nginx1.12.0+php-fpm+php7.1.4+jemalloc4.5.0+redis3.2.8+rsyslog

主服务器IP:192.168.1.104

先配置主服务器的rsyslog:

# vim /etc/rsyslog.conf$ModLoad imuxsock$SystemLogRateLimitInterval 0# 关闭速率限制,否则量大的话会有日志被丢弃$ModLoad imklog$ModLoad immark$ModLoad imudp# 开启UDP,nginx会使用$UDPServerRun 514$ModLoad imtcp# 开启TCP,从服务器使用$InputTCPServerRun 514$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat$IncludeConfig /etc/rsyslog.d/*.conf:msg,contains,"Core power limit notification"~# 丢弃CPU省电模式通知:msg,contains,"Core power limit normal"~:msg,contains,"Package power limit notification"~:msg,contains,"Package power limit normal"~*.info;mail.none;authpriv.none;cron.none;local0.none/var/log/messages:msg,contains,"Accepted publickey for www-data from 192.168.1.104 port"~# 丢弃主服务器同步代码时的用户登陆信息:msg,contains,"pam_unix(sshd:session): session opened for user www-data by (uid=0)"~:msg,contains,"Received disconnect from 192.168.1.104: 11: disconnected by user"~:msg,contains,"pam_unix(sshd:session): session closed for user www-data"~authpriv.*,/var/log/securemail.*/var/log/maillogcron.*/var/log/cron*.emerg*uucp,news.crit/var/log/spoolerlocal7.*/var/log/boot.logif $syslogfacility-text == 'local0' and $syslogtag startswith 'php-fpm' then/var/log/httpd/php-fpm_error.logif $syslogfacility-text == 'local0' and $syslogtag == 'nginx_access:' then/var/log/httpd/nginx_access.logif $syslogfacility-text == 'local0' and $syslogtag == 'nginx_error:' then/var/log/httpd/nginx_error.logif $syslogfacility-text == 'local0' and $syslogtag == 'http-error:' then/var/log/httpd/error.logif $syslogfacility-text == 'local0' and $syslogtag == 'http-access:' then/var/log/httpd/access.logif $syslogfacility-text == 'local0' and $syslogtag startswith 'redis' then/var/log/httpd/redis.log#local0.*/var/log/local0.logif $syslogfacility-text == 'user' and $syslogtag == 'php:' then/var/log/httpd/php_error.logif $syslogfacility-text == 'user' and $syslogtag == 'php:' then~if $syslogfacility-text == 'user' and $syslogtag startswith 'laravel' then/var/log/httpd/laravel.logif $syslogfacility-text == 'user' and $syslogtag startswith 'laravel' then~user.*/var/log/httpd/user.log

配置从服务器的rsyslog:

$ModLoad imuxsock$SystemLogRateLimitInterval 0$ModLoad imklog$ModLoad immark$ModLoad imtcp$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat$IncludeConfig /etc/rsyslog.d/*.conf$WorkDirectory /var/lib/rsyslog# where to place spool files$ActionQueueFileName fwdRule1# unique name prefix for spool files$ActionQueueMaxDiskSpace 1g# 1gb space limit (use as much as possible)$ActionQueueSaveOnShutdown on# save messages to disk on shutdown$ActionQueueType LinkedList# run asynchronously$ActionResumeRetryCount -1# infinite retries if host is down*.* @@192.168.1.104:514# 发送到主服务器

配置主服务器的日志轮循,改为每天切换,保留6天的日志:

# vim /etc/logrotate.d/httpd/var/log/httpd/*log {dailyrotate 6missingoknotifemptysharedscriptsdelaycompresspostrotate/sbin/service httpd reload > /dev/null 2>/dev/null || trueendscript}# vim /etc/logrotate.d/syslog/var/log/cron/var/log/maillog/var/log/messages/var/log/secure/var/log/spooler {dailyrotate 6sharedscriptspostrotate/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || trueendscript}

修改原来的apache配置,把日志发到syslog,这里为了指定tag,使用管道发到loggerphp的error_log = syslog,会发送到user这个facility上

# vim /etc/httpd/conf/httpd.confErrorLog "|logger -t http-error -p local0.err"CustomLog "|logger -t http-access -p local0.info" combined

