基於CentOS構建高性能的LAMP平台. (接).
基於CentOS構建高性能的LAMP平台(接).
三、編譯安裝A.M.P環境
1.下載軟體編譯安裝
1)下載軟體 # cd /usr/local/src
httpd-2.2.8.tar.gz
mysql-5.0.51b.tar.gz
php-5.2.6.tar.bz2
ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz2) 安裝MySQL
查看分析你的CPU型號:
http://gentoo-wiki.com/Safe_Cflags 查找您的GCC編譯參數.
確定系統CPU類型:
# cat /proc/cpuinfo | grep "model name"
執行後會看到系統中CPU的具體型號,記下CPU型號。 # tar xvf mysql-5.0.51b.tar.gz
# cd mysql-5.0.51b
# vi mysql.sh
-------------------cut begin-------------------------------------------
•CHOST="i686-pc-linux-gnu"
•CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
•CXXFLAGS="${CFLAGS}"
•./configure \
• "--prefix=/usr/local/mysql" \
• "--localstatedir=/data/mysql/data" \
• "--with-comment=Source" \
• "--with-server-suffix=-LinuxTone" \
• "--with-mysqld-user=mysql" \
• "--without-debug" \
• "--with-big-tables" \
• "--with-charset=utf8" \
• "--with-collation=utf8_chinese_ci" \
• "--with-extra-charsets=all" \
• "--with-pthread" \
• "--enable-static" \
• "--enable-thread-safe-client" \
• "--with-client-ldflags=-all-static" \
• "--with-mysqld-ldflags=-all-static" \
• "--enable-assembler" \
• "--without-isam" \
• "--without-innodb" \
• "--without-ndb-debug"
•make && make install
•mkdir -p /data/mysql/data
•useradd mysql -d /data/mysql -s /sbin/nologin
•/usr/local/mysql/bin/mysql_install_db --user=mysql
•cd /usr/local/mysql
•chown -R root:mysql .
•chown -R mysql /data/mysql/data
•cp share/mysql/my-huge.cnf /etc/my.cnf
•cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
•chmod 755 /etc/rc.d/init.d/mysqld
•chkconfig --add mysqld
•/etc/rc.d/init.d/mysqld start
•
•cd /usr/local/mysql/bin
•for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done
••-------------------cut end---------------------------------------------
複製代碼#sh mysql.sh 即可開始編譯. 3) 編譯安裝Apache
# cd /usr/local/src
# tar xvf httpd-2.2.8.tar.gz
# cd httpd-2.2.8
./configure \
• "--prefix=/usr/local/apache2" \
• "--with-included-apr" \
• "--enable-so" \
• "--enable-deflate=shared" \
• "--enable-expires=shared" \
• "--enable-rewrite=shared" \
• "--enable-static-support" \
• "--disable-userdir"
•make
•make install
•echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local複製代碼4.)編譯安裝PHP # cd /usr/local/src
# tar xjvf php-5.2.6.tar.bz2
# cd php-5.2.6
./configure \
• "--prefix=/usr/local/php" \
• "--with-apxs2=/usr/local/apache2/bin/apxs" \
• "--with-config-file-path=/usr/local/php/etc" \
• "--with-mysql=/usr/local/mysql" \
• "--with-libxml-dir=/usr/local/libxml2" \
• "--with-gd=/usr/local/gd2" \
• "--with-jpeg-dir" \
• "--with-png-dir" \
• "--with-bz2" \
• "--with-freetype-dir" \
• "--with-iconv-dir" \
• "--with-zlib-dir " \
• "--with-openssl=/usr/local/openssl" \
• "--with-mcrypt=/usr/local/libmcrypt" \
• "--enable-soap" \
• "--enable-gd-native-ttf" \
• "--enable-ftp" \
• "--enable-mbstring" \
• "--enable-exif" \
• "--disable-ipv6" \
• "--disable-cgi" \
• "--disable-cli" #禁掉ipv6,禁掉cli模式,提升速度和安全性.請根據具體需求定製相關的編譯數.
•make
•make install
•mkdir /usr/local/php/etc
•cp php.ini-dist /usr/local/php/etc/php.ini複製代碼5)Xcache的安裝.
#tar xvf xcache-1.2.2.tar.gz
#/usr/local/php/bin/phpize
• ./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php/bin/php-config \
• --enable-inline-optimization --disable-debug複製代碼#vi /usr/local/php/etc/php.ini (將以下內容加入php.ini最後面)
-------------------cut begin-------------------------------------------
•
•zend_extension = /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/xcache.so
•
•
•xcache.admin.user = "admin"
•;如何生成md5密碼: echo -n "password"| md5sum
•xcache.admin.pass = "035d849226a8a10be1a5e0fec1f0f3ce" #密碼為52netseek
•
•
•; Change xcache.size to tune the size of the opcode cache
•xcache.size = 24M
•xcache.shm_scheme = "mmap"
•xcache.count = 4
•xcache.slots = 8K
•xcache.ttl = 0
•xcache.gc_interval = 0
•
•; Change xcache.var_size to adjust the size of variable cache
•xcache.var_size = 8M
•xcache.var_count = 1
•xcache.var_slots = 8K
•xcache.var_ttl = 0
•xcache.var_maxttl = 0
•xcache.var_gc_interval = 300
•xcache.test = Off
•xcache.readonly_protection = On
•xcache.mmap_path = "/tmp/xcache"
•xcache.coredump_directory = ""
•xcache.cacher = On
•xcache.stat = On
•xcache.optimizer = Off
•
•
•xcache.coverager = On
•xcache.coveragedump_directory = ""•-------------------cut end---------------------------------------------
複製代碼6) 安裝Zend Optimizer # cd /usr/local/src
# tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
# ./ZendOptimizer-3.3.3-linux-glibc23-i386/install.sh安裝Zend Optimizer過程的最後不要選擇重啟Apache。
2. 整合Apache與PHP及系統初化配置.
