[ 手记 ] LNMP安装过程及优化

环境:CentOS release 6.4 x64

1、配置防火墙:

上一篇博客已经写过:http://www.cnblogs.com/hukey/p/5300832.html

 2、修改sysctl.conf提高Web服务器性能:

[root@cloud ~]# vim /etc/sysctl.conf

在末尾追加:

fs.file-max = 655350  # 系统文件描述符总量
net.ipv4.ip_local_port_range = 1024 65535  # 打开端口范围
net.ipv4.tcp_max_tw_buckets = 2000  # 设置tcp连接时TIME_WAIT个数 net.ipv4.tcp_tw_recycle = 1  # 开启快速tcp TIME_WAIT快速回收 net.ipv4.tcp_tw_reuse = 1  # 开启TIME_WAIT重用 net.ipv4.tcp_syncookies = 1  # 开启SYN cookies 当出现syn等待溢出,启用cookies来处理,可防范少量的syn攻击 net.ipv4.tcp_syn_retries = 2  # 对于一个新建的tcp连接,内核要发送几个SYN连接请求才决定放弃 net.ipv4.tcp_synack_retries = 2  # 这里是三次握手的第二次连接,服务器端发送syn+ack响应 这里决定内核发送次数 net.ipv4.tcp_keepalive_time = 1200  # tcp的长连接,这里注意:tcp的长连接与HTTP的长连接不同 net.ipv4.tcp_fin_timeout = 15   # 设置保持在FIN_WAIT_2状态的时间 net.ipv4.tcp_max_syn_backlog = 20000  # tcp半连接最大限制数 net.core.somaxconn = 65535  # 定义一个监听最大的队列数 net.core.netdev_max_backlog = 65535  # 当网络接口比内核处理数据包速度快时,允许送到队列数据包的最大数目

保存退出
[root@cloud ~]# sysctl -p # 添加生效

 2、修改limits.conf修改

limits.conf文件实际是Linux pam.d中pam.limits.so的配置文件,而且只是针对单个会话做限定

修改内容如下:

[root@cloud ~]# vim /etc/security/limits.conf


*               soft    nproc           65535  # 单个用户可用的最大进程数量(软限制)
*               hard    nproc           65535  # 单个用户可用的最大进程数量(硬限制)
*               soft    nofile          65535  # 单个用户可打开的最大文件描述符(软限制)
*               hard    nofile          65535  # 单个用户可打开的最大文件描述符(硬限制)

保存退出
[root@cloud ~]# vim /etc/pam.d/login

session    required     pam_limits.so  # 插入该行,用户登录执行该模块

重新登出、登录

至此,系统环境的优化完成。

 

1、安装nginx

在配置环境时候,我们需要wgetyi一些软件包到本地,因此添加如下防火墙规则:

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT  # 允许本地访问对方80端口
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT  # 允许本地访问对方HTTPS 443端口
[root@cloud src]# cd /usr/local/src/
[root@cloud src]# wget http://mirrors.sohu.com/nginx/nginx-1.9.9.tar.gz    # 安装nginx1.9.9版本
# 配置yum环境
[root@cloud src]# rm -rf /etc/yum.repos.d/* [root@cloud src]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
[root@cloud src]# yum install pcre-devel openssl-devel zlib-devel -y 
# pcre 支持正则表达式
# zlib 支持数据压缩
# openssl支持HTTPS
[root@cloud src]# groupadd -g 800 nginx
[root@cloud src]# useradd -u 800 -g 800 -s /sbin/nologin nginx
[root@cloud ~]# yum install gcc* -y
[root@cloud src]# tar xf nginx-1.9.9.tar.gz

[root@cloud src]# cd nginx-1.9.9

[root@cloud nginx-1.9.9]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-pcre
# --with-http_ssl_module 启用HTTPS加密
# --with-http_stub_status_module 启用nginx状态监控
# --with-http_gzip_static_module  启用静态压缩
# --with-http_realip_module 做代理时获取客户端真实IP
# 这里说下,在编译之前需要安装编译支持环境

