Mingshi » 网站技术

CentOS快速安装lamp和ftp

Stanley — Mon, 27 Dec 2010 03:26:22 +0000

1、Apache
yum update yum install httpd

cp /etc/httpd/conf/httpd.conf ~/httpd.conf.backup

vi /etc/httpd/conf.d/vhost.conf

NameVirtualHost serverIP :80

ServerAdmin domain@domain.com ServerName domain.com ServerAlias www.domain.com DocumentRoot /var/www/domain.com/public_html/ ErrorLog /var/www/domain.com/logs/error.log CustomLog /var/www/domain.com/logs/access.log combined

IP直接访问

ServerName serverIP DocumentRoot /var/www/html/ mkdir -p /var/www/domain.com/public_html mkdir -p /var/www/domain.com/logs

/etc/init.d/httpd start

/etc/init.d/httpd reload

/sbin/chkconfig –levels 235 httpd on

2、 MySQL

yum install mysql-server /sbin/chkconfig –levels 235 mysqld on

/etc/init.d/mysqld start /etc/init.d/mysqld reload

mysql_secure_installation mysql -u root -p create database dbsample; grant all on dbsample.* to ‘dbuser’ identified by ’dbpassword’; quit

3、PHP

yum install php php-pear php-mysql

vi /etc/php.ini

error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR display_errors = Off log_errors = On error_log = /var/log/php.log max_execution_time = 300 memory_limit = 64M register_globals = Off

4、FTP

yum -y install vsftpd

service vsftpd start

chkconfig –level 35 vsftpd on

netstat -tl

禁止匿名用户 vi /etc/vsftpd/vsftpd.conf anonymous_enable=NO

设定 ftp 目录 chgrp -R ftp /var/www chmod -R 777 /var/www

增加 ftp 用户 adduser –d /var/www –g ftp –s /sbin/nologin usersample passwd usersample

service vsftpd restart

全部搞定。

Cento安装L2TP/IPSec VPN

Stanley — Sat, 15 May 2010 18:10:32 +0000

yum install -y ppp gmp xl2tpd lsof

32位

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

wget http://openswan.org/download/binaries/centos/5/without-nss/openswan-2.6.24rc5-1.i386.rpm

rpm -ivh openswan-2.6.24rc5-1.i386.rpm

64位 rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm

wget http://openswan.org/download/binaries/centos/5/without-nss/openswan-2.6.24rc5-1.x86_64.rpm


rpm -ivh openswan-2.6.24rc5-1.x86_64.rpm
vi /etc/sysctl.conf
修改
net.ipv4.ip_forward = 1
添加
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0
sysctl -p
service ipsec start

ipsec verify查看
除了最后一个，其他均需要OK
Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path [OK]

Linux Openswan U2.6.24rc5/K2.6.18-164.11.1.el5xen (netkey)

Checking for IPsec support in kernel [OK]

Testing against enforced SElinux mode [OK]

NETKEY detected, testing for disabled ICMP send_redirects [OK]

NETKEY detected, testing for disabled ICMP accept_redirects [OK]

Checking for RSA private key (/etc/ipsec.secrets) [OK]

Checking that pluto is running [OK]

Pluto listening for IKE on udp 500 [OK]

Pluto listening for NAT-T on udp 4500 [OK]

Two or more interfaces found, checking IP forwarding [OK]

Checking NAT and MASQUERADEing

Checking for ‘ip’ command [OK]

Checking for ‘iptables’ command [OK]

Opportunistic Encryption Support [DISABLED]
vi /etc/ipsec.conf
version 2.0

config setup

nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

oe=off

protostack=netkey
conn L2TP-PSK-NAT

rightsubnet=vhost:%priv

also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT

authby=secret

pfs=no

auto=add

keyingtries=3

rekey=no

type=transport

left=YOUR.SERVER.IP.ADDRESS

leftprotoport=17/1701

right=%any

rightprotoport=17/%any
vi /etc/ipsec.secrets
YOUR.SERVER.IP.ADDRESS  %any: PSK "YourSharedSecret"
service ipsec restart
vi /etc/xl2tpd/xl2tpd.conf
[global]

listen-addr = YOUR.SERVER.IP.ADDRESS

ipsec saref = yes
[lns default]

