1. 首页
  2. 移动端
  3. 基于CentOS构建高性能的LAMP平台

基于CentOS构建高性能的LAMP平台

移动端阅读 2961
  • #vi init.sh
  • -------------------cut begin-------------------------------------------
  • #welcome
  • cat << EOF
  • +--------------------------------------------------------------+
  • | === Welcome to Centos System init === |
  • +--------------http://www.linuxtone.org------------------------+
  • +----------------------Author:NetSeek--------------------------+
  • EOF
  • #disable ipv6
  • cat << EOF
  • +--------------------------------------------------------------+
  • | === Welcome to Disable IPV6 === |
  • +--------------------------------------------------------------+
  • EOF
  • echo "alias net-pf-10 off" >> /etc/modprobe.conf
  • echo "alias ipv6 off" >> /etc/modprobe.conf
  • /sbin/chkconfig --level 35 ip6tables off
  • echo "ipv6 is disabled!"
  • #disable selinux
  • sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
  • echo "selinux is disabled,you must reboot!"
  • #vim
  • sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
  • echo 'syntax on' > /root/.vimrc
  • #zh_cn
  • sed -i -e 's/^zh_CN.GB18030"/' /etc/sysconfig/i18n
  • #tunoff services
  • #--------------------------------------------------------------------------------
  • cat << EOF
  • +--------------------------------------------------------------+
  • | === Welcome to Tunoff services === |
  • +--------------------------------------------------------------+
  • EOF
  • #---------------------------------------------------------------------------------
  • for i in `ls /etc/rc3.d/S*`
  • do
  • CURSRV=`echo $i|cut -c 15-`
  • echo $CURSRV
  • case $CURSRV in
  • crond | irqbalance | microcode_ctl | network | random | sendmail | sshd | syslog | local | mysqld )
  • echo "Base services, Skip!"
  • ;;
  • *)
  • echo "change $CURSRV to off"
  • chkconfig --level 235 $CURSRV off
  • service $CURSRV stop
  • ;;
  • esac
  • done
  • -------------------cut end-------------------------------------------
  • #sh init.sh (执行上面保存的脚本,仍后重启)
复制代码二、编译安装基本环境

1. 安装准备

1) 系统约定

软件源代码包存放位置 /usr/local/src

源码包编译安装位置(prefix) /usr/local/software_name

脚本以及维护程序存放位置 /usr/local/sbin

MySQL 数据库位置 /data/mysql/data(可按情况设置)

Apache 网站根目录 /data/www/wwwroot(可按情况设置)

Apache 虚拟主机日志根目录 /data/www/logs(可按情况设置)

Apache 运行账户 www:www (useradd -d /data/www/;chown www.www /data/www/wwwroot)

2) 系统环境部署及调整

检查系统是否正常

# tail -n100 /var/log/messages (检查有无系统级错误信息)

# dmesg (检查硬件设备是否有错误信息)

# ifconfig(检查网卡设置是否正确)

# ping www.linuxtone.org (检查网络是否正常)

3) 使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称)

#rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

#yum install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel \

ncurses-devel zlib-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel libXpm-devel \

gettext-devel pam-devel kernel

4) 定时校正服务器时钟,定时与中国国家授时中心授时服务器同步

# crontab -e

加入一行:

15 3 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1

2. 编译安装软件包

源码编译安装所需包(Source)

