Chinaunix首页 | 论坛 | 博客
  • 博客访问: 873728
  • 博文数量: 72
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 1693
  • 用 户 组: 普通用户
  • 注册时间: 2014-08-04 15:53
个人简介

主要从事Linux,云原生架构改造,服务网格,ELK,python,golang等相关技术。

文章分类

全部博文(72)

文章存档

2015年(52)

2014年(20)

分类: 架构设计与优化

2015-03-10 21:27:11


系统环境: RHEL6 x86-64 selinux and iptables disabled

[root@vm1 mnt]# ls
mysql-5.5.12.tar.gz  nginx-1.4.2.tar.gz  php-5.4.12.tar.bz2

1.编译安装mysql
[root@vm1 mnt]# yum install gcc gcc-c++ make ncurses-devel bison openssl-devel zlib-devel cmake -y    首先安装依赖性
[root@vm1 mnt]# mkdir /usr/local/lnmp
[root@vm1 mnt]# tar zxf mysql-5.5.12.tar.gz
[root@vm1 mnt]# cd mysql-5.5.12
[root@vm1 mysql-5.5.12]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/lnmp/mysql \    #安装目录
-DMYSQL_DATADIR=/usr/local/lnmp/mysql/data \         #数据库存放目录
-DMYSQL_UNIX_ADDR=/usr/local/lnmp/mysql/data/mysql.sock \       #Unix socket 文件路径
-DWITH_MYISAM_STORAGE_ENGINE=1 \    #安装 myisam 存储引擎
-DWITH_INNOBASE_STORAGE_ENGINE=1 \    #安装 innodb 存储引擎
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \       #安装 archive 存储引擎
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \    #安装 blackhole 存储引擎
-DWITH_PARTITION_STORAGE_ENGINE=1 \    #安装数据库分区
-DENABLED_LOCAL_INFILE=1 \    #允许从本地导入数据
-DWITH_READLINE=1 \    #快捷键功能
-DWITH_SSL=yes \    #支持 SSL
-DDEFAULT_CHARSET=utf8 \    #使用 utf8 字符
-DDEFAULT_COLLATION=utf8_general_ci \    #校验字符
-DEXTRA_CHARSETS=all \    #安装所有扩展字符集
-DMYSQL_TCP_PORT=3306 \    #MySQL 监听端口[root@vm1 mysql-5.5.12]# make && make install
[root@vm1 mysql-5.5.12]# make && make install

如果重新编译执行下面操作,然后重新编译
make clean

rm -f CmakeCache.txt

[root@vm1 mysql-5.5.12]# useradd -M -s /sbin/nologin mysql    创建mysql用户
[root@vm1 mnt]# cd /usr/local/lnmp/mysql
[root@vm1 mysql]# ./scripts/mysql_install_db --user=mysql --basedir=/usr/local/lnmp/mysql/ --datadir=/usr/local/lnmp/mysql/data/
[root@vm1 mysql]# chown -R mysql.mysql *
[root@vm1 mysql]# chown -R root .
[root@vm1 mysql]# chown -R root data
[root@vm1 mysql]# cp support-files/my-medium.cnf /etc/my.cnf          #根据你的主机内存复制 mysql 配置文件
[root@vm1 mysql]# cp support-files/mysql.server /etc/init.d/mysqld     
[root@vm1 mysql]# cd bin/
[root@vm1 bin]# pwd
/usr/local/lnmp/mysql/bin
[root@vm1 ~]# vim .bash_profile           #设置环境变量
  1. PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin
[root@vm1 ~]# source .bash_profile        #使其立即生效
[root@vm1 mysql]# /etc/init.d/mysqld start     #启动mysql服务
Starting MySQL.... SUCCESS!
[root@vm1 mysql]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1596/mysqld     
[root@vm1 bin]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.5.12-log Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit
Bye

[root@vm1 mnt]# ln -s /usr/local/lnmp/mysql/lib /usr/local/lnmp/mysql/lib64
#不然在 php 编译的时候找不到 mysql 的库文件