ip range = 192.168.8.2-192.168.8.101

local ip = 192.168.8.1

;require chap = yes

refuse pap = yes

refuse chap = yes

require authentication = yes

name = l2tpd

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes
vi /etc/ppp/options.xl2tpd
require-mschap-v2

ms-dns 8.8.8.8

ms-dns 8.8.4.4

asyncmap 0

auth

crtscts

lock

hide-password

modem

debug

name l2tpd

proxyarp
vi /etc/ppp/chap-secrets

test * test *
service xl2tpd start

（xl2tpd -D 查错）
service iptables start
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart
chkconfig --list

chkconfig ipsec on

chkconfig xl2tpd on
iptables -I RH-Firewall-1-INPUT 10   -p udp -m udp --dport 1701 -j ACCEPT

iptables -I RH-Firewall-1-INPUT 10   -p udp -m udp --dport 4500 -j ACCEPT

iptables -I RH-Firewall-1-INPUT 10   -p udp -m udp --dport 500 -j ACCEPT
OK!
其他的一些参考配置
1、修改/etc/xl2tpd/xl2tpd.conf，内容如下：

mkdir /etc/xl2tpd
cp examples/xl2tpd.conf  /etc/xl2tpd/
vi /etc/xl2tpd/xl2tpd.conf

[global]

listen-addr = 192.168.1.67

port=1701

auth file=/etc/ppp/chap-secrets    #// 有l2tp-secret     auth file = /etc/xl2tpd/l2tp-secrets

[lns default]

ip range = 192.168.9.128-192.168.9.254

local ip = 192.168.9.99

require chap = yes

refuse pap = yes

require authentication = yes

name = LinuxVPNserver

ppp debug = yes

pppoptfile = /etc/ppp/options.xl2tpd

length bit = yes
2、修改/etc/ppp/options.xl2tpd，内容如下：
cp examples/ppp-options.xl2tpd  /etc/ppp/options.xl2tpd
vi /etc/ppp/options.xl2tpd

ipcp-accept-local

ipcp-accept-remote

ms-dns  192.168.1.1

ms-dns  192.168.1.3

ms-wins 192.168.1.2

ms-wins 192.168.1.4

noccp

auth

crtscts

idle 1800

mtu 1410

mru 1410

nodefaultroute

debug

lock

proxyarp

connect-delay 5000

给服务器添加了ssl

Stanley — Mon, 10 May 2010 03:55:38 +0000

看图

Centos yum 安装nginx+php+mysql

Stanley — Fri, 07 May 2010 11:15:11 +0000

yum -y install yum-fastestmirror
yum -y update
yum -y install patch make gcc gcc-c++ gcc-g77 flex bison
yum -y install libtool libtool-libs kernel-devel autoconf
yum -y install libjpeg libjpeg-devel libpng libpng-devel
yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel
yum -y install glib2 glib2-devel bzip2 diff*
yum -y install bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs
yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel
yum -y install openssl openssl-devel vim-minimal

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

64位替换i386为x86_64

yum -y install mysql mysql-server mysql-devel

yum -y install php php-mysql php-cgi php-mbstring php-gd php-fastcgi php-pear php-pear-DB php-fpm php-cli php-pdo php-mcrypt php-tidy php-xml php-xmlrpc php-pecl-memcache php-eaccelerator

yum -y install nginx

所有的配置文件都在 /etc 目录

chkconfig mysqld on
chkconfig php-fpm on
chkconfig nginx on

service mysqld start
mysqladmin -u root password rootpassword

创建www用户和组,以及主机需要的目录,日志目录

groupadd www useradd -g www www mkdir -p /home/www chmod +w /home/www mkdir -p /home/www/logs chmod 777 /home/www/logs chown -R www:www /home/www

vi /etc/nginx/nginx.conf

user www www;

worker_processes 2; #这里根据你的CPU和内存配置, 设置2到10都OK

error_log /home/www/logs/nginx_error.log crit;


pid        /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.

worker_rlimit_nofile 51200;
events {

use epoll;

worker_connections 51200;

