Chinaunix首页 | 论坛 | 博客
  • 博客访问: 43447
  • 博文数量: 5
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 123
  • 用 户 组: 普通用户
  • 注册时间: 2013-03-30 18:23
文章分类

全部博文(5)

文章存档

2014年(4)

2013年(1)

我的朋友

分类: 系统运维

2014-05-17 16:00:45

1、安装依赖库
# yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib \
  zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 \
  krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers expat expat-devel \

2、安装pcre,让nginx支持正则表达式
//pcre-8.35.tar.gz
# cd /opt/nginx
# tar xf pcre-8.35.tar.gz
# cd pcre-8.35
# ./configure && make && make install
# cd ../
# ln -s /usr/local/lib/libpcre.so.1 /lib64/libpcre.so.1
//软连接不行就拷贝库文件
# cp /usr/local/lib/libpcre.so.1 /lib64/

3安装nginx
//nginx-1.4.7.tar.gz
# groupadd -r www
# useradd -r -g www -s /sbin/nologin -M www
# mkdir -p /var/log/nginx
# chown -R www:www /var/log/nginx
# cd /opt/nginx
# tar xf nginx-1.4.7.tar.gz
# cd nginx-1.4.7
# ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_realip_module --with-http_addition_module \
  --with-http_gzip_static_module --with-http_random_index_module --with-http_stub_status_module --with-http_sub_module --with-http_dav_module \
  --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module \
  --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_mp4_module \
  --with-mail --with-mail_ssl_module --with-file-aio --with-pcre --with-ipv6 \
  --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
//根据yum安装nginx,提取的编译参数(供参考)
//--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log \
//--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock \
//--http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
//--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
//--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx \
# make && make install
# cd ../
# ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
//加载nginx库文件
# ldd $(which /usr/local/nginx/sbin/nginx)
//初次启动nginx
# /usr/local/nginx/sbin/nginx -c  /usr/local/nginx/conf/nginx.conf
//制作nging启动脚本
# vim /etc/init.d/nginx

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

# chmod +x /etc/init.d/nginx
# chkconfig --add nginx
# chkconfig nginx on
# /etc/init.d/nginx restart

//创建定时切割Nginx日志脚本

# vim /usr/local/nginx/sbin/cut_nginx_log.sh

#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path="/var/log/nginx/logs/"

mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`

# crontab -e
  00 00 * * * /bin/bash  /usr/local/nginx/sbin/cut_nginx_log.sh

4安装cmake
//cmake-2.8.12.2.tar.gz
# yum -y install bison ncurses ncurses-base ncurses-devel ncurses-libs
# cd /opt/mysql
# tar xf cmake-2.8.12.2.tar.gz
# cd cmake-2.8.12.2
# ./configure && make && make install
# cd ../

5安装mysql
//mysql-5.6.17.tar.gz
# groupadd mysql
# useradd -r -g mysql mysql
# mkdir -p /data/mysql
# mkdir -p /data/mysql/logs
# chown mysql:mysql /data
# chown mysql:mysql /data/mysql
# chown mysql:mysql /data/mysql/logs
# cd /opt/mysql
# tar xf mysql-5.6.17.tar.gz
# cd mysql-5.6.17
# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data/mysql/ -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 \
  -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS:STRING=utf8,gbk -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 \
  -DWITH_MEMORY_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1 -DWITH_READLINE=1 -DEXTRA_CHARSETS=all \
//编译时间较长,512M内存的机器需时40分钟左右
# make && make install
# cd ../
//配置my.cnf
# vim /etc/my.cnf
 [client]
 port=3306
 socket=/data/mysql/mysql.sock
 default-character-set=utf8
 
 [mysqld]
 port=3306
 socket=/data/mysql/mysql.sock
 skip-external-locking
 key_buffer_size=16M
 max_allowed_packet=1M
 table_open_cache=64
 sort_buffer_size=512K
 net_buffer_length=8K
 read_buffer_size=256K
 read_rnd_buffer_size=512K
 myisam_sort_buffer_size=8M
 character_set_server=utf8
 collation-server=utf8_general_ci
 lower_case_table_names=1
 character_set_client=utf8
#pid-file=/data/mysql/rhel6.db1.pid
 datadir=/data/mysql

