LEMP构建高性能WEB服务器

来源:互联网 发布:java权限管理实现 编辑:程序博客网 时间:2024/05/22 06:32

目录

前言:
一、系统安装
1. 系统分区
2.系统初始化脚本(根据具体需求关闭不需要的服务)

二、编译安装基本环境
1. 安装准备
2. 编译安装软件包

三、编译安装PHP及Nginx
1.PHP(Fastcgi)编译安装
2.安装Nginx

四、Nginx多虚拟主机配置及基本优化(以配置Discuz!论坛为例)
1.配置Nginx虚拟主机(防盗链及expires设置)
2.Nginx搭建下载站点限制并发数和速率.
3.如何实现Nginx身份验证
4.如何实现Nginx目录列表
5.修改Nginx的header伪装服务器
6.减小nginx编译后的文件大小
7.Nginx日志处理

五、基本安全设置策略
六、附录及相关介绍

前言:
本文基于step by step的结构向大家介绍Nginx构建高性能WEB的全过程.并且我们在
生产服务器上运行一个月非常稳定,所以整理出来供大家分享。希望能够帮助
更多的初学者轻松构建高性能的WEB服务器。对文中提到的相关操作有任何问题都可以
到LinuxTone论坛去交流提问,我们将第一时间为你解答,同时把网友的建议加入,及
时更新相关内容.

系统环境:
CentOS 5.1+nginx-0.6.31+php-5.2.6+memcache-2.2.3+xcache-1.2.2+mysql-5.0.51b

一、系统安装

1. 系统分区
/boot 100M左右
SWAP 物理内存的2倍(如果你的物理内存大于4G以上,分配4G即可)
/ 分区15~20G
/usr/local 20G (用于安装软件)
/data 剩余所有空间
*具体分区请根据相关业务划分,具体安装本文不作介绍.

2.系统初始化脚本(根据具体需求关闭不需要的服务)
#vi init.sh
#welcome
cat << EOF
+--------------------------------------------------------------+
| === Welcome to CentOS System init === |
+--------------http://www.linuxtone.org------------------------+
+--------------------------------------------------------------+
EOF

#disable ipv6
cat << EOF
+--------------------------------------------------------------+
| === Welcome to Disable IPV6 === |
+--------------------------------------------------------------+
EOF
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo “alias ipv6 off” >> /etc/modprobe.conf
/sbin/chkconfig –level 35 ip6tables off
echo “ipv6 is disabled!”

#disable selinux
sed -i ‘/SELINUX/s/enforcing/disabled/’ /etc/selinux/config
echo “selinux is disabled,you must reboot!”

#vim
sed -i “8 s/^/alias vi=’vim’/” /root/.bashrc
echo ’syntax on’ > /root/.vimrc

#LANG=en
sed -i -e ’s/^LANG=.*/LANG=”en”/’ /etc/sysconfig/i18n

#tunoff services
#————————————————————–+
cat << EOF
+--------------------------------------------------------------+
| === Welcome to Tunoff services === |
+--------------------------------------------------------------+
EOF
#--------------------------------------------------------------+
for i in `ls /etc/rc3.d/S*`
do
CURSRV=`echo $i|cut -c 15-`

echo $CURSRV
case $CURSRV in
crond | irqbalance | microcode_ctl | network | random | sendmail | sshd | syslog | local | mysqld )
echo "Base services, Skip!"
;;
*)
echo "change $CURSRV to off"
chkconfig --level 235 $CURSRV off
service $CURSRV stop
;;
esac
done

#sh init.sh (执行上面保存的脚本,仍后重启)

二、编译安装基本环境

1. 安装准备
1) 系统约定
软件源代码包存放位置 /usr/local/src
源码包编译安装位置(prefix) /usr/local/software_name
脚本以及维护程序存放位置 /usr/local/sbin
MySQL 数据库位置 /data/mysql/data(可按情况设置)
网站根目录 /data/www/wwwroot(可按情况设置)
虚拟主机日志根目录 /data/logs(可按情况设置)
Nginx运行账户 www:www
in_software_name.sh 存放编译参数脚本 习惯将所有编译脚本存放在in_software_name.sh便于升级和更新软件.

