• [ 手记 ] LNMP安装过程及优化

    环境:CentOS release 6.4 x64

    1、配置防火墙:

    上一篇博客已经写过:http://www.cnblogs.com/hukey/p/5300832.html

     2、修改sysctl.conf提高Web服务器性能:

    [root@cloud ~]# vim /etc/sysctl.conf

    在末尾追加:

    fs.file-max = 655350  # 系统文件描述符总量
    
net.ipv4.ip_local_port_range = 1024 65535  # 打开端口范围
    
net.ipv4.tcp_max_tw_buckets = 2000  # 设置tcp连接时TIME_WAIT个数
net.ipv4.tcp_tw_recycle = 1  # 开启快速tcp TIME_WAIT快速回收
net.ipv4.tcp_tw_reuse = 1  # 开启TIME_WAIT重用
net.ipv4.tcp_syncookies = 1  # 开启SYN cookies 当出现syn等待溢出,启用cookies来处理,可防范少量的syn攻击
net.ipv4.tcp_syn_retries = 2  # 对于一个新建的tcp连接,内核要发送几个SYN连接请求才决定放弃
net.ipv4.tcp_synack_retries = 2  # 这里是三次握手的第二次连接,服务器端发送syn+ack响应 这里决定内核发送次数
net.ipv4.tcp_keepalive_time = 1200  # tcp的长连接,这里注意:tcp的长连接与HTTP的长连接不同
net.ipv4.tcp_fin_timeout = 15    # 设置保持在FIN_WAIT_2状态的时间
net.ipv4.tcp_max_syn_backlog = 20000  # tcp半连接最大限制数
net.core.somaxconn = 65535  # 定义一个监听最大的队列数
net.core.netdev_max_backlog = 65535  # 当网络接口比内核处理数据包速度快时,允许送到队列数据包的最大数目

    保存退出
    [root@cloud ~]# sysctl -p   # 添加生效

     2、修改limits.conf修改

    limits.conf文件实际是Linux pam.d中pam.limits.so的配置文件,而且只是针对单个会话做限定

    修改内容如下:

    [root@cloud ~]# vim /etc/security/limits.conf


*               soft    nproc           65535  # 单个用户可用的最大进程数量(软限制)
*               hard    nproc           65535  # 单个用户可用的最大进程数量(硬限制)
*               soft    nofile          65535  # 单个用户可打开的最大文件描述符(软限制)
*               hard    nofile          65535  # 单个用户可打开的最大文件描述符(硬限制)

    保存退出
    [root@cloud ~]# vim /etc/pam.d/login

    session    required     pam_limits.so  # 插入该行,用户登录执行该模块

    重新登出、登录

    至此,系统环境的优化完成。

    1、安装nginx

    在配置环境时候,我们需要wgetyi一些软件包到本地,因此添加如下防火墙规则:

    iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT  # 允许本地访问对方80端口
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT  # 允许本地访问对方HTTPS 443端口
    [root@cloud src]# cd /usr/local/src/
[root@cloud src]# wget http://mirrors.sohu.com/nginx/nginx-1.9.9.tar.gz    # 安装nginx1.9.9版本
    # 配置yum环境
    [root@cloud src]# rm -rf /etc/yum.repos.d/*
[root@cloud src]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
    [root@cloud src]# yum install pcre-devel openssl-devel zlib-devel -y 
# pcre 支持正则表达式
# zlib 支持数据压缩
# openssl支持HTTPS
    [root@cloud src]# groupadd -g 800 nginx
[root@cloud src]# useradd -u 800 -g 800 -s /sbin/nologin nginx
    [root@cloud ~]# yum install gcc* -y
    [root@cloud src]# tar xf nginx-1.9.9.tar.gz 

    [root@cloud src]# cd nginx-1.9.9

    [root@cloud nginx-1.9.9]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module  --with-pcre
    # --with-http_ssl_module 启用HTTPS加密
# --with-http_stub_status_module 启用nginx状态监控
# --with-http_gzip_static_module  启用静态压缩
# --with-http_realip_module 做代理时获取客户端真实IP
    # 这里说下,在编译之前需要安装编译支持环境

    [root@cloud nginx-1.9.9]# make && make install  
     
    [root@cloud nginx-1.9.9]# vim /etc/profile.d/nginx.sh
export PATH=$PATH:/usr/local/nginx/sbin
#保存退出
[root@cloud nginx-1.9.9]# source /etc/profile.d/nginx.sh

