存档

2008年12月 的存档

软件使用和目录设置规范

2008年12月31日

常用系统程序操作

mysql关闭和启动
/bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql &
FastCGI启动和关闭
ulimit -SHn 51200
/usr/local/sbin/php-fpm start|stop|restart|reload|quit|logrotate

NGINX启动和关闭
/usr/local/webserver/nginx/sbin/nginx
重载nginx配置
kill -HUP 'cat /var/run/nginx.pid'
调试配置文件
nginx -t -c /etc/nginx/nginx.conf
nginx接受的信号
TERM, INT 快速关闭
QUIT 从容关闭
HUP 重载配置,用新的配置开始新的工作进程从容关闭旧的工作进程
USR1 重新打开日志文件
USR2 平滑升级可执行程序。
WINCH 从容关闭工作进程

memcached启动和关闭
/usr/local/bin/memcached -m 64m -l 127.0.0.1 -p 11211 -d -u root -P /var/run/memcached.pid -c 128 -vv
kill 'cat /var/run/memcached.pid'

配置开机自启时执行程序:修改/etc/rc.local

系统程序文件目录规范

mysql目录             /usr/local/mysql
mysql数据文件         /usr/local/data
mysql soketfile       /tmp/
mysql配置文件         /etc/my.cnf

php目录              /usr/local/
php-config目录        /usr/local/bin/php-config
php.ini              /etc/php.ini
eAccelorator Cache    /var/cache/eaccelerator_cache
php fastcgi执行文件   /usr/local/sbin/php-fpm
php fastcgi配置文件   /usr/local/etc/php-fpm.conf
php fastcgi日志    /usr/local/logs/php-fpm.log
php fastcgi pid文件  /usr/local/logs/php-fpm.pid
fastcgi接口(TCP方式) /tmp/php-cgi.sock
php扩展文件目录 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/

nginx目录             /usr/local/nginx
nginx                 /var/log/nginx
nginx配置文件     /usr/local/nginx/conf/nginx.conf
nginx pid文件     /var/run/nginx.pid
nginx logrotate文件  /usr/local/nginx/sbin/cut_nginx_log.sh
web文件目录           /app/
系统启动执行文件      /etc/rc.local 
sysctl文件        /sbin/sysctl
sysctl配置文件     /etc/sysctl.conf

memcached       /usr/local/bin/memcached
memcached PID文件   /var/run/memcached.pid

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

系统管理

Memcached安装和使用

2008年12月31日

Memcached安装

Memcached需要libevent,所以需要先安装libevent

wget "http://www.monkey.org/~provos/libevent-1.4.9-stable.tar.gz"
./configure --prefix=/usr/
make;make install

安装后libevent在/usr/libs目录下

wget http://www.danga.com/memcached/dist/memcached-1.2.6.tar.gz
./configure --with-libevent=/usr/
make;make install

安装后memcached默认在/usr/local/bin/目录下

Memcached使用

这篇memcache的使用是介绍不错,下面简介一下启动和关闭:

启动

/usr/local/bin/memcached -m 64m -l 127.0.0.1 -p 11211 -d -u root -P /var/run/memcached.pid -c 128 -vv

选项 说明
-p 使用的TCP端口。默认为11211
-m 最大内存大小。默认为64M
-vv 用very vrebose模式启动,调试信息和错误输出到控制台
-d 作为daemon在后台启动
-c 最大运行的并发连接数,默认是1024,按照服务器的负载量来设定
-P 设置保存Memcache的pid文件
-l 监听的服务器IP地址,如果有多个地址的话
-u 运行Memcache的用户,默认不能用root启动,所以当前用户为root用户时,需要用-u参数来指定

关闭
kill 'cat /var/run/memcached.pid'

测试连接
$ telnet localhost 11211
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
set foo 0 0 3     (保存命令)
bar               (数据)
STORED            (结果)
get foo           (取得命令)
VALUE foo 0 3     (数据)
bar               (数据)

这里有PHP的memcached库安装说明

VN:F [1.9.22_1171]
Rating: 3.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

系统管理

第三方网站可用性和网速监控

2008年12月26日

linkwan.com的测速工具,根据我的记忆,应该是2000年之前就有的工具, 有历史了。今天试了下,感觉很不准:baidu.com和google.com的速度在5秒左右,而taobao的速度不到0.03,这个比局域网都快了,何况taobao的网页数据比google多很多。
国内免费测速工具比较少,这个还比较可信:
http://idc.cnw.com.cn/testreport/
还有些比较专业的网站性能监测网站,网站性能监测其实包含两个层面的含义:
1、内部运维数据采集,分析,诊断;
2、外部市场活动需要以及运维表现评估。
解决这两个办法的根本是启用第三方监测公司的服务。中国国内市场上有第三方的监测公司提供最终用户表现的监测及咨询。商业级别的公司有:美国 Keynote, 美国 Gomez, 国内 Networkbench(基调网络), 和 IP-Label。 这几家公司各有长短,比如:Keynote 是 Nasdq 上市公司,Gomez 在国外拥有最大规模的 Last Mile 监测网络,Networkbench 拥有国内最多的 IDC 及 Last mile 节点,IP-Label 在欧洲的用户比较成熟。