[root@cloud nginx-1.9.9]# make && make install  
 
[root@cloud nginx-1.9.9]# vim /etc/profile.d/nginx.sh
export PATH=$PATH:/usr/local/nginx/sbin
#保存退出
[root@cloud nginx-1.9.9]# source /etc/profile.d/nginx.sh

--------以上为将nginx命令添加到环境变量中------------

[root@cloud nginx-1.9.9]# vim /etc/init.d/nginxd   # 添加启动脚本
#!/bin/bash
# nginx - this script starts and stops the nginx daemon 
# 
# chkconfig: - 85 15 
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \ 
#   proxy and IMAP/POP3 proxy server 
# processname: nginx 
# config: /etc/nginx/nginx.conf 
# config: /etc/sysconfig/nginx 
# pidfile: /var/run/nginx.pid 
# Source function library. 
. /etc/rc.d/init.d/functions 
# Source networking configuration. 
. /etc/sysconfig/network 
# Check that networking is up. 
[ "$NETWORKING" = "no" ] && exit 0 
    nginx="/usr/local/nginx/sbin/nginx" 
    prog=$(basename $nginx) 
    NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" 
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx 
    lockfile=/var/lock/subsys/nginx 
 
start() { 
    [ -x $nginx ] || exit 5 
    [ -f $NGINX_CONF_FILE ] || exit 6 
    echo -n $"Starting $prog: " 
    daemon $nginx -c $NGINX_CONF_FILE 
    retval=$? 
    echo 
[ $retval -eq 0 ] && touch $lockfile 
    return $retval 
} 
 
stop() { 
    echo -n $"Stopping $prog: " 
    killproc $prog -QUIT 
    retval=$? 
    echo 
[ $retval -eq 0 ] && rm -f $lockfile 
    return $retval 
    killall -9 nginx 
} 
 
restart() { 
    configtest || return $? 
    stop 
    sleep 1 
    start 
} 
 
reload() { 
    configtest || return $? 
    echo -n $"Reloading $prog: " 
    killproc $nginx -HUP 
    RETVAL=$? 
    echo 
} 
 
force_reload() { 
    restart 
} 
 
configtest() { 
    $nginx -t -c $NGINX_CONF_FILE 
} 
 
rh_status() { 
    status $prog 
} 
 
rh_status_q() { 
    rh_status >/dev/null 2>&1 
} 
 
case "$1" in 
    start) 
        rh_status_q && exit 0 
        $1 
    ;; 
    stop) 
        rh_status_q || exit 0 
        $1 
    ;; 
    restart|configtest) 
        $1 
    ;; 
    reload) 
        rh_status_q || exit 7 
        $1 
    ;; 
    force-reload) 
        force_reload 
    ;; 
    status) 
        rh_status 
    ;; 
    condrestart|try-restart) 
        rh_status_q || exit 0 
    ;; 
    *) 
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" 
        exit 2 
esac 
http://i.cnblogs.com/EditPosts.aspx?postid=5304437&update=1
#保存退出
[root@cloud nginx-1.9.9]# chmod +x /etc/init.d/nginxd  # 给执行权限
[root@cloud nginx-1.9.9]# chkconfig --add nginxd  # 添加开机启动项
[root@cloud nginx-1.9.9]# chkconfig nginxd on
[root@cloud nginx
-1.9.9]# chkconfig --list nginxd nginxd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [root@cloud nginx-1.9.9]# service nginxd start 正在启动 nginx: [确定]

nginx安装完毕。

 通过客户端访问正常

 

