基於CentOS構建高性能的LAMP平台. 2.。。。。。。。。
基於CentOS構建高性能的LAMP平台.
三、編譯安裝A.M.P環境
1.下載軟體編譯安裝
1)下載軟體
# cd /usr/local/src
httpd-2.2.8.tar.gz
mysql-5.0.51b.tar.gz
php-5.2.6.tar.bz2
ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
2) 安裝MySQL
查看分析你的CPU型號:
http://gentoo-wiki.com/Safe_Cflags 查找您的GCC編譯參數.
確定系統CPU類型:
# cat /proc/cpuinfo | grep "model name"
執行後會看到系統中CPU的具體型號,記下CPU型號。
# tar xvf mysql-5.0.51b.tar.gz
# cd mysql-5.0.51b
# vi mysql.sh-------------------cut begin-------------------------------------------
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/data/mysql/data" \
"--with-comment=Source" \
"--with-server-suffix=-LinuxTone" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset=utf8" \
"--with-collation=utf8_chinese_ci" \
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--without-isam" \
"--without-innodb" \
"--without-ndb-debug"
make && make install
mkdir -p /data/mysql/data
useradd mysql -d /data/mysql -s /sbin/nologin
/usr/local/mysql/bin/mysql_install_db --user=mysql
cd /usr/local/mysql
chown -R root:mysql .
chown -R mysql /data/mysql/data
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
/etc/rc.d/init.d/mysqld start
cd /usr/local/mysql/bin
for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done
-------------------cut end---------------------------------------------
複製代碼#sh mysql.sh 即可開始編譯.
3) 編譯安裝Apache
# cd /usr/local/src
# tar xvf httpd-2.2.8.tar.gz
# cd httpd-2.2.8./configure \
"--prefix=/usr/local/apache2" \
"--with-included-apr" \
"--enable-so" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-rewrite=shared" \
"--enable-static-support" \
"--disable-userdir"
make
make install
echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
複製代碼4.)編譯安裝PHP
# cd /usr/local/src
# tar xjvf php-5.2.6.tar.bz2
# cd php-5.2.6./configure \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache2/bin/apxs" \
"--with-config-file-path=/usr/local/php/etc" \
"--with-mysql=/usr/local/mysql" \
"--with-libxml-dir=/usr/local/libxml2" \
"--with-gd=/usr/local/gd2" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-bz2" \
"--with-freetype-dir" \
"--with-iconv-dir" \
"--with-zlib-dir " \
"--with-openssl=/usr/local/openssl" \
"--with-mcrypt=/usr/local/libmcrypt" \
"--enable-soap" \
"--enable-gd-native-ttf" \
"--enable-ftp" \
"--enable-mbstring" \
"--enable-exif" \
"--disable-ipv6" \
"--disable-cgi" \
"--disable-cli" #禁掉ipv6,禁掉cli模式,提升速度和安全性.請根據具體需求定製相關的編譯數.
make
make install
mkdir /usr/local/php/etc
cp php.ini-dist /usr/local/php/etc/php.ini
複製代碼5)Xcache的安裝.
#tar xvf xcache-1.2.2.tar.gz #/usr/local/php/bin/phpize
./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php/bin/php-config \
--enable-inline-optimization --disable-debug
複製代碼#vi /usr/local/php/etc/php.ini (將以下內容加入php.ini最後面)-------------------cut begin-------------------------------------------
zend_extension = /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/xcache.so
xcache.admin.user = "admin"
;如何生成md5密碼: echo -n "password"| md5sum
xcache.admin.pass = "035d849226a8a10be1a5e0fec1f0f3ce" #密碼為52netseek
; Change xcache.size to tune the size of the opcode cache
xcache.size = 24M
xcache.shm_scheme = "mmap"
xcache.count = 4
xcache.slots = 8K
xcache.ttl = 0
xcache.gc_interval = 0
; Change xcache.var_size to adjust the size of variable cache
xcache.var_size = 8M
xcache.var_count = 1
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300
xcache.test = Off
xcache.readonly_protection = On
xcache.mmap_path = "/tmp/xcache"
xcache.coredump_directory = ""
xcache.cacher = On
xcache.stat = On
xcache.optimizer = Off
xcache.coverager = On
xcache.coveragedump_directory = ""
-------------------cut end---------------------------------------------
複製代碼6) 安裝Zend Optimizer
# cd /usr/local/src
# tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
# ./ZendOptimizer-3.3.3-linux-glibc23-i386/install.sh
安裝Zend Optimizer過程的最後不要選擇重啟Apache。
2. 整合Apache與PHP及系統初化配置.
1)整合Apache與PHP
# vi /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在該行下面添加
AddType application/x-httpd-php .php
找到:
DirectoryIndex index.html
將該行改為
DirectoryIndex index.html index.htm index.php
找到:
#Include conf/extra/httpd-mpm.conf
#Include conf/extra/httpd-info.conf
#Include conf/extra/httpd-vhosts.conf (虛擬主機配置文件存放目錄.)
#Include conf/extra/httpd-default.conf
去掉前面的「#」號,取消註釋。
注意:以上 4 個擴展配置文件中的設置請按照相關原則進行合理配置!
修改完成後保存退出。
# /usr/local/apache2/bin/apachectl restart
2)查看確認L.A.M.P環境信息、提升 PHP 安全性
在網站根目錄放置 info.php 腳本,檢查phpinfo中的各項信息是否正確。
<?php
phpinfo();
?>
確認 PHP 能夠正常工作后,在 php.ini 中進行設置提升 PHP 安全性,禁掉危險的函數.