1)整合Apache與PHP
# vi /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在該行下面添加
AddType application/x-httpd-php .php
找到: <IfModule dir_module>
DirectoryIndex index.html
</IfModule>
將該行改為
<IfModule dir_module>
DirectoryIndex index.html index.htm index.php
</IfModule>找到:#Include conf/extra/httpd-mpm.conf
#Include conf/extra/httpd-info.conf
#Include conf/extra/httpd-vhosts.conf (虛擬主機配置文件存放目錄.)
#Include conf/extra/httpd-default.conf去掉前面的「#」號,取消註釋。
注意:以上 4 個擴展配置文件中的設置請按照相關原則進行合理配置!
修改完成後保存退出。
# /usr/local/apache2/bin/apachectl restart
2)查看確認L.A.M.P環境信息、提升 PHP 安全性
在網站根目錄放置 info.php 腳本,檢查phpinfo中的各項信息是否正確。 <?php
phpinfo();
?>
確認 PHP 能夠正常工作后,在 php.ini 中進行設置提升 PHP 安全性,禁掉危險的函數.
# vi /etc/php.ini找到:disable_functions =設置為:phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server3)腳本自動完成初始化配置(以上配置可以用腳本自動化完成)
#cat init_apache_php.sh
-------------------cut begin-------------------------------------------•#!/bin/bash
•#Written by :NetSeek http://www.linuxtone.org
•#init_httpd.conf
•http_cf="/usr/local/apache2/conf/httpd.conf"
•sed -i -e "s/User daemon/User www/" -i -e "s/Group daemon/Group www/" $http_cf
•sed -i -e '121 s/^/#/' -i -e '122 s/^/#/' $http_cf
•sed -i 's#DirectoryIndex index.html# DirectoryIndex index.php index.html index.htm#/g' $http_cf
•sed -i -e '374 s/^#//g' -i -e '389 s/^#//g' -i -e '392 s/^#//g' -i -e '401 s/^#//g' $http_cf
•#init_php(PHP安全設置及隱藏PHP版本)
•php_cf="/usr/local/php/etc/php.ini"
•sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $php_cf
•sed -i '210 s#disable_functions =#disable_functions = phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $php_cf
•sed -i '/expose_php/s/On/Off/' $php_cf
•sed -i '/display_errors/s/On/Off/' $php_cf•-------------------cut end-------------------------------------------
複製代碼三、配置虛擬主機及基本性能調優
1) 配置虛擬主機:#vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
•
•<VirtualHost *:80>
• ServerAdmin cnseek@gmail.com
• DocumentRoot "/data/www/wwwroot/linuxtone.org"
• ServerName www.linuxtone.org
• ServerAlias bbs.linxutone.org
• ErrorLog "logs/dummy-host.example.com-error_log"
• CustomLog "|/usr/sbin/cronolog /data/logs/access_www.linuxtone.org.%Y%m%d" combined
•</VirtualHost>
複製代碼2).基本性能調優參考:(更多的調優相關文章請關注:http://bbs.linuxtone.org/index.html性能調優相關的貼子)
#vi /usr/local/apache2/conf/extra/httpd-default.conf
Timeout 15
•KeepAlive Off
•MaxKeepAliveRequests 50
•KeepAliveTimeout 5
•UseCanonicalName Off
•AccessFileName .htaccess
•ServerTokens Prod
•ServerSignature Off
•HostnameLookups Off
複製代碼#vi /usr/local/apache2/conf/extra/httpd-mpm.conf
<IfModule mpm_prefork_module>
• ServerLimit 2000
• StartServers 10
• MinSpareServers 10
• MaxSpareServers 15
• MaxClients 2000
• MaxRequestsPerChild 10000
•</IfModule>複製代碼3).Apache日誌處理相關問題匯總貼(http://bbs.linuxtone.org/thread-102-1-1.html)
利用awstats分析網站日誌:http://bbs.linuxtone.org/thread-56-1-1.html
忽略不需要的日誌配置參考具體請據據具體問題分析:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
#下面加入如下內容: # filter the localhost visit
• SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
• # filter some special directories
• SetEnvIf Request_URI "^ZendPlatform.*
• # filter the localhost visit
• SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
• # filter some special directories
• SetEnvIf Request_URI "^ZendPlatform.*[ DISCUZ_CODE_9 ]quot; dontlog
• SetEnvIf Request_URI \.healthcheck\.html$ dontlog
• SetEnvIf Remote_Addr "::1" dontlog
• SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
• SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
• SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
• SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
• SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
複製代碼quot; dontlog
SetEnvIf Request_URI \.healthcheck\.html$ dontlog
SetEnvIf Remote_Addr "::1" dontlog
SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
4). Apache防盜鏈(Apache防盜鏈相關問題匯總:http://bbs.linuxtone.org/thread-101-1-1.html)
RewriteEngine on
• RewriteCond %{HTTP_REFERER} !^$
• RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$
• RewriteRule \.(gif|jpg)$ http://網站域名/nolink.png 複製代碼四、基本安全設置
1)iptables 封鎖相關埠(推薦讀CU白金大哥的兩小時玩轉iptables)
2)SSH全安(修改SSH埠限制來源IP登陸,或者參考http://bbs.linuxtone.org/thread-106-1-1.html)
3)Linux防Arp攻擊策略(http://bbs.linuxtone.org/thread-41-1-1.html)
4)注意(還是那句老話:安全工作從細節做起!)
[火星人
]
基於CentOS構建高性能的LAMP平台. (接).已經有1238次圍觀
http://coctec.com/docs/service/show-post-1785.html