 log-error=/data/mysql/logs/mysqld.err

 log-bin=/data/mysql/logs/mysqlbinlog
 log-bin-index=/data/mysql/logs/mysql_binlog_index
 sync-binlog=0
 max_binlog_size=102400000

 slow-query-log
 slow_query_log_file=/data/mysql/logs/slow-query-logs
 long_query_time=0.5

 general_log
 general_log_file=/data/mysql/logs/query.logs

//初次启动mysql
# cd /usr/local/mysql
# chown -R mysql:mysql .
# scripts/mysql_install_db --user=mysql
# chown -R root .
# chown -R mysql data
//创建mysql启动脚本
# cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql
# cd /usr/local/mysql/data
# \cp -a ./* /data/mysql
# /etc/init.d/mysql start
# chkconfig --add mysql
# chkconfig mysql on
//创建mysql软链接
# ln -s /usr/local/mysql/bin/mysql /usr/bin/
//解决mysql不能读写问题[Starting MySQL.....The server quit without updating PID fil[FAILED]/mysql/data/rhel6.web1.pid)]
# mkdir -p /var/lib/mysql/tmp
# chown mysql:mysql /var/lib/mysql/tmp
# vim /etc/my.cnf                                                              
  [mysqld]
  tmpdir=/var/lib/mysql/tmp
# mysql
//修改mysql用户密码信息
//切换mysql.tables
mysql>use mysql;
//配置root用户权限
mysql>GRANT ALL PRIVILEGES ON *.* TO root@"%" IDENTIFIED BY "root";    
//修改密码为“123456”
mysql>update user set Password = password('123456') where User='root';
//刷新数据库
mysql>flush privileges;    
mysql>exit;
# /usr/local/mysql/bin/mysql -uroot -p

6破解mysql密码
# /etc/init.d/mysql stop
# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &
# mysql -u root mysql
mysql> UPDATE mysql.user SET Password=PASSWORD('123456') WHERE User='root';
mysql> FLUSH PRIVILEGES;
# /etc/init.d/mysql restart
# mysql -uroot -p
Enter password: <输入新设的密码123456>
mysql> SET PASSWORD = PASSWORD('123456');

mysql> select Host,User,Password from mysql.user;

7安装php扩展库

//libiconv-1.14.tar.gz
# cd /opt/php
# tar xf libiconv-1.14.tar.gz
# cd libiconv-1.14
# ./configure && make && make install
# cd ../
//libmcrypt-2.5.8.tar.gz
# cd /opt/php
# tar xf libmcrypt-2.5.8.tar.gz
# cd libmcrypt-2.5.8
# ./configure && make && make install
# /sbin/ldconfig
# cd libltdl/
# ./configure --enable-ltdl-install && make && make install
# cd ../../
//mhash-0.9.9.9.tar.gz                                                                                                
# cd /opt/php
# tar xf mhash-0.9.9.9.tar.gz
# cd mhash-0.9.9.9
# ./configure && make && make install
# cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib64/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib64/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib64/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib64/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib64/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib64/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib64/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib64/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib64/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/libmysqlclient.so.18
ln -s /usr/local/mysql/lib/libmysqlclient.so.18.1.0 /usr/lib64/libmysqlclient.so.18.1.0
//mcrypt-2.6.8.tar.gz
# cd /opt/php
# tar xf mcrypt-2.6.8.tar.gz
# cd mcrypt-2.6.8
# /sbin/ldconfig
# export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
# ./configure && make && make install
# cd ../
//libevent-2.0.21-stable.tar.gz
# cd /opt/php
# tar xf libevent-2.0.21-stable.tar.gz
# cd libevent-2.0.21-stable
# ./configure && make && make install
# ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib64/libevent-1.4.so.2
# ll /usr/lib | grep -i libevent

