本帖最后由 老谁家的小谁 于 2012-2-22 17:10 编辑
一、系统约定 软件源代码包存放位置
| /usr/local/src
| 源码包编译安装位置(prefix)
| /usr/local/Comsenz/software_name
| 脚本以及维护程序存放位置
| /usr/local/Comsenz/sbin
| MySQL 数据库位置
| /data/mysql(可按情况设置)
| Apache 网站根目录
| /data/wwwroot(可按情况设置)
| Apache 虚拟主机日志根目录
| /data/wwwroot/logs(可按情况设置)
| Apache 运行账户
| www:www
|
二、系统环境初始化
1. 检查系统是否正常 - more /var/log/messages(检查有无系统级错误信息)
- dmesg (检查硬件设备是否有错误信息)
- cat /proc/cpuinfo (检查CPU频率是否正常)
- top (按1检测CPU核数是否正常,内存大小是否正常)
- ifconfig(检查网卡设置是否正确)
- ping www.163.com(检查网络是否正常)
复制代码
2. 关闭不需要的服务
以下仅列出需要启动的服务,未列出的服务一律推荐关闭: - atd
- crond
- irqbalance
- microcode_ctl
- network
- sendmail
- sshd
- syslog
复制代码关闭SElinux:修改/etc/selinux/config文件中的SELINUX= 为 disabled
3.更换快速源 - mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.old
- cd /etc/yum.repos.d/
- wget http://c.sihost.net/CentOS-Base-sohu.repo
- mv CentOS-Base-sohu.repo CentOS-Base.repo
- yum clean
- yum -y update
- lsb_release -a
- yum -y erase mysql
- yum -y erase php
- yum -y erase httpd
复制代码4. 使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称) - yum -y install ntp make openssl openssl-devel pcre pcre-devel libpng libpng-devel libtiff-devel libjpeg-6b libjpeg-devel-6b freetype freetype-devel gd gd-devel fontconfig-devel zlib zlib-devel libevent-devel gcc gcc-c++ flex bison bzip2-devel libXpm libXpm-devel ncurses ncurses-devel libmcrypt libmcrypt-devel libxml2 libxml2-devel imake autoconf automake screen sysstat compat-libstdc++-33 curl curl-devel
复制代码
5. 定时校正服务器时钟,定时与中国国家授时中心授时服务器同步 加入一行: - */30 * * * * ntpdate 210.72.145.44 > /dev/null 2>&1
复制代码
6.下载程序包
请到各程序官方网站下载最新的稳定版本存放到/usr/local/src/目录
Apache
推荐稳定版 2.2.21 PHP
推荐稳定版5.2.17 Mysql
推荐稳定版5.5.20
文中的配置文件和脚本限于篇幅,请到以下地址下载(仅支持linux下使用wget下载)
Apache控制脚本 Apache配置文件 以上列出的程序最新推荐版下载列表 http://c.sihost.net/lamp_tools.list
在 /usr/local/src目录下执行 wget http://c.sihost.net/lamp_tools.list
wget -i lamp_tools.list
7. 创建web运行用户
groupadd www useradd -g www www mkdir -p /data/wwwroot chmod +w /data/wwwroot chown www:www /data/wwwroot -R
8. 重新启动 三、编译安装环境
1. 安装MySQL - cd /usr/local/src
- tar zxvf cmake-2.8.5.tar.gz
- cd cmake-2.8.5/
- ./configure
- gmake &&gmake install
- groupadd mysql
- useradd -g mysql mysql
- mkdir -p /data/mysql
- chown -R mysql:mysql /data/mysql
- cd /usr/local/src
- tar zxvf mysql-5.5.20.tar.gz
- cd mysql-5.5.20
- cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/Comsenz/mysql -DMYSQL_DATADIR=/data/mysql -DSYSCONFDIR=/usr/local/Comsenz/etc/ -DWITH_BLACKHOLE_STORAGE_ENGINE=1
- make && make install
- cd /usr/local/Comsenz/mysql
- ./scripts/mysql_install_db --user=mysql
- cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld
- chmod 755 /etc/rc.d/init.d/mysqld
- chkconfig --add mysqld
- chkconfig --level 3 mysqld on
复制代码编辑/etc/rc.d/init.d/mysqld 找到 改成- basedir=/usr/local/Comsenz/mysql
- datadir=/data/mysql
复制代码 然后- mkdir -p /usr/local/Comsenz/etc
- cp ./support-files/my-huge.cnf /usr/local/Comsenz/etc/my.cnf
复制代码 编辑/usr/local/Comsenz/etc/my.cnf
在 [mysqld] 段增加 - datadir = /data/mysql
- wait-timeout = 10
- max_connections = 512
- max_connect_errors = 10000000
- local-infile=0
复制代码在 [mysqld] 段修改 - max_allowed_packet = 16M
- thread_cache_size = CPU个数*2
复制代码将 log-bin 注释 - mv /usr/local/Comsenz/mysql/data/* /data/mysql
- service mysqld start
- bin/mysqladmin -u root password 'admin999'
复制代码其中admin999是要设置的root密码
2.编译安装Apache - cd /usr/local/src/
- tar zxvf httpd-2.2.21.tar.gz
- cd httpd-2.2.21
- ./configure --prefix=/usr/local/Comsenz/apache --enable-module=rewrite --disable-access --disable-auth --disable-charset-lite --disable-include --disable-log-config --disable-env --disable-setenvif --disable-mime --disable-status --disable-autoindex --disable-asis --disable-cgid --disable-cgi --disable-negotiation --disable-dir --disable-actions --disable-userdir --disable-alias --enable-so --enable-mods-shared='access auth auth_anon auth_dbm auth_digest dav dav_fs actions alias asis autoindex cache cern_meta cgi charset_lite deflate dir disk_cache env expires file_cache headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias'
