1、安装依赖库
# yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib \
zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 \
krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers expat expat-devel \
2、安装pcre,让nginx支持正则表达式
//pcre-8.35.tar.gz
# cd /opt/nginx
# tar xf pcre-8.35.tar.gz
# cd pcre-8.35
# ./configure && make && make install
# cd ../
# ln -s /usr/local/lib/libpcre.so.1 /lib64/libpcre.so.1
//软连接不行就拷贝库文件
# cp /usr/local/lib/libpcre.so.1 /lib64/
3、安装nginx
//nginx-1.4.7.tar.gz
# groupadd -r www
# useradd -r -g www -s /sbin/nologin -M www
# mkdir -p /var/log/nginx
# chown -R www:www /var/log/nginx
# cd /opt/nginx
# tar xf nginx-1.4.7.tar.gz
# cd nginx-1.4.7
# ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_realip_module --with-http_addition_module \
--with-http_gzip_static_module --with-http_random_index_module --with-http_stub_status_module --with-http_sub_module --with-http_dav_module \
--with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module \
--with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_mp4_module \
--with-mail --with-mail_ssl_module --with-file-aio --with-pcre --with-ipv6 \
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
//根据yum安装nginx,提取的编译参数(供参考)
//--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log \
//--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock \
//--http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
//--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
//--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx \
# make && make install
# cd ../
# ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
//加载nginx库文件
# ldd $(which /usr/local/nginx/sbin/nginx)
//初次启动nginx
# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
//制作nging启动脚本
# vim /etc/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
# chmod +x /etc/init.d/nginx
# chkconfig --add nginx
# chkconfig nginx on
# /etc/init.d/nginx restart
//创建定时切割Nginx日志脚本
# vim /usr/local/nginx/sbin/cut_nginx_log.sh
#!/bin/bash
# This script run at 00:00
# The Nginx logs path
logs_path="/var/log/nginx/logs/"
mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
# crontab -e
00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh
4、安装cmake
//cmake-2.8.12.2.tar.gz
# yum -y install bison ncurses ncurses-base ncurses-devel ncurses-libs
# cd /opt/mysql
# tar xf cmake-2.8.12.2.tar.gz
# cd cmake-2.8.12.2
# ./configure && make && make install
# cd ../
5、安装mysql
//mysql-5.6.17.tar.gz
# groupadd mysql
# useradd -r -g mysql mysql
# mkdir -p /data/mysql
# mkdir -p /data/mysql/logs
# chown mysql:mysql /data
# chown mysql:mysql /data/mysql
# chown mysql:mysql /data/mysql/logs
# cd /opt/mysql
# tar xf mysql-5.6.17.tar.gz
# cd mysql-5.6.17
# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data/mysql/ -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS:STRING=utf8,gbk -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_MEMORY_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1 -DWITH_READLINE=1 -DEXTRA_CHARSETS=all \
//编译时间较长,512M内存的机器需时40分钟左右
# make && make install
# cd ../
//配置my.cnf
# vim /etc/my.cnf
[client]
port=3306
socket=/data/mysql/mysql.sock
default-character-set=utf8
[mysqld]
