迷彩 潜伏 隐蔽 伪装
分类: LINUX
2013-03-18 23:00:18
基于PHP的运行环境大家用的比较多的是以apache做中间件的LAMP(linux+apache+mysql+php)环境和以nginx做中间件的LNMP(linux+nginx+mysql+php)环境,apache是世界排名第一的web服务器,apache可以整合大多数应用,比如jsp,php,cgi,python等等,但是apache过于臃肿以及对静态文件响应过于缓慢是让人很不满意的;而nginx作为后起之秀,大有超越前辈的势头,从最近很多门户网站选用nginx就可见一斑,nginx速度快,占用资源少,高性能转发,很高的稳定性,支持热部署,杀手级的proxy和rewrite,但nginx对于php处理依托于fastcgi,fastcgi不够稳定,经常出现502错误,生成相对复杂的页面没有优势,反而会使php-cgi进程变为僵尸进程,多用户多站点的安全性不高,对于其它开发语言的整合,apache表现的更好;综上述对比,为了搭建高性能的php运行环境,就要考虑对apache、nginx进行整合,各取所长,nginx在处理静态内容上的效率较apache强很大,那么就用nginx在前端处理静态文件,把基于php的动态文件转发到后端的apache来处理,接下来我们就开始布署LNAMP(linux+nginx+apache+mysql+php)环境
一、网络拓扑:
lvs-master: 192.168.9.221
LVS-backup: 192.168.9.222
LVS-VIP:
192.168.9.220
web_server_1: 192.168.9.223
web_server_2: 192.168.9.224
nfs_server_1:
192.168.9.228
nfs_server_1: 192.168.9.229
nfs_vip:
192.168.9.230
mysql_master: 192.168.9.226
mysql_backup:
192.168.9.227
mysql_vip: 192.168.9.225
目的:搭建高可用、高性能的php集群
二、初始化系统
#init system
系统环境: CentOS 5.5 (最小化安装)
./init_system.sh #此脚本参见http://kerry.blog.51cto.com/172631/555535
#更新组件
sudo -s
LANG=C
yum -y install gcc gcc-c++ bison patch unzip
mlocate flex wget automake autoconf gd cpp gettext readline-devel libjpeg
\
libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2
libxml2-devel zlib zlib-devel glibc glibc-devel glib2 \
glib2-devel bzip2
bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel
libidn libidn-devel openldap \
openldap-devel openldap-clients
openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel bison
三、LVS+keeplived
#关于LVS+keeplived的配置请参考我的另一篇博文《CentOS5.5环境下布署LVS+keepalived
》http://kerry.blog.51cto.com/172631/401253
四、web_server安装配置(nginx、apache整合)
#download software
cd /opt
wget
wget
wget
wget
wget
#rpaf模块,该模块用于apache做后端时获取访客真实的IP
wget
#字符转换库libiconv
wget
wget
wget
wget
wget
#php5-mail-header.patch为php被丁,有助于防止邮件发送被滥用
wget
#PHP的memcache扩展
wget
#eaccelerator加速
wget
wget
ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.bz2
#PHP的imagick扩展
wget
#Suhosin是一个PHP程序的保护系统
wget
wget
http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.bz2
wget
#32位
wget
#64位
wget
wget
wget
#PHP的PDO扩展
wget
#Tcmalloc
优化nginx、mysql
wget
#---------------------------- 使用cmake编译安装mysql
----------------------------------
