前言:谈到Linux下的web生产环境,大家就会想到apache这个开源服务器软件.apache可以整合 大多数应用,比如jsp,php,cgi,python等等,但是apache过于臃肿以及对静态文件响应过于缓慢让很多使用者感到头疼.而nginx作 为新崛起的服务器软件,在很多方面超出apache,定位也很明确:高性能的 HTTP 和反向代理服务器.因而,本篇主要讲的是nginx作为前端,apache作为后端的应用环境搭建过程.
为什么不使用nginx+php(fastcgi)作为生产环境?
- php(fastcgi)不够稳定,容易出现50x错误,在生成相对复杂的页面时没有优势,长时间占用也会使php-cgi进程死去.
- 在安全性,多用户多站点的权限问题比较严重.php(fastcgi)在应对多用户多站点往往捉襟见肘,不易于实施.
- 整合其他语言,apache表现得游刃有余.资源利用恰到好处.
本教程以CentOS 5.4 32bit为环境.其他Linux发行版本暂未测试.nginx,php,apache,mysql,pureftpd均为最新稳定版.
获取操作系统源更新.
yum update
yum -y install gcc gcc-c++ bison patch unzip mlocate flex wget automake autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel openldap openldap-devel openldap-clients openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel
如果系统默认安装了apache,请先卸载.执行:
yum remove httpd
下载最新稳定版的程序源码包,以下都是到官方网站或sourceforge下载的源码包.
cd /usr/local/src
wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.45.tar.gz/from/http://mysql.he.net/
wget http://www.apache.org/dist/httpd/httpd-2.2.15.tar.gz
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.bz2/download
wget http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download
wget http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download
wget http://www.php.net/get/php-5.2.13.tar.gz/from/this/mirror
wget http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/php5-mail-header.patch
wget http://pecl.php.net/get/memcache-2.2.5.tgz
wget http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
wget http://pecl.php.net/get/imagick-2.3.0.tgz
wget http://download.suhosin.org/suhosin-0.9.29.tgz
wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
wget http://downloads.zend.com/optimizer/3.3.9/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
wget http://monkey.org/~provos/libevent-1.4.13-stable.tar.gz
wget http://memcached.googlecode.com/files/memcached-1.4.4.tar.gz
wget http://sourceforge.net/projects/pcre/files/pcre/8.01/pcre-8.01.tar.gz/download
wget http://nginx.org/download/nginx-0.7.65.tar.gz
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.28.tar.gz
一.安装Mysql.安装最新稳定版5.1.45版本,并没有采用最新开发版.
groupadd mysql -g 27
useradd mysql -u 27 -g 27 -c "MySQL Server" -d /var/lib/mysql -m
cd /usr/local/src
tar -zxf mysql-5.1.45.tar.gz
cd mysql-5.1.45
./configure --prefix=/usr/local/mysql --localstatedir=/var/lib/mysql --with-unix-socket-path=/var/lib/mysql/mysql.sock --with-mysqld-user=mysql --enable-assembler --enable-thread-safe-client --with-extra-charsets=all --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=partition,innodb_plugin,myisam,myisammrg
make && make install
cd ../cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R mysql.mysql /var/lib/mysql
chgrp -R mysql /usr/local/mysql/.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod u+x /etc/init.d/mysql
chkconfig --level 345 mysql on
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
echo "/usr/local/lib" >>/etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config
service mysql start
/usr/local/mysql/bin/mysqladmin -u root password root
service mysql restart
service mysql stop
二.编译安装apache(httpd).apache的执行用户为nobody.
cd /usr/local/src
tar -zxf httpd-2.2.15.tar.gz
cd httpd-2.2.15
./configure --prefix=/usr/local/apache --enable-headers --enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --disable-userdir --with-included-apr --with-mpm=prefork --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ --with-suexec-gidmin=100 --with-suexec-logfile=/usr/local/apache/logs/suexec_log --with-suexec-uidmin=100 --with-suexec-userdir=public_html
make
make install
mkdir /usr/local/apache/domlogs
cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
1.编辑/etc/init.d/httpd,在首行#!/bin/sh下添加:
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.confulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -n 32768
保存退出.