# vi /etc/php.ini找到:disable_functions =設置為:phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
3)腳本自動完成初始化配置(以上配置可以用腳本自動化完成)
#cat init_apache_php.sh-------------------cut begin-------------------------------------------
#!/bin/bash
#Written by :NetSeek http://www.linuxtone.org
#init_httpd.conf
http_cf="/usr/local/apache2/conf/httpd.conf"
sed -i -e "s/User daemon/User www/" -i -e "s/Group daemon/Group www/" $http_cf
sed -i -e '121 s/^/#/' -i -e '122 s/^/#/' $http_cf
sed -i 's#DirectoryIndex index.html# DirectoryIndex index.php index.html index.htm#/g' $http_cf
sed -i -e '374 s/^#//g' -i -e '389 s/^#//g' -i -e '392 s/^#//g' -i -e '401 s/^#//g' $http_cf
#init_php(PHP安全設置及隱藏PHP版本)
php_cf="/usr/local/php/etc/php.ini"
sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $php_cf
sed -i '210 s#disable_functions =#disable_functions = phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $php_cf
sed -i '/expose_php/s/On/Off/' $php_cf
sed -i '/display_errors/s/On/Off/' $php_cf
-------------------cut end-------------------------------------------
複製代碼三、配置虛擬主機及基本性能調優
1) 配置虛擬主機:
#vi /usr/local/apache2/conf/extra/httpd-vhosts.confNameVirtualHost *:80
ServerAdmin cnseek@gmail.com
DocumentRoot "/data/www/wwwroot/linuxtone.org"
ServerName www.linuxtone.org
ServerAlias bbs.linxutone.org
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "|/usr/sbin/cronolog /data/logs/access_www.linuxtone.org.%Y%m%d" combined
複製代碼2).基本性能調優參考:(更多的調優相關文章請關注:http://bbs.linuxtone.org/index.html性能調優相關的貼子)
#vi /usr/local/apache2/conf/extra/httpd-default.confTimeout 15
KeepAlive Off
MaxKeepAliveRequests 50
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
複製代碼#vi /usr/local/apache2/conf/extra/httpd-mpm.conf
ServerLimit 2000
StartServers 10
MinSpareServers 10
MaxSpareServers 15
MaxClients 2000
MaxRequestsPerChild 10000
複製代碼3).Apache日誌處理相關問題匯總貼(http://bbs.linuxtone.org/thread-102-1-1.html)
利用awstats分析網站日誌:http://bbs.linuxtone.org/thread-56-1-1.html
忽略不需要的日誌配置參考具體請據據具體問題分析:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
#下面加入如下內容: # filter the localhost visit
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
# filter some special directories
SetEnvIf Request_URI "^ZendPlatform.*
# filter the localhost visit
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
# filter some special directories
SetEnvIf Request_URI "^ZendPlatform.*[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI \.healthcheck\.html$ dontlog
SetEnvIf Remote_Addr "::1" dontlog
SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
複製代碼quot; dontlog
SetEnvIf Request_URI \.healthcheck\.html$ dontlog
SetEnvIf Remote_Addr "::1" dontlog
SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
4). Apache防盜鏈(Apache防盜鏈相關問題匯總:http://bbs.linuxtone.org/thread-101-1-1.html) RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$
RewriteRule \.(gif|jpg)$ http://網站域名/nolink.png
複製代碼四、基本安全設置
1)iptables 封鎖相關埠(推薦讀CU白金大哥的兩小時玩轉iptables)
2)SSH全安(修改SSH埠限制來源IP登陸,或者參考http://bbs.linuxtone.org/thread-106-1-1.html)
3)Linux防Arp攻擊策略(http://bbs.linuxtone.org/thread-41-1-1.html)
4)注意(還是那句老話:安全工作從細節做起!)
五、附錄及相關介紹
1)參考文檔(感謝):
Discuz!公司Nanu先生文章的相關鏈接:
http://bbs.linuxpk.com/thread-13325-1-2.html
http://www.discuz.net/thread-722804-1-1.html
配置全能WEB(05年文章參考):http://bbs.linuxpk.com/thread-437-1-2.html
LinuxTone.Org(Apache相關問題專題貼):http://bbs.linuxtone.org/thread-88-1-1.html
感謝網友eddiechen提出相關問題!
1)利用Nginx替代apache實現高性能的Web環境(第一版): http://bbs.linuxtone.org/thread-7-1-1.html
第二版詳細安全配置近期更新,請實時關注:http://bbs.linuxtone.org/(網站伺服器版)
2)關於LinuxTone.Org(IT運維專家論壇):
目標:期望和大家一起努力打造一個專註IT運維,Linux集群架構的開放互動討論平台!期待您的加入!
我們很樂意把平時工作中遇到的問題和得到的經驗與大家共同分享相互學習!
如果你是Linux愛好者?
如果你目前在網站伺服器方面遇到很多頭痛的問題?
如果你目前的站就使用了Linux?或者你想將你的Linux的apache遷於至高性能的Nginx?
如果您使用的是WAMP(即Windows平台的AMP)平台想遷移至LAMP?
如果你目前的網站需要優化進一步提升硬體性能?
如果你目前的網站需要負載均衡集群架構方案? 請聯繫我們!
我們願意抽出空餘時間免費熱心為你解答相關問題,協助你完成所有相關工作!共同分享!共同進步!
同時也熱情期待你能加入http://www.linuxtone.org 幫我一起完善論壇建設工作,完成每版置頂的手冊形成可操作性
強的文檔及方案,方便大家一起學習進步!聯繫方式:QQ:67888954 MSN:cnseek@msn.com Gtalk:cnseek@gmail.com
《解決方案》
頂起來