日期:2011-05-28 20:42:00 来源:本站整理
CentOS 5.4安装Nginx+PHP+Mysql教程[服务器安全]
本文“CentOS 5.4安装Nginx+PHP+Mysql教程[服务器安全]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
本文是在CentOS 5.4 操作系统下测试通过的,用的是DiaHosting上 的32位系统,为什么要用32位系统?就是为了节俭内存,VPS内存都不是很多的,纯32位系统比X86_X64兼用32位系统更省内存.
安装步骤:
1,进级系统和安装相关的程序库
yum -y install yum-fastestmirror
yum -y update
yum -y install patch make gcc gcc-c++ gcc-g77 flex bison
yum -y install libtool libtool-libs kernel-devel autoconf
yum -y install libjpeg libjpeg-devel libpng libpng-devel
yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel
yum -y install glib2 glib2-devel bzip2 diff*
yum -y install bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs
yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel
yum -y install openssl openssl-devel vim-minimal
yum -y install fonts-chinese scim-chewing scim-pinyin scim-tables-chinese
2,下载相关程序源码包
wget http://catlnmp.谷歌code.com/files/libiconv-1.13.1.tar.gz
wget http://catlnmp.谷歌code.com/files/libmcrypt-2.5.8.tar.gz
wget http://catlnmp.谷歌code.com/files/mhash-0.9.9.9.tar.gz
wget http://catlnmp.谷歌code.com/files/mcrypt-2.6.8.tar.gz
wget http://catlnmp.谷歌code.com/files/mysql-5.1.44.tar.gz
wget http://php-fpm.org/downloads/php-5.2.13-fpm-0.5.13.diff.gz
wget http://www.sfr-fresh.com/unix/www/php-5.2.13.tar.gz
wget http://catlnmp.谷歌code.com/files/memcache-2.2.5.tgz
wget http://catlnmp.谷歌code.com/files/PDO_MYSQL-1.0.2.tgz
wget http://catlnmp.谷歌code.com/files/eaccelerator-0.9.6.tar.bz2
wget http://catlnmp.谷歌code.com/files/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
wget http://catlnmp.谷歌code.com/files/ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz
wget http://catlnmp.谷歌code.com/files/pcre-8.01.tar.gz
wget http://catlnmp.谷歌code.com/files/nginx-0.7.65.tar.gz
wget http://catlnmp.谷歌code.com/files/phpMyAdmin-3.2.4-all-languages.tar.gz
wget http://catlnmp.谷歌code.com/files/index.php
3,开始安装,先安装PHP需求的库程序
tar zxvf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure –prefix=/usr/local
make
make install
cd ../
------------------------------------------------
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure –enable-ltdl-install
make
make install
cd ../../
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../
--------------------------------------------------------------
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
---------------------------------------------------------------------------------------
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
./configure
make
make install
cd ../
--------------------------------
4,安装mysql
tar -zxvf mysql-5.1.44.tar.gz
cd mysql-5.1.44
./configure -prefix=/usr/local/mysql -with-extra-charsets=all -enable-thread-safe-client -enable-assembler -with-charset=utf8 -enable-thread-safe-client -with-extra-charsets=all -with-big-tables -with-readline -with-ssl -with-embedded-server -enable-local-infile -without-debug
make
make install
cd ../
------------------------------------------------
groupadd mysql
useradd -g mysql mysql
cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db -user=mysql //这里是用户名要对应上面设置的用户
chown -Rmysql /usr/local/mysql/var
chgrp -R mysql /usr/local/mysql/
增添Mysql启动服务,并且设置root密码
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod 755 /etc/init.d/mysql
chkconfig --level 345 mysql on
echo “/usr/local/mysql/lib/mysql” >> /etc/ld.so.conf
echo “/usr/local/lib” >> /etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
service mysql start
/usr/local/mysql/bin/mysqladmin -u root password root //root改成你需求的密码
service mysql restart
5、安装PHP(FastCGI情势)
tar zxvf php-5.2.13.tar.gz
gzip -cd php-5.2.13-fpm-0.5.13.diff.gz | patch -d php-5.2.13 -p1
cd php-5.2.13/
./buildconf -force