对于国内的网站来讲,绝大部分的用户都来自中国的网民。Keynote 和 Gomez 在国内的 IDC 监测数量都少于 5 个城市,显然很难满足最低采样率所需的数据样本。IP-Label 的监测节点也太少,相比之下,Networkbench 拥有超过 40 个主要城市 IDC 的资源,对于用户分布比较广的客户显然是一个好的选择。 

更多说明请见这里: 可以参考这几个:http://tieba.baidu.com/f?kz=282336390
 
全球免费测速可以参考:
单点测试 http://tools.pingdom.com/

多点测试 http://host-tracker.com/
 
收费的第三方监控应用有alertsite.com alertra.com. 我用过的是Alertsite.com, 主要从世界各地监控你的网站和关键应用(包括下单和注册),每天自动发送监控报告,不过后来免费试用过期了,我就不用了。简单的监控每月10美金,复杂的关键应用监控,每单位79美金每月。

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

软件和工具

安装phpMyadmin3.1.1

2008年12月20日

wget http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-3.1.1-all-languages.tar.gz?download

tar -xvzf phpMyAdmin-3.1.1-all-languages.tar.gz
cp phpMyAdmin-3.1.1-all-languages  /app/public/data/pma311
cp config.sample.inc.php config.inc.php

vi config.inc.php找到 blowfish_secret, 设置加密秘钥. 然后可以直接设定$cfg[‘Servers’][$i][‘controluser’] ,$cfg[‘Servers’][$i][‘controlpass’] ;也可以由第一次登陆后由phpMyadmin自动设置。

在webserver中为pma目录建立密码 
htpasswd -c /usr/local/nginx/conf/.htpasswd  nginx
输入两遍密码后创建密码文件.htpasswd,然后在nginx的server中增加如下两行
auth_basic ‘Restricted’;
auth_basic_user_file .htpasswd;

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

系统管理 ,

nginx简单配置文件

2008年12月19日

user nobody;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 60;
tcp_nodelay on;
gzip_static on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
gzip_proxied any;
# Some version of IE 6 don't handle compression well on some mime-types,
# so just disable for them
gzip_disable "MSIE [1-6].(?!.*SV1)";
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
include             /usr/local/nginx/conf/vhosts/*;
server {
listen 80;
server_name www.leizhenfang.com;
root /app/public/www;
#charset koi8-r;
access_log logs/host.access.log main;
location / {
root /app/public/www;
index index.html index.htm index.php;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ .*\.(php|php5)?$ {
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1d;
}
}
server {
listen 80;
server_name admin.leizhenfang.com;
root /app/public/www;
access_log logs/host.access.log main;
auth_basic "Restricted";
auth_basic_user_file webadmin.pass;
location / {
root /app/public/www;
index index.html index.htm index.php;
}
location ~ .*\.(php|php5)?$ {
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 80;
server_name status.leizhenfang.com;
location / {
stub_status on;
access_log off;
}
}
}

其中webadmin.pass是在conf目录下的htpasswd生成的文件

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

系统管理

php-fpm配置

2008年12月19日

<?xml version="1.0" ?> 
<configuration> 
 
  All relative paths in this config are relative to php's install prefix  
 
  <section name="global_options"> 
 
    Pid file  
    <value name="pid_file">/usr/local/logs/php-fpm.pid</value> 
 
    Error log file  
    <value name="error_log">/usr/local/logs/php-fpm.log</value> 
 
    Log level  
    <value name="log_level">notice</value> 
 
    When this amount of php processes exited with SIGSEGV or SIGBUS ...  
    <value name="emergency_restart_threshold">10</value> 
 
    ... in a less than this interval of time, a graceful restart will be initiated.  
    Useful to work around accidental curruptions in accelerator's shared memory.  
    <value name="emergency_restart_interval">1m</value> 
 
    Time limit on waiting child's reaction on signals from master  
    <value name="process_control_timeout">5s</value> 
 
