CentOS + tomcat + MySQL + nginx + php + memcached

CentOS6.4_64bit + tomcat6.0.35 + MySQL5.5 + nginx1.2.8 + php5.4.15 + memcached-1.4.15

I.安装 JAVA 容器

1.安装依赖包

yum -y install gcc gcc-c++ gcc-g77 flex bison autoconf automake libxml2 libxml2-devel curl curl-devel libtool make bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel openssh-clients freetype-devel pam-devel wget vim mysql-devel cmake openldap openldap-devel ntpdate unzip zip

2.安装 JDK

rpm -ivh jdk-7-linux-x64.rpm

安装完成后用命令 java -version 验证是否安装成功

3.安装 tomcat 到 /usr/local/tomcat 下

yum -y install apr-devel

tar zxf apache-tomcat-6.0.35.tar.gz -C /usr/local/
mv /usr/local/apache-tomcat-6.0.35/ /usr/local/tomcat
cd /usr/local/tomcat/bin/tomcat-native-1.1.22-src/jni/native
make && make install

export LD_LIBRARY_PATH="/usr/local/apr/lib"

启动tomcat,访问 http:IP:8080

4.配置 tomcat

管理管理员用户，增加角色并将角色给予tomcat用户，否则在进入管理web页面的时候会提示403没有权限

vim conf/tomcat-users.xml
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcat" password="goto5184" roles="admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status"/>

5.配置tomcat和java的环境变量

vim /etc/profile

PATH="$PATH:/usr/local/tomcat/bin:/usr/java/jdk1.7.0/bin:/usr/java/jdk1.7.0/jre/bin"
JAVA_HOME=/usr/java/jdk1.7.0
export JAVA_HOME
CLASSPATH=/usr/java/jdk1.7.0/lib:/usr/java/jdk1.7.0/jre/lib
export CLASSPATH
export CATALINA_HOME=/usr/local/tomcat
export CATALINA_BASE=/usr/local/tomcat

配置 Tomcat 访问端口，和优化连接数。

  <Connector port="81" protocol="HTTP/1.1"
        maxHttpHeaderSize="8192" useBodyEncodingForURI="true"
        maxThreads="2000" redirectPort="8443"  enableLookups="false"
        compression="on" compressionMinSize="2048"
        compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
        connectionTimeout="300000" disableUploadTimeout="true"/>

在文件最后添加以下两行代码

vi /conf/catalina.properties
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false 
org.apache.el.parser.SKIP_IDENTIFIER_CHECK=true

修改 conf/server.xml，和配置好日志信息级别 conf/logging.properties（http://wubolu.iteye.com/admin/blogs/1169128 ），修改通讯端口和虚拟目录。这里我修改成81端口，虚拟目录和NGINX同一目录。

JVM优化
在tomcat 的bin 下catalina.sh 里，位置cygwin=false前添加：JAVA_OPTS="-server -Xms1024m -Xmx2048m -Xmn512m -Xss1m -XX:PermSize=128m -XX:MaxPermSize=256m"

说明：（参考http://kenwublog.com/docs/java6-jvm-options-chinese-edition.htm）
参考：JAVA内存的那些事 http://wubolu.iteye.com/admin/blogs/1770810

-server:一定要作为第一个参数，会使JVM启动速度变慢，但会显著提升JVM性能
-Xms：初始Heap大小，使用的最小内存
-Xmx：java heap最大值，使用的最大内存
-Xss：每个线程的Stack大小
-XX:MaxPermSize：设置最大永久区大小，永久保存区用于存放Class信息和元信息
-verbose:gc 现实垃圾收集信息
-Xloggc:gc.log 指定垃圾收集日志文件
-Xmn：young generation的heap大小，一般设置为Xmx的3、4分之一
-XX:+UseParNewGC ：缩短minor收集的时间
-XX:+UseConcMarkSweepGC ：缩短major收集的时间
提示：此选项在Heap Size 比较大而且Major收集时间较长的情况下使用更合适