2.配置apache配置参数文件httpd.conf,位于/usr/local/apache/conf/目录
cd /usr/local/apache/conf/
mv httpd.conf httpd.conf.bak
mkdir vhosts
vi httpd.conf
输入以下内容:
1 |
PidFile logs/httpd.pid<br />LockFile logs/accept.lock<br />ServerRoot "/usr/local/apache"<br />Listen 0.0.0.0:81<br />User nobody<br />Group nobody<br />ServerAdmin admin@evlit.com<br />ServerName host.evlit.com<br /><br />Timeout 300<br />KeepAlive Off<br />MaxKeepAliveRequests 100<br />KeepAliveTimeout 5<br />UseCanonicalName Off<br />AccessFileName .htaccess<br />TraceEnable Off<br />ServerTokens ProductOnly<br />FileETag None<br />ServerSignature Off<br />HostnameLookups Off<br /><br /># LoadModule perl_module modules/mod_perl.so<br /><br />DocumentRoot "/usr/local/apache/htdocs"<br /><Directory "/"><br /> Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes -MultiViews SymLinksIfOwnerMatch<br /> Order allow,deny<br /> Allow from all<br /> AllowOverride All<br /></Directory><br /><br /><Directory "/usr/local/apache/htdocs"><br /> Options Includes -Indexes FollowSymLinks<br /> AllowOverride None<br /> Order allow,deny<br /> Allow from all<br /></Directory><br /><br />DefaultType text/plain<br />RewriteEngine on<br />AddType text/html .shtml<br />AddHandler cgi-script .cgi .pl .plx .ppl .perl<br />AddHandler server-parsed .shtml<br /><IfModule mime_module><br /> TypesConfig conf/mime.types<br /> AddType application/perl .pl .plx .ppl .perl<br /> AddType application/x-img .img<br /> AddType application/x-httpd-php .php .php3 .php4 .php5 .php6<br /> AddType application/x-httpd-php-source .phps<br /> AddType application/cgi .cgi<br /> AddType text/x-sql .sql<br /> AddType text/x-log .log<br /> AddType text/x-config .cnf conf<br /> AddType text/x-registry .reg<br /> AddType application/x-compress .Z<br /> AddType application/x-gzip .gz .tgz<br /> AddType text/html .shtml<br /> AddType application/x-tar .tgz<br /> AddType application/rar .rar<br /> AddType application/x-compressed .rar<br /> AddType application/x-rar .rar<br /> AddType application/x-rar-compressed .rar<br /> AddType text/vnd.wap.wml .wml<br /> AddType image/vnd.wap.wbmp .wbmp<br /> AddType text/vnd.wap.wmlscript .wmls<br /> AddType application/vnd.wap.wmlc .wmlc<br /> AddType application/vnd.wap.wmlscriptc .wmlsc<br /></IfModule><br /><br /><IfModule dir_module><br /> DirectoryIndex index.html index.htm index.shtml index.php index.perl index.pl index.cgi<br /></IfModule><br /><br /><Files ~ "^error_log$"><br /> Order allow,deny<br /> Deny from all<br /><br /> Satisfy All<br /></Files><br /><br /><FilesMatch "^\.ht"><br /> Order allow,deny<br /> Deny from all<br /> Satisfy All<br /></FilesMatch><br /><br />ErrorLog "logs/error_log"<br />LogLevel warn<br /><br /><IfModule log_config_module><br /> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined<br /> LogFormat "%h %l %u %t \"%r\" %>s %b" common<br /><br /> <IfModule logio_module><br /> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio<br /> </IfModule><br /> CustomLog "logs/access_log" common<br /></IfModule><br /><br /><IfModule alias_module><br /> ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"<br /></IfModule><br /><br /><Directory "/usr/local/apache/cgi-bin"><br /> AllowOverride None<br /> Options None<br /> Order allow,deny<br /> Allow from all<br /></Directory><br /><br /><IfModule mpm_prefork_module><br /> StartServers 3<br /> MinSpareServers 3<br /> MaxSpareServers 5<br /> MaxClients 150<br /> MaxRequestsPerChild 1024<br /></IfModule><br /><br /><IfModule mod_headers.c><br /><FilesMatch "\.(html|htm|shtml)$"><br />Header set Cache-Control "max-age=3600, must-revalidate"<br /></FilesMatch><br /></IfModule><br /><br />ReadmeName README.html<br />HeaderName HEADER.html<br /><br />IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t<br /><br />Include conf/extra/httpd-languages.conf<br /><br /><Location /server-status><br /> SetHandler server-status<br /> Order deny,allow<br /> Deny from all<br /> Allow from 127.0.0.1<br /></Location><br />ExtendedStatus On<br /><br /><Location /server-info><br /> SetHandler server-info<br /> Order deny,allow<br /> Deny from all<br /> Allow from 127.0.0.1<br /></Location><br /><br /><IfModule ssl_module><br />Listen 0.0.0.0:443<br />AddType application/x-x509-ca-cert .crt<br />AddType application/x-pkcs7-crl .crl<br />SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP<br />SSLPassPhraseDialog builtin<br />SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache<br />SSLSessionCacheTimeout 300<br />SSLMutex file:/usr/local/apache/logs/ssl_mutex<br />SSLRandomSeed startup builtin<br />SSLRandomSeed connect builtin<br /></IfModule><br /><br />#Vhosts<br />NameVirtualHost 127.0.0.1:81<br />NameVirtualHost *<br /><br /><VirtualHost 127.0.0.1:81 *><br /> ServerName host.evlit.com<br /> DocumentRoot /var/www/html<br /> ServerAdmin admin@evlit.com<br /></VirtualHost><br /><br />Include conf/vhosts/* |
上述虚拟主机配置中出现的127.0.0.1请改为你本机公网IP.