}
http {

include       mime.types;

default_type  application/octet-stream;
#charse  gb2312; # 默认编码，可以不设置
server_names_hash_bucket_size 128;

client_header_buffer_size 16k;

large_client_header_buffers 4 16k;

client_max_body_size 8m;
sendfile on;

tcp_nopush     on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;
gzip on;

gzip_min_length  1k;

gzip_buffers     4 16k;

gzip_http_version 1.0;

gzip_comp_level 5;

gzip_types       text/plain text/javascript application/x-javascript text/css application/xml;

gzip_vary on;
#limit_zone  crawler  $binary_remote_addr  10m;

server {

listen 80;

server_name localhost;

root  /home/www;

location /status {

stub_status on;

access_log  off;

}

location / {

# 这里是把所有不存在的文件和目录，全都转到 index.php 处理

try_files $uri $uri/ /index.php?q=$uri&$args;

}
# 这里分开放到 server.conf 是为了再开 server 的时候方便，统一调用，放到/etc/nginx/ 目录下

include server.conf;
log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" $http_x_forwarded_for';

access_log  /home/www/logs/access.log  access;

}

server { listen 80; server_name yourdomain.com; root /home/www/yourdomain; if ($host !~* yourdomain\.com$) { return 444; } location / { try_files $uri $uri/ /index.php?q=$uri&$args; } include server.conf; # 这里复用了，这段就省了 access_log /home/www/logs/yourdomain.com_access.log access; } }

vi /etc/nginx/server.conf
index index.html index.htm index.php;

#limit_conn crawler 20;

location ~ /\.ht { deny all; }


location ~ .*\.(sqlite|sq3)$ {

deny all;

}
location ~ .*\.php$ {

fastcgi_pass  unix:/tmp/php-cgi.sock;

#fastcgi_pass  127.0.0.1:9000;

fastcgi_index index.php;

include fcgi.conf;

}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ {

expires      30d;

access_log   off;

}

location ~ .*\.(js|css)?$ { expires 30d; access_log off; }

service php-fpm start
service nginx start

OK!

nginx测试
/usr/local/nginx/sbin/nginx -t
nginx平滑重启命令
/usr/local/nginx/sbin/nginx -s reload

建立只使用ssh“转发”功能的系统账户

Stanley — Sat, 01 May 2010 07:05:30 +0000

为了满足“翻墙”的需要，在国外的Linux主机上（比如 DreamHost ）上建个可 ssh登录的用户，使用 ssh 的 Tunnel 来作代理是十分常见的方法。
但是主人往往又想最小化用户权限，以避免对系统造成影响。最简单的办法就是，禁止用户登录。
其实 ssh 可以连接到 sshd 但是不执行远程命令（默认是启动用户设定的 shell ），使用 -N 参数即可。
在服务器上建一个 username ：
添加用户：useradd -s /bin/false username，将用户的shell设置成/bin/false。这样用户就无法与系统进行交互。
设置密码：passwd username

小技巧：
也可以使用 /usr/bin/passwd 作为用户的 shell ，这样用户就可以通过登录而来自主修改密码。需要注意的是，需要将 /usr/bin/passwd 这一行写进 /etc/shells文件。
sshd 认证通后之后，会检查设定的 shell 是否登记在 /etc/shells 文件中，若已经登记，则fork自己，然后fork出来的子进程再exec 设定的 shell 。而 ssh 的 -N 参数，则是告诉 sshd 不需要执行 shell。

建立Tunnel：

ssh -D 1080 -qfnN username@hostname

输入密码即可使用（也可以用key认证）。

Windows的话，可以使用plink.exe或者MyEnTunnel（MyEnTunnel 本质上也是使用plink.exe来建立Tunnel）。

此时账号username 可以通过sshd的认证使用 TcpForwarding ，但是不能运行 shell，不能与系统交互。刚好可以用来为朋友提供国外的代理翻墙。

参数详解：
-D 1080 建立动态Tunnel，监听在本地1080端口。
-q 安静模式。
-f ssh在后台运行，即认证之后，ssh退居后台。
-n 将 stdio 重定向到 /dev/null，与-f配合使用。
-N 不运行远程程序。即通知 sshd 不运行设定的 shell。

zt from http://www.bsdmap.com/2010/02/22/create-tunnel-user/

成功安装vpn的全自动管理网站pptpd+nginx+php+mysql+freeradius+daloradius

Stanley — Wed, 28 Apr 2010 17:58:47 +0000

忙了好几个晚上，参考了很多教程，我终于把pptpd+ngnix+mysql+freeradius+daloradius整合成功了。
现在可以通过web全自动管理vpn了。

nginx主机配置ssl

Stanley — Fri, 16 Apr 2010 14:20:53 +0000

1、可以通过浏览器认证的ssl证书
openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key

在当前目录下会发现server.csr server.key两个文件。

然后提供这两个文件，购买或者向startssl申请免费server.crt证书。

三个文件放在指定目录，如/root下

nginx配置文件例子如下：

server
{
listen 443;
server_name mydomain.com;
index index.html index.htm index.php;
root /web/www/test;
ssl on;
ssl_certificate /root/server.crt;
ssl_certificate_key /root/server.key;
}

