[利用yum命令配置、升级所需程序库]

# sudo -s
# LANG=C
# yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel
↑安装、升级这些程序库

[下载环境所需文件到指定目录]

# mkdir -p /software
↑ 在根目录建立software文件夹
# cd /software
↑ 进入software文件夹
# wget
# wget
# wget
# wget http://blog.s135.com/soft/linux/mysql/mysql-5.1.26-rc.tar.gz
# wget
# wget
# wget
# wget
# wget
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz
# wget
↑ 下载这些文件到software目录

[编译安装PHP 5.2.6所需的支持库]

# tar zxvf libiconv-1.12.tar.gz
↑ 解压(tar) 参数(zxvf) 文件名(libiconv-1.12.tar.gz)
# cd libiconv-1.12/
↑ 进入解压出来的文件的文件夹(libiconv-1.12)
# ./configure --prefix=/usr/local
↑ 配置安装信息 指定安装目录为/usr/local
# make
↑ make安装文件
# make install
↑ 开始安装
# cd ../
↑ 返回上级目录(此处即software目录)

# tar zxvf libmcrypt-2.5.8.tar.gz
# cd libmcrypt-2.5.8/
# ./configure
# make
# make install
# /sbin/ldconfig
# cd libltdl/
# ./configure --enable-ltdl-install
# make
# make install
# cd ../../

# tar zxvf mhash-0.9.9.tar.gz
# cd mhash-0.9.9/
# ./configure
# make
# make install
# cd ../

# cp /usr/local/lib/libmcrypt.* /usr/lib
# ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2

# tar zxvf mcrypt-2.6.7.tar.gz
# cd mcrypt-2.6.7/
# ./configure
# make
# make install
# cd ../

[编译安装MySQL 5.1.26-rc]

# /usr/sbin/groupadd mysql
↑ 建立mysql用户组
# /usr/sbin/useradd -g mysql mysql
↑ 建立mysql用户到mysql用户组中
# tar zxvf mysql-5.1.26-rc.tar.gz
# cd mysql-5.1.26-rc/
# ./configure --prefix=/usr/local/webserver/mysql/ --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile
# make && make install
# chmod +w /usr/local/webserver/mysql
# chown -R mysql:mysql /usr/local/webserver/mysql
# cp support-files/my-medium.cnf /usr/local/webserver/mysql/my.cnf
# cd ../

# /usr/local/webserver/mysql/bin/mysql_install_db --defaults-file=/usr/local/webserver/mysql/my.cnf --basedir=/usr/local/webserver/mysql --datadir=/usr/local/webserver/mysql/data --user=mysql --pid-file=/usr/local/webserver/mysql/mysql.pid --skip-locking --port=3306 --socket=/tmp/mysql.sock
↑ 以mysql用户帐号的身份建立数据表

# /bin/sh /usr/local/webserver/mysql/bin/mysqld_safe --defaults-file=/usr/local/webserver/mysql/my.cnf &
↑ 启动MySQL（最后的&表示在后台运行）

[编译安装PHP（FastCGI模式）]

# tar zxvf php-5.2.6.tar.gz
# gzip -cd php-5.2.6-fpm-0.5.9.diff.gz | patch -d php-5.2.6 -p1
# cd php-5.2.6/
# ./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl
# sed -i 's#-lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt#& -liconv#' Makefile
# make
# make install
# cp php.ini-dist /usr/local/webserver/php/etc/php.ini
# cd ../

[编译安装PHP5扩展模块]

# tar zxvf memcache-2.2.3.tgz
# cd memcache-2.2.3/
# /usr/local/webserver/php/bin/phpize
# ./configure --with-php-config=/usr/local/webserver/php/bin/php-config
# make
# make install
# cd ../

# tar jxvf eaccelerator-0.9.5.3.tar.bz2
# cd eaccelerator-0.9.5.3/
# /usr/local/webserver/php/bin/phpize
# ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/webserver/php/bin/php-config
# make
# make install
# cd ../

[修改php.ini文件]

手工修改：
# vi /usr/local/webserver/php/etc/php.ini
将 " extension_dir = "./" "
修改为            " extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/" "

将 "output_buffering = Off"
修改为            " output_buffering = On "

extension = "memcache.so"
↑ 文件末尾增加此行

自动修改(已使用手动修改的跳过)：
# sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/"\nextension = "memcache.so"\n#' /usr/local/webserver/php/etc/php.ini
# sed -i 's#output_buffering = Off#output_buffering = On#' /usr/local/webserver/php/etc/php.ini

[配置eAccelerator加速PHP]

# mkdir -p /usr/local/webserver/eaccelerator_cache
# vi /usr/local/webserver/php/etc/php.ini
按shift+g键跳到配置文件的最末尾，加入以下配置信息：