三.编译安装php(mod_php)
1.编译安装相关支持库
cd /usr/local/src
tar -zxf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure
make
make installcd /usr/local/src
tar -jxf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make installcd /usr/local/src
tar -jxf mhash-0.9.9.9.tar.bz2
cd mhash-0.9.9.9/
./configure
make
make installln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1cd /usr/local/src
tar -zxf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
2.编译php,这里为php打入补丁.有助于防止邮件发送被滥用(多用户)以及在邮件中提供有价值的信息.补丁介绍信息请访问:http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/
cd /usr/local/src
tar -zxf php-5.2.13.tar.gz
patch -d php-5.2.13 -p1 < php5-mail-header.patch
cd php-5.2.13
./configure --prefix=/usr/local --with-config-file-path=/etc --with-apxs2=/usr/local/apache/bin/apxs --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo=shared --enable-soap --enable-sockets --enable-zip --with-bz2 --with-curl --with-curlwrappers --with-freetype-dir --with-gd --with-gettext --with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr --with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared --with-ttf --with-xmlrpc --with-zlib -with-zlib-dir=/usr
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /etc/php.ini
3.安装php扩展模块
cd /usr/local/src
tar -zxf memcache-2.2.5.tgz
cd memcache-2.2.5/
phpize
./configure --with-php-config=/usr/local/bin/php-config --with-zlib-dir --enable-memcache
make
make installcd /usr/local/src
tar -jxf eaccelerator-0.9.6.tar.bz2
cd eaccelerator-0.9.6/
phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/bin/php-config
make
make install
mkdir -p /tmp/eaccelerator
chmod 777 /tmp/eaccelerator
echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local
echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.localcd /usr/local/src
tar -zxf ImageMagick.tar.gz
cd ImageMagick-*
./configure
make
make installcd /usr/local/src
tar -zxf imagick-2.3.0.tgz
cd imagick-2.3.0/
phpize
./configure --with-php-config=/usr/local/bin/php-config
make
make installcd /usr/local/src
tar -zxf suhosin-0.9.29.tgz
cd suhosin-0.9.29
phpize
./configure
make
make installcd /usr/local/src
tar -zxf ioncube_loaders_lin_x86.tar.gz
cd ioncube
mkdir /usr/local/ioncube
mv ioncube_loader_lin_5.2.so /usr/local/ioncube/cd /usr/local/src
tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
mkdir -p /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
3.1.修改php.ini.
