- 论坛徽章:
- 0
|
基于FreeBSD 8.0 Ports配置nginx+php+mysql高性能web平台【解决方案】
FreeBSD简介:
FreeBSD,是AT&T的后裔间接通过Berkeley Software Distribution(BSD)伯克利软件发行版UNIX,其漫长而动荡的历史可以追溯到1993年。不同于Linux发行版,这被定义为集成 Linux内核和数以千计的应用软件组成的解决方案,FreeBSD是一个紧密集成的操作系统基于BSD kernel和所谓的“userland(用户建造)”(因此,甚至没有额外的扩展程序)。发行版巨大失去了在普通电脑系统安装的机会 ? 像许多Linux发行版本,一个易于安装的(大部分)开放源码的应用扩展提供了FreeBSD的核心,但这些通常是由第三方捐助者提供的和不严格的 FreeBSD的一部分。
FreeBSD开发作为一个快速,高性能和极其稳定的操作系统,尤其是适合网络服务器和类似任务。许多大型搜索引擎网站,或组织的关键任务计算基础设施上部署和使用,并在他们的计算机系统上运行FreeBSD多年。相较于Linux操作系统,FreeBSD是分布在一个更宽松的许可证,这几乎可以无限制地重复使用和源代码修改为任何目的。即使是知名的苹果的Mac OS X也是从BSD派生。除了核心的操作系统,该项目还提供超过15,000种二进制和源代码形式
FreeBSD软件方便的应用于BSD核心安装。虽然可以肯定的是FreeBSD能够作为桌面操作系统使用,但它在这方面不具有Linux发行版流行。文本模式的安装程序提供的系统硬件检测或系统配置方面并没有,留下复杂的工作,这让在安装后的用户来设置。在现代的硬件支持方面,FreeBSD普遍滞后Linux操作系统,特别是在支持笔记本电脑和上网本等小工具,如无线网卡或流行数码相机。这些用户寻求现有的桌面FreeBSD的项目是考虑利用FreeBSD在台式机或工作站的速度和稳定,而不是FreeBSD的自身。
一.安装准备:
1.1、操作系统安装:参见http://bbs.linuxtone.org/thread-6422-1-1.html附件
默认FreeBSD不允许Root直接ssh登陆,在安装系统时候可以添加一个wheel组的用户。以确保FreeBSD系统安全!切记:FreeBSD只允许wheel组的用户可以ssh登陆。
例如:pw useradd coralzd -g coralzd
1.2 系统环境
FreeBSD 8.0 I386
Nginx 0.7.65
PHP 5.2.13
Mysql 5.5.4 M3
复制代码
二、系统初始化
2.1 更新ports
用portsnap 更新ports树,已获得最新的软件。
修改portsnap配置文件的server 为国内的镜像
ee /etc/porsnap.conf
将SERVERNAME=portsnap.freebsd.org
修改为SERVERNAME=portsnap.hshh.org
#初次运行portsnap fetch extract
以后运行portsnap fetch update
复制代码
2.2 优化rc.conf配置文档
添加syslogd_flags="-ss"
sendmail_enable="NONE"
2.3 内核增加IPFW防火墙
cd /usr/src/sys/i386/conf
cp GENERIC IPFW
ee IPFW
将ident GENERIC
修改为ident IPFW
在下面增加- options IPFIREWALL
- options IPFIREWALL_VERBOSE
- options IPFIREWALL_VERBOSE_LIMIT=10
- options IPFIREWALL_DEFAULT_TO_ACCEPT
复制代码 复制代码
编译内核- # cd ../compile/IPFW
- # make cleandepend && make depend
- # make && make install
复制代码 复制代码
编译完成后在/etc/rc.conf 最后添加以下语句- firewall_enable="YES"
- firewall_script="YES"
- firewall_script="/etc/ipfw.conf"
- firewall_quiet="NO"
- firewall_logging_enable="YES"
复制代码 复制代码
:编辑/etc/syslog.conf文件
在文件最后加入如下内容:
!ipfw *.* /var/log/ipfw.log
这行的作用是将IPFW的日志写到/var/log/ipfw.log文件里- ee /etc/ipfw.conf
- #!/bin/sh
- IPFW='/sbin/ipfw -q'
- $IPFW -f flush
- $IPFW add 2000 allow ip from any to any via lo*
- $IPFW add 2010 deny log ip from 127.0.0.0/8 to any in
- $IPFW add 2020 deny log ip from any to 127.0.0.0/8 in
- $IPFW add 2030 deny log ip from 224.0.0.0/3 to any in
- $IPFW add 2040 deny log tcp from any to 224.0.0.0/3 in
- $IPFW add 2050 allow log tcp from any to any out
- $IPFW add 2060 allow log tcp from any to any established
- $IPFW add 2070 allow log tcp from any to any 22 in
- $IPFW add 2080 allow log tcp from any to any 80 in
- $IPFW add 12190 deny log tcp from any to any
复制代码 复制代码
2.4 安装axel提高ports的安装速度- cd /usr/ports/ftp/axel
- make install
- #修改 /et/make.conf
- ee /etc/make.conf
- #加入以下内容
- FETCH_CMD=axel
- FETCH_BEFORE_ARGS= -n 10 -a
- FETCH_AFTER_ARGS=
- DISABLE_SIZE=yes
- MASTER_SITE_OVERRIDE?=\