- make && make install
- cd /usr/local/src/
- mv /usr/local/Comsenz/apache/conf/httpd.conf /usr/local/Comsenz/apache/conf/httpd.conf.old
- cp -f /usr/local/src/httpd.conf /usr/local/Comsenz/apache/conf/httpd.conf
- cp -f /usr/local/src/httpd /etc/init.d/httpd
- chmod 755 /etc/init.d/httpd
- chkconfig --add httpd
- chkconfig httpd on
复制代码
3. 编译安装PHP 所需的支持库 - tar zxvf libiconv-1.14.tar.gz
- cd libiconv-1.14/
- ./configure --prefix=/usr/local
- make && make install
- cd /usr/local/src/
- tar zxvf libmcrypt-2.5.8.tar.gz
- cd libmcrypt-2.5.8
- ./configure
- make && make install
- /sbin/ldconfig
- cd libltdl/
- ./configure --enable-ltdl-install
- make && make install
- cd /usr/local/src/
- tar zxvf mhash-0.9.9.9.tar.gz
- cd mhash-0.9.9.9/
- ./configure
- make && make install
- cd /usr/local/src/
- 64bit系统执行下面的:
- ln -s /usr/local/lib/libmcrypt.la /usr/lib64/libmcrypt.la
- ln -s /usr/local/lib/libmcrypt.so /usr/lib64/libmcrypt.so
- ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib64/libmcrypt.so.4
- ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib64/libmcrypt.so.4.4.8
- ln -s /usr/local/lib/libmhash.a /usr/lib64/libmhash.a
- ln -s /usr/local/lib/libmhash.la /usr/lib64/libmhash.la
- ln -s /usr/local/lib/libmhash.so /usr/lib64/libmhash.so
- ln -s /usr/local/lib/libmhash.so.2 /usr/lib64/libmhash.so.2
- ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib64/libmhash.so.2.0.1
- ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
- ln -s /usr/local/lib/libiconv.so.2 /usr/lib64/libiconv.so.2
- 32bit系统执行下面的:
- ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
- ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
- ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
- ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
- ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
- ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
- ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
- ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
- ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
- ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
- ln -s /usr/local/lib/libiconv.so.2 /usr/lib/libiconv.so.2
- tar zxvf mcrypt-2.6.8.tar.gz
- cd mcrypt-2.6.8
- /sbin/ldconfig
- ./configure
- make && make install
复制代码4. 编译安装PHP - cd /usr/local/src
- tar zxvf php-5.2.17.tar.gz
- cd php-5.2.17
- ./configure --prefix=/usr/local/Comsenz/php5 --with-config-file-path=/usr/local/Comsenz/etc --enable-mbstring --enable-ftp --with-gd --with-jpeg-dir=/usr --with-png-dir=/usr --enable-magic-quotes --with-mysql=/usr/local/Comsenz/mysql --with-pear --enable-sockets --with-ttf --with-freetype-dir=/usr --enable-gd-native-ttf --with-zlib --enable-sysvsem --enable-exif --enable-sysvshm --with-libxml-dir=/usr --with-apxs2=/usr/local/Comsenz/apache/bin/apxs --with-iconv=/usr/local/libiconv --with-iconv-dir=/usr/local --with-xmlrpc --enable-xml --enable-shmop --enable-zip --with-mhash --with-mcrypt --enable-discard-path --enable-bcmath --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --with-openssl
- make &&make install
- ./libtool --finish /usr/local/src/php-5.2.17/libs
- cp php.ini-dist /usr/local/Comsenz/etc/php.ini
- echo 'ulimit -SHn 65535' >> /etc/rc.local
复制代码5. 安装PHP扩展模块(需要此功能的Discuz! X用户选装) APC - cd /usr/local/src
- tar zxvf APC-3.1.9.tgz
- cd APC-3.1.9
- /usr/local/Comsenz/php5/bin/phpize
- ./configure --enable-apc --enable-mmap --enable-apc-spinlocks --disable-apc-pthreadmutex --with-php-config=/usr/local/Comsenz/php5/bin/php-config
- make &&make install
复制代码编辑/usr/local/Comsenz/etc/php.ini 查找 在下面一行添加- extension_dir = "/usr/local/Comsenz/php5/lib/php/extensions/no-debug-non-zts-20060613/"
- extension="apc.so"
- apc.enabled = 1
- apc.shm_size = 64M
- apc.stat = 1
复制代码 保存
6. 查看确认L.A.M.P环境信息、提升 PHP 安全性
保存以下内容为info.php到/data/www/,检查phpinfo中的各项信息是否正确。
<? phpinfo(); ?>
确认 PHP 能够正常工作后,编辑/usr/local/Comsenz/etc/php.ini进行设置提升PHP安全性。 查找 修改成 - disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen
复制代码然后
严格按照如上步骤操作,菜鸟也不会有太大问题,如有不解,跟帖提问,随时欢迎高手指正,把此教程做成菜鸟能看懂,复制粘贴搞出来的环境能正常运行的好教程。
|