- 论坛徽章:
- 0
|
系统环境:CentOS 5.2,最小化安装,未定制软件,禁用iptables,selinux
主要参考文章:
Nginx 0.7.x + PHP 5.2.8(FastCGI)搭建胜过Apache十倍的Web服务器(第4版)[原创] http://blog.s135.com/nginx_php_v4/
Cherokee Installation on Unix http://www.cherokee-project.com/doc/basics_installation_unix.html
cherokee下设置local与remote方式的php fastcgi http://ipbfans.org/2009/01/cherokee-php-fastcgi-local-remote
RedHat/CentOS下的cherokee的启动脚本 http://ipbfans.org/2009/01/redhat-centos-cherokee-init-script
一、下载所需软件
mkdir /root/download
cd /root/download
vi down.sh
添加以下内容
wget http://sysoev.ru/nginx/nginx-0.7.47.tar.gz
wget http://www.php.net/get/php-5.2.8.tar.gz/from/this/mirror
wget http://php-fpm.anight.org/downloads/head/php-5.2.8-fpm-0.5.10.diff.gz
wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.33.zip/from/http://mysql.mirror.redwire.net/
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.tar.gz
wget "http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0"
wget "http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0"
wget http://pecl.php.net/get/memcache-2.2.5.tgz
wget "http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0"
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz
wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
保存退出
sh down.sh
这样就可以下载了,不用每次复制粘贴过去进行下载
二、安装基本软件
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel
三、安装PHP 5.2.8(FastCGI模式)
1、编译安装PHP 5.2.8所需的支持库:
tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13/
./configure --prefix=/usr/local
make
make install
cd ../
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../
2、编译安装MySQL 5.1.33
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
unzip mysql-5.1.33.zip
cd mysql-5.1.33/
./configure --prefix=/usr/local/webserver/mysql/ --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=innobase
make && make install
chmod +w /usr/local/webserver/mysql
chown -R mysql:mysql /usr/local/webserver/mysql
cp support-files/my-medium.cnf /usr/local/webserver/mysql/my.cnf
cd ../
vi /usr/local/webserver/mysql/my.cnf,将其这个选项注解掉
#--skip-federated
①、以mysql用户帐号的身份建立数据表:
/usr/local/webserver/mysql/bin/mysql_install_db --basedir=/usr/local/webserver/mysql --datadir=/usr/local/webserver/mysql/data --user=mysql
②、启动MySQL(最后的&表示在后台运行)
/bin/sh /usr/local/webserver/mysql/bin/mysqld_safe --defaults-file=/usr/local/webserver/mysql/my.cnf &
设置MySQL开机自动运行
vi /etc/rc.local
添加以下内容
/usr/local/webserver/mysql/bin/mysqld_safe --defaults-file=/usr/local/webserver/mysql/my.cnf &
3、编译安装PHP(FastCGI模式)
tar zxvf php-5.2.8.tar.gz
gzip -cd php-5.2.8-fpm-0.5.10.diff.gz | patch -d php-5.2.8 -p1
cd php-5.2.8/
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /usr/local/webserver/php/etc/php.ini
cd ../
4、编译安装PHP5扩展模块
tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../
tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3/
/usr/local/webserver/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config --with-pdo-mysql=/usr/local/webserver/mysql
make
make install
cd ../
5、修改php.ini文件
手工修改:查找/usr/local/webserver/php/etc/php.ini中的extension_dir = "./"
修改为extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/"
并在此行后增加以下几行,然后保存:
extension = "memcache.so"
extension = "pdo_mysql.so"
再查找output_buffering = Off
修改为output_buffering = On
自动修改:若嫌手工修改麻烦,可执行以下shell命令,自动完成对php.ini文件的修改:
sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\n#' /usr/local/webserver/php/etc/php.ini
sed -i 's#output_buffering = Off#output_buffering = On#' /usr/local/webserver/php/etc/php.ini
6、配置eAccelerator加速PHP:
mkdir -p /usr/local/webserver/eaccelerator_cache
vi /usr/local/webserver/php/etc/php.ini
按shift+g键跳到配置文件的最末尾,加上以下配置信息:
[eaccelerator]
zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="128"
eaccelerator.cache_dir="/usr/local/webserver/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="300"
eaccelerator.shm_prune_period="120"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
vi /etc/sysctl.conf
修改kernel.shmmax为以下值
kernel.shmmax = 134217728
然后执行以下命令使配置生效:
/sbin/sysctl -p
7、创建www用户和组,以及/var/www:
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /var/www
chown -R www:www /data0/htdocs/blog
8、创建php-fpm配置文件(php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi):
在/usr/local/webserver/php/etc/目录中创建php-fpm.conf文件:
rm -f /usr/local/webserver/php/etc/php-fpm.conf
vi /usr/local/webserver/php/etc/php-fpm.conf
输入以下内容(如果您安装 Nginx + PHP 用于程序调试,请将以下的0改为1,
以便显示PHP错误信息,否则,Nginx 会报状态为500的空白错误页):
All relative paths in this config are relative to php's install prefix
Pid file
/usr/local/webserver/php/logs/php-fpm.pid
Error log file
/usr/local/webserver/php/logs/php-fpm.log
Log level
notice
When this amount of php processes exited with SIGSEGV or SIGBUS ...