- http://ports.hshh.org/${DIST_SUBDIR}/\
- http://ports.cn.freebsd.org/${DIST_SUBDIR}/\
- ftp://ftp.freeBSDchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
- MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP
复制代码 复制代码
2.5 优化内核
- ee /etc/sysctl.conf
- security.bsd.see_other_uids=0
- net.inet.tcp.sendspace=65536
- net.inet.tcp.recvspace=65536
- #net.inet.udp.sendspace=65536
- net.inet.udp.maxdgram=65536
- net.local.stream.sendspace=65536
- net.inet.tcp.rfc1323=1
- #net.inet.tcp.rfc1644=1
- net.inet.tcp.rfc3042=1
- net.inet.tcp.rfc3390=1
- kern.ipc.maxsockbuf=2097152
- kern.maxfiles=65536
- kern.maxfilesperproc=32768
- net.inet.tcp.delayed_ack=0
- net.inet.icmp.drop_redirect=1
- net.inet.icmp.log_redirect=1
- net.inet.ip.redirect=0
- net.inet.icmp.bmcastecho=0
- net.inet.icmp.maskrepl=0
- net.inet.icmp.icmplim=100
- net.inet.icmp.icmplim_output=0
- #net.inet.tcp.drop_synfin=1
- net.inet.tcp.always_keepalive=1
- net.inet.ip.intr_queue_maxlen=1000 (这儿太大了。建议不用或小点值)
- net.inet.tcp.msl=7500 (太大了。建议2500-2000左右)
- net.inet.tcp.blackhole=2
- net.inet.tcp.inflight.enable=1
- net.inet.ip.fastforwarding=0
- kern.ipc.somaxconn=32768
- kern.securelevel=0
- #net.inet.tcp.log_in=1
- #net.inet.udp.log_in=1
- net.inet.udp.checksum=1
- net.inet.tcp.syncookies=1
- kern.ipc.shm_use_phys=1
- kern.ipc.shmmax=67108864
- kern.ipc.shmall=32768
- kern.coredump=0
- net.local.stream.recvspace=65536
- net.local.dgram.maxdgram=16384
- net.local.dgram.recvspace=65536
- #net.inet.tcp.mssdflt=1460
- #net.inet.tcp.minmss=1640
- net.inet.raw.maxdgram=65535
- net.inet.raw.recvspace=65535
- net.inet.ip.fw.dyn_max=65535
- net.inet.ipf.fr_tcpidletimeout=864000
复制代码 复制代码- ee /boot/loader.conf
- kern.dfldsiz="2147483648" # Set the initial data size limit
- kern.maxdsiz="2147483648" # Set the max data size
- kern.ipc.nmbclusters="0" # Set the number of mbuf clusters
- kern.ipc.nsfbufs="66560" # Set the number of sendfile(2) bufs
复制代码 复制代码
三、配置mysql php nginx
3.1 安装mysql 5.5.4 m3
cd /usr/ports/databases/mysql55-server
ee Makefile
在第30行下面加上下面的参数- --enable-thread-safe-client \
- --disable-dtrace \
- --enable-assembler \
- --enable-assembler \
- --with-big-tables \
- --with-ssl \
- --with-embedded-server \
- --with-local-infile \
- --with-plugins=partition,innobase,myisammrg
- 然后
- #make install clean
复制代码 复制代码
3.2 初始化数据库- /usr/local/bin/mysql_install_db --user=mysql
- cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf
复制代码 复制代码
3.3 /etc/rc.conf 增加mysql_enable="YES"- echo 'mysql_enable="YES"' >> /etc/rc.conf
复制代码 复制代码
3.4 安装php- cd /usr/ports/lang/php52
- #make config ##配置编译参数
- [X] CLI Build CLI version
- [X] CGI Build CGI version
- [ ] APACHE Build Apache module
- [ ] DEBUG Enable debug
- [X]] SUHOSIN Enable Suhosin protection system
- [X] MULTIBYTE Enable zend multibyte support
- [ ] IPV6 Enable ipv6 support
