yum install gcc gcc-c++ zlib-devel pcre pcre-devel apr apr-devel epel-release libcurl-devel libtool-ltdl-devel libxml2-devel openssl openssl-devel libpng libpng-devel freetype freetype-devel libjpeg libjpeg-devel libmcrypt-devel -y
#2.1.下载mysql
wget http://syslab.comsenz.com/downloads/linux/mysql-5.1.40-linux-i686-icc-glibc23.tar.gz
#2.2.解压mysql
tar zxvf /usr/local/src/mysql-5.1.40-linux-i686-icc-glibc23.tar.gz
mv mysql-5.1.40-linux-i686-icc-glibc23 /usr/local/mysql
#2.3.添加mysql用户
useradd -s /sbin/nologin mysql
#2.4.添加目录,增加权限
cd /usr/local/mysql
mkdir -p /data/mysql
chown -R mysql:mysql /data/mysql
#2.5.编译运行
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
#2.6.拷贝文件
cp support-files/my-large.cnf /etc/my.cnf
cp support-files/mysql.server /etc/init.d/mysqld
#2.7.启动文件增加执行权限
chmod 755 /etc/init.d/mysqld
#2.8.修改启动文件的mysql路径
vim /etc/init.d/mysqld
datadir=/data/mysql
#2.9.增加自启和启动mysql
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
#2.10.加入全局变量
vi /etc/profile
export PATH=$PATH:/usr/local/mysql/bin
#2.11.生效文件
source /etc/profile
#3.1.下载php
wget http://am1.php.net/distributions/php-5.3.27.tar.gz
#3.2.解压php
tar zxf php-5.3.27.tar.gz
#3.3.php编译运行
cd php-5.3.27
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --enable-zend-multibyte --disable-ipv6 --with-pear --with-curl --with-openssl
make && make install
#3.4.配置文件
cp /usr/local/src/php.ini-production /usr/local/php/etc/php.ini
#3.4.编辑配置文件
vi /usr/local/php/etc/php-fpm.conf
[global]
pid = /usr/local/php/var/run/php-fpm.pid
error_log = /usr/local/php/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
user = php-fpm
group = php-fpm
listen.owner = nobody
listen.group = nobody
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
#3.5.测试配置文件
/usr/local/php/sbin/php-fpm -t
#3.6.创建用户
adduser -s /sbin/nologin php-fpm
#3.7.启动项
cp /usr/local/src/php-5.3.27/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod 755 /etc/init.d/php-fpm
#3.8.运行和系统启动
service php-fpm start
chkconfig php-fpm on
#3.9.查看php-fpm情况
ps aux |grep php-fpm
#4.1.下载nginx
wget http://nginx.org/download/nginx-1.4.4.tar.gz
#4.2.解压nginx
tar zxf nginx-1.4.4.tar.gz
#4.3.编译运行
cd nginx-1.4.4
./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre
make && make install
#4.4.编辑启动项文件
vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start() {
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload(){
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart(){
stop
start
}
configtest(){
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
#4.5.启动项文件添加执行权限和自启并启动
chmod 755 /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
#5.1. 编辑nginx配置文件
vim /usr/local/nginx/conf/nginx.conf
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
#5.2校验是否配置正确
/usr/local/nginx/sbin/nginx -t
#5.3开启nginx
service nginx start
#5.4.查看nginx是否启动
ps aux |grep nginx
#5.5.编辑php文件
echo "<?php phpinfo();?>" > /usr/local/nginx/html/test.php
#5.6.允许http和https访问
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
$5.7.测试
curl localhost/test.php
#6.1.虚拟host
vi /usr/local/nginx/conf/nginx.conf
listen 80 default;
include hello.conf;
vi /usr/local/nginx/conf/hello.conf
server
{
listen 80;
server_name hello.com
index index.html index.htm index.php;
root /var/www;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
#6.2.401验证
#6.2.1.下载apache
yum install httpd
/usr/bin/htpasswd -c /usr/local/nginx/conf/.htpasswd c4rt1y
