搭建前后端web生产环境Linux+Apache+Nginx+MySQL+PHP

最近看到很多人都在LNAMP，变得越来越流行了，干脆将我之前自己做的重新优化了一边，更新了新版程序，并降低了55%的内存消耗，速度和负载都比0.1版提高了不少。

 

LNAMP 女神工作室0.2版 介绍：

• Centos 5.5 32bit
• Apache 2.2.17
• Nginx 0.8.54
• MySQL 5.1.55
• PHP 5.2.17

 

一、重装Centos系统，删除不比要的程序，并安装相关组件：

yum -y remove httpd mysql php

安装相关组件

yum -y install yum-fastestmirror
yum -y update
yum -y install patch make gcc gcc-c++ gcc-g77 flex bison tar
yum -y install libtool libtool-libs kernel-devel autoconf213
yum -y install libjpeg libjpeg-devel libpng libpng-devel
yum -y install libtiff libtiff-devel gettext gettext-devel
yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel
yum -y install file glib2 glib2-devel bzip2 diff* openldap-devel
yum -y install bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs
yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel
yum -y install openssl openssl-devel vim-minimal unzip
export PHP_AUTOCONF=/usr/bin/autoconf-2.13
export PHP_AUTOHEADER=/usr/bin/autoheader-2.13

安装PHP 5.2.x 所需的支持库

cd /usr/local/src

wget -c http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
tar zxvf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure --prefix=/usr/local
make
make install
cd ../

wget -c http://monkey.org/~provos/libevent-2.0.10-stable.tar.gz
tar zxvf libevent-2.0.10-stable.tar.gz
cd libevent-2.0.10-stable/
./configure --prefix=/usr
make
make install
cd ../

wget -c http://ncu.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.gz
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../

wget -c http://nchc.dl.sourceforge.net/sourceforge/mhash/mhash-0.9.9.9.tar.gz
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config

wget -c http://nchc.dl.sourceforge.net/sourceforge/mcrypt/mcrypt-2.6.8.tar.gz
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
./configure
make
make install
cd ../

安装GD图形支持库：

cd /usr/local/src
wget http://www.libgd.org/releases/gd-2.0.35.tar.gz
tar xzvf gd-2.0.35.tar.gz
cd gd-2.0.35
./configure --prefix=/usr/local/gd --mandir=/usr/share/man --with-jpeg --with-png --with-freetype --with-zlib --with-fontconfig
make             //如果GD报错:configure.ac:64: warning: macro `AM_ICONV' not found in library 你就make clean一下，然后再make
make install

二、安装 Mysql 5.1.x：

1）先安装Google的开源TCMalloc库，可以提高MySQL在高并发情况下的性能

cd /usr/local/src

wget -c http://google-perftools.googlecode.com/files/google-perftools-1.7.tar.gz
tar zxvf  google-perftools-1.7.tar.gz
cd google-perftools-1.7/
./configure
make && make install
echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
/sbin/ldconfig
cd ../

2）开始安装Mysql 5.1.x

cd /usr/local/src

wget -c http://mysql.proserve.nl/Downloads/MySQL-5.1/mysql-5.1.55.tar.gz
tar -zxvf mysql-5.1.55.tar.gz
cd mysql-5.1.55
./configure --prefix=/usr/local/mysql --with-extra-charsets=all --enable-thread-safe-client --enable-assembler --with-charset=utf8 --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --without-debug --without-innodb --without-isam --with-mysqld-ldflags=-ltcmalloc_minimal
make && make install
cd ../
groupadd mysql
useradd -g mysql mysql
cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R mysql /usr/local/mysql/var
chgrp -R mysql /usr/local/mysql/.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod 755 /etc/init.d/mysql
chkconfig --level 345 mysql on
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
echo "/usr/local/lib" >>/etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
service mysql start
/usr/local/mysql/bin/mysqladmin -u root password mgrei //修改红色部分为你的密码
service mysql restart

3）设置MySQL：

打开“/etc/my.cnf”文件，修改以下设置，如果没有，可手动添加：

关闭远程连接，即3306端口。这是MySQL的默认监听端口。由于此处MySQL只服务于本地脚本，所以不需要远程连接。尽管MySQL内建的安全机制很严格，但监听一个TCP端口仍然是危险的行为，因为如果MySQL程序本身有问题，那么未授权的访问完全可以绕过MySQL的内建安全机制。（你必须确定，你是否真的不需要远程连接mysql，一般数据库地址为localhost的，即使本地数据库，不需要外链）

skip-networking

保存后退出。

修改完my.cnf后，还需要对mysql的用户名、帐号、及默认数据库进行调整

首先先登录mysql，在终端窗口输入

/usr/local/mysql/bin/mysql -u root -p

然后会提示输入密码，输入正确密码后，会出现mysql>提示符。

输入以下命令：

mysql>use mysql;
mysql>select Host,User,Password,Select_priv,Grant_priv from user;
mysql>delete from user where user='';                  （删除user用户）
mysql>delete from user where password='';               （删除user用户）
mysql>delete from user where host='';                     （删除user用户）
mysql>drop database test;             (删除默认的test数据库)
mysql>flush privileges;               （刷新mysql的缓存，让以上设置立即生效）
mysql>quit;

为了使以上优化和安全设置生效，请重启Mysql服务或Linux。

service mysql restart

三、安装Apache：

1）下载Apache并解压缩：

cd /usr/local/src
groupadd www
useradd -g www -s /sbin/nologin -M www

wget -c http://www.apache.org/dist//httpd/httpd-2.2.17.tar.gz

tar zxvf httpd-2.2.17.tar.gz
cd httpd-2.2.17

Apache默认最大连接数和最大客户端数为40000，如果你的服务器要求更大，可以编译Apache安装文件中的：

server/mpm/worker/worker.c

找到下面几行，并改成如下的数值，其目的是在源码中修改apache可支持的最大线程数和最大客户端数目。

define DEFAULT_SERVER_LIMIT 32
define MAX_SERVER_LIMIT 20000
define DEFAULT_THREAD_LIMIT 64
define MAX_THREAD_LIMIT 20000