    Set to 'no' to debug fpm  
    <value name="daemonize">yes</value> 
 
  </section> 
 
  <workers> 
 
    <section name="pool"> 
 
      Name of pool. Used in logs and stats.  
      <value name="name">default</value> 
 
      Address to accept fastcgi requests on.  
      Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'  
      <value name="listen_address">127.0.0.1:9000</value> 
 
      <value name="listen_options"> 
 
        Set listen(2) backlog  
        <value name="backlog">-1</value> 
 
        Set permissions for unix socket, if one used.  
        In Linux read/write permissions must be set in order to allow connections from web server.  
        Many BSD-derrived systems allow connections regardless of permissions.  
        <value name="owner"></value> 
        <value name="group"></value> 
        <value name="mode">0666</value> 
      </value> 
 
      Additional php.ini defines, specific to this pool of workers.  
      <value name="php_defines"> 
        <value name="sendmail_path">/usr/sbin/sendmail -t -i</value> 
        <value name="display_errors">1</value> 
      </value> 
 
      Unix user of processes  
        <value name="user">nobody</value> 
 
      Unix group of processes  
        <value name="group">nobody</value> 
 
      Process manager settings  
      <value name="pm"> 
 
        Sets style of controling worker process count.  
        Valid values are 'static' and 'apache-like'  
        <value name="style">static</value> 
 
        Sets the limit on the number of simultaneous requests that will be served.  
        Equivalent to Apache MaxClients directive.  
        Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi  
        Used with any pm_style.  
        <value name="max_children">128</value> 
 
        Settings group for 'apache-like' pm style  
        <value name="apache_like"> 
 
          Sets the number of server processes created on startup.  
          Used only when 'apache-like' pm_style is selected  
          <value name="StartServers">20</value> 
 
          Sets the desired minimum number of idle server processes.  
          Used only when 'apache-like' pm_style is selected  
          <value name="MinSpareServers">5</value> 
 
          Sets the desired maximum number of idle server processes.  
          Used only when 'apache-like' pm_style is selected  
          <value name="MaxSpareServers">35</value> 
 
        </value> 
 
      </value> 
 
      The timeout (in seconds) for serving a single request after which the worker process will be terminated  
      Should be used when 'max_execution_time' ini option does not stop script execution for some reason  
      '0s' means 'off'  
      <value name="request_terminate_timeout">0s</value> 
 
      The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file  
      '0s' means 'off'  
      <value name="request_slowlog_timeout">0s</value> 
 
      The log file for slow requests  
      <value name="slowlog">logs/slow.log</value> 
 
      Set open file desc rlimit  
      <value name="rlimit_files">51200</value> 
 
      Set max core size rlimit  
      <value name="rlimit_core">0</value> 
 
      Chroot to this directory at the start, absolute path  
      <value name="chroot"></value> 
 
      Chdir to this directory at the start, absolute path  
      <value name="chdir"></value> 
 
      Redirect workers' stdout and stderr into main error log.  
      If not set, they will be redirected to /dev/null, according to FastCGI specs  
      <value name="catch_workers_output">yes</value> 
 
      How much requests each process should execute before respawn.  
      Useful to work around memory leaks in 3rd party libraries.  
      For endless request processing please specify 0  
      Equivalent to PHP_FCGI_MAX_REQUESTS  
      <value name="max_requests">500</value> 
 
      Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.  
      Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)  
      Makes sense only with AF_INET listening socket.  
      <value name="allowed_clients">127.0.0.1</value> 
 
      Pass environment variables like LD_LIBRARY_PATH  
      All $VARIABLEs are taken from current environment  
      <value name="environment"> 
        <value name="HOSTNAME">$HOSTNAME</value> 
        <value name="PATH">/usr/local/bin:/usr/bin:/bin</value> 
        <value name="TMP">/tmp</value> 
        <value name="TMPDIR">/tmp</value> 
        <value name="TEMP">/tmp</value> 
        <value name="OSTYPE">$OSTYPE</value> 
        <value name="MACHTYPE">$MACHTYPE</value> 
        <value name="MALLOC_CHECK_">2</value> 
      </value> 
 
    </section> 
 
  </workers> 
 
</configuration>

如果内存较小,可以考虑使用以下修改:
将启动的php-cgi进程数由原来的128个改为5个:
<value name=”max_children”>5</value>
将TCP模式改为Unix Socket模式:

<value name=”listen_address”>/tmp/php-cgi.sock</value>

VN:F [1.9.22_1171]
Rating: 10.0/10 (2 votes cast)
VN:F [1.9.22_1171]
Rating: -1 (from 1 vote)

