系统环境
CentOs 5.2
Linux bora 2.6.18-128.el5 #1 SMP Wed Jan 21 10:41:14 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

一、升级开源组件
1.利用CentOS Linux系统自带的yum命令安装、升级所需的程序库

sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers

2.下载相关软件
A.创建一个下载列表

vi lemp0.7.6_down_list.txt


http://sysoev.ru/nginx/nginx-0.7.61.tar.gz
http://www.php.net/get/php-5.2.10.tar.gz/from/this/mirror
http://php-fpm.org/downloads/php-5.2.10-fpm-0.5.13.diff.gz
http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.37.tar.gz/from/http://mysql.he.net/
http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.tar.gz
“http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0”
“http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0”
http://pecl.php.net/get/memcache-2.2.5.tgz
“http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0”
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.9.tar.gz
http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
http://blog.s135.com/soft/linux/nginx_php/imagick/ImageMagick.tar.gz
http://pecl.php.net/get/imagick-2.2.2.tgz

B.下载

wget -i lemp0.7.6_down_list.txt

3.安装iconv

tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13/
./configure –prefix=/usr/local
make
make install
cd ../

4.安装libmcrypt

tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure –enable-ltdl-install
make
make install
cd ../../

5.安装mhash

tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

6.安装mcrypt

tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../

错误

checking for libmcrypt – version >= 2.5.0…
*** ‘libmcrypt-config –version’ returned 2.4.0, but LIBMCRYPT (2.5.8)
*** was found! If libmcrypt-config was correct, then it is best
*** to remove the old version of LIBMCRYPT. You may also be able to fix the error
*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing
*** /etc/ld.so.conf. Make sure you have run ldconfig if that is
*** required on your system.
*** If libmcrypt-config was wrong, set the environment variable LIBMCRYPT_CONFIG
*** to point to the correct copy of libmcrypt-config, and remove the file config.cache
*** before re-running configure
configure: error: *** libmcrypt was not found

解决方法

ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config

二、安装mysql
1.添加用户及用户组

/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql -d /dev/null -s /sbin/nologin

2.编译mysql

tar zxvf mysql-5.1.37.tar.gz
cd mysql-5.1.37/

CFLAGS=”-O3″ CXX=gcc CXXFLAGS=”-O3 -felide-constructors -fno-exceptions -fno-rtti” ./configure –prefix=/opt/mysql –localstatedir=/opt/mysql/var –sysconfdir=/opt/mysql –with-unix-socket-path=/opt/mysql/mysql.sock –with-charset=gbk –with-collation=gbk_chinese_ci –with-extra-charsets=gbk,gb2312,utf8 –with-client-ldflags=-all-static –with-mysqld-ldflags=-all-static –enable-assembler –without-debug –with-big-tables –with-readline –with-ssl –with-pthread –enable-thread-safe-client –with-embedded-server –enable-local-infile –with-plugins=innobase
make
make install

3.copy配置文件

#512M内存和web共用
cp support-files/my-medium.cnf /opt/mysql/my.cnf
#2G内存和web共用
#cp support-files/my-large.cnf /opt/mysql/my.cnf
#删除默认的my.cnf
rm /etc/my.cnf

4.初始数据库

/opt/mysql/bin/mysql_install_db –defaults-file=/opt/mysql/my.cnf –basedir=/opt/mysql –datadir=/opt/mysql/var –user=mysql –pid-file=/opt/mysql/var/mysql.pid –skip-locking –socket=/opt/mysql/mysql.sock

5.设置文件夹属主

chmod +w /opt/mysql
chown -R mysql:mysql /opt/mysql

cd ..
chgrp website /opt/mysql/my.cnf
chmod 0664 /opt/mysql/my.cnf

6.启动文件及自动启动

cp support-files/mysql.server /opt/mysql/bin/
chmod 755 /opt/mysql/bin/mysql.server

#A.自动启动
cp support-files/mysql.server /etc/init.d/mysql
chmod 755 /etc/init.d/mysql
chkconfig –add mysql
#某些linux上
#chkconfig –level 345 mysql on
#开启服务
/etc/init.d/mysql start
#关闭服务
#/etc/init.d/mysql stop

