系統環境說明:
os:centos 5.6
nginx:nginx-1.0.11
php:php-5.3.9
mysql:mysql-5.5.20
文檔導讀:
一 準備工作
二 基礎軟件包安裝
三 安裝Nginx
四 MySQL安裝
五 安裝PHP
六 企業網站部署
七 壓力測試webbench
八 優化mysql,nginx,php配置及防火牆配置(略)
九 維護常用命令
一、準備工作(僅作參考)
1、刪除系統自帶軟件
rpm -qa httpd mysql php nginx
先停止服務,卸載軟件命令:rpm -e httpd --nodeps
2、yum源
vim /etc/yum.repos.d/CentOS-Base.repo
服務器需要yum的時候也不多,所以並不需要去設置。
國內鏡像:http://mirrors.163.com http://mirrors.sohu.com
3、設置CentOS默認語言
cp /etc/sysconfig/i18n /etc/sysconfig/i18n_bak
vi /etc/sysconfig/i18n
LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
默認的語言是英文,如果把第一行改爲"LANG=”zh_CN.UTF-8”",則本機上的shell可以看到正常的中文,但通過ssh連上就會發現所有的漢字變成亂碼了;則再改爲"LANG="zh_CN.GB18030"",重新登陸即可發現一切OK。
4、安裝vim
Centos裏的VI只默認安裝了vim-minimal-7.x。所以無論是輸入vi或者 vim查看文件,syntax功能都無法正常啓用。因此需要用yum安裝另外兩個組件:vim-common-7.x和vim-enhanced- 7.x
yum -y install vim*
查看最近yum安裝過的軟件包
more /var/log/yum.log
5、時間同步
#當前時區調整爲上海就是+8區
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#利用ntpdate同步標準時間
ntpdate us.pool.ntp.org
注意:需要安裝ntp-4.2.2p1-9.el5.centos.2.1.i386.rpm
或yum install -y ntp
加入定時計劃任務,每隔10分鐘同步一下時鐘
crontab -e
0 23 * * * /bin/bash /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP
(升級系統軟件包,服務和用戶安全設置在此不涉及)
二 基礎軟件包安裝
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers
yum -y install make crontabs wget
其中wget看你使用情況,可以不裝,openssl-devel對於不需要ssl安全連接的也可以不裝,libtool一般在安裝到nginx\php\mysql前會安裝上去,所以這裏也不用安裝。make是編譯所用,cmake是編譯MySQL時用到,ncurses-devel也是。autoconf是編譯eaccelerator時用到,crontabs爲計劃任務,日誌分割所用。
附帶介紹:
#檢查是否安裝gcc
gcc -v
#查詢SELinux開啓情況
getenforce
三、安裝Nginx
1.創建nginx所需用戶及目錄
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /data0/htdocs/html
chmod +w /data0/htdocs/html
chown -R www:www /data0/htdocs/html
mkdir -p /data0/htdocs/web
chmod +w /data0/htdocs/web
chown -R www:www /data0/htdocs/web
mkdir -p /data1/logs
chmod +w /data1/logs
chown -R www:www /data1/logs
2.安裝nginx所需pcre
tar zxvf pcre-8.21.tar.gz && cd pcre-8.21/
./configure
make
make install
cd ../
3.開始安裝nginx
tar zxvf nginx-1.0.11.tar.gz && cd nginx-1.0.11/
./configure --user=www --group=www \
--prefix=/usr/local/webserver/nginx \
--with-http_stub_status_module \
--with-http_ssl_module
make
make install
cd ../
4.配置nginx
cd /usr/local/webserver/nginx/conf/
mv nginx.conf nginx.conf_bak
vim nginx.conf
輸入以下內容:
user www www;
worker_processes 8;
error_log /data1/logs/nginx_error.log crit;
pid /usr/local/webserver/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events
{
use epoll;
worker_connections 65535;
}
http
{
include mime.types;
default_type application/octet-stream;
#charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
server
{
listen 80 default;
server_name _;
# index index.html index.htm index.php;
return 404;
}
server
{
listen 888;
server_name _;
# index index.html index.htm index.php;
return 404;
}
include vhost/*.conf;
include vhost/admin/*.conf;
include vhost/html/*.conf;
}
5.前後臺分離配置文件
cd /usr/local/webserver/nginx/conf
#前臺配置文件
vim server.html.conf
輸入以下內容:
index index.html index.htm index.php;
location ~ /\.ht {
deny all;
}
location ~ .*\.(sqlite|sq3)$ {
deny all;
}
location ~ .*\.(php|php5)?$ {
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
#後臺配置文件
vim server.conf
輸入以下內容:
index index.html index.htm index.php;
location ~ /\.ht {
deny all;
}
location ~ .*\.(sqlite|sq3)$ {
deny all;
}
location ~ .*\.(php|php5)?$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
6.啓動Nginx服務並檢查
ulimit -SHn 65535
/usr/local/webserver/nginx/sbin/nginx
ps -ef |grep nginx
7.簡單站點部署測試
mkdir -p /usr/local/webserver/nginx/conf/vhost/html
