1、软件列表
nginx-1.0.0.tar.gz(nginx主程序)
php-5.2.17.tar.bz2(php主程序)
mysql-5.1.56.tar.gz(mysql服务主程序)
php-5.2.17-fpm-0.5.14.diff.gz(fastcgi补丁)
PDO_MYSQL-1.0.2.tgz(pdo_mysql扩展。pdo是PHP连接数据库的统一接口,连接对应数据库需要对应的pdo驱动)
pcre-8.12.tar.gz(正则表达式库,编辑nginx支持重写需要)
mhash-0.9.9.9.tar.bz2(hash加密算法库,php需要)
mcrypt-2.6.8.tar.gz(php的加密扩展,必须先安装libmcrypt库)
libmcrypt-2.5.8.tar.gz(加密算法库,php扩展mcrypt功能对此库有依耐关系,要使用mcrypt必须先安装此库)
libiconv-1.13.1.tar.gz(加强系统对支持字符编码转换的功能)
memcache-2.2.6.tgz(memcache扩展接口,如果想要使用memcache功能,还要单独安装memcached软件)
ImageMagick-6.6.9-6.tar.bz2(ImageMagick图像处理主程序)
imagick-3.0.1.tgz(php扩展,图像处理)
go-pear.phar(php安装pear支持)
2、安装前准备工作
2.1、检查是否已经安装apache,php和mysql的rpm包
rpm -qa | egrep 'httpd|mysql|php'
如果有。yum remove 对应的软件
2.2、yum安装以下软件
yum -y install patch make gcc gcc-c++ gcc-g77 flex bison file
yum -y install libtool libtool-libs autoconf kernel-devel
yum -y install libjpeg libjpeg-devel libpng libpng-devel gd gd-devel
yum -y install freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel
yum -y install glib2 glib2-devel bzip2 bzip2-devel libevent libevent-devel
yum -y install ncurses ncurses-devel curl curl-devel e2fsprogs
yum -y install e2fsprogs-devel krb5 krb5-devel libidn libidn-devel
yum -y install openssl openssl-devel vim-minimal nano sendmail
yum -y install fonts-chinese gettext gettext-devel
yum -y install ncurses-devel
yum -y install gmp-devel pspell-devel
yum -y install unzip
2.3、下载所需软件
mkdir -p /usr/local/soft
cd /usr/local/soft
wget -c http://www.nginx.org/download/nginx-1.0.0.tar.gz
wget -c http://cn.php.net/get/php-5.2.17.tar.bz2/from/this/mirror
wget -c http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
wget -c http://mirrors.sohu.com/mysql/MySQL-5.1/mysql-5.1.56.tar.gz
wget -c http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
wget -c http://pecl.php.net/get/memcache-2.2.6.tgz
wget -c http://pecl.php.net/get/imagick-3.0.1.tgz
wget -c http://sourceforge.net/projects/imagemagick/files/6.6.9-sources/ImageMagick-6.6.9-6.tar.bz2/download
wget -c http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
wget -c http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz/download
wget -c http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download
wget -c http://pecl.php.net/get/APC-3.1.7.tgz
wget -c http://nchc.dl.sourceforge.net/project/pcre/pcre/8.12/pcre-8.12.tar.gz
wget -c http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download
wget -c http://pear.php.net/go-pear.phar
3、安装相关程序
3.1、mysql安装
tar zxvf mysql-5.1.56.tar.gz
cd mysql-5.1.56
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
./configure
"--prefix=/usr/local/mysql"
"--localstatedir=/data/mysql/data/"
"--with-comment=Source"
"--with-mysqld-user=mysql"
"--without-debug"
"--with-big-tables"
"--with-charset=gbk"
"--with-collation=gbk_chinese_ci"
"--with-extra-charsets=all"
"--with-pthread"
"--enable-static"
"--enable-thread-safe-client"
"--with-client-ldflags=-all-static"
"--with-mysqld-ldflags=-all-static"
"--enable-assembler"
"--with-plugins=all"
"--without-ndb-debug"
make
make install
useradd mysql -d /data/mysql -s/sbin/nologin
/usr/local/mysql/bin/mysql_install_db --user=mysql
cd /usr/local/mysql
chown -R root:mysql .
chown -R mysql /data/mysql/data
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
/etc/rc.d/init.d/mysqld start
cd /usr/local/mysql/bin
for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done
3.2、安装php所需库文件
tar zxvf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1
./configure --prefix=/usr/
make && make install
cd ..
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure --prefix=/usr
make && make install
/sbin/ldconfig
cd libltdl/
./configure --prefix=/usr --enable-ltdl-install
make && make install
cd ../..
tar jxvf mhash-0.9.9.9.tar.bz2
cd mhash-0.9.9.9
./configure --prefix=/usr
make && make install
cd ..
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure --prefix=/usr
make && make install
cd ..