创建网站账号及相关存放目录
groupadd www -g 48
useradd -u 48 -g www www
mkdir -p /data/www/wwwroot
mkdir -p /data/logs
chmod +w /data/www/wwwroot
chown -R www:www /data/www/wwwroot

2) 系统环境部署及调整
检查系统是否正常
# tail -n100 /var/log/messages (检查有无系统级错误信息)
# dmesg (检查硬件设备是否有错误信息)
# ifconfig(检查网卡设置是否正确)
# ping www.linuxtone.org (检查网络是否正常)

3) 使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称)
添加国内镜像源加速软件安装下载速度请参照:http://bbs.linuxtone.org/thread-158-1-1.html

yum -y install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel \
ncurses-devel libtool* zlib-devel libxml2-devel libjpeg-devel libpng-devel libtiff-devel \
fontconfig-devel freetype-devel libXpm-devel gettext-devel curl curl-devel pam-devel kernel

发包装上。

4) 定时校正服务器时钟,定时与中国国家授时中心授时服务器同步
# crontab -e
加入一行:
15 3 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1

5) 下载编译相关的源码包.
#vi list 在list文件里填入以后下载地址列表.
http://www.libgd.org/releases/gd-2.0.35.tar.bz2
http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz
http://jaist.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.bz2
http://jaist.dl.sourceforge.net/sourceforge/mcrypt/mcrypt-2.6.7.tar.gz
http://www.openssl.org/source/openssl-0.9.8h.tar.gz
http://openbsd.md5.com.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz
http://sysoev.ru/nginx/nginx-0.6.31.tar.gz

http://mysql.byungsoo.net/Downloads/MySQL-5.0/mysql-5.0.51b.tar.gz

http://cn2.php.net/get/php-5.2.6.tar.bz2/from/this/mirror
http://php-fpm.anight.org/downloads/head/php-5.2.6-fpm-0.5.8.diff.gz
http://pecl.php.net/get/memcache-2.2.3.tgz
http://xcache.lighttpd.net/pub/Releases/1.2.2/xcache-1.2.2.tar.gz
http://downloads.phpchina.com/zend/optimizer/3.3.3/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz

#vi down.sh 创建下载脚本.

#!/bin/bash
for i in `cat list`
do
wget -c $i
done

#sh down.sh 执行下载脚本即可下载相关软件包.

2. 编译安装软件包
源码编译安装所需包(Source)
1) 升级OpenSSL及OpenSSH

tar xvf openssl-0.9.8h.tar.gz
cd openssl-0.9.8h
#vi in_openssl.sh
./config --prefix=/usr/local/openssl
make
make test
make install
# sh in_openssl.sh

#tar xvf openssh-5.0p1.tar.gz
#cd openssh-5.0p1
# vi in_openssh.sh
./configure \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/openssl" \
"--with-md5-passwords"
make
make install
# sh in_openssh.sh

禁用 SSH V1 协议:找到#Protocol 2,1改为:Protocol 2

禁用服务器端GSSAPI找到以下两行,并将它们注释:
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

禁用 DNS 名称解析
找到:#UseDNS yeas改为:UseDNS no

禁用客户端 GSSAPI
# vi /etc/ssh/ssh_config 找到:GSSAPIAuthentication yes 将这行注释掉。
最后,确认修改正确后重新启动 SSH 服务
#init_ssh.sh
ssh_cf=”/etc/ssh/sshd_config”
sed -i -e ‘74 s/^/#/’ -i -e ‘76 s/^/#/’ $ssh_cf
sed -i “s/#UseDNS yes/UseDNS no/” $ssh_cf
#client
sed -i -e ‘44 s/^/#/’ -i -e ‘48 s/^/#/’ $ssh_cf
echo “ssh is init is ok…………..”
# service sshd restart
# ssh -v 确认 OpenSSH 以及 OpenSSL 版本正确。

以上SSH配置可利用以下脚本自动修改:
#vi init_ssh.sh

#init_ssh.sh
ssh_cf="/etc/ssh/sshd_config"
sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf
sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf
#client
sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' $ssh_cf
echo "ssh is init is ok.............."

#sh init_ssh.sh

[root@servers src]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@servers src]# ssh -v
OpenSSH_5.0p1, OpenSSL 0.9.8h 28 May 2008

2) GD2
# cd /usr/local/src
# tar xvf gd-2.0.35.tar.gz
# cd gd-2.0.35
# vi in_gd2.sh

aclocal
./configure --prefix=/usr/local/gd2
make && make install
# sh in_gd2.sh

3) tar xvf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8

#vi in_libmcrypt.sh
./configure --prefix=/usr/local/libmcrypt && make && make install
#sh in.sh

