服务器配置
型号:DELL 2650
CPU:Xeon 3.20GHz * 2
内存:4G DDR266
硬盘:SCSI 10Krpm 146G RAID 1
#author:wubolu
#date:20110413
#system:CentOS 5.6 i386
#mysql-5.5.11 + nginx-1.0.0 + php-5.3.6
自动校对时间
crontab -l
1 4 * * * ntpdate 210.72.145.44
安装前首先使用yum命令安装、升级所需的程序库
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers libxslt-devel libevent-dev ntp
------------------------------ 安装 MySQL 部分 ------------------------------
创建mysql用户
groupadd mysql
useradd -g mysql mysql
安装cmake
tar zxvf cmake-2.8.4.tar.gz
安装mysql
tar zxvf mysql-5.5.9.tar.gz
MY_dir="/usr/local/mysql"
cmake -DCMAKE_INSTALL_PREFIX="$MY_dir" -DDEFAULT_CHARSET=utf8 -DMYSQL_DATADIR="$MY_dir/"data/ -DCMAKE_INSTALL_PREFIX="$MY_dir" -DSYSCONFDIR="$MY_dir" -DDEFAULT_COLLATION=utf8_general_ci -DENABLE_DEBUG_SYNC=0 -DENABLED_LOCAL_INFILE=1 -DENABLED_PROFILING=1 -DWITH_READLINE=1 .
make
make install
./mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql
使用my-large.cnf模板
cp mysql/support-files/my-large.cnf ../my.cnf
添加慢查询日志及其他一些设置
[mysqld]
slow-query-log = 1
slow-query-log-file = /usr/local/mysql/data/slow.log
default-storage-engine = MyISAM
character-set-server = utf8 #如果不指定这个,程序连接可能导致乱码。查看mysql> show variables like '%character%'
wait_timeout = 300 #对当前连接有效。
interactive_timeout = 300 #对后续连接
修改权限
chown -R mysql:mysql /usr/local/mysql
------------------------------ 安装 Nginx 部分 ------------------------------
指定以后的HTTP文件目录
groupadd www
useradd -g www www
mkdir -p /usr/local/chong.com/
chmod +w /usr/local/chong.com/
chown -R www:www /usr/local/chong.com/
安装PCRE
[root@205053 tmp]# rpm -qa |grep pcre #查看自带的PCRE。
pcre-6.6-6.el5
[root@205053 tmp]# cp /lib/libpcre.so.0 / #备份libpcre.so.0,32位系统在lib下,64位系统在lib64下。
[root@205053 tmp]# rpm -e --nodeps pcre-6.6-6.el5 #删除自带的PCRE。
[root@205053 tmp]# cp /libpcre.so.0 /lib #恢复libpcre.so.0到lib
开始安装
tar zxvf pcre-8.12.tar.gz
cd pcre-8.12
./configure
make && make install
安装Nginx
tar zxvf nginx-1.0.0.tar.gz
cd nginx-1.0.0
./configure --user=www --group=www --prefix=/usr/local/nginx
make && make install
#修改好配置文件,启动就可以访问到Welcome to nginx!
--NGINX:
user www www;
worker_processes 4;
error_log logs/error.log;
pid nginx.pid;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.wubolutest.com;
root /usr/local/chong.com;
index index.php index.html index.htm;
access_log off;
error_page 404 /index.php;
error_page 500 502 503 504 /50x.html;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|html|htm)$ {
expires 1d;
break;
}
location ~* ^/(images|javascript|js|css|flash|media|static)/ {
expires 1d;
}
location ~* ^.+.(php|php5)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/chong.com/$fastcgi_script_name;
include fastcgi_params;
}
}
}
------------------------------ 安装 PHP 部分 ------------------------------
程序员们在编写代码程序时,除了要保证代码的高性能之外,还有一点是非常重要的,那就是程序的安全性保障。PHP除了自带的几种加密函数外,还有功能更全面的PHP加密扩展 mcrypt, mcrypt软件依赖libmcrypt和mhash两个库。
1.安装Libmcrypt
tar jxvf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8
./configure
make &&make install
1.1
cd libmcrypt-2.5.8/libltdl/
./configure --enable-ltdl-install
make && make install
2.安装mhash
tar -zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make && make install
3.安装mcrypt
tar -zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
LD_LIBRARY_PATH=/usr/local/lib ./configure #如果不加环境变量LD_LIBRARY_PATH=/usr/local/lib的话,会提示找不到libmcrypt链接库
make && make install
#在编译的最后加入./configure --with-mcrypt --with-mhash -with-libxml-dir --enable-bcmath --enable-sockets
ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib/ #64位系统在/usr/lib64/
5.3.3 开始源码中开始包含 php-fpm,不用专门再打补丁了,只需要解开源码直接configure,关于php-fpm的编译参数有--enable-fpm --with-fpm-user=www --with-fpm-group=www
tar zxvf php-5.3.6.tar.gz
cd php-5.3.6
./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-pdo --with-pdo-mysql=/usr/local/mysql --enable-safe-mode --enable-ftp --enable-zip --with-bz2 --with-jpeg-dir --with-png-dir=/usr/local/png --with-freetype-dir --without-iconv --with-mcrypt --with-mhash -with-libxml-dir --enable-bcmath --with-XMLrpc --with-zlib-dir --with-gd --enable-gd-native-ttf --with-curl --with-curlwrappers --with-pear --enable-calendar --enable-mbstring --enable-sockets --enable-exif --enable-magic-quotes --disable-rpath --disable-debug --enable-fpm --enable-fpm --enable-sqlite-utf8
make
make install
-- 建立php.ini配置文件,其中 php.ini-production 是用于生产环境稳定配置,php.ini-development 为开发环境专用。
cp php.ini-production /usr/local/php/etc/php.ini
-- 修改 php.ini 部分内容
修改为output_buffering = On
修改为cgi.fix_pathinfo=0,防止Nginx文件类型错误解析漏洞。
-- 去掉注释
pm.max_spare_servers = 35 设置空闲服务进程的最大数目
pm.min_spare_servers = 5 设置空闲服务进程的最低数目
pm.start_servers = 20 设置启动时创建的子进程数目
--配置 FPM,cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
修改 php-fpm.conf
user = www
group = www
或者直接使用下面内容:
[global]
[www]
listen = 127.0.0.1:9000
user = www
group = www
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
-- php.ini或者直接使用以下内容配置 PHP,ini文件在源文件包内有 php.ini-development和php.ini-production, 一个是开发版, 一个是产品版,将其中一个拷贝到/usr/local/php/etc/php.ini, 设置如下:
[PHP]
engine = On
short_open_tag = On
asp_tags = Off
precision = 14
y2k_compliance = On
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 100
allow_call_time_pass_reference = Off
safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions =
disable_classes =
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL | E_STRICT
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = On
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_globals = Off
register_long_arrays = Off
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[Date]
date.timezone = PRC
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[Syslog]
define_syslog_variables = Off
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = On
[OCI8]
[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = On
session.bug_compat_warn = On
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatability_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
优化 linux 内核,在/etc/sysctl.conf最后加入:
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_keepalive_intvl = 15
在CentOS下运行Java程序时经常会由于一些原因导致出现Too many open files的异常,ulimit -a默认open files为1024
vim /etc/security/limits.conf 加入
#<domain> <type> <item> <value>
* soft nofile 65535
* hard nofile 65535