#B.脚本启动
#我这里使用lemp脚本启动。
#lemp脚本见下方

7.修改mysql root密码

#123456为密码
/opt/mysql/bin/mysqladmin -uroot password 123456
#测试密码
/opt/mysql/bin/mysql -uroot -p
Enter password:

8.编辑my.cnf

vi /opt/mysql/my.cnf

关闭log_bin
将log-bin=mysql-bin注释掉，需要热备份或主从服务器的可以保留，开启后会占很多空间
开启innodb
将innodb开头的注释去掉，除了innodb_log_arch_dir参数，开启它将无法启动msyql
修改完成后重启mysql服务

三、安装php
1.编译php

tar zxvf php-5.2.10.tar.gz
gzip -cd php-5.2.10-fpm-0.5.11.diff.gz | patch -d php-5.2.10 -p1
cd php-5.2.10/
./configure –prefix=/opt/php –with-config-file-path=/opt/php/etc –with-mysql=/opt/mysql –with-mysqli=/opt/mysql/bin/mysql_config –with-iconv-dir=/usr/local –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –disable-rpath –enable-discard-path –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –enable-xml –enable-zend-multibyte –disable-debug –disable-ipv6 –without-pear
make ZEND_EXTRA_LIBS=’-liconv’
make install
cp php.ini-dist /opt/php/etc/php.ini

这个版本的php有个bug,带上pear时会出错

Fatal error: Error: cannot open phar “/home/andychu/lemp/php-5.2.10/pear/install-pear-nozlib.phar” in /home/andychu/lemp/php-5.2.10/pear/install-pear-nozlib.phar on line 795

2.手动安装pear

cd /opt/php/
curl http://pear.php.net/go-pear | /opt/php/bin/php

3.安装memcache

tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/opt/php/bin/phpize
./configure –with-php-config=/opt/php/bin/php-config
make
make install
cd ..

4.安装eaccelerator

tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3/
/opt/php/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=/opt/php/bin/php-config
make
make install
cd ..

5.安装PDO_MYSQL

tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/opt/php/bin/phpize
./configure –with-php-config=/opt/php/bin/php-config –with-pdo-mysql=/opt/mysql
make
make install
cd ../

6.安装ImageMagick

tar zxvf ImageMagick.tar.gz
cd ImageMagick-6.5.1-2/
./configure
make
make install
cd ../

7.安装imagick

tar zxvf imagick-2.2.2.tgz
cd imagick-2.2.2/
/opt/php/bin/phpize
./configure –with-php-config=/opt/php/bin/php-config
make
make install
cd ../

8.编辑php.ini

mkdir -p /opt/php/eaccelerator_cache
vi /opt/php/etc/php.ini

　　手工修改：查找/opt/php/etc/php.ini中的extension_dir = “./”
　　修改为extension_dir = “/opt/php/lib/php/extensions/no-debug-non-zts-20060613/”
　　并在此行后增加以下几行，然后保存：
　　extension = “memcache.so”
　　extension = “pdo_mysql.so”
　　extension = “imagick.so”

　　再查找output_buffering = Off
　　修改为output_buffering = On

9.配置eAccelerator加速PHP
按shift+g键跳到配置文件的最末尾，加上以下配置信息：

[eaccelerator]
zend_extension=”/opt/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”64″
eaccelerator.cache_dir=”/opt/php/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”3600″
eaccelerator.shm_prune_period=”3600″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″

10.创建web用户

/usr/sbin/groupadd website
/usr/sbin/groupadd www -g 48
/usr/sbin/useradd -g website www -d /dev/null -s /sbin/nologin
mkdir -p /opt/htdocs/www/nginx
chmod -R 0775 /opt/htdocs/
chown -R www:website /opt/htdocs/

11.创建php-fpm配置文件
（php-fpm是为PHP打的一个FastCGI管理补丁，可以平滑变更php.ini配置而无需重启php-cgi）：
在/opt/php/etc/目录中创建php-fpm.conf文件：

rm -f /opt/php/etc/php-fpm.conf
vi /opt/php/etc/php-fpm.conf

和原始配置文件的差别

用户组->www
max_children=64
MaxApareServers=250
rlimit_files=51200
max_requests=51200
去掉注释