以上数值据说改小后，能减低服务器消耗。不过柒月修改后，发现没什么实质变化。

2）安装Apache 2.2

cd /usr/local/src/httpd-2.2.17
./configure --prefix=/usr/local/apache2 --enable-headers --enable-so --enable-rewrite --with-mpm=prefork --disable-userdir --disable-cgid --disable-cgi
make && make install

如果你需要编译apache其他功能，可以自行增加。 不过在这里，我们只是用Apache作为后端并处理伪静态，无需添加过多设置来浪费内存

配置源代码树：

--prefix=/usr/local/apache2 //体系无关文件的顶级安装目录PREFIX ，也就Apache的安装目录。
--enable-module=so //打开 so 模块，so 模块是用来提 DSO 支持的 apache 核心模块
--enable-mods-shared=all //编译全部的模板，对于不需要我们可以在httpd.conf去掉。
--enable-cache //支持缓存
--enable-file-cache //支持文件缓存
--enable-mem-cache //支持记忆缓存
--enable-disk-cache //支持磁盘缓存
--enable-static-support //支持静态连接(默认为动态连接)
--enable-static-htpasswd //使用静态连接编译 htpasswd - 管理用于基本认证的用户文件
--enable-static-htdigest //使用静态连接编译 htdigest - 管理用于摘要认证的用户文件
--enable-static-rotatelogs //使用静态连接编译 rotatelogs - 滚动 Apache 日志的管道日志程序
--enable-static-logresolve //使用静态连接编译 logresolve - 解析 Apache 日志中的IP地址为主机名
--enable-static-htdbm //使用静态连接编译 htdbm - 操作 DBM 密码数据库
--enable-static-ab //使用静态连接编译 ab - Apache HTTP 服务器性能测试工具
--enable-static-checkgid //使用静态连接编译 checkgid
--disable-cgid //禁止用一个外部 CGI 守护进程执行CGI脚本
--disable-cgi //禁止编译 CGI 版本的 PHP
--with-mpm=worker // 让apache以worker方式运行
--enable-ssl // 编译 ssl模块。

启动Apache（建议先不要启动，等我们全部设置完毕后，和Nginx启动）

/usr/local/apache2/bin/apachectl start

查看apache是否启动

ps aux|grep httpd

将apache设置成开机自启动：

echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local  //将 apachectl 的调用加入到你的系统启动文件中。

四、安装 PHP5.2.x：

1）下载PHP 并解压缩：

cd /usr/local/src
wget -c http://us.php.net/distributions/php-5.2.17.tar.gz
tar zxvf php-5.2.17.tar.gz
cd php-5.2.17
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-config-file-path=/etc --with-zlib --with-libxml-dir --with-gd=/usr/local/gd --with-freetype-dir --with-jpeg-dir --with-png-dir --with-ttf --with-iconv --with-openssl --with-mcrypt --enable-sockets --enable-bcmath --enable-calendar --enable-exif --enable-libxml --enable-magic-quotes --enable-mbstring --with-bz2 --with-curl --with-xmlrpc --with-gettext --disable-cli --disable-cgi --disable-debug
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /etc/php.ini

2）安装PHP扩展：

2.1）安装eaccelerator加速软件

eaccelerator是php的加速软件，使用后php的执行效率会有很大幅度的提升。

cd /usr/local/src
wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
tar -jxvf eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1
/usr/local/php/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
make && make install

编译安装后我们会看到屏幕提示的eaccelerator.so所在的目录，php5.2.x系列是在 /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/，记住这个路径，待会要用到

修改php.ini 文件，将以下内容输入（详细设置）：

[eaccelerator]
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

注意：这部分内容务必放在[zend]之前，不然可能会出现不可预期的服务器问题。

然后建立文件夹并设置权限：

mkdir /tmp/eaccelerator
chmod 777 /tmp/eaccelerator

2.2）安装Zend（如果程序没要求，尽量不要装Zend，容易和eA产生冲突）：

cd /usr/local/src
wget http://downloads.zend.com/optimizer/3.3.9/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
tar -zxvf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/

修改php.ini 文件：

vi /usr/local/php/php.ini

将以下代码放入php.ini文件最底部

[Zend Optimizer]
zend_optimizer.optimization_level=1
zend_optimizer.encoder_loader=0
zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/ZendOptimizer.so"

2.3）安装PDO_MYSQL

cd /usr/local/src
wget -c http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql
make
make install

继续修改 php.ini 文件

vi /usr/local/php/php.ini

查找代码：

extension_dir = "./"

替换为：

extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
extension="pdo_mysql.so"

2.4）安装 suhosin：

cd /usr/local/src
wget -c http://download.suhosin.org/suhosin-0.9.32.1.tar.gz
tar -zxvf suhosin-0.9.32.1.tar.gz
cd suhosin-0.9.32.1
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install

继续修改 php.ini 文件

vi /usr/local/php/php.ini

查找代码：

extension_dir = "./"

替换为：

extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
extension="suhosin.so"

五、Apache 整合 PHP 以及相关优化：

1）Apache设置：

编辑 httpd.conf ：

vi /usr/local/apache2/conf/httpd.conf

查找代码：

DocumentRoot "/usr/local/apache2/htdocs"

修改为：

DocumentRoot "/home/www"

查找代码：

<Directory "/usr/local/apache2/htdocs">

修改为：

<Directory "/home/www">

找到以下代码并根据提示修改

<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all        //这句改为Allow from all
</Directory>