8安装php(fastcgi)
//php-5.3.28.tar.gz
# cd /opt/php
# tar xf php-5.3.28.tar.gz
//php被丁,有助于防止邮件发送被滥用
//# php5-mail-header.patch
//# patch -d php-5.3.28 -p1 < php5-mail-header.patch
# cd php-5.3.28
  ./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config \
  --with-config-file-path=/usr/local/php --with-gd --enable-gd-native-ttf --with-iconv-dir --with-iconv --with-freetype-dir -with-jpeg-dir \
  --with-png-dir --with-zlib --with-libxml-dir --with-mhash --with-mcrypt --with-xmlrpc --with-curl --with-curlwrappers --enable-xml \
  --enable-fastcgi --enable-force-cgi-redirect --enable-fpm --enable-ftp --enable-zip --enable-sockets --enable-soap --enable-discard-path \
  --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --enable-pcntl \
  --enable-simplexml --enable-mbstring --with-openssl --enable-discard-path --disable-debug --disable-rpath \
# make ZEND_EXTRA_LIBS='-liconv'
//编译如果出错之后,先执行make clean,然后再重新进行编译
# make install
# cp -a php.ini-production /usr/local/php/etc/php.ini
# cd ../
# cp -a /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
# rm -rf /etc/php.ini
# ln -s /usr/local/php/etc/php.ini /etc/php.ini
# vim /usr/local/php/etc/php-fpm.conf
  pid = run/php-fpm.pid //去掉该行的"#"号即可                                                          
  pm = dynamic
  pm.max_children = 40
  pm.start_servers = 10
  pm.min_spare_servers = 10
  pm.max_spare_servers = 40
//制作php-fpm启动脚本
# vim /etc/init.d/php-fpm

#!/bin/bash
#
# Startup script for the PHP-FPM server.
#
# chkconfig: 345 85 15
# description: PHP is an HTML-embedded scripting language
# processname: php-fpm
# config: /usr/local/php/etc/php.ini
 
# Source function library.
. /etc/rc.d/init.d/functions
 
PHP_PATH=/usr/local
DESC="php-fpm daemon"
NAME=php-fpm
# php-fpm路径
DAEMON=$PHP_PATH/php/sbin/$NAME
# 配置文件路径
CONFIGFILE=$PHP_PATH/php/etc/php-fpm.conf
# PID文件路径(在php-fpm.conf设置)
PIDFILE=$PHP_PATH/php/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
 
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
 
rh_start() {
  $DAEMON -y $CONFIGFILE || echo -n " already running"
}
 
rh_stop() {
  kill -QUIT `cat $PIDFILE` || echo -n " not running"
}
 
rh_reload() {
  kill -HUP `cat $PIDFILE` || echo -n " can't reload"
}
 
case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        rh_start
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        rh_stop
        echo "."
        ;;
  reload)
        echo -n "Reloading $DESC configuration..."
        rh_reload
        echo "reloaded."
  ;;
  restart)
        echo -n "Restarting $DESC: $NAME"
        rh_stop
        sleep 1
        rh_start
        echo "."
        ;;
  *)
         echo "Usage: $SCRIPTNAME {start|stop|restart|reload}" >&2
         exit 3
        ;;
esac
exit 0
//必须配置php-fpm的pid,否则程序会出错