4) #tar xvf libiconv-1.12.tar.gz
#cd libiconv-1.12
#vi in_iconv.sh

./configure --prefix=/usr && make && make install

#sh in_iconv.sh
5) 编译安装MySQL

# tar xvf mysql-5.0.51b.tar.gz
# cd mysql-5.0.51b
# vi in_mysql.sh

CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors \
-fno-exceptions -fno-rtti -fomit-frame-pointer -ffixed-ebp"
./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/data/mysql/data" \
"--with-comment=Source" \
"--with-server-suffix=-LinuxTone.Org" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset=gbk" \
"--with-collation=gbk_chinese_ci" \
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--without-isam" \
"--without-innodb" \
"--without-ndb-debug"
make && make install
useradd mysql -d /data/mysql -s /sbin/nologin
/usr/local/mysql/bin/mysql_install_db --user=mysql
cd /usr/local/mysql
chown -R root:mysql .
chown -R mysql /data/mysql/data
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
/etc/rc.d/init.d/mysqld start

cd /usr/local/mysql/bin
for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done

#sh in_mysql.sh

三、编译安装PHP及Nginx

1.PHP(Fastcgi)编译安装

1)php-fpm 给PHP(Fastcgi)打补丁
#tar xvf php-5.2.6.tar.bz2
#gzip -cd php-5.2.6-fpm-0.5.8.diff.gz | patch -d php-5.2.6 -p1

2)PHP(Fastcgi)安装.
#cd php-5.2.6
#vi in_php5.sh

./configure \
"--prefix=/usr/local/php-fcgi" \
"--enable-fastcgi" \
"--enable-fpm" \
"--enable-discard-path" \
"--enable-force-cgi-redirect" \
"--with-config-file-path=/usr/local/php-fcgi/etc" \
"--enable-zend-multibyte" \
"--with-mysql=/usr/local/mysql" \
"--with-libxml-dir" \
"--with-iconv-dir=/usr/lib" \
"--with-xmlrpc" \
"--with-gd=/usr/local/gd2" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-bz2" \
"--with-freetype-dir" \
"--with-zlib-dir " \
"--with-openssl=/usr/local/openssl" \
"--with-mcrypt=/usr/local/libmcrypt" \
"--enable-sysvsem" \
"--enable-inline-optimization" \
"--enable-soap" \
"--enable-gd-native-ttf" \
"--enable-ftp" \
"--enable-mbstring" \
"--enable-exif" \
"--disable-debug" \
"--disable-ipv6"
make && make install
cp php.ini-dist /usr/local/php-fcgi/etc/php.ini

#sh in_php5.sh

4)安装Xcache
tar xvf xcache-1.2.2.tar.gz
cd xcache-1.2.2
#vi in_xcache.sh
/usr/local/php-fcgi/bin/phpize
./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php-

fcgi/bin/php-config \
--enable-inline-optimization --disable-debug
make && make install

#sh in_xcache.sh

#vi /usr/local/php-fcgi/etc/php.ini #编辑php.ini在其内容最后加入如下内容:

[xcache-common]
zend_extension = /usr/local/php-fcgi/lib/php/extensions/no-debug-non-zts-20060613/xcache.so

[xcache.admin]
xcache.admin.user = “admin”
;如何生成md5密码: echo -n “password”| md5sum
xcache.admin.pass = “035d849226a8a10be1a5e0fec1f0f3ce” #密码为52netseek

[xcache]
; Change xcache.size to tune the size of the opcode cache
xcache.size = 24M
xcache.shm_scheme = “mmap”
xcache.count = 4
xcache.slots = 8K
xcache.ttl = 0
xcache.gc_interval = 0

; Change xcache.var_size to adjust the size of variable cache
xcache.var_size = 8M
xcache.var_count = 1
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300
xcache.test = Off
xcache.readonly_protection = On
xcache.mmap_path = “/dev/zero”
xcache.coredump_directory = “”
xcache.cacher = On
xcache.stat = On
xcache.optimizer = Off

[xcache.coverager]
xcache.coverager = On
xcache.coveragedump_directory = “”

4)安装Memcache
cd memcache-2.2.3
#vi in_memcache.sh

/usr/local/php-fcgi/bin/phpize
./configure --with-php-config=/usr/local/php-fcgi/bin/php-config
make && make install