II.安装 MySQL

1.建立 mysql 用户

groupadd mysql
useradd -g mysql mysql

2.安装 MySQL

tar zxvf mysql-5.5.9.tar.gz
MY_dir="/usr/local/mysql"
cmake -DCMAKE_INSTALL_PREFIX="$MY_dir" -DDEFAULT_CHARSET=utf8 -DMYSQL_DATADIR="$MY_dir/"data/ -DCMAKE_INSTALL_PREFIX="$MY_dir" -DSYSCONFDIR="$MY_dir" -DDEFAULT_COLLATION=utf8_general_ci -DENABLE_DEBUG_SYNC=0 -DENABLED_LOCAL_INFILE=1 -DENABLED_PROFILING=1 -DWITH_READLINE=1 .
make
make install
/usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql

3.配置 my.cnf

使用my-large.cnf模板
cp mysql/support-files/my-large.cnf ../my.cnf
添加慢查询日志及其他一些设置
[mysqld]
slow-query-log = 1
slow-query-log-file = /usr/local/mysql/data/slow.log
default-storage-engine = MyISAM
character-set-server = utf8 #如果不指定这个，程序连接可能导致乱码。查看mysql> show variables like '%character%'
wait_timeout = 300 #对当前连接有效。
interactive_timeout = 300 #对后续连接

启动

/usr/local/mysql/bin/mysqld_safe --defaults-file=/usr/local/mysql/my.cnf --user=mysql &

4.选装 TCMalloc 库，提升 MySQL 在高并发情况下的性能。

wget http://download.savannah.gnu.org/releases/libunwind/libunwind-1.1.tar.gz
tar zxvf libunwind-1.1.tar.gz 
cd libunwind-1.1
CFLAGS=-fPIC ./configure
make CFLAGS=-fPIC
make CFLAGS=-fPIC install

wget https://gperftools.googlecode.com/files/gperftools-2.0.tar.gz
tar zxvf gperftools-2.0.tar.gz 
cd gperftools-2.0
./configure 
make && make install

echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
/sbin/ldconfig

修改MySQL启动脚本,在# executing mysqld_safe 下一行添加

vi /usr/local/mysql/bin/mysqld_safe
export LD_PRELOAD=/usr/local/lib/libtcmalloc.so

重启 MySQL 若看到如下信息，说明TCMalloc已经生效

/usr/sbin/lsof -n | grep tcmalloc
mysqld    19030   mysql  mem       REG           8,1    2213595    2239696 /usr/local/lib/libtcmalloc.so.4.1.0

III。安装 NGINX

1.创建 nginx 用户及 webapps 目录

groupadd www
useradd -g www www
mkdir -p /usr/local/www/
chown -R www:www /usr/local/www/

2.安装 PCRE

tar zxvf pcre-8.13.tar.gz
cd pcre-8.13
./configure
make && make install

3.安装 NGINX

tar zxf nginx-1.2.8.tar.gz
cd nginx-1.2.8
./configure --user=www --group=www --prefix=/usr/local/nginx/
make && make install

4.配置 nginx.conf

#修改好配置文件，启动就可以访问到Welcome to nginx!

user www www;

worker_processes 8;

error_log logs/error.log;

pid nginx.pid;

events{

use epoll;

worker_connections 65535;}

http {

include mime.types;

default_type application/octet-stream;

#charset utf-8;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 8m;

sendfile on;

tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 8 128k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascript text/css application/xml;

gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

fastcgi_intercept_errors on;

error_page 404 /404.html;

#proxy_temp_path /usr/local/nginx/proxy_temp_path;

#proxy_cache_path /usr/local/nginx/proxy_cache_path levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=20g;

# 设置反向代理缓存区名称为 cache_one，内存大小500M，自动清除超过一天未被访问的缓存数据，硬盘缓存空间大小20G。

server {

listen 80;

server_name g.wubolu.com;

root /usr/local/www/;

index index.php index.html index.htm;

#access_log off;

error_page 404 /no.html;

error_page 500 502 503 504 /50x.html;

location ~* ^.+.(jpg|jpeg|gif|css|png|js|html|htm)$ {

expires 1d;

break;}

location ~* ^/(images|javascript|js|css|flash|media|static)/ {

expires 1d;}

location ~ .*\.(php|php5)?$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /usr/local/www/$fastcgi_script_name;

include fastcgi_params;}

location ~ .*\.(jsp|cgi|shtml|xml)?$ {

proxy_pass http://localhost:81;

include /usr/local/nginx/conf/proxy.conf;}

}

# 反向代理TOMCAT配置范例

server {

listen 80;

server_name test.xxx.com;

root /usr/local/www/test/;

index index.jsp index.html index.htm;