#使用Tcmalloc 优化nginx、mysql
cd
/opt
tar -zxvf google-perftools-1.7.tar.gz
cd
google-perftools-1.7/
./configure
make;make install
echo "/usr/local/lib" >
/etc/ld.so.conf.d/usr_local_lib.conf
/sbin/ldconfig
cd ../
tar -zxvf cmake-2.8.4.tar.gz
cd
cmake-2.8.4
./bootstrap
gmake
gmake install
cd ../
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql -s
/sbin/nologin
mkdir -p /data/mysql/data
mkdir -p
/data/mysql/binlog
mkdir -p /data/mysql/relaylog
mkdir -p
/data/mysql/mysql
chown -R mysql:mysql /data/mysql
cd /opt
tar zxvf
mysql-5.5.13.tar.gz
cd mysql-5.5.13/
rm -rf CMakeCache.txt
cmake
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql
\
-DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock \
-DDEFAULT_CHARSET=utf8
\
-DDEFAULT_COLLATION=utf8_general_ci \
-DEXTRA_CHARSETS=all
\
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1
\
-DWITH_READLINE=1 \
-DENABLED_LOCAL_INFILE=1
\
-DMYSQL_DATADIR=/data/mysql/data \
-DMYSQL_TCP_PORT=3306
make;make
install
chmod +w /usr/local/mysql
chown -R mysql:mysql
/usr/local/mysql
ln -s /usr/local/mysql/lib/libmysqlclient.so.18
/usr/lib/libmysqlclient.so.18
#编辑mysql配置文件
vi /etc/my.cnf
#初始化mysql
/usr/local/mysql/scripts/mysql_install_db
--basedir=/usr/local/mysql --datadir=/data/mysql/data --user=mysql
#利用TCMalloc提高mysql在高并发下的性能
vi /usr/local/mysql/bin/mysqld_safe
#在# executing mysqld_safe的下一行,加上:
export
LD_PRELOAD=/usr/local/lib/libtcmalloc.so
#使用lsof命令查看tcmalloc是否起效
/usr/sbin/lsof -n | grep tcmalloc
#设置mysql启动文件
cp support-files/mysql.server /etc/rc.d/init.d/mysqld
vi
/etc/rc.d/init.d/mysqld
basedir=/usr/local/mysql
datadir=/data/mysql/data
chmod 700 /etc/rc.d/init.d/mysqld
/etc/rc.d/init.d/mysqld
start
/sbin/chkconfig --add mysqld
/sbin/chkconfig --level 2345 mysqld
on
ln -s /usr/local/mysql/bin/mysql /sbin/mysql
ln -s
/usr/local/mysql/bin/mysqladmin /sbin/mysqladmin
#设置root密码(753951)
/sbin/mysqladmin -u root password 753951
#配置库文件搜索路径
echo "/usr/local/mysql/lib/mysql" >>
/etc/ld.so.conf
/sbin/ldconfig
#添加/usr/local/mysql/bin到环境变量PATH中
export
PATH=$PATH:/usr/local/mysql/bin
#添加mysql管理帐户
#mysql -h localhost -u root -p753951
#msqyl> use
mysql;
#msqyl> grant all on *.* to identified by
'852741';
#msqyl> flush privileges;
#msqyl> exit;
