Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2897393
  • 博文数量: 454
  • 博客积分: 4860
  • 博客等级: 上校
  • 技术积分: 6375
  • 用 户 组: 普通用户
  • 注册时间: 2011-03-13 10:08
个人简介

10年工作经验,专研网站运维。

文章分类

全部博文(454)

文章存档

2017年(11)

2016年(13)

2015年(47)

2014年(36)

2013年(147)

2012年(64)

2011年(136)

分类: LINUX

2011-04-21 13:00:36

RHEL5下nginx+php+mysql+tomcat+memchached配置全过程一、准备工作:
SSH,telnet终端中文显示乱码解决办法
vi /etc/sysconfig/i18n
将内容改为
LANG="zh_CN.GB18030"
LANG GE="zh_CN.GB18030:zh_CN.GB2312:zh_CN"
SUPPORTED="zh_CN.GB18030:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="lat0-sun16"

二、安装PHP 5.2.10(FastCGI模式)
1、编译安装PHP 5.2.10所需的支持库:
tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13/
./configure --prefix=/usr/local
make
make install
cd ../

tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../

tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../

2、编译安装MySQL 5.1.38
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
tar zxvf mysql-5.1.38.tar.gz
cd mysql-5.1.38/
./configure --prefix=/usr/local/mysql/ --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=innobase
make && make install
chmod +w /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql
cd ../


附:以下为附加步骤,如果你想在这台服务器上运行MySQL数据库,则执行以下两步。如果你只是希望让PHP支持MySQL扩展库,能够连接其他服务器上的MySQL数据库,那么,以下两步无需执行。

①、创建MySQL数据库存放目录
mkdir -p /data/mysql/data/
chown -R mysql:mysql /data/mysql/


②、以mysql用户帐号的身份建立数据表:
/usr/local/mysql/bin/mysql_install_db --basedir=/usr/local/mysql --datadir=/data/mysql/data --user=mysql


③、创建my.cnf配置文件:
vi /data/mysql/my.cnf
输入以下内容:
引用
[client]
default-character-set = utf8
port    = 3306
socket  = /tmp/mysql.sock

[mysql]
prompt="(\u:)[\d]> "
no-auto-rehash

[mysqld]
#default-character-set = utf8
lower_case_table_names=1
user    = mysql
port    = 3306
socket  = /tmp/mysql.sock
basedir = /usr/local/mysql
datadir = /data/mysql/data
open_files_limit    = 10240
back_log = 600
max_connections = 3000
max_connect_errors = 6000
table_cache = 614
external-locking = FALSE
max_allowed_packet = 32M
sort_b?r_size = 2M
join_b?r_size = 2M
thread_cache_size = 300
thread_concurrency = 8
qry_cache_size = 32M
qry_cache_limit = 2M
qry_cache_min_res_unit = 2k
default-storage-engine = MyISAM
default_table_type = MyISAM
thread_stack = 192K
transaction_isolation = READ-COMMITTED
tmp_table_size = 246M
max_heap_table_size = 246M
long_qry_time = 1
log_long_format
log-bin = /data/mysql/binlog
binlog_cache_size = 4M
binlog_format = MIXED
max_binlog_cache_size = 8M
max_binlog_size = 512M
expire_logs_days = 7
key_b?r_size = 256M
read_b?r_size = 1M
read_rnd_b?r_size = 16M
bulk_insert_b?r_size = 64M
myisam_sort_b?r_size = 128M
myisam_max_sort_file_size = 10G
myisam_max_extra_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover

skip-name-resolve
master-connect-retry = 10
slave-skip-errors = 1032,1062,126,1114,1146,1048,1396

server-id = 1

innodb_additional_mem_pool_size = 16M
innodb_b?r_pool_size = 2048M
innodb_data_file_path = ibdata1:1024M:autoextend
innodb_file_io_threads = 4
innodb_thread_concurrency = 8
innodb_flush_log_at_trx_commit = 2
innodb_log_b?r_size = 16M
innodb_log_file_size = 128M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120
innodb_file_per_table = 0
[mysqldump]
quick
max_allowed_packet = 32M

