LEMP构建高性能WEB服务器（第二版）

linuxtone

UID: 17986
帖子: 161
积分: 370
在线时间: 1 天 11 小时

1^# linuxtone 发表于 2008-06-24 15:24

LEMP构建高性能WEB服务器（第二版）

作者:NetSeek http://bbs.linuxtone.org(IT运维专家网|集群架构|性能调优)
欢迎转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明.
更新时间:2008-06-23

目录

前言：
一、系统安装
1. 系统分区
2.系统初始化脚本(根据具体需求关闭不需要的服务)

二、编译安装基本环境
1. 安装准备
2. 编译安装软件包

三、编译安装PHP及Nginx
1.PHP(Fastcgi)编译安装
2.安装Nginx

四、Nginx多虚拟主机配置及基本优化(以配置Discuz!论坛为例)
1.配置Nginx虚拟主机(防盗链及expires设置)
2.Nginx搭建下载站点限制并发数和速率.
3.如何实现Nginx身份验证
4.如何实现Nginx目录列表
5.修改Nginx的header伪装服务器
6.减小nginx编译后的文件大小
7.Nginx日志处理

五、基本安全设置策略
六、附录及相关介绍

前言：
本文基于step by step的结构向大家介绍Nginx构建高性能WEB的全过程.并且我们在
生产服务器上运行一个月非常稳定，所以整理出来供大家分享。希望能够帮助
更多的初学者轻松构建高性能的WEB服务器。对文中提到的相关操作有任何问题都可以
到LinuxTone论坛去交流提问，我们将第一时间为你解答，同时把网友的建议加入，及
时更新相关内容.

系统环境:
CentOS 5.1+nginx-0.6.31+php-5.2.6+memcache-2.2.3+xcache-1.2.2+mysql-5.0.51b

一、系统安装
1. 系统分区
/boot 100M左右
SWAP 物理内存的2倍(如果你的物理内存大于4G以上，分配4G即可)
/ 分区15~20G
/usr/local 20G (用于安装软件)
/data 剩余所有空间
*具体分区请根据相关业务划分，具体安装本文不作介绍.

2.系统初始化脚本(根据具体需求关闭不需要的服务)
#vi init.sh

复制内容到剪贴板

代码:

#welcome
cat << EOF
+--------------------------------------------------------------+
|       === Welcome to CentOS System init ===             |
+--------------http://www.linuxtone.org------------------------+
+--------------------------------------------------------------+
EOF

#disable ipv6
cat << EOF
+--------------------------------------------------------------+
|       === Welcome to Disable IPV6 ===                   |
+--------------------------------------------------------------+
EOF
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
/sbin/chkconfig --level 35 ip6tables off
echo "ipv6 is disabled!"

#disable selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
echo "selinux is disabled,you must reboot!"

#vim
sed -i "8 s/^/alias vi='vim'/" /root/.bashrc
echo 'syntax on' > /root/.vimrc

#LANG=en
sed -i -e 's/^LANG=.*/LANG="en"/' /etc/sysconfig/i18n

#tunoff services
#--------------------------------------------------------------+
cat << EOF
+--------------------------------------------------------------+
|       === Welcome to Tunoff services ===                |
+--------------------------------------------------------------+
EOF
#--------------------------------------------------------------+
for i in `ls /etc/rc3.d/S*`
do
         CURSRV=`echo $i|cut -c 15-`

echo $CURSRV
case $CURSRV in
      crond | irqbalance | microcode_ctl | network | random | sendmail | sshd | syslog | local | mysqld )
   echo "Base services, Skip!"
   ;;
   *)
      echo "change $CURSRV to off"
      chkconfig --level 235 $CURSRV off
      service $CURSRV stop
   ;;
esac
done

linuxtone

UID: 17986
帖子: 161
积分: 370
在线时间: 1 天 11 小时

2^# linuxtone 发表于 2008-06-24 15:24

三、编译安装PHP及Nginx
1.PHP(Fastcgi)编译安装

1)php-fpm 给PHP(Fastcgi)打补丁
#tar xvf php-5.2.6.tar.bz2
#gzip -cd php-5.2.6-fpm-0.5.8.diff.gz | patch -d php-5.2.6 -p1

2)PHP(Fastcgi)安装.
#cd php-5.2.6
#vi in_php5.sh

复制内容到剪贴板

代码:

./configure \
      "--prefix=/usr/local/php-fcgi" \
      "--enable-fastcgi" \
      "--enable-fpm" \
      "--enable-discard-path" \
      "--enable-force-cgi-redirect" \
      "--with-config-file-path=/usr/local/php-fcgi/etc" \
      "--enable-zend-multibyte" \
      "--with-mysql=/usr/local/mysql" \
      "--with-libxml-dir" \
      "--with-iconv-dir=/usr/lib" \
      "--with-xmlrpc" \
      "--with-gd=/usr/local/gd2" \
      "--with-jpeg-dir" \
      "--with-png-dir" \
      "--with-bz2" \
      "--with-freetype-dir" \
      "--with-zlib-dir " \
      "--with-openssl=/usr/local/openssl" \
      "--with-mcrypt=/usr/local/libmcrypt" \
      "--enable-sysvsem" \
      "--enable-inline-optimization" \
      "--enable-soap" \
      "--enable-gd-native-ttf" \
      "--enable-ftp" \
      "--enable-mbstring" \
      "--enable-exif" \
      "--disable-debug" \
      "--disable-ipv6"
   make && make install
   cp php.ini-dist /usr/local/php-fcgi/etc/php.ini

linuxtone

UID: 17986
帖子: 161
积分: 370
在线时间: 1 天 11 小时

3^# linuxtone 发表于 2008-06-24 15:25

四、Nginx多虚拟主机配置及基本优化(以配置Discuz!论坛为例)

1.配置Nginx虚拟主机(防盗链及expires设置)
#vi /usr/local/nginx/conf/vhosts/bbs.linuxtone.org.conf

复制内容到剪贴板

代码:

server
   {
            listen    80;
            server_name  bbs.linuxtone.org www.linuxtone.org;
            index index.html index.php index.htm;
            root  /data/www/wwwroot/lt/bbs;
            #access_log /var/log/nginx/access_bbs.redocn.com.log  combined;
            location / {
            if (!-e $request_filename) {
                     rewrite ^/archiver/((fid|tid)-[\w\-]+\.html)$ /archiver/index.php?$1

last;
                     rewrite ^/forum-([0-9]+)-([0-9]+)\.html$ /forumdisplay.php?

fid=$1&page=$2 last;
                     rewrite ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$  /viewthread.php?

tid=$1&extra=page%3D$3&page=$2

last;
                     rewrite ^/space-(username|uid)-(.+)\.html$ /space.php?$1=$2 last;
                     rewrite ^/tag-(.+)\.html$ /tag.php?name=$1 last;
                     break;
                                       }

            }

            #Preventing hot linking of images and other file types
            location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {
                     valid_referers none blocked server_names *.linuxtone.org http://localhost;
            if ($invalid_referer) {
            rewrite ^/ http://bbs.linuxtone.org/images/default/logo.gif;
            return 403;
                                 }
                                                            }
            # Add expires header for static content
            location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ {
            if (-f $request_filename) {
               root /data/www/wwwroot/lt/bbs;
               expires    1d;
               break;
               }

            }
            #support php
            location ~ .*\.php?$
            {
                     include enable_php5.conf;
            }

   }