系统环境说明:
os:centos 5.6
nginx:nginx-1.0.11
php:php-5.3.9
mysql:mysql-5.5.20
文档导读:
一 准备工作
二 基础软件包安装
三 安装Nginx
四 MySQL安装
五 安装PHP
六 企业网站部署
七 压力测试webbench
八 优化mysql,nginx,php配置及防火墙配置(略)
九 维护常用命令
一、准备工作(仅作参考)
1、删除系统自带软件
rpm -qa httpd mysql php nginx
先停止服务,卸载软件命令:rpm -e httpd --nodeps
2、yum源
vim /etc/yum.repos.d/CentOS-Base.repo
服务器需要yum的时候也不多,所以并不需要去设置。
国内镜像:http://mirrors.163.com http://mirrors.sohu.com
3、设置CentOS默认语言
cp /etc/sysconfig/i18n /etc/sysconfig/i18n_bak
vi /etc/sysconfig/i18n
LANG="en_US.UTF-8"
SYSFONT="latarcyrheb-sun16"
默认的语言是英文,如果把第一行改为"LANG=”zh_CN.UTF-8”",则本机上的shell可以看到正常的中文,但通过ssh连上就会发现所有的汉字变成乱码了;则再改为"LANG="zh_CN.GB18030"",重新登陆即可发现一切OK。
4、安装vim
Centos里的VI只默认安装了vim-minimal-7.x。所以无论是输入vi或者 vim查看文件,syntax功能都无法正常启用。因此需要用yum安装另外两个组件:vim-common-7.x和vim-enhanced- 7.x
yum -y install vim*
查看最近yum安装过的软件包
more /var/log/yum.log
5、时间同步
#当前时区调整为上海就是+8区
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#利用ntpdate同步标准时间
ntpdate us.pool.ntp.org
注意:需要安装ntp-4.2.2p1-9.el5.centos.2.1.i386.rpm
或yum install -y ntp
加入定时计划任务,每隔10分钟同步一下时钟
crontab -e
0 23 * * * /bin/bash /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP
(升级系统软件包,服务和用户安全设置在此不涉及)
二 基础软件包安装
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers
yum -y install make crontabs wget
其中wget看你使用情况,可以不装,openssl-devel对于不需要ssl安全连接的也可以不装,libtool一般在安装到nginx\php\mysql前会安装上去,所以这里也不用安装。make是编译所用,cmake是编译MySQL时用到,ncurses-devel也是。autoconf是编译eaccelerator时用到,crontabs为计划任务,日志分割所用。
附带介绍:
#检查是否安装gcc
gcc -v
#查询SELinux开启情况
getenforce
三、安装Nginx
1.创建nginx所需用户及目录
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /data0/htdocs/html
chmod +w /data0/htdocs/html
chown -R www:www /data0/htdocs/html
mkdir -p /data0/htdocs/web
chmod +w /data0/htdocs/web
chown -R www:www /data0/htdocs/web
mkdir -p /data1/logs
chmod +w /data1/logs
chown -R www:www /data1/logs
2.安装nginx所需pcre
tar zxvf pcre-8.21.tar.gz && cd pcre-8.21/
./configure
make
make install
cd ../
3.开始安装nginx
tar zxvf nginx-1.0.11.tar.gz && cd nginx-1.0.11/
./configure --user=www --group=www \
--prefix=/usr/local/webserver/nginx \
--with-http_stub_status_module \
--with-http_ssl_module
make
make install
cd ../
4.配置nginx
cd /usr/local/webserver/nginx/conf/
mv nginx.conf nginx.conf_bak
vim nginx.conf
输入以下内容:
user www www;
worker_processes 8;
error_log /data1/logs/nginx_error.log crit;
pid /usr/local/webserver/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events
{
use epoll;
worker_connections 65535;
}
http
{
include mime.types;
default_type application/octet-stream;
#charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
server
{
listen 80 default;
server_name _;
# index index.html index.htm index.php;
return 404;
}
server
{
listen 888;
server_name _;
# index index.html index.htm index.php;
return 404;
}
include vhost/*.conf;
include vhost/admin/*.conf;
include vhost/html/*.conf;
}
5.前后台分离配置文件
cd /usr/local/webserver/nginx/conf
#前台配置文件
vim server.html.conf
输入以下内容:
index index.html index.htm index.php;
location ~ /\.ht {
deny all;
}
location ~ .*\.(sqlite|sq3)$ {
deny all;
}
location ~ .*\.(php|php5)?$ {
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
#后台配置文件
vim server.conf
输入以下内容:
index index.html index.htm index.php;
location ~ /\.ht {
deny all;
}
location ~ .*\.(sqlite|sq3)$ {
deny all;
}
location ~ .*\.(php|php5)?$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
6.启动Nginx服务并检查
ulimit -SHn 65535
/usr/local/webserver/nginx/sbin/nginx
ps -ef |grep nginx
7.简单站点部署测试
mkdir -p /usr/local/webserver/nginx/conf/vhost/html
