[ 手记 ] LNMP安装过程及优化
环境:CentOS release 6.4 x64
1、配置防火墙:
上一篇博客已经写过:http://www.cnblogs.com/hukey/p/5300832.html
2、修改sysctl.conf提高Web服务器性能:
[root@cloud ~]# vim /etc/sysctl.conf
在末尾追加:
fs.file-max = 655350 # 系统文件描述符总量
net.ipv4.ip_local_port_range = 1024 65535 # 打开端口范围
net.ipv4.tcp_max_tw_buckets = 2000 # 设置tcp连接时TIME_WAIT个数 net.ipv4.tcp_tw_recycle = 1 # 开启快速tcp TIME_WAIT快速回收 net.ipv4.tcp_tw_reuse = 1 # 开启TIME_WAIT重用 net.ipv4.tcp_syncookies = 1 # 开启SYN cookies 当出现syn等待溢出,启用cookies来处理,可防范少量的syn攻击 net.ipv4.tcp_syn_retries = 2 # 对于一个新建的tcp连接,内核要发送几个SYN连接请求才决定放弃 net.ipv4.tcp_synack_retries = 2 # 这里是三次握手的第二次连接,服务器端发送syn+ack响应 这里决定内核发送次数 net.ipv4.tcp_keepalive_time = 1200 # tcp的长连接,这里注意:tcp的长连接与HTTP的长连接不同 net.ipv4.tcp_fin_timeout = 15 # 设置保持在FIN_WAIT_2状态的时间 net.ipv4.tcp_max_syn_backlog = 20000 # tcp半连接最大限制数 net.core.somaxconn = 65535 # 定义一个监听最大的队列数 net.core.netdev_max_backlog = 65535 # 当网络接口比内核处理数据包速度快时,允许送到队列数据包的最大数目
保存退出
[root@cloud ~]# sysctl -p # 添加生效
2、修改limits.conf修改
limits.conf文件实际是Linux pam.d中pam.limits.so的配置文件,而且只是针对单个会话做限定
修改内容如下:
[root@cloud ~]# vim /etc/security/limits.conf * soft nproc 65535 # 单个用户可用的最大进程数量(软限制) * hard nproc 65535 # 单个用户可用的最大进程数量(硬限制) * soft nofile 65535 # 单个用户可打开的最大文件描述符(软限制) * hard nofile 65535 # 单个用户可打开的最大文件描述符(硬限制)
保存退出
[root@cloud ~]# vim /etc/pam.d/login
session required pam_limits.so # 插入该行,用户登录执行该模块
重新登出、登录
至此,系统环境的优化完成。
1、安装nginx
在配置环境时候,我们需要wgetyi一些软件包到本地,因此添加如下防火墙规则:
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT # 允许本地访问对方80端口 iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT # 允许本地访问对方HTTPS 443端口
[root@cloud src]# cd /usr/local/src/ [root@cloud src]# wget http://mirrors.sohu.com/nginx/nginx-1.9.9.tar.gz # 安装nginx1.9.9版本
# 配置yum环境
[root@cloud src]# rm -rf /etc/yum.repos.d/* [root@cloud src]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
[root@cloud src]# yum install pcre-devel openssl-devel zlib-devel -y
# pcre 支持正则表达式
# zlib 支持数据压缩
# openssl支持HTTPS
[root@cloud src]# groupadd -g 800 nginx [root@cloud src]# useradd -u 800 -g 800 -s /sbin/nologin nginx
[root@cloud ~]# yum install gcc* -y
[root@cloud src]# tar xf nginx-1.9.9.tar.gz
[root@cloud src]# cd nginx-1.9.9
[root@cloud nginx-1.9.9]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre
# --with-http_ssl_module 启用HTTPS加密
# --with-http_stub_status_module 启用nginx状态监控
# --with-http_gzip_static_module 启用静态压缩
# --with-http_realip_module 做代理时获取客户端真实IP
# 这里说下,在编译之前需要安装编译支持环境
[root@cloud nginx-1.9.9]# make && make install
[root@cloud nginx-1.9.9]# vim /etc/profile.d/nginx.sh export PATH=$PATH:/usr/local/nginx/sbin #保存退出 [root@cloud nginx-1.9.9]# source /etc/profile.d/nginx.sh --------以上为将nginx命令添加到环境变量中------------ [root@cloud nginx-1.9.9]# vim /etc/init.d/nginxd # 添加启动脚本 #!/bin/bash # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # config: /etc/sysconfig/nginx # pidfile: /var/run/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx lockfile=/var/lock/subsys/nginx start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval killall -9 nginx } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac http://i.cnblogs.com/EditPosts.aspx?postid=5304437&update=1 #保存退出 [root@cloud nginx-1.9.9]# chmod +x /etc/init.d/nginxd # 给执行权限 [root@cloud nginx-1.9.9]# chkconfig --add nginxd # 添加开机启动项