- [X] REDIRECT Enable force-cgi-redirect support (CGI only)
- [X] DISCARD Enable discard-path support (CGI only)
- [X] FASTCGI Enable fastcgi support (CGI only)
- [X] PATHINFO Enable path-info-check support (CGI only)
- make install clean
复制代码 复制代码
# cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
3.5 配置php.ini
ee php.ini
找到如下语句
;- open_basedir =
- disable_functions =
- expose_php = On
- expose_php = Off
- display_errors = On
- output_buffering = Off
复制代码 复制代码
修改为- open_basedir = /data/www/wwwroot:/tmp
- disable_functions =
- phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsock
- open,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
- display_errors = Off
- output_buffering = On
复制代码 复制代码
3.6 安装php52-extensions- # cd /usr/ports/lang/php52-extensions/
- #make config
- Options for php52-extensions 1.3
- -------------------------------------------------
- [X] CURL CURL support
- [X] FTP FTP support
- [X] GD
- [X] GETTEXT
- [X] MBSTRING multibyte string support
- [X] MCRYPT Encryption support
- [X] MYSQL
- [X] PCRE Perl Compatible Regular Expression support
- [ ] POSIX //去掉
- [ ] SQLITE //去掉.
- [X] ZIP ZIP support
- [X] ZLIB
- # make install clean
复制代码 复制代码
3.7 安装php扩展模块安装eaccelerator- cd /usr/ports/www/eaccelerator
- make install clean
复制代码 复制代码
ee /usr/local/etc/php.ini
在后面加上- zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-
- 20060613/eaccelerator.so"
- eaccelerator.shm_size="32"
- eaccelerator.cache_dir="/data/cache/ea"
- eaccelerator.enable="1"
- eaccelerator.optimizer="1"
- eaccelerator.check_mtime="1"
- eaccelerator.debug="0"
- eaccelerator.filter=""
- eaccelerator.shm_max="0"
- eaccelerator.shm_ttl="0"
- eaccelerator.shm_prune_period="0"
- eaccelerator.shm_only="0"
- eaccelerator.compress="1"
- eaccelerator.compress_level="9"
复制代码 复制代码
安装memcache- cd /usr/ports/databases/pecl-memcache
- make install clean
复制代码 复制代码
安装pdo_mysql- cd /usr/ports/databases/php52-pdo_mysql
- make install clean
复制代码 复制代码
安装ImageMagick- # cd /usr/ports/graphics/ImageMagick/
- # make install clean
复制代码 复制代码
看是否安装成功 convert --version
PHP还需安装两个.so
安装 php imagick extend (imagick.so)- # cd /usr/ports/graphics/pecl-imagick
- # make install clean
复制代码 复制代码
安装 php magickwand extend (magickwand.so)- # cd /usr/ports/graphics/php-magickwand
- # make install clean
复制代码 复制代码
关于magicwand的说明:http://www.imagemagick.org/script/api.php#php
然后看下扩展安装lighttpd 获得spawn-fcgi- cd /usr/ports/www/lighttpd
- make install clean
复制代码 复制代码
安装nginx- cd /usr/ports/www/nginx
- make install clean
复制代码 复制代码
修改php.ini cgi.fix_pathinfo=1,让SCRIPT_FILENAME有效
安装Zendoptimizer
cd /usr/ports/devel/ZendOptimizer/
make (不要安装,只需下载下来即可)
cd work/ZendOptimizer-3.3.0a-freebsd6.0-i386
./install-tty 一路按回车,到最后选择no,不使用apache。
zend 将自动在php.ini最后添加参数的。
让nginx和spawn-fcgi开机启动- echo 'spawn_fcgi_enable="YES" '>> /etc/rc.conf
复制代码 复制代码- echo 'nginx_enable="YES"' >> /etc/rc.conf