# chmod +x /etc/init.d/php-fpm
# chkconfig --add php-fpm
# chkconfig php-fpm on
# /etc/init.d/php-fpm start

10php扩展模块
//memcache-3.0.6.tgz
# cd /opt/php
# tar xf memcache-3.0.6.tgz
# cd memcache-3.0.6
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install
//安装成功后,会提示,请记录
  Installing shared extensions:    /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
# cd ../
# vim /usr/local/php/etc/php.ini
  extension_dir=”./” èextension_dir=”/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626”
  extension = “memcache.so”
//eaccelerator-0.9.6.1.tgz
# cd /opt/php
# tar xf eaccelerator-0.9.6.1.tar.bz2
# cd eaccelerator-0.9.6.1
# /usr/local/php/bin/phpize
# ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config && make && make install
//安装成功后,会提示,请记录
  Installing shared extensions:    /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
# mkdir -p /tmp/eaccelerator
# chmod 777 /tmp/eaccelerator
# vim /usr/local/php/etc/php.ini
  zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
  eaccelerator.cache_dir="/tmp/eaccelerator"
  extension = “eaccelerator.so”
  [eaccelerator]
  #共享内存设置,以M为单位,默认为0
  eaccelerator.shm_size=”16”
  #缓存目录
  eaccelerator.cache_dir = "/tmp/eaccelerator"
  #开启或关闭eaccelerator,1==开,0==关;默认为1
  eaccelerator.enable = "1"
  #启动或关闭内部优化器,默认为1
  eaccelerator.optimizer = "1"
  #启动或关闭PHP的文件修改检查;默认为1
  eaccelerator.check_mtime = "1"
  #启动或关闭高度日志记录
  eaccelerator.debug = "0"
  #判断哪些 PHP 文件必须缓存。可以指定缓存和不缓存的文件类型(如"*.php *.phtml"等),
   如果参数以"!"开头,则匹配这些参数的文件被忽略缓存。默认值为 "";即,所有PHP文件都将被缓存。
  eaccelerator.filter = ""
  #当使用"eaccelerator_put()"函数时禁止其向共享内存中存储过大的文件,
   该参数指定允许存储的最大值,单位:字节(10240,10K,1M)。"0"为不限制,默认值为"0"。
  eaccelerator.shm_max = "0"
  #当eAccelerator 获取新脚本的共享内存大小失败时,它将从共享内存中删除所有在最后"shm_ttl"秒内没有存取的脚本缓存,
   默认值为"0",即:不从共享内春中删除任何缓存文件。
  eaccelerator.shm_ttl = "0"
  #当eAccelerator 获取新脚本的共享内存大小失败时,他将试图从共享内存中删除早于"shm_prune_period"秒的缓存脚本,
   默认值为"0",即:不从共享内春中删除任何缓存文件。
  eaccelerator.prune_period = "0"
  #允许或禁止将已编译脚本缓存在磁盘上。该选项对session数据和内容缓存无效,默认值为"0",即:使用磁盘和共享内存进行缓存。
  eaccelerator.shm_only = "0"
  #允许或禁止压缩内容缓存,默认值为"1",即:允许压缩。
  eaccelerator.compress = "1"
  #指定内容缓存的压缩等级,默认值为"9",为最高等级。
  eaccelerator.compress_level = "9"        
  eaccelerator.keys = "disk_only"
  eaccelerator.session = "disk_only"
  eaccelerator.content = "disk_only"
  ###这是控制面板的地址,安装包里有个control.php,把它复制到网站的任意目录,可以用它查看和管理,这个必须指定,否则查看缓存内容的时候会出错
  eaccelerator.allowed_admin_path = "/www/hctest/eaccelerator"
# cd ../
//php5.4开始不支持eaccelerator,只能安装xcache
//xcache-3.0.1.tar.gz
//# cd /opt
//# tar xf xcache-3.0.1.tar.gz
//# cd xcache-3.0.1
//# ./configure && make && make install
//# vim /usr/local/php/etc/php.ini
    [xcache-common]  
    extension = xcache.so  
 
    [xcache]  
    xcache.shm_scheme =        "mmap"
    xcache.size  =               256M
    xcache.count =                 8
    xcache.slots =                8K
    xcache.ttl   =                 0
    xcache.gc_interval =           0
 
    xcache.var_size  =            8M
    xcache.var_count =             8
    xcache.var_slots =            8K
    xcache.var_ttl   =             0
    xcache.var_maxttl   =          0
    xcache.var_gc_interval =     300
 
    xcache.test =                Off
    xcache.readonly_protection = Off
    xcache.mmap_path =    "/dev/zero"
 
    xcache.coredump_directory =   ""
 
    xcache.cacher =               On
    xcache.stat   =               On
    xcache.optimizer =           Off
 
    [xcache.coverager]  
    xcache.coverager =          Off
 
    xcache.coveragedump_directory = ""
//PDO_MYSQL-1.0.2.tgz
# cd /opt/php
# tar xf PDO_MYSQL-1.0.2.tgz
# cd PDO_MYSQL-1.0.2
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql && make && make install
# cd ../
//ImageMagick-6.7.1-6.tar.gz
# cd /opt/php
# tar xf ImageMagick-6.7.1-6.tar.gz
# cd ImageMagick-6.7.1-6
# ./configure && make && make install
# cd ../
//imagick-3.0.1.tgz
# cd /opt/php
# tar xf imagick-3.0.1.tgz
# cd imagick-3.0.1
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install
# cd ../
//ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz                    
# mkdir -p /usr/lib64/php/modules/
# cd /opt/php
# tar xf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz
# cd ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/
# cp -a /opt/php/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/lib64/php/modules/
//检查ZendGuardLoader.so是否存在?
# ll -a /usr/lib64/php/modules/
# vim /usr/local/php/etc/php.ini
  [Zend.loader]
  zend_extension=/usr/lib64/php/modules/ZendGuardLoader.so
  zend_loader.enable=1
  zend_loader.disable_licensing=0
  zend_loader.obfuscation_level_support=3
  zend_loader.license_path="/opt/ecstore/config/developer.zl"
# /etc/rc.d/init.d/php-fpm restart

