系统环境 CentOs 5.2 Linux bora 2.6.18-128.el5 #1 SMP Wed Jan 21 10:41:14 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

一、升级开源组件 1.利用CentOS Linux系统自带的yum命令安装、升级所需的程序库

sudo -s LANG=C yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers

2.下载相关软件 A.创建一个下载列表

vi lemp0.7.6_down_list.txt http://sysoev.ru/nginx/nginx-0.7.61.tar.gz http://www.php.net/get/php-5.2.10.tar.gz/from/this/mirror http://php-fpm.org/downloads/php-5.2.10-fpm-0.5.13.diff.gz http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.37.tar.gz/from/http://mysql.he.net/ http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.tar.gz “http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0” “http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0” http://pecl.php.net/get/memcache-2.2.5.tgz “http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0” ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.9.tar.gz http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2 http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz http://blog.s135.com/soft/linux/nginx_php/imagick/ImageMagick.tar.gz http://pecl.php.net/get/imagick-2.2.2.tgz

B.下载

wget -i lemp0.7.6_down_list.txt

3.安装iconv

tar zxvf libiconv-1.13.tar.gz cd libiconv-1.13/ ./configure –prefix=/usr/local make make install cd ../

4.安装libmcrypt

tar zxvf libmcrypt-2.5.8.tar.gz cd libmcrypt-2.5.8/ ./configure make make install /sbin/ldconfig cd libltdl/ ./configure –enable-ltdl-install make make install cd ../../

5.安装mhash

tar zxvf mhash-0.9.9.9.tar.gz cd mhash-0.9.9.9/ ./configure make make install cd ../ ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

6.安装mcrypt

tar zxvf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8/ /sbin/ldconfig ./configure make make install cd ../

错误

checking for libmcrypt – version >= 2.5.0… *** ‘libmcrypt-config –version’ returned 2.4.0, but LIBMCRYPT (2.5.8) *** was found! If libmcrypt-config was correct, then it is best *** to remove the old version of LIBMCRYPT. You may also be able to fix the error *** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing *** /etc/ld.so.conf. Make sure you have run ldconfig if that is *** required on your system. *** If libmcrypt-config was wrong, set the environment variable LIBMCRYPT_CONFIG *** to point to the correct copy of libmcrypt-config, and remove the file config.cache *** before re-running configure configure: error: *** libmcrypt was not found

解决方法

ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config

二、安装mysql 1.添加用户及用户组

/usr/sbin/groupadd mysql /usr/sbin/useradd -g mysql mysql -d /dev/null -s /sbin/nologin

2.编译mysql

tar zxvf mysql-5.1.37.tar.gz cd mysql-5.1.37/ CFLAGS=”-O3″ CXX=gcc CXXFLAGS=”-O3 -felide-constructors -fno-exceptions -fno-rtti” ./configure –prefix=/opt/mysql –localstatedir=/opt/mysql/var –sysconfdir=/opt/mysql –with-unix-socket-path=/opt/mysql/mysql.sock –with-charset=gbk –with-collation=gbk_chinese_ci –with-extra-charsets=gbk,gb2312,utf8 –with-client-ldflags=-all-static –with-mysqld-ldflags=-all-static –enable-assembler –without-debug –with-big-tables –with-readline –with-ssl –with-pthread –enable-thread-safe-client –with-embedded-server –enable-local-infile –with-plugins=innobase make make install

3.copy配置文件

#512M内存和web共用 cp support-files/my-medium.cnf /opt/mysql/my.cnf #2G内存和web共用 #cp support-files/my-large.cnf /opt/mysql/my.cnf #删除默认的my.cnf rm /etc/my.cnf

4.初始数据库

/opt/mysql/bin/mysql_install_db –defaults-file=/opt/mysql/my.cnf –basedir=/opt/mysql –datadir=/opt/mysql/var –user=mysql –pid-file=/opt/mysql/var/mysql.pid –skip-locking –socket=/opt/mysql/mysql.sock

5.设置文件夹属主

chmod +w /opt/mysql chown -R mysql:mysql /opt/mysql cd .. chgrp website /opt/mysql/my.cnf chmod 0664 /opt/mysql/my.cnf

6.启动文件及自动启动

cp support-files/mysql.server /opt/mysql/bin/ chmod 755 /opt/mysql/bin/mysql.server #A.自动启动 cp support-files/mysql.server /etc/init.d/mysql chmod 755 /etc/init.d/mysql chkconfig –add mysql #某些linux上 #chkconfig –level 345 mysql on #开启服务 /etc/init.d/mysql start #关闭服务 #/etc/init.d/mysql stop #B.脚本启动 #我这里使用lemp脚本启动。 #lemp脚本见下方