直接杀掉mysql进程:killall -TERM mysqld

④、创建管理MySQL数据库的shell脚本:
vi /data/mysql/mysql

#!/bin/sh

mysql_port=3306
mysql_username="root"
mysql_password="xxx_dba"

function_start_mysql()
{
    printf "Starting MySQL...\n"
    /bin/sh /usr/local/mysql/bin/mysqld_safe --defaults-file=/data/mysql/my.cnf 2>&1 > /dev/null &
}

function_stop_mysql()
{
    printf "Stoping MySQL...\n"
    /usr/local/mysql/bin/mysqladmin -u ${mysql_username} -p${mysql_password} -S /tmp/mysql.sock shutdown
}

function_restart_mysql()
{
    printf "Restarting MySQL...\n"
    function_stop_mysql
    sleep 5
    function_start_mysql
}

function_kill_mysql()
{
    kill -9 $(ps -ef | grep 'bin/mysqld_safe' | grep ${mysql_port} | awk '{printf $2}')
    kill -9 $(ps -ef | grep 'libexec/mysqld' | grep ${mysql_port} | awk '{printf $2}')
}

if [ "$1" = "start" ]; then
    function_start_mysql
elif [ "$1" = "stop" ]; then
    function_stop_mysql
elif [ "$1" = "restart" ]; then
function_restart_mysql
elif [ "$1" = "kill" ]; then
function_kill_mysql
else
    printf "Usage: /data/mysql/mysql {start|stop|restart|kill}\n"
fi


⑤、赋予shell脚本可执行权限:
chmod +x /data/mysql/mysql


⑥、启动MySQL:
/data/mysql/mysql start

⑦、通过命令行登录管理MySQL服务器(提示输入密码时直接回车):
/usr/local/mysql/bin/mysql -u root -p -S /tmp/mysql.sock

若出现问题:
ps -aux | grep mysql
mysql     1382 0.0 0.2 5544 1376 pts/0    S    17:34   0:00 bash
mysql     1475 0.0 0.2 5552 1388 pts/0    S    17:38   0:00 bash
# chown -R mysql:mysql /usr/local/mysql/

⑧、输入以下SQL语句,创建一个具有root权限的用户(admin)和密码(12345678):
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'xxx_dba';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'127.0.0.1' IDENTIFIED BY 'xxx_dba';

⑨、(可选)停止MySQL:
/data/mysql/mysql stop


3、编译安装PHP(FastCGI模式)
tar zxvf php-5.2.10.tar.gz
gzip -cd php-5.2.10-fpm-0.5.11.diff.gz | patch -d php-5.2.10 -p1
cd php-5.2.10/
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap --without-pear
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /usr/local/php/etc/php.ini
cd ../
curl | /usr/local/php/bin/php


4、编译安装PHP5扩展模块
tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../

tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3/
/usr/local/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../

tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql
make
make install
cd ../

tar zxvf ImageMagick.tar.gz
cd ImageMagick-6.5.1-2/
./configure
make
make install
cd ../

tar zxvf imagick-2.2.2.tgz
cd imagick-2.2.2/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../


5、修改php.ini文件
手工修改:查找/usr/local/php/etc/php.ini中的extension_dir = "./"
修改为extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
并在此行后增加以下几行,然后保存:
  extension = "memcache.so"
  extension = "pdo_mysql.so"
  extension = "imagick.so"

再查找output_b?ring = Off
修改为output_b?ring = On

自动修改:若嫌手工修改麻烦,可执行以下shell命令,自动完成对php.ini文件的修改:
sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#' /usr/local/php/etc/php.ini
sed -i 's#output_b?ring = Off#output_b?ring = On#' /usr/local/php/etc/php.ini
sed -i "s#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g" /usr/local/php/etc/php.ini

6、配置eAccelerator加速PHP:
mkdir -p /usr/local/eaccelerator_cache
vi /usr/local/php/etc/php.ini

按shift+g键跳到配置文件的最末尾,加上以下配置信息:

[eaccelerator]
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="64"
eaccelerator.cache_dir="/usr/local/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"



7、创建www用户和组,以及虚拟主机使用的目录:
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /data/htdocs/group
chmod +w /data/htdocs/group
chown -R www:www /data/htdocs/group

8、创建php-fpm配置文件(php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi):
在/usr/local/php/etc/目录中创建php-fpm.conf文件:
rm -f /usr/local/php/etc/php-fpm.conf
vi /usr/local/php/etc/php-fpm.conf

输入以下内容(如果您安装 Nginx + PHP 用于程序调试,请将以下的0改为1,以便显示PHP错误信息,否则,Nginx 会报状态为500的空白错误页):




  All relative paths in this config are relative to php's install prefix

 