11php扩展模块(选取安装)
//sphinx-0.9.9.tar.gz
# cd /opt/php
# tar xf sphinx-0.9.9.tar.gz
# cd sphinx-0.9.9/api/libsphinxclient
# vim sphinxclient.c +1216
  static void sock_close (int sock)  --->修改为  void sock_close (int sock)
# ./configure --prefix=/usr/local/libsphinxclient && make && make install
# /usr/local/php/bin/pecl install sphinx
// scws-1.1.3.tar.bz2
# cd /opt/php
# tar xjvf scws-1.1.3.tar.bz2
# cd scws-1.1.3
# ./configure --prefix=/usr/local/scws && make && make install
# tar xjvf scws-dict-chs-utf8.tar.bz2 -C /usr/local/scws/etc
# cd /usr/local/shopex/scws-1.1.3/phpext/
# /usr/local/php/bin/phpize
# ./configure --with-scws=/usr/local/scws --with-php-config=/usr/local/php/bin/php-config && make && make install
//jpegsrc.v9.tar.gz
# cd /opt/php
# tar xf jpegsrc.v9.tar.gz
# cd jpeg-9
# ./configure --enable-shared --enable-static && make && make install
//ioncube_loaders_lin_x86-64.tar.gz
# cd /opt/php
# tar xf ioncube_loaders_lin_x86-64.tar.gz
# cd ioncube_loaders_lin_x86-64
# ./configure && make && make install

12php扩展模块(优化内存)
//libunwind-1.1.tar.gz                           
# cd /opt/php
# tar xf libunwind-1.1.tar.gz
# cd libunwind-1.1
# ./configure && make && make install
# cd ../
//gperftools-2.1.tar.gz
# cd /opt/php
# tar xf gperftools-2.1.tar.gz
# cd gperftools-2.1
# ./configure --enable-frame-pointers && make && make install
# echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
# ldconfig
# cd ../
# mkdir -p /tmp/tcmalloc
# chmod 777 /tmp/tcmalloc
//重新编译nginx一次

13php安全设置,禁用函数
//列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用
sed -i 's#disable_functions =#disable_functions =passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter, \
ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr, \
checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, \
posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, \
posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid, \
posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file, \
show_source#' /usr/local/php/etc/php.ini \
#设置时区(date.timezone = "")
修改为:date.timezone = PRC
#禁止显示php版本的信息(expose_php = ON)
修改为:expose_php = OFF
#支持php短标签(short_open_tag = OFF)
修改为:short_open_tag = ON
#检查allow_url_fopen是否开启
allow_url_fopen = On

14整合nginx,php-fpm,tcmalloc
# vim /usr/local/nginx/conf/nginx.conf
 
  user  www www;
  worker_processes 4;
  error_log  logs/nginx_error.log  crit;
  worker_rlimit_nofile 1024;

  pid  /var/run/nginx.pid;
  //整合nginx和tcmalloc
  google_perftools_profiles  /tmp/tcmalloc;
 
  events
  {
    use epoll;
    worker_connections 1024;
  }

  http
  {
    include       mime.types;
    default_type  application/octet-stream;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    keepalive_timeout 0;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    gzip    on;
    gzip_min_length   1k;
    gzip_buffers   4 8k;
    gzip_http_version  1.1;
    gzip_types   text/plain application/x-javascript text/css  application/xml;
    gzip_disable "MSIE [1-6]\.";

    log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for';

    include conf.d/*.conf;
  }

# mkdir -p /usr/local/nginx/conf/conf.d
# vim /usr/local/nginx/conf/conf.d/hctest.conf
  server {
    listen       80;
    server_name  localhost;

    #Prohibited under the data directory php file is accessed
    location ~ ^/(.*)/data/.*\.(php)?$
    {
        return 404;
    }

    #Prohibited under the public directory php file is accessed
    location ~ ^/(.*)/public/.*\.(php)?$
    {
        return 404;
    }

    #Prohibited under the themes directory php file is accessed
    location ~ ^/(.*)/themes/.*\.(php)?$
    {
        return 404;
    }

