要把公司的apache 换为 tengine(淘宝优化后的nginx),用几天的时间,写了一个详细的文档,共享给大家,
转载请注明出处: blog.mreald.com or www.mreald.com
1.节点初始化
yum -y install nfs-utils portmap rpcbind vim crontab chkconfig \ initscripts gcc-c++ libstdc++-devel zlib zlib-devel glib glib-devel \ libxml2 libxml2-devel make bzip2-devel pcre pcre-devel libjpeg libjpeg-devel \ libpng libpng-devel freetype freetype-devel gmp gmp-devel unixODBC \ unixODBC-devel gcc g++ make autoconf automake libxml2 libxml2-devel vsftpd \ pcre pcre-devel iptraf aspell aspell-devel screen hwinfo hdparm varnishd memcached
2.安装需要的包
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel \ freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel \ glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs \ e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap \ openldap-devel nss_ldap openldap-clients openldap-servers pcre-devel libxslt \ libxslt-devel libtool-ltdl libtool-ltdl-devel
3.安装Tengine
wget http://tengine.taobao.org/download/tengine-1.5.1.tar.gz tar xzf tengine*.tar.gz cd tengine-* ./configure --prefix=/usr/local/nginx --with-http_concat_module \ --with-http_addition_module --with-http_dav_module \ --with-http_gzip_static_module --with-http_image_filter_module \ --with-http_realip_module --with-http_stub_status_module \ --with-http_ssl_module --with-http_sub_module --with-ipv6 \ --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl \ --with-mail --with-mail_ssl_module make && make install
4.配置Tengine
vim /usr/local/nginx/conf/nginx.conf
user apache apache;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
error_log logs/error.log crit;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
#dso {
#load ngx_http_upstream_session_sticky_module.so;
#}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
#fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#fastcgi_cache TEST;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_uses 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
large_client_header_buffers 4 4k;
server_names_hash_bucket_size 128;
client_max_body_size 8m;
client_header_buffer_size 4k;
open_file_cache max=65535 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
server {
listen 80;
server_name 192.168.0.178;
#server_name www.mreald.com www.www.mreald.com;
root /disk1/www.mreald.com/;
location / {
index index.php index.html index.htm;
if (!-f $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
}
}
location ~ \.php($|/) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443;
server_name 192.168.0.178;
#server_name www.mreald.com www.www.mreald.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;
root /disk1/www.mreald.com/;
location / {
index index.php index.html index.htm;
if (!-f $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
}
}
location ~ \.php($|/) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
5 编译安装php
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz/download tar xzf libmcrypt-2.5.8.tar.gz cd libmcrypt-* ./configure make && make install yum install mysql mysql-server cp -rp /usr/lib64/mysql/libmysqlclient.so.16.0.0 /usr/lib/libmysqlclient.so
wget http://cn2.php.net/get/php-5.3.25.tar.gz/from/us1.php.net/mirror tar xzf php-5*.tar.gz cd php-5* ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-iconv \ --with-zlib --enable-xml --disable-rpath --enable-safe-mode --enable-bcmath --enable-shmop \ --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex \ --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl \ --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-mysql --with-mysqli \ --enable-sqlite-utf8 --with-pdo-mysql --enable-ftp --with-jpeg-dir --with-freetype-dir --with-png-dir \ --enable-fpm --with-fpm-user=apache --with-fpm-group=apache --enable-pcntl \ --with-config-file-scan-dir=/usr/local/php/etc/ --enable-exif --with-gettext --disable-wddx \ --with-xsl make -j7 && make install
vim /usr/local/php/etc/php-fpm.conf
[global]
[www]
user = apache
group = apache
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 200
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
rlimit_files = 65535
#启动fpm进程(/usr/local/php/etc/php.ini)---session.save_path /var/lib/php/nginx-session #chown cp /etc/php.ini.rpmsave /etc/php.ini cp /etc/php-fpm.d/www.conf.rpmsave /etc/php-fpm.d/www.conf /usr/local/php/sbin/php-fpm -c /etc/php.ini
6.重启php-fpm nginx
kill -USR2 `cat /usr/local/php/var/run/php-fpm.pid`
ps aux|grep fpm|awk '{print $2}'|xargs kill
ps aux|grep nginx|awk '{print $2}'|xargs kill;/usr/local/nginx/sbin/nginx
/usr/local/php/sbin/php-fpm -c /etc/php.ini
ps aux|grep process|awk '{print $2}'|xargs kill;/usr/local/nginx/sbin/nginx;
ps aux|grep fpm|awk '{print $2}'|xargs kill;
/usr/local/php/sbin/php-fpm -c /usr/local/php/etc/php.ini7.设置打开最大文件数
ulimit
vim /etc/rc.local
ulimit -SHn 65535
vim /etc/profile
ulimit -SHn 65535
source /etc/profile
vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
/usr/local/nginx/sbin/nginx -s reload
ulimit -a /-n
8.内核参数优化:
vim /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
sysctl -p
9.写一个启动脚本:
vim /etc/init.d/nginx
#!/bin/sh
#
# nginx - this script start and stop the nginx daemon
#
# chkconfig: 2345 55 25
# description: Startup script for nginx
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /var/run/nginx.pid
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/nginx/sbin/nginx
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/var/run/nginx.pid
SCRIPTNAME=/etc/init.d/nginx
LOCKFILE=/var/lock/nginx.lock
set -e
[ -x "$DAEMON" ] || exit 0
start() {
echo "Startting Nginx......"
[ -x $DAEMON ] || exit 5
[ -f $CONFIGFILE ] || exit 6
$DAEMON -c $CONFIGFILE || echo -n "Nginx already running!"
[ $? -eq 0 ] && touch $LOCKFILE
}
stop() {
echo "Stopping Nginx......"
MPID=`ps aux | grep nginx | awk '/master/{print $2}'`
if [ "${MPID}X" != "X" ]; then
kill -QUIT $MPID
[ $? -eq 0 ] && rm -f $LOCKFILE
else
echo "Nginx server is not running!"
fi
}
reload() {
echo "Reloading Nginx......"
MPID=`ps aux | grep nginx | awk '/master/{print $2}'`
if [ "${MPID}X" != "X" ]; then
kill -HUP $MPID
else
echo "Nginx can't reload!"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
sleep 1
start
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|reload|restart}"
exit 3
;;
esac
exit 0
chmod +x /etc/init.d/nginx chkconfig --add nginx service nginx start