    Pid file
    /usr/local/php/logs/php-fpm.pid

    Error log file
    /usr/local/php/logs/php-fpm.log

    Log level
    notice

    When this amount of php processes exited with SIGSEGV or SIGBUS ...
    10

    ... in a less than this interval of time, a graceful restart will be initiated.
    Useful to work around accidental curruptions in accelerator's shared memory.
    1m

    Time limit on waiting child's reaction on signals from master
    5s

    Set to 'no' to debug fpm
    yes

 


 

   


      Name of pool. Used in logs and stats.
      default

      Address to accept fastcgi reqsts on.
      Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'
      127.0.0.1:9000

     

        Set listen(2) backlog
        -1

        Set permissions for unix socket, if one used.
        In Linux read/write permissions must be set in order to allow connections from web server.
        Many BSD-derrived systems allow connections regardless of permissions.
       
       
        0666
     


      Additional php.ini defines, specific to this pool of workers.
     
        /usr/sbin/sendmail -t -i
        1
     


      Unix user of processes
        www

      Unix group of processes
        www

      Process manager settings
     

        Sets style of controling worker process count.
        Valid vals are 'static' and 'apache-like'
        static

        Sets the limit on the number of simultaneous reqsts that will be served.
        Equivalent to Apache MaxClients directive.
        Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
        Used with any pm_style.
        128

        Settings group for 'apache-like' pm style
       

          Sets the number of server processes created on startup.
          Used only when 'apache-like' pm_style is selected
          20

          Sets the desired minimum number of idle server processes.
          Used only when 'apache-like' pm_style is selected
          5

          Sets the desired maximum number of idle server processes.
          Used only when 'apache-like' pm_style is selected
          35

       


     


      The timeout (in seconds) for serving a single reqst after which the worker process will be terminated
      Should be used when 'max_execution_time' ini option does not stop script execution for some reason
      '0s' means 'off'
      0s

      The timeout (in seconds) for serving of single reqst after which a php backtrace will be dumped to slow.log file
      '0s' means 'off'
      0s

      The log file for slow reqsts
      logs/slow.log

      Set open file desc rlimit
      65535

      Set max core size rlimit
      0

      Chroot to this directory at the start, absolute path
     

      Chdir to this directory at the start, absolute path
     

      Redirect workers' stdout and stderr into main error log.
      If not set, they will be redirected to /dev/null, according to FastCGI specs
      yes

      How m h reqsts each process should execute before respawn.
      Useful to work around memory leaks in 3rd party libraries.
      For endless reqst processing please specify 0
      Equivalent to PHP_FCGI_MAX_REQSTS
      102400

      Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
      Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
      Makes sense only with AF_INET listening socket.
      127.0.0.1

      Pass environment variables like LD_LIBRARY_PATH
      All $VARIABLEs are taken from current environment
     
        $HOSTNAME
        /usr/local/bin:/usr/bin:/bin
        /tmp
        /tmp
        /tmp
        $OSTYPE
        $MACHTYPE
        2
     


   


 




9、启动php-cgi进程,监听127.0.0.1的9000端口,进程数为200(如果服务器内存小于3GB,可以只开启64个进程),用户为www:
ulimit -SHn 65535
/usr/local/php/sbin/php-fpm start
注:/usr/local/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload。

注意:此处启动时遇到了麻烦, 启动警告:libgomp.so.1: shared object cannot be dlopen()ed in Unknown on line 0,经过百度,有人说是gcc版本太低,我可能了下我的GCC版本是4.1.1 20070105。
升级GCC

三、安装Nginx 0.8.15
1、安装Nginx所需的pcre库:
tar zxvf pcre-7.9.tar.gz
cd pcre-7.9/
./configure
make && make install
cd ../

2、安装Nginx
tar zxvf nginx-0.8.15.tar.gz
cd nginx-0.8.15/
加入SSL模块、FLV模块、清楚制定URL缓存
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_st _status_module --with-http_ssl_module --with-http_flv_module --add-module=../ngx_cache_purge-1.0
make && make install
cd ../

3、创建Nginx日志目录
mkdir -p /data/logs
chmod +w /data/logs
chown -R www:www /data/logs

4、创建Nginx配置文件
①、在/usr/local/nginx/conf/目录中创建nginx.conf文件:
cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.default.conf
rm -f /usr/local/nginx/conf/nginx.conf
vi /usr/local/nginx/conf/nginx.conf

输入以下内容:
user  www www;

worker_processes 8;

error_log  /data/logs/nginx_error.log  crit;

pid        /usr/local/nginx/nginx.pid;

#Specifies the val for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
  use epoll;
  worker_connections 65535;
}

http
{
  incl?       mime.types;
  default_type  application/octet-stream;