#----------------------------------- 编译安装apache
-------------------------------------
/usr/sbin/groupadd
www
/usr/sbin/useradd -g www www -s /sbin/nologin
mkdir -p
/data/www/kerry
mkdir -p /data/logs/kerry
mkdir -p /data/www/king
mkdir
-p /data/logs/king
chown -R www:www /data/www
chown -R www:www
/data/logs
cd /opt
tar -zxvf httpd-2.2.19.tar.gz
cd httpd-2.2.19
cd
srclib/apr
./configure --prefix=/usr/local/apr --enable-threads
--enable-other-child --enable-static
make;make install
cd ../apr-util
./configure --prefix=/usr/local/apr-util
--with-apr=/usr/local/apr
make;make install
cd ../../
./configure
--prefix=/usr/local/apache \
--enable-deflate \
--enable-headers
\
--enable-mime-magic \
--enable-proxy \
--enable-ssl \
--enable-so
\
--enable-rewrite \
--enable-suexec
\
--with-suexec-bin=/usr/sbin/suexec \
--with-suexec-caller=www
\
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util
\
--with-mpm=prefork \
--with-ssl=/usr
make;make install
cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
vi
/etc/init.d/httpd
#在首行#!/bin/sh下添加
# Startup script for the Apache Web
Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web
server. It is used to serve \
# HTML files and CGI.
# processname:
httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config:
/usr/local/apache/conf/httpd.conf
#修改apache配置文件
cd /usr/local/apache/conf/
mv httpd.conf
httpd.conf.bak
vi httpd.conf
chmod 700 /etc/init.d/httpd
/etc/init.d/httpd start
/sbin/chkconfig
--add httpd
/sbin/chkconfig --level 2345 httpd on
#------------------------------------- 编译安装PHP
-------------------------------------
#编译安装相关支持库
cd /opt
tar -zxvf
libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure
make;make
install
cd /opt
tar -jxvf libmcrypt-2.5.8.tar.bz2
cd
libmcrypt-2.5.8/
./configure
make;make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make;make install
cd /opt
tar -jxvf mhash-0.9.9.9.tar.bz2
cd
mhash-0.9.9.9/
./configure
make;make install
ln -s
/usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s
/usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s
/usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s
/usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s
/usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s
/usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s
/usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s
/usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s
/usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
cd /opt
tar -zxvf mcrypt-2.6.8.tar.gz
cd
mcrypt-2.6.8/
/sbin/ldconfig
./configure
make;make install
#编译php,这里我们为php打入补丁.有助于防止邮件发送被滥用(多用户)以及在邮件中提供有价值的信息.补丁介绍信息请点击:~steveb/patches/php-mail-header-patch/
cd /opt
tar -jxvf php-5.2.17.tar.gz
patch -d php-5.2.17 -p1 <
php5-mail-header.patch
cd php-5.2.17
./configure --prefix=/usr/local/php
\
--with-config-file-path=/usr/local/php/etc
\
--with-apxs2=/usr/local/apache/bin/apxs \
--with-mysql=/usr/local/mysql
\
--with-mysqli=/usr/local/mysql/bin/mysql_config
\
--with-iconv-dir=/usr/local \
--with-freetype-dir \
--with-jpeg-dir
\
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr
\
--enable-xml \
--disable-rpath \
--enable-discard-path
\
--enable-safe-mode \
--enable-bcmath \
--enable-shmop
\
--enable-sysvsem \
--enable-inline-optimization \
--with-curl
\
--with-curlwrappers \
--enable-mbregex \
--enable-force-cgi-redirect
\
--enable-mbstring \
--with-mcrypt \
--with-gd
\
--enable-gd-native-ttf \
--with-openssl \
--with-mhash
\
--enable-pcntl \
--enable-sockets \
--with-ldap \
--with-ldap-sasl
\
--with-xmlrpc \
-enable-zip \
--enable-soap
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist
/usr/local/php/etc/php.ini
#安装php扩展模块
cd /opt
tar -zxvf memcache-2.2.6.tgz
cd
memcache-2.2.6/
/usr/local/php/bin/phpize
./configure
--with-php-config=/usr/local/php/bin/php-config --with-zlib-dir
--enable-memcache
make;make install
cd /opt
tar -jxvf eaccelerator-0.9.6.1.tar.bz2
cd
eaccelerator-0.9.6.1/
/usr/local/php/bin/phpize
./configure
--enable-eaccelerator=shared
--with-php-config=/usr/local/php/bin/php-config
make;make install
cd /opt
tar -zxvf PDO_MYSQL-1.0.2.tgz
cd
PDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure
--with-php-config=/usr/local/php/bin/php-config
--with-pdo-mysql=/usr/local/mysql
make;make install
cd /opt
tar -jxvf ImageMagick.tar.bz2
cd
ImageMagick-6.6.9-8
./configure
make;make install
cd /opt
tar -zxf imagick-3.0.1.tgz
cd
imagick-3.0.1/
/usr/local/php/bin/phpize
./configure
--with-php-config=/usr/local/php/bin/php-config
make;make install
cd /opt
tar -zxf suhosin-0.9.32.1.tgz
cd
suhosin-0.9.32.1
/usr/local/php/bin/phpize
./configure
--with-php-config=/usr/local/php/bin/php-config
make;make install
cd /opt
tar -jxf ioncube_loaders_lin_x86.tar.bz2
cd ioncube
mkdir
/usr/local/ioncube
mv ioncube_loader_lin_5.2.so /usr/local/ioncube/
cd /opt
tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
mkdir -p
/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.17
cp
ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so
/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.17/ZendOptimizer.so
#修改php.ini.