--------以上为将nginx命令添加到环境变量中------------

[root@cloud nginx-1.9.9]# vim /etc/init.d/nginxd   # 添加启动脚本
#!/bin/bash
# nginx - this script starts and stops the nginx daemon 
# 
# chkconfig: - 85 15 
# description: Nginx is an HTTP(S) server, HTTP(S) reverse  
#   proxy and IMAP/POP3 proxy server 
# processname: nginx 
# config: /etc/nginx/nginx.conf 
# config: /etc/sysconfig/nginx 
# pidfile: /var/run/nginx.pid 
# Source function library. 
. /etc/rc.d/init.d/functions 
# Source networking configuration. 
. /etc/sysconfig/network 
# Check that networking is up. 
[ "$NETWORKING" = "no" ] && exit 0 
    nginx="/usr/local/nginx/sbin/nginx" 
    prog=$(basename $nginx) 
    NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" 
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx 
    lockfile=/var/lock/subsys/nginx 
 
start() { 
    [ -x $nginx ] || exit 5 
    [ -f $NGINX_CONF_FILE ] || exit 6 
    echo -n $"Starting $prog: " 
    daemon $nginx -c $NGINX_CONF_FILE 
    retval=$? 
    echo 
[ $retval -eq 0 ] && touch $lockfile 
    return $retval 
} 
 
stop() { 
    echo -n $"Stopping $prog: " 
    killproc $prog -QUIT 
    retval=$? 
    echo 
[ $retval -eq 0 ] && rm -f $lockfile 
    return $retval 
    killall -9 nginx 
} 
 
restart() { 
    configtest || return $? 
    stop 
    sleep 1 
    start 
} 
 
reload() { 
    configtest || return $? 
    echo -n $"Reloading $prog: " 
    killproc $nginx -HUP 
    RETVAL=$? 
    echo 
} 
 
force_reload() { 
    restart 
} 
 
configtest() { 
    $nginx -t -c $NGINX_CONF_FILE 
} 
 
rh_status() { 
    status $prog 
} 
 
rh_status_q() { 
    rh_status >/dev/null 2>&1 
} 
 
case "$1" in 
    start) 
        rh_status_q && exit 0 
        $1 
    ;; 
    stop) 
        rh_status_q || exit 0 
        $1 
    ;; 
    restart|configtest) 
        $1 
    ;; 
    reload) 
        rh_status_q || exit 7 
        $1 
    ;; 
    force-reload) 
        force_reload 
    ;; 
    status) 
        rh_status 
    ;; 
    condrestart|try-restart) 
        rh_status_q || exit 0 
    ;; 
    *) 
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" 
        exit 2 
esac 
http://i.cnblogs.com/EditPosts.aspx?postid=5304437&update=1
#保存退出
[root@cloud nginx-1.9.9]# chmod +x /etc/init.d/nginxd  # 给执行权限
[root@cloud nginx-1.9.9]# chkconfig --add nginxd  # 添加开机启动项
    [root@cloud nginx-1.9.9]# chkconfig nginxd on
    
[root@cloud nginx    -1.9.9]# chkconfig --list nginxd
nginxd             0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
[root@cloud nginx-1.9.9]# service nginxd start
正在启动 nginx:                                           [确定]

    nginx安装完毕。

     通过客户端访问正常

     