7.修改mysql root密码

#123456为密码 /opt/mysql/bin/mysqladmin -uroot password 123456 #测试密码 /opt/mysql/bin/mysql -uroot -p Enter password:

8.编辑my.cnf

vi /opt/mysql/my.cnf

关闭log_bin 将log-bin=mysql-bin注释掉，需要热备份或主从服务器的可以保留，开启后会占很多空间 开启innodb 将innodb开头的注释去掉，除了innodb_log_arch_dir参数，开启它将无法启动msyql 修改完成后重启mysql服务

三、安装php 1.编译php

tar zxvf php-5.2.10.tar.gz gzip -cd php-5.2.10-fpm-0.5.11.diff.gz | patch -d php-5.2.10 -p1 cd php-5.2.10/ ./configure –prefix=/opt/php –with-config-file-path=/opt/php/etc –with-mysql=/opt/mysql –with-mysqli=/opt/mysql/bin/mysql_config –with-iconv-dir=/usr/local –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –disable-rpath –enable-discard-path –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –enable-xml –enable-zend-multibyte –disable-debug –disable-ipv6 –without-pear make ZEND_EXTRA_LIBS=’-liconv’ make install cp php.ini-dist /opt/php/etc/php.ini

这个版本的php有个bug,带上pear时会出错

Fatal error: Error: cannot open phar “/home/andychu/lemp/php-5.2.10/pear/install-pear-nozlib.phar” in /home/andychu/lemp/php-5.2.10/pear/install-pear-nozlib.phar on line 795

2.手动安装pear

cd /opt/php/ curl http://pear.php.net/go-pear | /opt/php/bin/php

3.安装memcache

tar zxvf memcache-2.2.5.tgz cd memcache-2.2.5/ /opt/php/bin/phpize ./configure –with-php-config=/opt/php/bin/php-config make make install cd ..

4.安装eaccelerator

tar jxvf eaccelerator-0.9.5.3.tar.bz2 cd eaccelerator-0.9.5.3/ /opt/php/bin/phpize ./configure –enable-eaccelerator=shared –with-php-config=/opt/php/bin/php-config make make install cd ..

5.安装PDO_MYSQL

tar zxvf PDO_MYSQL-1.0.2.tgz cd PDO_MYSQL-1.0.2/ /opt/php/bin/phpize ./configure –with-php-config=/opt/php/bin/php-config –with-pdo-mysql=/opt/mysql make make install cd ../

6.安装ImageMagick

tar zxvf ImageMagick.tar.gz cd ImageMagick-6.5.1-2/ ./configure make make install cd ../

7.安装imagick

tar zxvf imagick-2.2.2.tgz cd imagick-2.2.2/ /opt/php/bin/phpize ./configure –with-php-config=/opt/php/bin/php-config make make install cd ../

8.编辑php.ini

mkdir -p /opt/php/eaccelerator_cache vi /opt/php/etc/php.ini

　　手工修改：查找/opt/php/etc/php.ini中的extension_dir = “./” 　　修改为extension_dir = “/opt/php/lib/php/extensions/no-debug-non-zts-20060613/” 　　并在此行后增加以下几行，然后保存： 　　extension = “memcache.so” 　　extension = “pdo_mysql.so” 　　extension = “imagick.so”

　　再查找output_buffering = Off 　　修改为output_buffering = On

9.配置eAccelerator加速PHP 按shift+g键跳到配置文件的最末尾，加上以下配置信息：

[eaccelerator] zend_extension=”/opt/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so” eaccelerator.shm_size=”64″ eaccelerator.cache_dir=”/opt/php/eaccelerator_cache” eaccelerator.enable=”1″ eaccelerator.optimizer=”1″ eaccelerator.check_mtime=”1″ eaccelerator.debug=”0″ eaccelerator.filter=”” eaccelerator.shm_max=”0″ eaccelerator.shm_ttl=”3600″ eaccelerator.shm_prune_period=”3600″ eaccelerator.shm_only=”0″ eaccelerator.compress=”1″ eaccelerator.compress_level=”9″

10.创建web用户

/usr/sbin/groupadd website /usr/sbin/groupadd www -g 48 /usr/sbin/useradd -g website www -d /dev/null -s /sbin/nologin mkdir -p /opt/htdocs/www/nginx chmod -R 0775 /opt/htdocs/ chown -R www:website /opt/htdocs/

