因項目需要,要將php升級到7,於是將之前的LANMP進行全面升級,centos7.5+nginx1.14+apache2.4.33+php7.2
###初始化系統###
#更新yum源(aliyun)
yum -y install wget mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum clean all yum makecache /root/init_system_centos7.sh #init_system_centos7.sh詳細見之前博文
#修改hosts文件
echo "192.168.5.32 web32.blufly.com" >> /etc/hosts echo "192.168.5.33 web33.blufly.com" >> /etc/hosts
###更新組件###
yum -y groupinstall 'Development Tools' yum -y install bison patch unzip mlocate flex wget automake autoconf gd cpp gettext readline-devel libjpeg \ libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 \ glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel \ expat-devel libtool libtool-ltdl-devel openssl openssl-devel openldap openldap-devel \ cmake gmp-devel libicu-devel libxslt-devel
###下載安裝包###
cd /opt wget http://mirrors.sohu.com/nginx/nginx-1.14.0.tar.gz wget http://mirrors.sohu.com/apache/httpd-2.4.33.tar.bz2 wget http://mirrors.sohu.com/php/php-7.2.6.tar.bz2 wget https://mirrors.shuosc.org/apache/apr/apr-1.6.3.tar.bz2 wget https://mirrors.shuosc.org/apache/apr/apr-util-1.6.1.tar.bz2 #jemalloc 優化nginx,內存管理 wget https://github.com/jemalloc/jemalloc/releases/download/5.1.0/jemalloc-5.1.0.tar.bz2 #字符轉換庫libiconv wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.15.tar.gz #ImageMagick 是一個圖象處理軟件。它可以編輯、顯示包括JPEG、TIFF、PNM、PNG、GIF和Photo CD在內的絕大多數當今最流行的圖象格式 wget http://www.imagemagick.org/download/ImageMagick-7.0.7-35.tar.bz2 #PHP的imagick擴展,用Imagick替代php的GD庫 wget http://pecl.php.net/get/imagick-3.4.3.tgz #Suhosin是一個PHP程序的保護系統 wget https://download.suhosin.org/suhosin-0.9.38.tar.gz #ionCube - PHP的加密/解密工具 wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz #pcre支持nginx僞靜態 wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz
###------------ 安裝apache -------------###
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www -s /sbin/nologin
mkdir -p /data/www/{blufly,blog}
mkdir -p /data/logs/{blufly,blog}
chown -R www:www /data/www
chown -R www:www /data/logs
cd /opt
tar -zxvf pcre-8.42.tar.gz
cd pcre-8.42
./configure --prefix=/usr/local/pcre
make;make install
cd ../#安裝apr
tar -jvxf apr-1.6.3.tar.bz2 cd apr-1.6.3 ./configure --prefix=/usr/local/apr make;make install
#安裝Apr出現的問題rm: cannot remove `libtoolT': No such file or directory
#在configure裏面把RM='$RM'改爲RM='$RM -f'
cd /opt tar -jvxf apr-util-1.6.1.tar.bz2 cd apr-util-1.6.1 ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/ make;make install cd /opt tar -jxvf httpd-2.4.33.tar.bz2 cd httpd-2.4.33
#隱藏apache版本信息
sed -i 's/#define AP_SERVER_BASEPRODUCT "Apache"/#define AP_SERVER_BASEPRODUCT "Microsoft-IIS 5.0"/' include/ap_release.h sed -i 's/#define PLATFORM "Unix"/#define PLATFORM "win32"/' os/unix/os.h
./configure --prefix=/usr/local/apache \ --enable-deflate \ --enable-headers \ --enable-mime-magic \ --enable-proxy \ --enable-ssl \ --enable-so \ --enable-rewrite \ --enable-suexec \ --with-suexec-bin=/usr/sbin/suexec \ --with-suexec-caller=www \ --with-pcre=/usr/local/pcre/bin/pcre-config \ --with-mpm=prefork \ --with-ssl=/usr \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr-util/ make;make install
#配置自啓動文件
cd ../ cp /usr/local/apache/bin/apachectl /etc/init.d/httpd sed -i '/#!\/bin\/sh/a\# chkconfig: - 85 15\n# description: web server\n# processname: httpd\n# pidfile: /usr/local/apache/logs/httpd.pid\n# config: /usr/local/apache/conf/httpd.conf' /etc/init.d/httpd
#httpd.conf優化
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak
#配置mpm_prefork_module
mv /usr/local/apache/conf/extra/httpd-mpm.conf /usr/local/apache/conf/extra/httpd-mpm.conf.bak cat >> /usr/local/apache/conf/extra/httpd-mpm.conf <<EOF <IfModule mpm_prefork_module> ServerLimit 10000 StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxRequestWorkers 10000 MaxConnectionsPerChild 10000 </IfModule> EOF