系统管理

服务器配置

2008年12月14日

我们安装的操作系统是CentOS 5.1, 最新版本是CentOS5.2, 服务器环境是Nginx+PHP5.2FastCGI方式

首先看一下需要的配置类库,由于我们使用的是ZendFramework + PEAR, 我们先看一下Zendframework所需要 PHP 内建支持的扩展,其中不是每一个被 Zend Framework 使用的扩展都要应用在程序中。 使用方式“依赖”表示当扩展不可用时,组件或者类也不可使用。 使用方式“可选”表示当扩展不可用时,组件或者类自动使用代替方案。

我们使用yum的自动类库更新(yum简介):

sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-libs krb5-devel libidn libidn-devel openssl openssl-devel

下载其他软件

mkdir -p /home/software
cd /home/software
#nginx6.35(最新的stable版本)
wget http://sysoev.ru/nginx/nginx-0.6.35.tar.gz
#获得PHP的最新版本
wget http://www.php.net/get/php-5.2.8.tar.gz/from/this/mirror
wget http://php-fpm.anight.org/downloads/head/php-5.2.8-fpm-0.5.10.diff.gz
wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.30.tar.gz/from/http://mirrors.24-7-solutions.net/pub/mysql/
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz
wget http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz
wget http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.7.tar.gz
wget http://download.suhosin.org/suhosin-patch-5.2.8-0.9.6.3.patch.gz
wget http://pecl.php.net/get/memcache-2.2.4.tgz
wget http://downloads.sourceforge.net/mhash/mhash-0.9.9.tar.gz?modtime=1175740843&big_mirror=0
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz
wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
wget http://downloads.sourceforge.net/phpxmlrpc/xmlrpc-2.2.1.tar.gz
wget ftp://ftp.gnu.org/gnu/gettext/gettext-0.17.tar.gz
wget http://www.libgd.org/releases/gd-2.0.35.tar.gz
wget http://downloads.sourceforge.net/pspell/pspell-.12.2.tar.gz

本文主要参考Nginx+PHP5.2配置指南,并根据版本的更新对部分函数版本号做了一定修改

tar zxvf libiconv-1.12.tar.gz
cd libiconv-1.12/
./configure –prefix=/usr/local
make
make install
cd ../
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure –enable-ltdl-install
make
make install
cd ../../

tar zxvf mhash-0.9.9.tar.gz
cd mhash-0.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

tar zxvf mcrypt-2.6.7.tar.gz
cd mcrypt-2.6.7/
/sbin/ldconfig
./configure
make
make install
cd ../

tar -xvzf gettext-0.17.tar.gz
cd gettext-0.17
./configure
make
make install

tar -xvzf gd-2.0.35.tar.gz
cd gd-2.0.35
./configure
make
make install

2、编译安装MySQL 5.1.30

以下为编译方法,由于编译时间很长,推荐二进制下载(AMD64格式),二进制文件安装指南.

/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
tar zxvf mysql-5.1.30.tar.gz
cd mysql-5.1.30/
./configure --prefix=/usr/local/mysql --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile  --disable-shared (如果内存较大可以用--with-innodb)

make && make install
chmod +w /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql
cp support-files/my-medium.cnf /etc/my.cnf
cd ../

附:以下为附加步骤,如果你想在这台服务器上运行MySQL数据库,则执行以下两步。如果你只是希望让PHP支持MySQL扩展库,能够连接其他服务器上的MySQL数据库,那么,以下两步无需执行。
①、以mysql用户帐号的身份建立数据表:
/usr/local/mysql/bin/mysql_install_db --datadir=/usr/local/data --user=mysql
②、启动MySQL(最后的&表示在后台运行)
/bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql &
启动后修改密码
#删除匿名用户
shell> mysql -u root
mysql> DROP USER '';
mysql> DROP USER ''@'localhost';
#为root设置密码
shell> mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');
或者
/usr/local/mysql/bin/mysqladmin -u root password 'new-password
/usr/local/mysql/bin/mysqladmin -u root -h hostname password 'new-password
#在/etc/my.cnf中增加以下两行
[mysqld]
datadir = /usr/local/mysql/data
log-error = error.log

拷贝编译目录的一个脚本,设置开机自动启动

#测试
shell>support-files/mysql.server start
shell>support-files/mysql.server stop
#设置
shell>cp support-files/mysql.server /etc/init.d/mysqld
shell>chmod +x /etc/init.d/mysqld
shell>chkconfig --add mysqld
shell>chkconfig --level 345 mysqld on