  #charset  gb2312;
      
  server_names_hash_b ket_size 128;
  client_header_b?r_size 32k;
  large_client_header_b?rs 4 32k;
  client_max_body_size 8m;
      
  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;

  tcp_nodelay on;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_b?r_size 64k;
  fastcgi_b?rs 4 64k;
  fastcgi_busy_b?rs_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_b?rs     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;

  #limit_zone  crawler  $binary_remote_addr  10m;

  server
  {
    listen       80;
    server_name  192.168.10.227;
    index index.html index.htm index.php;
    root  /data/htdocs/group;

    #limit_conn   crawler  20;    
                            
    location ~ .*\.(php|php5)?$
    {      
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      incl? fcgi.conf;
    }
    
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires      1h;
    }    

    log_format  access  '$remote_addr - $remote_user [$time_local] "$reqst" '
              '$status $body_bytes_sent "$http_referer" '
              '"$http_user_agent" $http_x_forwarded_for';
    access_log  /data/logs/access.log  access;
  }

  server
  {
    listen  80;
    server_name  status.xxx.cn;

    location / {
    st _status on;
    access_log   off;
    }
  }
}


②、在/usr/local/nginx/conf/目录中创建fcgi.conf文件:
vi /usr/local/nginx/conf/fcgi.conf

输入以下内容:
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  QRY_STRING       $qry_string;
fastcgi_param  REQST_METHOD     $reqst_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQST_URI        $reqst_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;


5、启动Nginx
ulimit -SHn 65535
/usr/local/nginx/sbin/nginx


四、配置开机自动启动Nginx + PHP
vi /etc/rc.local

在末尾增加以下内容:
ulimit -SHn 65535
/usr/local/php/sbin/php-fpm start
/usr/local/nginx/sbin/nginx


五、优化Linux内核参数
vi /etc/sysctl.conf

在末尾增加以下内容:

# Add
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog =  32768
net.core.somaxconn = 32768

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024  65535

使配置立即生效:
/sbin/sysctl -p


六、在不停止Nginx服务的情况下平滑变更Nginx配置
1、修改/usr/local/nginx/conf/nginx.conf配置文件后,请执行以下命令检查配置文件是否正确:
/usr/local/nginx/sbin/nginx -t

如果屏幕显示以下两行信息,说明配置文件正确:
  the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
  the configuration file /usr/local/nginx/conf/nginx.conf was tested s cessfully

2、这时,输入以下命令查看Nginx主进程号:
ps -ef | grep "nginx: master process" | grep -v "grep" | awk -F ' ' '{print $2}'

屏幕显示的即为Nginx主进程号,例如:
  6302
这时,执行以下命令即可使修改过的Nginx配置文件生效:
kill -HUP 6302

或者无需这么麻烦,找到Nginx的Pid文件:
kill -HUP `cat /usr/local/nginx/nginx.pid`

0.8以后的产品
/usr/local/nginx/sbin/nginx -s reload

七、编写每天定时切割Nginx日志的脚本
1、创建脚本/usr/local/nginx/sbin/cut_nginx_log.sh
vi /usr/local/nginx/sbin/cut_nginx_log.sh

输入以下内容:
#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path="/usr/local/nginx/logs/"

mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/nginx/nginx.pid`


2、设置crontab,每天凌晨00:00切割nginx访问日志
crontab -e

输入以下内容:

00 00 * * * /bin/bash  /usr/local/nginx/sbin/cut_nginx_log.sh


八、安装JDK+TOMCAT
1、安装JDK
#chmod +X jdk-6-ea-bin-b05-linux-i586-18_nov_2009.bin
# ./jdk-6-ea-bin-b05-linux-i586-18_nov_2009.bin
# mv jdk1.6.0.18 /usr/local/jdk
2、配置环境变量
# vi /etc/profile
按shift+g,将下面这段文字加到结尾
export JAVA_HOME=/usr/local/jdk
export CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$CLASSPATH
export PATH=$PATH:$JAVA_HOME/jre/bin

export CATALINA_HOME=/usr/local/tomcat
wq退出
3、让配置立即启用
source /etc/profile

九、安装TOMCAT
# tar zxvf apache-tomcat-6.0.26.tar.gz
# mv apache-tomcat-6.0.26 /usr/local/tomcat

十:配置nginx.conf:
vi /usr/local/nginx/conf/nginx.conf

user  www www;

worker_processes 8;

error_log  /data/logs/nginx_error.log  crit;

pid        /usr/local/nginx/nginx.pid;