#配置虛擬主機apache虛擬主機
mv /usr/local/apache/conf/extra/httpd-vhosts.conf /usr/local/apache/conf/extra/httpd-vhosts.conf.bak cat >> /usr/local/apache/conf/extra/httpd-vhosts.conf <<EOF <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/data/www/blufly" <Directory "/data/www/blufly"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> ServerName www.blufly.com ServerAlias blufly.com ErrorLog "logs/bufly-error_log" CustomLog "|/usr/local/apache/bin/rotatelogs /data/logs/blufly/%y_%m_%d.access_log 86400" common </VirtualHost> EOF
#設置apache自啓動
cd ../ chmod 700 /etc/init.d/httpd /etc/init.d/httpd start #nginx啓動腳本中已有啓動apache的命令 #/sbin/chkconfig --add httpd #/sbin/chkconfig --level 2345 httpd on
###-------------- 安裝php ----------------###
#安裝Atomic倉庫
wget http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-21.el7.art.noarch.rpm rpm -ivh atomic-release-1.0-21.el7.art.noarch.rpm
yum -y install php-mcrypt libmcrypt libmcrypt-devel mhash mhash-devel libevent libevent-devel libxml2 \ libxml2-devel bzip2-devel libcurl-devel libjpeg-devel libpng-devel freetype-devel
#安裝字符轉換庫libiconv
cd /opt tar -zxvf libiconv-1.15.tar.gz cd libiconv-1.15/ ./configure --prefix=/usr/local/libiconv
#make時如果報錯:./stdio.h:1010:1: 錯誤:‘gets’未聲明
cd srclib/ sed -i -e '/gets is a security/d' ./stdio.in.h cd ../
make;make install cd ../
#編譯安裝php
tar -jxvf php-7.2.6.tar.bz2 cd php-7.2.6
#configure會報錯:configure: error: Cannot find ldap libraries in /usr/lib.
cp -frp /usr/lib64/libldap* /usr/lib/ ./configure --prefix=/usr/local/php \ --with-config-file-path=/usr/local/php/etc \ --with-apxs2=/usr/local/apache/bin/apxs \ --with-iconv-dir=/usr/local/libiconv \ --with-mysqli=mysqlnd \ --with-pdo-mysql=mysqlnd \ --with-libxml-dir \ --with-openssl \ --with-mhash \ --with-pcre-regex \ --with-zlib \ --with-bz2 \ --with-curl \ --with-cdb \ --with-pcre-dir \ --with-gd \ --with-openssl-dir \ --with-jpeg-dir \ --with-png-dir \ --with-zlib-dir \ --with-freetype-dir \ --with-gettext \ --with-gmp \ --with-mhash \ --with-libmbfl \ --with-onig \ --with-zlib-dir \ --with-readline \ --with-libxml-dir \ --with-xsl \ --with-pear \ --enable-soap \ --enable-bcmath \ --enable-calendar \ --enable-dom \ --enable-exif \ --enable-fileinfo \ --enable-filter \ --enable-ftp \ --enable-json \ --enable-mbstring \ --enable-mbregex \ --enable-mbregex-backtrack \ --enable-pdo \ --enable-session \ --enable-shmop \ --enable-simplexml \ --enable-sockets \ --enable-sysvmsg \ --enable-sysvsem \ --enable-sysvshm \ --enable-wddx \ --enable-zip \ --enable-mysqlnd-compression-support \ --enable-intl \ --enable-maintainer-zts \ --disable-rpath \ --disable-debug \ --disable-ipv6
#make報錯:error while loading shared libraries: libiconv.so.2: cannot open shared object file: No such file or directory
echo "/usr/local/lib" >> /etc/ld.so.conf /sbin/ldconfig
make #如有報 undefined reference to `libiconv_open' #就用make ZEND_EXTRA_LIBS='-liconv'來進行編譯 make install cd ../
cp php.ini-production /usr/local/php/etc/php.ini
############
#如果編譯過程中遇到下列信息:PEAR package PHP_Archive not installed: generated phar will require PHP's phar extension be enabled
#cd /opt #wget http://pear.php.net/go-pear.phar #/usr/local/php/bin/php go-pear.phar
############
cd ../
#使用pthreads PHP擴展,可以使PHP真正地支持多線程
#要安裝pthreads PHP擴展,在編輯php時要加參數 --enable-maintainer-zts
cd /opt git clone https://github.com/krakjoe/pthreads.git cd pthreads /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make && make install
#安裝mysql擴展
cd /opt/php-7.2.6/ext git clone https://github.com/php/pecl-database-mysql mysql --recursive cd mysql /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make && make install
