LAMP+SYSLOG方案

←手機掃碼閱讀火星人 @ 2014-03-05 , reply:0

LAMP+SYSLOG方案

LAMP+SYSLOG方案
Version:1.0
Email:atyu30#hotmail.com
服務特性

任何管理過具有商業重要性的系統的人都知道計算機正常運行時間的價值 - 或者反過來講，知道用戶因故障時間會給您帶來諸多頭痛問題。公司採用 UNIX 伺服器的主要原因之一是由於它的可靠性和穩定性。如果仔細管理，通常可以很長時間不需重啟這些伺服器。為了做到盡善盡美，可以採用集群方式，可以有效提供不間斷服務，從而保持伺服器的可用性。
一,mysql採用phpMyAdmin的WEB管理
二,php採用ZendOptimizer加速
三,apache包括SSL，基於埠，IP，域名的虛擬主機
四,syslog 採用awstats對LOG做分析

應用軟體
httpd.2.0.59.tar.gz
mod_ssl-2.8.24-1.3.33.tar.tar
http://httpd.apache.org/download.cgi
php-5.2.0.tar.gz
http://cn2.php.net/get/php-5.0.5.tar.gz/from/a/mirror
www.mysql.com
http://ftp.plusline.de/mysql/Downloads/MySQL-5.0/mysql-5.0.27.tar.gz
ZendOptimizer
Zend Optimizer 2.6.0
http://www.zend.com/store/getfreefile.php?pid=13&zbid=548
libtool-1.5.22.tar
libxml2-2.6.19.tar  # wget http://ftp.gnome.org/pub/GNOME/s ... bxml2-2.6.19.tar.gz
libxslt-1.1.15.tar http://ftp.gnome.org/pub/GNOME/s ... bxslt-1.1.15.tar.gz
freetype-2.2.1.tar
http://download.savannah.gnu.org/releases/freetype/freetype-2.2.1.tar.bz2
libpng-1.2.8.tar
http://prdownloads.sourceforge.net/libpng/libpng-1.2.8-config.tar.gz?download
curl-7.15.0.tar.gz  http://curl.haxx.se/download/curl-7.15.0.tar.gz
jpegsrc.v6b.tar.gz    http://www.ijg.org/files/jpegsrc.v6b.tar.gz
phpMyAdmin
phpMyAdmin-2.9.1.1-all-languages.tar.gz
awstats-6.6.tar.gz http://sourceforge.net/projects/awstats/

[ 本帖最後由 atyu30 於 2007-3-2 14:31 編輯 ]

《解決方案》

網路結構

網路結構
見圖

《解決方案》

Section 1_MySQL

MySQL
# tar -zxf mysql-5.0.27.tar.gz
# cd mysql-5.0.27
# groupadd mysql
# useradd -d /var/lib/mysql -g mysql -s /bin/bash mysql

# ./configure --prefix=/usr/local/mysql \ 指定安裝目錄
--sysconfdir=/etc\ 指定my.ini的位置
--localstatedir=/var/lib/mysql\mysql數據存放處
--with-unix-socket-path=/var/lib/mysql/mysql.sock\mysql動態連接庫
--with-debug
--without-debug \去除debug模式
--with-extra-charsets=all \添加其他字元支持
--enable-assembler \使用一些字元函數的彙編版本
--without-isam \去掉isam表類型支持現在很少用了 isam表是一種依賴平台的表
--without-innodb \去掉innodb表支持 innodb是一種支持事務處理的表,適合企業級應用
--with-pthread \強制使用pthread庫(posix線程庫)
--enable-thread-safe-client \以線程方式編譯客戶端
--with-client-ldflags=-all-static \
--with-mysqld-ldflags=-all-static \以純靜態方式編譯服務端和客戶端 --with-raid \激活raid支持
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# cp support-files/my-medium.cnf /etc/my.cnf
# chmod a+x /etc/rc.d/init.d/mysqld
# /usr/local/mysql/bin/mysql_install_db
# chmod -R 755 /var/lib/mysql/
# chkconfig --level 35 mysqld on
# ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
# ln -s /usr/local/mysql/include/mysql /usr/include/mysql
#service mysqld start

