基於CentOS構建高性能的LAMP平台. (接).

火星人 @ 2014-03-03 , reply:0


基於CentOS構建高性能的LAMP平台. (接).

基於CentOS構建高性能的LAMP平台(接).




三、編譯安裝A.M.P環境

1.下載軟體編譯安裝
  1)下載軟體  # cd /usr/local/src
    httpd-2.2.8.tar.gz  
    mysql-5.0.51b.tar.gz   
    php-5.2.6.tar.bz2
    ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz2) 安裝MySQL
    查看分析你的CPU型號:
    http://gentoo-wiki.com/Safe_Cflags 查找您的GCC編譯參數.
    確定系統CPU類型:
    # cat /proc/cpuinfo | grep "model name"
    執行後會看到系統中CPU的具體型號,記下CPU型號。    # tar xvf mysql-5.0.51b.tar.gz   
    # cd mysql-5.0.51b
    # vi mysql.sh
-------------------cut begin-------------------------------------------

•CHOST="i686-pc-linux-gnu"

•CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"

•CXXFLAGS="${CFLAGS}"

•./configure \

•        "--prefix=/usr/local/mysql" \

•        "--localstatedir=/data/mysql/data" \

•        "--with-comment=Source" \

•        "--with-server-suffix=-LinuxTone" \

•        "--with-mysqld-user=mysql" \

•        "--without-debug" \

•        "--with-big-tables" \

•        "--with-charset=utf8" \

•        "--with-collation=utf8_chinese_ci" \

•        "--with-extra-charsets=all" \

•        "--with-pthread" \

•        "--enable-static" \

•        "--enable-thread-safe-client" \

•        "--with-client-ldflags=-all-static" \

•        "--with-mysqld-ldflags=-all-static" \

•        "--enable-assembler" \

•        "--without-isam" \

•        "--without-innodb" \

•        "--without-ndb-debug"

•make && make install

•mkdir -p /data/mysql/data

•useradd mysql -d /data/mysql -s /sbin/nologin

•/usr/local/mysql/bin/mysql_install_db --user=mysql

•cd /usr/local/mysql

•chown -R root:mysql .

•chown -R mysql /data/mysql/data

•cp share/mysql/my-huge.cnf /etc/my.cnf

•cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld

•chmod 755 /etc/rc.d/init.d/mysqld

•chkconfig --add mysqld

•/etc/rc.d/init.d/mysqld start



•cd /usr/local/mysql/bin

•for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done

••-------------------cut end---------------------------------------------
複製代碼#sh mysql.sh 即可開始編譯.  3) 編譯安裝Apache
# cd /usr/local/src
# tar xvf httpd-2.2.8.tar.gz  
# cd httpd-2.2.8
./configure \

•        "--prefix=/usr/local/apache2" \

•        "--with-included-apr" \

•        "--enable-so" \

•        "--enable-deflate=shared" \

•        "--enable-expires=shared" \

•        "--enable-rewrite=shared" \

•        "--enable-static-support" \

•        "--disable-userdir"

•make

•make install

•echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local複製代碼4.)編譯安裝PHP    # cd /usr/local/src
    # tar xjvf php-5.2.6.tar.bz2
    # cd php-5.2.6
./configure \

•        "--prefix=/usr/local/php" \

•        "--with-apxs2=/usr/local/apache2/bin/apxs" \

•        "--with-config-file-path=/usr/local/php/etc" \

•        "--with-mysql=/usr/local/mysql" \

•        "--with-libxml-dir=/usr/local/libxml2" \

•        "--with-gd=/usr/local/gd2" \

•        "--with-jpeg-dir" \

•        "--with-png-dir" \

•        "--with-bz2" \

•        "--with-freetype-dir" \

•        "--with-iconv-dir" \

•        "--with-zlib-dir " \

•        "--with-openssl=/usr/local/openssl" \

•        "--with-mcrypt=/usr/local/libmcrypt" \

•        "--enable-soap" \

•        "--enable-gd-native-ttf" \

•        "--enable-ftp" \

•        "--enable-mbstring" \

•        "--enable-exif" \

•        "--disable-ipv6" \

•        "--disable-cgi" \

•        "--disable-cli"           #禁掉ipv6,禁掉cli模式,提升速度和安全性.請根據具體需求定製相關的編譯數.