cd /usr/local/webserver/nginx/conf/vhost/html
vim onbing.com.conf
输入以下内容:
server
{
listen 80;
server_name www.onbing.com onbing.com;
index index.html index.htm ;
root /data0/htdocs/html/onbing.com;
include server.html.conf;
log_format html_onbing '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /data1/logs/access_html_onbing.log html_onbing;
}
#网站文件存放目录
mkdir -p /data0/htdocs/html/onbing.com
vim /data0/htdocs/html/onbing.com/index.html
输入以下内容:
<html>
<head><title>onbing</title></head>
<body bgcolor="white">
<center><h1>welcome to nginx</h1></center>
</body>
</html>
chown -R www:www /data0/htdocs/html/onbing.com
#配置文件测试并重载
/usr/local/webserver/nginx/sbin/nginx -t
/usr/local/webserver/nginx/sbin/nginx -s reload
注意:
1).测试时关闭iptables
/etc/init.d/iptables stop
2).域名做hosts指向
192.168.1.24 onbing.com
192.168.1.24 www.onbing.com
3).测试命令
curl -I www.onbing.com
8.nginx日志分割
mkdir -p /data0/sh
cd /data0/sh
vim cut_nginx_log.sh
#!/bin/bash
# This script run at 00:00
# The Nginx logs path
logs_path="/usr/local/webserver/nginx/logs/"
mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`
#检查crond服务是否启动
service crond status
#编辑任务计划
crontab -e
输入以下内容:
0 0 * * * /bin/bash /data0/sh/cut_nginx_log.sh
四、MySQL安装
#检查并更新安装mysql所需要依赖的软件包
yum install -y automake autoconf libtool ncurses-devel libxslt groff pcre-devel
#安装cmake,后面安装mysql配置时需要使用
#CMAKE安装MySQL的配置参数说明:http://blog.sina.com.cn/s/blog_53b13d950100we05.html
tar zxvf cmake-2.8.7.tar.gz && cd cmake-2.8.7/
./configure
gmake && gmake install && cd ../
#创建mysql用户和组
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
说明:设置mysql用户密码:/usr/bin/passwd mysql
#创建webserver目录,将nginx,php,mysql均安装到此目录
mkdir -p /usr/local/webserver
#创建mysql数据存放目录
mkdir -p /data0/mysql/3306/data/
mkdir -p /data0/mysql/3306/binlog/
mkdir -p /data0/mysql/3306/relaylog/
chown -R mysql:mysql /data0/mysql/
#开始安装mysql-5.5.20
tar zxvf mysql-5.5.20.tar.gz && cd mysql-5.5.20/
/usr/local/bin/cmake -DCMAKE_INSTALL_PREFIX=/usr/local/webserver/mysql/ \
-DMYSQL_DATADIR=/data0/mysql/3306/data/ \
-DSYSCONFDIR=/data0/mysql/3306/ \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_FEDERATED_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DMYSQL_TCP_PORT=3306 \
-DENABLED_LOCAL_INFILE=1
make
make install
cd ../
说明:如果编译失败,删除文件重新编译:rm -f CMakeCache.txt
chown -R mysql:mysql /usr/local/webserver/mysql
chmod +w /usr/local/webserver/mysql
#以mysql用户帐号的身份建立数据表
/usr/local/webserver/mysql/scripts/mysql_install_db --basedir=/usr/local/webserver/mysql --datadir=/data0/mysql/3306/data --user=mysql
#创建my.cnf配置文件:
vim /data0/mysql/3306/my.cnf
输入以下内容:
[client]
#character-set-server = utf8
port = 3306
socket = /tmp/mysql.sock
[mysqld]
#character-set-server = utf8
replicate-ignore-db = mysql
replicate-ignore-db = test
replicate-ignore-db = information_schema
user = mysql
port = 3306
socket = /tmp/mysql.sock
basedir = /usr/local/webserver/mysql
datadir = /data0/mysql/3306/data
log-error = /data0/mysql/3306/mysql_error.log
pid-file = /data0/mysql/3306/mysql.pid
open_files_limit = 10240
back_log = 600
max_connections = 5000
max_connect_errors = 6000
table_cache = 614
external-locking = FALSE
max_allowed_packet = 32M
sort_buffer_size = 1M
join_buffer_size = 1M
thread_cache_size = 300
#thread_concurrency = 8
query_cache_size = 512M
query_cache_limit = 2M
query_cache_min_res_unit = 2k
default-storage-engine = MyISAM
thread_stack = 192K
transaction_isolation = READ-COMMITTED
tmp_table_size = 246M
max_heap_table_size = 246M
long_query_time = 3
log-slave-updates
