首页 > Linux系统管理 > 针对公司小型vps的配置
2015
08-10

针对公司小型vps的配置

=现有已经装好的环境上=
fdisk -l

fdisk /dev/sda  进入格式化界面
“`
h 查看帮助说明
n add a new partition

出现界面,选择p 然后输入1,后面2步回车选择默认大小
w   write table to disk and exit

“`

这样就分区好了,然后格式化成ext3

mkfs.ext3 /dev/sda1

格式化好了后就开始mount 硬盘,因为当前系统上面都有用户数据的,
所以要先把数据mv走后再mount上来
“`
cd /data/
mv httpd/ /home/
cd ~
mount /dev/sda1 /data/
mv /home/httpd /data/

“`
这样就mount好了,设置成开机启动
“`
vi /etc/rc.local
mount /dev/sda1 /data/httpd/
“`
把mysql的binlog关掉
vi /etc/my.cnf
注释掉这二句就可以了
“`
log-bin=mysql-bin
binlog_format=mixed
“`
重启数据库
“`
/etc/init.d/mysqld restart
“`
nginx log 更改到数据库
“`
/usr/local/nginx/conf/vhosts/example.com.conf
access_log /data/httpd/logs/example.com.log
mkdir /data/httpd/logs
/etc/init.d/nginx reload
“`
同步时间
“`
/usr/sbin/ntpdate pool.ntp.org
“`
加到crontab里面自己同步
“`
* */2 * * *   /usr/sbin/ntpdate pool.ntp.org
“`

=新系统安装底层环境=
装系统的时候必须安装开发工具和开发库

=需要安装的软件=
– Nginx
– PHP
– MySQL
– Zend

=系统设置=
为了能使机器的性能能够充分发挥,在安装软件之前,有必要对系统参数进行修改。

– 内核参数调整

vim /etc/sysctl.conf

“`

net.ipv4.ip_forward = 1
net.ipv4.tcp_keepalive_time =1800
net.ipv4.tcp_keepalive_probes =5
net.ipv4.tcp_keepalive_intvl =15
net.core.rmem_max =16777216
net.core.wmem_max =16777216
net.ipv4.tcp_rmem =4096 87380 16777216
net.ipv4.tcp_wmem =4096 65536 16777216
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save =1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.ip_conntrack_max = 6553600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
net.ipv4.tcp_window_scaling = 1
net.ipv4.ip_local_port_range = 1024    65000
 
```
/sbin/sysctl -p
 
vim /etc/security/limits.conf
 