#Specifies the val for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
  use epoll;
  worker_connections 65535;
}

http
{
  incl?       mime.types;
  default_type  application/octet-stream;

  charset  utf-8;

  server_names_hash_b ket_size 128;
  client_header_b?r_size 32k;
  large_client_header_b?rs 4 32k;
  client_max_body_size 300m;

  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;

  tcp_nodelay on;

  client_body_b?r_size 512k;
  proxy_connect_timeout 5;
  proxy_read_timeout 60;
  proxy_send_timeout 5;
  proxy_b?r_size  16k;
  proxy_b?rs   4 64k;
  proxy_busy_b?rs_size 128k;
  proxy_temp_file_write_size 128k;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_b?r_size 64k;
  fastcgi_b?rs 4 64k;
  fastcgi_busy_b?rs_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_b?rs     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;
 
  ssi on;
  ssi_silent_errors on;
  ssi_types text/shtml;

  #limit_zone  crawler  $binary_remote_addr  10m;

  server
  {
    listen 80;
    server_name flv.xxx.com;
    index index.shtml index.html index.htm;

    limit_rate_after 3m;
    limit_rate 512k;

    location ~ \.flv
    {
      flv;
    }
    access_log off;
  }

  upstream tomcat_server {
    server 127.0.0.1:8080;
  }

  server
  {
    listen       80;
    server_name 
    index index.html index.htm index.xhtml;
    root  /usr/local/tomcat/webapps/root;

    if (-d $reqst_filename){
    rewrite ^/(.*)([^/])$ permanent;
    }

    location ~ \.(html|jsp|xhtm|htm)?$
    {
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_pass
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires      1h;
    }

    access_log  off;
  }


  server
  {
    listen       80;
    server_name  group.xxx.com;
    index index.html index.htm index.php;
    root  /data/htdocs/group;

    #limit_conn   crawler  20;

    location ~ .*\.(php|php5)?$
    {
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      incl? fcgi.conf;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires      1h;
    }

    log_format  access  '$remote_addr - $remote_user [$time_local] "$reqst" '
              '$status $body_bytes_sent "$http_referer" '
              '"$http_user_agent" $http_x_forwarded_for';
    access_log  /data/logs/access.log  access;
  }

  server
  {
    listen  80;
    server_name  status.xxx.com;

    location / {
    st _status on;
    access_log   off;
    }
  }
}


十一、安装memcached
首先安装 memcache 的时候缺少 libevent。还是先安装好 libevent, 下载libevent:~provos/libevent-1.4.9-stable.tar.gz。

[root@master chenlb]# wget
[root@master chenlb]# tar zxvf memcached-1.2.6.tar.gz
[root@master chenlb]# cd memcached-1.2.6
[root@master memcached-1.2.6]# ./configure --prefix=/usr/local/memcache --with-libevent=/usr/local
[root@master memcached-1.2.6]# make
[root@master memcached-1.2.6]# make install

接着运行:

   1. [root@master memcached-1.2.6]# /usr/local/memcached/bin/memcached -d -m 10 -p 11211 -u root  
   2. /usr/local/memcached/bin/memcached: error while loading shared libraries: libevent-1.4.so.2: cannot open shared object file: No s h file or directory  

[root@master memcached-1.2.6]# /usr/local/memcached/bin/memcached -d -m 10 -p 11211 -u root
/usr/local/memcached/bin/memcached: error while loading shared libraries: libevent-1.4.so.2: cannot open shared object file: No s h file or directory

报错说:libevent-1.4.so.2 不在公共文件里。郁闷,然后打到 芽雨快跑 的 blog。解决方法是链接一下。

   1. [root@master memcached-1.2.6]# ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib/libevent-1.4.so.2  
   2. [root@master memcached-1.2.6]# /usr/local/memcached/bin/memcached -d -m 10 -p 11211 -u root  

十二、创建数据库用户并赋权:
GRANT SELECT , INSERT , UPDATE , DELETE , CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES , CREATE VIEW , SHOW VIEW , CREATE FUNCTION,CREATE PROCDURE, CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON dotayo_db.* TO 'dotayo_db'@'192.168.1.%' IDENTIFIED BY 'dotayo_db';

十三、从开发机复制数据库实例到测试机,若有函数或存储过程,需设置:
mysql> SET GLOBAL log_bin_trust_function_creators = 1;
Qry OK, 0 rows affected (0.00 sec)