port=3306
socket=/data/mysql/mysql.sock
skip-external-locking
key_buffer_size=16M
max_allowed_packet=1M
table_open_cache=64
sort_buffer_size=512K
net_buffer_length=8K
read_buffer_size=256K
read_rnd_buffer_size=512K
myisam_sort_buffer_size=8M
character_set_server=utf8
collation-server=utf8_general_ci
lower_case_table_names=1
character_set_client=utf8
#pid-file=/data/mysql/rhel6.db1.pid
datadir=/data/mysql
log-error=/data/mysql/logs/mysqld.err
log-bin=/data/mysql/logs/mysqlbinlog
log-bin-index=/data/mysql/logs/mysql_binlog_index
sync-binlog=0
max_binlog_size=102400000
slow-query-log
slow_query_log_file=/data/mysql/logs/slow-query-logs
long_query_time=0.5
general_log
general_log_file=/data/mysql/logs/query.logs
//初次启动mysql
# cd /usr/local/mysql
# chown -R mysql:mysql .
# scripts/mysql_install_db --user=mysql
# chown -R root .
# chown -R mysql data
//创建mysql启动脚本
# cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql
# cd /usr/local/mysql/data
# \cp -a ./* /data/mysql
# /etc/init.d/mysql start
# chkconfig --add mysql
# chkconfig mysql on
//创建mysql软链接
# ln -s /usr/local/mysql/bin/mysql /usr/bin/
//解决mysql不能读写问题[Starting MySQL.....The server quit without updating PID fil[FAILED]/mysql/data/rhel6.web1.pid)]
# mkdir -p /var/lib/mysql/tmp
# chown mysql:mysql /var/lib/mysql/tmp
# vim /etc/my.cnf
[mysqld]
tmpdir=/var/lib/mysql/tmp
# mysql
//修改mysql用户密码信息
//切换mysql.tables
mysql>use mysql;
//配置root用户权限
mysql>GRANT ALL PRIVILEGES ON *.* TO root@"%" IDENTIFIED BY "root";
//修改密码为“123456”
mysql>update user set Password = password('123456') where User='root';
//刷新数据库
mysql>flush privileges;
mysql>exit;
# /usr/local/mysql/bin/mysql -uroot -p
6、破解mysql密码
# /etc/init.d/mysql stop
# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &
# mysql -u root mysql
mysql> UPDATE mysql.user SET Password=PASSWORD('123456') WHERE User='root';
mysql> FLUSH PRIVILEGES;
# /etc/init.d/mysql restart
# mysql -uroot -p
Enter password: <输入新设的密码123456>
mysql> SET PASSWORD = PASSWORD('123456');
mysql> select Host,User,Password from mysql.user;
7、安装php扩展库
//libiconv-1.14.tar.gz
# cd /opt/php
# tar xf libiconv-1.14.tar.gz
# cd libiconv-1.14
# ./configure && make && make install
# cd ../
//libmcrypt-2.5.8.tar.gz
# cd /opt/php
# tar xf libmcrypt-2.5.8.tar.gz
# cd libmcrypt-2.5.8
# ./configure && make && make install
# /sbin/ldconfig
# cd libltdl/
# ./configure --enable-ltdl-install && make && make install
# cd ../../
//mhash-0.9.9.9.tar.gz
# cd /opt/php
# tar xf mhash-0.9.9.9.tar.gz
# cd mhash-0.9.9.9
# ./configure && make && make install
# cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib64/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib64/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib64/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib64/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib64/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib64/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib64/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib64/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib64/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/libmysqlclient.so.18
ln -s /usr/local/mysql/lib/libmysqlclient.so.18.1.0 /usr/lib64/libmysqlclient.so.18.1.0
//mcrypt-2.6.8.tar.gz
# cd /opt/php
# tar xf mcrypt-2.6.8.tar.gz
# cd mcrypt-2.6.8
# /sbin/ldconfig
# export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
# ./configure && make && make install
# cd ../
//libevent-2.0.21-stable.tar.gz
# cd /opt/php
# tar xf libevent-2.0.21-stable.tar.gz
# cd libevent-2.0.21-stable
# ./configure && make && make install
# ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib64/libevent-1.4.so.2
# ll /usr/lib | grep -i libevent
8、安装php(fastcgi)
//php-5.3.28.tar.gz
# cd /opt/php
# tar xf php-5.3.28.tar.gz
//php被丁,有助于防止邮件发送被滥用
//# php5-mail-header.patch
//# patch -d php-5.3.28 -p1 < php5-mail-header.patch
# cd php-5.3.28
./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-config-file-path=/usr/local/php --with-gd --enable-gd-native-ttf --with-iconv-dir --with-iconv --with-freetype-dir -with-jpeg-dir \
--with-png-dir --with-zlib --with-libxml-dir --with-mhash --with-mcrypt --with-xmlrpc --with-curl --with-curlwrappers --enable-xml \
--enable-fastcgi --enable-force-cgi-redirect --enable-fpm --enable-ftp --enable-zip --enable-sockets --enable-soap --enable-discard-path \
--enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --enable-pcntl \
--enable-simplexml --enable-mbstring --with-openssl --enable-discard-path --disable-debug --disable-rpath \
