三、编译安装A.M.P环境1.下载软件编译安装 1)下载软件- # cd /usr/local/src
- httpd-2.2.8.tar.gz
- mysql-5.0.51b.tar.gz
- php-5.2.6.tar.bz2
- ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
复制代码 2) 安装MySQL 查看分析你的CPU型号: 查找您的GCC编译参数. 确定系统CPU类型: # cat /proc/cpuinfo | grep "model name" 执行后会看到系统中CPU的具体型号,记下CPU型号。- # tar xvf mysql-5.0.51b.tar.gz
- # cd mysql-5.0.51b
- # vi mysql.sh
- -------------------cut begin-------------------------------------------
- •CHOST="i686-pc-linux-gnu"
- •CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
- •CXXFLAGS="${CFLAGS}"
- •./configure \
- • "--prefix=/usr/local/mysql" \
- • "--localstatedir=/data/mysql/data" \
- • "--with-comment=Source" \
- • "--with-server-suffix=-LinuxTone" \
- • "--with-mysqld-user=mysql" \
- • "--without-debug" \
- • "--with-big-tables" \
- • "--with-charset=utf8" \
- • "--with-collation=utf8_chinese_ci" \
- • "--with-extra-charsets=all" \
- • "--with-pthread" \
- • "--enable-static" \
- • "--enable-thread-safe-client" \
- • "--with-client-ldflags=-all-static" \
- • "--with-mysqld-ldflags=-all-static" \
- • "--enable-assembler" \
- • "--without-isam" \
- • "--without-innodb" \
- • "--without-ndb-debug"
- •make && make install
- •mkdir -p /data/mysql/data
- •useradd mysql -d /data/mysql -s /sbin/nologin
- •/usr/local/mysql/bin/mysql_install_db --user=mysql
- •cd /usr/local/mysql
- •chown -R root:mysql .
- •chown -R mysql /data/mysql/data
- •cp share/mysql/my-huge.cnf /etc/my.cnf
- •cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
- •chmod 755 /etc/rc.d/init.d/mysqld
- •chkconfig --add mysqld
- •/etc/rc.d/init.d/mysqld start
- •
- •cd /usr/local/mysql/bin
- •for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done
- •
复制代码 •-------------------cut end---------------------------------------------复制代码#sh mysql.sh 即可开始编译.- 3) 编译安装Apache
- # cd /usr/local/src
- # tar xvf httpd-2.2.8.tar.gz
- # cd httpd-2.2.8
- ./configure \
- • "--prefix=/usr/local/apache2" \
- • "--with-included-apr" \
- • "--enable-so" \
- • "--enable-deflate=shared" \
- • "--enable-expires=shared" \
- • "--enable-rewrite=shared" \
- • "--enable-static-support" \
- • "--disable-userdir"
- •make
- •make install
- •echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
复制代码 复制代码4.)编译安装PHP- # cd /usr/local/src
- # tar xjvf php-5.2.6.tar.bz2
- # cd php-5.2.6
- ./configure \
- • "--prefix=/usr/local/php" \
- • "--with-apxs2=/usr/local/apache2/bin/apxs" \
- • "--with-config-file-path=/usr/local/php/etc" \
- • "--with-mysql=/usr/local/mysql" \
- • "--with-libxml-dir=/usr/local/libxml2" \
- • "--with-gd=/usr/local/gd2" \
- • "--with-jpeg-dir" \
- • "--with-png-dir" \
- • "--with-bz2" \
- • "--with-freetype-dir" \
- • "--with-iconv-dir" \
- • "--with-zlib-dir " \
- • "--with-openssl=/usr/local/openssl" \
- • "--with-mcrypt=/usr/local/libmcrypt" \
- • "--enable-soap" \
- • "--enable-gd-native-ttf" \
- • "--enable-ftp" \
- • "--enable-mbstring" \
- • "--enable-exif" \
- • "--disable-ipv6" \
- • "--disable-cgi" \
- • "--disable-cli" #禁掉ipv6,禁掉cli模式,提升速度和安全性.请根据具体需求定制相关的编译数.
- •make
- •make install
- •mkdir /usr/local/php/etc
- •cp php.ini-dist /usr/local/php/etc/php.ini
复制代码- 复制代码5)Xcache的安装.
- #tar xvf xcache-1.2.2.tar.gz
- #/usr/local/php/bin/phpize
- • ./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php/bin/php-config \
- • --enable-inline-optimization --disable-debug
复制代码 复制代码#vi /usr/local/php/etc/php.ini (将以下内容加入php.ini最后面)-------------------cut begin-------------------------------------------- •[xcache-common]
- •zend_extension = /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/xcache.so
- •
- •[xcache.admin]
- •xcache.admin.user = "admin"
- •;如何生成md5密码: echo -n "password"| md5sum
- •xcache.admin.pass = "035d849226a8a10be1a5e0fec1f0f3ce" #密码为52netseek
- •
- •[xcache]
- •; Change xcache.size to tune the size of the opcode cache
- •xcache.size = 24M
- •xcache.shm_scheme = "mmap"
- •xcache.count = 4
- •xcache.slots = 8K
- •xcache.ttl = 0
- •xcache.gc_interval = 0
- •
- •; Change xcache.var_size to adjust the size of variable cache
- •xcache.var_size = 8M
- •xcache.var_count = 1
- •xcache.var_slots = 8K
- •xcache.var_ttl = 0
- •xcache.var_maxttl = 0
- •xcache.var_gc_interval = 300
- •xcache.test = Off
- •xcache.readonly_protection = On
- •xcache.mmap_path = "/tmp/xcache"
- •xcache.coredump_directory = ""
- •xcache.cacher = On
- •xcache.stat = On
- •xcache.optimizer = Off
- •
- •[xcache.coverager]
- •xcache.coverager = On
- •xcache.coveragedump_directory = ""
复制代码 •-------------------cut end---------------------------------------------复制代码6) 安装Zend Optimizer- # cd /usr/local/src
- # tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
- # ./ZendOptimizer-3.3.3-linux-glibc23-i386/install.sh
复制代码 安装Zend Optimizer过程的最后不要选择重启Apache。2. 整合Apache与PHP及系统初化配置. 1)整合Apache与PHP # vi /usr/local/apache2/conf/httpd.conf 找到: AddType application/x-gzip .gz .tgz 在该行下面添加 AddType application/x-httpd-php .php 找到:
- DirectoryIndex index.html
-
- 将该行改为
-
- DirectoryIndex index.html index.htm index.php
-
复制代码 找到:- #Include conf/extra/httpd-mpm.conf
- #Include conf/extra/httpd-info.conf
- #Include conf/extra/httpd-vhosts.conf (虚拟主机配置文件存放目录.)