查找/etc/php.ini中的extension_dir = "./".将其修改为extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613/"
查找;include_path = ".:/php/includes",删除前面的分号,并修改为include_path = ".:/usr/lib/php:/usr/local/lib/php"
跳到最后一行,然后添加以下内容:
extension = "memcache.so"
extension = "pdo.so"
extension = "pdo_mysql.so"
extension = "pdo_sqlite.so"
extension = "sqlite.so"
extension = "eaccelerator.so"
eaccelerator.shm_size = 32
eaccelerator.cache_dir = "/tmp/eaccelerator"
eaccelerator.enable = 1
eaccelerator.optimizer = 0
eaccelerator.debug = 0
eaccelerator.name_space = ""
eaccelerator.check_mtime = 1
eaccelerator.filter = ""
eaccelerator.shm_max = 0
eaccelerator.shm_ttl = 3600
eaccelerator.shm_prune_period = 3600
eaccelerator.shm_only = 0
eaccelerator.compress = 0
eaccelerator.compress_level = 9
eaccelerator.keys = shm
eaccelerator.sessions = shm
eaccelerator.content = shmzend_extension = "/usr/local/ioncube/ioncube_loader_lin_5.2.so"
zend_extension = "/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so"
4,安装Memcached(可选)
cd /usr/local/src
tar -xzf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
./configure
make
make install
echo "/usr/local/lib/" > /etc/ld.so.conf.d/libevent.conf
ldconfig -vcd /usr/local/src
tar -xzf memcached-1.4.4.tar.gz
cd memcached-1.4.4
./configure
make
make install
基本使用方法:
启动:/usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost
关闭:killall -9 memcached
四.安装nginx
1.安装pcre库
cd /usr/local/src
tar -zxf pcre-8.01.tar.gz
cd pcre-8.01
./configure
make
make install
2.安装nginx
cd /usr/local/src
tar -zxf nginx-0.7.65.tar.gz
cd nginx-0.7.65
./configure --user=nobody --group=nobody --prefix=/usr/local/nginx --pid-path=/usr/local/nginx/logs/nginx.pid --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --http-client-body-temp-path=/tmp/nginx_client --http-proxy-temp-path=/tmp/nginx_proxy --http-fastcgi-temp-path=/tmp/nginx_fastcgi --with-http_stub_status_module
make
make install
2.1.添加init控制脚本
1 |
#! /bin/sh<br />ulimit -n 65535<br /># Description: Startup script for nginx<br /># chkconfig: 2345 55 25<br /><br />PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin<br />DESC="nginx daemon"<br />NAME=nginx<br />DAEMON=/usr/local/nginx/sbin/$NAME<br />CONFIGFILE=/usr/local/nginx/conf/nginx.conf<br />PIDFILE=/usr/local/nginx/logs/$NAME.pid<br />SCRIPTNAME=/etc/init.d/$NAME<br /><br />set -e<br />[ -x "$DAEMON" ] || exit 0<br /><br />do_start() {<br /> $DAEMON -c $CONFIGFILE || echo -n "nginx already running"<br />}<br /><br />do_stop() {<br /> kill -INT `cat $PIDFILE` || echo -n "nginx not running"<br />}<br /><br />waitforexit() {<br /> count=${2:-30}<br /> while [ 0$count -gt 0 ]<br /> do<br /> PIDS=`ps -C$NAME --no-heading e | grep $DAEMON` || break<br /> PIDS=`echo "$PIDS" | awk '{print $1}' | tr '\n' ' '`<br /> echo Remaining processes: $PIDS<br /> do_stop<br /> sleep 2<br /> count=`expr $count - 1`<br /> done<br /> if [ 0$count -eq 0 ];<br /> then<br /> echo Remaining processes: $PIDS<br /> return 1<br /> fi<br /> return 0<br />}<br /><br />do_reload() {<br />kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"<br />}<br /><br />case "$1" in<br /> start)<br /> echo -n "Starting $DESC: $NAME"<br /> do_start<br /> echo "."<br /> /etc/init.d/httpd start<br /> ;;<br /> stop)<br /> echo -n "Stopping $DESC: $NAME"<br /> do_stop<br /> echo "."<br /> /etc/init.d/httpd stop<br /> ;;<br /> reload)<br /> echo -n "Reloading $DESC configuration..."<br /> do_reload<br /> echo "."<br /> /etc/init.d/httpd restart<br /> ;;<br /> restart)<br /> echo -n "Restarting $DESC: $NAME"<br /> waitforexit "nginx" 20<br /> do_start<br /> echo "."<br /> /etc/init.d/httpd restart<br /> ;;<br /> *)<br /> echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2<br /> exit 3<br /> ;;<br />esac<br /><br />exit 0 |