[root@cloud nginx-1.9.9]# chkconfig nginxd on
[root@cloud nginx-1.9.9]# chkconfig --list nginxd nginxd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [root@cloud nginx-1.9.9]# service nginxd start 正在启动 nginx: [确定]
nginx安装完毕。
通过客户端访问正常
2、安装MySQL
[root@cloud nginx-1.9.9]# cd /usr/local/src/ [root@cloud src]# wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.29-linux-glibc2.5-x86_64.tar.gz # 下载MySQL [root@cloud src]# groupadd -g 306 mysql # 创建mysql组和mysql用户 [root@cloud src]# useradd -u 306 -g 306 -s /sbin/nologin mysql [root@cloud src]# tar xf mysql-5.6.29-linux-glibc2.5-x86_64.tar.gz # 解压mysql压缩包 [root@cloud src]# ln -vs /usr/local/src/mysql-5.6.29-linux-glibc2.5-x86_64 /usr/local/mysql # 创建mysql软连接到/usr/local/mysql "/usr/local/mysql" -> "/usr/local/src/mysql-5.6.29-linux-glibc2.5-x86_64" [root@cloud nginx]# cd /usr/local/mysql/ [root@cloud mysql]# rpm -qa | grep mysql # 查看系统是否默认安装有mysql包 mysql-libs-5.1.66-2.el6_3.x86_64 [root@cloud mysql]# rpm -e --nodeps mysql-libs # 强制卸载mysql-libs包 [root@cloud mysql]# cp -a support-files/my-default.cnf /etc/my.cnf # 拷贝my.cnf配置文件到/etc/my.cnf [root@cloud mysql]# mkdir /data # 创建MySQL数据存放目录 [root@cloud mysql]# vim /etc/my.cnf # 修改mysql配置文件 datadir=/data # 插入到[mysqld]模块中 #保存退出 [root@cloud mysql]# cp -a support-files/mysql.server /etc/init.d/mysqld # 复制服务脚本到/etc/init.d目录 [root@cloud mysql]# chmod +x /etc/init.d/mysqld [root@cloud mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/data/ # 初始化MySQL [root@cloud mysql]# service mysqld start Starting MySQL. [确定] [root@cloud mysql]# vim /etc/profile.d/mysql.sh # 将mysql命令添加到环境变量中 export PATH=$PATH:/usr/local/mysql/bin # 保存退出 [root@cloud bin]# source /etc/profile.d/mysql.sh [root@cloud bin]# mysql # 执行mysql命令, Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.6.29 MySQL Community Server (GPL) Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
[root@cloud bin]# vim /etc/ld.so.conf.d/mysql.conf # 添加mysql模块 /usr/local/mysql/lib [root@cloud bin]# ldconfig -v | less # 查看MySQL库是否添加成功 [root@cloud lib]# ln -vs /usr/local/mysql/include /usr/include/mysql # 创建mysql头文件的软连接 "/usr/include/mysql" -> "/usr/local/mysql/include" [root@cloud lib]# service mysqld restart # 重启服务 Shutting down MySQL.. [确定] Starting MySQL. [确定]
至此,MySQL数据库安装完成。
3、安装php
这里安装的是PHP-5.6.7
编译php之前需要安装几个支持加密功能的包
[root@cloud php_bak]# ll 总用量 244 -rw-r--r-- 1 root root 97932 7月 10 2010 libmcrypt-2.5.8-9.el6.x86_64.rpm -rw-r--r-- 1 root root 12352 7月 10 2010 libmcrypt-devel-2.5.8-9.el6.x86_64.rpm -rw-r--r-- 1 root root 104212 7月 9 2010 mhash-0.9.9.9-3.el6.x86_64.rpm -rw-r--r-- 1 root root 25360 7月 9 2010 mhash-devel-0.9.9.9-3.el6.x86_64.rpm 下载地址:http://pan.baidu.com/s/1hrwZ5Z2 [root@cloud ~]# cd php_bak [root@cloud php_bak]# rpm -ivh * [root@cloud php_bak]# cd /usr/local/src/
[root@cloud php_bak]# yum install libmhash-devel libmcrypt-devel libxml2-devel libmhash-devel bzip2-devel libcurl-devel gd libjpeg-turbo-devel libpng-devel freetype-devel -y [root@cloud src]# tar xf php-5.6.7.tar.gz [root@cloud src]# cd php-5.6.7 [root@cloud php-5.6.7]# ./configure --prefix=/usr/local/php --enable-fpm --enable-ftp \
--enable-zip --enable-xml --enable-sockets --enable-bcmath --enable-pcntl --enable-shmop \
--enable-soap --enable-sysvsem --enable-mbstring --enable-mbregex --enable-inline-optimization \