#sh in_memcache.sh

5) PHP初始化脚本
# cat init_fcgi.sh


#!/bin/bash
#php-fastcgi.php
fcgi_cf="/usr/local/php-fcgi/etc/php.ini"
sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $fcgi_cf
sed -i '210 s#disable_functions =#disable_functions =

phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_

alter,ini_alter,ini_restore,

dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $fcgi_cf
sed -i '/expose_php/s/On/Off/' $fcgi_cf
sed -i '/display_errors/s/On/Off/' $fcgi_cf
sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/php-fcgi/lib/php/extensions/no-debug-

non-zts-20060613/"\nextension

= "memcache.so"\n#' $fcgi_cf

6)ZendOptimizer-3.3.3-linux-glibc23-i386 (解压后进入目录./install,安提示选择相关的目录及

配置文件存放目录即可)

2.安装Nginx
1)Nginx编译安装

cd nginx-0.6.31
#vi in_nginx.sh

./configure --user=www --group=www --prefix=/usr/local/nginx/ --with-http_stub_status_module --

with-

openssl=/usr/local/openssl
make && make install

sh in_nginx.sh

2)初始化Nginx相关配置
#mkdir /usr/local/nginx/conf/vhosts 创建存放虚拟主机配置文件目录
#cd /usr/local/nginx/conf
#mv nginx.conf nginx.conf_back 将原配置文件备份供以后参考.
#vi nginx.conf 重新创建nginx主配置文件

user www www;

worker_processes 8;

pid /var/run/nginx.pid;
# [ debug | info | notice | warn | error | crit ]
#error_log /var/log/nginx.error_log info;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;

#maxclient = worker_processes * worker_connections / cpu_number
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;
charset gb2312;
server_names_hash_bucket_size 128;

log_format main ‘$remote_addr - $remote_user [$time_local] $request ‘
‘”$status” $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

#access_log /data/www/logs/access.log main;
access_log /dev/null;

sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;

fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/html application/xml;

#
client_max_body_size 10m;
client_body_buffer_size 256k;
#
#proxy_temp_path /dev/shm/proxy_temp;
fastcgi_temp_path /dev/shm/fastcgi_temp;
client_body_temp_path /dev/shm/client_body_temp;

# The following includes are specified for virtual hosts
include vhosts/bbs.linxutone.org.conf;
include vhosts/down.redocn.com.conf;
include vhosts/count.linuxtone.org.conf;
}

fastcgi_pass 127.0.0.1:8085;
fastcgi_index index.php;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
#fastcgi_param REDIRECT_STATUS 200;

#vi /enable_php5.conf Nginx支持PHP配置文件.

3)配置修改php-fpm脚本
配置php-fpm脚本:
cd /usr/local/php-fcgi/etc/
vi php-fpm.conf 修改如下内容:(进入vi编辑器,输入:set nu 显示行号.)
[code]
41 127.0.0.1:8085
62 Unix user of processes
63 www
65 Unix group of processes
66 www
79 128
80
81 Settings group for ‘apache-like’ pm style
82 
83
84 Sets the number of server processes created on

startup.
85 Used only when ‘apache-like’ pm_style is selected
86 20
87
88 Sets the desired minimum number of idle server

processes.
89 Used only when ‘apache-like’ pm_style is selected

90 5
91
92 Sets the desired maximum number of idle server

processes.
93 Used only when ‘apache-like’ pm_style is selected
94 250
104 Set open file desc rlimit
105 51200
106
107 Set max core size rlimit
108 0
109
110 Chroot to this directory at the start
111 
112
113 Chdir to this directory at the start
114 
115
116 Redirect workers’ stdout and stderr into main error log.
117 If not set, they will be redirected to /dev/null, according to

FastCGI specs
118 yes
119
120 How much requests each process should execute before respawn.
121 Useful to work around memory leaks in 3rd party libraries.
122 For endless request processing please specify 0
123 Equivalent to PHP_FCGI_MAX_REQUESTS
124 51200
[code]

4) Nginx+PHP(fastcgi)启动脚本参考:http://bbs.linuxtone.org/thread-372-1-2.html

四、Nginx多虚拟主机配置及基本优化(以配置Discuz!论坛为例)

1.配置Nginx虚拟主机(防盗链及expires设置)
#vi /usr/local/nginx/conf/vhosts/bbs.linuxtone.org.conf


server
{
listen 80;
server_name bbs.linuxtone.org www.linuxtone.org;
index index.html index.php index.htm;
root /data/www/wwwroot/lt/bbs;
#access_log /var/log/nginx/access_bbs.redocn.com.log combined;
location / {
if (!-e $request_filename) {
rewrite ^/archiver/((fid|tid)-[\w\-]+\.html)$ /archiver/index.php?$1

last;
rewrite ^/forum-([0-9]+)-([0-9]+)\.html$ /forumdisplay.php?