重新启动nginx

/usr/local/nginx/sbin/nginx -t
kill -HUP `cat /usr/local/nginx/nginx.pid`

startssl的证书需要添加根证书才可以被firefox信任，需要在配置conf文件前，添加根证书信息到server.crt

wget http://www.startssl.com/certs/ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
cat ca.pem sub.class1.server.ca.pem >> server.crt

2、自制证书

openssl genrsa -out server.key 2048
openssl req -new -x509 -key privkey.key -out server.crt -days 1095

nginx的配置同上。

3、强制使用https访问的nginx的conf配置

server
{
listen 443;
listen 80;
server_name servername;
index index.html index.htm index.php;
root /web/test;
ssl on;
ssl_certificate /root/server.crt;
ssl_certificate_key /root/server.key;
error_page 497 “https://$host$uri?$args”;
}

或者
error_page 497 “https://$host$uri$is_args$args”;

WordPress mu在nginx里的rewrite规则

Stanley — Fri, 16 Apr 2010 03:16:20 +0000

1、域名泛解析；
2、nginx conf里rewrite规则


rewrite ^.*/files/(.*) /wp-content/blogs.php?file=$1;

rewrite ^/.*(/wp-content/themes/.*\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js))$ $1 last;

if (!-e $request_filename) {

rewrite ^.+?(/wp-.*) $1 last;

rewrite ^.+?(/.*\.php)$ $1 last;

rewrite ^ /index.php last;

}

xen vps centos安装pptpd vpn

Stanley — Sun, 28 Mar 2010 12:50:03 +0000

1.安装ppp iptables服务
yum install -y ppp iptables

2.下载pptpd最新版本的rpm包
32位
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-1.rhel5.1.i386.rpm
64位
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-1.rhel5.1.x86_64.rpm

3.安装下载好的rpm包
32位
rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm
64位
rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm

4.设置pptpd解析用的dns
vi /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 8.8.4.4

5.设置拨号时候用的：用户名、拨号方式、用户密码、来源ip地址（用户名和密码可以随便设置，拨号方式只能填pptpd，来源ip用*号代表不限制）
vi /etc/ppp/chap-secrets
vpnuser pptpd vpnpassword *

6.设置本地ip和远端ip
vi /etc/pptpd.conf
localip 192.168.8.1
remoteip 192.168.8.2-30

7.设置ip转发状态为生效，然后立即载入（和第9步的NAT转发有关）
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

8.启动pptpd服务，并且设置为开机启动
/sbin/service pptpd start
chkconfig pptpd on

9.启动iptables规则，设置NAT转发，然后保存（iptables本身就是开机启动的，不需要再用chkconfig iptables on了）
/sbin/service iptables start
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.8.0/24 -j MASQUERADE
service iptables save

10.在windows下本地连接里建立vpn拨号，输入用户名和密码，就连接上了。

Tips:

多ip服务器转发指定规则
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -j SNAT --to-source 192.168.8.1

or
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -j SNAT --to-source 服务器外网ip

如果iphone之类的设备能连上，访问网页或者youtube特别慢，需要做如下修改：

vi /etc/ppp/ip-up

增加一行

/sbin/ifconfig $1 mtu 1400

或者修改iptables规则

iptables -A FORWARD -p tcp --syn -s 192.168.8.0/24 -j TCPMSS --set-mss 1356

1356的值可能需要自己调整，调节到能保证网络正常使用情况下的最大值。

centos 安装Nginx+PHP+Mysql vps适用

Stanley — Sun, 21 Mar 2010 05:18:46 +0000

1,升级系统和安装相关的程序库

yum -y install yum-fastestmirror yum -y update yum -y install patch make gcc gcc-c++ gcc-g77 flex bison yum -y install libtool libtool-libs kernel-devel autoconf yum -y install libjpeg libjpeg-devel libpng libpng-devel yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel yum -y install glib2 glib2-devel bzip2 diff* yum -y install bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel yum -y install openssl openssl-devel vim-minimal yum -y install fonts-chinese scim-chewing scim-pinyin scim-tables-chinese