找到这一段并修改，以使Apache支持rewrite（伪静态）：

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
AllowOverride None

更改为

AllowOverride All

将以下代码注释掉，禁止目录列表：

Options Indexes FollowSymLinks

找到以下代码，修改用户为 www

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>

User daemon              //改为www
Group daemon             //改为www

</IfModule>
</IfModule>

设置 ServerAdmin you@example.com 改为你自己的mail地址

查找：

Listen 80

改为

Listen 81

分别找到以下四段代码，将之前的注释#去除：

Include conf/extra/httpd-mpm.conf

Include conf/extra/httpd-info.conf

Include conf/extra/httpd-vhosts.conf

Include conf/extra/httpd-default.conf

编辑 Include conf/extra/httpd-mpm.conf 找到如下选项，并改成对应的数值

<IfModule mpm_prefork_module>
StartServers          5
MinSpareServers       5
MaxSpareServers      10
MaxClients          150
MaxRequestsPerChild   1000
</IfModule>

编辑 conf/extra/httpd-default.conf

Timeout 60   #与nginx的保持一至
KeepAlive On
MaxKeepAliveRequests 1000
KeepAliveTimeout 5

复制以下文件：

cp /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd

这样以后Apache 启动、关闭、重启只需要输入以下命令：

service httpd start/stop/restart

2）整合Apache与php

编辑 /usr/local/apache2/conf/httpd.conf

找到AddType application/x-gzip .gz .tgz在其下加以下内容

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

查找:(设置WEB默认文件)

DirectoryIndex index.html

改成：

DirectoryIndex index.php index.htm index.html index.html.var

保存退出

以上设置完毕后，全部保存退出，然后建立一个虚拟主机做测试：

编辑 Include conf/extra/httpd-vhosts.conf

<VirtualHost *:81>
ServerAdmin webmaster@example.com
DocumentRoot "/home/www"
ServerName 你的IP地址或域名
ErrorLog "logs/IP-error_log"
CustomLog "logs/IP-access_log" common
</VirtualHost>

保存退出，并重启Apache

service httpd restart  或 /usr/local/apache2/bin/apachectl restart

然后建立一个 index.php文件，放入 /home/www 目录，php文件内容为：

<?php
phpinfo();
?>

然后在浏览器中输入：IP:81 是否成功显示了？

六、优化MySQL

通过Tcmalloc 优化mysql性能

# vi /etc/init.d/mysql

添加一行

export LD_PRELOAD=/usr/local/lib/libtcmalloc.so

重新启动mysql

service mysql restart

检测是否成功，在SSH中输入：

lsof -n|grep tcmalloc

出现相关进程即可

七、安装Nginx：

1）安装所需组件：

cd /usr/local/src
wget -c ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.12.tar.gz
tar -zxvf pcre-8.12.tar.gz
cd pcre-8.12/
./configure
make && make install

cd ..
rm -rf pcre-8.12
rm -rf /usr/bin/pcre-config
cp -a /usr/local/bin/pcre-config /usr/bin/
rm -rf /usr/lib/libpcre.a
cp -a /usr/local/lib/libpcre.a /usr/lib/

2）安装 Nginx 0.8.x：

cd /usr/local/src
wget -c http://nginx.org/download/nginx-0.8.54.tar.gz
tar zxvf nginx-0.8.54.tar.gz
cd nginx-0.8.54
./configure --user=www --group=www --prefix=/usr/local/nginx --pid-path=/usr/local/nginx/logs/nginx.pid --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --with-http_stub_status_module --with-http_ssl_module --http-client-body-temp-path=/tmp/nginx_client --http-proxy-temp-path=/tmp/nginx_proxy --http-fastcgi-temp-path=/tmp/nginx_fastcgi --with-http_gzip_static_module --with-google_perftools_module --with-ld-opt='-ltcmalloc_minimal' --with-ipv6

make && make install
cd ../

编辑 nginx.conf 文件：

vi /usr/local/nginx/conf/nginx.conf

输入以下内容：

user  www;
worker_processes  4;
pid  logs/nginx.pid;

google_perftools_profiles /var/tmp/tcmalloc;

worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}

http{

include       mime.types;
default_type  application/octet-stream;

access_log  off;
error_log  /dev/null;

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;

sendfile on;
tcp_nopush     on;

keepalive_timeout 120;
#fastcgi_connect_timeout 300;
#fastcgi_send_timeout 300;
#fastcgi_read_timeout 300;
#fastcgi_buffer_size 64k;
#fastcgi_buffers 4 64k;
#fastcgi_busy_buffers_size 128k;
#fastcgi_temp_file_write_size 128k;
tcp_nodelay on;

gzip on;
gzip_min_length  1k;
gzip_buffers     4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types       text/plain application/x-javascript text/css application/xml;
gzip_vary on;

include vhost/*.conf;

}

在 /usr/local/nginx/conf 目录 新建proxy.conf 文件，并输入以下内容：

proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
client_max_body_size    50m;
client_body_buffer_size 256k;
proxy_connect_timeout   30;
proxy_send_timeout      30;
proxy_read_timeout      60;

proxy_buffer_size       4k;
proxy_buffers           4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;

#Nginx cache
client_body_temp_path client_body 1 2;
proxy_temp_path proxy_temp 1 2;

#client_body_temp_path      /tmpfs/client_body_temp 1 2;
#proxy_temp_path            /tmpfs/proxy_temp 1 2;
#fastcgi_temp_path          /tmpfs/fastcgi_temp 1 2;

建立 Nginx虚拟主机目录，把nginx加入到系统服务：

mkdir -p /usr/local/nginx/conf/vhost

mkdir /home/www
chmod 755 -R /home/www

chown -R www:www /home/www/ 
chown www /usr/local/nginx/conf/
chmod 777 /etc/init.d/nginx

