
}

server
{
listen 80;
server_name www.abc.com;
index index.html index.htm index.php;
root /data0/htdocs/www;

location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}

log_format wwwlogs ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” $http_x_forwarded_for’;
access_log /data1/logs/wwwlogs.log wwwlogs;
}

}
}

注：如果为Linode 512 VPS ，修改 worker_processes 4; 是合适的。
②、在/usr/local/webserver/nginx/conf/目录中创建fcgi.conf文件：

vi /usr/local/webserver/nginx/conf/fcgi.conf

输入以下内容：

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with –enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

5、启动Nginx

ulimit -SHn 65535
/usr/local/webserver/nginx/sbin/nginx

(四)、配置开机自动启动Nginx + PHP

vi /etc/rc.local

在文档结尾处插入

ulimit -SHn 65535
/usr/local/webserver/php/sbin/php-fpm start
/usr/local/webserver/nginx/sbin/nginx

(五)、优化Linux内核参数

vi /etc/sysctl.conf

在文档结尾处插入

# Add
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535

使配置立即生效

/sbin/sysctl -p

(六)、在不停止Nginx服务的情况下平滑变更Nginx配置
1、修改/usr/local/webserver/nginx/conf/nginx.conf配置文件后，请执行以下命令检查配置文件是否正确：

/usr/local/webserver/nginx/sbin/nginx -t

如果屏幕显示以下两行信息，说明配置文件正确：
the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok
the configuration file /usr/local/webserver/nginx/conf/nginx.conf was tested successfully
2、平滑重启：

/usr/local/webserver/nginx/sbin/nginx -s reload

(七)、编写每天定时切割Nginx日志的脚本
1、创建脚本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh

vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh

输入以下内容：

#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path=”/usr/local/webserver/nginx/logs/”

mkdir -p ${logs_path}$(date -d “yesterday” +”%Y”)/$(date -d “yesterday” +”%m”)/
mv ${logs_path}access.log ${logs_path}$(date -d “yesterday” +”%Y”)/$(date -d “yesterday” +”%m”)/access_$(date -d “yesterday” +”%Y%m%d”).log
kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`

2、设置crontab，每天凌晨00:00切割nginx访问日志

crontab -e

输入以下内容：

00 00 * * * /bin/bash /usr/local/webserver/nginx/sbin/cut_nginx_log.sh

三、 Nginx 下的配置文件实现 wordpress 、drupal URL 重写(rewrite)功能、流量收集、阻止访问等功能

1、# 收集空头 IP /域名、给403

server {
listen 80 default;
return 403;
}

2、# 收集流量

server {
listen 80 default;
rewrite ^(.*) http://www.wifay.com permanent;
}

3、drupal 中的 Clean Url 功能的实现

if ($fastcgi_script_name ~ \..*\/.*php) {
return 403;
}
location / {
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last;
}
}
location ^~ /sites/default/files/imagecache/ {
index index.php index.html;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last; break;
}
}

4、wordpress 实面 URL Rewrite 功能
(经测试、有部分问题，对 wordpress 3.0 以上的版本的第二个、第三个Blog 支持不够）

location / {
index index.html index.php;
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}

正确的配置如下：在wordpress 3.0 版本子目录多用户环境中测试成功 (抄自:WordPress3.0多站点配置的Nginx ReWrite规则) 。经测试，以下两个版本都有一点小问题。第一个用户在 abc.com/xmlrpc.php 发布日志没有任何问题。当多用户以后，第二个、第三个、至第N个用户，用 Live Writer 发布日志，发现 abc.com/(2、3、4用户名)/xmlrpc.php 转发不成功。

location ~/(.*)/wp-admin/$ {
root /var/www/html/wordpress/;
index index.php;
rewrite ^/(.*)/wp-admin/$ /wp-admin/ break;
}

location ~ /(.*)/wp-([a-zA-Z])*\.php {
root /var/www/html/wordpress/;
index index.php;
rewrite ^/(.*)/(.*\.php) /$2 last;
}