10
... in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator's shared memory.
1m
Time limit on waiting child's reaction on signals from master
5s
Set to 'no' to debug fpm
yes
Name of pool. Used in logs and stats.
default
Address to accept fastcgi requests on.
Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'
127.0.0.1:9000
Set listen(2) backlog
-1
Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.
0666
Additional php.ini defines, specific to this pool of workers.
/usr/sbin/sendmail -t -i
1
Unix user of processes
www
Unix group of processes
www
Process manager settings
Sets style of controling worker process count.
Valid values are 'static' and 'apache-like'
static
Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
128
Settings group for 'apache-like' pm style
Sets the number of server processes created on startup.
Used only when 'apache-like' pm_style is selected
20
Sets the desired minimum number of idle server processes.
Used only when 'apache-like' pm_style is selected
5
Sets the desired maximum number of idle server processes.
Used only when 'apache-like' pm_style is selected
35
The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when 'max_execution_time' ini option does not stop script execution for some reason
'0s' means 'off'
0s
The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
'0s' means 'off'
0s
The log file for slow requests
logs/slow.log
Set open file desc rlimit
51200
Set max core size rlimit
0
Chroot to this directory at the start, absolute path
Chdir to this directory at the start, absolute path
Redirect workers' stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
yes
How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
500
Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
127.0.0.1
Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment
$HOSTNAME
/usr/local/bin:/usr/bin:/bin
/tmp
/tmp
/tmp
$OSTYPE
$MACHTYPE
2
9、启动php-cgi进程,监听127.0.0.1的9000端口,进程数为200(如果服务器内存小于3GB,可以只开启64个进程),用户为www:
ulimit -SHn 51200
/usr/local/webserver/php/sbin/php-fpm start
注:/usr/local/webserver/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,
修改php.ini后不重启php-cgi,重新加载配置文件使用reload。
10、安装ZendOptimizer
wget http://downloads.zend.com/optimizer/3.3.3/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
tar xzf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
cd ZendOptimizer-3.3.3-linux-glibc23-i386
./install
Please specify the location for installing /usr/local/Zend
The following configuration changes have been made: x
x x
x - The php.ini file has been relocated from /usr/local/webserver/php/etc to /usr/local/Zend/etc x
x x
x - A symbolic link for the php.ini file has been created in /usr/local/webserver/php/etc. x
x x
x - The original php.ini was backed up to x
x /usr/local/webserver/php/etc/php.ini-zend_optimizer.bak
ZendOptimize安装后,不用做任何就配置,只需重启php-fpm,就可以与eaccelerator很好地兼容
修改php.ini后
要执行此命令,使配置文件生效,不用重启Cherokee:
/usr/local/webserver/php/sbin/php-fpm restart
三、配置开机自动启动php-fpm
vi /etc/rc.local
在末尾增加以下内容:
ulimit -SHn 51200
/usr/local/webserver/php/sbin/php-fpm start
四、优化Linux内核参数
vi /etc/sysctl.conf
在末尾增加以下内容:
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
使配置立即生效:
/sbin/sysctl -p
五、安装Cherokee
cd /root/download
wget http://www.cherokee-project.com/download/0.99/0.99.9/cherokee-0.99.9.tar.gz
tar xzf cherokee-0.99.9.tar.gz
cd cherokee-0.99.9
./configure --localstatedir=/var --prefix=/usr --sysconfdir=/etc --with-wwwroot=/var/www
make
make install
添加Cherokee启动脚本
因为Cherokee默认提供的安装脚本只适用于debian或ubuntu系统,所以需要手动写,从网上拷贝来一个,稍作修改
vi /etc/init.d/cherokee
#!/bin/bash
#
# chkconfig: 2345 55 25
# description: Cherokee http server
#
. /etc/rc.d/init.d/functions
RETVAL=0
prog="cherokee"
worker="$prog"
#base_dir="/usr/local/cherokee"
conf_file=/etc/cherokee/cherokee.conf
bin_file=/usr/sbin/${worker}
pid_file=/var/run/cherokee.pid.worker
start() {
echo -n $"Starting $prog: "
daemon $bin_file -C $conf_file -d && success || failure
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/${prog}
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
if [ -r "$pid_file" ]; then
if [ -n `cat $pid_file` ]; then
killproc $bin_file -TERM
else
failure $"Stopping $prog"
fi
else
failure $"Stopping $prog"
fi
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -rf /var/lock/subsys/${prog} ${pid_file}
}
restart() {
stop
sleep 1
start
}
reload() {
echo -n $"Reloading configuration of $prog: "
killproc $bin_file -HUP
RETVAL=$?