    2、安装MySQL

    [root@cloud nginx-1.9.9]# cd /usr/local/src/
[root@cloud src]# wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.29-linux-glibc2.5-x86_64.tar.gz  # 下载MySQL
[root@cloud src]# groupadd -g 306 mysql  # 创建mysql组和mysql用户
[root@cloud src]# useradd -u 306 -g 306 -s /sbin/nologin mysql
[root@cloud src]# tar xf mysql-5.6.29-linux-glibc2.5-x86_64.tar.gz  # 解压mysql压缩包
[root@cloud src]# ln -vs /usr/local/src/mysql-5.6.29-linux-glibc2.5-x86_64 /usr/local/mysql  # 创建mysql软连接到/usr/local/mysql
"/usr/local/mysql" -> "/usr/local/src/mysql-5.6.29-linux-glibc2.5-x86_64"  
[root@cloud nginx]# cd /usr/local/mysql/
[root@cloud mysql]# rpm -qa | grep mysql   # 查看系统是否默认安装有mysql包
mysql-libs-5.1.66-2.el6_3.x86_64
[root@cloud mysql]# rpm -e --nodeps mysql-libs  # 强制卸载mysql-libs包
[root@cloud mysql]# cp -a support-files/my-default.cnf /etc/my.cnf  # 拷贝my.cnf配置文件到/etc/my.cnf
[root@cloud mysql]# mkdir /data  # 创建MySQL数据存放目录
[root@cloud mysql]# vim /etc/my.cnf  # 修改mysql配置文件
datadir=/data    # 插入到[mysqld]模块中
#保存退出
[root@cloud mysql]# cp -a support-files/mysql.server /etc/init.d/mysqld  # 复制服务脚本到/etc/init.d目录
[root@cloud mysql]# chmod +x /etc/init.d/mysqld  
[root@cloud mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/data/  # 初始化MySQL
[root@cloud mysql]# service mysqld start
Starting MySQL.                                            [确定]
[root@cloud mysql]# vim /etc/profile.d/mysql.sh  # 将mysql命令添加到环境变量中
export PATH=$PATH:/usr/local/mysql/bin
# 保存退出
[root@cloud bin]# source /etc/profile.d/mysql.sh  
[root@cloud bin]# mysql  # 执行mysql命令,
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 1
Server version: 5.6.29 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql>

    
[root@cloud bin]# vim /etc/ld.so.conf.d/mysql.conf  # 添加mysql模块
/usr/local/mysql/lib
[root@cloud bin]# ldconfig -v | less  # 查看MySQL库是否添加成功
[root@cloud lib]# ln -vs /usr/local/mysql/include /usr/include/mysql  # 创建mysql头文件的软连接
"/usr/include/mysql" -> "/usr/local/mysql/include"
[root@cloud lib]# service mysqld restart  # 重启服务
Shutting down MySQL..                                      [确定]
Starting MySQL.                                            [确定]

    至此,MySQL数据库安装完成。

    3、安装php

    这里安装的是PHP-5.6.7

    编译php之前需要安装几个支持加密功能的包

    [root@cloud php_bak]# ll
总用量 244
-rw-r--r-- 1 root root  97932 7月  10 2010 libmcrypt-2.5.8-9.el6.x86_64.rpm
-rw-r--r-- 1 root root  12352 7月  10 2010 libmcrypt-devel-2.5.8-9.el6.x86_64.rpm
-rw-r--r-- 1 root root 104212 7月   9 2010 mhash-0.9.9.9-3.el6.x86_64.rpm
-rw-r--r-- 1 root root  25360 7月   9 2010 mhash-devel-0.9.9.9-3.el6.x86_64.rpm

下载地址:http://pan.baidu.com/s/1hrwZ5Z2
[root@cloud ~]# cd php_bak
[root@cloud php_bak]# rpm -ivh *
[root@cloud php_bak]# cd /usr/local/src/
    [root@cloud php_bak]# yum install  libmhash-devel libmcrypt-devel libxml2-devel libmhash-devel bzip2-devel libcurl-devel gd libjpeg-turbo-devel libpng-devel freetype-devel -y
[root@cloud src]# tar xf php-5.6.7.tar.gz 
[root@cloud src]# cd php-5.6.7
[root@cloud php-5.6.7]# ./configure --prefix=/usr/local/php --enable-fpm --enable-ftp 
    --enable-zip --enable-xml --enable-sockets --enable-bcmath --enable-pcntl --enable-shmop 
    --enable-soap --enable-sysvsem --enable-mbstring --enable-mbregex --enable-inline-optimization 
    --enable-maintainer-zts --enable-gd-native-ttf --with-fpm-user=www --with-fpm-group=www 
    --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-freetype-dir 
    --with-iconv-dir --with-jpeg-dir --with-png-dir --with-libxml-dir=/usr --with-curl  --with-zlib --with-bz2 
    --with-xmlrpc --with-gd --with-config-file-path=/usr/local/php/etc --with-config-file-scan-dir=/usr/local/php/etc/php.d 
    --with-mhash --with-mcrypt --without-pear --with-gettext --disable-rpath --disable-fileinfo 