[eaccelerator]
zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="128"
eaccelerator.cache_dir="/usr/local/webserver/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="300"
eaccelerator.shm_prune_period="120"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

# vi /etc/sysctl.conf
↑ 修改配置文件

将    "kernel.shmmax = **********"
修改为        "kernel.shmmax = 134217728"

# /sbin/sysctl -p
↑ 执行此命令使配置生效

[创建www用户和组]

# /usr/sbin/groupadd www -g 48
↑ 创建www用户组并指定组ID为48
# /usr/sbin/useradd -u 48 -g www www
↑ 创建www用户到www用户组中
# mkdir -p /wwwroot
↑ 在根目录中创建wwwroot网站目录
# chmod +w /wwwroot
↑ 给wwwroot目录增加可写权限
# chown -R www:www /wwwroot
↑ 使wwwroot目录所属用户组为www，所属用户为www

[创建php-fpm配置文件]

php-fpm是为PHP打的一个FastCGI管理补丁，可以平滑变更php.ini配置而无需重启php-cgi
# rm -f /usr/local/webserver/php/etc/php-fpm.conf
↑ 删除原有php-fpm.conf文件
# vi /usr/local/webserver/php/etc/php-fpm.conf
↑ 建立新的php-fpm.conf文件并启动vi编辑器编辑该文件
输入以下内容(请注意以下内容中"↑"标志后的内容不能出现在实际文件中)：

All relative paths in this config are relative to php's install prefix

Pid file
/usr/local/webserver/php/logs/php-fpm.pid

Error log file
/usr/local/webserver/php/logs/php-fpm.log

Log level
notice

When this amount of php processes exited with SIGSEGV or SIGBUS ...
10

... in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator's shared memory.
1m

Time limit on waiting child's reaction on signals from master
5s

Set to 'no' to debug fpm
yes

Name of pool. Used in logs and stats.
default

Address to accept fastcgi requests on.
Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'
127.0.0.1:9000

Set listen(2) backlog
-1

Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.


0666

Additional php.ini defines, specific to this pool of workers.

/usr/sbin/sendmail -t -i
0
↑ 如果安装 Nginx + PHP 用于程序调试，则此处应设置为"1"以显示PHP错误信息，设置为"0" Nginx 会报状态为500的空白错误页

Unix user of processes
www

Unix group of processes
www

Process manager settings

Sets style of controling worker process count.
Valid values are 'static' and 'apache-like'
static

Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
64
↑ 进程数为64，如果服务器内存大于3GB，可以只开启128-200个进程

Settings group for 'apache-like' pm style

Sets the number of server processes created on startup.
Used only when 'apache-like' pm_style is selected
20

Sets the desired minimum number of idle server processes.
Used only when 'apache-like' pm_style is selected
5

Sets the desired maximum number of idle server processes.
Used only when 'apache-like' pm_style is selected
35

The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when 'max_execution_time' ini option does not stop script execution for some reason
'0s' means 'off'
0s

The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
'0s' means 'off'
0s

The log file for slow requests
logs/slow.log

Set open file desc rlimit
51200

Set max core size rlimit
0

Chroot to this directory at the start, absolute path

Chdir to this directory at the start, absolute path

Redirect workers' stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
yes

How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
10240

Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
127.0.0.1

Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment

$HOSTNAME
/usr/local/bin:/usr/bin:/bin
/tmp
/tmp
/tmp
$OSTYPE
$MACHTYPE
2

[启动php-cgi进程，监听127.0.0.1的9000端口]

# ulimit -SHn 51200
# /usr/local/webserver/php/sbin/php-fpm start

[安装Nginx所需的pcre库]

# tar zxvf pcre-7.7.tar.gz
# cd pcre-7.7/
# ./configure
# make && make install
# cd ../

[安装Nginx 0.7.19]

# tar zxvf nginx-0.7.19.tar.gz
# cd nginx-0.7.19/
# ./configure --user=www --group=www --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module
# make
# make install
# cd ../

[创建Nginx日志目录]

# mkdir -p /logs
# chmod +w /logs
# chown -R www:www /logs

[创建nginx.conf配置文件]

# rm -f /usr/local/webserver/nginx/conf/nginx.conf
# vi /usr/local/webserver/nginx/conf/nginx.conf
输入以下内容(请注意以下内容中"↑"标志后的内容不能出现在实际文件中)：

user www www;

worker_processes 8;
↑ Nginx每个进程耗费10M~12M内存

error_log /logs/nginx_error.log warn;

pid        /usr/local/webserver/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
}

http
{
include       mime.types;
default_type application/octet-stream;

#charset gb2312;