•make

•make install

•mkdir /usr/local/php/etc

•cp php.ini-dist /usr/local/php/etc/php.ini複製代碼5)Xcache的安裝.
  #tar xvf xcache-1.2.2.tar.gz
  #/usr/local/php/bin/phpize

•  ./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php/bin/php-config \

•  --enable-inline-optimization --disable-debug複製代碼#vi /usr/local/php/etc/php.ini (將以下內容加入php.ini最後面)
-------------------cut begin-------------------------------------------


•zend_extension      = /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/xcache.so





•xcache.admin.user   = "admin"

•;如何生成md5密碼: echo -n "password"| md5sum

•xcache.admin.pass   = "035d849226a8a10be1a5e0fec1f0f3ce"  #密碼為52netseek





•; Change xcache.size to tune the size of the opcode cache

•xcache.size         = 24M

•xcache.shm_scheme   = "mmap"

•xcache.count        = 4

•xcache.slots        = 8K

•xcache.ttl          = 0

•xcache.gc_interval  = 0



•; Change xcache.var_size to adjust the size of variable cache

•xcache.var_size     = 8M

•xcache.var_count    = 1

•xcache.var_slots    = 8K

•xcache.var_ttl      = 0

•xcache.var_maxttl   = 0

•xcache.var_gc_interval =     300

•xcache.test         = Off

•xcache.readonly_protection = On

•xcache.mmap_path    = "/tmp/xcache"

•xcache.coredump_directory =   ""

•xcache.cacher       = On

•xcache.stat         = On

•xcache.optimizer    = Off





•xcache.coverager    = On

•xcache.coveragedump_directory = ""•-------------------cut end---------------------------------------------
複製代碼6) 安裝Zend Optimizer   # cd /usr/local/src
    # tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
    # ./ZendOptimizer-3.3.3-linux-glibc23-i386/install.sh安裝Zend Optimizer過程的最後不要選擇重啟Apache。


2. 整合Apache與PHP及系統初化配置.
   1)整合Apache與PHP
    # vi /usr/local/apache2/conf/httpd.conf
    找到:
    AddType application/x-gzip .gz .tgz
    在該行下面添加
    AddType application/x-httpd-php .php

   找到: <IfModule dir_module>
       DirectoryIndex index.html
   </IfModule>
   將該行改為
   <IfModule dir_module>
        DirectoryIndex index.html index.htm index.php
   </IfModule>找到:#Include conf/extra/httpd-mpm.conf
#Include conf/extra/httpd-info.conf
#Include conf/extra/httpd-vhosts.conf  (虛擬主機配置文件存放目錄.)
#Include conf/extra/httpd-default.conf去掉前面的「#」號,取消註釋。
注意:以上 4 個擴展配置文件中的設置請按照相關原則進行合理配置!

修改完成後保存退出。
# /usr/local/apache2/bin/apachectl restart

  2)查看確認L.A.M.P環境信息、提升 PHP 安全性
   在網站根目錄放置 info.php 腳本,檢查phpinfo中的各項信息是否正確。   <?php
   phpinfo();
   ?>
   確認 PHP 能夠正常工作后,在 php.ini 中進行設置提升 PHP 安全性,禁掉危險的函數.
   # vi /etc/php.ini找到:disable_functions =設置為:phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server3)腳本自動完成初始化配置(以上配置可以用腳本自動化完成)
#cat init_apache_php.sh
-------------------cut begin-------------------------------------------•#!/bin/bash

•#Written by :NetSeek http://www.linuxtone.org

•#init_httpd.conf

•http_cf="/usr/local/apache2/conf/httpd.conf"

•sed -i -e "s/User daemon/User www/" -i -e "s/Group daemon/Group www/" $http_cf

•sed -i -e '121 s/^/#/' -i -e '122 s/^/#/' $http_cf

•sed -i 's#DirectoryIndex index.html# DirectoryIndex index.php index.html index.htm#/g'  $http_cf

•sed -i -e '374 s/^#//g' -i -e '389 s/^#//g' -i -e '392 s/^#//g' -i -e '401 s/^#//g' $http_cf

•#init_php(PHP安全設置及隱藏PHP版本)

•php_cf="/usr/local/php/etc/php.ini"

•sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $php_cf

•sed -i '210 s#disable_functions =#disable_functions = phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $php_cf

•sed -i '/expose_php/s/On/Off/' $php_cf

•sed -i '/display_errors/s/On/Off/' $php_cf•-------------------cut end-------------------------------------------
複製代碼三、配置虛擬主機及基本性能調優
1) 配置虛擬主機:#vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80



