/ 中存储网

CentOS 5.10安装配置Nginx1.0+PHP5.2.17+MySQL5.1.56+APC

2014-02-06 08:08:01 来源:itjs.cn

1、软件列表

nginx-1.0.0.tar.gz(nginx主程序)

php-5.2.17.tar.bz2(php主程序)

mysql-5.1.56.tar.gz(mysql服务主程序)

php-5.2.17-fpm-0.5.14.diff.gz(fastcgi补丁)

PDO_MYSQL-1.0.2.tgz(pdo_mysql扩展。pdo是PHP连接数据库的统一接口,连接对应数据库需要对应的pdo驱动)

pcre-8.12.tar.gz(正则表达式库,编辑nginx支持重写需要)

mhash-0.9.9.9.tar.bz2(hash加密算法库,php需要)

mcrypt-2.6.8.tar.gz(php的加密扩展,必须先安装libmcrypt库)

libmcrypt-2.5.8.tar.gz(加密算法库,php扩展mcrypt功能对此库有依耐关系,要使用mcrypt必须先安装此库)

libiconv-1.13.1.tar.gz(加强系统对支持字符编码转换的功能)

memcache-2.2.6.tgz(memcache扩展接口,如果想要使用memcache功能,还要单独安装memcached软件)

ImageMagick-6.6.9-6.tar.bz2(ImageMagick图像处理主程序)

imagick-3.0.1.tgz(php扩展,图像处理)

go-pear.phar(php安装pear支持)

2、安装前准备工作

2.1、检查是否已经安装apache,php和mysql的rpm包

rpm -qa | egrep 'httpd|mysql|php'

如果有。yum remove 对应的软件

2.2、yum安装以下软件

yum -y install patch make gcc gcc-c++ gcc-g77 flex bison file

yum -y install libtool libtool-libs autoconf kernel-devel

yum -y install libjpeg libjpeg-devel libpng libpng-devel  gd gd-devel

yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel

yum -y install glib2 glib2-devel bzip2 bzip2-devel libevent libevent-devel

yum -y install ncurses ncurses-devel curl curl-devel e2fsprogs

yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel

yum -y install openssl openssl-devel vim-minimal nano sendmail

yum -y install fonts-chinese gettext gettext-devel

yum -y install ncurses-devel

yum -y install gmp-devel pspell-devel

yum -y install unzip

2.3、下载所需软件

mkdir -p /usr/local/soft

cd /usr/local/soft

wget -c http://www.nginx.org/download/nginx-1.0.0.tar.gz

wget -c http://cn.php.net/get/php-5.2.17.tar.bz2/from/this/mirror

wget -c http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz

wget -c http://mirrors.sohu.com/mysql/MySQL-5.1/mysql-5.1.56.tar.gz

wget -c http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz

wget -c http://pecl.php.net/get/memcache-2.2.6.tgz

wget -c http://pecl.php.net/get/imagick-3.0.1.tgz

wget -c http://sourceforge.net/projects/imagemagick/files/6.6.9-sources/ImageMagick-6.6.9-6.tar.bz2/download

wget -c http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz

wget -c http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz/download

wget -c http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download

wget -c http://pecl.php.net/get/APC-3.1.7.tgz

wget -c http://nchc.dl.sourceforge.net/project/pcre/pcre/8.12/pcre-8.12.tar.gz

wget -c http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download

wget -c http://pear.php.net/go-pear.phar

3、安装相关程序

3.1、mysql安装

tar zxvf mysql-5.1.56.tar.gz

cd mysql-5.1.56

CHOST="i686-pc-linux-gnu"

CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"

CXXFLAGS="${CFLAGS}"

./configure

"--prefix=/usr/local/mysql"

"--localstatedir=/data/mysql/data/"

"--with-comment=Source"

"--with-mysqld-user=mysql"

"--without-debug"

"--with-big-tables"

"--with-charset=gbk"

"--with-collation=gbk_chinese_ci"