./configure -prefix=/usr/local/php -with-config-file-path=/usr/local/php/etc -with-mysql=/usr/local/mysql -with-mysqli=/usr/local/mysql/bin/mysql_config -with-iconv-dir=/usr/local -with-freetype-dir -with-jpeg-dir -with-png-dir -with-zlib -with-libxml-dir=/usr -enable-xml -disable-rpath -enable-discard-path -enable-safe-mode -enable-bcmath -enable-shmop -enable-sysvsem -enable-inline-optimization -with-curl -with-curlwrappers -enable-mbregex -enable-fastcgi -enable-fpm -enable-force-cgi-redirect -enable-mbstring -with-mcrypt -with-gd -enable-gd-native-ttf -with-mhash -enable-pcntl -enable-sockets -with-xmlrpc -enable-zip -enable-ftp
make ZEND_EXTRA_LIBS=’-liconv’
make install
cp php.ini-dist /usr/local/php/etc/php.ini
cd ../
6,安装PHP扩大模块
tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/usr/local/php/bin/phpize
./configure –with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure –with-php-config=/usr/local/php/bin/php-config –with-pdo-mysql=/usr/local/mysql
make
make install
cd ../
安装Zend Optimizer,32位系统版本
tar zxvf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
mkdir -p /usr/local/zend/
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/zend/
假如是64位系统,则
tar zxvf ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz
mkdir -p /usr/local/zend/
cp ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /usr/local/zend/
配置php.ini
cat >>/usr/local/php/etc/php.ini<
7,改正php.ini文件
手工改正:查找/usr/local/php/etc/php.ini中的extension_dir = “./”
改正成extension_dir = “/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/”
并在此行后增添以下几行,然后保存:
extension = “memcache.so”
extension = “pdo_mysql.so”
再查找 output_buffering = Off
改正成output_buffering = On
自动改正:可履行以下shell号令,自动完成对php.ini文件的改正:
sed -i ‘s#extension_dir = “./”#extension_dir = “/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/”nextension = “memcache.so”nextension = “pdo_mysql.so”n#’ /usr/local/php/etc/php.ini
sed -i ‘s#output_buffering = Off#output_buffering = On#’ /usr/local/php/etc/php.ini
8,配置eAccelerator加快PHP:
成立缓存目录
mkdir -p /usr/local/eaccelerator_cache
配置php.ini
cat >>/usr/local/php/etc/php.ini<
[eaccelerator]
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/usr/local/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
EOF
9,成立www用户和组,以及主机需求的目录,日记目录
groupadd www
useradd -g www www
mkdir -p /home/www
chmod +w /home/www
mkdir -p /home/www/logs
chmod 777 /home/www/logs
chown -R www:www /home/www
10,成立php-fpm配置文件
rm -f /usr/local/php/etc/php-fpm.conf
vi /usr/local/php/etc/php-fpm.conf
输入以下内容,我设置开的进程是5个.需求更改良程数,可以改正5(这里要留神一下,今后大概你需求改正)
All relative paths in this config are relative to php’s install prefix
Pid file
/usr/local/php/logs/php-fpm.pid
Error log file
/usr/local/php/logs/php-fpm.log
Log level
notice
When this amount of php processes exited with SIGSEGV or SIGBUS …
10
… in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator’s shared memory.
1m
Time limit on waiting child’s reaction on signals from master
5s
Set to ‘no’ to debug fpm
yes
Name of pool. Used in logs and stats.
default
Address to accept fastcgi requests on.
Valid syntax is ‘ip.ad.re.ss:port’ or just ‘port’ or ‘/path/to/unix/socket’
/tmp/php-cgi.sock
Set listen(2) backlog
-1
Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.
0666
Additional php.ini defines, specific to this pool of workers.
/usr/sbin/sendmail -t -i
1
Unix user of processes
www
Unix group of processes
www
Process manager settings
Sets style of controling worker process count.
Valid values are ‘static’ and ‘apache-like’
static
Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
5
Settings group for ‘apache-like’ pm style
Sets the number of server processes created on startup.
Used only when ‘apache-like’ pm_style is selected
20
Sets the desired minimum number of idle server processes.