1) GD2

# cd /usr/local/src

# tar xvf gd-2.0.35.tar.gz

# cd gd-2.0.35

# ./configure --prefix=/usr/local/gd2

# make

# make install

2) LibXML2

# cd /usr/local/src

# tar xvf libxml2-2.6.29.tar.bz2

# cd libxml2-2.6.29

# ./configure --prefix=/usr/local/libxml2

# make

# make install

3) LibMcrypt

# cd /usr/local/src

# tar xvf libmcrypt-2.5.8.tar.bz2

# cd libmcrypt-2.5.8

# ./configure --prefix=/usr/local/libmcrypt

# make

# make install

4) Apache日志截断程序

# cd /usr/local/src

# tar xvf cronolog-1.6.2.tar.gz

# cd cronolog-1.6.2

# ./configure --prefix=/usr/local/cronolog

# make

# make install

3. 升级OpenSSL和OpenSSH

# cd /usr/local/src

# tar xvf openssl-0.9.8g.tar.gz

# cd openssl-0.9.8g

# ./config --prefix=/usr/local/openssl

# make

# make test

# make install

# cd ..

# tar xvf openssh-5.0p1.tar.gz

# cd openssh-5.0p1

# ./configure \

"--prefix=/usr" \

"--with-pam" \

"--with-zlib" \

"--sysconfdir=/etc/ssh" \

"--with-ssl-dir=/usr/local/openssl" \

"--with-md5-passwords"

# make

# make install

1) 禁用 SSH V1 协议

找到#Protocol 2,1改为:Protocol 2

2) 禁用服务器端GSSAPI

找到以下两行,并将它们注释:

GSSAPIAuthentication yes

GSSAPICleanupCredentials yes

3) 禁用 DNS 名称解析

找到:#UseDNS yeas改为:UseDNS no

4)禁用客户端 GSSAPI

# vi /etc/ssh/ssh_config 找到:GSSAPIAuthentication yes 将这行注释掉。

最后,确认修改正确后重新启动 SSH 服务

# service sshd restart

# ssh -v

确认 OpenSSH 以及 OpenSSL 版本正确。

以上SSH配置可利用以下脚本自动修改:

  • -------------------cut begin-------------------------------------------
  • #init_ssh
  • ssh_cf="/etc/ssh/sshd_config"
  • sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf
  • sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf
  • #client
  • sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' $ssh_cf
  • echo "ssh is init is ok.............."
  • -------------------cut end---------------------------------------------
复制代码

三、编译安装A.M.P环境

1.下载软件编译安装

1)下载软件

# cd /usr/local/src

httpd-2.2.8.tar.gz

mysql-5.0.51b.tar.gz

php-5.2.6.tar.bz2

ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz

2) 安装MySQL

查看分析你的CPU型号:

http://gentoo-wiki.com/Safe_Cflags 查找您的GCC编译参数.

确定系统CPU类型:

# cat /proc/cpuinfo | grep "model name"

执行后会看到系统中CPU的具体型号,记下CPU型号。

# tar xvf mysql-5.0.51b.tar.gz

# cd mysql-5.0.51b

# vi mysql.sh

  • -------------------cut begin-------------------------------------------
  • CHOST="i686-pc-linux-gnu"
  • CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
  • CXXFLAGS="${CFLAGS}"
  • ./configure \
  • "--prefix=/usr/local/mysql" \
  • "--localstatedir=/data/mysql/data" \
  • "--with-comment=Source" \
  • "--with-server-suffix=-LinuxTone" \
  • "--with-mysqld-user=mysql" \
  • "--without-debug" \
  • "--with-big-tables" \
  • "--with-charset=utf8" \
  • "--with-collation=utf8_chinese_ci" \
  • "--with-extra-charsets=all" \
  • "--with-pthread" \
  • "--enable-static" \
  • "--enable-thread-safe-client" \
  • "--with-client-ldflags=-all-static" \
  • "--with-mysqld-ldflags=-all-static" \
  • "--enable-assembler" \
  • "--without-isam" \
  • "--without-innodb" \
  • "--without-ndb-debug"
  • make && make install
  • mkdir -p /data/mysql/data
  • useradd mysql -d /data/mysql -s /sbin/nologin
  • /usr/local/mysql/bin/mysql_install_db --user=mysql
  • cd /usr/local/mysql
  • chown -R root:mysql .
  • chown -R mysql /data/mysql/data
  • cp share/mysql/my-huge.cnf /etc/my.cnf
  • cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
  • chmod 755 /etc/rc.d/init.d/mysqld
  • chkconfig --add mysqld
  • /etc/rc.d/init.d/mysqld start
  • cd /usr/local/mysql/bin
  • for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done
  • -------------------cut end---------------------------------------------
复制代码#sh mysql.sh 即可开始编译.