2、安装MySQL

[root@cloud nginx-1.9.9]# cd /usr/local/src/
[root@cloud src]# wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.29-linux-glibc2.5-x86_64.tar.gz  # 下载MySQL
[root@cloud src]# groupadd -g 306 mysql  # 创建mysql组和mysql用户
[root@cloud src]# useradd -u 306 -g 306 -s /sbin/nologin mysql
[root@cloud src]# tar xf mysql-5.6.29-linux-glibc2.5-x86_64.tar.gz  # 解压mysql压缩包
[root@cloud src]# ln -vs /usr/local/src/mysql-5.6.29-linux-glibc2.5-x86_64 /usr/local/mysql  # 创建mysql软连接到/usr/local/mysql
"/usr/local/mysql" -> "/usr/local/src/mysql-5.6.29-linux-glibc2.5-x86_64"  
[root@cloud nginx]# cd /usr/local/mysql/
[root@cloud mysql]# rpm -qa | grep mysql   # 查看系统是否默认安装有mysql包
mysql-libs-5.1.66-2.el6_3.x86_64
[root@cloud mysql]# rpm -e --nodeps mysql-libs  # 强制卸载mysql-libs包
[root@cloud mysql]# cp -a support-files/my-default.cnf /etc/my.cnf  # 拷贝my.cnf配置文件到/etc/my.cnf
[root@cloud mysql]# mkdir /data  # 创建MySQL数据存放目录
[root@cloud mysql]# vim /etc/my.cnf  # 修改mysql配置文件
datadir=/data    # 插入到[mysqld]模块中
#保存退出
[root@cloud mysql]# cp -a support-files/mysql.server /etc/init.d/mysqld  # 复制服务脚本到/etc/init.d目录
[root@cloud mysql]# chmod +x /etc/init.d/mysqld  
[root@cloud mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/data/  # 初始化MySQL
[root@cloud mysql]# service mysqld start
Starting MySQL.                                            [确定]
[root@cloud mysql]# vim /etc/profile.d/mysql.sh  # 将mysql命令添加到环境变量中
export PATH=$PATH:/usr/local/mysql/bin
# 保存退出
[root@cloud bin]# source /etc/profile.d/mysql.sh  
[root@cloud bin]# mysql  # 执行mysql命令,
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.29 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

[root@cloud bin]# vim /etc/ld.so.conf.d/mysql.conf  # 添加mysql模块 /usr/local/mysql/lib [root@cloud bin]# ldconfig -v | less # 查看MySQL库是否添加成功 [root@cloud lib]# ln -vs /usr/local/mysql/include /usr/include/mysql  # 创建mysql头文件的软连接 "/usr/include/mysql" -> "/usr/local/mysql/include" [root@cloud lib]# service mysqld restart  # 重启服务 Shutting down MySQL.. [确定] Starting MySQL. [确定]

至此,MySQL数据库安装完成。

 

3、安装php

这里安装的是PHP-5.6.7

编译php之前需要安装几个支持加密功能的包

[root@cloud php_bak]# ll
总用量 244
-rw-r--r-- 1 root root  97932 7月  10 2010 libmcrypt-2.5.8-9.el6.x86_64.rpm
-rw-r--r-- 1 root root  12352 7月  10 2010 libmcrypt-devel-2.5.8-9.el6.x86_64.rpm
-rw-r--r-- 1 root root 104212 7月   9 2010 mhash-0.9.9.9-3.el6.x86_64.rpm
-rw-r--r-- 1 root root  25360 7月   9 2010 mhash-devel-0.9.9.9-3.el6.x86_64.rpm

下载地址:http://pan.baidu.com/s/1hrwZ5Z2
[root@cloud ~]# cd php_bak
[root@cloud php_bak]# rpm -ivh *
[root@cloud php_bak]# cd /usr/local/src/
[root@cloud php_bak]# yum install  libmhash-devel libmcrypt-devel libxml2-devel libmhash-devel bzip2-devel libcurl-devel gd libjpeg-turbo-devel libpng-devel freetype-devel -y [root@cloud src]# tar xf php-5.6.7.tar.gz [root@cloud src]# cd php-5.6.7 [root@cloud php-5.6.7]# ./configure --prefix=/usr/local/php --enable-fpm --enable-ftp \
--enable-zip --enable-xml --enable-sockets --enable-bcmath --enable-pcntl --enable-shmop \
--enable-soap --enable-sysvsem --enable-mbstring --enable-mbregex --enable-inline-optimization \
--enable-maintainer-zts --enable-gd-native-ttf --with-fpm-user=www --with-fpm-group=www \
--with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-freetype-dir \
--with-iconv-dir --with-jpeg-dir --with-png-dir --with-libxml-dir=/usr --with-curl --with-zlib --with-bz2 \
--with-xmlrpc --with-gd --with-config-file-path=/usr/local/php/etc --with-config-file-scan-dir=/usr/local/php/etc/php.d \
--with-mhash --with-mcrypt --without-pear --with-gettext --disable-rpath --disable-fileinfo # 在检查期间,会提示少模块或者文件,缺少什么就安装那个包就好

