- 论坛徽章:
- 0
|
|
基于CentOS构建高性能的LAMP平台. 2.。。。。。。。。
三、编译安装A.M.P环境
1.下载软件编译安装
1)下载软件
# cd /usr/local/src
httpd-2.2.8.tar.gz
mysql-5.0.51b.tar.gz
php-5.2.6.tar.bz2
ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
2) 安装MySQL
查看分析你的CPU型号:
http://gentoo-wiki.com/Safe_Cflags 查找您的GCC编译参数.
确定系统CPU类型:
# cat /proc/cpuinfo | grep "model name"
执行后会看到系统中CPU的具体型号,记下CPU型号。
# tar xvf mysql-5.0.51b.tar.gz
# cd mysql-5.0.51b
# vi mysql.sh-------------------cut begin-------------------------------------------
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/data/mysql/data" \
"--with-comment=Source" \
"--with-server-suffix=-LinuxTone" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset=utf8" \
"--with-collation=utf8_chinese_ci" \
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--without-isam" \
"--without-innodb" \
"--without-ndb-debug"
make && make install
mkdir -p /data/mysql/data
useradd mysql -d /data/mysql -s /sbin/nologin
/usr/local/mysql/bin/mysql_install_db --user=mysql
cd /usr/local/mysql
chown -R root:mysql .
chown -R mysql /data/mysql/data
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
/etc/rc.d/init.d/mysqld start
cd /usr/local/mysql/bin
for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done
-------------------cut end---------------------------------------------
复制代码#sh mysql.sh 即可开始编译.
3) 编译安装Apache
# cd /usr/local/src
# tar xvf httpd-2.2.8.tar.gz
# cd httpd-2.2.8./configure \
"--prefix=/usr/local/apache2" \
"--with-included-apr" \
"--enable-so" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-rewrite=shared" \
"--enable-static-support" \
"--disable-userdir"
make
make install
echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
复制代码4.)编译安装PHP
# cd /usr/local/src
# tar xjvf php-5.2.6.tar.bz2
# cd php-5.2.6./configure \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache2/bin/apxs" \
"--with-config-file-path=/usr/local/php/etc" \
"--with-mysql=/usr/local/mysql" \
"--with-libxml-dir=/usr/local/libxml2" \
"--with-gd=/usr/local/gd2" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-bz2" \
"--with-freetype-dir" \
"--with-iconv-dir" \
"--with-zlib-dir " \
"--with-openssl=/usr/local/openssl" \
"--with-mcrypt=/usr/local/libmcrypt" \
"--enable-soap" \
"--enable-gd-native-ttf" \
"--enable-ftp" \
"--enable-mbstring" \
"--enable-exif" \
"--disable-ipv6" \
"--disable-cgi" \
"--disable-cli" #禁掉ipv6,禁掉cli模式,提升速度和安全性.请根据具体需求定制相关的编译数.
make
make install
mkdir /usr/local/php/etc
cp php.ini-dist /usr/local/php/etc/php.ini
复制代码5)Xcache的安装.
#tar xvf xcache-1.2.2.tar.gz #/usr/local/php/bin/phpize
./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php/bin/php-config \
--enable-inline-optimization --disable-debug
复制代码#vi /usr/local/php/etc/php.ini (将以下内容加入php.ini最后面)-------------------cut begin-------------------------------------------
[xcache-common]
zend_extension = /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/xcache.so
[xcache.admin]
xcache.admin.user = "admin"
;如何生成md5密码: echo -n "password"| md5sum
xcache.admin.pass = "035d849226a8a10be1a5e0fec1f0f3ce" #密码为52netseek
[xcache]
; Change xcache.size to tune the size of the opcode cache
xcache.size = 24M
xcache.shm_scheme = "mmap"
xcache.count = 4
xcache.slots = 8K
xcache.ttl = 0
xcache.gc_interval = 0
; Change xcache.var_size to adjust the size of variable cache
xcache.var_size = 8M
xcache.var_count = 1
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300
xcache.test = Off
xcache.readonly_protection = On
xcache.mmap_path = "/tmp/xcache"
xcache.coredump_directory = ""
xcache.cacher = On
xcache.stat = On
xcache.optimizer = Off
[xcache.coverager]
xcache.coverager = On
xcache.coveragedump_directory = ""
-------------------cut end---------------------------------------------
复制代码6) 安装Zend Optimizer
# cd /usr/local/src
# tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
# ./ZendOptimizer-3.3.3-linux-glibc23-i386/install.sh
安装Zend Optimizer过程的最后不要选择重启Apache。
2. 整合Apache与PHP及系统初化配置.
1)整合Apache与PHP
# vi /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在该行下面添加
AddType application/x-httpd-php .php
找到:
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
将该行改为
<IfModule dir_module>
DirectoryIndex index.html index.htm index.php
</IfModule>
找到:
#Include conf/extra/httpd-mpm.conf
#Include conf/extra/httpd-info.conf
#Include conf/extra/httpd-vhosts.conf (虚拟主机配置文件存放目录.)
#Include conf/extra/httpd-default.conf
去掉前面的“#”号,取消注释。
注意:以上 4 个扩展配置文件中的设置请按照相关原则进行合理配置!
修改完成后保存退出。
# /usr/local/apache2/bin/apachectl restart
2)查看确认L.A.M.P环境信息、提升 PHP 安全性
在网站根目录放置 info.php 脚本,检查phpinfo中的各项信息是否正确。
<?php
phpinfo();
?>
确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性,禁掉危险的函数.