2,下载相关程序源码包
wget http://catlnmp.googlecode.com/files/libiconv-1.13.1.tar.gz wget http://catlnmp.googlecode.com/files/libmcrypt-2.5.8.tar.gz wget http://catlnmp.googlecode.com/files/mhash-0.9.9.9.tar.gz wget http://catlnmp.googlecode.com/files/mcrypt-2.6.8.tar.gz wget http://catlnmp.googlecode.com/files/mysql-5.1.44.tar.gz wget http://php-fpm.org/downloads/php-5.2.13-fpm-0.5.13.diff.gz wget http://www.sfr-fresh.com/unix/www/php-5.2.13.tar.gz wget http://catlnmp.googlecode.com/files/memcache-2.2.5.tgz wget http://catlnmp.googlecode.com/files/PDO_MYSQL-1.0.2.tgz wget http://catlnmp.googlecode.com/files/eaccelerator-0.9.6.tar.bz2 wget http://catlnmp.googlecode.com/files/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz wget http://catlnmp.googlecode.com/files/ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz wget http://catlnmp.googlecode.com/files/pcre-8.01.tar.gz wget http://catlnmp.googlecode.com/files/nginx-0.7.65.tar.gz wget http://catlnmp.googlecode.com/files/phpMyAdmin-3.2.4-all-languages.tar.gz wget http://catlnmp.googlecode.com/files/index.php

3,开始安装,先安装PHP需要的库程序
tar zxvf libiconv-1.13.1.tar.gz cd libiconv-1.13.1/ ./configure --prefix=/usr/local make make install cd ../


tar zxvf libmcrypt-2.5.8.tar.gz

cd libmcrypt-2.5.8/

./configure

make

make install

/sbin/ldconfig

cd libltdl/

./configure --enable-ltdl-install

make

make install

cd ../../
tar zxvf mhash-0.9.9.9.tar.gz

cd mhash-0.9.9.9/

./configure

make

make install

cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la

ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so

ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4

ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8

ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a

ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la

ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so

ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2

ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config

tar zxvf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8/ ./configure make make install cd ../

4,安装mysql
tar -zxvf mysql-5.1.44.tar.gz cd mysql-5.1.44 ./configure --prefix=/usr/local/mysql --enable-assembler --with-charset=utf8 --with-extra-charsets=all --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --without-debug --with-mysqld-ldflags=-ltcmalloc_minimal --enable-thread-safe-client --enable-server make && make install cd ../
创建MySQL数据库,用默认的配置my.cnf
groupadd mysql useradd -g mysql mysql cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf /usr/local/mysql/bin/mysql_install_db --user=mysql chown -R mysql /usr/local/mysql/var chgrp -R mysql /usr/local/mysql/.
添加Mysql启动服务,并且设置root密码
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql chmod 755 /etc/init.d/mysql chkconfig --level 345 mysql on echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf echo "/usr/local/lib" >>/etc/ld.so.conf ldconfig ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql ln -s /usr/local/mysql/include/mysql /usr/include/mysql service mysql start /usr/local/mysql/bin/mysqladmin -u root password rootpass //rootpass改为你需要的密码 service mysql restart service mysql stop

5,安装PHP（FastCGI模式）
tar zxvf php-5.2.13.tar.gz gzip -cd php-5.2.13-fpm-0.5.13.diff.gz | patch -d php-5.2.13 -p1 cd php-5.2.13/ ./buildconf --force ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-ftp --with-openssl --with-pear=/usr/local/php/pear --disable-debug make ZEND_EXTRA_LIBS='-liconv' make install cp php.ini-dist /usr/local/php/etc/php.ini cd ../

6,安装PHP扩展模块
php守护神（可不装） wget -c http://catlnmp.googlecode.com/files/suhosin-0.9.29.tgz tar zxvf suhosin-0.9.29.tgz cd suhosin-0.9.29/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../


tar zxvf memcache-2.2.5.tgz

cd memcache-2.2.5/

/usr/local/php/bin/phpize

./configure --with-php-config=/usr/local/php/bin/php-config

make

make install

cd ../
tar zxvf PDO_MYSQL-1.0.2.tgz

cd PDO_MYSQL-1.0.2/

/usr/local/php/bin/phpize

./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql

make

make install

cd ../

tar jxvf eaccelerator-0.9.6.tar.bz2 cd eaccelerator-0.9.6/ /usr/local/php/bin/phpize ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config make make install cd ../