2.编译安装php
[root@vm1 mnt]# tar zxf libiconv-1.13.1.tar.gz     #加强系统对支持字符编码转换的功能
[root@vm1 mnt]# cd libiconv-1.13.1
[root@vm1 libiconv-1.13.1]# mkdir /usr/local/lnmp/phpmodule
[root@vm1 libiconv-1.13.1]# ./configure --prefix=/usr/local/lnmp/phpmodule/libiconv
[root@vm1 libiconv-1.13.1]# make && make install
[root@vm1 mnt]# tar jxf libmcrypt-2.5.8.tar.bz2     # mcrypt mhash 是 php 加密算法扩展库
[root@vm1 mnt]# cd libmcrypt-2.5.8
[root@vm1 libmcrypt-2.5.8]# ./configure --prefix=/usr/local/lnmp/phpmodule/libmcrypt
[root@vm1 libmcrypt-2.5.8]# make && make install
[root@vm1 libmcrypt-2.5.8]# cd libltdl/
[root@vm1 libltdl]# ./configure --prefix=/usr/local/lnmp/phpmodule/libmcrypt --enable-ltdl-install
[root@vm1 libltdl]# make && make install
[root@vm1 libltdl]# cd ../..
[root@vm1 mnt]# tar jxf mhash-0.9.9.9.tar.bz2
[root@vm1 mnt]# cd mhash-0.9.9.9
[root@vm1 mhash-0.9.9.9]# ./configure --prefix=/usr/local/lnmp/phpmodule/mhash
[root@vm1 mhash-0.9.9.9]# make && make install
为了让后面编译安装mcrypt的时候可以检测到libiconv,libmcrypt,mhash我们对这三个库作个软链接:        
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/libiconv/lib/* /usr/local/lib
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/libmcrypt/lib/* /usr/local/lib
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/mhash/lib/* /usr/local/lib
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/mhash/include/* /usr/local/include/
[root@vm1 mnt]# ldconfig /usr/local/lib            #执行使其立即生效

[root@vm1 mnt]# tar zxf mcrypt-2.6.8.tar.gz
[root@vm1 mnt]# cd mcrypt-2.6.8
[root@vm1 mcrypt-2.6.8]# ./configure --prefix=/usr/local/lnmp/phpmodule/mcrypt --with-libiconv-prefix=/usr/local/lnmp/phpmodule/libiconv/ --with-libmcrypt-prefix=/usr/local/lnmp/phpmodule/libmcrypt/
# ./configure 时可能会报这个错:/bin/rm: cannot remove `libtoolT’: No such file or directory
直接忽略
[root@vm1 mcrypt-2.6.8]# make && make install

[root@vm1 mnt]# tar jxf php-5.4.12.tar.bz2
[root@vm1 mnt]# cd php-5.4.12

软件包依赖性安装:
[root@vm1 php-5.4.12]# yum install net-snmp-devel curl-devel libxml2-devel libpng-devel libjpeg-devel freetype-devel gmp-devel openldap-devel -y

[root@vm1 php-5.4.12]# ./configure --prefix=/usr/local/lnmp/php --with-config-file-path=/usr/local/lnmp/php/etc --with-mysql=/usr/local/lnmp/mysql/ --with-mysqli=/usr/local/lnmp/mysql/bin/mysql_config --with-openssl --with-snmp --with-gd --with-zlib --with-curl --with-libxml-dir --with-png-dir --with-jpeg-dir  --with-freetype-dir --with-pear --with-gettext --with-gmp --enable-inline-optimization --enable-soap --enable-ftp --enable-sockets --enable-mbstring --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-mcrypt=/usr/local/lnmp/phpmodule/libmcrypt/ --with-mhash=/usr/local/lnmp/phpmodule/mhash/ --with-iconv-dir=/usr/local/lnmp/phpmodule/libiconv/
[root@vm1 php-5.4.12]# make ZEND_EXTRA_LIBS='-liconv'     这里可能会有报错,我们只要执行一下 ldconfig /usr/local/lib这条命令基本上就可以通过
[root@vm1 php-5.4.12]# make install
接下来进行一些基本的配置
[root@vm1 php-5.4.12]# cp /usr/local/lnmp/php/etc/php-fpm.conf.default /usr/local/lnmp/php/etc/php-fpm.conf
[root@vm1 fpm]# cd /mnt/php-5.4.12/sapi/fpm/
[root@vm1 fpm]# cp init.d.php-fpm /etc/init.d/php-fpm
[root@vm1 fpm]# chmod +x /etc/init.d/php-fpm
[root@vm1 php-5.4.12]# cp php.ini-production /usr/local/lnmp/php/etc/php.ini
[root@vm1 php-5.4.12]# cd /usr/local/lnmp/php/etc/
[root@vm1 etc]# vim php.ini
[Date]
; Defines the default timezone used by the date functions
;
date.timezone = Asia/Shanghai         #设置时区

cgi.fix_pathinfo=0       #防止 Nginx 文件类型错误解析漏洞
[root@vm1 etc]# vim php-fpm.conf  #去掉以下几行的注释
pid = run/php-fpm.pid
pm.max_children = 50
pm.start_servers = 20    #在生产环境中一定要做压力测试,找到最合适的进程数组合
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
[root@vm1 bin]# pwd
/usr/local/lnmp/php/bin
[root@vm1 bin]# vim ~/.bash_profile
PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin:/usr/local/lnmp/php/bin
[root@vm1 bin]# source ~/.bash_profile