    #Prohibited under the wap_themes directory php file is accessed
    location ~ ^/(.*)/wap_themes/.*\.(php)?$
    {
        return 404;
    }

    location / {
        root   /www;
        index  index.php index.html index.htm;
        }
        
    error_page   500 502 503 504  /50x.html;
       
    location = /50x.html {
        root   www;
        }
        
    location ~ \.php {
        root /www;
        include        fastcgi_params;
        set $real_script_name $fastcgi_script_name;
            
    #设置pathinfo
        set $path_info "";
        set $real_script_name $fastcgi_script_name;
        if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
            set $real_script_name $1;
            set $path_info $2;
        }
    
    fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;

    fastcgi_param SCRIPT_NAME $real_script_name;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    }
 }

//可以参考/usr/local/nginx/conf/pathinfo.conf

# vim /usr/local/nginx/conf/fcgi.conf
  fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

  fastcgi_param  QUERY_STRING       $query_string;
  fastcgi_param  REQUEST_METHOD     $request_method;
  fastcgi_param  CONTENT_TYPE       $content_type;
  fastcgi_param  CONTENT_LENGTH     $content_length;

  fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
  fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  fastcgi_param  REQUEST_URI        $request_uri;
  fastcgi_param  DOCUMENT_URI       $document_uri;
  fastcgi_param  DOCUMENT_ROOT      $document_root;
  fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  fastcgi_param  HTTPS              $https if_not_empty;

  fastcgi_param  REMOTE_ADDR        $remote_addr;
  fastcgi_param  REMOTE_PORT        $remote_port;
  fastcgi_param  SERVER_ADDR        $server_addr;
  fastcgi_param  SERVER_PORT        $server_port;
  fastcgi_param  SERVER_NAME        $server_name;

  # PHP only, required if PHP was built with --enable-force-cgi-redirect
  fastcgi_param  REDIRECT_STATUS    200;

# /etc/rc.d/init.d/php-fpm restart
# /etc/rc.d/init.d/nginx restart

15防止ddos攻击
# vim /etc/rc.local
  //增加并发的Socket,有利于防止ddos攻击
  sysctl kern.ipc.maxsockets = 100000
  sysctl kern.ipc.somaxconn = 65535
  //设置timeout时间
  sysctl net.inet.tcp.msl = 2500

16优化linux内核参数
# vim /etc/sysctl.conf
  net.core.netdev_max_backlog = 32768
  net.core.somaxconn = 32768
  net.core.wmem_default = 8388608
  net.core.rmem_default = 8388608
  net.core.rmem_max = 16777216
  net.core.wmem_max = 16777216
  net.ipv4.tcp_fin_timeout = 30
  net.ipv4.tcp_keepalive_time = 300
  net.ipv4.tcp_syncookies = 1
  net.ipv4.tcp_max_syn_backlog = 65536
  net.ipv4.tcp_timestamps = 0
  net.ipv4.tcp_synack_retries = 2
  net.ipv4.tcp_syn_retries = 2
  net.ipv4.tcp_tw_recycle = 1
  net.ipv4.tcp_tw_reuse = 1
  net.ipv4.tcp_mem = 94500000 915000000 927000000
  net.ipv4.tcp_max_orphans = 3276800
  net.ipv4.ip_local_port_range = 1024  65535
# /sbin/sysctl -p

# chown -R /www
# chmod 700 -R /www

17防火墙配置(参考)
vim /etc/sysconfig/iptables
//允许80端口通过防火墙
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
//允许3306端口通过防火墙
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
//特别提示:如果这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口规则的下面,添加好之后防火墙规则如下所示:
###############################################################################################################################################################
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

18安装svn
//sqlite-autoconf-3080403.tar.gz
# cd /opt/svn
# tar xf sqlite-autoconf-3080403.tar.gz
# cd sqlite-autoconf-3080403
# ./configure && make && make install
//subversion-1.8.9.tar.gz
# rpm -qa | grep -i subversion
# yum -y remove
# cd /opt/svn subversion-1.6.11-7.el6.x86_64
# yum -y install gcc openssl openssl-devel expat
# tar xf subversion-1.8.9.tar.gz
# cd subversion-1.8.9.tar.gz
# ./configure --prefix=/usr/local/svn && make && make install
# echo "export PATH=$PATH:/usr/local/svn/bin/" >> /etc/profile
# source /etc/profile
# svnserve --version