# tar -zxf phpMyAdmin-2.9.1.1-all-languages.tar.gz
# mv phpMyAdmin-2.9.1.1-all /usr/local/apache/htdocs/phpMyAdmin
# vi config.inc.php
　　找到下面的部分
　　$cfgServers['host'] = 'localhost';　// MySQL 的hostname
　　$cfgServers['port'] = '';　　　　　　 // MySQL 的port 空白表示預設3306
　　$cfgServers['adv_auth'] = true;　　　// 是否採用進階功能
　　$cfgServers['stduser'] = 'root';　 // MySQL的管理者
　　$cfgServers['stdpass'] = '123456';　 // MySQL管理者的密碼
　　//我採用root為管理者,密碼為123456 你可以採用自己喜歡的
現在就可以對MYSQL進行WEB管理了

分析：

#prefix=/usr/local/mysql mysql 安裝的目標目錄
#sysconfdir=/etc my.ini 配置文件的路徑
#localstatedir=/var/lib/mysql 資料庫存放的路徑
初始化資料庫，升級不用做；
# /usr/local/mysql/bin/mysql_install_db
若系統沒有mysql這個用戶的話，最好做以下這步：
# groupadd mysql
# useradd -d /var/lib/mysql -g mysql -s /bin/bash  mysql
-d 指定目錄
-s 指定shell
-g 指定組

#!/bin/sh
# setup.sh
# This script should be run after the mysql archive is unpacked,in order
# to setup the various config files
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
.~/.bashrc
fi
# Find install directory
echo "***********************************************************************"
echo "Welcome to the MySQL Install script"
echo "***********************************************************************"
echo "MySQL is a web-based interface that allows Unix-like operating"
echo "systems and common Unix services to be easily administered."
echo ""
echo "Please input  mysql  path(/usr/local/mysql):"
read M_MY
M_MY=${M_MY:-/usr/local/mysql}
echo "Please input  mysql databases path(/var/lib/mysql):"
read M_DATA
M_DATA=${M_DATA:-/var/lib/mysql}
echo "Please input  mysql sock path(/var/lib/mysql/mysql.sock):"
read M_SOCK
M_SOCK=${M_SOCK:-/var/lib/mysql/mysql.sock}

# User specific environment and startup programs
PATH=$PATH:$HOME/bin:$M_my/bin:
export PATH
# Install
make && make install
groupadd mysql
./configure --prefix=$M_MY\ --sysconfdir=/etc\ --localstatedir=$M_DATA\ --with-extra-charsets=all\ --with-unix-socket-path=$M_SOCK\ --with-debug
if [ "echo $?" = "0" ]; then
{
useradd -d /var/lib/mysql -g mysql -s /bin/bash  mysql
mv /etc/rc.d/init.d/mysqld /etc/rc.d/init.d/mysqld.bak &
cp support-files/mysql.server /etc/rc.d/init.d/mysqld
chmod a+x /etc/rc.d/init.d/mysqld
mysql_install_db --user=mysql
chmod -R 755 /var/lib/mysql/
chkconfig --level 35 mysqld on
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
service mysqld start
if [ "pstree | grep mysqld" = "" ];then
{
echo "------------------------------------------------";
echo "Please give into me you mysql root's password:"
read M_P
M_P=${M_P:-abcd}
mysqladmin password \'$M_P\'

echo "***********************************************************************"
echo    Mysql install success                                          echo prefix:$M_MY
echo databases:$M_DATA
echo mysql.sock:$M_SOCK
echo Mysql root password:$M_P                                              echo "***********************************************************************"

}
else
echo "Mysql installation failed,Please check!";
fi
}
else
echo "Mysql compiler failure,Please check!"

fi

《解決方案》

Section 2_apache_DNS_SSL

Section 2

Apache server
一,安裝配置
1。Apache_Install

軟體獲取：http://httpd.apache.org/

# tar -zxf  httpd-2.0.59.tar.bz2
# cd httpd-2.0.59

# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-modules=all --enable-mods-shared=max --enable-track-vars --enable-cgi
# make && make install
# chkconfig --level 35 httpd on
# apachectl configtest
# /usr/local/apache/bin/apachectl start
說明：
enable-module參數告訴設置腳本，啟動so和rewrite模塊，so模塊是用來提DSO支持的apache核心模塊，而rewrite模塊則是用意實現地址重寫的模塊，由於rewrite模塊需要DBM支持，若在初次安裝時沒有編譯進apache，以後需要用到時需要重新編譯整個apache才可以實現。除非你確定以後不會用到rewrite模塊，否則還是建議在第一次編譯的時候把rewrite模塊編譯好。
enable-shared=max 這個參數的作用時編譯apache時，把除了so以外的所有apache的標準模塊都編譯成DSO模塊。而不是編譯進apache核心內。--enable-track-vars 為啟動cookie的get/post等追蹤功能,--enable-cgi 支持CGI.