编辑 /etc/rc.d/init.d/nginx 文件，覆盖为以下代码：

#! /bin/sh
ulimit -n 65535
# Description: Startup script for nginx
# chkconfig: 2345 55 25
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/usr/local/nginx/logs/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
set -e
[ -x "$DAEMON" ] || exit 0
do_start() {
$DAEMON -c $CONFIGFILE || echo -n "nginx already running"
}
do_stop() {
kill -QUIT `cat $PIDFILE` || echo -n "nginx not running"
}
do_reload() {
kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
do_start
echo "."
/etc/init.d/httpd start
;;
stop)
echo -n "Stopping $DESC: $NAME"
do_stop
echo "."
/etc/init.d/httpd stop
;;
reload)
echo -n "Reloading $DESC configuration..."
do_reload
echo "."
/etc/init.d/httpd restart
;;
restart)
echo -n "Restarting $DESC: $NAME"
do_stop
sleep 1
do_start
echo "."
/etc/init.d/httpd restart
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2
exit 3
;;
esac
exit 0

#! /bin/shulimit -n 65535# Description: Startup script for nginx# chkconfig: 2345 55 25
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/binDESC="nginx daemon"NAME=nginxDAEMON=/usr/local/nginx/sbin/$NAMECONFIGFILE=/usr/local/nginx/conf/nginx.confPIDFILE=/usr/local/nginx/logs/$NAME.pidSCRIPTNAME=/etc/init.d/$NAME
set -e[ -x "$DAEMON" ] || exit 0
do_start() { $DAEMON -c $CONFIGFILE || echo -n "nginx already running"}
do_stop() { kill -QUIT `cat $PIDFILE` || echo -n "nginx not running"}
do_reload() { kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"}
case "$1" in start) echo -n "Starting $DESC: $NAME" do_start echo "." /etc/init.d/httpd start ;; stop) echo -n "Stopping $DESC: $NAME" do_stop echo "." /etc/init.d/httpd stop ;; reload) echo -n "Reloading $DESC configuration..." do_reload echo "." /etc/init.d/httpd restart ;; restart) echo -n "Restarting $DESC: $NAME" do_stop sleep 1 do_start echo "." /etc/init.d/httpd restart ;; *) echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2 exit 3 ;;esac
exit 0

在ssh 中輸入：

chmod a+x /etc/rc.d/init.d/nginx
chkconfig --add nginx
chkconfig nginx on

在Nginx虚拟主机目录 /usr/local/nginx/conf/vhost 建立一个虚拟主机：

新建文件：Default.conf 输入以下代码：

server
{
listen  80;
server_name     你的IP或域名;
index index.html index.htm index.php;
root    /home/www/;

location /nginx {
stub_status on;
auth_basic  "NginxStatus";
# auth_basic_user_file  conf/htpasswd;
#密码由apache的htpasswd工具来产生
access_log off;
}

location / {
location ~ .*/.(php|php5)?$ {
index index.php;
root /home/www/;
proxy_pass    http://127.0.0.1:81;
}

include proxy.conf;

if ( !-e $request_filename) {
proxy_pass  http://127.0.0.1:81;
}

location ~* /.(jpg|jpeg|gif|png|swf)$ {
if (-f $request_filename) {
root /home/www/;
expires    30d;
break;
}
}
location ~* /.(js|css)$ {
if (-f $request_filename) {
root /home/www/;
expires    1d;
break;
}
}
}

error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}

#如果需要记录把下面的注释去掉
# log_format access '$http_x_forwarded_for - $remote_user [$time_local] "$request"'
#     '$status $body_bytes_sent "$http_referer"'
#     '"$http_user_agent" $remote_addr';
# access_log    logs/IP_access.log    access;

}

以上全部保存完毕后，启动 nginx：

service nginx start

八、为apache安装rpaf模块，该模块用于apache做后端时获取访客真实的IP（建议在LNAMP最后安装。。。之前安装有时会出错）

1）使用apxs安装模块.这里要使用此前apache编译安装后的apxs

cd /usr/local/src

wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz

tar -zxf mod_rpaf-0.6.tar.gz

cd mod_rpaf-0.6

/usr/local/apache2/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

2）编辑/usr/local/apache/conf/httpd.conf,添加模块参数,查找LoadModule php5_module modules/libphp5.so,在下方添加:

LoadModule rpaf_module modules/mod_rpaf-2.0.so
#Mod_rpaf settings
RPAFenable On
RPAFproxy_ips 127.0.0.1 [your_ips]
RPAFsethostname On
RPAFheader X-Forwarded-For

上面出现的[your_ips]请修改为你本机所监听web服务的ip.多个IP用空格空开.

Apache、Nginx、MySQL 启动/重启/关闭命令：

service mysql start/stop/restart
service httpd start/stop/restart
service nginx start/stop/restart

 

---

另一个版本

---

 

前言:谈到Linux下的web生产环境,大家就会想到apache这个开源服务器软件.apache可以整合大多数应用,比如jsp,php,cgi,python等等,但是apache过于臃肿以及对静态文件响应过于缓慢让很多使用者感到头疼.而nginx作为新崛起的服务器软件,在很多方面超出apache,定位也很明确:高性能的 HTTP 和反向代理服务器.因而,本篇主要讲的是nginx作为前端,apache作为后端的应用环境搭建过程.

为什么不使用nginx+php(fastcgi)作为生产环境?

1. php(fastcgi)不够稳定,容易出现50x错误,在生成相对复杂的页面时没有优势,长时间占用也会使php-cgi进程死去.
2. 在安全性,多用户多站点的权限问题比较严重.php(fastcgi)在应对多用户多站点往往捉襟见肘,不易于实施.
3. 整合其他语言,apache表现得游刃有余.资源利用恰到好处.