从服务器上编译安装php7

# yum install cc gcc gcc+ gcc-c++ libxml2 libxml2-devel openssl-devel curl curl-devel# ./configure --prefix=/usr/local/php7 \ --with-libdir=lib64 \ --with-freetype-dir \ --with-libxml-dir \ --with-png-dir \ --with-curl \ --with-gd \ --with-gettext \ --with-kerberos \ --with-mysqli \ --with-openssl \ --with-pcre-regex \ --with-pdo-mysql \ --with-pdo-sqlite \ --with-pear \ --with-xmlrpc \ --with-zlib \ --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data\ --enable-bcmath \ --enable-libxml \ --enable-inline-optimization \ --enable-gd-native-ttf \ --enable-mbregex \ --enable-mbstring \ --enable-pcntl \ --enable-shmop \ --enable-soap \ --enable-sockets \ --enable-sysvsem \ --enable-xml \ --enable-zip# make# make install# cp php.ini-development /usr/local/php7/lib/php.ini# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm# chkconfig --add php-fpm

编译安装libmcrypt

编译安装php-mcrypt

# /usr/local/php7/bin/phpize# ./configure --with-php-config=/usr/local/php7/bin/php-config# make# make install

同上操作,编译安装php-redis

修改配置/usr/local/php7/lib/php.ini

error_log = syslogextension_dir=/usr/local/php7/lib/php/extensions/no-debug-non-zts-20160303/extension=mcrypt.soextension=redis.so

修改配置/usr/local/php7/etc/php-fpm.conf

error_log = syslogsyslog.facility = local0syslog.ident = php-fpm

按自己的需求配置好/usr/local/php7/etc/php-fpm.d/www.conf后,即可启动php-fpm

编译安装pcre,为安装nginx做准备

# ./configure# make# make install# ln -s /lib64/libpcre.so.0.0.1 /lib64/libpcre.so.1

编译安装nginx

# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module# make# make install

配置nginx

# vim /usr/local/nginx/conf/nginx.confuser  www-data;worker_processes  2;worker_rlimit_nofile 65535;error_log  syslog:server=192.168.1.104,facility=local0,tag=nginx_error;# 注意:这里是用udp端口,默认514,所以主服务器rsyslog要开udp支持pid        /var/run/nginx.pid;events {    worker_connections  1024;    use epoll;}http {    include       mime.types;    default_type  application/octet-stream;    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                      '$status $body_bytes_sent "$http_referer" '                      '"$http_user_agent" "$http_x_forwarded_for"';    access_log syslog:server=192.168.1.104,facility=local0,tag=nginx_access main;    sendfile        on;    #tcp_nopush     on;    keepalive_timeout  65;    gzip  on;    server {        listen       81;#80已经被apache用了        #server_name  localhost;        root /var/www/laravel/public;        index index.php index.html index.htm;        location / {            try_files $uri $uri/ /index.php?$query_string;        }        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }        location ~ \.php$ {            try_files $uri /index.php =404;            fastcgi_pass   127.0.0.1:9000;            fastcgi_index  index.php;            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;            include        fastcgi_params;        }    }}