#修改php.ini配置文件
#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20170718" #extension = "mysql.so"
#安裝memcached擴展
yum -y install libmemcached libmemcached-devel cd /opt/php-7.2.6/ext git clone https://github.com/php-memcached-dev/php-memcached memcached cd memcached/ git checkout php7 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make;make install
#安裝memcache擴展
cd /opt/php-7.2.6/ext git clone https://github.com/websupport-sk/pecl-memcache memcache cd memcache /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make;make install
#修改php.ini配置文件
#extension = "memcached.so" #extension = "memcache.so"
cd /opt tar -jxvf ImageMagick-7.0.7-35.tar.bz2 cd ImageMagick-7.0.7-35 ./configure --prefix=/usr/local/imagemagick make;make install cd ../ tar -zxvf imagick-3.4.3.tgz cd imagick-3.4.3/ export PKG_CONFIG_PATH=/usr/local/imagemagick/lib/pkgconfig /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --with-imagick=/usr/local/imagemagick make;make install cd ../ tar -zxvf ioncube_loaders_lin_x86-64.tar.gz cd ioncube mkdir /usr/local/ioncube mv ioncube_loader_lin_7.2.so /usr/local/ioncube/ cd ../
#修改php.ini添加php擴展
sed -i 's#; extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20170718/"\nextension = "memcache.so"\nextension = "memcached.so"\nextension = "mysql.so"\nextension = "pthreads.so"\nextension = "imagick.so"\n#' /usr/local/php/etc/php.ini
#要先添加ionCube擴展
cat >> /usr/local/php/etc/php.ini <<EOF [ionCube Loader] zend_extension=/usr/local/ioncube/ioncube_loader_lin_7.2.so EOF
#再添加opcache擴展
cat >> /usr/local/php/etc/php.ini <<EOF [opcache] zend_extension=/usr/local/php/lib/php/extensions/no-debug-non-zts-20170718/opcache.so opcache.enable=1 opcache.memory_consumption=128 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4000 opcache.revalidate_freq=60 opcache.fast_shutdown=1 opcache.enable_cli=1 EOF
#查看php已安裝擴展
/usr/local/php/bin/php -m
[PHP Modules] bcmath bz2 calendar Core ctype curl date dba dom exif fileinfo filter ftp gd gettext gmp hash iconv imagick intl ionCube Loader json libxml mbstring memcache memcached mysql mysqli mysqlnd openssl pcre PDO pdo_mysql pdo_sqlite Phar posix readline Reflection session shmop SimpleXML soap sockets SPL sqlite3 standard sysvmsg sysvsem sysvshm tokenizer wddx xml xmlreader xmlwriter xsl Zend OPcache zip zlib [Zend Modules] Zend OPcache the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured)
###---------- 安裝nginx ----------###
#安裝jemalloc內存優化工具
tar -jxvf jemalloc-5.1.0.tar.bz2 cd jemalloc-5.1.0 ./configure --prefix=/usr/local/jemalloc --libdir=/usr/local/lib make;make install echo "/usr/local/lib" > /etc/ld.so.conf.d/local.conf ldconfig cd ../ tar -zxvf nginx-1.14.0.tar.gz cd nginx-1.14.0 ./configure --prefix=/usr/local/nginx \ --with-pcre=/opt/pcre-8.42 \ --user=www \ --group=www \ --with-http_stub_status_module \ --with-http_ssl_module \ --with-http_flv_module \ --with-http_gzip_static_module \ --with-ld-opt="-ljemalloc" \ --with-http_realip_module make;make install cd ../
#添加nginx啓動腳本
cat >> /etc/init.d/nginx <<EOF
#! /bin/sh
# Description: Startup script for nginx
# chkconfig: 2345 55 25
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/usr/local/nginx/logs/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
set -e
[ -x "$DAEMON" ] || exit 0
do_start() {
$DAEMON -c $CONFIGFILE || echo -n "nginx already running"
}
do_stop() {
kill -QUIT `cat $PIDFILE` || echo -n "nginx not running"
}
do_reload() {
kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
do_start
echo "."
/etc/init.d/httpd start
;;
stop)
echo -n "Stopping $DESC: $NAME"
do_stop
echo "."
/etc/init.d/httpd stop
;;
reload)
echo -n "Reloading $DESC configuration..."
do_reload
echo "."