#!/bin/sh
#apache.install.sh
echo ""
echo "Please input  apache  path(/usr/local/apache):"
read M_MY
M_MY=${M_MY:-/usr/local/apache}
./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-modules=all --enable-mods-shared=max --enable-track-vars --enable-cgi
if [ "echo $?" = "0" ]; then
make && make install
else
   echo "apache compiler failure,Please check!"
fi
chkconfig --level 35 httpd on
/usr/local/apache/bin/apache/apachectl start

2。配置
2.1配置每個用戶的web站點
(1)修改配置文件
# vi /usr/local/apache/conf/httpd.conf
<IfModule mod_userdir.c>
#基於安全考慮，禁止root使用個人的web站點
UserDir disable root
</IfModule>
#配置每個用戶web站點目錄的訪問許可權
<Directory /home/*/public_html>

AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deng
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deng,allow
Deny from all
</LimitExcept>
</Directory>

(2)添加用戶jack 並測試
# useradd -d /home/jack -m jack
# useradd -d /home/mack -m mack
# passwd jack
# passwd mack
# su - jack
$ mkdir public_html
$ chmod 755 public_html
$ cd public_html
$ vi index.html
  Happy new year jack :)
mack同理
#使用瀏覽器訪問自己的主頁

2.2.虛擬主機
(1)修改apache主配置文件
httpd.conf文件尾加上
include conf /vh.conf  #虛擬主機配置文件
#vi vh.conf
#VirtualHost Define.
Listen 8080
<VirtualHost 10.0.0.24:8080>
ServerAdmin webmaster@dummy-host.yuyizhi.org
DocumentRoot /usr/local/src/php/
ServerName dummy-host.yuyizhi.org
ErrorLog logs/dummy-host.yuyizhi.org-error_log
CustomLog logs/dummy-host.yuyizhi.org-access_log common

Alias /bbs/ "/usr/local/scr/php/"
Alias /bbs "/usr/local/src/php"
<Directory "/usr/local/src/php/">
      Options Indexes FollowSymlinks MultiViews
      AllowOverride None
      Order allow,deny
      Allow from all
</Directory>

</VirtualHost>

NameVirtualHost 10.0.0.24
<VirtualHost 10.0.0.24>
ServerAdmin webmaster@yuyizhi.org
DocumentRoot /www/docs/www.yuyizhi.org
ErrorLog logs/www.yuyizhi.org-error_log
CustomLog logs/www.yuyizhi.org-accwss_log common
</VirtualHost>

(2)修改DNS server配置文件
# vi /var/named/chroot/etc/named.conf
#正向區域
zone "yuyizhi.org" IN {
type master;
file "yuyizhi.org.bind";
};

#反解析區域，在反解析網域的名稱是將IP地址反過來寫，因為在DNS系統中，名稱的方向與IP地址相反
zone "0.0.10.in-addr.arpa"IN {
type master;
file "0.0.10.bind";
allow-update { none; };
};

(3)
I添加正向解析文件
# vi /etc/yuyizhi.org.bind
@ IN SOA ns1.yuyizhi.org. root.yuyizhi.org(
2007020202;serial
1800 ;refresh
600 ;retry
1209600 ;expire
86400 ;default_ttl
)
IN NS ns1.yuyizhi.org.
www IN A 10.0.0.24
IN A 10.0.0.25
IN A 10.0.0.26
web IN CNAME www
mail IN MX 10 10.0.0.210
IN MX 20 10.0.0.211
ftp IN A 10.0.0.101
bbs IN A 10.0.0.27
//泛域名解析
* IN A 10.0.0.200
//空域名解析
@ IN A 10.0.0.200
II添加反向解析文件
#vi /var/named/chroot/named/0.0.10.bind
#PTR(Pointer)記載反解析網域中的IP地址名稱對應的DNS名稱
$TTL 86400
@ IN SOA ns1.yuyizhi.org. root.at.yuyizhi.org (
20070202
1800
600
1209600
86400)
IN NS ns1.yuyizhi.org.
24 IN PTR www.yuyizhi.org.
25 IN PTR www.yuyizhi.org.
26 IN PTR www.yuyizhi.org.
27 IN PTR bbs.yuyizhi.org.
210 IN PTR mail.yuyizhi.org.
211 IN PTR mail.yuyizhi.org.
101 IN PTR ftp.yuyizhi.org.
(4)添加目錄
# mkdir -p /www/docs
# cd /www/docs
# mkdir www.yuyizhi.org
# echo "www.yuyizhi.org"> /www/docs/www.yuyizhi.org/index.html
# /usr/sbin/in.named
# vi /etc/resolv.conf
Nameserver 10.0.0.20
#nslookup
#ps -ef | grep apache #查看apache
# apachectl configtest
# apachectl start
從瀏覽器地址欄敲入IP+port