启动mysqld服务
shell>service mysqld start

编译PHP
tar zxvf php-5.2.8.tar.gz
#patch fpm
gzip -cd php-5.2.8-fpm-0.5.10.diff.gz | patch -d php-5.2.8 -p1
#安装php安全增强选项
gzip -d suhosin-patch-5.2.8-0.9.6.3.patch.gz
cd php-5.2.8/
patch -p1 -i ../suhosin-patch-5.2.8-0.9.6.3.patch
./configure --prefix=/usr/local/ --with-config-file-path=/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql  --enable-bcmath --enable-dom --enable-calendar --with-bz2 --with-zlib --with-iconv-dir=/usr/local --with-gettext --enable-mbstring --enable-mbregex --with-mime-magic --with-freetype-dir --with-jpeg-dir --with-png-dir --with-libxml-dir=/usr --enable-xml --enable-discard-path --enable-safe-mode --with-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --with-mcrypt --with-mhash --with-gd --enable-gd-native-ttf --with-ttf --with-openssl --with-kerberos --enable-sockets --enable-suhosin
make ZEND_EXTRA_LIBS='-liconv'
make install

#按需要安装Zend Optimizer
Zend官方网站下载相应CPU的版本,解压后运行./install.sh(如果你是通过远程终端安装,则运行./install-tty)按照屏幕提示操作即可。
#安装PHP扩展Extensions:
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/bin/phpize
./configure –with-php-config=/usr/local/bin/php-config –with-pdo-mysql=/usr/local/mysql
make
make install
cd ../

tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3/
/usr/local/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=/usr/local/bin/php-config
make
make install
cd ../

tar xvzf memcache-2.2.4.tar.gz
cd memcache-2.2.4
/usr/local/bin/phpize
./configure –with-php-config=/usr/local/bin/php-config
make
make install
cd ../

修改php.ini文件

查找/etc/php.ini中的extension_dir = “./”
修改为extension_dir =”/usr/local/lib/php/extensions/no-debug-non-zts-20060613/”
并在此行后增加以下几行,然后保存:
extension = “memcache.so”
extension = “pdo_mysql.so”

再查找output_buffering = Off
修改为output_buffering = On

配置eAccelerator加速PHP, 参考eAccelerator对php加速性能评估
mkdir -p /usr/local/webserver/eaccelerator_cache
vi /etc/php.ini
跳到配置文件的最末尾,加上以下配置信息:
[eaccelerator]
zend_extension=”/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”1″
eaccelerator.cache_dir=”/usr/local/webserver/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”3600″
eaccelerator.shm_prune_period=”3600″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″
eaccelerator.keys = “disk_only”
eaccelerator.sessions = “disk_only”
eaccelerator.content = “disk_only”

如果内存较大,可以用以下设置:
[eaccelerator]
zend_extension=”/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”128″
eaccelerator.cache_dir=”/usr/local/webserver/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”300″
eaccelerator.shm_prune_period=”120″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″
修改配置文件:
vi /etc/sysctl.conf
输入以下内容:
kernel.shmmax = 134217728
然后执行以下命令使配置生效:
/sbin/sysctl -p

创建Web目录

mkdir /app
chown -R nobody:nobody /app
chmod +w /app

创建php-fpm配置文件(php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi):
vi /usr/local/etc/php-fpm.conf 将配置替换为php-fpm的配置

注意php-fpm配置中的rlimit_files如果和ulimit -n现实的结果不符合,会导致出现rlimit_nofile的问题。启动php-cgi进程,监听127.0.0.1的9000端口,进程数为200(如果服务器内存小于3GB,可以只开启64个进程),用户为www:
ulimit -SHn 51200
/usr/local/sbin/php-fpm start

php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload

安装Nginx

tar zxvf pcre-7.8.tar.gz
cd pcre-7.8/
./configure
make && make install
cd ../

安装nginx

tar xvzf nginx-0.6.35.tgz
cd nginx-0.6.35
./configure –user=nobody –group=nobody –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module –with-http_gzip_static_module –with-http_perl_module –with-cc-opt=’-O2′
make;make install

配置nginx

mkdir /var/log/nginx
chmod +w /var/log/nginx
chown -R nobody:nobody /var/log/nginx

vi /usr/local/nginx/conf/nginx.conf
配置文件可参考这份nginx基本配置文件,注意需要修改log的默认格式,以便awstats分析

vi /usr/local/nginx/conf/fastcgiparam, 添加这行:
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

启动Nginx
ulimit -SHn 51200
/usr/local/nginx/sbin/nginx
配置开机自动启动Nginx + PHP
vi /etc/rc.local添加
ulimit -SHn 51200
/usr/local/sbin/php-fpm start
/usr/local/nginx/sbin/nginx

优化系统

vi /etc/sysctl.conf

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000    65000

使设置生效:/sbin/sysctl -p

修改记录:
2009/02/3
修改php编译过程中的 makefile 处理iconv编译问题,将以下处理改为本文现在的处理方式
./buildconf -force
./configure后
sed -i ‘s#-lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lcrypt#& -liconv#’ Makefile
make

