安装mysql
[root@localhost ~]# yum install -y wget
[root@localhost ~]# cd /usr/local/src/
[root@localhost ~]# wget http://mirrors.sohu.com/mysql/MySQL-5.0/mysql-5.0.96-linux-i686-glibc23.tar.gz
[root@localhost ~]# tar zxvf mysql-5.0.96-linux-i686-glibc23.tar.gz
[root@localhost ~]# mv mysql-5.0.96-linux-i686-glibc23/ /usr/local/mysql
[root@localhost ~]# useradd -s /sbin/nologin mysql
[root@localhost ~]# cd /usr/local/mysql
[root@localhost ~]# mkdir -p /data/mysql
[root@localhost ~]# chown -R mysql:mysql /data/mysql
[root@localhost ~]# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
[root@localhost ~]# /bin/cp /usr/local/mysql/support-files/my-large.cnf /etc/my.cnf
[root@localhost ~]# /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@localhost ~]# chmod 755 /etc/init.d/mysqld
[root@localhost ~]# vi /etc/init.d/mysqld
basedir=/usr/local/mysql
datadir=/data/mysql
[root@localhost ~]# chkconfig --add mysqld
[root@localhost ~]# chkconfig mysqld on
[root@localhost ~]# /etc/init.d/mysqld restart
[root@localhost ~]# ps aux | grep mysqld
安装PHP
安装PHP需要的组件
[root@localhost ~]# yum install -y gcc zlib-devel perl libxml2-devel openssl openssl-devel bzip2 bzip2-devel libjpeg libjpeg-devel freetype freetype-devel libpng libpng-devel epel-release
以下两个组件需单独安装
[root@localhost ~]# yum install –y libmcrypt libmcrypt-devel
[root@localhost ~]# useradd -s /sbin/nologin php-fpm
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# tar zxvf php-5.4.37.tar.gz
[root@localhost src]# cd php-5.4.37
[root@localhost php-5.4.37]# ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql/ --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6
[root@localhost ~]# make && make install
[root@localhost ~]# cp /root/php-5.4.37/php.ini-production /usr/local/php/etc/php.ini
[root@localhost ~]# cp /root/php-5.4.37/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@localhost ~]# chmod 755 /etc/init.d/php-fpm
[root@localhost ~]# cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
配置PHP
配置文件
[root@localhost ~]# ll /usr/local/php/etc/php-fpm.conf
清空原有内容
[root@localhost ~]# > /usr/local/php/etc/php-fpm.conf
添加内容,注意这个文件内的listen = /tmp/myweb.sock必须要对照/usr/local/nginx/conf/vhosts/myweb.conf文件的fastcgi_pass unix:/tmp/myweb.sock;选项
[root@localhost ~]# vi /usr/local/php/etc/php-fpm.conf
[global]
pid = /usr/local/php/var/run/php-fpm.pid
error_log = /usr/local/php/var/log/php-fpm.log
[www1]
listen = /tmp/www1.sock
user = php-fpm
group = php-fpm
listen.owner = nobody
listen.group= nobody
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
slowlog = /tmp/www_slow.log
request_slowlog_timeout = 1
php_admin_value[open_bosedir] = /data/www/:/tmp/
测试语法
[root@localhost ~]# /usr/local/php/sbin/php-fpm -t
[root@localhost ~]# /etc/init.d/php-fpm restart
[root@localhost ~]# chkconfig --add php-fpm
[root@localhost ~]# chkconfig php-fpm on
安装NGINX
[root@localhost ~]# yum install -y gcc pcre-devel zlib-devel
[root@localhost ~]# cd /usr/local/src/
[root@localhost ~]# tar zxvf nginx-1.6.2.tar.gz
[root@localhost ~]# cd nginx-1.6.2
[root@localhost nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --with-pcre
[root@localhost ~]# make && make install
启动
[root@localhost nginx-1.6.2]# /usr/local/nginx/sbin/nginx
重启
[root@localhost nginx-1.6.2]# /usr/local/nginx/sbin/nginx -s reload
网站根目录
[root@localhost nginx-1.6.2]# ll /usr/local/nginx/html/
创建启动脚本
[root@localhost nginx-1.6.2]# vi /etc/init.d/nginx
