首页 > 系统管理 > 服务器配置

服务器配置

2008年12月14日

我们安装的操作系统是CentOS 5.1, 最新版本是CentOS5.2, 服务器环境是Nginx+PHP5.2FastCGI方式

首先看一下需要的配置类库,由于我们使用的是ZendFramework + PEAR, 我们先看一下Zendframework所需要 PHP 内建支持的扩展,其中不是每一个被 Zend Framework 使用的扩展都要应用在程序中。 使用方式“依赖”表示当扩展不可用时,组件或者类也不可使用。 使用方式“可选”表示当扩展不可用时,组件或者类自动使用代替方案。

我们使用yum的自动类库更新(yum简介):

sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-libs krb5-devel libidn libidn-devel openssl openssl-devel

下载其他软件

mkdir -p /home/software
cd /home/software
#nginx6.35(最新的stable版本)
wget http://sysoev.ru/nginx/nginx-0.6.35.tar.gz
#获得PHP的最新版本
wget http://www.php.net/get/php-5.2.8.tar.gz/from/this/mirror
wget http://php-fpm.anight.org/downloads/head/php-5.2.8-fpm-0.5.10.diff.gz
wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.30.tar.gz/from/http://mirrors.24-7-solutions.net/pub/mysql/
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz
wget http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz
wget http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.7.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.8-0.9.6.3.patch.gz
wget http://pecl.php.net/get/memcache-2.2.4.tgz
wget http://downloads.sourceforge.net/mhash/mhash-0.9.9.tar.gz?modtime=1175740843&big_mirror=0
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz
wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
wget http://downloads.sourceforge.net/phpxmlrpc/xmlrpc-2.2.1.tar.gz
wget ftp://ftp.gnu.org/gnu/gettext/gettext-0.17.tar.gz
wget http://www.libgd.org/releases/gd-2.0.35.tar.gz
wget http://downloads.sourceforge.net/pspell/pspell-.12.2.tar.gz

本文主要参考Nginx+PHP5.2配置指南,并根据版本的更新对部分函数版本号做了一定修改

tar zxvf libiconv-1.12.tar.gz
cd libiconv-1.12/
./configure –prefix=/usr/local
make
make install
cd ../
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure –enable-ltdl-install
make
make install
cd ../../

tar zxvf mhash-0.9.9.tar.gz
cd mhash-0.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

tar zxvf mcrypt-2.6.7.tar.gz
cd mcrypt-2.6.7/
/sbin/ldconfig
./configure
make
make install
cd ../

tar -xvzf gettext-0.17.tar.gz
cd gettext-0.17
./configure
make
make install

tar -xvzf gd-2.0.35.tar.gz
cd gd-2.0.35
./configure
make
make install

2、编译安装MySQL 5.1.30

以下为编译方法,由于编译时间很长,推荐二进制下载(AMD64格式),二进制文件安装指南.

/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
tar zxvf mysql-5.1.30.tar.gz
cd mysql-5.1.30/
./configure --prefix=/usr/local/mysql --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile  --disable-shared (如果内存较大可以用--with-innodb)

make && make install
chmod +w /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql
cp support-files/my-medium.cnf /etc/my.cnf
cd ../

附:以下为附加步骤,如果你想在这台服务器上运行MySQL数据库,则执行以下两步。如果你只是希望让PHP支持MySQL扩展库,能够连接其他服务器上的MySQL数据库,那么,以下两步无需执行。
①、以mysql用户帐号的身份建立数据表:
/usr/local/mysql/bin/mysql_install_db --datadir=/usr/local/data --user=mysql
②、启动MySQL(最后的&表示在后台运行)
/bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql &
启动后修改密码
#删除匿名用户
shell> mysql -u root
mysql> DROP USER '';
mysql> DROP USER ''@'localhost';
#为root设置密码
shell> mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');
或者
/usr/local/mysql/bin/mysqladmin -u root password 'new-password
/usr/local/mysql/bin/mysqladmin -u root -h hostname password 'new-password
#在/etc/my.cnf中增加以下两行
[mysqld]
datadir = /usr/local/mysql/data
log-error = error.log

拷贝编译目录的一个脚本,设置开机自动启动

#测试
shell>support-files/mysql.server start
shell>support-files/mysql.server stop
#设置
shell>cp support-files/mysql.server /etc/init.d/mysqld
shell>chmod +x /etc/init.d/mysqld
shell>chkconfig --add mysqld
shell>chkconfig --level 345 mysqld on