3.3、安装PHP
tar jxvf php-5.2.17.tar.bz2
gzip -cd php-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1
cd php-5.2.17
./configure --prefix=/usr/local/php
--with-config-file-path=/usr/local/php/etc
--with-mysql=/usr/local/mysql/
--with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/
--with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr/
--enable-xml --disable-rpath --enable-discard-path --enable-bcmath
--enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers
--enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring
--with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl
--enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /usr/local/php/etc/php.ini
/usr/local/php/bin/php go-pear.phar
3.4、安装PHP扩展模块
tar zxvf memcache-2.2.6.tgz
cd memcache-2.2.6
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
cd ..
tar zxvf PDO_MYSQL-1.0.2.tgz
cd PDO_MYSQL-1.0.2
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql/
make && make install
cd ..
tar jxvf ImageMagick-6.6.9-6.tar.bz2
cd ImageMagick-6.6.9-6
./configure
make && make install
cd ..
tar zxvf imagick-3.0.1.tgz
cd imagick-3.0.1
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
3.5、安装nginx1.0
tar zxvf pcre-8.12.tar.gz
cd pcre-8.12
./configure --prefix=/usr
make &&make install
cd ..
tar zxvf nginx-1.0.0.tar.gz
cd nginx-1.0.0
./configure --prefix=/usr/local/nginx --user=nobody --group=nobody
--with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module
--with-sha1=/usr/lib --with-md5=/usr/lib
make && make install
4、修改相关配置文件
4.1、修改/usr/local/php/etc/php.ini启用扩展库文件
找到"extension_dir = "./""此行,
修改为:extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
添加如下3行:
extension="memcache.so"
extension="pdo_mysql.so"
extension="imagick.so"
验证php加载模块使用 /usr/local/php/bin/php -m
4.2、修改/usr/local/php/etc/php-fpm.conf配置文件。
使用 :set nu显示行号。
(原)41 <value name="listen_address">127.0.0.1:9000</value>
(改)41 <value name="listen_address">/tmp/php-cgi.sock</value> #个人习惯,比较喜欢使用sock。
(原)63 <!-- <value name="user">nobody</value> -->#进程的所有者
(原)66 <!-- <value name="group">nobody</value> -->#进程的所有组,默认都为nobody
(改) <value name="user">nobody</value>
(改) <value name="group">nobody</value>
59 <!-- <value name="display_errors">0</value> --> #是否显示错误,1为关闭显示错误,0为打开错误显示,调试期间可以打开
79 <value name="max_children">5</value> #为客户端服务的最大进程数
86 <value name="StartServers">20</value> #启动时创建的进程数
<value name="MinSpareServers">5</value> #最小空闲进程数
94 <value name="MaxSpareServers">35</value>#最大空闲进程数
(原)107 <value name="request_slowlog_timeout">0s</value> #默认关闭慢查询,建议还是打开,对性能分析有好处
(改)107 <value name="request_slowlog_timeout">5s</value>
(原)113 <value name="rlimit_files">1024</value> #设定打开文件的限制
(改)113 <value name="rlimit_files">51200</value>
132 <value name="max_requests">5000</value> #设置大可以接受的请求数
137 <value name="allowed_clients">127.0.0.1</value> #允许连接的客户端
启动php-cgi
Usage: /usr/local/php/sbin/php-fpm {start|stop|quit|restart|reload|logrotate}
/usr/local/php/sbin/php-fpm start
4.3、修改/usr/local/nginx/conf/nginx.conf配置文件
使用 :set nu显示行号。
2 user nobody; #取消注释
12 events {
13 use epoll; #工作模式
14 worker_connections 51200;
15 }
36 server {
37 listen 80;
38 server_name localhost;
66 location ~ .php$ {
67
68 if ( $fastcgi_script_name ~ ..*/.*php ) {
69 return 403;
70 }
71 root html;
72 fastcgi_pass unix:/tmp/php-cgi.sock;
73 fastcgi_index index.php;
74 fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
75 include fastcgi.conf; #启用fastcig.conf配置文件
76 }
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf #测试配置文件是否正确
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
5、安装APC加速PHP
tar -zxvf APC-3.1.7.tgz
cd APC-3.1.7
/usr/local/php/bin/phpize
./configure --enable-apc --enable-apc-mmap --with-php-config=/usr/local/php/bin/php-config
make && make install
结果:
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/
Installing header files: /usr/local/php/include/php/
编辑php.ini,在最后加入[APC]下面的代码:
[APC]
extension = apc.so
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 64M
apc.optimization = 1
apc.num_files_hint = 0
apc.ttl = 0
apc.gc_ttl = 3600
apc.cache_by_default = on
完成后,重新启动fastcgi,通过phpinfo函数看到下面信息就算成功了
6、安全相关
6.1、关于fastcgi存在的一个上传漏洞,详见:http://www.80sec.com/nginx-securit.html
6.2、php禁用函数,注意,是一行
disable_functions = set_time_limit,system,exec,shell_exec,,passthru,proc_open,
proc_close,proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport,syslog,
popen,show_source,highlight_file,posix_ctermid,posix_get_last_error,posix_getcwd,
posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,
posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,
posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,
posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,
posix_strerror,posix_times,posix_ttyname,posix_uname,dl,socket_listen,socket_create,
socket_bind,socket_accept,socket_connect,stream_socket_server,stream_socket_accept,
stream_socket_client,ftp_connect,ftp_login,ftp_pasv,ftp_get,zlib.compress,
gzopen,gzpassthru,gzcompress,phpinfo