欧美黄色av,337P日本欧洲亚洲大胆精筑,福利在线播放

Nginx+centos+php+mysql構建您的安全云

2015-07-30 閱讀數:3113

返回列表

centos 5.5 安裝

1.從線上更新文件庫
sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers

tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13/
./configure --prefix=/usr/local
make
make install
cd ../

tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../

tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
ln -s /usr/local/lib/libiconv.so.2 /usr/lib/libiconv.so.2

tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../

安裝MYSQL rmp格式

rpm -ivh MySQL-server-community-5.1.34-0.rhel5.x86_64.rpm
rpm -ivh MySQL-client-community-5.1.34-0.rhel5.x86_64.rpm
rpm -ivh MySQL-devel-community-5.1.34-0.rhel5.x86_64.rpm

修改mysql的root密碼
mysqladmin -u root password 你的密碼
驗證是否登錄成功
mysql -u root -p

在/etc/ld.so.conf中加一行/usr/local/lib，運行ldconfig。
ld.so.conf和ldconfig是維護系統動態鏈接庫的。真不明白為什么iconv庫安裝時不把這一步也做了

echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

(/sbin/ldconfig)

編譯安裝PHP（FastCGI模式）

//////////////////////////////////////////////////////////////////////
yum search libc-client-devel
yum install libc-client-devel.x86_64
如果郵件模塊加上 --with-imap=/usr/local/imap-c-client --with-imap-ssl --with-kerberos

/////////////////////////////

+-----------------------------------------------------------+
| ! WARNING ! |
| You are running the test-suite with "safe_mode" ENABLED ! |
| |
| Chances are high that no test will work at all, |
| depending on how you configured "safe_mode" ! |
+-----------------------------------------------------------+

ERROR: invalid PHP executable specified by TEST_PHP_EXECUTABLE = /data0/software/php-5.2.9/sapi/cli/php
make: [test] Error 1 (ignored)

如果出現make test 錯誤忽略直接make intsall即可

////////////////////////////

tar zxvf php-5.2.14.tar.gz
gzip -cd php-5.2.14-fpm-0.5.14.diff.gz | patch -d php-5.2.14 -p1
cd php-5.2.14/
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/bin/ --with-mysqli --with-libdir=lib64 --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-ftp --enable-soap --with-imap=/usr/local/imap-c-client --with-imap-ssl --with-kerberos

make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /usr/local/webserver/php/etc/php.ini
cd ../

編譯安裝PHP5擴展模塊
可選
///////////////////////////////
tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../
//////////////////////////////

tar jxvf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1/
/usr/local/webserver/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../

tar zxvf ImageMagick.tar.gz
cd ImageMagick-6.5.1-2/
./configure
make
make install
cd ../

tar zxvf imagick-2.3.0.tgz
cd imagick-2.3.0/
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../

<安到這里了>

5、修改php.ini文件
手工修改：查找/usr/local/webserver/php/etc/php.ini中的extension_dir = "./"
修改為extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/"
并在此行后增加以下幾行，然后保存：
extension = "memcache.so"
extension = "imagick.so"

再查找 output_buffering = Off
修改為output_buffering = On

再查找; cgi.fix_pathinfo=0
修改為cgi.fix_pathinfo=0，防止Nginx文件類型錯誤解析漏洞。

6、配置eAccelerator加速PHP：
mkdir -p /usr/local/webserver/eaccelerator_cache
nano /usr/local/webserver/php/etc/php.ini

尾部加入
[eaccelerator]
zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="64"
eaccelerator.cache_dir="/usr/local/webserver/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

7、創建www用戶和組，虛擬主機使用的目錄

/usr/sbin/groupadd www
/usr/sbin/useradd -g www www

mkdir -p /htdocs/wwwroot
chmod +w /htdocs/wwwroot
chown -R www:www /htdocs/wwwroot

8、創建php-fpm配置文件（php-fpm是為PHP打的一個FastCGI管理補丁，可以平滑變更php.ini配置而無需重啟php- cgi）：
在/usr/local/webserver/php/etc/目錄中創建php-fpm.conf文件：

rm -f /usr/local/webserver/php/etc/php-fpm.conf
vi /usr/local/webserver/php/etc/php-fpm.conf

輸入以下內容（如果您安裝 Nginx + PHP 用于程序調試，請將以下的<value name="display_errors">0</value>改為<value name="display_errors">1</value>，以便顯示PHP錯誤信息，否則，Nginx 會報狀態為500的空白錯誤頁）：

<?xml version="1.0" ?>
<configuration>

All relative paths in this config are relative to php's install prefix

<section name="global_options">

Pid file
<value name="pid_file">/usr/local/webserver/php/logs/php-fpm.pid</value>

Error log file
<value name="error_log">/usr/local/webserver/php/logs/php-fpm.log</value>

Log level
<value name="log_level">notice</value>

When this amount of php processes exited with SIGSEGV or SIGBUS ...
<value name="emergency_restart_threshold">10</value>

... in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator's shared memory.
<value name="emergency_restart_interval">1m</value>

Time limit on waiting child's reaction on signals from master
<value name="process_control_timeout">5s</value>

Set to 'no' to debug fpm
<value name="daemonize">yes</value>

</section>

<workers>

<section name="pool">

Name of pool. Used in logs and stats.
<value name="name">default</value>

Address to accept fastcgi requests on.
Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'
<value name="listen_address">127.0.0.1:9000</value>

<value name="listen_options">

Set listen(2) backlog
<value name="backlog">-1</value>

Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.
<value name="owner"></value>
<value name="group"></value>
<value name="mode">0666</value>
</value>