#access_log off;

error_page 404 /no.html;

error_page 500 502 503 504 /50x.html;

if ($host = 'selfec.5184.com'){

rewrite ^/$ http://selfec.5184.com/gex permanent;}

location ~* .*\.(jsp|cgi|shtml)?$ {

proxy_pass http://127.0.0.1:81;

include /usr/local/nginx/conf/proxy.conf;}

location ~* .*\.(action|xml|dwr|jpg|jpeg|gif|png|bmp|swf|js|css)?$ {

proxy_cache cache_one;

proxy_cache_valid 200 304 1h;

proxy_cache_valid 301 302 1m;

proxy_cache_valid any 1m;

proxy_cache_key $host$uri$is_args$args;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_pass http://127.0.0.1:81;}

}

--------------------- HTTP Proxy 模块，此模块能代理请求到其它服务器 -----------------

# vim /usr/local/nginx/conf/proxy.conf

proxy_redirect ofize 8k;
proxy_buffering on;
proxy_buffers 8 128k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 512m;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_connect_timeout 60;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_max_temp_file_size 128m;

proxy_connect_timeout :后端服务器连接的超时时间_发起握手等候响应超时时间，官方说最大不得超过75秒
proxy_read_timeout:连接成功后_等候后端服务器响应时间_其实已经进入后端的排队之中等候处理（也可以说是后端服务器处理请求的时间）
proxy_send_timeout :后端服务器数据回传时间_就是在规定时间之内后端服务器必须传完所有的数据

配置php-fpm配置文件，如fastcgi.conf或fcgi.conf

配置好 nginx.conf

# 创建反向代理目录，必须在同一分区上。
mkdir -p /usr/local/nginx/proxy_temp_path
mkdir -p /usr/local/nginx/proxy_cache_path
# 提示：清空反向代理的缓存则删除 proxy_cache_path 下内容即可。或者安装第三方插件ngx_cache_purge则可以用URL方式删除指定缓存。

5.检测配置文件是否正确

/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx//conf/nginx.conf syntax is ok

IV.安装 PHP

程序员们在编写代码程序时，除了要保证代码的高性能之外，还有一点是非常重要的，那就是程序的安全性保障。PHP除了自带的几种加密函数外，还有功能更全面的PHP加密扩展 mcrypt, mcrypt软件依赖libmcrypt和mhash两个库。

1.安装Libmcrypt

tar jxvf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8
./configure
make &&make install

cd libmcrypt-2.5.8/libltdl/
./configure --enable-ltdl-install
make && make install

2.安装mhash

tar -zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make && make install

3.安装mcrypt

tar -zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
LD_LIBRARY_PATH=/usr/local/lib ./configure
make && make install

如果不加环境变量LD_LIBRARY_PATH=/usr/local/lib的话,会提示找不到libmcrypt链接库

4.安装libiconv

tar zxvf libiconv-1.13.1.tar.gz
/configure --prefix=/usr/local/
make 
make install

ln -s /usr/local/mysql/lib/ /usr/lib64/
ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/
cp -frp /usr/lib64/libldap* /usr/lib/

32位系统在/usr/lib/,注：这里到 mysql 是从其他机器CP过来已经安装好的文件包，编译PHP的时候为了不安装MYSQL也能找到MYSQL的支持库和所需文件。

5.安装 PHP

tar zxf php-5.4.15.tar.gz
cd php-5.4.15
./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-pdo --with-pdo-mysql=/usr/local/mysql --with-png-dir --with-libxml-dir=/usr --enable-safe-mode --enable-ftp --enable-zip --with-bz2 --with-png-dir  --with-libxml-dir=/usr --with-jpeg-dir --with-png-dir=/usr/local/png --with-freetype-dir --with-iconv --enable-sysvsem --enable-inline-optimization --enable-xml --with-mcrypt --with-mhash -with-libxml-dir --enable-bcmath --enable-shmop --with-XMLrpc --with-zlib-dir --with-gd --enable-gd-native-ttf --with-curl --with-curlwrappers --with-pear --enable-mbregex --enable-calendar --enable-mbstring --enable-sockets --enable-exif --enable-magic-quotes --disable-rpath --disable-debug --enable-fpm --enable-sqlite-utf8 --enable-soap --with-ldap --with-ldap-sasl --enable-pcntl --with-openssl --enable-fastcgi  --enable-pic --with-xml --enable-sysvshm --enable-xslt --enable-memcache --with-pcre-regex
make ZEND_EXTRA_LIBS='-liconv'
make install