cd /usr/local/webserver/nginx/conf/vhost/html
vim onbing.com.conf
輸入以下內容:
server
{
listen 80;
server_name www.onbing.com onbing.com;
index index.html index.htm ;
root /data0/htdocs/html/onbing.com;
include server.html.conf;
log_format html_onbing '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /data1/logs/access_html_onbing.log html_onbing;
}
#網站文件存放目錄
mkdir -p /data0/htdocs/html/onbing.com
vim /data0/htdocs/html/onbing.com/index.html
輸入以下內容:
<html>
<head><title>onbing</title></head>
<body bgcolor="white">
<center><h1>welcome to nginx</h1></center>
</body>
</html>
chown -R www:www /data0/htdocs/html/onbing.com
#配置文件測試並重載
/usr/local/webserver/nginx/sbin/nginx -t
/usr/local/webserver/nginx/sbin/nginx -s reload
注意:
1).測試時關閉iptables
/etc/init.d/iptables stop
2).域名做hosts指向
192.168.1.24 onbing.com
192.168.1.24 www.onbing.com
3).測試命令
curl -I www.onbing.com
8.nginx日誌分割
mkdir -p /data0/sh
cd /data0/sh
vim cut_nginx_log.sh
#!/bin/bash
# This script run at 00:00
# The Nginx logs path
logs_path="/usr/local/webserver/nginx/logs/"
mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`
#檢查crond服務是否啓動
service crond status
#編輯任務計劃
crontab -e
輸入以下內容:
0 0 * * * /bin/bash /data0/sh/cut_nginx_log.sh
四、MySQL安裝
#檢查並更新安裝mysql所需要依賴的軟件包
yum install -y automake autoconf libtool ncurses-devel libxslt groff pcre-devel
#安裝cmake,後面安裝mysql配置時需要使用
#CMAKE安裝MySQL的配置參數說明:http://blog.sina.com.cn/s/blog_53b13d950100we05.html
tar zxvf cmake-2.8.7.tar.gz && cd cmake-2.8.7/
./configure
gmake && gmake install && cd ../
#創建mysql用戶和組
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
說明:設置mysql用戶密碼:/usr/bin/passwd mysql
#創建webserver目錄,將nginx,php,mysql均安裝到此目錄
mkdir -p /usr/local/webserver
#創建mysql數據存放目錄
mkdir -p /data0/mysql/3306/data/
mkdir -p /data0/mysql/3306/binlog/
mkdir -p /data0/mysql/3306/relaylog/
chown -R mysql:mysql /data0/mysql/
#開始安裝mysql-5.5.20
tar zxvf mysql-5.5.20.tar.gz && cd mysql-5.5.20/
/usr/local/bin/cmake -DCMAKE_INSTALL_PREFIX=/usr/local/webserver/mysql/ \
-DMYSQL_DATADIR=/data0/mysql/3306/data/ \
-DSYSCONFDIR=/data0/mysql/3306/ \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_FEDERATED_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DMYSQL_TCP_PORT=3306 \
-DENABLED_LOCAL_INFILE=1
make
make install
cd ../
說明:如果編譯失敗,刪除文件重新編譯:rm -f CMakeCache.txt
chown -R mysql:mysql /usr/local/webserver/mysql
chmod +w /usr/local/webserver/mysql
#以mysql用戶帳號的身份建立數據表
/usr/local/webserver/mysql/scripts/mysql_install_db --basedir=/usr/local/webserver/mysql --datadir=/data0/mysql/3306/data --user=mysql
#創建my.cnf配置文件:
vim /data0/mysql/3306/my.cnf
輸入以下內容:
[client]
#character-set-server = utf8
port = 3306
socket = /tmp/mysql.sock
[mysqld]
#character-set-server = utf8
replicate-ignore-db = mysql
replicate-ignore-db = test
replicate-ignore-db = information_schema
user = mysql
port = 3306
socket = /tmp/mysql.sock
basedir = /usr/local/webserver/mysql
datadir = /data0/mysql/3306/data
log-error = /data0/mysql/3306/mysql_error.log
pid-file = /data0/mysql/3306/mysql.pid
open_files_limit = 10240
back_log = 600
max_connections = 5000
max_connect_errors = 6000
table_cache = 614
external-locking = FALSE
max_allowed_packet = 32M
sort_buffer_size = 1M
join_buffer_size = 1M
thread_cache_size = 300
#thread_concurrency = 8
query_cache_size = 512M
query_cache_limit = 2M
query_cache_min_res_unit = 2k
default-storage-engine = MyISAM
thread_stack = 192K
transaction_isolation = READ-COMMITTED
tmp_table_size = 246M
max_heap_table_size = 246M
long_query_time = 3
log-slave-updates