```
*               soft     nofile          51200
*               hard     nofile          51200
```

– Yum安装包

“`
yum install freetype \
freetype-devel \
libjpeg-devel \
libtool-ltdl \
libtool-ltdl-devel \
libjpeg-devel \
libpng-devel \

“`

– 编译安装包

“`
安装的包:
libmcrypt
mhash
mcrypt
libevent
pcre
“`

下载地址:
ftp://mcrypt.hellug.gr/pub/crypto/mcrypt/libmcrypt/libmcrypt-2.5.3.tar.gz

http://ncu.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz

http://garr.dl.sourceforge.net/project/mhash/mhash/0.8.17/mhash-0.8.17.tar.gz

http://www.monkey.org/~provos/libevent-1.4.9-stable.tar.gz

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.00.tar.bz2

“`
安装编译:
./configure  && make && make install

“`

=Nginx编译安装=

– 版本: 0.7.64

– 下载地址:http://nginx.org/download/nginx-0.7.64.tar.gz

– 编译参数

“`
添加组和用户:

groupadd -g 58 www
useradd -g www -u 58 www

./configure –user=www –group=www –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module –with-pcre=/usr/local/src/pcre
make && make install
mkdir /usr/local/nginx/conf/vhosts  (用于放置配置文件)

注:这里是把pcre解压缩到/usr/local/src,如果解压缩到别的目录,这里需要替换到解压缩的目录

“`
vim /usr/local/nginx/conf/fcgi.conf

“`

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
 
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
 
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
 
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

“`

vim /usr/local/nginx/conf/nginx.conf

“`

user  www www;
worker_processes  10;
error_log  logs/error.log warn;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
pid        logs/nginx.pid;
events {
use epoll;
worker_connections  51200;
}
http{
include  mime.types;
default_type application/octet-stream;
optimize_server_names on;
server_names_hash_bucket_size 128;
keepalive_timeout 300;
client_header_buffer_size    32k;
client_max_body_size         32m;
large_client_header_buffers  4 32k;
client_header_timeout  1m;
client_body_timeout    1m;
send_timeout           120;
connection_pool_size        256;
request_pool_size        4k;
output_buffers   4 32k;
postpone_output  1460;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 64k;
fastcgi_buffers 16 64k;
fastcgi_busy_buffers_size 64k;
fastcgi_temp_file_write_size 64k;
fastcgi_temp_path /dev/shm;
 
error_page  403 500 502 503 504  /500.html;
 
tcp_nodelay on;
 
gzip on;
gzip_min_length  1k;
gzip_buffers     8 32k;
gzip_http_version 1.1;
gzip_types       text/plain application/x-javascript text/css text/html application/xml;
 
access_log  logs/access.log;
 
#[url]xx.com[/url]
include          vhosts/*.conf;
 
server
{
listen  80;
server_name  status.com;
location / {
stub_status on;
access_log   off;
}
}
}

“`

vim /usr/local/nginx/conf/vhosts/example.com.conf

“`

server
{
listen  80;
server_name test.com;
index index.php index.htm index.html;
root  /data/httpd/example.com
 
location ~ .*\.php?$
{
include fcgi.conf;
fastcgi_pass  127.0.0.1:9000;
fastcgi_index index.php;
}
 
access_log  /data/logs/example-access.log;
 
}

“`

vim /etc/init.d/nginx

“`

#!/bin/bash
#***********************************************************
#This is a control script for nginx
#Usage: nginx.sh start|stop|reload|status
#
#chkconfig:345 85 15
#description:Nginx
#
#Author: Jacky Xu ( Jacky.xu@serversupport.cn)
#
#Modify List:
#               [2009-02-17] script finish
#               [2009-04-14] fix reload bugs
#************************************************************
 
NGINX_HOME='/usr/local/nginx'
ERROR_EXT='99'
 
start() {
${NGINX_HOME}/sbin/nginx # >/dev/null 2>&1
stats=$?
echo -n "Start Nginx ...."
if [ $stats -ne 0 ];then
echo " [Failed]"
exit ${ERROR_EXT}
else
echo " [OK]"
exit 0
fi
}
 
stop() {
kill -15 `ps -ef | grep 'nginx:' | grep -v grep | grep master | awk '{print $2}'` >/dev/null 2>&1
stats=$?
echo -n "Stop Nginx ...."
if [ $stats -ne 0 ];then
echo " [Failed]"
exit ${ERROR_EXT}
else
echo " [OK]"
exit 0
fi
}
 
status() {
echo "Process of Nginx"
ps -ef | grep 'nginx:' | grep -v grep
exit 0
}
 
reload() {
$NGINX_HOME/sbin/nginx -t
stats=$?
echo -n "Check Nginx Configure ...."
if [ $stats -ne 0 ];then
echo " [Failed]"
exit ${ERROR_EXT}
else
echo " [OK]"
fi
unset stats
kill -HUP `ps -ef | grep 'nginx:' | grep -v grep | grep master | awk '{print $2}'`  >/dev/null 2>&1
stats=$?
echo -n "Reload Nginx ...."
if [ $stats -ne 0 ];then
echo " [Failed]"
exit ${ERROR_EXT}
else
echo " [OK]"
fi
 
}
 
case "$1" in
"start")
start
;;
 
"stop")
stop
;;
 
"status")
status
;;
 
"status")
status
;;
 
"reload")
reload
;;
 
*)