已管理员账号登陆SQLyog,连接开发数据库与测试数据库,copy完成,数据库搭建完成。

十四:启动tomcat,OutOfMemoryError: PermGen space
解决办法:
以下给出2G内存环境下java jvm 的参数设置参考:
vi /usr/local/tomcat/bin/catalina.sh
在“echo "Using CATALINA_BASE:   $CATALINA_BASE"”上面加入以下行:
JAVA_OPTS="-server -Xms800m -Xmx800m  -XX:PermSize=128M -XX:MaxNewSize=512m -XX:MaxPermSize=256m -Djava.awt.headless=tr "

重启tomcat

十五、配置iptables:
#vi /etc/sysconfig/iptables
////////////////////文件内容////////////////////
# Firewall configuration written by system-config-securitylevel
# Man l customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p p --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p p -m p --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p p -s 0/0 -d 0/0 --dport 177 -j ACCEPT

#modify by mingfu 060404
#Please do not modify the content below

#ACK FIN SYN
-A RH-Firewall-1-INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

#port scan
# NMAP FIN/URG/PSH
-A RH-Firewall-1-INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP

# Xmas Tree
-A RH-Firewall-1-INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP

# Another Xmas Tree
-A RH-Firewall-1-INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

# Null Scan(possibly)
-A RH-Firewall-1-INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP

# SYN/RST
-A RH-Firewall-1-INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

# SYN/FIN -- Scan(possibly)
-A RH-Firewall-1-INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

#!--syn
-A RH-Firewall-1-INPUT -p tcp ! --syn -m state --state NEW -j DROP

#Dos
-A RH-Firewall-1-INPUT -p tcp --dport 80 -m limit --limit 10/second --limit-burst 300 -j ACCEPT

#sync flood

-N synfoold
-A synfoold -p tcp --syn -m limit --limit 1/s -j RETURN
-A synfoold -p tcp -j REJECT --reject-with tcp-reset
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -j synfoold

-N ping
-A ping -p icmp --icmp-type echo-reqst -m limit --limit 1/second -j RETURN
-A ping -p icmp -j REJECT
-I RH-Firewall-1-INPUT -p icmp --icmp-type echo-reqst -m state --state NEW -j ping

#-A RH-Firewall-1-INPUT -p icmp --icmp-type 8 -s 0/0 -j DROP
#-A RH-Firewall-1-INPUT -p icmp --icmp-type 0 -s 0/0 -j ACCEPT
#-A RH-Firewall-1-INPUT -p icmp --icmp-type 0 -s localip -j DROP
#-A RH-Firewall-1-INPUT -p icmp --icmp-type 8 -s localip -j DROP

#all ports

-A RH-Firewall-1-INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#FTP
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 32800:34000 -j ACCEPT
#MAIL
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 113 -j ACCEPT
#SSH
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 922 -j ACCEPT
#WEB
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 82 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 8088 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 4443 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 7777 -j ACCEPT
#DNS
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m p -p p --dport 53 -j ACCEPT
#DATABASE
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 8009 -j ACCEPT
#VNC
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
#ICMP
-A RH-Firewall-1-INPUT -i eth0 -j REJECT --reject-with icmp-host-prohibited

-A RH-Firewall-1-INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -m state --state NEW,INVALID -j DROP

COMMIT

service iptables save
至此,服务器配置全部完成,以上配置参考了一些牛人的文档!

注意事项:
压缩解压缩文件
用户用mydir目录中最近被修改或添加的文件来对myarch.tar文件进行更新。

#tar  myarch.tar mydir
#tar zxvf myarch.tar

如果你安装了某些库,比如在安装gtk -2.4.13时它会需要glib-2.0 >= 2.4.0,辛苦的安装好glib后
没有指定 --prefix=/usr 这样glib库就装到了/usr/local下,而又没有在/etc/ld.so.conf中添加/usr/local/lib
这个搜索路径,所以编译gtk -2.4.13就会出错了
阅读(1879) | 评论(1) | 转发(0) |
0

上一篇:Iptables 防火墙

下一篇:查看apache的日志

给主人留下些什么吧!~~

chinaciscoccie2012-02-28 09:20:34

你配置里有一些乱码啊。例如:

<val name="HOSTNAME">$HOSTNAME</val>
        <val name="PATH">/usr/local/bin:/usr/bin:/bin</val>
        <val name="TMP">/tmp</val>
        <val name="TMPDIR">/tmp</val>
        <val name="TEMP">/tmp</val