3) 编译安装Apache

# cd /usr/local/src

# tar xvf httpd-2.2.8.tar.gz

# cd httpd-2.2.8

  • ./configure \
  • "--prefix=/usr/local/apache2" \
  • "--with-included-apr" \
  • "--enable-so" \
  • "--enable-deflate=shared" \
  • "--enable-expires=shared" \
  • "--enable-rewrite=shared" \
  • "--enable-static-support" \
  • "--disable-userdir"
  • make
  • make install
  • echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
复制代码4.)编译安装PHP

# cd /usr/local/src

# tar xjvf php-5.2.6.tar.bz2

# cd php-5.2.6

  • ./configure \
  • "--prefix=/usr/local/php" \
  • "--with-apxs2=/usr/local/apache2/bin/apxs" \
  • "--with-config-file-path=/usr/local/php/etc" \
  • "--with-mysql=/usr/local/mysql" \
  • "--with-libxml-dir=/usr/local/libxml2" \
  • "--with-gd=/usr/local/gd2" \
  • "--with-jpeg-dir" \
  • "--with-png-dir" \
  • "--with-bz2" \
  • "--with-freetype-dir" \
  • "--with-iconv-dir" \
  • "--with-zlib-dir " \
  • "--with-openssl=/usr/local/openssl" \
  • "--with-mcrypt=/usr/local/libmcrypt" \
  • "--enable-soap" \
  • "--enable-gd-native-ttf" \
  • "--enable-ftp" \
  • "--enable-mbstring" \
  • "--enable-exif" \
  • "--disable-ipv6" \
  • "--disable-cgi" \
  • "--disable-cli" #禁掉ipv6,禁掉cli模式,提升速度和安全性.请根据具体需求定制相关的编译数.
  • make
  • make install
  • mkdir /usr/local/php/etc
  • cp php.ini-dist /usr/local/php/etc/php.ini
复制代码5)Xcache的安装.

#tar xvf xcache-1.2.2.tar.gz

  • #/usr/local/php/bin/phpize
  • ./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php/bin/php-config \
  • --enable-inline-optimization --disable-debug
复制代码#vi /usr/local/php/etc/php.ini (将以下内容加入php.ini最后面)
  • -------------------cut begin-------------------------------------------
  • [xcache-common]
  • zend_extension = /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/xcache.so
  • [xcache.admin]
  • xcache.admin.user = "admin"
  • ;如何生成md5密码: echo -n "password"| md5sum
  • xcache.admin.pass = "035d849226a8a10be1a5e0fec1f0f3ce" #密码为52netseek
  • [xcache]
  • ; Change xcache.size to tune the size of the opcode cache
  • xcache.size = 24M
  • xcache.shm_scheme = "mmap"
  • xcache.count = 4
  • xcache.slots = 8K
  • xcache.ttl = 0
  • xcache.gc_interval = 0
  • ; Change xcache.var_size to adjust the size of variable cache
  • xcache.var_size = 8M
  • xcache.var_count = 1
  • xcache.var_slots = 8K
  • xcache.var_ttl = 0
  • xcache.var_maxttl = 0
  • xcache.var_gc_interval = 300
  • xcache.test = Off
  • xcache.readonly_protection = On
  • xcache.mmap_path = "/tmp/xcache"
  • xcache.coredump_directory = ""
  • xcache.cacher = On
  • xcache.stat = On
  • xcache.optimizer = Off
  • [xcache.coverager]
  • xcache.coverager = On
  • xcache.coveragedump_directory = ""
  • -------------------cut end---------------------------------------------
复制代码6) 安装Zend Optimizer

# cd /usr/local/src

# tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz

# ./ZendOptimizer-3.3.3-linux-glibc23-i386/install.sh

安装Zend Optimizer过程的最后不要选择重启Apache。

2. 整合Apache与PHP及系统初化配置.

