.系统环境:CentOS 5.2,最小化安装,未定制软件,禁用iptables,selinux
主要参考文章:
Nginx 0.7.x + PHP 5.2.8(FastCGI)搭建胜过Apache十倍的Web服务器(第4版)[原创] http://blog.s135.com/nginx_php_v4/
Cherokee Installation on Unix http://www.cherokee-project.com/doc/basics_installation_unix.html
cherokee下设置local与remote方式的php fastcgi http://ipbfans.org/2009/01/cherokee-php-fastcgi-local-remote
RedHat/CentOS下的cherokee的启动脚本 http://ipbfans.org/2009/01/redhat-centos-cherokee-init-script
一、下载所需软件
mkdir /root/download
cd /root/download
vi down.sh
添加以下内容
wget http://sysoev.ru/nginx/nginx-0.7.47.tar.gz
wget http://www.php.net/get/php-5.2.8.tar.gz/from/this/mirror
wget http://php-fpm.anight.org/downloads/head/php-5.2.8-fpm-0.5.10.diff.gz
wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.33.zip/from/http://mysql.mirror.redwire.net/
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.tar.gz
wget “http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0”
wget “http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0”
wget http://pecl.php.net/get/memcache-2.2.5.tgz
wget “http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0”
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz
wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
保存退出
sh down.sh
这样就可以下载了,不用每次复制粘贴过去进行下载
二、安装基本软件
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel
三、安装PHP 5.2.8(FastCGI模式)
1、编译安装PHP 5.2.8所需的支持库:
tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13/
./configure –prefix=/usr/local
make
make install
cd ../
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure –enable-ltdl-install
make
make install
cd ../../
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../
2、编译安装MySQL 5.1.33
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
unzip mysql-5.1.33.zip
cd mysql-5.1.33/
./configure –prefix=/usr/local/webserver/mysql/ –enable-assembler –with-extra-charsets=complex –enable-thread-safe-client –with-big-tables –with-readline –with-ssl –with-embedded-server –enable-local-infile –with-plugins=innobase
make && make install
chmod +w /usr/local/webserver/mysql
chown -R mysql:mysql /usr/local/webserver/mysql
cp support-files/my-medium.cnf /usr/local/webserver/mysql/my.cnf
cd ../
vi /usr/local/webserver/mysql/my.cnf,将其这个选项注解掉
#–skip-federated
①、以mysql用户帐号的身份建立数据表:
/usr/local/webserver/mysql/bin/mysql_install_db –basedir=/usr/local/webserver/mysql –datadir=/usr/local/webserver/mysql/data –user=mysql
②、启动MySQL(最后的&表示在后台运行)
/bin/sh /usr/local/webserver/mysql/bin/mysqld_safe –defaults-file=/usr/local/webserver/mysql/my.cnf &
设置MySQL开机自动运行
vi /etc/rc.local
添加以下内容
/usr/local/webserver/mysql/bin/mysqld_safe –defaults-file=/usr/local/webserver/mysql/my.cnf &
3、编译安装PHP(FastCGI模式)
tar zxvf php-5.2.8.tar.gz
gzip -cd php-5.2.8-fpm-0.5.10.diff.gz | patch -d php-5.2.8 -p1
cd php-5.2.8/
./configure –prefix=/usr/local/webserver/php –with-config-file-path=/usr/local/webserver/php/etc –with-mysql=/usr/local/webserver/mysql –with-mysqli=/usr/local/webserver/mysql/bin/mysql_config –with-iconv-dir=/usr/local –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-discard-path –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets
make ZEND_EXTRA_LIBS=’-liconv’
make install
cp php.ini-dist /usr/local/webserver/php/etc/php.ini
cd ../
4、编译安装PHP5扩展模块
tar zxvf memcache-2.2.5.tgz
cd memcache-2.2.5/
/usr/local/webserver/php/bin/phpize
./configure –with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../
tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3/
/usr/local/webserver/php/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2/
/usr/local/webserver/php/bin/phpize
./configure –with-php-config=/usr/local/webserver/php/bin/php-config –with-pdo-mysql=/usr/local/webserver/mysql
make
make install
cd ../
5、修改php.ini文件
手工修改:查找/usr/local/webserver/php/etc/php.ini中的extension_dir = “./”