#!/bin/bash# chkconfig: - 30 21# description: http service.# Source Function Library. /etc/init.d/functions# Nginx SettingsNGINX_SBIN="/usr/local/nginx/sbin/nginx"NGINX_CONF="/usr/local/nginx/conf/nginx.conf"NGINX_PID="/usr/local/nginx/logs/nginx.pid"RETVAL=0prog="Nginx"start() { echo -n $"Starting $prog: " mkdir -p /dev/shm/nginx_temp daemon $NGINX_SBIN -c $NGINX_CONF RETVAL=$? echo return $RETVAL}stop() { echo -n $"Stopping $prog: " killproc -p $NGINX_PID $NGINX_SBIN -TERM rm -rf /dev/shm/nginx_temp RETVAL=$? echo return $RETVAL}reload(){ echo -n $"Reloading $prog: " killproc -p $NGINX_PID $NGINX_SBIN -HUP RETVAL=$? echo return $RETVAL}restart(){ stop start}configtest(){ $NGINX_SBIN -c $NGINX_CONF -t return 0}case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; configtest) configtest ;; *) echo $"Usage: $0 {start|stop|reload|restart|configtest}" RETVAL=1esacexit $RETVAL
[root@localhost ~]# chmod 755 /etc/init.d/nginx
[root@localhost ~]# chkconfig --add nginx
[root@localhost ~]# chkconfig nginx on
[root@localhost ~]# /etc/init.d/nginx start|stop|reload|restart|configtest 启动|停止|重新加载|重新启动|测试语法
nginx配置文件
[root@localhost ~]# > /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm application/xml;
include vhosts/*.conf;
}
nginx默认虚拟主机
[root@localhost ~]# mkdir /usr/local/nginx/conf/vhosts
[root@localhost ~]# mkdir /tmp/1233
[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/default.conf
server
{
listen 80 default_server;
server_name localhost;
index index.html index.htm index.php;
root /tmp/1233;
deny all;
}
nginx虚拟主机精简配置,location 模块内为解析php 功能
[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf
server
{
# 监听端口
listen 80;
# 域名
server_name www.myweb.com;
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
测试php文件
[root@localhost ~]# cat /usr/local/nginx/html/1.php
<?php
echo "php ok";
?>
查看nginx错误日志路径
[root@localhost ~]# cat /usr/local/nginx/conf/nginx.conf | grep error_log
error_log /usr/local/nginx/logs/nginx_error.log crit;
nginx日志格式,配置文件内的内容指定内容
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
combined_realip 格式名称
$remote_addr 源IP
$http_x_forwarded_for 代理IP
$time_local 时间
$host 主机名
$request_uri 访问的路径
$status 状态
$http_referer referrer
$http_user_agent user_agent
nginx用户认证
[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf
server
{
# 监听端口
listen 80;
# 域名
server_name www.myweb.com;
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
# 用户认证模块
location ~\.txt$
{
auth_basic "web auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
}
}
创建认证用户,htpasswd工具需要安装apache,第一次创建用户需要-c参数,以后都不再需要
[root@localhost ~]# /usr/local/apache2/bin/htpasswd -c /usr/local/nginx/conf/.htpasswd user1
nginx域名重定向
[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf
server
{
# 监听端口
listen 80;
# 域名
# 域名重定向开始,表示访问不是www.myweb.com的域名,自动跳转到www.myweb.com
server_name www.myweb.com www.test1.com www.test2.com www.test3.com;
if ($host != '
{
rewrite ^/(,*)$ http://www.myweb.com/$1 permanent;
}
# 域名重定向结束
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
不记录指定类型日志
[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf
server
{
# 监听端口
listen 80;
# 域名
server_name www.myweb.com;
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
# 不记录指定类型日志模块
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|txt)$
{
access_log off;
}
}
nginx日志切割脚本,把该脚本加入计划任务即可
[root@localhost ~]# vi nginx_mix_log.sh
#!/bin/bash
d=`date -d "-1 day" +%F`
[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log
mv /tmp/access.log /tmp/nginx_log/$d.log
/etc/init.d/nginx reload 2> /dev/null
cd /tmp/nginx_log/
gzip -f $d.log
nginx静态文件缓存
[root@localhost ~]#
server
{
