时间:2021-07-01 10:21:17 帮助过:22人阅读
LNMP 部署 一、准备工作: 需要准备的源码包 nginx-1.1.3.tar.gzphp-5.2.14.tar.gzphp-5.2.14-fpm-0.5.14.diff.gzmysql-5.5.33-linux2.6-x86_64.tar.gzlibiconv-1.13.1.tar.gzlibmcrypt-2.5.8.tar.gzmcrypt-2.6.8.tar.gzmemcache-2.2.5.tgzmhash-0.9.9.9.tar
需要准备的源码包
nginx-1.1.3.tar.gz php-5.2.14.tar.gz php-5.2.14-fpm-0.5.14.diff.gz mysql-5.5.33-linux2.6-x86_64.tar.gz libiconv-1.13.1.tar.gz libmcrypt-2.5.8.tar.gz mcrypt-2.6.8.tar.gz memcache-2.2.5.tgz mhash-0.9.9.9.tar.gz pcre-8.10.tar.gz eaccelerator-0.9.6.1.tar.bz2 PDO_MYSQL-1.0.2.tgz ImageMagick/ImageMagick.tar.gz imagick-3.1.2.tgz
需要用yum安装的包
install libxml2 libxml2-devel libjpeg libjpeg-devel openldap openldap-devel glibc
tar zxvf libiconv-1.13.1.tar.gz cd libiconv-1.13.1/ ./configure --prefix=/usr/local make make install cd ../ tar zxvf libmcrypt-2.5.8.tar.gz cd libmcrypt-2.5.8/ ./configure make make install /sbin/ldconfig cd libltdl/ ./configure --enable-ltdl-install make make install cd ../../ tar zxvf mhash-0.9.9.9.tar.gz cd mhash-0.9.9.9/ ./configure make make install cd ../ ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config ln -s /usr/lib64/libjpeg.so /usr/lib/libjpeg.so ln -s /usr/lib64/libpng.so /usr/lib/libpng.so cp -frp /usr/lib64/libldap* /usr/lib/ tar zxvf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8/ /sbin/ldconfig ./configure make make install cd ../
安装过程
## 为MySQL建立用户和组 groupadd -g 3306 mysql useradd -g mysql -u 3306 -s /sbin/nologin -M mysql ## 二进制安装方式 tar xf mysql-5.5.15-linux2.6-i686.tar.gz -C /usr/local ln -sv /usr/local/mysql-5.5.15-linux.2.6-i686 /usr/local/mysql mkdir /mydata ## 创建数据保存目录 chown -R mysql:mysql /mydata/ cd /usr/local/mysql scripts/mysql_install_db --user=mysql --datadir=/mydata/data chown -R root . ## 加入启动脚本 cp support-files/mysql.server /etc/init.d/mysqld chkconfig --add mysqld ##修改配置文件 cp support-files/my-large.cnf /etc/my.cnf ## 加入mySQL命令 export PATH=$PATH:/usr/local/mysql/bin ## 定义头文件 ln -sv /usr/local/mysql/include /usr/include/mysql ldconfig
配置过程
vim /etc/my.cnf
在[mysqld]段内加入并修改以下两处
datadir = /mydata/data thread_concurrency 2 ## (并发线程数,一般是cpu核心的两倍)
vim /etc/profile
在里面加入:
PATH=$PATH:/usr/local/mysql/bin
vim /etc/ld.so.conf.d/mysql.conf
写入
/usr/local/mysql/lib
启用过程
service mysqld start cd /root/lnmp
输入以下SQL语句,创建一个具有root权限的用户(admin)和密码(ops.cntv.cn):
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'ops.cntv.cn'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'127.0.0.1' IDENTIFIED BY 'ops.cntv.cn';
tar zxvf php-5.2.14.tar.gz gzip -cd php-5.2.14-fpm-0.5.14.diff.gz | patch -d php-5.2.14 -p1 cd php-5.2.14/ ./configure --prefix=/usr/local/php \ --with-config-file-path=/usr/local/php/etc \ --with-mysql=/usr/local/mysql \ --with-mysqli=/usr/local/mysql/bin/mysql_config \ --with-iconv-dir=/usr/local \ --with-freetype-dir \ --with-jpeg-dir \ --with-png-dir \ --with-zlib \ --with-libxml-dir=/usr \ --enable-xml \ --disable-rpath \ --enable-discard-path \ --enable-safe-mode \ --enable-bcmath \ --enable-shmop \ --enable-sysvsem \ --enable-inline-optimization \ --with-curl --with-curlwrappers \ --enable-mbregex \ --enable-fastcgi \ --enable-fpm \ --enable-force-cgi-redirect \ --enable-mbstring --with-mcrypt \ --with-gd --enable-gd-native-ttf \ --with-openssl \ --with-mhash \ --enable-pcntl \ --enable-sockets \ --with-ldap \ --with-ldap-sasl \ --with-xmlrpc \ --enable-zip \ --enable-soap make ZEND_EXTRA_LIBS='-liconv' make install cp php.ini-dist /usr/local/php/etc/php.ini cd ../