"--with-extra-charsets=all"

"--with-pthread"

"--enable-static"

"--enable-thread-safe-client"

"--with-client-ldflags=-all-static"

"--with-mysqld-ldflags=-all-static"

"--enable-assembler"

"--with-plugins=all"

"--without-ndb-debug"

make

make install

useradd mysql -d /data/mysql -s/sbin/nologin

/usr/local/mysql/bin/mysql_install_db --user=mysql

cd /usr/local/mysql

chown -R root:mysql .

chown -R mysql /data/mysql/data

cp share/mysql/my-huge.cnf /etc/my.cnf

cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld

chmod 755 /etc/rc.d/init.d/mysqld

chkconfig --add mysqld

/etc/rc.d/init.d/mysqld start

cd /usr/local/mysql/bin

for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done

3.2、安装php所需库文件

tar zxvf libiconv-1.13.1.tar.gz

cd libiconv-1.13.1

./configure --prefix=/usr/

make && make install

cd ..

tar zxvf libmcrypt-2.5.8.tar.gz

cd libmcrypt-2.5.8

./configure --prefix=/usr

make && make install

/sbin/ldconfig

cd libltdl/

./configure  --prefix=/usr  --enable-ltdl-install

make && make install

cd ../..

tar jxvf mhash-0.9.9.9.tar.bz2

cd mhash-0.9.9.9

./configure --prefix=/usr

make && make install

cd ..

tar zxvf mcrypt-2.6.8.tar.gz

cd mcrypt-2.6.8

./configure --prefix=/usr

make && make install

cd ..

3.3、安装PHP

tar jxvf php-5.2.17.tar.bz2

gzip  -cd php-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1

cd php-5.2.17

./configure --prefix=/usr/local/php

--with-config-file-path=/usr/local/php/etc

--with-mysql=/usr/local/mysql/

--with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/

--with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr/

--enable-xml --disable-rpath --enable-discard-path  --enable-bcmath

--enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers

--enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring

--with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl

--enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap

make ZEND_EXTRA_LIBS='-liconv'

make install

cp php.ini-dist  /usr/local/php/etc/php.ini

/usr/local/php/bin/php go-pear.phar

3.4、安装PHP扩展模块

tar  zxvf memcache-2.2.6.tgz

cd memcache-2.2.6

/usr/local/php/bin/phpize

./configure --with-php-config=/usr/local/php/bin/php-config

make && make install

cd ..

tar zxvf PDO_MYSQL-1.0.2.tgz

cd PDO_MYSQL-1.0.2

/usr/local/php/bin/phpize

./configure --with-php-config=/usr/local/php/bin/php-config  --with-pdo-mysql=/usr/local/mysql/

make && make install

cd ..

tar jxvf ImageMagick-6.6.9-6.tar.bz2

cd ImageMagick-6.6.9-6

./configure

make && make install

cd ..

tar zxvf imagick-3.0.1.tgz

cd imagick-3.0.1

/usr/local/php/bin/phpize

./configure --with-php-config=/usr/local/php/bin/php-config

make && make install

3.5、安装nginx1.0

tar zxvf pcre-8.12.tar.gz

cd pcre-8.12

./configure --prefix=/usr

make &&make install

cd ..

tar zxvf nginx-1.0.0.tar.gz

cd nginx-1.0.0

./configure --prefix=/usr/local/nginx --user=nobody --group=nobody

--with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module

--with-sha1=/usr/lib --with-md5=/usr/lib

make && make install

4、修改相关配置文件

4.1、修改/usr/local/php/etc/php.ini启用扩展库文件

找到"extension_dir = "./""此行,

修改为:extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"

添加如下3行:

extension="memcache.so"

extension="pdo_mysql.so"

extension="imagick.so"

验证php加载模块使用 /usr/local/php/bin/php -m

4.2、修改/usr/local/php/etc/php-fpm.conf配置文件。

使用 :set nu显示行号。

(原)41                         <value name="listen_address">127.0.0.1:9000</value>