保存退出,给该文件赋予执行权限并设置开机启动
chmod 755 /etc/init.d/nginx
chkconfig --level 345 nginx on
2.2.修改nginx配置文件,位于:/usr/local/nginx/conf/目录
mkdir -p /var/cache/nginx/cached
chmod 600 /var/cache/nginx/cached
cd /usr/local/nginx/conf/
mv nginx.conf nginx.conf.bak
mkdir vhosts
vi nginx.conf
输入以下内容:
1 |
worker_processes 2;<br />worker_rlimit_nofile 20480;<br />events {<br />worker_connections 20480;<br />use epoll;<br />}<br />error_log /usr/local/nginx/logs/error.log info;<br />http {<br />server_name_in_redirect off;<br />server_names_hash_max_size 2048;<br />server_names_hash_bucket_size 256;<br />include mime.types;<br />default_type application/octet-stream;<br />sendfile on;<br />tcp_nopush on;<br />tcp_nodelay on;<br />keepalive_timeout 60;<br />gzip on;<br />gzip_http_version 1.0;<br />gzip_min_length 1100;<br />gzip_comp_level 3;<br />gzip_buffers 4 32k;<br /># gzip_types text/plain application/x-javascript text/xml text/css;<br />gzip_types text/plain text/xml text/css application/x-javascript application/xml application/xml+rss text/javascript application/atom+xml;<br />ignore_invalid_headers on;<br />client_header_timeout 300;<br />client_body_timeout 300;<br />send_timeout 30;<br />reset_timedout_connection on;<br />connection_pool_size 256;<br />client_header_buffer_size 256k;<br />large_client_header_buffers 4 256k;<br />request_pool_size 32k;<br />output_buffers 4 32k;<br />postpone_output 1460;<br />proxy_cache_path /var/cache/nginx/cached levels=2:2 keys_zone=global:100m inactive=60m max_size=500m;<br />proxy_temp_path /tmp/nginx_proxy;<br />include "/usr/local/nginx/conf/vhosts/*.conf";<br />} |
保存退出.
五.为apache安装rpaf模块,该模块用于apache做后端时获取访客真实的IP.
1.使用apxs安装模块.这里要使用此前apache编译安装后的apxs
cd /usr/local/src/
tar -zxf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
2.编辑/usr/local/apache/conf/httpd.conf,添加模块参数,查找LoadModule php5_module modules/libphp5.so,在下方添加:
LoadModule rpaf_module modules/mod_rpaf-2.0.so
#Mod_rpaf settings
RPAFenable On
RPAFproxy_ips 127.0.0.1 [your_ips]
RPAFsethostname On
RPAFheader X-Forwarded-For
上面出现的[your_ips]请修改为你本机所监听web服务的ip.多个IP用空格空开.
六.安装ftp服务器:pure-ftpd
1.编译安装
cd /usr/local/src/
tar -zxf pure-ftpd-1.0.28.tar.gz
cd pure-ftpd-1.0.28
./configure --prefix=/usr/local/pureftpd --with-language=simplified-chinese --with-everything
make
make install
chmod 755 configuration-file/pure-config.pl
cp configuration-file/pure-config.pl /usr/local/pureftpd/sbin/
mkdir /usr/local/pureftpd/etc/
cp configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/
ln -s /usr/local/pureftpd/bin/pure-pw /usr/local/bin/
2.配置pure-ftpd,这里采用PureDB的验证方式.
vi /usr/local/pureftpd/etc/pure-ftpd.conf
查找 PureDB /etc/pureftpd.pdb 取消前面的#号并设置成PureDB/usr/local/pureftpd/etc/pureftpd.pdb
查找 PassivePortRange 取消前面的#号
其他参数根据需要进行修改
3.添加自启动.这里不创建init脚本.直接放在/etc/rc.local启动即可
echo "/usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize" >> /etc/rc.local
至此.所有安装工作结束.
如何使用这套系统
一,做好必要的安全工作
设置用户家目录/home/user,相关配置参数文件,以及访问日志等目录的权限.
chmod 711 /home
chmod 711 /usr/local/pureftpd/etc
chmod 711 /usr/local/apache/conf/vhosts
chmod 711 /usr/local/nginx/conf/vhosts
chmod 711 /usr/local/apache/domlogs
chmod 711 /usr/local/apache/logs
chmod 600 /var/cache/nginx/cached
二,如何创建用户
创建用户分两个步骤.第一步创建系统用户.该命令直接创建用户家目录.第二步创建ftp用户.创建该用户依赖系统用户的创建.步骤如下(以创建用户名为admin为例):
useradd admin -m -s /sbin/nologin
pure-pw useradd admin -u admin -g admin -d /home/admin -m[第一次执行不可用]
pure-pw mkdb[仅限第一次执行]
注意.通过上述方法安装的ftp服务器在第一次创建用户的时候不可以在pure-pw useradd ...后直接添加参数-m更新ftp用户数据库.需要分两步执行.以后可以直接在创建用户时在后面添加参数-m,执行之后会提示让你输入密码.需要重复输入两次.