#6.4.2.编辑配置文件
vi /usr/local/nginx/conf/hello.conf
#方法一 针对整个网站
vi /usr/local/nginx/conf/hello.conf
server
{
listen 80;
server_name hello.com
index index.html index.htm index.php;
root /var/www;
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
#针对目录
server
{
listen 80;
server_name hello.com
index index.html index.htm index.php;
root /var/www;
location ^~ /icons/{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
#针对单个文件(匹配所有test.php都进行401验证)
server
{
listen 80;
server_name hello.com
index index.html index.htm index.php;
root /var/www;
location ~ test.php{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
#6.3.重定向
#6.3.1.301重定向
server
{
listen 80;
#重定向
server_name hello.com c4rt1y.com
if ( $host != 'hello.com'){
rewrite ^/(.*)$ http://hello.com/$1 permanent;
}
index index.html index.htm index.php;
root /var/www;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
#6.3.2.302重定向
server
{
listen 80;
#重定向
server_name hello.com c4rt1y.com
if ( $host != 'hello.com'){
rewrite ^/(.*)$ http://hello.com/$1 redirect;
}
index index.html index.htm index.php;
root /var/www;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
}
}
#6.4.日志切割
nginxlog.sh
#!/bin/bash
exec > /dev/null 2>&1
datadir = `date -d " -1 day"+ %y%m%d`
log=/tmp/access.log
/bin/mv $log /tmp/$datadir
/etc/init.d/nginx reload
find /tmp/ -type f -name "*log" -mtime +30 -delete
#6.5.静态缓存
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)${
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?${
expires 12h;
access_log off;
}
#6.6.防盗链
location ~* ^.+\.(gif|jpg|png|swf|flv|zip|rar|doc|gz|bz2|jpeg|bmp|xls)${
invalid_referers none blocked server_names *.baidu.com *.google.com
#对google.com和baidu.com不进行防盗链
if(!invalid_referers){
rewite ^/ http://xxx.com/403.html;
return 403;
rewrite ^/ http://xxxx.com/test.gif;
}
}
#6.7.控制user_agent
location / {
if ($http_user_agent ~ 'MSIE 6.0'){
return 403;
}
}
~ 区分大小写匹配
~* 不区分大小写匹配
!~ 区分大小写不匹配
!~* 不区分大小写不匹配
-f 判断文件是否存在
-d 判断是否是目录
-e 判断是否存在目录或者文件
-x 判断是否可以执行
#6.8.反向代理
#方法一:多域名反代
vi vhosts/servername
servername xxx.com test.com
server{
listen 80;
include vhosts/servername;
location / {
proxy_pass http://1.1.1.1; #代理服务器
proxy_set_header $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /dev/null;
}
#方法二:域名反代
upstream aaa.com{
server 10.10.10.10
}
server{
listen 80;
server_name aaatest.com
location / {
proxy_pass http://aaa.com; #代理服务器
proxy_set_header $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /dev/null;
}
upstream bbb.com{
ip_hash; #设置来源IP不变,会话保持
server 10.10.10.10 weight=1 max_fails=3 fail_timeout=30s; #反向代理,权重为1 超时30秒
}
server{
listen 80;
server_name bbbtest.com
location /bbb {
proxy_pass http://bbb.com/bbb/; #代理服务器
proxy_set_header $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /dev/null;
}
#6.9.mysql设置
#编辑my.cnf文件
vi /etc/my.cnf
[mysqld]
skip-name-resolve
skip-innodb
#配置慢查询日志
log_show_queries = /var/log/mysql/slow_queries
log_query_time = 1 #大于1秒才输出的语句会写到上述文件中
#6.10.php-fpm
vi /usr/local/php/sbin/php-fpm
#设置子进程
pm = static / dynamic
static 由pm.max_children 指定固定子进程
dynamic,有以下参数决定
pm.max_children 最大子进程数
pm.start_servers 启动时进程数
pm.min_spare_servers 保证空闲进程数最小,若空闲进程小于此值,则创建新的子进程
pm.max_spare_servers 保证空闲进程数最大,若空闲进程大于此值,则清除子进程
#6.11 隐藏nginx版本信息
vi /usr/local/nginx/conf/nginx.conf
server_tag off;
server_info off;
server_tokens off;