为什么采用nginx做前端,apache作为后端的方案?nginx在处理静态内容上较apache是几倍或几十倍的差异,因而放在前面过滤静态内容是最为恰当的.同时nginx也是一个负载均衡器,低资源消耗,高性能转发是它的特点.经过nginx在前面的过滤,后端的apache需要处理的内容相对就比较少了.只需负责处理动态内容就可以了.在性能与稳定性的权衡下,使用nginx+apache搭配会让它们在各自擅长的领域展现自身的价值.

本教程以CentOS 5.4 32bit为环境.其他Linux发行版本暂未测试.nginx,php,apache,mysql,pureftpd均为最新稳定版.

获取操作系统源更新.

yum update
yum -y install gcc gcc-c++ bison patch unzip mlocate flex wget automake autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel openldap openldap-devel openldap-clients openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel

如果系统默认安装了apache,请先卸载.执行:

yum remove httpd

下载最新稳定版的程序源码包,以下都是到官方网站或sourceforge下载的源码包.

cd /usr/local/src
wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.45.tar.gz/from/http://mysql.he.net/
wget http://www.apache.org/dist/httpd/httpd-2.2.15.tar.gz
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.bz2/download
wget http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download
wget http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download
wget http://www.php.net/get/php-5.2.13.tar.gz/from/this/mirror
wget http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/php5-mail-header.patch
wget http://pecl.php.net/get/memcache-2.2.5.tgz
wget http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
wget http://pecl.php.net/get/imagick-2.3.0.tgz
wget http://download.suhosin.org/suhosin-0.9.29.tgz
wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
wget http://downloads.zend.com/optimizer/3.3.9/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
wget http://monkey.org/~provos/libevent-1.4.13-stable.tar.gz
wget http://memcached.googlecode.com/files/memcached-1.4.4.tar.gz
wget http://sourceforge.net/projects/pcre/files/pcre/8.01/pcre-8.01.tar.gz/download
wget http://nginx.org/download/nginx-0.7.65.tar.gz
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.28.tar.gz

一.安装Mysql.安装最新稳定版5.1.45版本,并没有采用最新开发版.

groupadd mysql -g 27
useradd mysql -u 27 -g 27 -c "MySQL Server" -d /var/lib/mysql -m
cd /usr/local/src
tar -zxf mysql-5.1.45.tar.gz
cd mysql-5.1.45
./configure --prefix=/usr/local/mysql --localstatedir=/var/lib/mysql --with-unix-socket-path=/var/lib/mysql/mysql.sock --with-mysqld-user=mysql --enable-assembler --enable-thread-safe-client --with-extra-charsets=all --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=partition,innodb_plugin,myisam,myisammrg
make && make install
cd ../

cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R mysql.mysql /var/lib/mysql
chgrp -R mysql /usr/local/mysql/.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod u+x /etc/init.d/mysql
chkconfig --level 345 mysql on
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
echo "/usr/local/lib" >>/etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config
service mysql start
/usr/local/mysql/bin/mysqladmin -u root password root
service mysql restart
service mysql stop

二.编译安装apache(httpd).apache的执行用户为nobody.

cd /usr/local/src
tar -zxf httpd-2.2.15.tar.gz
cd httpd-2.2.15
./configure --prefix=/usr/local/apache --enable-headers --enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl --enable-suexec  --disable-userdir --with-included-apr --with-mpm=prefork --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ --with-suexec-gidmin=100 --with-suexec-logfile=/usr/local/apache/logs/suexec_log --with-suexec-uidmin=100 --with-suexec-userdir=public_html
make
make install
mkdir /usr/local/apache/domlogs
cp /usr/local/apache/bin/apachectl /etc/init.d/httpd

1.编辑/etc/init.d/httpd,在首行#!/bin/sh下添加:

# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server.  It is used to serve /
#              HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf

ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -n 32768

保存退出.

2.配置apache配置参数文件httpd.conf,位于/usr/local/apache/conf/目录

cd /usr/local/apache/conf/
mv httpd.conf httpd.conf.bak
mkdir vhosts
vi httpd.conf

输入以下内容:

PidFile logs/httpd.pidLockFile logs/accept.lockServerRoot "/usr/local/apache"Listen 0.0.0.0:81User nobodyGroup nobodyServerAdmin admin@evlit.comServerName host.evlit.comTimeout 300KeepAlive OffMaxKeepAliveRequests 100KeepAliveTimeout 5UseCanonicalName OffAccessFileName .htaccessTraceEnable OffServerTokens ProductOnlyFileETag NoneServerSignature OffHostnameLookups Off# LoadModule perl_module modules/mod_perl.soDocumentRoot "/usr/local/apache/htdocs"<Directory "/"> Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes -MultiViews SymLinksIfOwnerMatch Order allow,deny Allow from all AllowOverride All</Directory><Directory "/usr/local/apache/htdocs"> Options Includes -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all</Directory>DefaultType text/plainRewriteEngine onAddType text/html .shtmlAddHandler cgi-script .cgi .pl .plx .ppl .perlAddHandler server-parsed .shtml<IfModule mime_module>    TypesConfig conf/mime.types    AddType application/perl .pl .plx .ppl .perl    AddType application/x-img .img    AddType application/x-httpd-php .php .php3 .php4 .php5 .php6    AddType application/x-httpd-php-source .phps    AddType application/cgi .cgi    AddType text/x-sql .sql    AddType text/x-log .log    AddType text/x-config .cnf conf    AddType text/x-registry .reg    AddType application/x-compress .Z    AddType application/x-gzip .gz .tgz    AddType text/html .shtml    AddType application/x-tar .tgz    AddType application/rar .rar    AddType application/x-compressed .rar    AddType application/x-rar .rar    AddType application/x-rar-compressed .rar    AddType text/vnd.wap.wml .wml    AddType image/vnd.wap.wbmp .wbmp    AddType text/vnd.wap.wmlscript .wmls    AddType application/vnd.wap.wmlc .wmlc    AddType application/vnd.wap.wmlscriptc .wmlsc</IfModule><IfModule dir_module> DirectoryIndex index.html index.htm index.shtml index.php index.perl index.pl index.cgi</IfModule><Files ~ "^error_log$"> Order allow,deny Deny from all Satisfy All</Files><FilesMatch "^/.ht"> Order allow,deny Deny from all Satisfy All</FilesMatch>ErrorLog "logs/error_log"LogLevel warn<IfModule log_config_module> LogFormat "%h %l %u %t /"%r/" %>s %b /"%{Referer}i/" /"%{User-Agent}i/"" combined LogFormat "%h %l %u %t /"%r/" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t /"%r/" %>s %b /"%{Referer}i/" /"%{User-Agent}i/" %I %O" combinedio </IfModule> CustomLog "logs/access_log" common</IfModule><IfModule alias_module> ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"</IfModule><Directory "/usr/local/apache/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all</Directory><IfModule mpm_prefork_module> StartServers          3 MinSpareServers       3 MaxSpareServers       5 MaxClients          150 MaxRequestsPerChild   1024</IfModule><IfModule mod_headers.c><FilesMatch "/.(html|htm|shtml)$">Header set Cache-Control "max-age=3600, must-revalidate"</FilesMatch></IfModule>ReadmeName README.htmlHeaderName HEADER.htmlIndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,tInclude conf/extra/httpd-languages.conf<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1</Location>ExtendedStatus On<Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from 127.0.0.1</Location><IfModule ssl_module>Listen 0.0.0.0:443AddType application/x-x509-ca-cert .crtAddType application/x-pkcs7-crl .crlSSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXPSSLPassPhraseDialog  builtinSSLSessionCache         dbm:/usr/local/apache/logs/ssl_scacheSSLSessionCacheTimeout  300SSLMutex  file:/usr/local/apache/logs/ssl_mutexSSLRandomSeed startup builtinSSLRandomSeed connect builtin</IfModule>#VhostsNameVirtualHost 127.0.0.1:81NameVirtualHost *<VirtualHost 127.0.0.1:81 *> ServerName host.evlit.com DocumentRoot /var/www/html ServerAdmin admin@evlit.com</VirtualHost>Include conf/vhosts/*

上述虚拟主机配置中出现的127.0.0.1请改为你本机公网IP.

三.编译安装php(mod_php)

1.编译安装相关支持库

cd /usr/local/src
tar -zxf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure
make
make install

cd /usr/local/src
tar -jxf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install

cd /usr/local/src
tar -jxf mhash-0.9.9.9.tar.bz2
cd mhash-0.9.9.9/
./configure
make
make install

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

cd /usr/local/src
tar -zxf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install

2.编译php,这里为php打入补丁.有助于防止邮件发送被滥用(多用户)以及在邮件中提供有价值的信息.补丁介绍信息请访问:http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/

cd /usr/local/src
tar -zxf php-5.2.13.tar.gz
patch -d php-5.2.13 -p1 < php5-mail-header.patch
cd php-5.2.13
./configure --prefix=/usr/local --with-config-file-path=/etc --with-apxs2=/usr/local/apache/bin/apxs --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo=shared --enable-soap --enable-sockets --enable-zip --with-bz2 --with-curl --with-curlwrappers --with-freetype-dir --with-gd --with-gettext --with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr --with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared --with-ttf --with-xmlrpc --with-zlib -with-zlib-dir=/usr
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /etc/php.ini

3.安装php扩展模块

cd /usr/local/src
tar -zxf memcache-2.2.5.tgz
cd memcache-2.2.5/
phpize
./configure --with-php-config=/usr/local/bin/php-config --with-zlib-dir --enable-memcache
make
make install

cd /usr/local/src
tar -jxf eaccelerator-0.9.6.tar.bz2
cd eaccelerator-0.9.6/
phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/bin/php-config
make
make install
mkdir -p /tmp/eaccelerator
chmod 777 /tmp/eaccelerator
echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local
echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.local

cd /usr/local/src
tar -zxf ImageMagick.tar.gz
cd ImageMagick-*
./configure
make
make install

cd /usr/local/src
tar -zxf imagick-2.3.0.tgz
cd imagick-2.3.0/
phpize
./configure --with-php-config=/usr/local/bin/php-config
make
make install

cd /usr/local/src
tar -zxf suhosin-0.9.29.tgz
cd suhosin-0.9.29
phpize
./configure
make
make install

cd /usr/local/src
tar -zxf ioncube_loaders_lin_x86.tar.gz
cd ioncube
mkdir /usr/local/ioncube
mv ioncube_loader_lin_5.2.so /usr/local/ioncube/

cd /usr/local/src
tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
mkdir -p /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so

3.1.修改php.ini.

查找/etc/php.ini中的extension_dir = "./".将其修改为extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613/"
查找;include_path = ".:/php/includes",删除前面的分号,并修改为include_path = ".:/usr/lib/php:/usr/local/lib/php"
跳到最后一行,然后添加以下内容:

extension = "memcache.so"
extension = "pdo.so"
extension = "pdo_mysql.so"
extension = "pdo_sqlite.so"
extension = "sqlite.so"
extension = "eaccelerator.so"
eaccelerator.shm_size = 32
eaccelerator.cache_dir = "/tmp/eaccelerator"
eaccelerator.enable = 1
eaccelerator.optimizer = 0
eaccelerator.debug = 0
eaccelerator.name_space = ""
eaccelerator.check_mtime = 1
eaccelerator.filter = ""
eaccelerator.shm_max = 0
eaccelerator.shm_ttl = 3600
eaccelerator.shm_prune_period = 3600
eaccelerator.shm_only = 0
eaccelerator.compress = 0
eaccelerator.compress_level = 9
eaccelerator.keys = shm
eaccelerator.sessions = shm
eaccelerator.content = shm

zend_extension = "/usr/local/ioncube/ioncube_loader_lin_5.2.so"
zend_extension = "/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so"