6.配置 PHP

cp php.ini-production /usr/local/php/lib/php.ini
cp /home/installation/php-fpm.conf /usr/local/php/etc/php-fpm.conf
cp /home/installation/php-5.4.15/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
chmod 755 /etc/rc.d/init.d/php-fpm
sed -i '263a output_buffering = On' /usr/local/php/lib/php.ini
sed -i '855a cgi.fix_pathinfo=0' /usr/local/php/lib/php.ini

最后两行设置防止NGINX文件类型错误解析漏洞。

7.php-fpm.conf 全部内容替换为：

[global]
pid = run/php-fpm.pid # 默认是none的，影响service php-fpm脚本
[www]
listen = 127.0.0.1:9000
user = www #用户组和用户名跟NGINX的配置一致
group = www
pm = dynamic # static （设置为静态进程数）或者dynamic （设置为动态进程数）
pm.max_children = 50 # 静态方式下开启的php-fpm进程数量
pm.start_servers = 20 # 动态方式下的起始php-fpm进程数量
pm.min_spare_servers = 5 # 动态方式下的最小php-fpm进程数量
pm.max_spare_servers = 35 # 动态方式下的最大php-fpm进程数量
rlimit_files = 10240 #设置PHP-FPM对打开文件描述符的限制，最终受LINUX内核打开最大文件数限制
php_flag[display_errors] = on #打开报错，否则遇到错误只报500
php_admin_value[session.save_path] = /tmp
php_admin_value[date.timezone] = 'Asia/Chongqing'

启动：service php-fpm start

V.安装 memcached

1.安装 PHP memcache 扩展（注意是memcache是php的扩展）

tar zxf memcache-2.2.7.tgz
cd /home/installation/memcache-2.2.7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcache
make
make install

Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20100525/

然后在/usr/local/php/lib/php.ini大概868行加入：

extension=/usr/local/php/lib/php/extensions/no-debug-non-zts-20100525/memcache.so

2.安装 memcached

tar zxf libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable
./configure --prefix=/usr/local/libevent
make
make install

tar zxf memcached-1.4.15.tar.gz
cd memcached-1.4.15
./configure --prefix=/usr/local/memcached --with-libevent=/usr/local/libevent
make
make install

启动 memcached

/usr/local/memcached/bin/memcached -d -m 64 -p 11211 -u root -P /usr/local/memcached/memcached.pid

VI.优化 CentOS 内核

1.增大打开文件数

sed -i '$a * soft nofile 65535\n* hard nofile 65535' /etc/security/limits.conf
sed -i '$a fs.file-max = 65536\nvm.swappiness = 0' /etc/sysctl.conf

2.定时校正服务器时间

crontab -e
1 4 * * * ntpdate ntp.api.bz

3.TCP 调优

http://wubolu.iteye.com/admin/blogs/794729

4.vim /etc/hosts 加入计算机名称，不然有时候会根据计算机名称找不到localhost

CentOS6.4_64bit + tomcat6.0.35 + MySQL5.5 + nginx1.2.8 + php5.4.15 + memcached-1.4.15

I.安装 JAVA 容器

1.安装依赖包

yum -y install gcc gcc-c++ gcc-g77 flex bison autoconf automake libxml2 libxml2-devel curl curl-devel libtool make bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel openssh-clients freetype-devel pam-devel wget vim mysql-devel cmake openldap openldap-devel ntpdate unzip zip

2.安装 JDK

rpm -ivh jdk-7-linux-x64.rpm

安装完成后用命令 java -version 验证是否安装成功

3.安装 tomcat 到 /usr/local/tomcat 下

yum -y install apr-devel

tar zxf apache-tomcat-6.0.35.tar.gz -C /usr/local/
mv /usr/local/apache-tomcat-6.0.35/ /usr/local/tomcat
cd /usr/local/tomcat/bin/tomcat-native-1.1.22-src/jni/native
make && make install

export LD_LIBRARY_PATH="/usr/local/apr/lib"