11.创建php-fpm配置文件 （php-fpm是为PHP打的一个FastCGI管理补丁，可以平滑变更php.ini配置而无需重启php-cgi）： 在/opt/php/etc/目录中创建php-fpm.conf文件：

rm -f /opt/php/etc/php-fpm.conf vi /opt/php/etc/php-fpm.conf

和原始配置文件的差别

用户组->www max_children=64 MaxApareServers=250 rlimit_files=51200 max_requests=51200 去掉注释

12.优化文件句柄并开启php

ulimit -SHn 51200 /opt/php/sbin/php-fpm start

#/opt/php/sbin/php-fpm还有其他参数，包括：start|stop|quit|restart|reload|logrotate，修改php.ini后不重启php-cgi，重新加载配置文件使用reload。

四、安装nginx 1.pcre

tar zxvf pcre-7.9.tar.gz cd pcre-7.9/ ./configure –enable-utf8 –enable-unicode-properties make && make install cd ../

2.nginx

tar zxvf nginx-0.7.61.tar.gz cd nginx-0.7.61/

A关闭debug模式来减少nginx大小 http://bianbian.org/technology/271.html

du /opt/nginx/sbin/nginx #未做优化时的大小 1712 /opt/nginx/sbin/nginx #优化后的大小 404 /opt/nginx/sbin/nginx vi auto/cc/gcc # 最后几行sheft+g #注释这行 #CFLAGS=”$CFLAGS -g”

B伪装header

vi src/core/nginx.h #define NGINX_VERSION “1.0” #define NGINX_VER “C1GWS/” NGINX_VERSION

C编译

./configure –user=www –group=website –prefix=/opt/nginx –with-http_stub_status_module –with-http_ssl_module make make install cd ../

3.修改权限

chown -R www:website /opt/nginx/logs/ chmod -R 0775 /opt/nginx/logs/ chown -R www:website /opt/nginx/conf/ chmod -R 0775 /opt/nginx/conf/

4.创建Nginx配置文件

rm -f /opt/nginx/conf/nginx.conf vi /opt/nginx/conf/nginx.conf

示例为discuz7的配置

user www website; worker_processes 8; error_log /var/log/nginx/nginx_error.log crit; pid /dev/shm/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; } http { include mime.types; default_type application/octet-stream; log_format access ‘$remote_addr – $remote_user [$time_local] “$request” ‘ ‘$status $body_bytes_sent “$http_referer” ‘ ‘”$http_user_agent” $http_x_forwarded_for’; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_body_timeout 60; client_max_body_size 8m; #linux 2.4+ sendfile on; tcp_nopush on; tcp_nodelay on; server_name_in_redirect off; keepalive_timeout 60; fastcgi_intercept_errors on; fastcgi_hide_header X-Powered-By; fastcgi_connect_timeout 180; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 128K; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; fastcgi_temp_path /dev/shm; gzip on; gzip_min_length 1k; gzip_comp_level 5; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_types text/plain application/x-javascript text/css application/xml; limit_zone one $binary_remote_addr 10m; server { listen 80; server_name bbs.c1gstudio.com; index index.html index.htm index.php; root /opt/htdocs/www; error_page 404 403 /404.html; location ~/\.ht { deny all; } location ~ /bbs/attachment\.php?$ { include fcgi.conf; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; limit_conn one 1; limit_rate 30k; } location ~ .*\.php?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } rewrite ^(.*)/archiver/((fid|tid)-[\w\-]+\.html)$ $1/archiver/index.php?$2 last; rewrite ^(.*)/forum-([0-9]+)-([0-9]+)\.html$ $1/forumdisplay.php?fid=$2&page=$3 last; rewrite ^(.*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/viewthread.php?tid=$2&extra=page\%3D$4&page=$3 last; rewrite ^(.*)/profile-(username|uid)-(.+)\.html$ $1/viewpro.php?$2=$3 last; rewrite ^(.*)/space-(username|uid)-(.+)\.html$ $1/space.php?$2=$3 last; location ~(favicon.ico) { log_not_found off; expires 99d; break; } location ~(robots.txt) { log_not_found off; expires 7d; break; } location ~* ^.+\.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ { valid_referers none blocked *.c1gstudio.com; if ($invalid_referer) { rewrite ^/ http://leech.c1gstudio.com/leech_bbs.gif; return 412; } access_log off; root /opt/htdocs/www; expires 7d; break; } access_log /var/log/nginx/bbs.c1gstudio.com.log access; } }

5.在/opt/nginx/conf/目录中创建fcgi.conf文件

vi /opt/nginx/conf/fcgi.conf fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with –enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;