安装Zend Optimizer,32位系统版本
tar zxvf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz mkdir -p /usr/local/zend/ cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/zend/
如果是64位系统,则
tar zxvf ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz mkdir -p /usr/local/zend/ cp ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /usr/local/zend/

配置php.ini
cat >>/usr/local/php/etc/php.ini< [Zend Optimizer] zend_optimizer.optimization_level=1 zend_extension="/usr/local/zend/ZendOptimizer.so" EOF
7,修改php.ini文件
手工修改：查找/usr/local/php/etc/php.ini中的extension_dir = "./"
修改为extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
并在此行后增加以下几行，然后保存：
extension = "memcache.so"
extension = "pdo_mysql.so"

再查找 output_buffering = Off
修改为output_buffering = On

自动修改:可执行以下shell命令,自动完成对php.ini文件的修改:
sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\n#' /usr/local/php/etc/php.ini sed -i 's#output_buffering = Off#output_buffering = On#' /usr/local/php/etc/php.ini

8,配置eAccelerator加速PHP:
创建缓存目录
mkdir -p /usr/local/eaccelerator_cache
配置php.ini
cat >>/usr/local/php/etc/php.ini< [eaccelerator] zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so" eaccelerator.shm_size="1" eaccelerator.cache_dir="/usr/local/eaccelerator_cache" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="3600" eaccelerator.shm_prune_period="3600" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9" eaccelerator.keys = "disk_only" eaccelerator.sessions = "disk_only" eaccelerator.content = "disk_only" EOF

9,创建www用户和组,以及主机需要的目录,日志目录
groupadd www useradd -g www www mkdir -p /home/www chmod +w /home/www mkdir -p /home/www/logs chmod 777 /home/www/logs chown -R www:www /home/www

10,创建php-fpm配置文件
rm -f /usr/local/php/etc/php-fpm.conf vi /usr/local/php/etc/php-fpm.conf
输入以下内容,我设置开的进程是5个.需要更改进程数,可以修改5
< ?xml version="1.0" ?> All relative paths in this config are relative to php's install prefix



		Pid file

		/usr/local/php/logs/php-fpm.pid

		Error log file

		/home/www/logs/php-fpm.log

		Log level

		notice

		When this amount of php processes exited with SIGSEGV or SIGBUS ...

		10

		... in a less than this interval of time, a graceful restart will be initiated.

		Useful to work around accidental curruptions in accelerator's shared memory.

		1m

		Time limit on waiting child's reaction on signals from master

		5s

		Set to 'no' to debug fpm

		yes

	
	

			Name of pool. Used in logs and stats.

			default

			Address to accept fastcgi requests on.

			Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'

			127.0.0.1:9000

			

				Set listen(2) backlog

				-1

				Set permissions for unix socket, if one used.

				In Linux read/write permissions must be set in order to allow connections from web server.

				Many BSD-derrived systems allow connections regardless of permissions.

				www

				www

				0666
			Additional php.ini defines, specific to this pool of workers.

			

		

		
			Unix user of processes

		www

			Unix group of processes

		www

			Process manager settings

			

				Sets style of controling worker process count.

				Valid values are 'static' and 'apache-like'

				static

				Sets the limit on the number of simultaneous requests that will be served.

				Equivalent to Apache MaxClients directive.

				Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi

				Used with any pm_style.

				5

				Settings group for 'apache-like' pm style

				

					Sets the number of server processes created on startup.

					Used only when 'apache-like' pm_style is selected

					20

					Sets the desired minimum number of idle server processes.

					Used only when 'apache-like' pm_style is selected

					5

					Sets the desired maximum number of idle server processes.

					Used only when 'apache-like' pm_style is selected

					35
			The timeout (in seconds) for serving a single request after which the worker process will be terminated

			Should be used when 'max_execution_time' ini option does not stop script execution for some reason

			'0s' means 'off'

			0s

			The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file

			'0s' means 'off'

			0s

			The log file for slow requests

			logs/slow.log

			Set open file desc rlimit

			65535

			Set max core size rlimit

			0

			Chroot to this directory at the start, absolute path

			

			Chdir to this directory at the start, absolute path

			

			Redirect workers' stdout and stderr into main error log.