•<VirtualHost *:80>

•    ServerAdmin cnseek@gmail.com

•    DocumentRoot "/data/www/wwwroot/linuxtone.org"

•    ServerName www.linuxtone.org

•    ServerAlias bbs.linxutone.org

•    ErrorLog "logs/dummy-host.example.com-error_log"

•    CustomLog "|/usr/sbin/cronolog /data/logs/access_www.linuxtone.org.%Y%m%d" combined

•</VirtualHost>
複製代碼2).基本性能調優參考:(更多的調優相關文章請關注:http://bbs.linuxtone.org/index.html性能調優相關的貼子)
#vi /usr/local/apache2/conf/extra/httpd-default.conf
Timeout 15

•KeepAlive Off

•MaxKeepAliveRequests 50

•KeepAliveTimeout 5

•UseCanonicalName Off

•AccessFileName .htaccess

•ServerTokens Prod

•ServerSignature Off

•HostnameLookups Off
複製代碼#vi /usr/local/apache2/conf/extra/httpd-mpm.conf
<IfModule mpm_prefork_module>

•    ServerLimit         2000

•    StartServers          10

•    MinSpareServers       10

•    MaxSpareServers      15

•    MaxClients          2000

•    MaxRequestsPerChild   10000

•</IfModule>複製代碼3).Apache日誌處理相關問題匯總貼(http://bbs.linuxtone.org/thread-102-1-1.html)
   利用awstats分析網站日誌:http://bbs.linuxtone.org/thread-56-1-1.html

   忽略不需要的日誌配置參考具體請據據具體問題分析:
   LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
   #下面加入如下內容:    # filter the localhost visit

•    SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog

•    # filter some special directories

•    SetEnvIf Request_URI "^ZendPlatform.*

•    # filter the localhost visit

•    SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog

•    # filter some special directories

•    SetEnvIf Request_URI "^ZendPlatform.*[        DISCUZ_CODE_9        ]quot; dontlog

•    SetEnvIf Request_URI \.healthcheck\.html$ dontlog

•    SetEnvIf Remote_Addr "::1" dontlog

•    SetEnvIf Request_URI "\.getPing.php[        DISCUZ_CODE_9        ]quot; dontlog

•    SetEnvIf Request_URI "^/error\.html[        DISCUZ_CODE_9        ]quot; dontlog

•    SetEnvIf Request_URI "\.gif[        DISCUZ_CODE_9        ]quot; dontlog

•    SetEnvIf Request_URI "\.jpg[        DISCUZ_CODE_9        ]quot; dontlog

•    SetEnvIf Request_URI "\.css[        DISCUZ_CODE_9        ]quot; dontlog
複製代碼quot; dontlog
    SetEnvIf Request_URI \.healthcheck\.html$ dontlog
    SetEnvIf Remote_Addr "::1" dontlog
    SetEnvIf Request_URI "\.getPing.php[        DISCUZ_CODE_9        ]quot; dontlog
    SetEnvIf Request_URI "^/error\.html[        DISCUZ_CODE_9        ]quot; dontlog
    SetEnvIf Request_URI "\.gif[        DISCUZ_CODE_9        ]quot; dontlog
    SetEnvIf Request_URI "\.jpg[        DISCUZ_CODE_9        ]quot; dontlog
    SetEnvIf Request_URI "\.css[        DISCUZ_CODE_9        ]quot; dontlog
4). Apache防盜鏈(Apache防盜鏈相關問題匯總:http://bbs.linuxtone.org/thread-101-1-1.html)
    RewriteEngine on

•    RewriteCond %{HTTP_REFERER} !^$

•    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$

•    RewriteRule \.(gif|jpg)$ http://網站域名/nolink.png 複製代碼四、基本安全設置
  1)iptables 封鎖相關埠(推薦讀CU白金大哥的兩小時玩轉iptables)
  2)SSH全安(修改SSH埠限制來源IP登陸,或者參考http://bbs.linuxtone.org/thread-106-1-1.html)
  3)Linux防Arp攻擊策略(http://bbs.linuxtone.org/thread-41-1-1.html)
  4)注意(還是那句老話:安全工作從細節做起!)



[火星人 via ] 基於CentOS構建高性能的LAMP平台. (接).已經有132次圍觀

http://www.coctec.com/docs/service/show-post-1785.html