6.nginx的日志滚动

mkdir 0775 /opt/shell chgrp website /opt/shell vi /opt/shell/nginx_log.sh #!/bin/sh log_dir=/var/log/nginx/logs yesterday=`date +%Y%m%d` lastday=`date +%Y%m%d -d ‘-1 month’` /bin/rm ${log_dir}/access.${lastday}.log /bin/rm ${log_dir}/nginx_error.${lastday}.log /bin/mv ${log_dir}/access.log ${log_dir}/access.${yesterday}.log /bin/mv ${log_dir}/nginx_error.log ${log_dir}/nginx_error.${yesterday}.log kill -USR1 `cat /opt/nginx/nginx.pid` /bin/gzip ${log_dir}/access.${yesterday}.log & /bin/gzip ${log_dir}/nginx_error.${yesterday}.log &

7.在crontab里每日23:59时

59 23 * * * /bin/sh /opt/shell/nginx_log.sh > /dev/null 2>&1

8.启动nginx和php

/opt/php/sbin/php-fpm start /opt/php/nginx/sbin/nginx

五、优化Linux参数 1.优化Linux内核参数

vi /etc/sysctl.conf # Add net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 #net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 1024 65535

2.优化文件句柄

vi /etc/security/limits.conf

文件尾部增加

* soft nofile 51200 * hard nofile 51200

设置为星号代表全局 这个当中的硬限制是实际的限制，而软限制，是warnning限制，只会做出warning。

重启软件 退出控制台后就生效

使配置立即生效：

/sbin/sysctl -p

六、自动启动nginx+php+mysql

vi /etc/rc.local

在末尾添加

ulimit -SHn 51200 /opt/lemp start

点此下载lemp 脚本

参考: nginx+php(FCGI)+xcache+mysql on as4 https://blog.c1gstudio.com/archives/152

Nginx 0.7.x + PHP 5.2.10（FastCGI）搭建胜过Apache十倍的Web服务器 http://blog.s135.com/nginx_php_v5

=================== 2009/11/2 更新 内核增加参数 net.ipv4.ip_conntrack_max = 262144 #8G内存64位配制 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 36000 参考: http://www.wallfire.org/misc/netfilter_conntrack_perf.txt

=================== 2010-3-24更新

安装Zend Optimizer discuz中电子商备功能加密了代码需用此模块 安装Zend Optimizer最为简单，到Zend官方网站下载相应CPU的版本 http://www.zend.com/en/products/guard/downloads 文件夹下有个data目录，然后根据自己的php的版本选择合适的ZendOptimizer.so 然后把这个so加载到php.ini中。

tar zxvf ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz cd ZendOptimizer-3.3.9-linux-glibc23-x86_64 cp data/5_2_x_comp/ZendOptimizer.so /opt/php/lib/php/extensions/no-debug-non-zts-20060613/

编辑配置文件php.ini加入

extension_dir = “/opt/php/lib/php/extensions/no-debug-non-zts-20060613/” extension = “ZendOptimizer.so” /opt/php-5.2.10/sbin/php-fpm: line 40: 28411 Segmentation fault $php_fpm_BIN –fpm $php_opts

tail /var/log/messages

Mar 25 10:12:50 c1g kernel: php-cgi[30784]: segfault at 00002b9ea63cdc60 rip 00002b9ea63cdc60 rsp 00007fff08c47cd0 error 14

注意如果同时使用eaccelerator,不要使用上面的方式，需将zend optimize放在eaccelerator的下面,让eaccelerator先启动 否则phpfpm的reload会失败，启动时也会报错.

[eaccelerator] zend_extension=”/opt/php-5.2.10/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so” eaccelerator.shm_size=”64″ eaccelerator.cache_dir=”/opt/php-5.2.10/eaccelerator_cache” eaccelerator.enable=”1″ eaccelerator.optimizer=”1″ eaccelerator.check_mtime=”1″ eaccelerator.debug=”0″ eaccelerator.filter=”” eaccelerator.shm_max=”0″ eaccelerator.shm_ttl=”3600″ eaccelerator.shm_prune_period=”3600″ eaccelerator.shm_only=”0″ eaccelerator.compress=”1″ eaccelerator.compress_level=”9″ [Zend] zend_extension=”/opt/php-5.2.10/lib/php/extensions/no-debug-non-zts-20060613/ZendOptimizer.so” zend_optimizer.enable_loader = 1 zend_optimizer.optimization_level=15 zend_optimizer.disable_licensing=0

/opt/php-5.2.10/bin/php -v

Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

重启php后在phpinfo中可以看到 with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

参考 http://genko.580sw.com/index.php/2010/01/06/linux%e4%b8%8bzend%e4%b8%8e-eaccelerator%e5%85%b1%e5%ad%98/