# vi /etc/php.ini找到:disable_functions =设置为:phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
3)脚本自动完成初始化配置(以上配置可以用脚本自动化完成)
#cat init_apache_php.sh-------------------cut begin-------------------------------------------
#!/bin/bash
#Written by :NetSeek http://www.linuxtone.org
#init_httpd.conf
http_cf="/usr/local/apache2/conf/httpd.conf"
sed -i -e "s/User daemon/User www/" -i -e "s/Group daemon/Group www/" $http_cf
sed -i -e '121 s/^/#/' -i -e '122 s/^/#/' $http_cf
sed -i 's#DirectoryIndex index.html# DirectoryIndex index.php index.html index.htm#/g' $http_cf
sed -i -e '374 s/^#//g' -i -e '389 s/^#//g' -i -e '392 s/^#//g' -i -e '401 s/^#//g' $http_cf
#init_php(PHP安全设置及隐藏PHP版本)
php_cf="/usr/local/php/etc/php.ini"
sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $php_cf
sed -i '210 s#disable_functions =#disable_functions = phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $php_cf
sed -i '/expose_php/s/On/Off/' $php_cf
sed -i '/display_errors/s/On/Off/' $php_cf
-------------------cut end-------------------------------------------
复制代码三、配置虚拟主机及基本性能调优
1) 配置虚拟主机:
#vi /usr/local/apache2/conf/extra/httpd-vhosts.confNameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin cnseek@gmail.com
DocumentRoot "/data/www/wwwroot/linuxtone.org"
ServerName www.linuxtone.org
ServerAlias bbs.linxutone.org
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "|/usr/sbin/cronolog /data/logs/access_www.linuxtone.org.%Y%m%d" combined
</VirtualHost>
复制代码2).基本性能调优参考 更多的调优相关文章请关注:http://bbs.linuxtone.org/index.html性能调优相关的贴子)
#vi /usr/local/apache2/conf/extra/httpd-default.confTimeout 15
KeepAlive Off
MaxKeepAliveRequests 50
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
复制代码#vi /usr/local/apache2/conf/extra/httpd-mpm.conf<IfModule mpm_prefork_module>
ServerLimit 2000
StartServers 10
MinSpareServers 10
MaxSpareServers 15
MaxClients 2000
MaxRequestsPerChild 10000
</IfModule>
复制代码3).Apache日志处理相关问题汇总贴(http://bbs.linuxtone.org/thread-102-1-1.html)
利用awstats分析网站日志:http://bbs.linuxtone.org/thread-56-1-1.html
忽略不需要的日志配置参考具体请据据具体问题分析:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
#下面加入如下内容: # filter the localhost visit
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
# filter some special directories
SetEnvIf Request_URI "^ZendPlatform.*
- # filter the localhost visit
- SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
- # filter some special directories
- SetEnvIf Request_URI "^ZendPlatform.*[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI \.healthcheck\.html$ dontlog
- SetEnvIf Remote_Addr "::1" dontlog
- SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
- 复制代码quot; dontlog
- SetEnvIf Request_URI \.healthcheck\.html$ dontlog
- SetEnvIf Remote_Addr "::1" dontlog
- SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
- SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://网站域名/nolink.png [R,L]
复制代码四、基本安全设置
1)iptables 封锁相关端口(推荐读CU白金大哥的两小时玩转iptables)
2)SSH全安(修改SSH端口限制来源IP登陆,或者参考http://bbs.linuxtone.org/thread-106-1-1.html)
3)Linux防Arp攻击策略(http://bbs.linuxtone.org/thread-41-1-1.html)
4)注意(还是那句老话:安全工作从细节做起!)
五、附录及相关介绍
1)参考文档(感谢):
Discuz!公司Nanu先生文章的相关链接:
http://bbs.linuxpk.com/thread-13325-1-2.html
http://www.discuz.net/thread-722804-1-1.html
配置全能WEB(05年文章参考):http://bbs.linuxpk.com/thread-437-1-2.html
LinuxTone.Org(Apache相关问题专题贴):http://bbs.linuxtone.org/thread-88-1-1.html
感谢网友eddiechen提出相关问题!
1)利用Nginx替代apache实现高性能的Web环境(第一版): http://bbs.linuxtone.org/thread-7-1-1.html
第二版详细安全配置近期更新,请实时关注:http://bbs.linuxtone.org/(网站服务器版)
2)关于LinuxTone.Org(IT运维专家论坛):
目标:期望和大家一起努力打造一个专注IT运维,Linux集群架构的开放互动讨论平台!期待您的加入!
我们很乐意把平时工作中遇到的问题和得到的经验与大家共同分享相互学习!
如果你是Linux爱好者?
如果你目前在网站服务器方面遇到很多头痛的问题?
如果你目前的站就使用了Linux?或者你想将你的Linux的apache迁于至高性能的Nginx?
如果您使用的是WAMP(即Windows平台的AMP)平台想迁移至LAMP?
如果你目前的网站需要优化进一步提升硬件性能?
如果你目前的网站需要负载均衡集群架构方案? 请联系我们!
我们愿意抽出空余时间免费热心为你解答相关问题,协助你完成所有相关工作!共同分享!共同进步!
同时也热情期待你能加入http://www.linuxtone.org 帮我一起完善论坛建设工作,完成每版置顶的手册形成可操作性
强的文档及方案,方便大家一起学习进步!联系方式 Q:67888954 MSN:cnseek@msn.com Gtalk:cnseek@gmail.com
|
|
免费注册
发表于 2012-01-13 15:42