修改为extension_dir = “/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/”
并在此行后增加以下几行,然后保存:
extension = “memcache.so”
extension = “pdo_mysql.so”
再查找output_buffering = Off
修改为output_buffering = On
自动修改:若嫌手工修改麻烦,可执行以下shell命令,自动完成对php.ini文件的修改:
sed -i ‘s#extension_dir = “./”#extension_dir = “/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/”\nextension = “memcache.so”\nextension = “pdo_mysql.so”\n#’ /usr/local/webserver/php/etc/php.ini
sed -i ‘s#output_buffering = Off#output_buffering = On#’ /usr/local/webserver/php/etc/php.ini
6、配置eAccelerator加速PHP:
mkdir -p /usr/local/webserver/eaccelerator_cache
vi /usr/local/webserver/php/etc/php.ini
按shift+g键跳到配置文件的最末尾,加上以下配置信息:
[eaccelerator]
zend_extension=”/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”128″
eaccelerator.cache_dir=”/usr/local/webserver/eaccelerator_cache”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”300″
eaccelerator.shm_prune_period=”120″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″
vi /etc/sysctl.conf
修改kernel.shmmax为以下值
kernel.shmmax = 134217728
然后执行以下命令使配置生效:
/sbin/sysctl -p
7、创建www用户和组,以及/var/www:
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /var/www
chown -R www:www /data0/htdocs/blog
8、创建php-fpm配置文件(php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi):
在/usr/local/webserver/php/etc/目录中创建php-fpm.conf文件:
rm -f /usr/local/webserver/php/etc/php-fpm.conf
vi /usr/local/webserver/php/etc/php-fpm.conf
输入以下内容(如果您安装 Nginx + PHP 用于程序调试,请将以下的<value name=”display_errors”>0</value>改为<value name=”display_errors”>1</value>,
以便显示PHP错误信息,否则,Nginx 会报状态为500的空白错误页):
<?xml version=”1.0″ ?>
<configuration>
All relative paths in this config are relative to php’s install prefix
<section name=”global_options”>
Pid file
<value name=”pid_file”>/usr/local/webserver/php/logs/php-fpm.pid</value>
Error log file
<value name=”error_log”>/usr/local/webserver/php/logs/php-fpm.log</value>
Log level
<value name=”log_level”>notice</value>
When this amount of php processes exited with SIGSEGV or SIGBUS …
<value name=”emergency_restart_threshold”>10</value>
… in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator’s shared memory.
<value name=”emergency_restart_interval”>1m</value>
Time limit on waiting child’s reaction on signals from master
<value name=”process_control_timeout”>5s</value>
Set to ‘no’ to debug fpm
<value name=”daemonize”>yes</value>
</section>
<workers>
<section name=”pool”>
Name of pool. Used in logs and stats.
<value name=”name”>default</value>
Address to accept fastcgi requests on.
Valid syntax is ‘ip.ad.re.ss:port’ or just ‘port’ or ‘/path/to/unix/socket’
<value name=”listen_address”>127.0.0.1:9000</value>
<value name=”listen_options”>
Set listen(2) backlog
<value name=”backlog”>-1</value>
Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.
<value name=”owner”></value>
<value name=”group”></value>
<value name=”mode”>0666</value>
</value>
Additional php.ini defines, specific to this pool of workers.
<value name=”php_defines”>
<value name=”sendmail_path”>/usr/sbin/sendmail -t -i</value>
<value name=”display_errors”>1</value>
</value>
Unix user of processes
<value name=”user”>www</value>
Unix group of processes
<value name=”group”>www</value>
Process manager settings
<value name=”pm”>
Sets style of controling worker process count.
Valid values are ‘static’ and ‘apache-like’
<value name=”style”>static</value>
Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
<value name=”max_children”>128</value>
Settings group for ‘apache-like’ pm style
<value name=”apache_like”>
Sets the number of server processes created on startup.
Used only when ‘apache-like’ pm_style is selected
<value name=”StartServers”>20</value>
Sets the desired minimum number of idle server processes.