启动tomcat,访问 http:IP:8080

4.配置 tomcat

管理管理员用户，增加角色并将角色给予tomcat用户，否则在进入管理web页面的时候会提示403没有权限

vim conf/tomcat-users.xml
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcat" password="goto5184" roles="admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status"/>

5.配置tomcat和java的环境变量

vim /etc/profile

PATH="$PATH:/usr/local/tomcat/bin:/usr/java/jdk1.7.0/bin:/usr/java/jdk1.7.0/jre/bin"
JAVA_HOME=/usr/java/jdk1.7.0
export JAVA_HOME
CLASSPATH=/usr/java/jdk1.7.0/lib:/usr/java/jdk1.7.0/jre/lib
export CLASSPATH
export CATALINA_HOME=/usr/local/tomcat
export CATALINA_BASE=/usr/local/tomcat

配置 Tomcat 访问端口，和优化连接数。

  <Connector port="81" protocol="HTTP/1.1"
        maxHttpHeaderSize="8192" useBodyEncodingForURI="true"
        maxThreads="2000" redirectPort="8443"  enableLookups="false"
        compression="on" compressionMinSize="2048"
        compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
        connectionTimeout="300000" disableUploadTimeout="true"/>

在文件最后添加以下两行代码

vi /conf/catalina.properties
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false 
org.apache.el.parser.SKIP_IDENTIFIER_CHECK=true

JVM优化
在tomcat 的bin 下catalina.sh 里，位置cygwin=false前添加：JAVA_OPTS="-server -Xms1024m -Xmx2048m -Xmn512m -Xss1m -XX:PermSize=128m -XX:MaxPermSize=256m"

说明：（参考http://kenwublog.com/docs/java6-jvm-options-chinese-edition.htm）
参考：JAVA内存的那些事 http://wubolu.iteye.com/admin/blogs/1770810

II.安装 MySQL

1.建立 mysql 用户

groupadd mysql
useradd -g mysql mysql

2.安装 MySQL

tar zxvf mysql-5.5.9.tar.gz
MY_dir="/usr/local/mysql"
cmake -DCMAKE_INSTALL_PREFIX="$MY_dir" -DDEFAULT_CHARSET=utf8 -DMYSQL_DATADIR="$MY_dir/"data/ -DCMAKE_INSTALL_PREFIX="$MY_dir" -DSYSCONFDIR="$MY_dir" -DDEFAULT_COLLATION=utf8_general_ci -DENABLE_DEBUG_SYNC=0 -DENABLED_LOCAL_INFILE=1 -DENABLED_PROFILING=1 -DWITH_READLINE=1 .
make
make install
/usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql

3.配置 my.cnf

启动

/usr/local/mysql/bin/mysqld_safe --defaults-file=/usr/local/mysql/my.cnf --user=mysql &

4.选装 TCMalloc 库，提升 MySQL 在高并发情况下的性能。

wget http://download.savannah.gnu.org/releases/libunwind/libunwind-1.1.tar.gz
tar zxvf libunwind-1.1.tar.gz 
cd libunwind-1.1
CFLAGS=-fPIC ./configure
make CFLAGS=-fPIC
make CFLAGS=-fPIC install

wget https://gperftools.googlecode.com/files/gperftools-2.0.tar.gz
tar zxvf gperftools-2.0.tar.gz 
cd gperftools-2.0
./configure 
make && make install

echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
/sbin/ldconfig

修改MySQL启动脚本,在# executing mysqld_safe 下一行添加

vi /usr/local/mysql/bin/mysqld_safe
export LD_PRELOAD=/usr/local/lib/libtcmalloc.so

重启 MySQL 若看到如下信息，说明TCMalloc已经生效

/usr/sbin/lsof -n | grep tcmalloc
mysqld    19030   mysql  mem       REG           8,1    2213595    2239696 /usr/local/lib/libtcmalloc.so.4.1.0

III。安装 NGINX

1.创建 nginx 用户及 webapps 目录

groupadd www
useradd -g www www
mkdir -p /usr/local/www/
chown -R www:www /usr/local/www/