添加nginx启动脚本到/etc/init.d/nginx

#!/bin/sh## nginx        Startup script for nginx## chkconfig: - 85 15# processname: nginx# config: /etc/nginx/nginx.conf# config: /etc/sysconfig/nginx# pidfile: /var/run/nginx.pid# description: nginx is an HTTP and reverse proxy server#### BEGIN INIT INFO# Provides: nginx# Required-Start: $local_fs $remote_fs $network# Required-Stop: $local_fs $remote_fs $network# Default-Start: 2 3 4 5# Default-Stop: 0 1 6# Short-Description: start and stop nginx### END INIT INFO# Source function library.. /etc/rc.d/init.d/functionsif [ -L $0 ]; then    initscript=`/bin/readlink -f $0`else    initscript=$0fisysconfig=`/bin/basename $initscript`if [ -f /etc/sysconfig/$sysconfig ]; then    . /etc/sysconfig/$sysconfigfinginx=${NGINX-/usr/local/nginx/sbin/nginx}prog=`/bin/basename $nginx`conffile=${CONFFILE-/usr/local/nginx/conf/nginx.conf}lockfile=${LOCKFILE-/var/lock/subsys/nginx}pidfile=${PIDFILE-/var/run/nginx.pid}SLEEPMSEC=${SLEEPMSEC-200000}UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS-5}RETVAL=0start() {    echo -n $"Starting $prog: "    daemon --pidfile=${pidfile} ${nginx} -c ${conffile}    RETVAL=$?    echo    [ $RETVAL = 0 ] && touch ${lockfile}    return $RETVAL}stop() {    echo -n $"Stopping $prog: "    killproc -p ${pidfile} ${prog}    RETVAL=$?    echo    [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}}reload() {    echo -n $"Reloading $prog: "    killproc -p ${pidfile} ${prog} -HUP    RETVAL=$?    echo}upgrade() {    oldbinpidfile=${pidfile}.oldbin    configtest -q || return    echo -n $"Starting new master $prog: "    killproc -p ${pidfile} ${prog} -USR2    echo    for i in `/usr/bin/seq $UPGRADEWAITLOOPS`; do        /bin/usleep $SLEEPMSEC        if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then            echo -n $"Graceful shutdown of old $prog: "            killproc -p ${oldbinpidfile} ${prog} -QUIT            RETVAL=$?            echo            return        fi    done    echo $"Upgrade failed!"    RETVAL=1}configtest() {    if [ "$#" -ne 0 ] ; then        case "$1" in            -q)                FLAG=$1                ;;            *)                ;;        esac        shift    fi    ${nginx} -t -c ${conffile} $FLAG    RETVAL=$?    return $RETVAL}rh_status() {    status -p ${pidfile} ${nginx}}# See how we were called.case "$1" in    start)        rh_status >/dev/null 2>&1 && exit 0        start        ;;    stop)        stop        ;;    status)        rh_status        RETVAL=$?        ;;    restart)        configtest -q || exit $RETVAL        stop        start        ;;    upgrade)        rh_status >/dev/null 2>&1 || exit 0        upgrade        ;;    condrestart|try-restart)        if rh_status >/dev/null 2>&1; then            stop            start        fi        ;;    force-reload|reload)        reload        ;;    configtest)        configtest        ;;    *)        echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}"        RETVAL=2esacexit $RETVAL

添加到启动服务中

# chkconfig --add nginx

之前使用memcached,一个月左右memcached就会挂掉,不知道是不是版本问题,这次就使用redis来做缓存,先安装redis默认使用的jemalloc

# ./autogen.sh# ./configure -prefix=/usr/local/jemalloc

安装redis,如果在安装jemalloc前make了redis报错找不到jemalloc.h,就删掉目录重新解压再make

# make# make install PREFIX=/usr/local/redis# cp redis.conf /usr/local/redis/# vim /usr/local/redis/redis.confdaemonize yes# 改为yes,在后台运行#bind 127.0.0.1# 注释掉这里,否则只能本机访问protected-mode no# 改为no,否则只能本机访问syslog-enabled yes# 使用syslog记录日志syslog-ident redissyslog-facility local0# cp utils/redis_init_script /etc/init.d/redis# vim /etc/init.d/redis// 添加chkconfig支持# chkconfig: 2345 63 35# description: Redis// 修改默认路径EXEC=/usr/local/redis/bin/redis-serverCLIEXEC=/usr/local/redis/bin/redis-cliCONF="/usr/local/redis/redis.conf"# chkconfig --add redis // 添加到服务中

到这安装配置就都完成了,几个要注意的坑:
1.nginx的syslog用的是UDP端口,默认为514
2.redis默认使用jemalloc分配内存,需要先安装
3.redis配置中bind 127.0.0.1要注释,protected-mode要设为no,否则只能本机访问,或者需要设置密码
4.有些软件发syslog时,tag会加上[pid],则判断时使用startswith比较稳妥
5.rsyslog的规则是只要匹配就都会记录,并不是匹配到之后后面的规则就无效了
6.安装php扩展时,大多需要先安装一些库,并且需要库的头文件,所以yum安装时把库-devel也一起装上