2009/03/05
nginx更新为 0.6.35
修正libmcrypt的硬拷贝问题

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

系统管理

防火墙简单设置

2008年12月14日

使用iptables:

IPtables是Linux系统核心之一,我们使用的操作系统是CentOS,安装后默认只打开了22端口,下面举例说明如何用iptables打开的80端口:

    vi /etc/sysconfig/iptables

添加 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3001 -j ACCEPT

    /sbin/service iptables restart 重新启动服务

检查结果 /sbin/iptables -L -n

    Iptables指南

安装和使用APF

APF, Advanced Policy Firewall,是 Rf-x Networks 出品的Linux下比较流行的软件防火墙。它是iptables的一个界面脚本 。

下载安装APF
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

  tar -xzvf apf-current.tar.gz

  cd apf-版本

  ./install.sh

配置APF

  vi /etc/apf/conf.apf
  
  将 USE_DS=”0″ 更改为 USE_DS=”1″ ;把 USE_AD=”0″更改为 USE_AD=”1″ 。
  
  配置端口,cPanel下的推荐:
  
  cPanel
  IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
  IG_UDP_CPORTS=”21,53,873″
  
  EGF=”1″
  EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
  EG_UDP_CPORTS=”20,21,37,53,873″

配置完成后保存退出,并启动APF防火墙:

  /usr/local/sbin/apf -s

  请注意,此时防火墙是运行在调试模式,每五分钟重洗配置。这样能避免因为错误的配置而使服务器瘫痪。

  确保配置无误后,再次进入配置文件(vi /etc/apf/conf.apf),将 DEVM=”1″ 更改为 DEVM=”0″ 。这样APF就会运行在常规模式下。

  重启APF(/usr/local/sbin/apf -s)。

  注意事项:如果你的Linux内核将iptables直接编译而非模块模式的话,请将配置文件中的 MONOKERN=”0″ 更改为 MONOKERN=”1″ 。

使用APF防止DDOS攻击

      配置目录在(/etc/apf/ad)。其日志文件保存在/var/log/apfados_log。

  下面我们将配置APF使其遇到DoS后发送电子邮件给管理员。

  打开配置文件:

  vi /etc/apf/ad/conf.antidos
  查找 [E-Mail Alerts] 。

  CONAME=”Your Company” 填写网站或公司名称。

  将 USR_ALERT=”0″ 更改为 USR_ALERT=”0″ ,从而使系统发送电子邮件。

  USR=”your@email.com” 填写电子邮件地址。

  保存并退出,重启APF(/usr/local/sbin/apf -r)。

设置系统重启后自动打开APF

  让系统每次重新启动后自动运行APF:  chkconfig –level 2345 apf on

  关闭自动启动:  chkconfig –del apf

APF所有选项

Option: Change: Description:
DEVM Yes When set to “1”, a 5 minute cronjob is set that will flush the firewall.When first configuring your firewall, leave this as enabled(“1”), and when you are sure everything is set up properly, set this to disabled(“0”).
FWPATH Rarely Path of firewall installationRarely do you have to change this value.
IF Sometimes Network interface to firewall.If the network interface you wish to firewall is not on ‘eth0’, then you will have to change this to the correct interface.
MONOKERN Rarely Support Monolithic kernel builds [no LKM’s]You should change this value if iptables is not compiled as a module. (If you have iptables installed, and APF complains about iptables without setting up the firewall)
TCP_STOP Rarely How to handle TCP packet filteringYou should leave this value as “DROP”
UDP_STOP Rarely How to handle UDP packet filteringYou should leave this value as “DROP”
DSTOP Rarely How to handle all other packet filteringYou should leave this value as “DROP”
ICMP_LIM Rarely Packet/time ratio for ICMP packets before dropping packets.If there is a chance that host may legitimately ping you more frequently then you may need to change this value. This option reduces the amount of traffic being sent out if someone attacks you through ICMP.
BLK_MCATNET Yes Block multicastingUnless you need multicasting, you should set this to enable(“1”), just in case.
BLK_PRVNET Yes Block all private ipv4 addressesUnless the server resides behind a firewall with NAT, you should enable(“1”) this. Setting this option to enable reduces the chance of spoof attacks.
BLK_RESNET Sometimes Block all ipv4 address space marked reserved for future useThere is a chance that some of the address space listed may become live ips, so either enable(“1”), and make sure your ‘/etc/apf/internals/ reserved.networks’ file is up to date, or just leave it disabled(“0”).
USE_DS Sometimes Use DShield.org’s “block” list of top networks that have exhibited suspicious activityThis top list is a list of the top 20 attacking class C subnets over a 3 day period. It is safe to enable(“1”) this option. If you are interested in seeing this list, you can find it here: http://feeds.dshield.org/block.txt
USE_AD Sometimes Import our ad.rules ban list generated by antidosThis essentially enables the antidos section of the APF firewall, and requires you to modify the ‘/etc/apf/ad/conf.antidos’ file.
CDPORTS Sometimes Common drop ports; these ports do not get logged
Ingress (inbound)
IG_TCP_CPORTS Yes Common ingress (inbound) TCP portsThe default value for this is 22 (SSH Port). You may want to add (seperated by a comma ‘,’):
– FTP port (21)
– DNS (53)
– HTTP port (80)
– HTTP SSL port (443)
– SMTP (25) SSL (465)
– POP (110) SSL (995)
– IMAP (143) SSL (993)
– CPANEL (2082) SSL (2083)
– WHM (2086) SSL (2087)
– CPANEL WebMail (2095) SSL (2096)
– for FTP connections (6000_7000)
(to indicate a range, you indicate with a ‘_’ character. ie: 6000_7000)For a more complete list of ports and services located on them, check your ‘/etc/services’ file.
IG_UDP_CPORTS Yes Common ingress (inbound) UDP portsThe default value for this is nothing. You may want to add (seperated by a comma ‘,’):
– FTP data port (20)
– FTP (21)
– DNS (53)
(to indicate a range, you indicate with a ‘_’ character. ie: 6000_7000)For a more complete list of ports and services located on them, check your ‘/etc/services’ file.
IG_ICMP_CPORTS Sometimes Common ICMP (inbound) typesThe default value should be enough, but if you want to block certain ICMP types, look at the ‘/etc/apf/internals/icmp.types’ file to find out what each code means.
Egress (outbound)
EGF Sometimes Egress filtering [0 = Disabled / 1 = Enabled]If you wish to enable Egress filtering, set this to enabled(1). If you set this to disabled, skip the whole Egress section. Egress filtering will block all outgoing ports, so the server will only be able to connect outwards on the ports provided in the next variables.
EG_TCP_CPORTS Sometimes Common egress (outbound) TCP portsThe FAQ section in the Cpanel website suggests the following ports:
21, 25, 26, 37, 43, 53, 80, 113, 465, 873, 2089, 3306(873 and 2089 are supposidely used for the cpanel update script)For a more complete list of ports and services located on them, check your ‘/etc/services’ file.
EG_UDP_CPORTS Sometimes Common egress (outbound) UDP portsThe FAQ section in the Cpanel website suggests the following ports:
20, 21, 53, 465, 873(873 is supposidely used for the cpanel update script)For a more complete list of ports and services located on them, check your ‘/etc/services’ file.
EG_ICMP_CPORTS Sometimes Common ICMP (outbound) typesThe default value should be enough, but if you want to block certain ICMP types, look at the ‘/etc/apf/internals/icmp.types’ file to find out what each code means.
Log paths and control settings
IPTLOG Rarely Status log pathThe location and file name of the log file to be used.
DROP_LOG Rarely Log TCP/UDP DROP chains [required for antidos]. Data logged to kernel logThe default value of enabled(“1”) should be good for most situations, unless you do not want your kernel log file to get clogged with this type of data. Remeber, this is required to be enabled if you enable antidos.
LRATE Rarely Max firewall events to log per/minute. Log events exceeding these limits will be lost!The default value should be sufficent. Altering this value may alter the efficency of the antidos.
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

系统管理

EAV表建模探索

2008年12月11日

EAV模型代表Entity-Attribute-Value,最早用于医学用途,医生在就诊时需要记录很多病人的参数,如体温,年龄,过敏药等情况,而这些参数并不是每个病人都需要记录的。

由于商品的多样性,用EAV表来描述商品的各种属性也很合适。老牌电子商务应用oscommerce的表设计(为了简洁,我将商品属性名和属性值的关系表略去):

 

 

 

 

 

 

-- 商品表
CREATE TABLE `products` (
`id` int(11) NOT NULL auto_increment,
`products_name` varchar(50) default NULL,
PRIMARY KEY (`id`)
);

-- 商品属性表

 

 

 

 

 

CREATE TABLE `products_attributes` (
`id` int(11) NOT NULL auto_increment,
`products_id` int(11) NOT NULL default '0',
`attribute_name` varchar(50) default NULL,
PRIMARY KEY (`id`),
KEY `products_id_attribute_name` (`products_id`,`attribute_name`)