2.安装 PCRE

tar zxvf pcre-8.13.tar.gz
cd pcre-8.13
./configure
make && make install

3.安装 NGINX

tar zxf nginx-1.2.8.tar.gz
cd nginx-1.2.8
./configure --user=www --group=www --prefix=/usr/local/nginx/
make && make install

4.配置 nginx.conf

#修改好配置文件，启动就可以访问到Welcome to nginx!

user www www;

worker_processes 8;

error_log logs/error.log;

pid nginx.pid;

events{

use epoll;

worker_connections 65535;}

http {

include mime.types;

default_type application/octet-stream;

#charset utf-8;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 8m;

sendfile on;

tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 8 128k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_comp_level 2;

gzip_types text/plain application/x-javascript text/css application/xml;

gzip_vary on;

#limit_zone crawler $binary_remote_addr 10m;

fastcgi_intercept_errors on;

error_page 404 /404.html;

#proxy_temp_path /usr/local/nginx/proxy_temp_path;

#proxy_cache_path /usr/local/nginx/proxy_cache_path levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=20g;

# 设置反向代理缓存区名称为 cache_one，内存大小500M，自动清除超过一天未被访问的缓存数据，硬盘缓存空间大小20G。

server {

listen 80;

server_name g.wubolu.com;

root /usr/local/www/;

index index.php index.html index.htm;

#access_log off;

error_page 404 /no.html;

error_page 500 502 503 504 /50x.html;

location ~* ^.+.(jpg|jpeg|gif|css|png|js|html|htm)$ {

expires 1d;

break;}

location ~* ^/(images|javascript|js|css|flash|media|static)/ {

expires 1d;}

location ~ .*\.(php|php5)?$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /usr/local/www/$fastcgi_script_name;

include fastcgi_params;}

location ~ .*\.(jsp|cgi|shtml|xml)?$ {

proxy_pass http://localhost:81;

include /usr/local/nginx/conf/proxy.conf;}

}

# 反向代理TOMCAT配置范例

server {

listen 80;

server_name test.xxx.com;

root /usr/local/www/test/;

index index.jsp index.html index.htm;

#access_log off;

error_page 404 /no.html;

error_page 500 502 503 504 /50x.html;

if ($host = 'selfec.5184.com'){

rewrite ^/$ http://selfec.5184.com/gex permanent;}

location ~* .*\.(jsp|cgi|shtml)?$ {

proxy_pass http://127.0.0.1:81;

include /usr/local/nginx/conf/proxy.conf;}

location ~* .*\.(action|xml|dwr|jpg|jpeg|gif|png|bmp|swf|js|css)?$ {

proxy_cache cache_one;

proxy_cache_valid 200 304 1h;

proxy_cache_valid 301 302 1m;

proxy_cache_valid any 1m;

proxy_cache_key $host$uri$is_args$args;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_pass http://127.0.0.1:81;}

}

--------------------- HTTP Proxy 模块，此模块能代理请求到其它服务器 -----------------

# vim /usr/local/nginx/conf/proxy.conf

配置php-fpm配置文件，如fastcgi.conf或fcgi.conf

配置好 nginx.conf

5.检测配置文件是否正确

/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx//conf/nginx.conf syntax is ok

IV.安装 PHP

1.安装Libmcrypt

tar jxvf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8
./configure
make &&make install

cd libmcrypt-2.5.8/libltdl/
./configure --enable-ltdl-install
make && make install

2.安装mhash

tar -zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make && make install

3.安装mcrypt

tar -zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
LD_LIBRARY_PATH=/usr/local/lib ./configure
make && make install

如果不加环境变量LD_LIBRARY_PATH=/usr/local/lib的话,会提示找不到libmcrypt链接库

4.安装libiconv

tar zxvf libiconv-1.13.1.tar.gz
/configure --prefix=/usr/local/
make 
make install

ln -s /usr/local/mysql/lib/ /usr/lib64/
ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/
cp -frp /usr/lib64/libldap* /usr/lib/

32位系统在/usr/lib/,注：这里到 mysql 是从其他机器CP过来已经安装好的文件包，编译PHP的时候为了不安装MYSQL也能找到MYSQL的支持库和所需文件。