- #Include conf/extra/httpd-default.conf
复制代码 去掉前面的“#”号,取消注释。注意:以上 4 个扩展配置文件中的设置请按照相关原则进行合理配置!修改完成后保存退出。# /usr/local/apache2/bin/apachectl restart 2)查看确认L.A.M.P环境信息、提升 PHP 安全性 在网站根目录放置 info.php 脚本,检查phpinfo中的各项信息是否正确。确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性,禁掉危险的函数. # vi /etc/php.ini找到:disable_functions =设置为:- phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
复制代码 3)脚本自动完成初始化配置(以上配置可以用脚本自动化完成)#cat init_apache_php.sh-------------------cut begin-------------------------------------------- •#!/bin/bash
- •#Written by :NetSeek
- •#init_httpd.conf
- •http_cf="/usr/local/apache2/conf/httpd.conf"
- •sed -i -e "s/User daemon/User www/" -i -e "s/Group daemon/Group www/" $http_cf
- •sed -i -e '121 s/^/#/' -i -e '122 s/^/#/' $http_cf
- •sed -i 's#DirectoryIndex index.html# DirectoryIndex index.php index.html index.htm#/g' $http_cf
- •sed -i -e '374 s/^#//g' -i -e '389 s/^#//g' -i -e '392 s/^#//g' -i -e '401 s/^#//g' $http_cf
- •#init_php(PHP安全设置及隐藏PHP版本)
- •php_cf="/usr/local/php/etc/php.ini"
- •sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $php_cf
- •sed -i '210 s#disable_functions =#disable_functions = phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $php_cf
- •sed -i '/expose_php/s/On/Off/' $php_cf
- •sed -i '/display_errors/s/On/Off/' $php_cf
复制代码 •-------------------cut end-------------------------------------------复制代码三、配置虚拟主机及基本性能调优1) 配置虚拟主机:- #vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
- NameVirtualHost *:80
- •
- •
- • ServerAdmin cnseek@gmail.com
- • DocumentRoot "/data/www/wwwroot/linuxtone.org"
- • ServerName
- • ServerAlias bbs.linxutone.org
- • ErrorLog "logs/dummy-host.example.com-error_log"
- • CustomLog "|/usr/sbin/cronolog /data/logs/access_.%Y%m%d" combined
- •
- 复制代码2).基本性能调优参考:(更多的调优相关文章请关注:性能调优相关的贴子)
- #vi /usr/local/apache2/conf/extra/httpd-default.conf
- Timeout 15
- •KeepAlive Off
- •MaxKeepAliveRequests 50
- •KeepAliveTimeout 5
- •UseCanonicalName Off
- •AccessFileName .htaccess
- •ServerTokens Prod
- •ServerSignature Off
- •HostnameLookups Off
- 复制代码#vi /usr/local/apache2/conf/extra/httpd-mpm.conf
- • ServerLimit 2000
- • StartServers 10
- • MinSpareServers 10
- • MaxSpareServers 15
- • MaxClients 2000
- • MaxRequestsPerChild 10000
- •
复制代码 复制代码3).Apache日志处理相关问题汇总贴() 利用awstats分析网站日志: 忽略不需要的日志配置参考具体请据据具体问题分析: LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #下面加入如下内容:- # filter the localhost visit
- • SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
- • # filter some special directories
- • SetEnvIf Request_URI "^ZendPlatform.*[code]
- • # filter the localhost visit
- • SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
- • # filter some special directories
- • SetEnvIf Request_URI "^ZendPlatform.*[ DISCUZ_CODE_9 ]quot; dontlog
- • SetEnvIf Request_URI \.healthcheck\.html$ dontlog
- • SetEnvIf Remote_Addr "::1" dontlog
- • SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
- • SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
- • SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
- • SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
- • SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
- 复制代码quot; dontlog
- SetEnvIf Request_URI \.healthcheck\.html$ dontlog
- SetEnvIf Remote_Addr "::1" dontlog
- SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
复制代码 4). Apache防盗链(Apache防盗链相关问题汇总:) RewriteEngine on• RewriteCond %{HTTP_REFERER} !^$• RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]• RewriteRule \.(gif|jpg)$ http://网站域名/nolink.png [R,L][/code]复制代码四、基本安全设置 1)iptables 封锁相关端口(推荐读CU白金大哥的两小时玩转iptables) 2)SSH全安(修改SSH端口限制来源IP登陆,或者参考) 3)Linux防Arp攻击策略() 4)注意(还是那句老话:安全工作从细节做起!)
阅读(1443) | 评论(0) | 转发(0) |