Used only when ‘apache-like’ pm_style is selected
5
Sets the desired maximum number of idle server processes.
Used only when ‘apache-like’ pm_style is selected
35
The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when ‘max_execution_time’ ini option does not stop script execution for some reason
’0s’ means ‘off’
0s
The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
’0s’ means ‘off’
0s
The log file for slow requests
logs/slow.log
Set open file desc rlimit
51200
Set max core size rlimit
0
Chroot to this directory at the start, absolute path
Chdir to this directory at the start, absolute path
Redirect workers’ stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
yes
How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
10240
Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
127.0.0.1
Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment
$HOSTNAME
/usr/local/bin:/usr/bin:/bin
/tmp
/tmp
/tmp
$OSTYPE
$MACHTYPE
2
11,启动php-cgi进程,监听127.0.0.1的9000端口,进程数为5,用户为www
ulimit -SHn 65535
/usr/local/php/sbin/php-fpm start
注:/usr/local/php/sbin/php-fpm还有其他参数,包 括:start|stop|quit|restart|reload|logrotate,改正php.ini后不重启php-cgi,重新加载配置文件 利用reload
12,安装Nginx
tar zxvf pcre-8.01.tar.gz
cd pcre-8.01/
./configure
make && make install
cd ../
tar zxvf nginx-0.7.65.tar.gz
cd nginx-0.7.65/
./configure -user=www -group=www -prefix=/usr/local/nginx -with-http_stub_status_module -with-http_ssl_module -with-http_gzip_static_module
make && make install
cd ../
13,成立Nginx配置文件
mkdir -p /usr/local/nginx/conf/servers
rm -f /usr/local/nginx/conf/nginx.conf
vi /usr/local/nginx/conf/nginx.conf
输入以下内容:
user www www;
worker_processes 1;
error_log /home/www/logs/nginx_error.log crit;
pid /usr/local/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events
{
use epoll;
worker_connections 65535;
}
http
{
include mime.types;
default_type application/octet-stream;
#charse gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 128k;
large_client_header_buffers 4 256k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
output_buffers 4 32k;
postpone_output 1460;
#limit_zone crawler $binary_remote_addr 10m;
server
{
listen 80;
server_name vps.imcat.in;
index index.html index.htm index.php;
include location.conf;
root /home/www;
}
include servers/*;
}
14,在/usr/local/nginx/conf/目录中成立location.conf文件:
vi /usr/local/nginx/conf/location.conf
输入内容:
location ~ .*.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*.(js|css)?$
{
expires 12h;
}
多站点管理,可以在/usr/local/nginx/conf/servers目录增添配置文件,格局为:
vi /usr/local/nginx/conf/servers/imcat.conf
内容:
server
{
listen 80;
server_name imcat.in;
index index.html index.htm index.php;
root /home/www/imcat;
}
请注意,我是没有开启Nginx日记记录功效的.
启动Nginx:
ulimit -SHn 65535
/usr/local/nginx/sbin/nginx
放个探针看看
mv index.php /home/www/
拜候你的IP看看吧!
15,安装phpMyAdmin,管理Mysql数据库
tar zxvf phpMyAdmin-3.2.4-all-languages.tar.gz
mv phpMyAdmin-3.2.4-all-languages /home/www/phpmyadmin
16,配置开机自动启动Nginx + PHP
echo “ulimit -SHn 65535″ >>/etc/rc.local
echo “/usr/local/php/sbin/php-fpm start” >>/etc/rc.local
echo “/usr/local/nginx/sbin/nginx” >>/etc/rc.local
17,优化Linux内核参数(我只在Xen VPS用过,Openvz VPS失利,慎用)
vi /etc/sysctl.conf
在最后加入
# Add
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535
使配置当即见效:
/sbin/sysctl -p
18,需求安装ftp的,可以简单安装vsftpd利用:
yum -y install vsftpd
/etc/init.d/vsftpd start
chkconfig –level 345 vsftpd on
19,请务必更改www用户密码:
passwd www
本文地址: | 与您的QQ/BBS好友分享! |
评论内容只代表网友观点,与本站立场无关!
评论摘要(共 0 条,得分 0 分,平均 0 分)
查看完整评论