Used only when ‘apache-like’ pm_style is selected
<value name=”MinSpareServers”>5</value>
Sets the desired maximum number of idle server processes.
Used only when ‘apache-like’ pm_style is selected
<value name=”MaxSpareServers”>35</value>
</value>
</value>
The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when ‘max_execution_time’ ini option does not stop script execution for some reason
‘0s’ means ‘off’
<value name=”request_terminate_timeout”>0s</value>
The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
‘0s’ means ‘off’
<value name=”request_slowlog_timeout”>0s</value>
The log file for slow requests
<value name=”slowlog”>logs/slow.log</value>
Set open file desc rlimit
<value name=”rlimit_files”>51200</value>
Set max core size rlimit
<value name=”rlimit_core”>0</value>
Chroot to this directory at the start, absolute path
<value name=”chroot”></value>
Chdir to this directory at the start, absolute path
<value name=”chdir”></value>
Redirect workers’ stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
<value name=”catch_workers_output”>yes</value>
How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
<value name=”max_requests”>500</value>
Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
<value name=”allowed_clients”>127.0.0.1</value>
Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment
<value name=”environment”>
<value name=”HOSTNAME”>$HOSTNAME</value>
<value name=”PATH”>/usr/local/bin:/usr/bin:/bin</value>
<value name=”TMP”>/tmp</value>
<value name=”TMPDIR”>/tmp</value>
<value name=”TEMP”>/tmp</value>
<value name=”OSTYPE”>$OSTYPE</value>
<value name=”MACHTYPE”>$MACHTYPE</value>
<value name=”MALLOC_CHECK_”>2</value>
</value>
</section>
</workers>
</configuration>
9、启动php-cgi进程,监听127.0.0.1的9000端口,进程数为200(如果服务器内存小于3GB,可以只开启64个进程),用户为www:
ulimit -SHn 51200
/usr/local/webserver/php/sbin/php-fpm start
注:/usr/local/webserver/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,
修改php.ini后不重启php-cgi,重新加载配置文件使用reload。
10、安装ZendOptimizer
wget http://downloads.zend.com/optimizer/3.3.3/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
tar xzf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
cd ZendOptimizer-3.3.3-linux-glibc23-i386
./install
Please specify the location for installing /usr/local/Zend
The following configuration changes have been made: x
x x
x – The php.ini file has been relocated from /usr/local/webserver/php/etc to /usr/local/Zend/etc x
x x
x – A symbolic link for the php.ini file has been created in /usr/local/webserver/php/etc. x
x x
x – The original php.ini was backed up to x
x /usr/local/webserver/php/etc/php.ini-zend_optimizer.bak
ZendOptimize安装后,不用做任何就配置,只需重启php-fpm,就可以与eaccelerator很好地兼容
修改php.ini后
要执行此命令,使配置文件生效,不用重启Cherokee:
/usr/local/webserver/php/sbin/php-fpm restart
三、配置开机自动启动php-fpm
vi /etc/rc.local
在末尾增加以下内容:
ulimit -SHn 51200
/usr/local/webserver/php/sbin/php-fpm start
四、优化Linux内核参数
vi /etc/sysctl.conf
在末尾增加以下内容:
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
使配置立即生效:
/sbin/sysctl -p
五、安装Cherokee
cd /root/download
wget http://www.cherokee-project.com/download/0.99/0.99.9/cherokee-0.99.9.tar.gz
tar xzf cherokee-0.99.9.tar.gz
cd cherokee-0.99.9
./configure –localstatedir=/var –prefix=/usr –sysconfdir=/etc –with-wwwroot=/var/www
make
make install
添加Cherokee启动脚本
因为Cherokee默认提供的安装脚本只适用于debian或ubuntu系统,所以需要手动写,从网上拷贝来一个,稍作修改
vi /etc/init.d/cherokee
#!/bin/bash
#
# chkconfig: 2345 55 25
# description: Cherokee http server
#
. /etc/rc.d/init.d/functions
RETVAL=0
prog=”cherokee”
worker=”$prog”
#base_dir=”/usr/local/cherokee”
conf_file=/etc/cherokee/cherokee.conf
bin_file=/usr/sbin/${worker}
pid_file=/var/run/cherokee.pid.worker
start() {
echo -n $”Starting $prog: ”
daemon $bin_file -C $conf_file -d && success || failure
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/${prog}
return $RETVAL
}
stop() {
echo -n $”Stopping $prog: ”
if [ -r “$pid_file” ]; then
if [ -n `cat $pid_file` ]; then
killproc $bin_file -TERM
else
failure $”Stopping $prog”
fi
else
failure $”Stopping $prog”
fi
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -rf /var/lock/subsys/${prog} ${pid_file}
}
restart() {
stop
sleep 1
start
}
reload() {
echo -n $”Reloading configuration of $prog: ”
killproc $bin_file -HUP
RETVAL=$?