三.如何绑定域名
由于采用前后端操作.因此需要修改两个服务器软件的虚拟主机参数.实例如下(以admin.com为例,用户目录承接上文的/home/admin):
1.创建nginx虚拟主机参数
首先先把公共cache参数和proxy参数写进文件中
cd /usr/local/nginx/conf
touch cache.inc proxy.inc
然后分别编辑者两个文件。
vi cache.inc
proxy_cache global;
proxy_cache_key $host$uri$is_args$args;
#proxy_cache_valid 200 302 10m;
#proxy_cache_valid 301 1h;
#proxy_cache_valid any 1m;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 56m;
vi proxy.inc
proxy_connect_timeout 30s;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
#proxy_pass http://127.0.0.1:81;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
然后再编辑虚拟主机文件就会很清晰了
cd /usr/local/nginx/conf/vhosts
touch admin.com.conf
vi admin.com.conf
输入以下内容:
1 |
server {<br />error_log /var/log/nginx/vhost-error_log warn;<br />listen 127.0.0.1:80;<br />server_name admin.com www.admin.com;<br />access_log /usr/local/apache/domlogs/admin.com combined;<br />location / {<br />root /home/admin/public_html;<br />proxy_cache_valid 200 301 302 10m;<br />proxy_cache_valid any 1m;<br />expires 1d;<br />proxy_pass http://127.0.0.1:81;<br />include proxy.inc;<br />include cache.inc;<br />}<br />location ~ .*\.(jpg|jpeg|png|gif|bmp|ico|js|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {<br />proxy_cache_valid 200 10s;<br />expires 7d;<br />proxy_pass http://127.0.0.1:81;<br />include proxy.inc;<br />include cache.inc;<br />}<br />location ~ .*\.(php|jsp|cgi)?$ {<br />proxy_pass http://127.0.0.1:81;<br />include proxy.inc;<br />}<br />location ~ /\.ht {<br />deny all;<br />}<br />} |
保存退出,注意将上述出现的127.0.0.1替换本机监听web服务的IP
2.创建apache虚拟主机配置文件
cd /usr/local/apache/conf/vhosts
touch admin.com.conf
vi admin.com.conf
输入以下内容:
1 |
<VirtualHost 127.0.0.1:81><br /> ServerName admin.com<br /> ServerAlias www.admin.com<br /> DocumentRoot /home/admin/public_html<br /> ServerAdmin admin@evlit.com<br /> UseCanonicalName Off<br /> php_admin_value open_basedir "/home/admin:/usr/lib/php:/usr/local/lib/php:/tmp"<br /> <IfModule !mod_disable_suexec.c><br /> SuexecUserGroup admin admin<br /> </IfModule><br /> ScriptAlias /cgi-bin/ /home/admin/public_html/cgi-bin/<br /></VirtualHost> |
保存退出,注意将上述出现的127.0.0.1替换本机监听web服务的IP,用户名admin改为虚拟主机用户的名称.
四.如何管理MySQL数据库
1.下载最新版PhpMyAdmin源码包
mkdir -p /var/www/html
chmod -R 711 /var/www
cd /var/www/html
wget http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.3.3/phpMyAdmin-3.3.3-all-languages.zip/download
unzip phpMyAdmin-3.3.3-all-languages.zip
mv phpMyAdmin-3.3.3-all-languages phpmyadmin
2.增加apache配置,编辑httpd.conf,转到最后一行
cd /usr/local/apache/conf
vi httpd.conf /* shift+g转到最后一行 */
#Managed Tools
<VirtualHost 127.0.0.1:81 *>
ServerName localhost
ServerAlias pma.*
DocumentRoot /var/www/html/phpmyadmin
ServerAdmin admin@localhost
UseCanonicalName Off
</VirtualHost>
同样,修改上述出现的127.0.0.1为你提供web服务的IP.重启apache后.我们打开绑定到服务器IP的pma.yourdomain.com即可访问到phpmyadmin.第一次使用.需要进行配置.具体配置请善用Google.
其他没有照顾到的地方自行添加即可.如perl,sendmail等.
为方便管理员添加用户及绑定域名.我编写了一个脚本.
wget http://icodex.org/vhosts
chmod 755 vhosts
./vhosts