# make ZEND_EXTRA_LIBS='-liconv'
//编译如果出错之后,先执行make clean,然后再重新进行编译
# make install
# cp -a php.ini-production /usr/local/php/etc/php.ini
# cd ../
# cp -a /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
# rm -rf /etc/php.ini
# ln -s /usr/local/php/etc/php.ini /etc/php.ini
# vim /usr/local/php/etc/php-fpm.conf
pid = run/php-fpm.pid //去掉该行的"#"号即可
pm = dynamic
pm.max_children = 40
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 40
//制作php-fpm启动脚本
# vim /etc/init.d/php-fpm
#!/bin/bash
#
# Startup script for the PHP-FPM server.
#
# chkconfig: 345 85 15
# description: PHP is an HTML-embedded scripting language
# processname: php-fpm
# config: /usr/local/php/etc/php.ini
# Source function library.
. /etc/rc.d/init.d/functions
PHP_PATH=/usr/local
DESC="php-fpm daemon"
NAME=php-fpm
# php-fpm路径
DAEMON=$PHP_PATH/php/sbin/$NAME
# 配置文件路径
CONFIGFILE=$PHP_PATH/php/etc/php-fpm.conf
# PID文件路径(在php-fpm.conf设置)
PIDFILE=$PHP_PATH/php/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
rh_start() {
$DAEMON -y $CONFIGFILE || echo -n " already running"
}
rh_stop() {
kill -QUIT `cat $PIDFILE` || echo -n " not running"
}
rh_reload() {
kill -HUP `cat $PIDFILE` || echo -n " can't reload"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
rh_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
rh_stop
echo "."
;;
reload)
echo -n "Reloading $DESC configuration..."
rh_reload
echo "reloaded."
;;
restart)
echo -n "Restarting $DESC: $NAME"
rh_stop
sleep 1
rh_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload}" >&2
exit 3
;;
esac
exit 0
//必须配置php-fpm的pid,否则程序会出错
# chmod +x /etc/init.d/php-fpm
# chkconfig --add php-fpm
# chkconfig php-fpm on
# /etc/init.d/php-fpm start
10、php扩展模块
//memcache-3.0.6.tgz
# cd /opt/php
# tar xf memcache-3.0.6.tgz
# cd memcache-3.0.6
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install
//安装成功后,会提示,请记录
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
# cd ../
# vim /usr/local/php/etc/php.ini
extension_dir=”./” èextension_dir=”/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626”
extension = “memcache.so”
//eaccelerator-0.9.6.1.tgz
# cd /opt/php
# tar xf eaccelerator-0.9.6.1.tar.bz2
# cd eaccelerator-0.9.6.1
# /usr/local/php/bin/phpize
# ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config && make && make install
//安装成功后,会提示,请记录
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
# mkdir -p /tmp/eaccelerator
# chmod 777 /tmp/eaccelerator
# vim /usr/local/php/etc/php.ini
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.cache_dir="/tmp/eaccelerator"
extension = “eaccelerator.so”
[eaccelerator]
#共享内存设置,以M为单位,默认为0
eaccelerator.shm_size=”16”
#缓存目录
eaccelerator.cache_dir = "/tmp/eaccelerator"
#开启或关闭eaccelerator,1==开,0==关;默认为1
eaccelerator.enable = "1"
#启动或关闭内部优化器,默认为1
eaccelerator.optimizer = "1"
#启动或关闭PHP的文件修改检查;默认为1
eaccelerator.check_mtime = "1"
#启动或关闭高度日志记录
eaccelerator.debug = "0"
#判断哪些 PHP 文件必须缓存。可以指定缓存和不缓存的文件类型(如"*.php *.phtml"等),
如果参数以"!"开头,则匹配这些参数的文件被忽略缓存。默认值为 "";即,所有PHP文件都将被缓存。
eaccelerator.filter = ""
#当使用"eaccelerator_put()"函数时禁止其向共享内存中存储过大的文件,
该参数指定允许存储的最大值,单位:字节(10240,10K,1M)。"0"为不限制,默认值为"0"。
eaccelerator.shm_max = "0"
#当eAccelerator 获取新脚本的共享内存大小失败时,它将从共享内存中删除所有在最后"shm_ttl"秒内没有存取的脚本缓存,
默认值为"0",即:不从共享内春中删除任何缓存文件。
eaccelerator.shm_ttl = "0"
#当eAccelerator 获取新脚本的共享内存大小失败时,他将试图从共享内存中删除早于"shm_prune_period"秒的缓存脚本,
默认值为"0",即:不从共享内春中删除任何缓存文件。
eaccelerator.prune_period = "0"