启动mysqld服务
shell>service mysqld start

编译PHP
tar zxvf php-5.2.8.tar.gz
#patch fpm
gzip -cd php-5.2.8-fpm-0.5.10.diff.gz | patch -d php-5.2.8 -p1
#安装php安全增强选项
gzip -d suhosin-patch-5.2.8-0.9.6.3.patch.gz
cd php-5.2.8/
patch -p1 -i ../suhosin-patch-5.2.8-0.9.6.3.patch
./configure --prefix=/usr/local/ --with-config-file-path=/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql  --enable-bcmath --enable-dom --enable-calendar --with-bz2 --with-zlib --with-iconv-dir=/usr/local --with-gettext --enable-mbstring --enable-mbregex --with-mime-magic --with-freetype-dir --with-jpeg-dir --with-png-dir --with-libxml-dir=/usr --enable-xml --enable-discard-path --enable-safe-mode --with-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --with-mcrypt --with-mhash --with-gd --enable-gd-native-ttf --with-ttf --with-openssl --with-kerberos --enable-sockets --enable-suhosin
make ZEND_EXTRA_LIBS='-liconv'
make install

#按需要安装Zend Optimizer
Zend官方网站下载相应CPU的版本,解压后运行./install.sh(如果你是通过远程终端安装,则运行./install-tty)按照屏幕提示操作即可。
#安装PHP扩展Extensions:
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/bin/phpize
./configure –with-php-config=/usr/local/bin/php-config –with-pdo-mysql=/usr/local/mysql
make
make install
cd ../

tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3/
/usr/local/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=/usr/local/bin/php-config
make
make install
cd ../

tar xvzf memcache-2.2.4.tar.gz
cd memcache-2.2.4
/usr/local/bin/phpize
./configure –with-php-config=/usr/local/bin/php-config
make
make install
cd ../

修改php.ini文件

查找/etc/php.ini中的extension_dir = “./”
修改为extension_dir =”/usr/local/lib/php/extensions/no-debug-non-zts-20060613/”
并在此行后增加以下几行,然后保存:
extension = “memcache.so”
extension = “pdo_mysql.so”

再查找output_buffering = Off
修改为output_buffering = On

配置eAccelerator加速PHP, 参考eAccelerator对php加速性能评估
mkdir -p /usr/local/webserver/eaccelerator_cache
vi /etc/php.ini
跳到配置文件的最末尾,加上以下配置信息:
[eaccelerator]
zend_extension=”/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”1″
eaccelerator.cache_dir=”/usr/local/webserver/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”3600″
eaccelerator.shm_prune_period=”3600″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″
eaccelerator.keys = “disk_only”
eaccelerator.sessions = “disk_only”
eaccelerator.content = “disk_only”

如果内存较大,可以用以下设置:
[eaccelerator]
zend_extension=”/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”128″
eaccelerator.cache_dir=”/usr/local/webserver/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”300″
eaccelerator.shm_prune_period=”120″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″
修改配置文件:
vi /etc/sysctl.conf
输入以下内容:
kernel.shmmax = 134217728
然后执行以下命令使配置生效:
/sbin/sysctl -p

创建Web目录

mkdir /app
chown -R nobody:nobody /app
chmod +w /app

创建php-fpm配置文件(php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi):
vi /usr/local/etc/php-fpm.conf 将配置替换为php-fpm的配置

注意php-fpm配置中的rlimit_files如果和ulimit -n现实的结果不符合,会导致出现rlimit_nofile的问题。启动php-cgi进程,监听127.0.0.1的9000端口,进程数为200(如果服务器内存小于3GB,可以只开启64个进程),用户为www:
ulimit -SHn 51200
/usr/local/sbin/php-fpm start

php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload

安装Nginx

tar zxvf pcre-7.8.tar.gz
cd pcre-7.8/
./configure
make && make install
cd ../

安装nginx

tar xvzf nginx-0.6.35.tgz
cd nginx-0.6.35
./configure –user=nobody –group=nobody –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module –with-http_gzip_static_module –with-http_perl_module –with-cc-opt=’-O2′
make;make install

配置nginx

mkdir /var/log/nginx
chmod +w /var/log/nginx
chown -R nobody:nobody /var/log/nginx

vi /usr/local/nginx/conf/nginx.conf
配置文件可参考这份nginx基本配置文件,注意需要修改log的默认格式,以便awstats分析

vi /usr/local/nginx/conf/fastcgiparam, 添加这行:
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

启动Nginx
ulimit -SHn 51200
/usr/local/nginx/sbin/nginx
配置开机自动启动Nginx + PHP
vi /etc/rc.local添加
ulimit -SHn 51200
/usr/local/sbin/php-fpm start
/usr/local/nginx/sbin/nginx

优化系统

vi /etc/sysctl.conf

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000    65000

使设置生效:/sbin/sysctl -p

修改记录:
2009/02/3
修改php编译过程中的 makefile 处理iconv编译问题,将以下处理改为本文现在的处理方式
./buildconf -force
./configure后
sed -i ‘s#-lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt#& -liconv#’ Makefile
make

2009/03/05
nginx更新为 0.6.35
修正libmcrypt的硬拷贝问题

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

系统管理

  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.

This blog is kept spam free by WP-SpamFree.