log-bin = /data0/mysql/3306/binlog/binlog
binlog_cache_size = 4M
binlog_format = MIXED
max_binlog_cache_size = 8M
max_binlog_size = 1G
relay-log-index = /data0/mysql/3306/relaylog/relaylog
relay-log-info-file = /data0/mysql/3306/relaylog/relaylog
relay-log = /data0/mysql/3306/relaylog/relaylog
expire_logs_days = 30
key_buffer_size = 256M
read_buffer_size = 1M
read_rnd_buffer_size = 16M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 128M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover
interactive_timeout = 120
wait_timeout = 120
skip-name-resolve
#master-connect-retry = 10
slave-skip-errors = 1032,1062,126,1114,1146,1048,1396
#master-host = 192.168.1.2
#master-user = username
#master-password = password
#master-port = 3306
server-id = 1
innodb_additional_mem_pool_size = 16M
innodb_buffer_pool_size = 512M
innodb_data_file_path = ibdata1:256M:autoextend
innodb_file_io_threads = 4
innodb_thread_concurrency = 8
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 16M
innodb_log_file_size = 128M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120
innodb_file_per_table = 0
#log-slow-queries = /data0/mysql/3306/slow.log
#long_query_time = 10
[mysqldump]
quick
max_allowed_packet = 32M
#创建管理MySQL数据库的shell脚本:
vim /data0/mysql/3306/mysql
输入以下内容(这里的用户名bingadmin和密码TQHQoYc55SR68S3M接下来的步骤会创建):
#!/bin/sh
mysql_port=3306
mysql_username="bingadmin"
mysql_password="TQHQoYc55SR68S3M"
function_start_mysql()
{
printf "Starting MySQL...\n"
/bin/sh /usr/local/webserver/mysql/bin/mysqld_safe --defaults-file=/data0/mysql/${mysql_port}/my.cnf 2>&1 > /dev/null &
}
function_stop_mysql()
{
printf "Stoping MySQL...\n"
/usr/local/webserver/mysql/bin/mysqladmin -u ${mysql_username} -p${mysql_password} -S /tmp/mysql.sock shutdown
}
function_restart_mysql()
{
printf "Restarting MySQL...\n"
function_stop_mysql
sleep 5
function_start_mysql
}
if [ "$1" = "start" ]; then
function_start_mysql
elif [ "$1" = "stop" ]; then
function_stop_mysql
elif [ "$1" = "restart" ]; then
function_restart_mysql
elif [ "$1" = "kill" ]; then
function_kill_mysql
else
printf "Usage: /data0/mysql/${mysql_port}/mysql {start|stop|restart|kill}\n"
fi
#赋予shell脚本可执行权限
chmod +x /data0/mysql/3306/mysql
#启动MySQL
/data0/mysql/3306/mysql start
#通过命令行登录管理MySQL服务器
/usr/local/webserver/mysql/bin/mysql -u root -p
#创建一个具有root权限的用户(bingadmin)和密码(TQHQoYc55SR68S3M)
grant SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES on *.* to 'bingadmin'@'localhost' identified by 'TQHQoYc55SR68S3M';
grant SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES on *.* to 'bingadmin'@'127.0.0.1' identified by 'TQHQoYc55SR68S3M';
flush privileges;
说明:
1.每个数据库使用独立的数据库管理员,且分配如下权限(按实际分配):
select,insert,update,delete,create,drop,index,alter,grant,references,reload,shutdown,process,file等14个权限
2.mysql数据库用户root密码必须修改
/usr/local/webserver/mysql/bin/mysqladmin -u root password n53s8mOE4Dh7qw
#停止MySQL命令
/data0/mysql/3306/mysql stop
service mysqld stop
/etc/init.d/mysqld stop
五、安装PHP
安装php所依赖的软件:
1.安装libiconv
tar xzvf libiconv-1.14.tar.gz && cd libiconv-1.14
./configure --prefix=/usr/local/webserver/lib/libiconv
make && make install && cd ../
2.安装libmcrypt
tar xzvf libmcrypt-2.5.8.tar.gz && cd libmcrypt-2.5.8
./configure
make && make install && cd ../
3.安装mhash
tar zxvf mhash-0.9.9.9.tar.gz && cd mhash-0.9.9.9
./configure
make && make install && cd ../
4.安装mcrypt
tar -zxvf mcrypt-2.6.8.tar.gz && cd mcrypt-2.6.8
LD_LIBRARY_PATH=/usr/local/lib ./configure
make && make install && cd ../
5.开始安装php