/etc/init.d/httpd restart
;;
restart)
echo -n "Restarting $DESC: $NAME"
do_stop
sleep 1
do_start
echo "."
/etc/init.d/httpd restart
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2
exit 3
;;
esac
exit 0
EOF#添加nginx配置文件
mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
cat >> /usr/local/nginx/conf/nginx.conf <<EOF
user www www;
worker_processes 8;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
#工作模式及連接數上限
events
{
use epoll;
worker_connections 65535;
}
#設定http服務器,利用它的反向代理功能提供負載均衡支持
http
{
#設定mime類型
include mime.types;
default_type application/octet-stream;
#charset gb2312;
#設定請求緩衝
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 30m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
server_tokens off;
client_body_buffer_size 512k;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
# fastcgi_connect_timeout 300;
# fastcgi_send_timeout 300;
# fastcgi_read_timeout 300;
# fastcgi_buffer_size 64k;
# fastcgi_buffers 4 64k;
# fastcgi_busy_buffers_size 128k;
# fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
#定義訪問日誌的寫入格式
log_format buflylog '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
log_format bloglog '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
###禁止通過ip訪問站點
server{
server_name _;
return 404;
}
server
{
listen 80;
server_name bufly.com www.bufly.com;
index index.html index.htm index.php;#設定訪問的默認首頁地址
root /data/www/bufly;#設定網站的資源存放路徑
#limit_conn crawler 20;
#301重定向設置
if ($host != 'www.bufly.com' )
{
rewrite ^/(.*)$ http://www.bufly.com/$1 permanent;
}
#目錄自動加"/"
if (-d $request_filename)
{
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}
#所有php的頁面均交由apache處理
location ~ \.(php)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:81;#轉向apache處理
}
location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$ #設定訪問靜態文件直接讀取不經過apache
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
access_log /data/logs/bufly/bufly_nginx.log buflylog;#設定訪問日誌的存放路徑
}
server
{
listen 80;
server_name blog.bufly.com;
index index.html index.htm index.php;#設定訪問的默認首頁地址
root /data/www/blog;#設定網站的資源存放路徑
#limit_conn crawler 20;
if (-d $request_filename)
{
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}
#所有php的頁面均交由apache處理
location ~ \.(php)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:81;#轉向apache處理
}
location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$ #設定訪問靜態文件直接讀取不經過apache
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
access_log /data/logs/blog/blog_nginx.log bloglog;#設定訪問日誌的存放路徑
}
server
{
listen 80;
server_name status.www.bufly.com;
location / {
stub_status on;
access_log off;
}
}
}
EOF#將nginx添加到啓動服務中
chmod 700 /etc/init.d/nginx /etc/init.d/nginx start /sbin/chkconfig --add nginx /sbin/chkconfig --level 2345 nginx on
#驗證jemalloc是否生效,如下
[root@web32 ~]# yum -y install lsof [root@web32 ~]# lsof -n | grep jemalloc nginx 989 root mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1357 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1358 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1390 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1391 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1488 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1498 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1505 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2 nginx 1522 www mem REG 253,0 4042712 70365103 /usr/local/lib/libjemalloc.so.2
#每天定時切割Nginx日誌
cat >> /usr/local/nginx/sbin/cut_nginx_log.sh <<EOF
#!/bin/bash
# This script run at 00:00
# The Nginx logs path
logs_path_blufly="/data/logs/blufly/"
logs_path_blog="/data/logs/blog/"
mv ${logs_path_blufly}blufly_nginx.log ${logs_path_blufly}$blufly_nginx_$(date -d "yesterday" +"%Y%m%d").log
mv ${logs_path_blog}blog_nginx.log ${logs_path_blog}blog_nginx_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
EOFchmod +x /usr/local/nginx/sbin/cut_nginx_log.sh
#添加計劃任務,每天凌晨00:00切割nginx訪問日誌
crontab -e 00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh
#讓後端apache獲取訪客真實的IP,Apache-2.4配置mod_remoteip
LoadModule remoteip_module modules/mod_remoteip.so <IfModule remoteip_module> RemoteIPHeader X-Real-IP RemoteIPInternalProxy 127.0.0.1 </IfModule>
#後面我們需要修改accesslog的配置,將%h改成%a,以保證我們在日誌裏面也能看到客戶端的正確IP
<IfModule log_config_module>
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %b" common#刪除7天以前的日誌
cat /root/del_log.sh
#!/bin/sh
find /data/logs/ -mtime +7 -type f -exec rm -rf {} \;chmod +x /root/del_log.sh
#添加計劃任務,每天凌晨00:00清理日誌
crontab -e 00 00 * * * /bin/bash /root/del_log.sh