12.优化文件句柄并开启php

ulimit -SHn 51200
/opt/php/sbin/php-fpm start

#/opt/php/sbin/php-fpm还有其他参数，包括：start|stop|quit|restart|reload|logrotate，修改php.ini后不重启php-cgi，重新加载配置文件使用reload。

四、安装nginx
1.pcre

tar zxvf pcre-7.9.tar.gz
cd pcre-7.9/
./configure –enable-utf8 –enable-unicode-properties
make && make install
cd ../

2.nginx

tar zxvf nginx-0.7.61.tar.gz
cd nginx-0.7.61/

A关闭debug模式来减少nginx大小
http://bianbian.org/technology/271.html

du /opt/nginx/sbin/nginx
#未做优化时的大小
1712 /opt/nginx/sbin/nginx
#优化后的大小
404 /opt/nginx/sbin/nginx
vi auto/cc/gcc
# 最后几行sheft+g
#注释这行
#CFLAGS=”$CFLAGS -g”

B伪装header

vi src/core/nginx.h
#define NGINX_VERSION “1.0”
#define NGINX_VER “C1GWS/” NGINX_VERSION

C编译

./configure –user=www –group=website –prefix=/opt/nginx –with-http_stub_status_module –with-http_ssl_module
make
make install
cd ../

3.修改权限

chown -R www:website /opt/nginx/logs/
chmod -R 0775 /opt/nginx/logs/
chown -R www:website /opt/nginx/conf/
chmod -R 0775 /opt/nginx/conf/

4.创建Nginx配置文件

rm -f /opt/nginx/conf/nginx.conf
vi /opt/nginx/conf/nginx.conf

示例为discuz7的配置

user www website;

worker_processes 8;

error_log /var/log/nginx/nginx_error.log crit;

pid /dev/shm/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;

worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;

log_format access ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” $http_x_forwarded_for’;

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_body_timeout 60;
client_max_body_size 8m;

#linux 2.4+
sendfile on;
tcp_nopush on;
tcp_nodelay on;

server_name_in_redirect off;

keepalive_timeout 60;

fastcgi_intercept_errors on;
fastcgi_hide_header X-Powered-By;
fastcgi_connect_timeout 180;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128K;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_temp_path /dev/shm;

gzip on;
gzip_min_length 1k;
gzip_comp_level 5;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css application/xml;

limit_zone one $binary_remote_addr 10m;

server
{
listen 80;
server_name bbs.c1gstudio.com;
index index.html index.htm index.php;
root /opt/htdocs/www;
error_page 404 403 /404.html;

location ~/\.ht {
deny all;
}

location ~ /bbs/attachment\.php?$ {
include fcgi.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
limit_conn one 1;
limit_rate 30k;
}

location ~ .*\.php?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}

rewrite ^(.*)/archiver/((fid|tid)-[\w\-]+\.html)$ $1/archiver/index.php?$2 last;
rewrite ^(.*)/forum-([0-9]+)-([0-9]+)\.html$ $1/forumdisplay.php?fid=$2&page=$3 last;
rewrite ^(.*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/viewthread.php?tid=$2&extra=page\%3D$4&page=$3 last;
rewrite ^(.*)/profile-(username|uid)-(.+)\.html$ $1/viewpro.php?$2=$3 last;
rewrite ^(.*)/space-(username|uid)-(.+)\.html$ $1/space.php?$2=$3 last;

location ~(favicon.ico) {
log_not_found off;
expires 99d;
break;
}
location ~(robots.txt) {
log_not_found off;
expires 7d;
break;
}

location ~* ^.+\.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ {
valid_referers none blocked *.c1gstudio.com;
if ($invalid_referer) {
rewrite ^/ http://leech.c1gstudio.com/leech_bbs.gif;
return 412;
}
access_log off;
root /opt/htdocs/www;
expires 7d;
break;
}

access_log /var/log/nginx/bbs.c1gstudio.com.log access;
}

}

5.在/opt/nginx/conf/目录中创建fcgi.conf文件

vi /opt/nginx/conf/fcgi.conf


fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with –enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