19配置svn
# mkdir -p /svn/project/hctest
# chmod u+x /svn/project/hctest
# /usr/local/svn/bin/svnadmin create /svn/project/hctest
# cd /svn/project/hctest/conf
# vim svnserver.conf
  [general]
  anon-access = read
  auth-access = write
  password-db = /svn/project/hctest/conf/passwd
  authz-db = /svn/project/hctest/conf/authz
# vim passwd
  [users]
  svnadmin = svnadmin
# vim authz
  //设置用户组
  [groups]
  admin = svnadmin
  //根目录权限设置(就是“/svn/project”这个文件夹)
  [/]
  //用户svnadmin权限是:可读写
  svnadmin = rw
  //用户svntest权限是:可读,不可写
  svntest = r
  //设置admin组权限
  @admin = rw
  //设置根目录下“hctest”文件夹的权限
  [project:/hctest]
  svnadmin = rw
  svntest = r
  //…以此类推
# /usr/local/svn/bin/svnserve -d -r /svn
# ps aux |grep -i svn
# kill -9 pid

20svn全量备份与增量备份
# mkdir -p /data/svn_backup
# chmod 744 /data/svn_backup
# mkdir -p /data/svn_backup/full
# mkdir -p /data/svn_backup/increment
# mkdir -p /data/svn_backup/log

# vim /data/svn_backup_full.sh
#!/bin/sh
SVN_HOME=/usr/local/svn/bin
SVN_ADMIN=$SVN_HOME/svnadmin
SVN_LOOK=$SVN_HOME/svnlook
##配置库根目录
SVN_REPOROOT=/svn/project/hctest
##增量备份文件存放路径
date=$(date '+%Y-%m-%d')
RAR_STORE=/data/svn_backup/full/$date
if [ ! -d "$RAR_STORE" ];then
mkdir -p $RAR_STORE
fi
##读取项目库列表
cd $SVN_REPOROOT
for name in $(ls)
do
##开始做全量备份
$SVN_ADMIN hotcopy $SVN_REPOROOT/$name $RAR_STORE/$name
done

# vim /data/svn_backup_increment.sh
#!/bin/sh
SVN_HOME=/usr/local/svn/bin
SVN_ADMIN=$SVN_HOME/svnadmin
SVN_LOOK=$SVN_HOME/svnlook
##配置库根目录
SVN_REPOROOT=/svn/project/hctest
##增量备份文件存放路径
date=$(date '+%Y-%m-%d')
RAR_STORE=/data/svn_backup/increment/$date
if [ ! -d "$RAR_STORE" ];then
mkdir -p $RAR_STORE
fi
##日志存放目录
Log_PATH=/data/svn_backup/log
if [ ! -d "$Log_PATH" ];then
mkdir -p $Log_PATH
fi
##读取项目库列表
cd $SVN_REPOROOT
for name in $(ls)
do
if [ ! -d "$RAR_STORE/$name" ];then
mkdir $RAR_STORE/$name
fi
cd $RAR_STORE/$name
if [ ! -d "$Log_PATH/$name" ];then
mkdir $Log_PATH/$name
fi
echo ******Starting backup from $date****** >> $Log_PATH/$name/$name.log
echo ******svn repository $name startting to backup****** >> $Log_PATH/$name/$name.log
$SVN_LOOK youngest $SVN_REPOROOT/$name > $Log_PATH/A.TMP
UPPER=`head -1 $Log_PATH/A.TMP`
##取出上次备份后的版本号,并做+1处理
NUM_LOWER=`head -1 $Log_PATH/$name/last_revision.txt`
let LOWER="$NUM_LOWER+1"
##开始做增量备份并记录$UPPER,为下次备份做准备
$SVN_ADMIN dump $SVN_REPOROOT/$name -r $LOWER:$UPPER --incremental > $RAR_STORE/$name/$LOWER-$UPPER.dump
rm -f $Log_PATH/A.TMP
echo $UPPER > $Log_PATH/$name/last_revision.txt
echo ******This time we bakcup from $LOWER to $UPPER****** >> $Log_PATH/$name/$name.log
echo ******Back up ended****** >> $Log_PATH/$name/$name.log
done
阅读(4954) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~