LNMP环境部署

2321321

一、内核参数修改
# Disable IPv6
echo "install ipv6/bin/true" >> /etc/modprobe.d/disable-ipv6.conf
echo "IPV6INIT=no">> /etc/sysconfig/network
chkconfig iptables off
chkconfig ip6tables off

# Disable SELinux
sed -i'/SELINUX/s/enforcing/disabled/' /etc/selinux/config

# Remove ifcfg-ethX DNS
sed -i '/DNS/d'/etc/sysconfig/network-scripts/ifcfg-eth*

# Vim
mv /bin/vi /bin/vi.default
ln -s /usr/bin/vim /bin/vi

# Limits
echo "* - nofile 524288">> /etc/security/limits.conf
sed -i 's/1024/102400/'/etc/security/limits.d/90-nproc.conf

# Libraries
echo"/usr/local/lib" >> /etc/ld.so.conf
echo"/usr/local/lib64" >> /etc/ld.so.conf

# SSH
sed -i 's/#Port 22/Port 3322/'/etc/ssh/sshd_config
sed -i 's/#ListenAddress0.0.0.0/ListenAddress 0.0.0.0/' /etc/ssh/sshd_config
sed -i 's/#PermitRootLoginyes/PermitRootLogin no/' /etc/ssh/sshd_config

# Sysctl
cat >>/etc/sysctl.conf<<EOF

# Swappiness
vm.swappiness = 10

# Local Port Range
net.ipv4.ip_local_port_range= 16384 61000
net.ipv4.ip_local_reserved_ports= 18071-18089,22121,22122,32121,32122,45671-45679

# Keepalive
net.ipv4.tcp_keepalive_time =3600
net.ipv4.tcp_keepalive_intvl= 60
net.ipv4.tcp_keepalive_probes= 3

# Disable Timestamps
net.ipv4.tcp_timestamps = 0

# Performance
net.core.somaxconn = 32768
net.core.netdev_max_backlog =32768
net.ipv4.tcp_max_syn_backlog= 65535
EOF

# Profile
cat >>/etc/profile<<EOF

# HisttimeFormat
HISTFILESIZE=2048
HISTSIZE=2048
HISTTIMEFORMAT="%Y-%m-%d%H:%M:%S "
export HISTTIMEFORMAT

# Editor
export EDITOR=vim
EOF

# Grep
echo "alias grep='grep--color=auto'">> /etc/bashrc

# Root crontab
cat>>/var/spool/cron/root <<EOF
# NTP
15 6 * * * /usr/sbin/ntpdate0.centos.pool.ntp.org > /dev/null 2>&1
30 6 * * * /usr/sbin/ntpdate1.centos.pool.ntp.org > /dev/null 2>&1
45 6 * * * /usr/sbin/ntpdate2.centos.pool.ntp.org > /dev/null 2>&1

# Synchronize time
50 6 * * * /sbin/hwclock -w> /dev/null 2>&1

# Monitor gmond
0 * * * * ( /etc/init.d/gmondstatus | grep running || /etc/init.d/gmond restart ) > /dev/null 2>&1

# Monitor ipfm
* * * * * ( ps aux | grep -vgrep | grep ipfm || /usr/local/ipfm/sbin/ipfm -c /usr/local/ipfm/etc/ipfm.conf) > /dev/null 2>&1
EOF

# Optimize DNS query
echo "options timeout:1attempts:1 rotate" >> /etc/resolv.conf

# Optimize fstab
sed -i '/home/ s/1 2/0 0/'/etc/fstab

# Set label for each patition
for dev in `df | grep/dev/sda | awk '{print $1}'`
do
        label=`df | grep $dev| awk '{print$NF}'`
        e2label $dev $label
done

# Add killps command
cat >>/usr/local/bin/killps << EOF
#!/bin/sh
USER=\$1
ps -ef |grep \$1 |grep -vgrep |grep -v \$0 >/tmp/\$USER.pslist
cut -c9-15 /tmp/\$USER.pslist>/tmp/\$USER.klist
cat /tmp/\$USER.pslist
for i in \`cat/tmp/\$USER.klist\`
do
kill -9 \$i
echo \$i Killed
done
rm /tmp/\$USER.pslist
rm /tmp/\$USER.klist
EOF
chmod +x/usr/local/bin/killps

二、安装前准备#用rpm卸载以下3个包，-e表示卸载，--nodeps表示忽略检查依赖性
rpm -e --nodeps mysql
rpm -e --nodeps php