# 在检查期间,会提示少模块或者文件,缺少什么就安装那个包就好

    [root@cloud php-5.6.7]# make && make install  # 会等很久
    [root@cloud php-5.6.7]# cp -a sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@cloud php-5.6.7]# chmod +x /etc/init.d/php-fpm
[root@cloud php-5.6.7]# cp -a php.ini-production /usr/local/php/etc/php.ini
[root@cloud php-5.6.7]# cd /usr/local/php/etc
[root@cloud etc]# cp -a php-fpm.conf.default php-fpm.conf
[root@cloud etc]# ls
php-fpm.conf  php-fpm.conf.default  php.ini
[root@cloud etc]# service php-fpm start
Starting php-fpm  done
[root@cloud etc]# netstat -ntplu | grep php-fpm
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      34607/php-fpm

    到此,php安装完成。接下来对nginx配置文件做调整:

    user  nginx nginx;  # 指定用户和组
worker_processes  2;  # 该参数根据cpu核心数

error_log  logs/error.log;  # 开启错误日志
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;

worker_rlimit_nofile 65535;  # 表示每个worker进程能打的最大连接数

events {
    use epoll;  # 启用epoll模式
    multi_accept on;  # 尽量多的接收请求
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;  # 日志缓存信息
    proxy_set_header X-Real-IP $remote_addr;  # 当nginx用作反向代理时,记录真实IP
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   # 当nginx作为反向代理时,记录所有经过的代理和真实IP

    limit_conn_zone $binary_remote_addr zone=addr:5m;  # 共享session空间为5M
    limit_conn addr 100;  # 每个IP并发量最大100

    sendfile        on;  # 不经过用户空间直接响应客户端
    tcp_nopush     on;  # 等到数据包最大时,一次性的传输出去
    tcp_nodelay    on;  # 有一个数据包就马上发送一次

    #keepalive_timeout  0;
    keepalive_timeout  65;
    client_header_timeout 2m;  # 客户端header响应时间
    client_body_timeout 3m;
    reset_timedout_connection on;
    send_timeout 15s;  # 在两次客户端读取操作之间。如果在这段时间内,客户端没有读取任何数据,nginx就会关闭连接。

    open_file_cache max=65535 inactive=20s;  # 这个将为打开文件指定缓存,默认是没有启用的,max 指定缓存数量,建议和打开文件数一致,inactive 是指经过多长时间文件没被请求后删除缓存。
    open_file_cache_valid 30s;  # 这个是指多长时间检查一次缓存的有效信息。
    open_file_cache_min_uses 2;  # 大于2才进行缓存
    open_file_cache_errors on;  # 缓存错误信息

    gzip  on;  # 开启压缩
    gzip_disable "msie6";  # IE6禁止压缩
    gzip_proxied any;  # 任何文件都压缩
    gzip_comp_level 4;  # 压缩等级
    gzip_vary on;  # 通过客户端判断压缩
    gzip_min_length 1k;  # 压缩的最小容量
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;   # 压缩格式,根据需求调整

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ .php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #

    ------------------------------------------------------------------------------------
        location     ~ .php$ {  # 开启以.php结尾的文件
            root           html;
            fastcgi_pass   127.0.0.1:9000;  #通过fastcgi转发到本地的9000端口
            fastcgi_index  index.php;    # 主页
            include        fastcgi.conf;  # 扩展配置文件
        }
----------------------------------------------------------------------------------------
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

    nginx.conf 修改配置完毕,添加测试页面:

    [root@cloud html]# vim  /usr/local/nginx/html/test.php
<?php
$conn=mysql_connect('localhost','root','');
if ($conn)
   echo 'success.';
else
   echo 'fail.';
?>
# 保存退出,该测试页测试能否正常连接MySQL

    表示连接成功。测试php页面

    测试成功。
  • 相关阅读:
    Hugo搭建的博客删除文章事宜
    [GIT] Git学习笔记
    VS Code: 解决安装code-runner扩展run后无法在只读编辑器下编辑
    c/c++结构体总结
    恢复U盘做启动盘后的容量
    Manjaro安装Mysql
    win10环境下安装manjaro kde(双系统)
    IDEA设置编辑区主题
    IDEA设置主体、窗体及菜单的字体大小
    IDEA设置项目文件编码
  • 原文地址:https://www.cnblogs.com/hukey/p/5304437.html
Copyright © 2020-2023  润新知