(改)41                         <value name="listen_address">/tmp/php-cgi.sock</value> #个人习惯,比较喜欢使用sock。

(原)63                 <!--    <value name="user">nobody</value>     -->#进程的所有者

(原)66                 <!--    <value name="group">nobody</value>     -->#进程的所有组,默认都为nobody

(改)                              <value name="user">nobody</value>

(改)                              <value name="group">nobody</value>

59                 <!--    <value name="display_errors">0</value>   --> #是否显示错误,1为关闭显示错误,0为打开错误显示,调试期间可以打开

79                             <value name="max_children">5</value> #为客户端服务的最大进程数

86                             <value name="StartServers">20</value> #启动时创建的进程数

<value name="MinSpareServers">5</value> #最小空闲进程数

94                             <value name="MaxSpareServers">35</value>#最大空闲进程数

(原)107                        <value name="request_slowlog_timeout">0s</value> #默认关闭慢查询,建议还是打开,对性能分析有好处

(改)107                        <value name="request_slowlog_timeout">5s</value>

(原)113                        <value name="rlimit_files">1024</value> #设定打开文件的限制

(改)113                        <value name="rlimit_files">51200</value>

132                         <value name="max_requests">5000</value> #设置大可以接受的请求数

137                        <value name="allowed_clients">127.0.0.1</value> #允许连接的客户端

启动php-cgi

Usage: /usr/local/php/sbin/php-fpm {start|stop|quit|restart|reload|logrotate}

/usr/local/php/sbin/php-fpm start

4.3、修改/usr/local/nginx/conf/nginx.conf配置文件

使用 :set nu显示行号。

2    user  nobody; #取消注释

12  events {

13       use epoll; #工作模式

14       worker_connections  51200;

15     }

36      server {

37         listen       80;

38         server_name  localhost;

66         location ~ .php$ {

67

68                 if ( $fastcgi_script_name ~ ..*/.*php ) {

69                         return 403;

70                 }

71             root           html;

72             fastcgi_pass   unix:/tmp/php-cgi.sock;

73             fastcgi_index  index.php;

74             fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

75             include        fastcgi.conf; #启用fastcig.conf配置文件

76         }

/usr/local/nginx/sbin/nginx  -t -c /usr/local/nginx/conf/nginx.conf  #测试配置文件是否正确

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

5、安装APC加速PHP

tar -zxvf APC-3.1.7.tgz

cd APC-3.1.7

/usr/local/php/bin/phpize

./configure --enable-apc --enable-apc-mmap --with-php-config=/usr/local/php/bin/php-config

make && make install

结果:

Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/

Installing header files:          /usr/local/php/include/php/

编辑php.ini,在最后加入[APC]下面的代码:

[APC]

extension = apc.so

apc.enabled = 1

apc.shm_segments = 1

apc.shm_size = 64M

apc.optimization = 1

apc.num_files_hint = 0

apc.ttl = 0

apc.gc_ttl = 3600

apc.cache_by_default = on

完成后,重新启动fastcgi,通过phpinfo函数看到下面信息就算成功了

6、安全相关

6.1、关于fastcgi存在的一个上传漏洞,详见:http://www.80sec.com/nginx-securit.html

6.2、php禁用函数,注意,是一行

disable_functions = set_time_limit,system,exec,shell_exec,,passthru,proc_open,

proc_close,proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport,syslog,

popen,show_source,highlight_file,posix_ctermid,posix_get_last_error,posix_getcwd,

posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,

posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,

posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,

posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,

posix_strerror,posix_times,posix_ttyname,posix_uname,dl,socket_listen,socket_create,

socket_bind,socket_accept,socket_connect,stream_socket_server,stream_socket_accept,

stream_socket_client,ftp_connect,ftp_login,ftp_pasv,ftp_get,zlib.compress,

gzopen,gzpassthru,gzcompress,phpinfo