6.nginx的日志滚动

mkdir 0775 /opt/shell
chgrp website /opt/shell
vi /opt/shell/nginx_log.sh


#!/bin/sh
log_dir=/var/log/nginx/logs
yesterday=`date +%Y%m%d`
lastday=`date +%Y%m%d -d ‘-1 month’`
/bin/rm ${log_dir}/access.${lastday}.log
/bin/rm ${log_dir}/nginx_error.${lastday}.log
/bin/mv ${log_dir}/access.log ${log_dir}/access.${yesterday}.log
/bin/mv ${log_dir}/nginx_error.log ${log_dir}/nginx_error.${yesterday}.log
kill -USR1 `cat /opt/nginx/nginx.pid`
/bin/gzip ${log_dir}/access.${yesterday}.log &
/bin/gzip ${log_dir}/nginx_error.${yesterday}.log &

7.在crontab里每日23:59时

59 23 * * * /bin/sh /opt/shell/nginx_log.sh > /dev/null 2>&1

8.启动nginx和php

/opt/php/sbin/php-fpm start
/opt/php/nginx/sbin/nginx

五、优化Linux参数
1.优化Linux内核参数

vi /etc/sysctl.conf


# Add
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535

2.优化文件句柄

vi /etc/security/limits.conf

文件尾部增加

* soft nofile 51200
* hard nofile 51200

设置为星号代表全局
这个当中的硬限制是实际的限制，而软限制，是warnning限制，只会做出warning。

重启软件
退出控制台后就生效

使配置立即生效：

/sbin/sysctl -p

六、自动启动nginx+php+mysql

vi /etc/rc.local

在末尾添加

ulimit -SHn 51200
/opt/lemp start

点此下载lemp 脚本

参考:
nginx+php(FCGI)+xcache+mysql on as4
http://blog.c1gstudio.com/archives/152

Nginx 0.7.x + PHP 5.2.10（FastCGI）搭建胜过Apache十倍的Web服务器
http://blog.s135.com/nginx_php_v5

===================
2009/11/2 更新
内核增加参数
net.ipv4.ip_conntrack_max = 262144 #8G内存64位配制
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 36000
参考:
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt

===================
2010-3-24更新
安装Zend Optimizer
discuz中电子商备功能加密了代码需用此模块
安装Zend Optimizer最为简单，到Zend官方网站下载相应CPU的版本
http://www.zend.com/en/products/guard/downloads
文件夹下有个data目录，然后根据自己的php的版本选择合适的ZendOptimizer.so
然后把这个so加载到php.ini中。

tar zxvf ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz
cd ZendOptimizer-3.3.9-linux-glibc23-x86_64
cp data/5_2_x_comp/ZendOptimizer.so /opt/php/lib/php/extensions/no-debug-non-zts-20060613/

编辑配置文件php.ini加入

extension_dir = “/opt/php/lib/php/extensions/no-debug-non-zts-20060613/”
extension = “ZendOptimizer.so”

/opt/php-5.2.10/sbin/php-fpm: line 40: 28411 Segmentation fault $php_fpm_BIN –fpm $php_opts

tail /var/log/messages

Mar 25 10:12:50 c1g kernel: php-cgi[30784]: segfault at 00002b9ea63cdc60 rip 00002b9ea63cdc60 rsp 00007fff08c47cd0 error 14

注意如果同时使用eaccelerator,不要使用上面的方式，需将zend optimize放在eaccelerator的下面,让eaccelerator先启动
否则phpfpm的reload会失败，启动时也会报错.

[eaccelerator]
zend_extension=”/opt/php-5.2.10/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”64″
eaccelerator.cache_dir=”/opt/php-5.2.10/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”3600″
eaccelerator.shm_prune_period=”3600″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″

[Zend]
zend_extension=”/opt/php-5.2.10/lib/php/extensions/no-debug-non-zts-20060613/ZendOptimizer.so”
zend_optimizer.enable_loader = 1
zend_optimizer.optimization_level=15
zend_optimizer.disable_licensing=0

/opt/php-5.2.10/bin/php -v

Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

重启php后在phpinfo中可以看到
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

参考
http://genko.580sw.com/index.php/2010/01/06/linux%e4%b8%8bzend%e4%b8%8e-eaccelerator%e5%85%b1%e5%ad%98/