--enable-maintainer-zts --enable-gd-native-ttf --with-fpm-user=www --with-fpm-group=www \
--with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-freetype-dir \
--with-iconv-dir --with-jpeg-dir --with-png-dir --with-libxml-dir=/usr --with-curl --with-zlib --with-bz2 \
--with-xmlrpc --with-gd --with-config-file-path=/usr/local/php/etc --with-config-file-scan-dir=/usr/local/php/etc/php.d \
--with-mhash --with-mcrypt --without-pear --with-gettext --disable-rpath --disable-fileinfo # 在检查期间,会提示少模块或者文件,缺少什么就安装那个包就好
[root@cloud php-5.6.7]# make && make install # 会等很久
[root@cloud php-5.6.7]# cp -a sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm [root@cloud php-5.6.7]# chmod +x /etc/init.d/php-fpm [root@cloud php-5.6.7]# cp -a php.ini-production /usr/local/php/etc/php.ini [root@cloud php-5.6.7]# cd /usr/local/php/etc [root@cloud etc]# cp -a php-fpm.conf.default php-fpm.conf [root@cloud etc]# ls php-fpm.conf php-fpm.conf.default php.ini [root@cloud etc]# service php-fpm start Starting php-fpm done [root@cloud etc]# netstat -ntplu | grep php-fpm tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 34607/php-fpm
到此,php安装完成。接下来对nginx配置文件做调整:
user nginx nginx; # 指定用户和组 worker_processes 2; # 该参数根据cpu核心数 error_log logs/error.log; # 开启错误日志 #error_log logs/error.log notice; #error_log logs/error.log info; pid logs/nginx.pid; worker_rlimit_nofile 65535; # 表示每个worker进程能打的最大连接数 events { use epoll; # 启用epoll模式 multi_accept on; # 尽量多的接收请求 worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m; # 日志缓存信息 proxy_set_header X-Real-IP $remote_addr; # 当nginx用作反向代理时,记录真实IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 当nginx作为反向代理时,记录所有经过的代理和真实IP limit_conn_zone $binary_remote_addr zone=addr:5m; # 共享session空间为5M limit_conn addr 100; # 每个IP并发量最大100 sendfile on; # 不经过用户空间直接响应客户端 tcp_nopush on; # 等到数据包最大时,一次性的传输出去 tcp_nodelay on; # 有一个数据包就马上发送一次 #keepalive_timeout 0; keepalive_timeout 65; client_header_timeout 2m; # 客户端header响应时间 client_body_timeout 3m; reset_timedout_connection on; send_timeout 15s; # 在两次客户端读取操作之间。如果在这段时间内,客户端没有读取任何数据,nginx就会关闭连接。 open_file_cache max=65535 inactive=20s; # 这个将为打开文件指定缓存,默认是没有启用的,max 指定缓存数量,建议和打开文件数一致,inactive 是指经过多长时间文件没被请求后删除缓存。 open_file_cache_valid 30s; # 这个是指多长时间检查一次缓存的有效信息。 open_file_cache_min_uses 2; # 大于2才进行缓存 open_file_cache_errors on; # 缓存错误信息 gzip on; # 开启压缩 gzip_disable "msie6"; # IE6禁止压缩 gzip_proxied any; # 任何文件都压缩 gzip_comp_level 4; # 压缩等级 gzip_vary on; # 通过客户端判断压缩 gzip_min_length 1k; # 压缩的最小容量 gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; # 压缩格式,根据需求调整 server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 #
------------------------------------------------------------------------------------ location ~ \.php$ { # 开启以.php结尾的文件 root html; fastcgi_pass 127.0.0.1:9000; #通过fastcgi转发到本地的9000端口 fastcgi_index index.php; # 主页 include fastcgi.conf; # 扩展配置文件 } ---------------------------------------------------------------------------------------- # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
nginx.conf 修改配置完毕,添加测试页面:
[root@cloud html]# vim /usr/local/nginx/html/test.php <?php $conn=mysql_connect('localhost','root',''); if ($conn) echo 'success.'; else echo 'fail.'; ?> # 保存退出,该测试页测试能否正常连接MySQL
表示连接成功。测试php页面
测试成功。