echo "Usage : `basename $0` { start | stop | status | reload }"
exit 0
;;
esac

“`

– 启动Nginx

“`
/etc/init.d/nginx  start

“`

=数据库(MySQL)安装=

– 编译参数:

“`

./configure --prefix=/usr/local/mysql --without-debug --with-client-ldflags=-all-static --with-mysqld-ldflags=-all-static --enable-a
ssembler --with-extra-charsets=gbk,gb2312,utf8 --with-pthread --enable-thread-safe-client
 
make -j4
make install
 
groupadd mysql
useradd -g mysql -s /sbin/nologin mysql
 
cd /usr/local/mysql
cp share/mysql/my-medium.cnf /etc/my.cnf
 
/bin/sed -i "s/skip-federated/\#skip-federated/g" /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql --datadir=/data/mysql/  --defaults-file=/etc/my.cnf --basedir=/usr/local/mysql --pid-file=/usr/local/mysql/mysql.pid --skip-locking --port=3306 --socket=/tmp/mysql.sock(指定数据放到数据库盘上面)

启动mysql
/usr/local/mysql/bin/mysqld_safe –defaults-file=/etc/my.cnf &

“`
如果用启动脚本
-mysql 启动脚本

“`

basedir=
datadir=/data/mysql
pid_file=
if test -z "$basedir"
then
basedir=/usr/local/mysql
bindir=/usr/local/mysql/bin
else
bindir="$basedir/bin"
fi
lsb_functions="/lib/lsb/init-functions"
if test -f $lsb_functions ; then
source $lsb_functions
else
log_success_msg()
{
echo " SUCCESS! $@"
}
log_failure_msg()
{
echo " ERROR! $@"
}
fi
PATH=/sbin:/usr/sbin:/bin:/usr/bin:$basedir/bin
export PATH
mode=$1    # start or stop
case `echo "testing\c"`,`echo -n testing` in
*c*,-n*) echo_n=   echo_c=     ;;
*c*,*)   echo_n=-n echo_c=     ;;
*)       echo_n=   echo_c='\c' ;;
esac
parse_arguments() {
for arg do
case "$arg" in
--basedir=*)  basedir=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
--datadir=*)  datadir=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
--pid-file=*) pid_file=`echo "$arg" | sed -e 's/^[^=]*=//'` ;;
esac
done
}
wait_for_pid () {
i=0
while test $i -lt 35 ; do
sleep 1
case "$1" in
'created')
test -s $pid_file && i='' && break
;;
'removed')
test ! -s $pid_file && i='' && break
;;
*)
echo "wait_for_pid () usage: wait_for_pid created|removed"
exit 1
;;
esac
echo $echo_n ".$echo_c"
i=`expr $i + 1`
done
if test -z "$i" ; then
log_success_msg
else
log_failure_msg
fi
}
if test -x ./bin/my_print_defaults
then
print_defaults="./bin/my_print_defaults"
elif test -x $bindir/my_print_defaults
then
print_defaults="$bindir/my_print_defaults"
elif test -x $bindir/mysql_print_defaults
then
print_defaults="$bindir/mysql_print_defaults"
else
# Try to find basedir in /etc/my.cnf
conf=/etc/my.cnf
print_defaults=
if test -r $conf
then
subpat='^[^=]*basedir[^=]*=\(.*\)$'
dirs=`sed -e "/$subpat/!d" -e 's//\1/' $conf`
for d in $dirs
do
d=`echo $d | sed -e 's/[  ]//g'`
if test -x "$d/bin/my_print_defaults"
then
print_defaults="$d/bin/my_print_defaults"
break
fi
if test -x "$d/bin/mysql_print_defaults"
then
print_defaults="$d/bin/mysql_print_defaults"
break
fi
done
fi
# Hope it's in the PATH ... but I doubt it
test -z "$print_defaults" && print_defaults="my_print_defaults"
fi
parse_arguments `$print_defaults $extra_args mysqld server mysql_server mysql.server`
if test -z "$pid_file"
then
pid_file=$datadir/`/bin/hostname`.pid
else
case "$pid_file" in
/* ) ;;
* )  pid_file="$datadir/$pid_file" ;;
esac
fi
cd $basedir
case "$mode" in
'start')
# Start daemon
if test -x $bindir/mysqld_safe
then
# Give extra arguments to mysqld with the my.cnf file. This script may
# be overwritten at next upgrade.
echo $echo_n "Starting MySQL"
$bindir/mysqld_safe --defaults-file=/etc/my.cnf --datadir=$datadir --pid-file=$pid_file >/dev/null 2>&1 &
wait_for_pid created
 
# Make lock for RedHat / SuSE
if test -w /var/lock/subsys
then
touch /var/lock/subsys/mysql
fi
else
log_failure_msg "Can't execute $bindir/mysqld_safe"
fi
;;
'stop')
# Stop daemon. We use a signal here to avoid having to know the
# root password.
if test -s "$pid_file"
then
mysqld_pid=`cat $pid_file`
echo $echo_n "Shutting down MySQL"
kill $mysqld_pid
# mysqld should remove the pid_file when it exits, so wait for it.
wait_for_pid removed
# delete lock for RedHat / SuSE
if test -f /var/lock/subsys/mysql
then
rm -f /var/lock/subsys/mysql
fi
else
log_failure_msg "MySQL PID file could not be found!"
fi
;;
'restart')
# Stop the service and regardless of whether it was
# running or not, start it again.
$0 stop
$0 start
;;
'reload')
if test -s "$pid_file" ; then
mysqld_pid=`cat $pid_file`
kill -HUP $mysqld_pid && log_success_msg "Reloading service MySQL"
touch $pid_file
else
log_failure_msg "MySQL PID file could not be found!"
fi
;;
*)
# usage
echo "Usage: $0 start|stop|restart|reload"
exit 1
;;
esac
 