(5)日誌統計分析 webalizer
#rpm –qa | grep webalizer
#查看安裝的文件
#rpm –ql weblizer
配置webalizer
其主配置文件: /etc/webalizer.conf
Webalizer的分析數據應該只能由root才能看，所以需要在/usr/local/apache/conf/httpd.conf 中進行授權設置
<Directory 「/var/www/html/usage」>
AuthType Basic
AuthName 「Admin」
AuthuserFile /var/www/passwd/yuyizhi
AuthGroupFile /var/www/passwd/admingrp
Require group admin
</Directory>

SSL
(1)
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1

生成根證書
#./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...............................++++++
.......++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: (此處要輸入一個密碼，至少四位)
Verifying - Enter pass phrase for ca.key: (重複以上密碼)
Self-sign the root CA...
Enter pass phrase for ca.key: (剛才輸過的密碼)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :CN
State or Province Name (full name) :BJ
Locality Name (eg, city) :BJ
Organization Name (eg, company) :Benet Ltd
Organizational Unit Name (eg, section) :Marion
Common Name (eg, MD Root CA) []:Benet CA
Email Address []:root@yuyizhi.org
如此可以生成ca.key和ca.crt兩個文件；其中的省份、公司等內容依環境設定。

接下來要為伺服器生成一個證書：
# ./new-server-cert.sh server (證書的名字是server)
No server.key round. Generating one
Generating RSA private key, 1024 bit long modulus
....++++++
.............++++++
e is 65537 (0x10001)
Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :CN
State or Province Name (full name) :BJ
Locality Name (eg, city) :BJ
Organization Name (eg, company) :Benet Ltd
Organizational Unit Name (eg, section) :Marion
Common Name (eg, www.domain.com) []:mail.yuyizhi.org
Email Address []:root@yuyizhi.org
You may now run ./sign-server-cert.sh to get it signed
執行結束後生成server.csr和server.key這兩個文件。再簽署一下server.csr和server.key即可使用。

# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName          :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName       :PRINTABLE:'BJ'
organizationName    :PRINTABLE:'Benet Ltd'
organizationalUnitName:PRINTABLE:'Marion'
commonName          :PRINTABLE:'localhost'
emailAddress       :IA5STRING:'root@yuyizhi.org'
Certificate is to be certified until Nov 21 11:58:38 2008 GMT (365 days)
Sign the certificate? :y

1 out of 1 certificate requests certified, commit? y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK

(2)接下來要按照/usr/local/apache/extra/httpd-ssl.conf裡面的設置，將證書放在適當的位置。
#cp ./server.key /usr/local/apache/
#cp ./server.crt /usr/local/apache/
#cd ..
#chmod 400 server.key

(3)編輯/usr/local/apache/conf/httpd.conf
添加 Include /usr/local/apache/extra/httpd-ssl.conf
重啟apache即可
#killall -9 httpd
#/usr/local/apache/bin/apachectl start

(5)https://mail.yuyizhi.org

《解決方案》

Section 3_php_gd

Section 3

PHP
安裝 jpeg6
建立目錄
# mkdir /usr/local/jpeg
# mkdir /usr/local/jpeg/bin
# mkdir /usr/local/jpeg/lib
# mkdir /usr/local/jpeg/include
# mkdir /usr/local/jpeg/man
# mkdir /usr/local/jpeg/man/man1
# cd /usr/local/src
# tar -zxf jpegsrc.v6b.tar.gz
# cd jpeg-6b
# ./configure --prefix=/usr/local/jpeg6/ --enable-shared --enable-static
#echo $?
# make && make install