sed -i 's#extension_dir = "./"#extension_dir =
"/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"\nextension =
"memcache.so"\nextension = "pdo_mysql.so"\nextension = "suhosin.so"\nextension =
"imagick.so"\n#' /usr/local/php/etc/php.ini
sed -i 's#output_buffering =
Off#output_buffering = On#' /usr/local/php/etc/php.ini
sed -i "s#;
always_populate_raw_post_data = On#always_populate_raw_post_data = On#g"
/usr/local/php/etc/php.ini
sed -i "s#;
cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g" /usr/local/php/etc/php.ini
#配置eAccelerator加速PHP
mkdir -p /data/eaccelerator_cache
chmod -R 777
/data/eaccelerator_cache
cat
>>/usr/local/php/etc/php.ini<
zend_extension
= "/usr/local/ioncube/ioncube_loader_lin_5.2.so"
zend_extension =
"/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.17/ZendOptimizer.so"
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="64"
eaccelerator.cache_dir="/data/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.keys
= shm
eaccelerator.sessions = shm
eaccelerator.content = shm
EOF
#安装Memcached(可选)
cd /opt
tar -xzf libevent-2.0.11-stable.tar.gz
cd
libevent-2.0.11-stable
./configure
make;make install
ln -s
/usr/local/lib/libevent-1.4.so.2 /usr/lib
cd /opt
tar -xzf memcached-1.4.5.tar.gz
cd
memcached-1.4.5
./configure --prefix=/usr/local/memcached
--with-libevent=/usr
make;make install
#基本使用方法:
启动:
/usr/local/memcached/bin/memcached -d -m 64 -p 11211 -u
www -l localhost
关闭:
killall -9 memcached
#---------------------------------- 安装配置nginx
----------------------------------------
#安装pcre
/opt
tar -jxvf
pcre-8.12.tar.gz
cd pcre-8.12/
./configure
make;make install
#安装nginx
cd /opt
tar -zxvf nginx-1.0.4.tar.gz
cd
nginx-1.0.4/
./configure --user=www --group=www --prefix=/usr/local/nginx
--with-http_stub_status_module --with-http_ssl_module --with-http_flv_module
--with-http_gzip_static_module --with-google_perftools_module
make;make
install
cd ../
#添加nginx启动脚本
vi /etc/init.d/nginx
#添加nginx配置文件
mv /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/conf/nginx.conf.bak
vi /usr/local/nginx/conf/nginx.conf
#将nginx添加到启动服务中
chmod 700 /etc/init.d/nginx
/etc/init.d/nginx
start
/sbin/chkconfig --add nginx
/sbin/chkconfig --level 2345 nginx
on
#每天定时切割Nginx日志
vi /usr/local/nginx/sbin/cut_nginx_log.sh
chmod +x
/usr/local/nginx/sbin/cut_nginx_log.sh
#添加计划任务,每天凌晨00:00切割nginx访问日志
crontab
-e
00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh
#为apache安装rpaf模块,该模块用于apache做后端时获取访客真实的IP
#使用apxs安装模块.这里要使用此前apache编译安装后的apxs
cd
/opt
tar -zxf mod_rpaf-0.6.tar.gz
cd
mod_rpaf-0.6
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so
mod_rpaf-2.0.c
#编辑/usr/local/apache/conf/httpd.conf,添加模块参数,查找LoadModule php5_module modules/libphp5.so,在下方添加:
LoadModule rpaf_module modules/mod_rpaf-2.0.so
#Mod_rpaf
settings
RPAFenable
On
#上面出现的192.168.9.9请修改为你本机所监听web服务的ip.多个IP用空格空开
RPAFproxy_ips 127.0.0.1
192.168.9.9
RPAFsethostname On
RPAFheader X-Forwarded-For
本文出自 “聆听未来” 博客,请务必保留此出处http://blog.chinaunix.net/space.php?uid=9419692&do=blog&id=3182594