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;

sendfile on;
tcp_nopush     on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;

gzip on;
gzip_min_length 1k;
gzip_buffers     4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types       text/plain application/x-javascript text/css application/xml;
gzip_vary on;

limit_zone crash $binary_remote_addr 10m;
↑ 定义一个叫“crash”的记录区，总容量为 10M，以变量 $binary_remote_addr 作为会话的判断基准（即一个地址一个会话），当区的大小为 1M 的时候，大约可以记录 32000 个会话信息（一个会话占用 32 bytes）

server
{
listen       80;
server_name 222.17.177.205;
index index.html index.htm index.php;
root /wwwroot;

#limit_conn   crash 5;
↑ *此处已被#注释掉了，即不起作用*定义整个网站的限制。此处为在"crash"记录区中，以变量 $binary_remote_addr 作为会话的判断基准（即一个地址一个会话），限制网站全局目录，一个会话只能进行5个连接（即一个IP只能发起5个连接，多过5个，一律503错误）

location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires      30d;
}

location ~ .*\.(js|css)?$
{
expires      1h;
}

location /resource/ {
limit_conn   crash 2;
↑ 定义resource目录的限制。此处为在"crash"记录区中，以变量 $binary_remote_addr 作为会话的判断基准（即一个地址一个会话），限制resource目录，一个会话只能进行2个连接（即一个IP只能发起2个连接，多过2个，一律503错 误）
}

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /logs/access.log access;
sendfile on;
tcp_nopush on;
client_max_body_size 50m;
↑ 网站程序中允许上传的最大size，这里设置成50M，这里只是nginx的限制，PHP本身限制2M
}
}

[创建fcgi.conf配置文件]

# vi /usr/local/webserver/nginx/conf/fcgi.conf
输入以下内容:

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE    nginx;

fastcgi_param QUERY_STRING       $query_string;
fastcgi_param REQUEST_METHOD     $request_method;
fastcgi_param CONTENT_TYPE       $content_type;
fastcgi_param CONTENT_LENGTH     $content_length;

fastcgi_param SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param REQUEST_URI        $request_uri;
fastcgi_param DOCUMENT_URI       $document_uri;
fastcgi_param DOCUMENT_ROOT      $document_root;
fastcgi_param SERVER_PROTOCOL    $server_protocol;

fastcgi_param REMOTE_ADDR        $remote_addr;
fastcgi_param REMOTE_PORT        $remote_port;
fastcgi_param SERVER_ADDR        $server_addr;
fastcgi_param SERVER_PORT        $server_port;
fastcgi_param SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS    200;

[启动Nginx]

# ulimit -SHn 51200
# /usr/local/webserver/nginx/sbin/nginx

[在不停止Nginx服务的情况下平滑变更Nginx配置]

修改/usr/local/webserver/nginx/conf/nginx.conf配置文件后，请执行以下命令检查配置文件是否正确：
# /usr/local/webserver/nginx/sbin/nginx -t
如果测试ok successfully，则可以使用下面命令重启Nginx
(第1种)# pkill nginx
# /usr/local/webserver/nginx/conf/nginx.conf
(第2种)# kill -HUP `cat /usr/local/webserver/nginx/nginx.pid`
# /usr/local/webserver/nginx/conf/nginx.conf
(第3种)# ps -ef | grep "nginx: master process" | grep -v "grep" | awk -F ' ' '{print $2}'
# kill -HUP 数字
↑ 此数字来自于上一条命令执行后屏幕输出的数字，即Nginx的pid进程号
# /usr/local/webserver/nginx/conf/nginx.conf

如果屏幕显示以下两行信息，说明配置文件正确：
the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok
the configuration file /usr/local/webserver/nginx/conf/nginx.conf was tested successfully

[配置开机自动启动Nginx + PHP + MySQL]

# vi /etc/rc.local
在末尾增加以下内容:
/bin/sh /usr/local/webserver/mysql/bin/mysqld_safe --defaults-file=/usr/local/webserver/mysql/my.cnf &
ulimit -SHn 51200
/usr/local/webserver/php/sbin/php-fpm start
/usr/local/webserver/nginx/sbin/nginx

[优化Linux内核参数]

# vi /etc/sysctl.conf
在文件末尾增加以下内容：

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000    65000

# /sbin/sysctl -p
↑ 使配置立即生效

[编写每天定时切割Nginx日志的脚本]

# vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh
↑ 创建切割脚本

输入以下内容:
#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path="/logs/"

mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
mv ${logs_path}nginx_error.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/nginx_error_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`

[设置切割日志的计划任务]

# crontab -e
↑ 编辑计划任务列表

输入以下内容:
00 00 * * * /bin/bash /usr/local/webserver/nginx/sbin/cut_nginx_log.sh
↑ 每天凌晨00:00切割nginx访问日志