安裝libpng
# cd /usr/local/src
# tar -zxf libpng-1.2.8.tar.gz
# cd libpng-1.2.8
# cp scripts/makefile.std makefile
# make && make install

安裝 freetype
# cd /usr/local/src
# tar -zxf freetype-2.1.10.tar.gz
# cd freetype-2.1.10
# ./configure --prefix=/usr/local/freetype --enable-shared --enable-static
# make && make install

安裝GD庫
# cd /usr/local/src
# tar -zxf gd-2.0.33.tar.gz
# cd gd-2.0.33
# ./configure --prefix=/usr/local/gd --with-jpeg=/usr/local/jpeg/ --with-png --with-zlib --with-freetype=/usr/local/freetype/
# make; make install

安裝Curl庫
# cd /root/soft
# tar -zxf curl-7.15.0.tar.gz
# ./configure --prefix=/usr/local/curl
#echo $?
# make; make install

Install PHP
由於php5需libxml2的支持, 所以先安裝libxml2
# cd /usr/local/src
# tar -zxf libxml2-2.6.19.tar.gz
# cd libxml2-2.6.19
# ./configure --prefix=/usr/local/libxml
# make && make install

安裝 libxslt
# cd /usr/local/src
# tar -zxf libxslt-1.1.15.tar.gz
# cd libxslt-1.1.15
# ./configure --prefix=/usr/local/libxslt --with-libxml-prefix=/usr/local/libxml2
# make; make install

# tar -jxf php-5.2.0.tar.bz2
# cd php-5.2.0
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --with-jpeg=/usr/local/jpeg --with-zlib=/usr/local/zlib --with-freetype=/usr/local/freetype --with-png=/usr/local/libpng --with-gd=/usr/local/gd --with-libxml-dir=/usr/local/libxml --with-xsl=/usr/local/libxslt --enable-xslt --with-curl=/usr/local/curl --enable-ftp
# echo $?
# make && make install
# cp php.ini-dist /usr/local/php/lib/php.ini
# vi /usr/local/lib/php.ini
將register_globals = Off改為register_globals = On
# vi /usr/local/httpd/httpd.conf 些模塊簡單的修改
將Listen 80 改為: Listen 10.0.0.24:80
在/usr/local/apache/conf/httpd.conf中添加如下：
AddType application/x-httpd-php .php .php3 .php4 .php5
AddHandler cgi-script .cgi#打開CGI腳本服務
#/usr/local/httpd/bin/apachectl restart 重啟一下apahce服務
apache支持PHP配置完成。

Zend Optimizer 2.6.0

ZendOptimizer-2.6.0-linux-glibc21-i386.tar.gz（ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz兼容性有問題）
# tar xzvf ZendOptimizer-2.6.0-linux-glibc21-i386.tar.gz
# cd ZendOptimizer-2.6.0-linux-glibc21-i386
# ./install.sh
mud安裝過程中會要你輸入php.ini的路徑:/usr/local/php/etc/php.ini
已經在安裝php的時候將php.ini-recommended腳本複製過去了
只需確定/usr/local/php/etc即可
最後
/usr/local/apache/bin/apachectl restart
在/home/wwwroot目錄下保存為/index.php測試下:
echo 'installing linux_apache_mysql_php_zend success';
?>
phpinfo();
?>;
打開瀏覽器,輸入http://192.168.1.1

《解決方案》

Section 4_syslog

Section 4
SYSLOG

#vi /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /var/log/kernlog
kern.* @10.0.0.205
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
*.info;mail.none;news.none;authpriv.none;cron.none @10.0.0.205
# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog

# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log

#
# INN
#
news.=crit                                     /var/log/news/news.crit
news.=err                                        /var/log/news/news.err
news.notice                                     /var/log/news/news.notice

#service syslog start
#ss -anu
#查看514#埠 start

awstats-6.4.tar.gz http://sourceforge.net/projects/awstats/
採用awstats對日誌做分析
使用NFS將log都寫在syslog server
鑒於log的重要性。要求結合cron及時對log做好備份

《解決方案》

不錯,幫頂一下.

《解決方案》

內容不錯。寫的聽詳細的

《解決方案》

不錯,頂一下

《解決方案》

AWStats: Apache/IIS的日誌分析工具
http://www.chedong.com/tech/awstats.html

Tags:

[火星人 ] LAMP+SYSLOG方案已經有423次圍觀

本文地址：http://coctec.com/docs/service/show-post-38642.html

LAMP+SYSLOG方案