);

-- 属性值

CREATE TABLE `attribute_values` (

`attribute_id` int(11) NOT NULL default '0',

`attribute_value` varchar(100) default NULL,

UNIQUE KEY `attribute_id` (`attribute_id`,`attribute_value`)

);

 

 

 

 

 

 

EAV表模型带来了数据的灵活性,是的增加对象的属性不需要用增加数据库的字段,有很高的灵活性。但是EAV表也有较大的性能问题。通常,EAV表带来的一个问题是当查找多个字段时,需要进行关联查询join,这样的查询效率比较低。为了提高查询效率,我们可以对商品属性表进行矩阵转积处理(pivoting),

 

 

 

 

 

 

"SELECT
items.item_name,
ia.attribute_name,
av.attribute_value
FROM
attribute_values AS av

JOIN item_attributes AS ia

ON (ia.id = av.attribute_id)

JOIN items AS items

ON (items.id = ia.item_id);

";

 

 

 

 

 

一种方式是在php代码中读出后存入memcache, 当修改attributes表后php触发更新memcache或用cron定期更新;另一种方法是将关联信息组成一张大的临时表,或者view(mysql 5), 利于warehouse的查询,数据的更新可以用数据库的触发器触发更新。由于大量数据在php中进行处理带来了DB的额外IO和服务器性能问题,比较建议用后一种方式更新。

著名的ecommerce软件magento就采用了EAV表作为核心架构,下面看一下通常的表设计:
这里是EAV表的设计:

EAV表设计

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

magento的做法是遵循php|architect的一些建议,通常有如下表等:

CREATE TABLE field_names (
fid INT UNSIGNED PRIMARY KEY AUTO_INCREMENT,
field_name VARCHAR(50) NOT NULL DEFAULT '',
field_type ENUM('VARCHAR', 'INTEGER', 'DOUBLE',
'DATE', 'TEXT') NOT NULL DEFAULT 'VARCHAR',
UNIQUE KEY (field_name)

);

CREATE TABLE varchar_values (

vid INT UNSIGNED PRIMARY KEY AUTO_INCREMENT,

value VARCHAR(255) NOT NULL DEFAULT '',

UNIQUE KEY (value)

);

CREATE TABLE integer_values (

vid INT UNSIGNED PRIMARY KEY AUTO_INCREMENT,

value INT(11) NOT NULL DEFAULT 0,

UNIQUE KEY (value)

);

CREATE TABLE double_values (

vid INT UNSIGNED PRIMARY KEY AUTO_INCREMENT,

value DOUBLE NOT NULL DEFAULT 0,

UNIQUE KEY (value)

);

CREATE TABLE date_values (

vid INT UNSIGNED PRIMARY KEY AUTO_INCREMENT,

value DATE NOT NULL DEFAULT '0000-00-00',

UNIQUE KEY (value)

);

CREATE TABLE text_values (

vid INT UNSIGNED PRIMARY KEY AUTO_INCREMENT,

value TEXT NOT NULL DEFAULT '',

UNIQUE KEY (value(100))

);

 

 

 

 

 

可以定义一些mysql函数,方便数据类型到具体表的转换

CREATE FUNCTION `value_display` (`type` enum('NUMBER', 'ENUM', 'DATE', 'TIME', 'TEXT'), `value` INT, `option` VARCHAR(255), `text` TEXT, `precision` INT, `date_format` VARCHAR(50)) RETURNS VARCHAR(255) CHARACTER SET latin1 NO SQL
BEGIN
  CASE type
    WHEN 'NUMBER' THEN RETURN `value` / POW(10, `precision`);
    WHEN 'ENUM' THEN RETURN `option`;
    WHEN 'DATE' THEN RETURN DATE_FORMAT(FROM_DAYS(`value`), `date_format`);

    WHEN 'TIME' THEN RETURN FROM_UNIXTIME(`value`, `date_format`);

    WHEN 'TEXT' THEN RETURN `text`;

    ELSE RETURN NULL;

  END CASE;

 

  RETURN NULL;

END;

 

 

 

 

 

当使用EAV表模型时,InnoDB比MYISAM的性能要好不少。

VN:F [1.9.22_1171]
Rating: 9.0/10 (2 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

程序开发

百度SEO:加速收录的方式

2008年12月10日

1,在http://www.baidu.com/search/url_submit.html 上提交
2,在http://www.google.com/addurl/?hl=zh-CN&continue=/addurl上提交
3,现在自有资源网站放上友链
4,百度百科、知道、贴吧放置外链
5,现有博客资源放置外链
6,Google网站管理员工具,提交sitemaps

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

搜索引擎 ,