#安装必须的环境
yum -y install wget autoconf automake bison bzip2 bzip2-devel curl curl-devel cmake cpp crontabs diffutils elinks e2fsprogs-devel expat-devel file flex freetype-devel gcc gcc-c++ gd glibc-devel glib2-devel gettext-devel gmp-devel icu kernel-devel libaio libtool-libs libjpeg-devel libpng-devel libxslt libxslt-devel libxml2 libxml2-devel libidn-devel libcap-devel libtool-ltdl-devel libc-client-devel libicu libicu-devel lynx make mlocate ncurses-devel openldap openldap-devel openssl openssl-devel patch pam-devel pcre pcre-devel perl-DBD-MySQL readline readline-devel sendmail unzip vim vim-minimal zip zlib zlib-devel gd-devel libmcrypt-devel libcurl-devel三、编译安装Nginxwget https://nginx.org/download/nginx-1.10.2.tar.gz
tar zxf nginx-1.10.2.tar.gz
cd nginx-1.10.2.tar.gz
--user=nginx \
--group=nginx \
--prefix=/home/nginx/nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_sub_module \
--with-http_gzip_static_module\
--with-http_stub_status_module
make && make install

四、编译安装Mysql Community Servertar zxf mysql-5.6.25.tar.gz
cd mysql-5.6.25
cmake \
-DCMAKE_INSTALL_PREFIX=/home/mysql/mysql\
-DMYSQL_UNIX_ADDR=/home/mysql/mysql/scripts/mysql.sock\
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci\
-DWITH_EXTRA_CHARSETS=all \
-DWITH_INNOBASE_STORAGE_ENGINE=1\
-DENABLED_LOCAL_INFILE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1\
-DWITH_FEDERATED_STORAGE_ENGINE=1\
-DWITH_BLACKHOLE_STORAGE_ENGINE=1\
-DWITH_MYISAM_STORAGE_ENGINE=1\
-DWITH_EMBEDDED_SERVER=1
make && make install
mkdir -p /home/mysql/data/{logs,mysqldata}
mkdir -p  /home/mysql/mysql/conf/
/home/mysql/mysql/scripts/mysql_install_db --basedir=/home/mysql/mysql--datadir=/home/ftas/data/mysqldata/ --user=mysql

创建my.cnf配置文件：
cat>/home/mysql/mysql/conf/my.cnf << EOF
[client]
character-set-server = utf8
port    =3306
socket  = /home/mysql/mysql/scripts/mysql.sock

[mysqld]
character-set-server = utf8
replicate-ignore-db = mysql
replicate-ignore-db = test
replicate-ignore-db =information_schema
user    = mysql
port    = 3306
socket  = /home/mysql/mysql/scripts/mysql.sock
basedir = /home/mysql/mysql
datadir = /home/mysql/data/mysqldata/
log-error = /home/mysql/data/logs/mysql_error.log
pid-file = /home/mysql/mysql/scripts/mysql.pid
open_files_limit    = 10240
back_log = 600
max_connections = 5000
max_connect_errors = 6000
external-locking = FALSE
max_allowed_packet = 32M
sort_buffer_size = 1M
join_buffer_size = 1M
thread_cache_size = 300
query_cache_size = 512M
query_cache_limit = 2M
query_cache_min_res_unit = 2k
default-storage-engine =MyISAM
thread_stack = 192K
transaction_isolation =READ-COMMITTED
tmp_table_size = 246M
max_heap_table_size = 246M
long_query_time = 3
log-slave-updates
log-bin = /home/mysql/data/logs/binlog
binlog_cache_size = 4M
binlog_format = MIXED
max_binlog_cache_size = 8M
max_binlog_size = 1G
relay-log-index = /home/mysql/data/logs/relaylog
relay-log-info-file = /home/mysql/data/logs/relaylog
relay-log = /home/mysql/data/logs/relaylog
expire_logs_days = 30
key_buffer_size = 256M
read_buffer_size = 1M
read_rnd_buffer_size = 16M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size =128M
myisam_max_sort_file_size =10G
myisam_repair_threads = 1
myisam_recover

explicit_defaults_for_timestamp=true
interactive_timeout = 120
wait_timeout = 120

skip-name-resolve


[mysqldump]
quick
max_allowed_packet = 32M
EOF

创建管理MySQL数据库的shell脚本：
cat>/home/mysql/mysql/scripts/mysql << EOF
#!/bin/sh

mysql_port=3306
mysql_username="admysql"
mysql_password="12345678"

function_start_mysql(){
    printf "Starting MySQL...\n"
    /bin/sh /home/mysql/mysql/bin/mysqld_safe --defaults-file=/home/mysql/mysql/conf/my.cnf2>&1 > /dev/null &
}

function_stop_mysql(){
    printf "Stoping MySQL...\n"
    /home/mysql/mysql/bin/mysqladmin -u${mysql_username} -p${mysql_password} -S /home/mysql/mysql/mysql.sock shutdown
}

