C1G军火库

expires有效，防盗链失效
location ~* ^.+\.(jpg|jpeg|gif|png|css|js|swf)$ {
access_log off;
root /opt/htdocs/career;
expires 1h;
#break;
}

location ~* ^.+\.(jpg|jpeg|gif|png|swf|rar|zip)$ {
valid_referers none blocked *.c1gstudio.com;
if ($invalid_referer) {
rewrite ^/ http://leech.c1gstudio.com/leech.gif;
return 412;
}
}


只有js和css的expire有效，防盗链有效

location ~* ^.+\.(jpg|jpeg|gif|png|swf|rar|zip)$ {
valid_referers none blocked *.c1gstudio.com;
if ($invalid_referer) {
rewrite ^/ http://leech.c1gstudio.com/leech.gif;
return 412;
}
}
location ~* ^.+\.(jpg|jpeg|gif|png|css|js|swf)$ {
access_log off;
root /opt/htdocs/career;
expires 1h;
#break;
}

让expire和防盗链都有效

location ~* ^.+\.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ {
valid_referers none blocked *.c1gstudio.com;
if ($invalid_referer) {
rewrite ^/ http://leech.c1gstudio.com/leech.gif;
return 412;
}
access_log off;
root /opt/htdocs/career;
expires 1h;
break;

}


使用nginx架构的php应用负载5以下达到了日pv三百五十万，平均连接数六千多，并且保持了不错的响应速度。
具体安装:
nginx+php(FCGI)+xcache+mysql on as4

以下为awstats一天的详细统计数据

广告系统（简单php+js)

sns(一般复杂php+mysql)

文章(简单php+mysql)

discuz6(php+mysql)

一般复杂php+mysql

商店(简单php+mysql)

软件
os:as4
app:nginx 0.62+php5.26(fcgi)+mysql5.16+xcache+postfix
nginx:4

keepalive_timeout 60

phpcgi:50
mysql:

key_buffer_size = 160M
query_cache_size = 64M
query_cache_limit = 2M #default=1M
query_cache_min_res_unit = 2k #default=4K

max_allowed_packet = 16M
table_cache = 768

tmp_table_size = 128M #default=16M
max_heap_table_size = 128M #default=16M

read_buffer_size = 2M
read_rnd_buffer_size = 8M

sort_buffer_size = 32M
join_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 80 #default=0
thread_stack = 192K #default=192K

thread_concurrency = 8 #default=10
max_connection = 100
max_connect_errors = 100
wait_timeout = 10

硬件
cpu :2颗双核至强 1.60GHz
mem:1G*2
harddisk:scsi 74G*1

负载
主要应用为discuz ，六十万会员，每日1.5万贴，db大小为三百多兆,其中php的javascript缓存占了大部分。
论坛平均一小时在线五千多人,高峰为七千.

nginx status
Active connections: 6845
server accepts handled requests
 14859839 14859839 56220725
Reading: 12 Writing: 15 Waiting: 6818
高峰时同时连接达八千多

top(高峰时load可达十几)

top - 14:45:37 up 35 days, 21:51,  1 user,  load average: 3.82, 3.78, 
Tasks: 202 total,   1 running, 201 sleeping,   0 stopped,   0 zombie
Cpu(s): 21.6% us,  4.1% sy,  0.0% ni, 70.5% id,  3.7% wa,  0.1% hi,  0
Mem:   2073976k total,  1985372k used,    88604k free,    83884k buffe
Swap:  2040244k total,     4336k used,  2035908k free,  1267284k cache

 

 

 

 

mysql统计

服务器已经运行了 0 天 2 小时，23 分 55 秒
连接   ø 每小时   %
max. concurrent connections  65  ---  ---
尝试失败  46  18.55  0.02%(firefox每次刷新都会加2，不明白)
中止  1,699  685.08  0.83%
统计  206 k  82.97 k  100.00%

2008-10-10
修改expire增加到3天，来降低http连接(参考discuz.net的10天)
日志不记录图片的请求
效果：Active connections降低一半多。负载降低了四分之一左右。

mem < 2G, swap = 2G
mem > 2G, mem < 8G, swap=mem
mem > 8G, swap=8G

不装oracle时2Gswap就可以了

用nmap扫了下服务器发现631端口是打开的。

631/tcp open ipp

//先检查下
#ps aux|grep cups

//关闭服务
#service cups stop

//查看自启动
#chkconfig –list cups
cups            0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭

//关闭自启动服务
#chkconfig –level 2345 cups off

//再检查下
#chkconfig –list cups
cups            0:关闭  1:关闭  2:关闭  3:关闭  4:关闭  5:关闭  6:关闭

============================我是分割线===================

8009/tcp  open     ajp13

8009端口是tomcat和apache的mod_proxy_ajp,mod_jk沟通的端口，我这里apache纯做代理所以可以关闭。

tomcatpath/conf/server.xml 中的这段注释掉
 <!–
    <Connector port=”8009″ protocol=”AJP/1.3″ redirectPort=”8443″ />
    –>

重启tomcat

收工~

系统设置为“完整格式” 如: http://www.wjob.com.cn/index.php/index.html

[code]

             location ~ .*\.php?$
             {
                  #fastcgi_pass  unix:/tmp/php-cgi.sock;
                  fastcgi_pass  127.0.0.1:9000;
                  fastcgi_index index.php;
                  include fcgi.conf;     
             }

             location ~* ^/index.php/
             {
    rewrite ^/index.php/(.*) /index.php?$1 break;
                  fastcgi_pass  127.0.0.1:9000;
                  fastcgi_index index.php;
                  include fcgi.conf;
             }

[/code]

修改wwwroot/cgi-bin/awstats.pl 

7851行增加日期下拉框

[code]
    print “<select class=\”aws_formfield\” name=\”day\”>\n”;
    foreach (1..31) {
     my $dayix=sprintf(”%02s”,$_);
     print “<option”.(”$DayRequired” eq “$dayix”?” selected=\”true\”":”").” value=\”$dayix\”>$dayix</option>\n”;
    }
    print “</select>\n”;
[/code]

7871行增加databasebreak参数

[code]
    if ($DatabaseBreak) { print “<input type=\”hidden\” name=\”DatabaseBreak\” value=\”$DatabaseBreak\” />\n”; }
[/code]

命令行统计增加:-databasebreak=day

查看报表时地址栏需增加:&databasebreak=day&day=DD

以下为查看页代码 
[code]

<script>  
 var   d   =   new   Date();  
 d.setTime(d.setDate(d.getDate()-1));  
 var day=d.getDate();  

 var srv = new Array();

 srv[0]=’www.c1gstudio.com’;
 srv[1]=’bbs.c1gstudio.com’;
 srv[2]=’blog.c1gstudio.com’;
 srv[3]=’admin.c1gstudio.com’;

 for (var i=0;i<srv.length ;i++ )
 {
 document.writeln(’<p><a href=”http://admin.c1gstudio.com/cgi-bin/awstats.pl?config=’+srv[i]+’&databasebreak=day&day=’+day+’” target=”_blank”>http://admin.c1gstudio.com/cgi-bin/awstats.pl?config=’+srv[i]+’</a></p>’);
 }
 document.writeln(’<hr>’);
[/code]

参考：
http://blogger.org.cn/blog/more.asp?name=chenjiejacky&id=20464
http://www.chedong.com/blog/archives/001293.html#more

#tail logs/access_log

::1 - - [18/Sep/2008:13:56:34 +0800] “GET / HTTP/1.0″ 200 843 “-” “Apache (internal dummy connection)”
::1 - - [18/Sep/2008:13:56:34 +0800] “GET / HTTP/1.0″ 200 843 “-” “Apache (internal dummy connection)”
::1 - - [18/Sep/2008:13:56:34 +0800] “GET / HTTP/1.0″ 200 843 “-” “Apache (internal dummy connection)”
::1 - - [18/Sep/2008:13:56:34 +0800] “GET / HTTP/1.0″ 200 843 “-” “Apache (internal dummy connection)”
::1 - - [18/Sep/2008:13:56:34 +0800] “GET / HTTP/1.0″ 200 843 “-” “Apache (internal dummy connection)”

修改httpd.conf

    SetEnvIf Remote_Addr “::1″ dontlog
    CustomLog logs/access_log combined  env=!dontlog

举例有html内容如下
<table class=”data”>
<tr   class=”abc”>
<td class=”row1″>abc</td>
<td  width=”200″ class=”row2″>abc</td>
<td class=”row3″ style=”padding:5px” >abc</td>
</tr>
</table>

需将<td >中的内容清空.
用editplus打开，shift+H.
查找内容：<td[^>]*
替换内容：<td
勾上使用正则表达式
解释：查找以“<td”开始的字符,下一个或第N个字符不为”>”的行

也可以这样
查找内容：<td(.*)>(.*)</td>
替换内容：<td>\2</td>
解释：查找以“<td”开始，以</td>结束，中间以”>”分成两段，最出只输出第二段。