log-bin = /data0/mysql/3306/binlog/binlog
binlog_cache_size = 4M
binlog_format = MIXED
max_binlog_cache_size = 8M
max_binlog_size = 1G
relay-log-index = /data0/mysql/3306/relaylog/relaylog
relay-log-info-file = /data0/mysql/3306/relaylog/relaylog
relay-log = /data0/mysql/3306/relaylog/relaylog
expire_logs_days = 30
key_buffer_size = 256M
read_buffer_size = 1M
read_rnd_buffer_size = 16M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 128M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover
interactive_timeout = 120
wait_timeout = 120
skip-name-resolve
#master-connect-retry = 10
slave-skip-errors = 1032,1062,126,1114,1146,1048,1396
#master-host = 192.168.1.2
#master-user = username
#master-password = password
#master-port = 3306
server-id = 1
innodb_additional_mem_pool_size = 16M
innodb_buffer_pool_size = 512M
innodb_data_file_path = ibdata1:256M:autoextend
innodb_file_io_threads = 4
innodb_thread_concurrency = 8
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 16M
innodb_log_file_size = 128M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120
innodb_file_per_table = 0
#log-slow-queries = /data0/mysql/3306/slow.log
#long_query_time = 10
[mysqldump]
quick
max_allowed_packet = 32M
#創建管理MySQL數據庫的shell腳本:
vim /data0/mysql/3306/mysql
輸入以下內容(這裏的用戶名bingadmin和密碼TQHQoYc55SR68S3M接下來的步驟會創建):
#!/bin/sh
mysql_port=3306
mysql_username="bingadmin"
mysql_password="TQHQoYc55SR68S3M"
function_start_mysql()
{
printf "Starting MySQL...\n"
/bin/sh /usr/local/webserver/mysql/bin/mysqld_safe --defaults-file=/data0/mysql/${mysql_port}/my.cnf 2>&1 > /dev/null &
}
function_stop_mysql()
{
printf "Stoping MySQL...\n"
/usr/local/webserver/mysql/bin/mysqladmin -u ${mysql_username} -p${mysql_password} -S /tmp/mysql.sock shutdown
}
function_restart_mysql()
{
printf "Restarting MySQL...\n"
function_stop_mysql
sleep 5
function_start_mysql
}
if [ "$1" = "start" ]; then
function_start_mysql
elif [ "$1" = "stop" ]; then
function_stop_mysql
elif [ "$1" = "restart" ]; then
function_restart_mysql
elif [ "$1" = "kill" ]; then
function_kill_mysql
else
printf "Usage: /data0/mysql/${mysql_port}/mysql {start|stop|restart|kill}\n"
fi
#賦予shell腳本可執行權限
chmod +x /data0/mysql/3306/mysql
#啓動MySQL
/data0/mysql/3306/mysql start
#通過命令行登錄管理MySQL服務器
/usr/local/webserver/mysql/bin/mysql -u root -p
#創建一個具有root權限的用戶(bingadmin)和密碼(TQHQoYc55SR68S3M)
grant SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES on *.* to 'bingadmin'@'localhost' identified by 'TQHQoYc55SR68S3M';
grant SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES on *.* to 'bingadmin'@'127.0.0.1' identified by 'TQHQoYc55SR68S3M';
flush privileges;
說明:
1.每個數據庫使用獨立的數據庫管理員,且分配如下權限(按實際分配):
select,insert,update,delete,create,drop,index,alter,grant,references,reload,shutdown,process,file等14個權限
2.mysql數據庫用戶root密碼必須修改
/usr/local/webserver/mysql/bin/mysqladmin -u root password n53s8mOE4Dh7qw
#停止MySQL命令
/data0/mysql/3306/mysql stop
service mysqld stop
/etc/init.d/mysqld stop
五、安裝PHP
安裝php所依賴的軟件:
1.安裝libiconv
tar xzvf libiconv-1.14.tar.gz && cd libiconv-1.14
./configure --prefix=/usr/local/webserver/lib/libiconv
make && make install && cd ../
2.安裝libmcrypt
tar xzvf libmcrypt-2.5.8.tar.gz && cd libmcrypt-2.5.8
./configure
make && make install && cd ../
3.安裝mhash
tar zxvf mhash-0.9.9.9.tar.gz && cd mhash-0.9.9.9
./configure
make && make install && cd ../
4.安裝mcrypt
tar -zxvf mcrypt-2.6.8.tar.gz && cd mcrypt-2.6.8
LD_LIBRARY_PATH=/usr/local/lib ./configure
make && make install && cd ../
5.開始安裝php