5.安装 PHP

tar zxf php-5.4.15.tar.gz
cd php-5.4.15
./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-pdo --with-pdo-mysql=/usr/local/mysql --with-png-dir --with-libxml-dir=/usr --enable-safe-mode --enable-ftp --enable-zip --with-bz2 --with-png-dir  --with-libxml-dir=/usr --with-jpeg-dir --with-png-dir=/usr/local/png --with-freetype-dir --with-iconv --enable-sysvsem --enable-inline-optimization --enable-xml --with-mcrypt --with-mhash -with-libxml-dir --enable-bcmath --enable-shmop --with-XMLrpc --with-zlib-dir --with-gd --enable-gd-native-ttf --with-curl --with-curlwrappers --with-pear --enable-mbregex --enable-calendar --enable-mbstring --enable-sockets --enable-exif --enable-magic-quotes --disable-rpath --disable-debug --enable-fpm --enable-sqlite-utf8 --enable-soap --with-ldap --with-ldap-sasl --enable-pcntl --with-openssl --enable-fastcgi  --enable-pic --with-xml --enable-sysvshm --enable-xslt --enable-memcache --with-pcre-regex
make ZEND_EXTRA_LIBS='-liconv'
make install

6.配置 PHP

cp php.ini-production /usr/local/php/lib/php.ini
cp /home/installation/php-fpm.conf /usr/local/php/etc/php-fpm.conf
cp /home/installation/php-5.4.15/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
chmod 755 /etc/rc.d/init.d/php-fpm
sed -i '263a output_buffering = On' /usr/local/php/lib/php.ini
sed -i '855a cgi.fix_pathinfo=0' /usr/local/php/lib/php.ini

最后两行设置防止NGINX文件类型错误解析漏洞。

7.php-fpm.conf 全部内容替换为：

[global]
pid = run/php-fpm.pid # 默认是none的，影响service php-fpm脚本
[www]
listen = 127.0.0.1:9000
user = www #用户组和用户名跟NGINX的配置一致
group = www
pm = dynamic # static （设置为静态进程数）或者dynamic （设置为动态进程数）
pm.max_children = 50 # 静态方式下开启的php-fpm进程数量
pm.start_servers = 20 # 动态方式下的起始php-fpm进程数量
pm.min_spare_servers = 5 # 动态方式下的最小php-fpm进程数量
pm.max_spare_servers = 35 # 动态方式下的最大php-fpm进程数量
rlimit_files = 10240 #设置PHP-FPM对打开文件描述符的限制，最终受LINUX内核打开最大文件数限制
php_flag[display_errors] = on #打开报错，否则遇到错误只报500
php_admin_value[session.save_path] = /tmp
php_admin_value[date.timezone] = 'Asia/Chongqing'

启动：service php-fpm start

V.安装 memcached

1.安装 PHP memcache 扩展（注意是memcache是php的扩展）

tar zxf memcache-2.2.7.tgz
cd /home/installation/memcache-2.2.7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcache
make
make install

Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20100525/

然后在/usr/local/php/lib/php.ini大概868行加入：

extension=/usr/local/php/lib/php/extensions/no-debug-non-zts-20100525/memcache.so

2.安装 memcached

tar zxf libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable
./configure --prefix=/usr/local/libevent
make
make install

tar zxf memcached-1.4.15.tar.gz
cd memcached-1.4.15
./configure --prefix=/usr/local/memcached --with-libevent=/usr/local/libevent
make
make install

启动 memcached

/usr/local/memcached/bin/memcached -d -m 64 -p 11211 -u root -P /usr/local/memcached/memcached.pid

VI.优化 CentOS 内核

1.增大打开文件数

sed -i '$a * soft nofile 65535\n* hard nofile 65535' /etc/security/limits.conf
sed -i '$a fs.file-max = 65536\nvm.swappiness = 0' /etc/sysctl.conf

2.定时校正服务器时间

crontab -e
1 4 * * * ntpdate ntp.api.bz

3.TCP 调优

http://wubolu.iteye.com/admin/blogs/794729

4.vim /etc/hosts 加入计算机名称，不然有时候会根据计算机名称找不到localhost

CentOS + tomcat + MySQL + nginx + php + memcached

猜你喜欢