默认配置当你访问http://abc.example.com/dir 时不会加”/”

常见做法
[code]
      if (-d $request_filename){
  rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
      }
[/code]

更佳的替代方法

optimize_server_names off;＃优化服务器名称：关
server_name_in_redirect off;＃服务器名称重定向：关

http://wiki.codemongers.com/NginxHttpCoreModule#optimize_server_names

apache限制ip方法
<virtualhost 222.222.222.222>
documentroot “/opt/htdocs/www/”
servername admin.c1gstudio.com

<Directory “/opt/htdocs/www/”>
    Options IncludesNoExec FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 222.222.222.222 111.111.111.111
</Directory>
</virtualhost>

使用ngx_http_access_module限制ip访问

官方示例
http://wiki.codemongers.com/NginxHttpAccessModule#allow
[code]
location / {
    deny    192.168.1.1;
    allow   192.168.1.0/24;
    allow   10.1.1.0/16;
    deny    all;
}
[/code]

改成自已的
[code]
location / {
    allow   127.0.0.1;
    allow   222.222.222.222;#服务器ip
    allow   111.111.111.111;#自已电脑的ip
    deny    all;
}

             location ~ .*\.php?$
             {
                  #fastcgi_pass  unix:/tmp/php-cgi.sock;
                  fastcgi_pass  127.0.0.1:9000;
                  fastcgi_index index.php;
                  include fcgi.conf;     
             }

      location ~ ^/cgi-bin/.*\.pl$ {
    auth_basic “Restricted”;
    auth_basic_user_file htpasswd;
    gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped
    include awstats.conf;
      }

             location ^~ /nginx {
                  stub_status on;
                  access_log   off;
    auth_basic “NginxStatus”;
    auth_basic_user_file htpasswd;
             }

             location ~ ^/memcached {
                  access_log   off;
    auth_basic “NginxStatus”;
    auth_basic_user_file htpasswd;
             }

[/code]

结果：测试下来非定义的ip还是可以访问。

再修改下正则
[code]
location ^~ / {
    allow   127.0.0.1;
    allow   222.222.222.222;#服务器ip
    allow   111.111.111.111;#自已电脑的ip
    deny    all;
}

[/code]

结果：非定义的是ip不可以访问了，但php变明文显示，perl是404。

   satisfy_any on;

http://www.freebsdchina.org/forum/viewtopic.php?t=42141

使用多级目录将保护目录放在根中
[code]
location / {
    ＃allow   127.0.0.1;
    ＃allow   222.222.222.222;#服务器ip
    allow   111.111.111.111;#自已电脑的ip
    deny    all;

             location ~ .*\.php?$
             {
                  #fastcgi_pass  unix:/tmp/php-cgi.sock;
                  fastcgi_pass  127.0.0.1:9000;
                  fastcgi_index index.php;
                  include fcgi.conf;     
             }

      location ~ ^/cgi-bin/.*\.pl$ {
    auth_basic “Restricted”;
    auth_basic_user_file htpasswd;
    gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped
    include awstats.conf;
      }

             location ^~ /nginx {
                  stub_status on;
                  access_log   off;
    auth_basic “NginxStatus”;
    auth_basic_user_file htpasswd;
             }

             location ~ ^/memcached {
                  access_log   off;
    auth_basic “NginxStatus”;
    auth_basic_user_file htpasswd;
             }
}

[/code]

结果：有效

整个域名需禁止访问可以写在server中

server {

listion 80;
server_name admin.c1gstudio.com;
root /opt/htdocs/www;

allow   111.111.111.111;#自已电脑的ip
deny    all;
auth_basic “Nginx_Panel”;
auth_basic_user_file htpasswd;

location ~ .*\.php?$
{
….
}

 location ^~ /phpmyadmin {
  satisfy any;
       access_log   off;
       location ~ .*\.php?$
       {
     #fastcgi_pass  unix:/tmp/php-cgi.sock;
     fastcgi_pass  127.0.0.1:9000;
     fastcgi_index index.php;
     include fcgi.conf;     
       }
}
location ^~ /memcached {
  satisfy any;
       access_log   off;
       location ~ .*\.php?$
       {
     #fastcgi_pass  unix:/tmp/php-cgi.sock;
     fastcgi_pass  127.0.0.1:9000;
     fastcgi_index index.php;
     include fcgi.conf;     
       }
}

}

参考：http://marc.info/?l=nginx&m=120127282911304&w=2