1)整合Apache与PHP

# vi /usr/local/apache2/conf/httpd.conf

找到:

AddType application/x-gzip .gz .tgz

在该行下面添加

AddType application/x-httpd-php .php

找到:

<IfModule dir_module>

DirectoryIndex index.html

</IfModule>

将该行改为

<IfModule dir_module>

DirectoryIndex index.html index.htm index.php

</IfModule>

找到:

#Include conf/extra/httpd-mpm.conf

#Include conf/extra/httpd-info.conf

#Include conf/extra/httpd-vhosts.conf (虚拟主机配置文件存放目录.)

#Include conf/extra/httpd-default.conf

去掉前面的“#”号,取消注释。

注意:以上 4 个扩展配置文件中的设置请按照相关原则进行合理配置!

修改完成后保存退出。

# /usr/local/apache2/bin/apachectl restart

2)查看确认L.A.M.P环境信息、提升 PHP 安全性

在网站根目录放置 info.php 脚本,检查phpinfo中的各项信息是否正确。

<?php

phpinfo();

?>

确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性,禁掉危险的函数.

# vi /etc/php.ini找到:disable_functions =设置为:phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server

3)脚本自动完成初始化配置(以上配置可以用脚本自动化完成)

#cat init_apache_php.sh

  • -------------------cut begin-------------------------------------------
  • #!/bin/bash
  • #Written by :NetSeek http://www.linuxtone.org
  • #init_httpd.conf
  • http_cf="/usr/local/apache2/conf/httpd.conf"
  • sed -i -e "s/User daemon/User www/" -i -e "s/Group daemon/Group www/" $http_cf
  • sed -i -e '121 s/^/#/' -i -e '122 s/^/#/' $http_cf
  • sed -i 's#DirectoryIndex index.html# DirectoryIndex index.php index.html index.htm#/g' $http_cf
  • sed -i -e '374 s/^#//g' -i -e '389 s/^#//g' -i -e '392 s/^#//g' -i -e '401 s/^#//g' $http_cf
  • #init_php(PHP安全设置及隐藏PHP版本)
  • php_cf="/usr/local/php/etc/php.ini"
  • sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $php_cf
  • sed -i '210 s#disable_functions =#disable_functions = phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $php_cf
  • sed -i '/expose_php/s/On/Off/' $php_cf
  • sed -i '/display_errors/s/On/Off/' $php_cf
  • -------------------cut end-------------------------------------------
复制代码三、配置虚拟主机及基本性能调优

1) 配置虚拟主机:

#vi /usr/local/apache2/conf/extra/httpd-vhosts.conf

  • NameVirtualHost *:80
  • <VirtualHost *:80>
  • ServerAdmin cnseek@gmail.com
  • DocumentRoot "/data/www/wwwroot/linuxtone.org"
  • ServerName www.linuxtone.org
  • ServerAlias bbs.linxutone.org
  • ErrorLog "logs/dummy-host.example.com-error_log"
  • CustomLog "|/usr/sbin/cronolog /data/logs/access_www.linuxtone.org.%Y%m%d" combined
  • </VirtualHost>
复制代码2).基本性能调优参考:(更多的调优相关文章请关注:http://bbs.linuxtone.org/index.html性能调优相关的贴子)

#vi /usr/local/apache2/conf/extra/httpd-default.conf

  • Timeout 15
  • KeepAlive Off
  • MaxKeepAliveRequests 50
  • KeepAliveTimeout 5
  • UseCanonicalName Off
  • AccessFileName .htaccess
  • ServerTokens Prod
  • ServerSignature Off
  • HostnameLookups Off
复制代码#vi /usr/local/apache2/conf/extra/httpd-mpm.conf
  • <IfModule mpm_prefork_module>
  • ServerLimit 2000
  • StartServers 10
  • MinSpareServers 10
  • MaxSpareServers 15
  • MaxClients 2000
  • MaxRequestsPerChild 10000
  • </IfModule>
复制代码3).Apache日志处理相关问题汇总贴(http://bbs.linuxtone.org/thread-102-1-1.html)

利用awstats分析网站日志:http://bbs.linuxtone.org/thread-56-1-1.html

忽略不需要的日志配置参考具体请据据具体问题分析:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

#下面加入如下内容:

  • # filter the localhost visit
  • SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
  • # filter some special directories
  • SetEnvIf Request_URI "^ZendPlatform.*[code]
  • # filter the localhost visit
  • SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
  • # filter some special directories
  • SetEnvIf Request_URI "^ZendPlatform.*[ DISCUZ_CODE_9 ]quot; dontlog
  • SetEnvIf Request_URI \.healthcheck\.html$ dontlog
  • SetEnvIf Remote_Addr "::1" dontlog
  • SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog
  • SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog
  • SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog
  • SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog
  • SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog
复制代码quot; dontlog

SetEnvIf Request_URI \.healthcheck\.html$ dontlog

SetEnvIf Remote_Addr "::1" dontlog

SetEnvIf Request_URI "\.getPing.php[ DISCUZ_CODE_9 ]quot; dontlog

SetEnvIf Request_URI "^/error\.html[ DISCUZ_CODE_9 ]quot; dontlog

SetEnvIf Request_URI "\.gif[ DISCUZ_CODE_9 ]quot; dontlog

SetEnvIf Request_URI "\.jpg[ DISCUZ_CODE_9 ]quot; dontlog

SetEnvIf Request_URI "\.css[ DISCUZ_CODE_9 ]quot; dontlog

[/code]4). Apache防盗链(Apache防盗链相关问题汇总:http://bbs.linuxtone.org/thread-101-1-1.html)

  • RewriteEngine on
  • RewriteCond %{HTTP_REFERER} !^$
  • RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
  • RewriteRule \.(gif|jpg)$ http://网站域名/nolink.png [R,L]
复制代码四、基本安全设置

1)iptables 封锁相关端口(推荐读CU白金大哥的两小时玩转iptables)

2)SSH全安(修改SSH端口限制来源IP登陆,或者参考http://bbs.linuxtone.org/thread-106-1-1.html)

3)Linux防Arp攻击策略(http://bbs.linuxtone.org/thread-41-1-1.html)

4)注意(还是那句老话:安全工作从细节做起!)

五、附录及相关介绍

1)参考文档(感谢):

Discuz!公司Nanu先生文章的相关链接:

http://bbs.linuxpk.com/thread-13325-1-2.html

http://www.discuz.net/thread-722804-1-1.html

配置全能WEB(05年文章参考):http://bbs.linuxpk.com/thread-437-1-2.html

LinuxTone.Org(Apache相关问题专题贴):http://bbs.linuxtone.org/thread-88-1-1.html

感谢网友eddiechen提出相关问题!

1)利用Nginx替代apache实现高性能的Web环境(第一版): http://bbs.linuxtone.org/thread-7-1-1.html

第二版详细安全配置近期更新,请实时关注:http://bbs.linuxtone.org/(网站服务器版)

2)关于LinuxTone.Org(IT运维专家论坛):

目标:期望和大家一起努力打造一个专注IT运维,Linux集群架构的开放互动讨论平台!期待您的加入!

我们很乐意把平时工作中遇到的问题和得到的经验与大家共同分享相互学习!

如果你是Linux爱好者?

如果你目前在网站服务器方面遇到很多头痛的问题?

如果你目前的站就使用了Linux?或者你想将你的Linux的apache迁于至高性能的Nginx?

如果您使用的是WAMP(即Windows平台的AMP)平台想迁移至LAMP?

如果你目前的网站需要优化进一步提升硬件性能?

如果你目前的网站需要负载均衡集群架构方案? 请联系我们!

我们愿意抽出空余时间免费热心为你解答相关问题,协助你完成所有相关工作!共同分享!共同进步!

同时也热情期待你能加入http://www.linuxtone.org 帮我一起完善论坛建设工作,完成每版置顶的手册形成可操作性

强的文档及方案,方便大家一起学习进步!联系方式:QQ:67888954 MSN:cnseek@msn.com Gtalk:cnseek@gmail.com

相关推荐

Copyright © 2008-2024渝ICP备2022006305号-5.

本站所有数据收集于网络如有侵犯到您的权益请联系,进行下架处理。