			If not set, they will be redirected to /dev/null, according to FastCGI specs

			yes

			How much requests each process should execute before respawn.

			Useful to work around memory leaks in 3rd party libraries.

			For endless request processing please specify 0

			Equivalent to PHP_FCGI_MAX_REQUESTS

			102400

			Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.

			Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)

			Makes sense only with AF_INET listening socket.

			127.0.0.1

			Pass environment variables like LD_LIBRARY_PATH

			All $VARIABLEs are taken from current environment

			

				$HOSTNAME

				/usr/local/bin:/usr/bin:/bin

				/tmp

				/tmp

				/tmp

				$OSTYPE

				$MACHTYPE

				2

12,安装Nginx
tar zxvf pcre-8.01.tar.gz cd pcre-8.01/ ./configure make && make install cd ../

tar zxvf nginx-0.7.65.tar.gz cd nginx-0.7.65/ ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module make && make install cd ../

13,创建Nginx配置文件
mkdir -p /usr/local/nginx/conf/servers rm -f /usr/local/nginx/conf/nginx.conf vi /usr/local/nginx/conf/nginx.conf
输入以下内容:
user www www; worker_processes 1; error_log /home/www/logs/nginx_error.log crit; pid /usr/local/nginx/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; #charse gb2312; server_names_hash_bucket_size 128; client_header_buffer_size 128k; large_client_header_buffers 4 256k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on;


		fastcgi_connect_timeout 300;

		fastcgi_send_timeout 300;

		fastcgi_read_timeout 300;

		fastcgi_buffer_size 64k;

		fastcgi_buffers 4 64k;

		fastcgi_busy_buffers_size 128k;

		fastcgi_temp_file_write_size 128k;
		gzip on;

		gzip_min_length  1k;

		gzip_buffers     4 16k;

		gzip_http_version 1.1;

		gzip_comp_level 9;

		gzip_types       text/plain application/x-javascript text/css application/xml;

		gzip_vary on;

		output_buffers   4 32k;

		postpone_output  1460;
		#limit_zone  crawler  $binary_remote_addr  10m;

server { listen 80; server_name vps.imcat.in; index index.html index.htm index.php; include location.conf; root /home/www; } include servers/*; }
14,在/usr/local/nginx/conf/目录中创建location.conf文件：
vi /usr/local/nginx/conf/location.conf
输入内容:
location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; }


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

	{

		expires      30d;

	}

location ~ .*\.(js|css)?$ { expires 12h; }
多站点管理,可以在/usr/local/nginx/conf/servers目录添加配置文件,格式为:
vi /usr/local/nginx/conf/servers/yourwebsite.conf
内容:
server

{ listen 80; server_name yourdomain; index index.html index.htm index.php; root /home/www/yourwebsite; }
请注意,我是没有开启Nginx日志记录功能的.
启动Nginx:
ulimit -SHn 65535 /usr/local/nginx/sbin/nginx
放个探针看看
mv index.php /home/www/
访问你的IP看看吧!

15,安装phpMyAdmin,管理Mysql数据库
tar zxvf phpMyAdmin-3.2.4-all-languages.tar.gz mv phpMyAdmin-3.2.4-all-languages /home/www/phpmyadmin

16,配置开机自动启动Nginx + PHP
echo "ulimit -SHn 65535" >>/etc/rc.local echo "/usr/local/php/sbin/php-fpm start" >>/etc/rc.local echo "/usr/local/nginx/sbin/nginx" >>/etc/rc.local

17,优化Linux内核参数(我只在Xen VPS用过,Openvz VPS失败,慎用,可不操作。)
vi /etc/sysctl.conf
在最后加入
# Add net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768


net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1

#net.ipv4.tcp_tw_len = 1

net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000

net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 1024 65535
使配置立即生效：
/sbin/sysctl -p

18,需要安装ftp的,可以简单安装vsftpd应用:
yum -y install vsftpd /etc/init.d/vsftpd start chkconfig --level 345 vsftpd on

19,请务必更改www用户密码:
passwd www

zt from imcat.in