tar zxvf memcache-2.2.5.tgz cd memcache-2.2.5/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../ tar jxvf eaccelerator-0.9.6.1.tar.bz2 cd eaccelerator-0.9.6.1/ /usr/local/php/bin/phpize ./configure --enable-eaccelerator=shared \ --with-php-config=/usr/local/php/bin/php-config make make install cd ../ tar zxvf PDO_MYSQL-1.0.2.tgz cd PDO_MYSQL-1.0.2/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config \ --with-pdo-mysql=/usr/local/mysql make make install cd ../ tar zxvf ImageMagick.tar.gz cd ImageMagick-6.5.1-2/ ./configure make make install ln -s /usr/local/include/ImageMagick-6 /usr/local/include/ImageMagick cd ../ tar zxvf imagick-2.3.0.tgz cd imagick-2.3.0/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../
手工修改:
查找/usr/local/php/etc/php.ini
中的extension_dir = "./"
修改为
extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
增加以下几行
extension = "memcache.so" extension = "pdo_mysql.so" extension = "imagick.so"
再查找output_buffering = Off
修改为 On
再查找;cgi.fix_pathinfo=0
去掉“;”号,防止Nginx文件类型错误解析漏洞。
mkdir -p /usr/local/eaccelerator_cache vi /usr/local/php/etc/php.ini
跳到配置文件的最末尾,加上以下配置信息:
[eaccelerator] zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so" eaccelerator.shm_size="64" eaccelerator.cache_dir="/usr/local/eaccelerator_cache" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="3600" eaccelerator.shm_prune_period="3600" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9"
/usr/sbin/groupadd www /usr/sbin/useradd -g www www mkdir -p /web chmod +w /web chown -R www:www /web
在/usr/local/php/etc/
目录中创建php-fpm.conf
文件:
rm -f /usr/local/php/etc/php-fpm.conf vim /usr/local/php/etc/php-fpm.conf
输入以下内容
All relative paths in this config are relative to php's install prefix Pid file /usr/local/php/logs/php-fpm.pid Error log file/usr/local/php/logs/php-fpm.log Log levelnotice When this amount of php processes exited with SIGSEGV or SIGBUS ...10 ... in a less than this interval of time, a graceful restart will be initiated. Useful to work around accidental curruptions in accelerator's shared memory.1m Time limit on waiting child's reaction on signals from master5s Set to 'no' to debug fpmyes Name of pool. Used in logs and stats. default Address to accept fastcgi requests on. Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'127.0.0.1:9000 Set listen(2) backlog Additional php.ini defines, specific to this pool of workers.-1 Set permissions for unix socket, if one used. In Linux read/write permissions must be set in order to allow connections from web server. Many BSD-derrived systems allow connections regardless of permissions.0666 Unix user of processes /usr/sbin/sendmail -t -i 0 www Unix group of processeswww Process manager settingsSets style of controling worker process count. Valid values are 'static' and 'apache-like' The timeout (in seconds) for serving a single request after which the worker process will be terminated Should be used when 'max_execution_time' ini option does not stop script execution for some reason '0s' means 'off'static Sets the limit on the number of simultaneous requests that will be served. Equivalent to Apache MaxClients directive. Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi Used with any pm_style.128 Settings group for 'apache-like' pm styleSets the number of server processes created on startup. Used only when 'apache-like' pm_style is selected 20 Sets the desired minimum number of idle server processes. Used only when 'apache-like' pm_style is selected5 Sets the desired maximum number of idle server processes. Used only when 'apache-like' pm_style is selected35 0s The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file '0s' means 'off'0s The log file for slow requestslogs/slow.log Set open file desc rlimit65535 Set max core size rlimit0 Chroot to this directory at the start, absolute pathChdir to this directory at the start, absolute path Redirect workers' stdout and stderr into main error log. If not set, they will be redirected to /dev/null, according to FastCGI specs yes How much requests each process should execute before respawn. Useful to work around memory leaks in 3rd party libraries. For endless request processing please specify 0 Equivalent to PHP_FCGI_MAX_REQUESTS1024 Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect. Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+) Makes sense only with AF_INET listening socket.127.0.0.1 Pass environment variables like LD_LIBRARY_PATH All $VARIABLEs are taken from current environment$HOSTNAME /usr/local/bin:/usr/bin:/bin /tmp /tmp /tmp $OSTYPE $MACHTYPE 2
需要添加一个软连接
ln -s /lib64/libpcre.so.0.0.1 /lib64/libpcre.so.1
ulimit -SHn 65535 /usr/local/php/sbin/php-fpm start
注意:如果要重启,可以使用 reload 命令
tar zxvf pcre-8.10.tar.gz cd pcre-8.10/ ./configure make && make install cd ../
tar zxvf nginx-1.1.3.tar.gz cd nginx-1.1.3/ ./configure --user=www \ --group=www \ --prefix=/usr/local/nginx \ --with-http_stub_status_module \ --with-http_ssl_module make && make install cd ../
mkdir -p /web/logs chmod +w /web/logs chown -R www:www /web/logs
在/usr/local/nginx/conf/
目录中创建nginx.conf
文件:
rm -f /usr/local/nginx/conf/nginx.conf vi /usr/local/nginx/conf/nginx.conf
输入以下内容:
user www www; worker_processes 8; ## 根据自己的CPU来决定到底应该是多少 error_log /web/logs/nginx_error.log crit; pid /usr/local/nginx/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; #charset gb2312; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; server { listen 80; server_name 192.168.0.156; ## 这里简单测试,所以直接使用IP index index.html index.htm index.php; root /web; #limit_conn crawler 20; location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 1h; } location /status { stub_status on; ## 开启状态统计,为后面的优化做测试 } log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; access_log /web/logs/access.log access; } }
在/usr/local/nginx/conf/目录中创建.conf文件:
vi /usr/local/nginx/conf/fcgi.conf
输入以下内容:
fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
ulimit -SHn 65535 /usr/local/nginx/sbin/nginx
vim /etc/rc.local
在末尾增加以下内容:
ulimit -SHn 65535 /usr/local/php/sbin/php-fpm start /usr/local/nginx/sbin/nginx
一般来说nginx 配置文件中对优化比较有作用的为以下几项:
worker_processes 8; #nginx 进程数,建议按照cpu 数目来指定,一般为它的倍数。 worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000; #为每个进程分配cpu,上例中将8 个进程分配到8 个cpu,当然可以写多个,或者将一个进程分配到多个cpu。 worker_rlimit_nofile 102400; #这个指令是指当一个nginx 进程打开的最多文件描述符数目,理论值应该是最多打开文件数(ulimit -n)与nginx 进程数相除,但是nginx 分配请求并不是那么均匀,所以最好与ulimit-n 的值保持一致。 use epoll; #使用epoll 的I/O 模型,这个不用说了吧。 worker_connections 102400; #每个进程允许的最多连接数, 理论上每台nginx 服务器的最大连接数为worker_processes*worker_connections。 keepalive_timeout 60; #keepalive 超时时间。 client_header_buffer_size 4k; #客户端请求头部的缓冲区大小,这个可以根据你的系统分页大小来设置,一般一个请求头的大小不会超过1k,不过由于一般系统分页都要大于1k,所以这里设置为分页大小。分页大小可以用命令getconf PAGESIZE 取得。 open_file_cache max=102400 inactive=20s; #这个将为打开文件指定缓存,默认是没有启用的,max 指定缓存数量,建议和打开文件数一致,inactive 是指经过多长时间文件没被请求后删除缓存。 open_file_cache_valid 30s; #这个是指多长时间检查一次缓存的有效信息。 open_file_cache_min_uses 1; #open_file_cache 指令中的inactive 参数时间内文件的最少使用次数,如果超过这个数字,文件描述符一直是在缓存中打开的,如上例,如果有一个文件在inactive 时间内一次没被使用,它将被移除。
/etc/sysctl.conf
net.ipv4.tcp_max_tw_buckets = 6000 #timewait 的数量,默认是180000。 net.ipv4.ip_local_port_range = 1024 65000 #允许系统打开的端口范围。 net.ipv4.tcp_tw_recycle = 1 #启用timewait 快速回收。 net.ipv4.tcp_tw_reuse = 1 #开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接。 net.ipv4.tcp_syncookies = 1 #开启SYN Cookies,当出现SYN 等待队列溢出时,启用cookies 来处理。 net.core.somaxconn = 262144 #web 应用中listen 函数的backlog 默认会给我们内核参数的net.core.somaxconn 限制到128,而nginx 定义的NGX_LISTEN_BACKLOG 默认为511,所以有必要调整这个值。 net.core.netdev_max_backlog = 262144 #每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目。 net.ipv4.tcp_max_orphans = 262144 #系统中最多有多少个TCP 套接字不被关联到任何一个用户文件句柄上。如果超过这个数字,孤儿连接将即刻被复位并打印出警告信息。这个限制仅仅是为了防止简单的DoS 攻击,不能过分依靠它或者人为地减小这个值,更应该增加这个值(如果增加了内存之后)。 net.ipv4.tcp_max_syn_backlog = 262144 #记录的那些尚未收到客户端确认信息的连接请求的最大值。对于有128M 内存的系统而言,缺省值是1024,小内存的系统则是128。 net.ipv4.tcp_timestamps = 0 #时间戳可以避免序列号的卷绕。一个1Gbps 的链路肯定会遇到以前用过的序列号。时间戳能够让内核接受这种“异常”的数据包。这里需要将其关掉。 net.ipv4.tcp_synack_retries = 1 #为了打开对端的连接,内核需要发送一个SYN 并附带一个回应前面一个SYN 的ACK。也就是所谓三次握手中的第二次握手。这个设置决定了内核放弃连接之前发送SYN+ACK 包的数量。 net.ipv4.tcp_syn_retries = 1 #在内核放弃建立连接之前发送SYN 包的数量。 net.ipv4.tcp_fin_timeout = 1 #如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2 状态的时间。对端可以出错并永远不关闭连接,甚至意外当机。缺省值是60 秒。2.2 内核的通常值是180 秒,你可以按这个设置,但要记住的是,即使你的机器是一个轻载的WEB 服务器,也有因为大量的死套接字而内存溢出的风险,FIN- WAIT-2 的危险性比FIN-WAIT-1 要小,因为它最多只能吃掉1.5K 内存,但是它们的生存期长些。 net.ipv4.tcp_keepalive_time = 30 #当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时。
fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m; #这个指令为FastCGI 缓存指定一个路径,目录结构等级,关键字区域存储时间和非活动删除时间。 fastcgi_connect_timeout 300; #指定连接到后端FastCGI 的超时时间。 fastcgi_send_timeout 300; #向FastCGI 传送请求的超时时间,这个值是指已经完成两次握手后向FastCGI 传送请求的超时时间。 fastcgi_read_timeout 300; #接收FastCGI 应答的超时时间,这个值是指已经完成两次握手后接收FastCGI 应答的超时时间。 fastcgi_buffer_size 4k; #指定读取FastCGI 应答第一部分需要用多大的缓冲区,一般第一部分应答不会超过1k,由于页面大小为4k,所以这里设置为4k。 fastcgi_buffers 8 4k; #指定本地需要用多少和多大的缓冲区来缓冲FastCGI 的应答。 fastcgi_busy_buffers_size 8k; #这个指令我也不知道是做什么用,只知道默认值是fastcgi_buffers 的两倍。 fastcgi_temp_file_write_size 8k; #在写入fastcgi_temp_path 时将用多大的数据块,默认值是fastcgi_buffers 的两倍。 fastcgi_cache TEST #开启FastCGI 缓存并且为其制定一个名称。个人感觉开启缓存非常有用,可以有效降低CPU 负载,并且防止502 错误。 fastcgi_cache_valid 200 302 1h; fastcgi_cache_valid 301 1d; fastcgi_cache_valid any 1m; #为指定的应答代码指定缓存时间,如上例中将200,302 应答缓存一小时,301 应答缓存1 天,其他为1 分钟。 fastcgi_cache_min_uses 1; #缓存在fastcgi_cache_path 指令inactive 参数值时间内的最少使用次数,如上例,如果在5 分钟内某文件1 次也没有被使用,那么这个文件将被移除。 fastcgi_cache_use_stale error timeout invalid_header http_500; #不知道这个参数的作用,猜想应该是让nginx 知道哪些类型的缓存是没用的。
60 #同时处理的并发请求数,即它将开启最多60 个子线程来处理并发连接。102400 #最多打开文件数。204800 #每个进程在重置之前能够执行的最多请求数。
原文地址:LNMP环境部署, 感谢原作者分享。