function_restart_mysql(){
    printf "Restarting MySQL...\n"
    function_stop_mysql
    sleep 5
    function_start_mysql
}

function_kill_mysql(){
    kill -9 $(ps x |grep 'bin/mysqld_safe'|grep-v grep|awk '{print $1}')
    kill -9 $(ps x|grep 'bin/mysqld'|grep3306|grep -v grep|awk '{print $1}')
}

if [ "$1" ="start" ]; then
    function_start_mysql
elif [ "$1" ="stop" ]; then
    function_stop_mysql
elif [ "$1" ="restart" ]; then
function_restart_mysql
elif [ "$1" ="kill" ]; then
function_kill_mysql
else
    printf "Usage: /home/mysql/mysql/scripts/mysql{start|stop|restart|kill}\n"
fi
EOF
/home/msql/mysql/scripts/mysqlstart
/home/mysql/mysql/bin/mysql-u root -p -S /home/mysql/mysql/scripts/mysql.sock
GRANTALL PRIVILEGES ON *.* TO admysql@'%' IDENTIFIED BY '12345678';
flushprivileges;
五、编译安装PHP1、安装libiconv（iconv模块）
wget http://ftp.gnu.org/gnu/libiconv/libiconv-1.14.tar.gz
tar -zxf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure--prefix=/usr/local/libiconv
make && make install
2、安装libmcrypt、mhash、mcrypt(mcrypt模块)
mcrypt模块使PHP可以使用除了自带的几种加密函数外功能更全面的mhash和mcrypt。该模块在默认情况下不开启，所以Linux的PHP自身也不打包该库，需要自行到官方网站下载代码进行编译安装。
libmcrypt
wget http://sourceforge.net/projects/ ... mcrypt-2.5.8.tar.gz
tar zxflibmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make && make install
ldconfig
cd libltdl/
./configure--enable-ltdl-install
make && make install
mhash\mcrypt
wget http://downloads.sourceforge.net ... hash-0.9.9.9.tar.gz
wget http://sourceforge.net/projects/ ... mcrypt-2.6.8.tar.gz
tar -zxf mhash-0.9.9.9.tar.gz
tar -zxf mcrypt-2.6.8.tar.gz
cd mhash-0.9.9.9 &&./configure
make && make install
ldconfig
cd ../mcrypt-2.6.8 &&./configure
make && make install   
3、安装PHP5.5
Mysql我们将使用PHP的Mysqlnd驱动，所以关于Mysql的编译选项都设置为mysqlnd。

注：若您的内存低于1G，请加上–disable-fileinfo，不然编译报错，或者增加Swap分区，教程见《Linux手动创建Swap交换分区》。若在make时出现not find liconv的报错，请去除make后面的 ZEND_EXTRA_LIBS=’-liconv’。
wget http://cn2.php.net/distributions/php-5.6.29.tar.gz
cp -frp /usr/lib64/libldap*/usr/lib  #这里对64位系统拷贝文件，为了支持ldap
ln -s/usr/lib64/libc-client.so /usr/lib/libc-client.so #为了支持imap链接lib64的文件到lib
tar -zxf php-5.6.29.tar.gz
cd php-5.6.29
./configure \
--prefix=/home/php/php \
--with-config-file-path=/home/php/php/etc\
--with-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-iconv-dir=/usr/local/libiconv\
--with-libxml-dir=/usr \
--with-icu-dir=/usr \
--with-mhash \
--with-bz2 \
--with-curl \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-gd \
--with-gettext \
--with-gmp \
--with-ldap \
--with-ldap-sasl \
--with-mcrypt \
--with-openssl \
--with-xmlrpc \
--with-xsl \
--with-zlib \
--with-imap \
--with-imap-ssl \
--with-kerberos \
--without-pear \
--enable-opcache \
--enable-bcmath \
--enable-calendar \
--enable-sysvsem \
--enable-exif \
--enable-ftp \
--enable-fpm \
--enable-gd-native-ttf \
--enable-intl \
--enable-mbstring \
--enable-pcntl \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-wddx \
--enable-zip
makeZEND_EXTRA_LIBS='-liconv'
make install
#若内存低于1G，请把 --enable-zip改为 --enable-zip --disable-fileinfo ，也就是加上 --disable-fileinfo 这项配置
#若编译出现有关于liconv的报错，请去掉make 后面的ZEND_EXTRA_LIBS='-liconv'
mkdir -p /home/ftas/data/phplog
cp php.ini-production /home/ftas/php/etc/php.ini
ln -s /usr/local/php/bin/php/usr/bin/php
chown -R ftas:ftas /home/ftas/php
sed -i 's@^short_open_tag = Off@short_open_tag= On@' /home/ftas/php/etc/php.ini
sed -i's@^disable_functions.*@disable_functions =passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,pfsockopen@'/home/ftas/php/etc/php.ini
sed -i 's@^expose_php =On@expose_php = Off@' /home/ftas/php/etc/php.ini
sed -i's@^allow_url_fopen.*@allow_url_fopen = Off@' /home/ftas/php/etc/php.ini
sed -i's@^max_execution_time.*@max_execution_time = 300@' /home/ftas/php/etc/php.ini
sed -i's@^;upload_tmp_dir.*@upload_tmp_dir = /tmp@' /home/ftas/php/etc/php.ini
sed -i's@^post_max_size.*@post_max_size = 50M@' /home/ftas/php/etc/php.ini
sed -i "s@extension_dir= \"ext\"@extension_dir = \"ext\"\nextension_dir =\"/usr/local/php/lib/php/extensions/`ls/home/ftas/php/lib/php/extensions/`\"@" /home/ftas/php/etc/php.ini
sed -i's@^upload_max_filesize.*@upload_max_filesize = 2M@' /home/ftas/php/etc/php.ini
sed -i's@^;date.timezone.*@date.timezone = Asia/Shanghai@' /home/ftas/php/etc/php.ini
sed -i's@^session.cookie_httponly.*@session.cookie_httponly = 1@'/home/ftas/php/etc/php.ini
sed -i's@^request_order.*@request_order = "CGP"@'/home/ftas/php/etc/php.ini
#以上配置了php.ini部分