Additional php.ini defines, specific to this pool of workers.
<value name="php_defines">
<value name="sendmail_path">/usr/sbin/sendmail -t -i</value>
<value name="display_errors">0</value>
</value>

Unix user of processes
<value name="user">www</value>

Unix group of processes
<value name="group">www</value>

Process manager settings
<value name="pm">

Sets style of controling worker process count.
Valid values are 'static' and 'apache-like'
<value name="style">static</value>

Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
<value name="max_children">128</value>

Settings group for 'apache-like' pm style
<value name="apache_like">

Sets the number of server processes created on startup.
Used only when 'apache-like' pm_style is selected
<value name="StartServers">20</value>

Sets the desired minimum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MinSpareServers">5</value>

Sets the desired maximum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MaxSpareServers">35</value>

</value>

</value>

The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when 'max_execution_time' ini option does not stop script execution for some reason
'0s' means 'off'
<value name="request_terminate_timeout">0s</value>

The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
'0s' means 'off'
<value name="request_slowlog_timeout">0s</value>

The log file for slow requests
<value name="slowlog">logs/slow.log</value>

Set open file desc rlimit
<value name="rlimit_files">65535</value>

Set max core size rlimit
<value name="rlimit_core">0</value>

Chroot to this directory at the start, absolute path
<value name="chroot"></value>

Chdir to this directory at the start, absolute path
<value name="chdir"></value>

Redirect workers' stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
<value name="catch_workers_output">yes</value>

How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
<value name="max_requests">1024</value>

Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
<value name="allowed_clients">127.0.0.1</value>

Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment
<value name="environment">
<value name="HOSTNAME">$HOSTNAME</value>
<value name="PATH">/usr/local/bin:/usr/bin:/bin</value>
<value name="TMP">/tmp</value>
<value name="TMPDIR">/tmp</value>
<value name="TEMP">/tmp</value>
<value name="OSTYPE">$OSTYPE</value>
<value name="MACHTYPE">$MACHTYPE</value>
<value name="MALLOC_CHECK_">2</value>
</value>

</section>

</workers>

</configuration>

9、啟動php-cgi進程，監聽127.0.0.1的9000端口，進程數為128（如果服務器內存小于3GB，可以只開啟64個進程），用戶為 www：
ulimit -SHn 65535
/usr/local/webserver/php/sbin/php-fpm start

三、安裝Nginx 0.8.46

1、安裝Nginx所需的pcre庫：
tar zxvf pcre-8.10.tar.gz
cd pcre-8.10/
./configure --enable-utf8 --enable-unicode-properties
make && make install
cd ../

2、安裝Nginx
tar zxvf nginx-0.8.46.tar.gz
cd nginx-0.8.46/
./configure --user=www --group=www --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
cd ../

3、創建Nginx日志目錄
mkdir -p /weblog/logs
chmod +w /weblog/logs
chown -R www:www /weblog/logs

4、創建Nginx配置文件
①、在/usr/local/webserver/nginx/conf/目錄中創建nginx.conf文件：
rm -f /usr/local/webserver/nginx/conf/nginx.conf
nano /usr/local/webserver/nginx/conf/nginx.conf

user www www;
worker_processes 8;
error_log /weblog/logs/nginx_error.log crit;
pid /usr/local/webserver/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
use epoll;
worker_connections 65535;
}

http
{
include mime.types;
default_type application/octet-stream;

#charset gb2312;

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;

sendfile on;
tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

server
{
listen 80;
server_name www.tcsos.com;
index index.html index.htm index.php;
root /htdocs/wwwroot;

#limit_conn crawler 20;

location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}

location / {
if (-d $request_filename){
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}

location ~ .*\.(js|css)?$
{
expires 1h;
}

log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /weblog/logs/access.log access;
}

}

②、在/usr/local/webserver/nginx/conf/目錄中創建fcgi.conf文件：
vi /usr/local/webserver/nginx/conf/fcgi.conf

輸入以下內容：
引用
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

5、啟動Nginx
ulimit -SHn 65535
/usr/local/webserver/nginx/sbin/nginx

四、配置開機自動啟動Nginx + PHP
vi /etc/rc.local

在末尾增加以下內容：
引用
ulimit -SHn 65535
/usr/local/webserver/php/sbin/php-fpm start
/usr/local/webserver/nginx/sbin/nginx

重啟命令
ulimit -SHn 65535
/usr/local/webserver/php/sbin/php-fpm restart
/usr/local/webserver/nginx/sbin/nginx -s reload

nginx 自動加/

location / {
if (-d $request_filename){
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}
}

七、編寫每天定時切割Nginx日志的腳本
1、創建腳本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh
vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh

輸入以下內容：
引用
#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path="/usr/local/webserver/nginx/logs/"

mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`

2、設置crontab，每天凌晨00:00切割nginx訪問日志
crontab -e

輸入以下內容：
引用
00 00 * * * /bin/bash /usr/local/webserver/nginx/sbin/cut_nginx_log.crontab -esh

定期重啟phpcgi
crontab -e

1分鐘重啟一次
* * * * * /usr/local/webserver/php/sbin/php-fpm restart

5分鐘重啟一次
*/5 * * * * /usr/local/webserver/php/sbin/php-fpm restart

監控php cgi 的進程 2秒顯示一次
while true;do netstat -anpo | grep "php-cgi" | wc -l;sleep 2s;done

上一篇：Nginx 502錯誤觸發條件與解決辦法...

下一篇：物流貨運O2O平臺設計方案

av在线黄_国产欧美精品久久久_欧产日产国产水蜜桃_亚色国产_国产aV无码专区亚洲aV毛片搜_久操久操

Nginx+centos+php+mysql構建您的安全云

相關新聞