fid=$1&page=$2 last;
rewrite ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /viewthread.php?

tid=$1&extra=page%3D$3&page=$2

last;
rewrite ^/space-(username|uid)-(.+)\.html$ /space.php?$1=$2 last;
rewrite ^/tag-(.+)\.html$ /tag.php?name=$1 last;
break;
}

}

#Preventing hot linking of images and other file types
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {
valid_referers none blocked server_names *.linuxtone.org http://localhost;
if ($invalid_referer) {
rewrite ^/ http://bbs.linuxtone.org/images/default/logo.gif;
return 403;
}
}
# Add expires header for static content
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ {
if (-f $request_filename) {
root /data/www/wwwroot/lt/bbs;
expires 1d;
break;
}

}
#support php
location ~ .*\.php?$
{
include enable_php5.conf;
}

}

vi /usr/local/nginx/conf/vhosts/down.redocn.com.conf
limit_zone one $binary_remote_addr 10m;
server
{
listen 80;
server_name down.redocn.com;
index index.html index.htm index.php;
root /data/www/wwwroot/down;
error_page 404 /index.php;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
#Zone limit
location / {
limit_conn one 1;
limit_rate 20k;
}

# serve static files
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /data/www/wwwroot/down;
expires 30d;
}
}

2.Nginx搭建下载站点限制并发数和速率.

3.如何实现Nginx身份验证
实现输入http://count.linuxtone.org/tongji 要求输入用户名和密码验证才可查看内内。配置方

法如下:
创建统计配置文件:

mkdir /usr/local/nginx/conf/htpasswd #创建存放密码的目录
/usr/local/apache2/bin/htpasswd -c /usr/local/nginx/conf/htpasswd/tongji admin

server
{
listen 80;
server_name count.linuxtone.org 211.100.72.138;
index index.html index.php;
root /data/www/wwwroot/count;
access_log /data/logs/access_count.linuxtone.org.log combined;
#error page
error_page 404 http://www.linuxtone.org/error.html;
error_page 500 502 503 504 http://www.linuxtone.org;
#support php
location ~ .*\.php?$
{
include enable_php5.conf;
}

#expires static files
location ~* \.(js|css|jpg|jpeg|gif|png)$ {
if (-f $request_filename) {
access_log off;
expires 1d;
break;
}
}
location ~ ^/(tongji)/ {
root /data/www/wwwroot/count;
auth_basic "LT-COUNT-TongJi";
auth_basic_user_file /usr/local/nginx/conf/htpasswd/tongji;
}

}
4.如何实现Nginx目录列表
在相关虚拟主机配置文件加入如下设置即可,更多请参考官方wiki

location / {
autoindex on;
}

5.修改Nginx的header伪装服务器

cd nginx-0.6.31/src/core
#define NGINX_VERSION "1.2"
#define NGINX_VER "LTWS/" NGINX_VERSION

仍后重新编译nginx即可,查看一下效果:

[root@count ~]# curl -I http://bbs.linuxtone.org

HTTP/1.1 200 OK
Server: LTWS/1.2
Date: Mon, 23 Jun 2008 06:11:17 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: lt__sid=cJN2FT; expires=Mon, 30-Jun-2008 06:11:17 GMT; path=/
Set-Cookie: lt__onlineusernum=228; expires=Mon, 23-Jun-2008 06:16:17 GMT; path=/

6.减小nginx编译后的文件大小 (Reduce file size of nginx)
默认的nginx编译选项里居然是用debug模式(-g)的(debug模式会插入很多跟踪和ASSERT之类),编译以后一个

nginx有好几兆。
去掉nginx的debug模式编译,编译以后只有480K(nginx-0.6.31 , gcc4)。
[root@ssatt local]# du -sh nginx
480K nginx
在auto/cc/gcc,最后几行有:

# debug
CFLAGS="$CFLAGS -g"

注释掉或删掉这几行,重新编译即可

7.Nginx日志处理
[root@count ~]# crontab -l

59 23 * * * /usr/local/sbin/logcron.sh /dev/null 2>&1

[root@count ~]# cat /usr/local/sbin/logcron.sh


#!/bin/bash
log_dir="/data/logs"
time=`date +%Y%m%d`
/bin/mv ${log_dir}/access_linuxtone.org.log ${log_dir}/access_count.linuxtone.org.$time.log
kill -USR1 `cat /var/run/nginx.pid`

0 0