#允许或禁止将已编译脚本缓存在磁盘上。该选项对session数据和内容缓存无效,默认值为"0",即:使用磁盘和共享内存进行缓存。
eaccelerator.shm_only = "0"
#允许或禁止压缩内容缓存,默认值为"1",即:允许压缩。
eaccelerator.compress = "1"
#指定内容缓存的压缩等级,默认值为"9",为最高等级。
eaccelerator.compress_level = "9"
eaccelerator.keys = "disk_only"
eaccelerator.session = "disk_only"
eaccelerator.content = "disk_only"
###这是控制面板的地址,安装包里有个control.php,把它复制到网站的任意目录,可以用它查看和管理,这个必须指定,否则查看缓存内容的时候会出错
eaccelerator.allowed_admin_path = "/www/hctest/eaccelerator"
# cd ../
//php5.4开始不支持eaccelerator,只能安装xcache
//xcache-3.0.1.tar.gz
//# cd /opt
//# tar xf xcache-3.0.1.tar.gz
//# cd xcache-3.0.1
//# ./configure && make && make install
//# vim /usr/local/php/etc/php.ini
[xcache-common]
extension = xcache.so
[xcache]
xcache.shm_scheme = "mmap"
xcache.size = 256M
xcache.count = 8
xcache.slots = 8K
xcache.ttl = 0
xcache.gc_interval = 0
xcache.var_size = 8M
xcache.var_count = 8
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300
xcache.test = Off
xcache.readonly_protection = Off
xcache.mmap_path = "/dev/zero"
xcache.coredump_directory = ""
xcache.cacher = On
xcache.stat = On
xcache.optimizer = Off
[xcache.coverager]
xcache.coverager = Off
xcache.coveragedump_directory = ""
//PDO_MYSQL-1.0.2.tgz
# cd /opt/php
# tar xf PDO_MYSQL-1.0.2.tgz
# cd PDO_MYSQL-1.0.2
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql && make && make install
# cd ../
//ImageMagick-6.7.1-6.tar.gz
# cd /opt/php
# tar xf ImageMagick-6.7.1-6.tar.gz
# cd ImageMagick-6.7.1-6
# ./configure && make && make install
# cd ../
//imagick-3.0.1.tgz
# cd /opt/php
# tar xf imagick-3.0.1.tgz
# cd imagick-3.0.1
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install
# cd ../
//ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz
# mkdir -p /usr/lib64/php/modules/
# cd /opt/php
# tar xf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz
# cd ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/
# cp -a /opt/php/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/lib64/php/modules/
//检查ZendGuardLoader.so是否存在?
# ll -a /usr/lib64/php/modules/
# vim /usr/local/php/etc/php.ini
[Zend.loader]
zend_extension=/usr/lib64/php/modules/ZendGuardLoader.so
zend_loader.enable=1
zend_loader.disable_licensing=0
zend_loader.obfuscation_level_support=3
zend_loader.license_path="/opt/ecstore/config/developer.zl"
# /etc/rc.d/init.d/php-fpm restart
11、php扩展模块(选取安装)
//sphinx-0.9.9.tar.gz
# cd /opt/php
# tar xf sphinx-0.9.9.tar.gz
# cd sphinx-0.9.9/api/libsphinxclient
# vim sphinxclient.c +1216
static void sock_close (int sock) --->修改为 void sock_close (int sock)
# ./configure --prefix=/usr/local/libsphinxclient && make && make install
# /usr/local/php/bin/pecl install sphinx
// scws-1.1.3.tar.bz2
# cd /opt/php
# tar xjvf scws-1.1.3.tar.bz2
# cd scws-1.1.3
# ./configure --prefix=/usr/local/scws && make && make install
# tar xjvf scws-dict-chs-utf8.tar.bz2 -C /usr/local/scws/etc
# cd /usr/local/shopex/scws-1.1.3/phpext/
# /usr/local/php/bin/phpize
# ./configure --with-scws=/usr/local/scws --with-php-config=/usr/local/php/bin/php-config && make && make install
//jpegsrc.v9.tar.gz
# cd /opt/php
# tar xf jpegsrc.v9.tar.gz
# cd jpeg-9
# ./configure --enable-shared --enable-static && make && make install
//ioncube_loaders_lin_x86-64.tar.gz
# cd /opt/php
# tar xf ioncube_loaders_lin_x86-64.tar.gz
# cd ioncube_loaders_lin_x86-64
# ./configure && make && make install
12、php扩展模块(优化内存)
//libunwind-1.1.tar.gz