tar xzvf php-5.3.9.tar.gz && cd php-5.3.9
./configure --prefix=/usr/local/webserver/php \
--with-config-file-path=/usr/local/webserver/php/etc \
--with-mysql=/usr/local/webserver/mysql \
--with-mysqli=/usr/local/webserver/mysql/bin/mysql_config \
--enable-mbstring \
--with-libxml-dir=/usr/local/webserver/lib/libxml2 \
--with-iconv-dir=/usr/local \
--enable-fpm \
--with-zlib-dir=/usr/local/webserver/lib/zlib \
--enable-zip \
--with-mcrypt \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--enable-xml \
--with-gd \
--enable-gd-native-ttf \
--with-mhash
make
make install
**********************************
(1)找不到“-liconv”
/usr/bin/ld: cannot find -liconv
collect2: ld returned 1 exit status
make: *** [sapi/fpm/php-fpm] Error 1
解决办法:make ZEND_EXTRA_LIBS='-liconv'
(2)编译php错误/usr/bin/ld:cannot find -lltdl
错误提示是在./configure 后make的时候出现
/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status
分析:
系统缺乏对应的库文件;
版本不对应;
库文件的链接错误;
库文件路径设置问题;
解决:
1)确认libltdl库文件是否存在
ll /usr/lib/libltdl*
ll /usr/lib/local/libltdl*
或者其他自定义的lib下有无libltdl.so
如果存在类似如libltdl.so.1,那么可以通过ln -sv libltdl.so.1 libltdl.so,建立一个连接重建libltdl.so
2)检查/etc/ld.so.conf中的库文件路径是否正确
可以直接将以下路径添加:
/usr/lib
/usr/local/lib
重建ld.so.cache文件:ldconfig
说明:重建ld.so.cache文件,ld的库文件检索目录存放文件。尤其刚刚编译安装的软件,必须运行ldconfig,才能将新安装的库文件导入ld.so.cache.
3)如果没有找到任何库文件,请执行下面
cd /tools/libmcrypt-2.5.8/libltdl
./configure --enable-ltdl-install
make && make install
*****************************************************
cp php.ini-production /usr/local/webserver/php/etc/php.ini
cp /usr/local/webserver/php/etc/php-fpm.conf.default /usr/local/webserver/php/etc/php-fpm.conf
#存放pid和日志文件
mkdir -p /usr/local/webserver/php/logs
vim /usr/local/webserver/php/etc/php-fpm.conf
修改内容为如下:
pid /usr/local/webserver/php/logs/php-fpm.pid
error_log /usr/local/webserver/php/logs/php-fpm.log
pm.max_children = 64
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 1024
user = www
group = www
************************************************************
安装PHP5扩展模块:
1.安装eaccelerator
tar jxvf eaccelerator-0.9.6.1.tar.bz2 && cd eaccelerator-0.9.6.1
/usr/local/webserver/php/bin/phpize
./configure --enable-eaccelerator=shared \
--with-php-config=/usr/local/webserver/php/bin/php-config
make && make install && cd ../
************************************************************
2.安装zend
wget http://downloads.zend.com/guard/5.5.0/ZendGuardLoader-php-5.3-linux-glibc23-i386.tar.gz
tar zxvf ZendGuardLoader-php-5.3-linux-glibc23-i386.tar.gz
mv ZendGuardLoader-php-5.3-linux-glibc23-i386/php-5.3.x/ZendGuardLoader.so /usr/local/webserver/php/lib/php/extensions
#缓存目录,下面需要使用到此目录
mkdir -p /usr/local/webserver/eaccelerator_cache
vim /usr/local/webserver/php/etc/php.ini
按shift+g添加以下内容:
zend_loader.enable=1
zend_loader.disable_licensing=0
zend_loader.obfuscation_level_support=3
zend_loader.license_path=
zend_extension=/usr/local/webserver/php/lib/php/extensions/ZendGuardLoader.so
zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/usr/local/webserver/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
#启动php并验证
/usr/local/webserver/php/sbin/php-fpm
说明:启动php-fpm时出现ZendGuardLoader.so: cannot restore segment prot after reloc: Permission denied
关闭selinux即可,具体操作如下:
vim /etc/selinux/config
将SELINUX=enforcing 改成SELINUX=disabled
setenforce 0
ps -ef |grep php
netstat -anp |grep 127.0.0.1:9000
#设置nginx,mysql和php开机启动
vim /etc/rc.d/rc.local
/usr/local/webserver/nginx/sbin/nginx
/usr/local/webserver/php/sbin/php-fpm
/data0/mysql/3306/mysql start
(因字数限制后面内容请见附件)