# 监听端口
listen 80;
# 域名
server_name www.myweb.com;
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
# 静态缓存模块
location ~ .*\.(js|css|txt)
{
access_log off;
expires 2h;
}
}
测试,查看结果中的Cache-Control 项,7200秒为2小时,配置文件中配置缓存时间为2h 即2小时
[root@localhost ~]# curl -x127.0.0.1:80 'http://www.myweb.com/11.txt' -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 29 Dec 2015 15:59:18 GMT
Content-Type: text/plain
Content-Length: 7
Last-Modified: Tue, 29 Dec 2015 14:04:51 GMT
Connection: keep-alive
ETag: "56829303-7"
Expires: Tue, 29 Dec 2015 17:59:18 GMT
Cache-Control: max-age=7200
Accept-Ranges: bytes
nginx防盗链
[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf
server
{
# 监听端口
listen 80;
# 域名
server_name www.myweb.com;
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; }
# 防盗链模块,test.com 域名允许调用,即白名单
location ~ .*\.(jpg|gif|jpeg|png|bmp|swf|txt)$
{
valid_referers none blocked *.test.com;
if ($invalid_referer)
{
return 403;
}
}
}
测试,伪造访问源,访问结果为403,表示拒绝访问
[root@localhost ~]# curl -e "http://www.baidu.com/111" -I -x127.0.0.1:80 "http://www.myweb.com/1122.jpg"
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Tue, 29 Dec 2015 16:18:29 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
测试,伪造访问源为白名单中的test.com ,访问结果为200,表示访问正常
[root@localhost ~]# curl -e "http://www.test.com/111" -I -x127.0.0.1:80 "http://www.myweb.com/1122.jpg"
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 29 Dec 2015 16:20:53 GMT
Content-Type: p_w_picpath/jpeg
Content-Length: 2116
Last-Modified: Mon, 14 Dec 2015 09:08:58 GMT
Connection: keep-alive
ETag: "566e872a-844"
Accept-Ranges: bytes
访问控制,只允许192.168.10.0/24 网段访问1122.jpg
[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf
server
{
# 监听端口
listen 80;
# 域名
server_name www.myweb.com;
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
# 访问控制模块
location ~ .*1122\.jpg$ {
allow 192.168.10.0/24;
deny all;
}
}
测试,伪造访问源192.168.10.29 访问正常
[root@localhost ~]# curl -x192.168.10.29:80 "http://www.myweb.com/1122.jpg" -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 29 Dec 2015 16:28:28 GMT
Content-Type: p_w_picpath/jpeg
Content-Length: 2116
Last-Modified: Mon, 14 Dec 2015 09:08:58 GMT
Connection: keep-alive
ETag: "566e872a-844"
Accept-Ranges: bytes
测试,伪造访问源127.0.0.1 访问拒绝
[root@localhost ~]# curl -x127.0.0.1:80 "http://www.myweb.com/1122.jpg" -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Tue, 29 Dec 2015 16:28:29 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
禁止指定user_agent
[root@localhost ~]# cat /usr/local/nginx/conf/vhosts/myweb.conf
server
{
# 监听端口
listen 80;
# 域名
server_name www.myweb.com;
# 默认索引页
index index.html index.htm index.php;
# 默认网站根目录
root /usr/local/nginx/html;
# 日志
access_log /tmp/access.log combined_realip;
# location 模块行配置nginx 解析php
# 当访问的url里匹配到以.php 结尾时,执行location模块内代码
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/www1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
if ($http_user_agent ~ 'curl|baidu')
{
return 403;
}
}
测试,伪造源访问user_agent为curl,访问拒绝
[root@localhost ~]# curl -A "curl" -x127.0.0.1:80 "http://www.myweb.com" -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Tue, 29 Dec 2015 16:32:39 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
测试,伪造源访问user_agent为web,访问正常
[root@localhost ~]# curl -A "web" -x127.0.0.1:80 "http://www.myweb.com" -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 29 Dec 2015 16:32:59 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 29 Dec 2015 11:11:03 GMT
Connection: keep-alive
ETag: "56826a47-264"
Accept-Ranges: bytes