# cd /opt/php
# tar xf libunwind-1.1.tar.gz
# cd libunwind-1.1
# ./configure && make && make install
# cd ../
//gperftools-2.1.tar.gz
# cd /opt/php
# tar xf gperftools-2.1.tar.gz
# cd gperftools-2.1
# ./configure --enable-frame-pointers && make && make install
# echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
# ldconfig
# cd ../
# mkdir -p /tmp/tcmalloc
# chmod 777 /tmp/tcmalloc
//重新编译nginx一次
13、php安全设置,禁用函数
//列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用
sed
-i 's#disable_functions =#disable_functions
=passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,
\
ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,
\
checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd,
posix_getegid,posix_geteuid,posix_getgid, \
posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,
posix_getppid,posix_getpwnam,posix_getpwuid, \
posix_getrlimit,
posix_getsid,posix_getuid,posix_isatty,
posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,
posix_setpgid, \
posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,
\
show_source#' /usr/local/php/etc/php.ini \
#设置时区(date.timezone = "")
修改为:date.timezone = PRC
#禁止显示php版本的信息(expose_php = ON)
修改为:expose_php = OFF
#支持php短标签(short_open_tag = OFF)
修改为:short_open_tag = ON
#检查allow_url_fopen是否开启
allow_url_fopen = On
14、整合nginx,php-fpm,tcmalloc
# vim /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes 4;
error_log logs/nginx_error.log crit;
worker_rlimit_nofile 1024;
pid /var/run/nginx.pid;
//整合nginx和tcmalloc
google_perftools_profiles /tmp/tcmalloc;
events
{
use epoll;
worker_connections 1024;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 0;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_disable "MSIE [1-6]\.";
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
include conf.d/*.conf;
}
# mkdir -p /usr/local/nginx/conf/conf.d
# vim /usr/local/nginx/conf/conf.d/hctest.conf
server {
listen 80;
server_name localhost;
#Prohibited under the data directory php file is accessed
location ~ ^/(.*)/data/.*\.(php)?$
{
return 404;
}
#Prohibited under the public directory php file is accessed
location ~ ^/(.*)/public/.*\.(php)?$
{
return 404;
}
#Prohibited under the themes directory php file is accessed
location ~ ^/(.*)/themes/.*\.(php)?$
{
return 404;
}
#Prohibited under the wap_themes directory php file is accessed
location ~ ^/(.*)/wap_themes/.*\.(php)?$
{
return 404;
}
location / {
root /www;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root www;
}
location ~ \.php {
root /www;
include fastcgi_params;
set $real_script_name $fastcgi_script_name;
#设置pathinfo
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
}
}
//可以参考/usr/local/nginx/conf/pathinfo.conf
# vim /usr/local/nginx/conf/fcgi.conf
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# /etc/rc.d/init.d/php-fpm restart
# /etc/rc.d/init.d/nginx restart
15、防止ddos攻击
# vim /etc/rc.local
//增加并发的Socket,有利于防止ddos攻击
sysctl kern.ipc.maxsockets = 100000
sysctl kern.ipc.somaxconn = 65535
//设置timeout时间
sysctl net.inet.tcp.msl = 2500
16、优化linux内核参数
# vim /etc/sysctl.conf
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65535
# /sbin/sysctl -p
# chown -R /www
# chmod 700 -R /www
17、防火墙配置(参考)
vim /etc/sysconfig/iptables
//允许80端口通过防火墙
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
//允许3306端口通过防火墙
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
//特别提示:如果这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口规则的下面,添加好之后防火墙规则如下所示:
###############################################################################################################################################################
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
18、安装svn
//sqlite-autoconf-3080403.tar.gz
# cd /opt/svn
# tar xf sqlite-autoconf-3080403.tar.gz
# cd sqlite-autoconf-3080403
# ./configure && make && make install
//subversion-1.8.9.tar.gz
# rpm -qa | grep -i subversion
# yum -y remove
# cd /opt/svn subversion-1.6.11-7.el6.x86_64
# yum -y install gcc openssl openssl-devel expat
# tar xf subversion-1.8.9.tar.gz
# cd subversion-1.8.9.tar.gz
# ./configure --prefix=/usr/local/svn && make && make install
# echo "export PATH=$PATH:/usr/local/svn/bin/" >> /etc/profile
# source /etc/profile
# svnserve --version
19、配置svn
# mkdir -p /svn/project/hctest
# chmod u+x /svn/project/hctest
# /usr/local/svn/bin/svnadmin create /svn/project/hctest
# cd /svn/project/hctest/conf
# vim svnserver.conf
[general]
anon-access = read
auth-access = write
password-db = /svn/project/hctest/conf/passwd
authz-db = /svn/project/hctest/conf/authz
# vim passwd
[users]
svnadmin = svnadmin
# vim authz
//设置用户组
[groups]
admin = svnadmin
//根目录权限设置(就是“/svn/project”这个文件夹)
[/]
//用户svnadmin权限是:可读写
svnadmin = rw
//用户svntest权限是:可读,不可写
svntest = r
//设置admin组权限
@admin = rw
//设置根目录下“hctest”文件夹的权限
[project:/hctest]
svnadmin = rw
svntest = r
//…以此类推
# /usr/local/svn/bin/svnserve -d -r /svn
# ps aux |grep -i svn
# kill -9 pid
20、svn全量备份与增量备份
# mkdir -p /data/svn_backup
# chmod 744 /data/svn_backup
# mkdir -p /data/svn_backup/full
# mkdir -p /data/svn_backup/increment
# mkdir -p /data/svn_backup/log
# vim /data/svn_backup_full.sh
#!/bin/sh
SVN_HOME=/usr/local/svn/bin
SVN_ADMIN=$SVN_HOME/svnadmin
SVN_LOOK=$SVN_HOME/svnlook
##配置库根目录
SVN_REPOROOT=/svn/project/hctest
##增量备份文件存放路径
date=$(date '+%Y-%m-%d')
RAR_STORE=/data/svn_backup/full/$date
if [ ! -d "$RAR_STORE" ];then
mkdir -p $RAR_STORE
fi
##读取项目库列表
cd $SVN_REPOROOT
for name in $(ls)
do
##开始做全量备份
$SVN_ADMIN hotcopy $SVN_REPOROOT/$name $RAR_STORE/$name
done
# vim /data/svn_backup_increment.sh
#!/bin/sh
SVN_HOME=/usr/local/svn/bin
SVN_ADMIN=$SVN_HOME/svnadmin
SVN_LOOK=$SVN_HOME/svnlook
##配置库根目录
SVN_REPOROOT=/svn/project/hctest
##增量备份文件存放路径
date=$(date '+%Y-%m-%d')
RAR_STORE=/data/svn_backup/increment/$date
if [ ! -d "$RAR_STORE" ];then
mkdir -p $RAR_STORE
fi
##日志存放目录
Log_PATH=/data/svn_backup/log
if [ ! -d "$Log_PATH" ];then
mkdir -p $Log_PATH
fi
##读取项目库列表
cd $SVN_REPOROOT
for name in $(ls)
do
if [ ! -d "$RAR_STORE/$name" ];then
mkdir $RAR_STORE/$name
fi
cd $RAR_STORE/$name
if [ ! -d "$Log_PATH/$name" ];then
mkdir $Log_PATH/$name
fi
echo ******Starting backup from $date****** >> $Log_PATH/$name/$name.log
echo ******svn repository $name startting to backup****** >> $Log_PATH/$name/$name.log
$SVN_LOOK youngest $SVN_REPOROOT/$name > $Log_PATH/A.TMP
UPPER=`head -1 $Log_PATH/A.TMP`
##取出上次备份后的版本号,并做+1处理
NUM_LOWER=`head -1 $Log_PATH/$name/last_revision.txt`
let LOWER="$NUM_LOWER+1"
##开始做增量备份并记录$UPPER,为下次备份做准备
$SVN_ADMIN dump $SVN_REPOROOT/$name -r $LOWER:$UPPER --incremental > $RAR_STORE/$name/$LOWER-$UPPER.dump
rm -f $Log_PATH/A.TMP
echo $UPPER > $Log_PATH/$name/last_revision.txt
echo ******This time we bakcup from $LOWER to $UPPER****** >> $Log_PATH/$name/$name.log
echo ******Back up ended****** >> $Log_PATH/$name/$name.log
done
阅读(4949) | 评论(0) | 转发(0) |