echo
}
logrotate() {
echo -n $"Rotating logs of $prog: "
killproc $bin_file -USR2
RETVAL=$?
echo
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
logrotate)
logrotate
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|status|logrotate}"
exit 1
;;
esac
exit $RETVAL
保存退出
chkconfig --add cherokee
chkconfig --level 235 cherokee on
开启Cherokee的Web管理界面
chkrokee-admin -b &
这里会提供用户名和一次性的密码
整合Cherokee和PHP
打开http://localhost:9090/
用开启chkrokee-admin时生成的admin和密码登录进去后
点击左侧导航栏的“Information Sources”,在右侧“Known sources”下面列出了目前已知的信息源,点击默认的“php”,进入php设置:
Type: “Local Interpreter”(就是本地解释器),一般用在fastcgi的可执行程序与cherokee运行在同一台服务器的情况。
“Remote Host”(就是远程主机),一般用在fastcgi的看执行程序与cherokee不在同一服务器的情况,或者为了保持cherokee和fastcgi进程更好的独立性。
Nick: 这个“信息源”的名称,具体就随意了^^
Connection: “信息源”提供的连接方式,可以设置为“IP地址:端口”的方式(比如:127.0.0.1:9000),也可以设置为Unix的socket(比如/tmp/php.sock)。
Interpreter: “信息源”的解释器,也就是fastcgi的可执行文件以及其运行参数。这里我们将原有值改为:/usr/local/webserver/php/bin/php-cgi -b 9000。
此处的9000为上文php-fpm中定义的9000端口。
Spawn timeout: 超时设置(单位:秒,默认是3秒),用于cherokee与fastcgi进程通信时的超时阀值,这里采用系统默认值,不用填写即可。
本例中设置为:
Type:Local Interpreter
Nick:PHP LOCAL
Connection:127.0.0.1:9000
Interpreter:/usr/local/webserver/php/bin/php-cgi -b 9000
其余均为默认值
左侧选择Hard restart,点击Save(此处只所以选择Hard restart,是因为只有这个才会使配置保存到/etc/cherokee/cherokee.conf,如果是Graceful restart,则只对本此运行有效)
点击左侧导航栏的"Status",点击右侧"Launch",这时才可以把Cherokee启动起来。
此时,Cherokee的运行用户和组都是root,这是非常不安全的,这里把它修改为用www用户和组运行
chown www.www /var/log/cherokee.access
chown www.www /var/log/cherokee.error
点击左侧导航栏的"General",点击“Server Permissions”,将User和Group更改为www,其余默认,左侧选择Hard restart,点击Save。
六、安装vsftpd
yum install vsftpd
vi /etc/vsftpd/vsftpd.conf
将相应内容修改为
#anonymous_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
touch /etc/vsftpd/chroot_list
添加vsftpd自动启动
chkconfig --level 235 vsftpd on
启动vsftpd
service vsftpd start
七、新建站点流程
1、创建目录
mkdir /var/www/test.com
2、新建FTP用户
useradd -g www -d /var/www/test.com -s /sbin/nologin -M test
3、修改test用户名密码
passwd test
4、将用户锁定在主目录下(此例中为/var/www/test.com)
echo test >> /etc/vsftpd/chroot_list
或者
vi /etc/vsftpd/chroot_list
向里面添加test
用户名一行一个
5、更改目录属性
chown -R test.www /var/www/test.com
注意问题
修改cherokee运行用户后,记住要修改cherokee的属主属性,否则会报错
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/17993/showart_1900106.html |
|
免费注册
发表于 2009-04-14 16:32