基于CentOS构建高性能的LAMP平台.
基于CentOS构建高性能的LAMP平台.大纲:
一、系统安装
二、编译安装基本环境
三、配置虚拟主机及基本性能调优
四、基本安全设置
五、附录及相关介绍
一、系统安装
1. 分区
/boot 100M左右
SWAP物理内存的2倍(如果你的物理内存大于4G以上,分配4G即可)
/ 15G
/usr/local 20G (用于安装软件)
/data 剩余所有空间
2. 系统初始化脚本(根据具体需求关闭不需要的服务)#vi init.sh
•-------------------cut begin-------------------------------------------
•#welcome
•cat << EOF
•+--------------------------------------------------------------+
•| === Welcome to Centos System init === |
•+--------------http://www.linuxtone.org------------------------+
•+----------------------Author:NetSeek--------------------------+
•EOF
•
•#disable ipv6
•cat << EOF
•+--------------------------------------------------------------+
•| === Welcome to Disable IPV6 === |
•+--------------------------------------------------------------+
•EOF
•echo "alias net-pf-10 off" >> /etc/modprobe.conf
•echo "alias ipv6 off" >> /etc/modprobe.conf
•/sbin/chkconfig --level 35 ip6tables off
•echo "ipv6 is disabled!"
•
•#disable selinux
•sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
•echo "selinux is disabled,you must reboot!"
•
•#vim
•sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
•echo 'syntax on' > /root/.vimrc
•
•#zh_cn
•sed -i -e 's/^LANG=.*/LANG="zh_CN.GB18030"/' /etc/sysconfig/i18n
•
•#tunoff services
•#--------------------------------------------------------------------------------
•cat << EOF
•+--------------------------------------------------------------+
•| === Welcome to Tunoff services === |
•+--------------------------------------------------------------+
•EOF
•#---------------------------------------------------------------------------------
•for i in `ls /etc/rc3.d/S*`
•do
• CURSRV=`echo $i|cut -c 15-`
•
•echo $CURSRV
•case $CURSRV in
• crond | irqbalance | microcode_ctl | network | random | sendmail | sshd | syslog | local | mysqld )
• echo "Base services, Skip!"
• ;;
• *)
• echo "change $CURSRV to off"
• chkconfig --level 235 $CURSRV off
• service $CURSRV stop
• ;;
•esac
•done•-------------------cut end-------------------------------------------
•#sh init.sh (执行上面保存的脚本,仍后重启)
复制代码二、编译安装基本环境
1. 安装准备
1) 系统约定
软件源代码包存放位置 /usr/local/src
源码包编译安装位置(prefix) /usr/local/software_name
脚本以及维护程序存放位置 /usr/local/sbin
MySQL 数据库位置 /data/mysql/data(可按情况设置)
Apache 网站根目录 /data/www/wwwroot(可按情况设置)
Apache 虚拟主机日志根目录 /data/www/logs(可按情况设置)
Apache 运行账户 www:www(useradd -d /data/www/;chown www.www /data/www/wwwroot)
2) 系统环境部署及调整
检查系统是否正常
# tail -n100 /var/log/messages (检查有无系统级错误信息)
# dmesg (检查硬件设备是否有错误信息)
# ifconfig(检查网卡设置是否正确)
# ping www.linuxtone.org (检查网络是否正常)
3) 使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称) #rpm --importhttp://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
#yum install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel \
ncurses-devel zlib-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel libXpm-devel \
gettext-develpam-devel kernel4) 定时校正服务器时钟,定时与中国国家授时中心授时服务器同步
# crontab -e
加入一行:15 3 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&12. 编译安装软件包
源码编译安装所需包(Source)
1) GD2 # cd /usr/local/src
# tar xvf gd-2.0.35.tar.gz
# cd gd-2.0.35
# ./configure --prefix=/usr/local/gd2
# make
# make install2) LibXML2 # cd /usr/local/src
# tar xvf libxml2-2.6.29.tar.bz2
# cd libxml2-2.6.29
# ./configure --prefix=/usr/local/libxml2
# make
# make install3) LibMcrypt # cd /usr/local/src
# tar xvf libmcrypt-2.5.8.tar.bz2
# cd libmcrypt-2.5.8
# ./configure --prefix=/usr/local/libmcrypt
# make
# make install4) Apache日志截断程序 # cd /usr/local/src
# tar xvf cronolog-1.6.2.tar.gz
# cd cronolog-1.6.2
# ./configure --prefix=/usr/local/cronolog
# make
# make install3. 升级OpenSSL和OpenSSH# cd /usr/local/src
# tar xvf openssl-0.9.8g.tar.gz
# cd openssl-0.9.8g
# ./config --prefix=/usr/local/openssl
# make
# make test
# make install
# cd ..
# tar xvf openssh-5.0p1.tar.gz
# cdopenssh-5.0p1
# ./configure\
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/openssl" \
"--with-md5-passwords"
# make
# make install1) 禁用 SSH V1 协议
找到#Protocol 2,1改为:Protocol 2
2) 禁用服务器端GSSAPI
找到以下两行,并将它们注释:GSSAPIAuthentication yes
GSSAPICleanupCredentials yes3) 禁用 DNS 名称解析
找到:#UseDNS yeas改为:UseDNS no
4)禁用客户端 GSSAPI
# vi /etc/ssh/ssh_config 找到:GSSAPIAuthentication yes 将这行注释掉。
最后,确认修改正确后重新启动 SSH 服务 # service sshd restart
# ssh -v确认 OpenSSH 以及 OpenSSL 版本正确。
以上SSH配置可利用以下脚本自动修改:
-------------------cut begin-------------------------------------------
•#init_ssh
•ssh_cf="/etc/ssh/sshd_config"
•sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf
•sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf
•#client
•sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' $ssh_cf
•echo "ssh is init is ok.............."
•-------------------cut end---------------------------------------------
复制代码
页:
[1]