[root@cloud php-5.6.7]# make && make install  # 会等很久
[root@cloud php-5.6.7]# cp -a sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@cloud php-5.6.7]# chmod +x /etc/init.d/php-fpm
[root@cloud php-5.6.7]# cp -a php.ini-production /usr/local/php/etc/php.ini
[root@cloud php-5.6.7]# cd /usr/local/php/etc
[root@cloud etc]# cp -a php-fpm.conf.default php-fpm.conf
[root@cloud etc]# ls
php-fpm.conf  php-fpm.conf.default  php.ini
[root@cloud etc]# service php-fpm start
Starting php-fpm  done
[root@cloud etc]# netstat -ntplu | grep php-fpm
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      34607/php-fpm

到此,php安装完成。接下来对nginx配置文件做调整:

user  nginx nginx;  # 指定用户和组
worker_processes  2;  # 该参数根据cpu核心数

error_log  logs/error.log;  # 开启错误日志
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;

worker_rlimit_nofile 65535;  # 表示每个worker进程能打的最大连接数

events {
    use epoll;  # 启用epoll模式
    multi_accept on;  # 尽量多的接收请求
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;  # 日志缓存信息
    proxy_set_header X-Real-IP $remote_addr;  # 当nginx用作反向代理时,记录真实IP
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   # 当nginx作为反向代理时,记录所有经过的代理和真实IP

    limit_conn_zone $binary_remote_addr zone=addr:5m;  # 共享session空间为5M
    limit_conn addr 100;  # 每个IP并发量最大100

    sendfile        on;  # 不经过用户空间直接响应客户端
    tcp_nopush     on;  # 等到数据包最大时,一次性的传输出去
    tcp_nodelay    on;  # 有一个数据包就马上发送一次

    #keepalive_timeout  0;
    keepalive_timeout  65;
    client_header_timeout 2m;  # 客户端header响应时间
    client_body_timeout 3m;
    reset_timedout_connection on;
    send_timeout 15s;  # 在两次客户端读取操作之间。如果在这段时间内,客户端没有读取任何数据,nginx就会关闭连接。

    open_file_cache max=65535 inactive=20s;  # 这个将为打开文件指定缓存,默认是没有启用的,max 指定缓存数量,建议和打开文件数一致,inactive 是指经过多长时间文件没被请求后删除缓存。
    open_file_cache_valid 30s;  # 这个是指多长时间检查一次缓存的有效信息。
    open_file_cache_min_uses 2;  # 大于2才进行缓存
    open_file_cache_errors on;  # 缓存错误信息

    gzip  on;  # 开启压缩
    gzip_disable "msie6";  # IE6禁止压缩
    gzip_proxied any;  # 任何文件都压缩
    gzip_comp_level 4;  # 压缩等级
    gzip_vary on;  # 通过客户端判断压缩
    gzip_min_length 1k;  # 压缩的最小容量
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;   # 压缩格式,根据需求调整

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #

------------------------------------------------------------------------------------ location
~ \.php$ {  # 开启以.php结尾的文件 root html; fastcgi_pass 127.0.0.1:9000;  #通过fastcgi转发到本地的9000端口 fastcgi_index index.php;    # 主页 include fastcgi.conf;  # 扩展配置文件 } ---------------------------------------------------------------------------------------- # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }

nginx.conf 修改配置完毕,添加测试页面:

[root@cloud html]# vim  /usr/local/nginx/html/test.php
<?php
$conn=mysql_connect('localhost','root','');
if ($conn)
   echo 'success.';
else
   echo 'fail.';
?>
# 保存退出,该测试页测试能否正常连接MySQL

表示连接成功。测试php页面

测试成功。

posted @ 2016-03-22 20:29  hukey  阅读(1759)  评论(0编辑  收藏  举报