tar xzvf php-5.3.9.tar.gz && cd php-5.3.9
./configure --prefix=/usr/local/webserver/php \
--with-config-file-path=/usr/local/webserver/php/etc \
--with-mysql=/usr/local/webserver/mysql \
--with-mysqli=/usr/local/webserver/mysql/bin/mysql_config \
--enable-mbstring \
--with-libxml-dir=/usr/local/webserver/lib/libxml2 \
--with-iconv-dir=/usr/local \
--enable-fpm \
--with-zlib-dir=/usr/local/webserver/lib/zlib \
--enable-zip \
--with-mcrypt \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--enable-xml \
--with-gd \
--enable-gd-native-ttf \
--with-mhash
make
make install
**********************************
(1)找不到“-liconv”
/usr/bin/ld: cannot find -liconv
collect2: ld returned 1 exit status
make: *** [sapi/fpm/php-fpm] Error 1
解決辦法:make ZEND_EXTRA_LIBS='-liconv'
(2)編譯php錯誤/usr/bin/ld:cannot find -lltdl
錯誤提示是在./configure 後make的時候出現
/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status
分析:
系統缺乏對應的庫文件;
版本不對應;
庫文件的鏈接錯誤;
庫文件路徑設置問題;
解決:
1)確認libltdl庫文件是否存在
ll /usr/lib/libltdl*
ll /usr/lib/local/libltdl*
或者其他自定義的lib下有無libltdl.so
如果存在類似如libltdl.so.1,那麼可以通過ln -sv libltdl.so.1 libltdl.so,建立一個連接重建libltdl.so
2)檢查/etc/ld.so.conf中的庫文件路徑是否正確
可以直接將以下路徑添加:
/usr/lib
/usr/local/lib
重建ld.so.cache文件:ldconfig
說明:重建ld.so.cache文件,ld的庫文件檢索目錄存放文件。尤其剛剛編譯安裝的軟件,必須運行ldconfig,才能將新安裝的庫文件導入ld.so.cache.
3)如果沒有找到任何庫文件,請執行下面
cd /tools/libmcrypt-2.5.8/libltdl
./configure --enable-ltdl-install
make && make install
*****************************************************
cp php.ini-production /usr/local/webserver/php/etc/php.ini
cp /usr/local/webserver/php/etc/php-fpm.conf.default /usr/local/webserver/php/etc/php-fpm.conf
#存放pid和日誌文件
mkdir -p /usr/local/webserver/php/logs
vim /usr/local/webserver/php/etc/php-fpm.conf
修改內容爲如下:
pid /usr/local/webserver/php/logs/php-fpm.pid
error_log /usr/local/webserver/php/logs/php-fpm.log
pm.max_children = 64
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 1024
user = www
group = www
************************************************************
安裝PHP5擴展模塊:
1.安裝eaccelerator
tar jxvf eaccelerator-0.9.6.1.tar.bz2 && cd eaccelerator-0.9.6.1
/usr/local/webserver/php/bin/phpize
./configure --enable-eaccelerator=shared \
--with-php-config=/usr/local/webserver/php/bin/php-config
make && make install && cd ../
************************************************************
2.安裝zend
wget http://downloads.zend.com/guard/5.5.0/ZendGuardLoader-php-5.3-linux-glibc23-i386.tar.gz
tar zxvf ZendGuardLoader-php-5.3-linux-glibc23-i386.tar.gz
mv ZendGuardLoader-php-5.3-linux-glibc23-i386/php-5.3.x/ZendGuardLoader.so /usr/local/webserver/php/lib/php/extensions
#緩存目錄,下面需要使用到此目錄
mkdir -p /usr/local/webserver/eaccelerator_cache
vim /usr/local/webserver/php/etc/php.ini
按shift+g添加以下內容:
zend_loader.enable=1
zend_loader.disable_licensing=0
zend_loader.obfuscation_level_support=3
zend_loader.license_path=
zend_extension=/usr/local/webserver/php/lib/php/extensions/ZendGuardLoader.so
zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/usr/local/webserver/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
#啓動php並驗證
/usr/local/webserver/php/sbin/php-fpm
說明:啓動php-fpm時出現ZendGuardLoader.so: cannot restore segment prot after reloc: Permission denied
關閉selinux即可,具體操作如下:
vim /etc/selinux/config
將SELINUX=enforcing 改成SELINUX=disabled
setenforce 0
ps -ef |grep php
netstat -anp |grep 127.0.0.1:9000
#設置nginx,mysql和php開機啓動
vim /etc/rc.d/rc.local
/usr/local/webserver/nginx/sbin/nginx
/usr/local/webserver/php/sbin/php-fpm
/data0/mysql/3306/mysql start
(因字數限制後面內容請見附件)