sed -i 's@^\[opcache\]@[opcache]\nzend_extension=opcache.so@'/home/ftas/php/etc/php.ini
sed -i's@^;opcache.enable=.*@opcache.enable=1@' /home/ftas/php/etc/php.ini
sed -i's@^;opcache.enable_cli.*@opcache.enable_cli=1@' /home/ftas/php/etc/php.ini
sed -i 's@^;opcache.memory_consumption.*@opcache.memory_consumption=128@'/home/ftas/php/etc/php.ini
sed -i's@^;opcache.interned_strings_buffer.*@opcache.interned_strings_buffer=8@'/home/ftas/php/etc/php.ini
sed -i's@^;opcache.max_accelerated_files.*@opcache.max_accelerated_files=4000@'/home/ftas/php/etc/php.ini
sed -i's@^;opcache.max_wasted_percentage.*@opcache.max_wasted_percentage=5@'/home/ftas/php/etc/php.ini
sed -i's@^;opcache.validate_timestamps.*@opcache.validate_timestamps=1@'/home/ftas/php/etc/php.ini
sed -i's@^;opcache.revalidate_freq.*@opcache.revalidate_freq=60@'/home/ftas/php/etc/php.ini
sed -i's@^;opcache.fast_shutdown.*@opcache.fast_shutdown=1@'/home/ftas/php/etc/php.ini
#以上配置了php.ini的OPCache部分

cd /home/ftas/php/etc
cp php-fpm.conf.default php-fpm.conf
修改如下配置：
[global]
pid = sbin/php-fpm.pid
error_log = //home/ftas/data/phplog/php-fpm.log
log_level = notice
emergency_restart_threshold =10
emergency_restart_interval =1m
process_control_timeout = 5s
daemonize = yes

[www]
user = ftas
group = ftas
listen = 127.0.0.1:9000
listen.mode = 0666
pm = dynamic
pm.max_children = 64
pm.start_servers = 15
pm.min_spare_servers = 5
pm.max_spare_servers = 25
pm.max_requests = 1024
slowlog = logs/slow.log
rlimit_files = 65535
rlimit_core = 0
catch_workers_output = yes
php_admin_value[sendmail_path]= /usr/sbin/sendmail -t -i


cat >/home/cztuser/crontab/moni_mysql.sh <<EOF
#!/bin/bash

source ~/.bash_profile

process=`ps x|grep'bin/mysqld_safe'|grep -v grep|wc -l`
monilog="/home/mysql/crontab/log/moni_mysql.log"

if [ $process -eq 0 ];then
        /home/mysql/mysql/scripts/mysqlkill  >/dev/null 2>&1
        sleep 0.5
        /home/mysql/mysql/scripts/mysqlstart  >/dev/null 2>&1
        if [ $? -eq 0 ];then
                echo `date "+%Y-%m-%d%H:%M:%S"` [SUCC]  Starting Mysql...>>$monilog
        else
                echo `date "+%Y-%m-%d%H:%M:%S"` [FAILE] Starting Mysql... >>$monilog
        exit 1
        fi
fi
EOF