location ~ /(.*)/(wp-(?:admin|content|includes).*\.php) {
root /var/www/html/wordpress/;
index index.php;
rewrite ^/(.*)/(wp-(?:admin|content|includes).*\.php) /$2 last;
}

location / {
root /var/www/html/wordpress/;
index index.php;
if (!-e $request_filename) {
rewrite ^(.+)$ /index.php?q=$1 last;
}
}

location ~* ^.+\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf)$
{
root /var/www/html/wordpress/;
rewrite ^/.*(/wp-.*/.*\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf))$ $1 last;
rewrite ^.*/files/(.*(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf))$ /wp-includes/ms-files.php?file=$1 last;
expires 30d;
break;
}

location ~ \.php$ {
root /var/www/html/wordpress/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress$fastcgi_script_name;
include fastcgi_params;
}

或 抄自 : http://siava.su/2008/04/28/wordpress-mu-rewrite-rules-for-nginx/

server {
listen 80;
server_name site.com;
access_log logs/site.access.log;

location ~* ^.+\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf)$
{
root /var/www/html/wordpress/;
rewrite ^/.*(/wp-.*/.*\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf))$ $1 last;
rewrite ^.*/files/(.*(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf))$ /wp-includes/ms-files.php?file=$1 last;
expires 30d;
break;
}

location / {
root /home/site.com/public_html;
index index.php;

if (!-e $request_filename) {
rewrite ^.+/?(/wp-.*) $1 last;
rewrite ^.+/?(/.*\.php)$ $1 last;
rewrite ^(.+)$ /index.php?q=$1 last;
}
}
error_page 500 502 503 504 /50x.html;

location = /50x.html {
root /var/www/nginx-default;
}

location ~ \.php$ {
rewrite ^/.*(/wp-.*/.*.php)$ $1;
fastcgi_pass 127.0.0.1:xxxx;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/site.com/public_html$fastcgi_script_name;
include /usr/local/nginx/conf/fastcgi_params;
}
}

server {
server_name www.site.com;
rewrite ^/(.*) http://site.com/$1 permanent;
}

针对 <当多用户以后，第二个、第三个、至第N个用户，用 Live Writer 发布日志，发现 abc.com/(2、3、4用户名)/xmlrpc.php 转发不成功> 一个拙劣的解决办法：针对 /.*/xmlrpc\.php(.*) 写一个 rewrite至 /xmlrpc.php$1 ，然后置于 容器 server {}之内。测试无Bug版本如下。

server {
listen 80;
server_name site.com;
access_log logs/site.access.log;
root /var/www/html/wordpress/;
rewrite ^/.*/xmlrpc\.php(.*) /xmlrpc.php$1 last;

location ~* ^.+\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf)$
{
root /var/www/html/wordpress/;
rewrite ^/.*(/wp-.*/.*\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf))$ $1 last;
rewrite ^.*/files/(.*(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf))$ /wp-includes/ms-files.php?file=$1 last;
expires 30d;
break;
}

location / {
root /home/site.com/public_html;
index index.php;

if (!-e $request_filename) {
rewrite ^.+/?(/wp-.*) $1 last;
rewrite ^.+/?(/.*\.php)$ $1 last;
rewrite ^(.+)$ /index.php?q=$1 last;
}
}
error_page 500 502 503 504 /50x.html;

location = /50x.html {
root /var/www/nginx-default;
}

location ~ \.php$ {
rewrite ^/.*(/wp-.*/.*.php)$ $1;
fastcgi_pass 127.0.0.1:xxxx;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/site.com/public_html$fastcgi_script_name;
include /usr/local/nginx/conf/fastcgi_params;
}
}

server {
server_name www.site.com;
rewrite ^/(.*) http://site.com/$1 permanent;
}

5、不带 www 的域名至 带www 的二级主域名的 url 支持跳转

# 接收 wifay.com 转至 www.wifay.com
server {
server_name wifay.com;
rewrite ^/(.*) http://www.wifay.com/$1 permanent;
}

四、 WordPress 垃圾评论太多，一不做、二不休，清空评论数据表

delete from wp_comments

http://www.wifay.com/blog/2011/03/18/linode-vps-lnmp/