4,安装Memcached(可选)

cd /usr/local/src
tar -xzf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
./configure
make
make install
echo "/usr/local/lib/" > /etc/ld.so.conf.d/libevent.conf
ldconfig -v

cd /usr/local/src
tar -xzf memcached-1.4.4.tar.gz
cd memcached-1.4.4
./configure
make
make install

基本使用方法:

启动:/usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost
关闭:killall -9 memcached

四.安装nginx

1.安装pcre库

cd /usr/local/src
tar -zxf pcre-8.01.tar.gz
cd pcre-8.01
./configure
make
make install

2.安装nginx

cd /usr/local/src
tar -zxf nginx-0.7.65.tar.gz
cd nginx-0.7.65
./configure --user=nobody --group=nobody --prefix=/usr/local/nginx --pid-path=/usr/local/nginx/logs/nginx.pid --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --http-client-body-temp-path=/tmp/nginx_client --http-proxy-temp-path=/tmp/nginx_proxy --http-fastcgi-temp-path=/tmp/nginx_fastcgi --with-http_stub_status_module
make
make install

2.1.添加init控制脚本

#! /bin/shulimit -n 65535# Description: Startup script for nginx# chkconfig: 2345 55 25PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/binDESC="nginx daemon"NAME=nginxDAEMON=/usr/local/nginx/sbin/$NAMECONFIGFILE=/usr/local/nginx/conf/nginx.confPIDFILE=/usr/local/nginx/logs/$NAME.pidSCRIPTNAME=/etc/init.d/$NAMEset -e[ -x "$DAEMON" ] || exit 0do_start() { $DAEMON -c $CONFIGFILE || echo -n "nginx already running"}do_stop() { kill -INT `cat $PIDFILE` || echo -n "nginx not running"}waitforexit() { count=${2:-30} while [ 0$count -gt 0 ] do   PIDS=`ps -C$NAME --no-heading e | grep $DAEMON` || break   PIDS=`echo "$PIDS" | awk '{print $1}' | tr '/n' ' '`   echo Remaining processes: $PIDS   do_stop   sleep 2   count=`expr $count - 1` done if [ 0$count -eq 0 ]; then   echo Remaining processes: $PIDS   return 1 fi return 0}do_reload() {kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"}case "$1" in start) echo -n "Starting $DESC: $NAME" do_start echo "." /etc/init.d/httpd start ;; stop) echo -n "Stopping $DESC: $NAME" do_stop echo "." /etc/init.d/httpd stop ;; reload) echo -n "Reloading $DESC configuration..." do_reload echo "." /etc/init.d/httpd restart ;; restart) echo -n "Restarting $DESC: $NAME" waitforexit "nginx" 20 do_start echo "." /etc/init.d/httpd restart ;; *) echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2 exit 3 ;;esacexit 0

保存退出,给该文件赋予执行权限并设置开机启动

chmod 755 /etc/init.d/nginx
chkconfig --level 345 nginx on

2.2.修改nginx配置文件,位于:/usr/local/nginx/conf/目录

mkdir -p /var/cache/nginx/cached
chmod 600 /var/cache/nginx/cached
cd /usr/local/nginx/conf/
mv nginx.conf nginx.conf.bak
mkdir vhosts
vi nginx.conf

输入以下内容:

worker_processes  2;worker_rlimit_nofile  20480;events {worker_connections  20480;use epoll;}error_log  /usr/local/nginx/logs/error.log info;http {server_name_in_redirect off;server_names_hash_max_size 2048;server_names_hash_bucket_size 256;include    mime.types;default_type  application/octet-stream;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout  60;gzip on;gzip_http_version 1.0;gzip_min_length  1100;gzip_comp_level  3;gzip_buffers  4 32k;# gzip_types    text/plain application/x-javascript text/xml text/css;gzip_types    text/plain text/xml text/css application/x-javascript application/xml application/xml+rss text/javascript application/atom+xml;ignore_invalid_headers on;client_header_timeout  300;client_body_timeout 300;send_timeout     30;reset_timedout_connection on;connection_pool_size  256;client_header_buffer_size 256k;large_client_header_buffers 4 256k;request_pool_size  32k;output_buffers   4 32k;postpone_output  1460;proxy_cache_path  /var/cache/nginx/cached levels=2:2 keys_zone=global:100m inactive=60m max_size=500m;proxy_temp_path  /tmp/nginx_proxy;include "/usr/local/nginx/conf/vhosts/*.conf";}

保存退出.

五.为apache安装rpaf模块,该模块用于apache做后端时获取访客真实的IP.

1.使用apxs安装模块.这里要使用此前apache编译安装后的apxs

cd /usr/local/src/
tar -zxf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

2.编辑/usr/local/apache/conf/httpd.conf,添加模块参数,查找LoadModule php5_module modules/libphp5.so,在下方添加:

LoadModule rpaf_module modules/mod_rpaf-2.0.so
#Mod_rpaf settings
RPAFenable On
RPAFproxy_ips 127.0.0.1 [your_ips]
RPAFsethostname On
RPAFheader X-Forwarded-For

上面出现的[your_ips]请修改为你本机所监听web服务的ip.多个IP用空格空开.