复制代码 复制代码
3.8 整合nginx和php- ee fastcgi_params
- #fix_php_path
- if ($request_filename ~* (.*)\.php) {
- set $php_url $1;
- }
- if (!-e $php_url.php) {
- return 403;
- }
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- # PHP only, required if PHP was built with --enable-force-cgi-redirect
- fastcgi_param REDIRECT_STATUS 200;
复制代码 复制代码
ee nginx.conf
- user www www;
- worker_processes 10;
- pid /var/log/nginx.pid;
- # [ debug | info | notice | warn | error | crit ]
- error_log /dev/null;
- #Specifies the value for maximum file descriptors that can be opened by this process.
- worker_rlimit_nofile 51200;
- events
- {
- use kqueue; #FreeSBD下要启用kqueue,Linux下是epoll
- #maxclient = worker_processes * worker_connections / cpu_number
- worker_connections 51200;
- }
- http
- {
- include /usr/local/nginx/conf/mime.types;
- default_type application/octet-stream;
- charset gb2312;
- server_names_hash_bucket_size 128;
- client_header_buffer_size 32k;
- large_client_header_buffers 4 32k;
- log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent
- "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';
- #access_log /data/www/logs/access.log main;
- access_log /dev/null;
- sendfile on;
- tcp_nopush on;
-
- keepalive_timeout 60;
- tcp_nodelay on;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
-
- fastcgi_buffer_size 128k;
- fastcgi_buffers 4 128k;
- fastcgi_busy_buffers_size 128k;
- fastcgi_temp_file_write_size 128k;
- fastcgi_intercept_errors on;
- client_max_body_size 50m;
- client_body_buffer_size 256k;
-
- gzip on;
- gzip_min_length 1k;
- gzip_buffers 4 16k;
- gzip_http_version 1.0;
- gzip_comp_level 2;
- gzip_types text/plain application/x-javascript text/css application/xml;
- gzip_vary on;
- #
- proxy_temp_path /dev/proxy_temp;
- fastcgi_temp_path /dev/fastcgi_temp;
- client_body_temp_path /dev/client_body_temp;
-
- server
- {
- listen 80;
- server_name www.linuxtone.org;
- root /data/www/wwroot;
- index index.html index.htm index.php;
-
- location ~ \.php$ {
- #root html;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- #fastcgi_param SCRIPT_FILENAME /data/www/wwwroot$fastcgi_script_name;
- include fastcgi_params;
- }
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log logs/access.log main;
-
- }
- }
复制代码 复制代码
3.9 安装phpmyadmin
cd /usr/ports/databases/phpmyadmin/
make (只需获得软件包就可以了)
cd work && mv phpMyAdmin* /data/www/wwroot/phpmyadmin
复制代码
编辑 config.default.php
cd phpmyadmin/lib*
ee config.default.php
将$cfg['blowfish_secret'] = '';
修改为$cfg['blowfish_secret'] = 'cookie';
复制代码
然后就可以通过phpmyadmin 来管理mysql了!
文档修改历史
V1.0 初稿完成
V1.1 整理文档排版,增加fastcgi_params,修复php_pathinfo漏洞。
V1.2 修改nginx.conf 不正确的地方;整理/etc/make.conf 笔误。
V1.3 增加phpmyadmin 管理,修改spawn_fcgi 启动参数。
V1.4 修改nginx.conf配置文档和编译内核笔误!
参考文章:
http://willzh.javaeye.com/blog/252362
http://hi.baidu.com/cajecx/blog/item/279f00e903578036b80 |
|