3.编译安装nginx
[root@vm1 mnt]# yum install -y pcre-devel openssl-devel
[root@vm1 mnt]# tar zxf nginx-1.4.2.tar.gz
[root@vm1 mnt]# cd nginx-1.4.2
[root@vm1 nginx-1.4.2]# vim auto/cc/gcc
# debug
#CFLAGS="$CFLAGS -g"    #(注释掉这行,去掉 debug 模式编译,编译以后程序只有几百 k)
[root@vm1 nginx-1.4.2]# vim src/core/nginx.h
#define NGINX_VERSION      "1.4.2"
#define NGINX_VER          "nginx/" NGINX_VERSION (修改此行, 去掉后面的 “ NGINX_VERSION”,为了安全,这样编译后外界无法获取程序的版本号)
[root@vm1 nginx-1.4.2]# ./configure --prefix=/usr/local/lnmp/nginx --with-http_ssl_module --with-http_stub_status_module --user=nginx --group=nginx
[root@vm1 nginx-1.4.2]# make && make install
[root@vm1 nginx-1.4.2]# cd /usr/local/lnmp/nginx/
[root@vm1 nginx]# ls
conf  html  logs  sbin
[root@vm1 nginx]# ln -s /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/
或者直接设置环境变量:
[root@vm1 nginx]# vim ~/.bash_profile
PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin:/usr/local/lnmp/php/bin:/usr/local/lnmp/nginx/sbin
[root@vm1 sbin]# source ~/.bash_profile

[root@vm1 nginx]# cd conf/
[root@vm1 conf]# vim nginx.conf            #基本不需要什么配置
[root@vm1 conf]# groupadd -f nginx            
[root@vm1 conf]# useradd -g nginx nginx    #注意这两步很重要如果不没有,则你的nginx不能通过检测
[root@vm1 conf]# nginx -t                   #检测语法
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@vm1 conf]# nginx                      #启动nginx
[root@vm1 conf]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      29308/nginx
[root@vm1 conf]# ps ax        这时我们看到nginx的进程数为一个
29308 ?        Ss     0:00 nginx: master process nginx
29328 ?        S      0:00 nginx: worker process   
[root@vm1 conf]# vim nginx.conf
  1. #user nobody;
  2. worker_processes 2;     #启动进程,通常设置成和cpu的数量相等

  3. #error_log logs/error.log;
  4. #error_log logs/error.log notice;
  5. #error_log logs/error.log info;

  6. #pid logs/nginx.pid;


  7. events {
  8.     use epoll;          #提高nginx性能,在2.6内核中可以使用
  9.     worker_connections 1024;    #单个后台worker process进程的最大并发链接数
  10. }
[root@vm1 conf]# nginx -s reload      #重启nginx
[root@vm1 conf]# ps ax        nginx的进程个数变为两个
29308 ?        Ss     0:00 nginx: master process nginx
29332 ?        S      0:00 nginx: worker process
29333 ?        S      0:00 nginx: worker process
[root@vm1 conf]# nginx -s stop        停止nginx

kill -HUP `cat /usr/local/nginx/logs/nginx.pid` #nginx 0.8 之前的版本重载方式
Nginx 支持的信号
1) TERM,INT 快速关闭
2) QUIT 从容关闭
3) HUP 平滑重启,重新加载配置文件
4) USR1 重新打开日志文件,在切割日志时用处比较大
5) USR2 平滑升级可执行程序
6) WINCH 从容关闭工作进程

下面我们测试一下nginx:
[root@vm1 conf]# vim nginx.conf
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location /nginxstatus {        加上这部分
        stub_status on;
        access_log off;
        allow 192.168.1.110;        只允许这个IP访问
        deny all;
        }
[root@vm1 conf]# nginx -s reload

测试结果:在浏览器中输入:192.168.1.2/nginxstatus,每刷新一次,里面的内容都会改变

下面我们做一个ssl加密认证:
[root@vm1 tls]# cd /etc/pki/tls/certs/
[root@vm1 certs]# make nginx.pem
umask 77 ; \
    PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    /usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
    cat $PEM1 >  nginx.pem ; \
    echo ""    >> nginx.pem ; \
    cat $PEM2 >> nginx.pem ; \
    rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
......................+++
.....+++
writing new private key to '/tmp/openssl.XeHwD8'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:vm1.example.com
Email Address []:root@vm1.example.com