echo
}
logrotate() {
echo -n $”Rotating logs of $prog: ”
killproc $bin_file -USR2
RETVAL=$?
echo
}
case “$1″ in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
logrotate)
logrotate
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $”Usage: $0 {start|stop|restart|reload|status|logrotate}”
exit 1
;;
esac
exit $RETVAL
保存退出
chkconfig –add cherokee
chkconfig –level 235 cherokee on
开启Cherokee的Web管理界面
chkrokee-admin -b &
这里会提供用户名和一次性的密码
整合Cherokee和PHP
打开http://localhost:9090/
用开启chkrokee-admin时生成的admin和密码登录进去后
点击左侧导航栏的“Information Sources”,在右侧“Known sources”下面列出了目前已知的信息源,点击默认的“php”,进入php设置:
Type: “Local Interpreter”(就是本地解释器),一般用在fastcgi的可执行程序与cherokee运行在同一台服务器的情况。
“Remote Host”(就是远程主机),一般用在fastcgi的看执行程序与cherokee不在同一服务器的情况,或者为了保持cherokee和fastcgi进程更好的独立性。
Nick: 这个“信息源”的名称,具体就随意了^^
Connection: “信息源”提供的连接方式,可以设置为“IP地址:端口”的方式(比如:127.0.0.1:9000),也可以设置为Unix的socket(比如/tmp/php.sock)。
Interpreter: “信息源”的解释器,也就是fastcgi的可执行文件以及其运行参数。这里我们将原有值改为:/usr/local/webserver/php/bin/php-cgi -b 9000。
此处的9000为上文php-fpm中定义的9000端口。
Spawn timeout: 超时设置(单位:秒,默认是3秒),用于cherokee与fastcgi进程通信时的超时阀值,这里采用系统默认值,不用填写即可。
本例中设置为:
Type:Local Interpreter
Nick:PHP LOCAL
Connection:127.0.0.1:9000
Interpreter:/usr/local/webserver/php/bin/php-cgi -b 9000
其余均为默认值
左侧选择Hard restart,点击Save(此处只所以选择Hard restart,是因为只有这个才会使配置保存到/etc/cherokee/cherokee.conf,如果是Graceful restart,则只对本此运行有效)
点击左侧导航栏的”Status”,点击右侧”Launch”,这时才可以把Cherokee启动起来。
此时,Cherokee的运行用户和组都是root,这是非常不安全的,这里把它修改为用www用户和组运行
chown www.www /var/log/cherokee.access
chown www.www /var/log/cherokee.error
点击左侧导航栏的”General”,点击“Server Permissions”,将User和Group更改为www,其余默认,左侧选择Hard restart,点击Save。
六、安装vsftpd
yum install vsftpd
vi /etc/vsftpd/vsftpd.conf
将相应内容修改为
#anonymous_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
touch /etc/vsftpd/chroot_list
添加vsftpd自动启动
chkconfig –level 235 vsftpd on
启动vsftpd
service vsftpd start
七、新建站点流程
1、创建目录
mkdir /var/www/test.com
2、新建FTP用户
useradd -g www -d /var/www/test.com -s /sbin/nologin -M test
3、修改test用户名密码
passwd test
4、将用户锁定在主目录下(此例中为/var/www/test.com)
echo test >> /etc/vsftpd/chroot_list
或者
vi /etc/vsftpd/chroot_list
向里面添加test
用户名一行一个
5、更改目录属性
chown -R test.www /var/www/test.com
注意问题
修改cherokee运行用户后,记住要修改cherokee的属主属性,否则会报错