六.安装ftp服务器:pure-ftpd

1.编译安装

cd /usr/local/src/
tar -zxf pure-ftpd-1.0.28.tar.gz
cd pure-ftpd-1.0.28
./configure --prefix=/usr/local/pureftpd --with-language=simplified-chinese --with-everything
make
make install
chmod 755 configuration-file/pure-config.pl
cp configuration-file/pure-config.pl /usr/local/pureftpd/sbin/
mkdir /usr/local/pureftpd/etc/
cp configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/
ln -s /usr/local/pureftpd/bin/pure-pw /usr/local/bin/

2.配置pure-ftpd,这里采用PureDB的验证方式.

vi /usr/local/pureftpd/etc/pure-ftpd.conf

查找 PureDB /etc/pureftpd.pdb 取消前面的#号并设置成PureDB/usr/local/pureftpd/etc/pureftpd.pdb
查找 PassivePortRange 取消前面的#号
其他参数根据需要进行修改

3.添加自启动.这里不创建init脚本.直接放在/etc/rc.local启动即可

echo "/usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize" >> /etc/rc.local

至此.所有安装工作结束.

如何使用这套系统

一,做好必要的安全工作

设置用户家目录/home/user,相关配置参数文件,以及访问日志等目录的权限.

chmod 711 /home
chmod 711 /usr/local/pureftpd/etc
chmod 711 /usr/local/apache/conf/vhosts
chmod 711 /usr/local/nginx/conf/vhosts
chmod 711 /usr/local/apache/domlogs
chmod 711 /usr/local/apache/logs
chmod 600 /var/cache/nginx/cached

二,如何创建用户

创建用户分两个步骤.第一步创建系统用户.该命令直接创建用户家目录.第二步创建ftp用户.创建该用户依赖系统用户的创建.步骤如下(以创建用户名为admin为例):

useradd admin -m -s /sbin/nologin
pure-pw useradd admin -u admin -g admin -d /home/admin -m[第一次执行不可用]
pure-pw mkdb[仅限第一次执行]

注意.通过上述方法安装的ftp服务器在第一次创建用户的时候不可以在pure-pw useradd ...后直接添加参数-m更新ftp用户数据库.需要分两步执行.以后可以直接在创建用户时在后面添加参数-m,执行之后会提示让你输入密码.需要重复输入两次.

三.如何绑定域名

由于采用前后端操作.因此需要修改两个服务器软件的虚拟主机参数.实例如下(以admin.com为例,用户目录承接上文的/home/admin):

1.创建nginx虚拟主机参数

首先先把公共cache参数和proxy参数写进文件中

cd /usr/local/nginx/conf
touch cache.inc proxy.inc

然后分别编辑者两个文件。

vi cache.inc

proxy_cache       global;
proxy_cache_key   $host$uri$is_args$args;
#proxy_cache_valid 200 302 10m;
#proxy_cache_valid 301 1h;
#proxy_cache_valid any 1m;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size   56m;

vi proxy.inc

proxy_connect_timeout 30s;
proxy_send_timeout   300;
proxy_read_timeout   300;
proxy_buffer_size    64k;
proxy_buffers     16 32k;
proxy_busy_buffers_size 64k;
#proxy_pass http://127.0.0.1:81;
proxy_redirect  off;
proxy_hide_header  Vary;
proxy_set_header   Host   $host;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

然后再编辑虚拟主机文件就会很清晰了

cd /usr/local/nginx/conf/vhosts
touch admin.com.conf
vi admin.com.conf
输入以下内容:

server {error_log /var/log/nginx/vhost-error_log warn;listen 127.0.0.1:80;server_name admin.com www.admin.com;access_log /usr/local/apache/domlogs/admin.com combined;location / {root /home/admin/public_html;proxy_cache_valid 200 301 302 10m;proxy_cache_valid any 1m;expires 1d;proxy_pass http://127.0.0.1:81;include proxy.inc;include cache.inc;}location ~ .*/.(jpg|jpeg|png|gif|bmp|ico|js|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {proxy_cache_valid  200 10s;expires 7d;proxy_pass http://127.0.0.1:81;include proxy.inc;include cache.inc;}location ~ .*/.(php|jsp|cgi)?$ {proxy_pass http://127.0.0.1:81;include proxy.inc;}location ~ //.ht {deny all;}}

保存退出,注意将上述出现的127.0.0.1替换本机监听web服务的IP

2.创建apache虚拟主机配置文件

cd /usr/local/apache/conf/vhosts
touch admin.com.conf
vi admin.com.conf
输入以下内容:

<VirtualHost 127.0.0.1:81> ServerName admin.com ServerAlias www.admin.com DocumentRoot /home/admin/public_html ServerAdmin admin@evlit.com UseCanonicalName Off php_admin_value open_basedir "/home/admin:/usr/lib/php:/usr/local/lib/php:/tmp" <IfModule !mod_disable_suexec.c> SuexecUserGroup admin admin </IfModule> ScriptAlias /cgi-bin/ /home/admin/public_html/cgi-bin/</VirtualHost>

保存退出,注意将上述出现的127.0.0.1替换本机监听web服务的IP,用户名admin改为虚拟主机用户的名称.

四.如何管理MySQL数据库

1.下载最新版PhpMyAdmin源码包

mkdir -p /var/www/html
chmod -R 711 /var/www
cd /var/www/html
wget http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.3.3/phpMyAdmin-3.3.3-all-languages.zip/download
unzip phpMyAdmin-3.3.3-all-languages.zip
mv phpMyAdmin-3.3.3-all-languages phpmyadmin

2.增加apache配置,编辑httpd.conf,转到最后一行

cd /usr/local/apache/conf
vi httpd.conf /* shift+g转到最后一行 */
#Managed Tools
<VirtualHost 127.0.0.1:81 *>
ServerName localhost
ServerAlias pma.*
DocumentRoot /var/www/html/phpmyadmin
ServerAdmin admin@localhost
UseCanonicalName Off
</VirtualHost>

同样,修改上述出现的127.0.0.1为你提供web服务的IP.重启apache后.我们打开绑定到服务器IP的pma.yourdomain.com即可访问到phpmyadmin.第一次使用.需要进行配置.具体配置请善用Google.

其他没有照顾到的地方自行添加即可.如perl,sendmail等.