[root@vm1 certs]# cp nginx.pem /usr/local/lnmp/nginx/conf/
[root@vm1 conf]# vim nginx.conf
  1. server {
  2.     listen 443;
  3.     server_name 127.0.0.1;

  4.     ssl on;
  5.     ssl_certificate nginx.pem;
  6.     ssl_certificate_key nginx.pem;

  7.     ssl_session_timeout 5m;

  8.     ssl_protocols SSLv2 SSLv3 TLSv1;
  9.     ssl_ciphers HIGH:!aNULL:!MD5;
  10.     ssl_prefer_server_ciphers on;

  11.     location / {
  12.     root html;
  13.     index index.html index.htm;
  14.     }    
  15.     location /nginxstatus {
  16.     stub_status on;
  17.     access_log off;
  18.     allow 192.168.1.110;
  19.     deny all;
  20.     }
  21. }
[root@vm1 conf]# nginx -s reload
查看测试结果,在浏览器中输入:,然后得到证书,刷新:


4.php与nginx的整合:
[root@vm1 conf]# vim nginx.conf
  1. #user nobody;
  2. worker_processes 2;

  3. error_log logs/error.log;
  4. #error_log logs/error.log notice;
  5. #error_log logs/error.log info;

  6. pid logs/nginx.pid;

  7. worker_rlimit_nofile 65535;

  8. events {
  9.     use epoll;
  10.     worker_connections 65535;
  11. }


  12. http {
  13.     include mime.types;
  14.     default_type application/octet-stream;

  15.     log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  16.     '$status $body_bytes_sent "$http_referer" '
  17.     '"$http_user_agent" "$http_x_forwarded_for"';

  18.     #access_log logs/access.log main;

  19.     sendfile on;
  20.     #tcp_nopush on;

  21.     #keepalive_timeout 0;
  22.     keepalive_timeout 65;

  23.     #gzip on;

  24.     server {
  25.     listen 80;
  26.     server_name localhost;

  27.     #charset koi8-r;

  28.     #access_log logs/host.access.log main;

  29.     location / {
  30.         root html;
  31.         index index.html index.htm index.php; #加入php默认页面
  32.     }

  33.     #error_page 404 /404.html;

  34.     # redirect server error pages to the static page /50x.html
  35.     #
  36.     error_page 500 502 503 504 /50x.html;
  37.     location = /50x.html {
  38.     root html;
  39. }

  40. # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  41. #
  42. #location ~ \.php$ {
  43. # proxy_pass
  44. #}

  45. # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  46. #
  47. location ~ \.php$ {         #打开下面几行
  48.         root html;
  49.         fastcgi_pass 127.0.0.1:9000;
  50.         fastcgi_index index.php;
  51. #       fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
  52.         include fastcgi.conf;     #注意这里更改
  53. }
  54. # deny access to .htaccess files, if Apache's document root
  55. # concurs with nginx's one
  56. #
  57. #location ~ /\.ht {
  58. # deny all;
  59. #}
  60. }

  61. #server {
  62. # listen 80;
  63. # server_name
  64. # access_log logs/westos.org.access.log main;
  65. # location / {
  66. # index index.html;
  67. # }
  68. #}

  69. # another virtual host using mix of IP-, name-, and port-based configuration
  70. #
  71. #server {
  72. # listen 8000;
  73. # listen somename:8080;
  74. # server_name somename alias another.alias;

  75. # location / {
  76. # root html;
  77. # index index.html index.htm;
  78. # }
  79. #}


  80. # HTTPS server
  81. #
  82. #server {
  83. # listen 443;
  84. # server_name localhost;

  85. # ssl on;
  86. # ssl_certificate cert.pem;
  87. # ssl_certificate_key cert.key;

  88. # ssl_session_timeout 5m;

  89. # ssl_protocols SSLv2 SSLv3 TLSv1;
  90. # ssl_ciphers HIGH:!aNULL:!MD5;
  91. # ssl_prefer_server_ciphers on;

  92. # location / {
  93. # root html;
  94. # index index.html index.htm;
  95. # }
  96. #}

  97. }
[root@vm1 html]# vim index.php   
  1.     phpinfo();
  2. ?>
测试结果如下:

我们再来测试一下php与mysql连接是否正常:
[root@vm1 html]# vim mysql.php
  1.     $link=mysql_connect("localhost","root","");
  2.     if(!$link)
  3.         echo "failed!";
  4.     else
  5.         echo "OK, succeed!";
  6. ?>
测试结果:

到这里我们的lnmp基本搭建完成,后面会做一些优化工作。



阅读(5006) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~