```
 
chmod +x /etc/init.d/mysqld
 
/etc/init.d/mysqld start

=编译安装php=
– 编译参数:

“`
放源码包的目录

tar xvf php-5.2.8.tar.gz
gzip -cd php-5.2.8-fpm-0.5.10.diff.gz | patch -d php-5.2.8 -p1
 
./configure --prefix=/usr/local/php5 --with-config-file-path=/usr/local/php5/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/lo
cal/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-
dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --ena
ble-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect -
-enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-l
dap --with-ldap-sasl
make ZEND_EXTRA_LIBS='-liconv' -j4
make install
/bin/cp php.ini-dist /usr/local/php5/etc/php.ini

“`
– fpm配置文件

vim /usr/local/php5/etc/php-fpm.conf

“`

<?xml version="1.0" ?>
<configuration>
 
All relative paths in this config are relative to php's install prefix
 
<section name="global_options">
 
Pid file
<value name="pid_file">/usr/local/php5/logs/php-fpm.pid</value>
 
Error log file
<value name="error_log">/usr/local/php5/logs/php-fpm.log</value>
 
Log level
<value name="log_level">notice</value>
 
When this amount of php processes exited with SIGSEGV or SIGBUS ...
<value name="emergency_restart_threshold">10</value>
 
... in a less than this interval of time, a graceful restart will be initiated.
Useful to work around accidental curruptions in accelerator's shared memory.
<value name="emergency_restart_interval">1m</value>
 
Time limit on waiting child's reaction on signals from master
<value name="process_control_timeout">5s</value>
 
Set to 'no' to debug fpm
<value name="daemonize">yes</value>
 
</section>
 
<workers>
 
<section name="pool">
 
Name of pool. Used in logs and stats.
<value name="name">default</value>
Address to accept fastcgi requests on.
Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'
<value name="listen_address">127.0.0.1:9000</value>
 
<value name="listen_options">
 
Set listen(2) backlog
<value name="backlog">-1</value>
 
Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.
<value name="owner"></value>
<value name="group"></value>
<value name="mode">0666</value>
</value>
 
Additional php.ini defines, specific to this pool of workers.
<value name="php_defines">
<value name="sendmail_path">/usr/sbin/sendmail -t -i</value>
<value name="display_errors">1</value>
</value>
 
Unix user of processes
<value name="user">www</value>
 
Unix group of processes
<value name="group">www</value>
 
Process manager settings
<value name="pm">
 
Sets style of controling worker process count.
Valid values are 'static' and 'apache-like'
<value name="style">static</value>
 
Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
 
Used with any pm_style.
<value name="max_children">128</value>
 
Settings group for 'apache-like' pm style
<value name="apache_like">
 
Sets the number of server processes created on startup.
Used only when 'apache-like' pm_style is selected
<value name="StartServers">20</value>
 
Sets the desired minimum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MinSpareServers">5</value>
 
Sets the desired maximum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MaxSpareServers">35</value>
 
</value>
 
</value>
 
The timeout (in seconds) for serving a single request after which the worker process will be terminated
Should be used when 'max_execution_time' ini option does not stop script execution for some reason
'0s' means 'off'
<value name="request_terminate_timeout">0s</value>
 
The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file
'0s' means 'off'
<value name="request_slowlog_timeout">0s</value>
 
The log file for slow requests
<value name="slowlog">logs/slow.log</value>
 
Set open file desc rlimit
<value name="rlimit_files">51200</value>
 
Set max core size rlimit
<value name="rlimit_core">0</value>
 
Chroot to this directory at the start, absolute path
<value name="chroot"></value>
 
Chdir to this directory at the start, absolute path
<value name="chdir"></value>
 
Redirect workers' stdout and stderr into main error log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
<value name="catch_workers_output">yes</value>
 
How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
<value name="max_requests">500</value>
 
Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
<value name="allowed_clients">127.0.0.1</value>
 
Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment
<value name="environment">
<value name="HOSTNAME">$HOSTNAME</value>
<value name="PATH">/usr/local/bin:/usr/bin:/bin</value>
<value name="TMP">/tmp</value>
<value name="TMPDIR">/tmp</value>
<value name="TEMP">/tmp</value>
<value name="OSTYPE">$OSTYPE</value>
<value name="MACHTYPE">$MACHTYPE</value>
<value name="MALLOC_CHECK_">2</value>
</value>
 
</section>
 
</workers>
</configuration>

“`

– 启动php

“`
/usr/local/php5/sbin/php-fpm start

“`

=Zend的安装=

wget http://zabbix.shopex.cn/Zend3.zip

– 安装步骤

cd /usr/local

unzip 源码包位置/Zend3.zip

vim Zend3/etc/php.ini  把最底部这段复制到 /usr/local/php5/etc/php.ini 底部

“`

[Zend]
zend_extension_manager.optimizer=/usr/local/Zend.3/lib/Optimizer-3.3.3
zend_extension_manager.optimizer_ts=/usr/local/Zend.3/lib/Optimizer_TS-3.3.3
zend_optimizer.version=3.3.3
zend_extension=/usr/local/Zend.3/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend.3/lib/ZendExtensionManager_TS.so

“`

最后编辑:
作者:saunix
大型互联网公司linux系统运维攻城狮,专门担当消防员

留下一个回复