Ubuntu Linux 10.04 装配及配置Nginx+PHP FPM
日期:2014-05-16 浏览次数:20723 次
Ubuntu Linux 10.04 安装及配置Nginx+PHP FPM
#!/bin/bash
##########################################
# Install app server env.
# Prepare:Ubuntu 10.04 Linux server configed ssh,LVS Real Server and mysql slave.
##########################################
[ `whoami` != "root" ] && echo "Not root." && exit 1;
export EDITOR=vim;
if ! grep "export EDITOR=vim" /etc/profile >/dev/null;
then
echo "export EDITOR=vim;" >> /etc/profile;
fi;
#app server domain
DOMAIN='app.example.net';
#statics files server domain
S_DOMAIN='statics.app.example.net';
#Linux内核参数优化
sysctl -w net.ipv4.tcp_syncookies=1 #表示开启SYN
Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭
sysctl -w net.ipv4.tcp_tw_reuse=1 #表示开启重用。允许将TIME-WAIT
sockets重新用于新的TCP连接,默认为0,表示关闭
sysctl -w net.ipv4.tcp_tw_recycle=1 # 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭
sysctl -w net.ipv4.tcp_fin_timeout=30 #表示如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间
sysctl -w net.ipv4.tcp_max_tw_buckets=6000 #系统同时保持TIME_WAIT套接字的最大数量
sysctl -w net.core.somaxconn=262144
#表示系统同时保持TIME_WAIT套接字的最大数量,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。默认为180000,改为5000。对于Apache、Nginx等服务器,上几行的参数可以很好地减少TIME_WAIT套接字数量,但是对于Squid,效果却不大。此项参数可以控制TIME_WAIT套接字的最大数量,避免Squid服务器被大量的TIME_WAIT套接字拖死。
sysctl -w net.ipv4.tcp_keepalive_time = 1200
#表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省是2小时,改为20分钟。
sysctl -w net.ipv4.ip_local_port_range = 1024 65000
#表示用于向外连接的端口范围。缺省情况下很小:32768到61000,改为1024到65000。
sysctl -w net.ipv4.tcp_max_syn_backlog = 8192
#表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数。
sysctl > /etc/sysctl.conf;
( #Start
#Install production server
(
apt-get -y --force-yes install curl;#安装curl
apt-get -y --force-yes install python-software-properties;
add-apt-repository ppa:brianmercer/php;#Ubuntu 10.04 需要添加PHP FPM的PPA源
apt-get update;
apt-get -y --force-yes install nginx;
apt-get -y --force-yes install memcached;
apt-get -y --force-yes install mercurial;
apt-get -y --force-yes install php5-cgi php5-fpm php-apc php5-mysql php5-gd php5-mcrypt php5-memcache;
) > /dev/null;
#fix "#" comment
echo 'extension=mcrypt.so' > /etc/php5/fpm/conf.d/mcrypt.ini;
#Deploy app
cd /var/www;
rm -rf app;
hg clone https://repo.app@repo.dev.example.net/hg/app/;
#Config nginx
#我们服务器有16核,所以...
echo '
user www-data;
worker_processes 16;
worker_cpu_affinity 1000000000000000 0100000000000000 0010000000000000 0001000000000000 0000100000000000 0000010000000000 0000001000000000 0000000100000000 0000000010000000 0000000001000000 0000000000100000 0000000000010000 0000000000001000 0000000000000100 0000000000000010 0000000000000001;
worker_rlimit_nofile 65536;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 131072;
}
http {
client_header_buffer_size 4K;
open_file_cache max=65536 inactive=20s;
open_file_cache_min_uses 3;
open_file_cache_valid 30s;
access_log off;
include /etc/nginx/mime.types;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_buffers 16 64k;
gzip_min_length 1k;
gzip_comp_level 6;
gzip_vary on;
gzip_types text/plain text/javascript text/css application/x-javascript text/xml application/xml application/xml+rss;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
' > /etc/nginx/nginx.conf;
#enable nginx-status
echo "
server {
listen 80 default;
server_name localhost;
access_log off;
location / {
root /var/www/nginx-default;
index index.html index.htm;
}
location = /favicon.ico {
log_not_found off;
}
location /nginx-status {
stub_status on;
allow 127.0.0.1;
deny all;
}
}" > /etc/nginx/sites-enabled/default;
echo '
server {
listen 80;
server_name '$DOMAIN';
keepalive_timeout 0;
access_log off;
log_not_found off;
error_log /var/log/nginx/a
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
