Nginx ("engine x") 是一个高性能的 HTTP 和反向代理服务器,也是一个 IMAP/POP3/SMTP 代理服务器。 Nginx 是由 Igor Sysoev 为俄罗斯访问量第二的 Rambler.ru 站点开发的,Igor 将源代码以类BSD许可证的形式发布。
在高并发连接的情况下,Nginx是Apache服务器不错的替代品。Nginx同时也可以作为7层负载均衡服务器来使用。在Nginx在性能方面,在网上有很多的介绍文章,在这里就不重复介绍了。
安装步骤:
(系统要求:Linux 3.0+ 内核,本文中的Linux操作系统为CentOS 7.0)
一、获取相关开源程序:
1、【适用CentOS操作系统】利用CentOS Linux系统自带的yum命令安装、升级所需的程序库(RedHat等其他Linux发行版可从安装光盘中找到这些程序库的RPM包,进行安装):
sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers cmake zip libtool-ltdl libtool-ltdl-devel psmisc
2、【适用CentOS、RedHat及其它Linux操作系统】下载程序源码包:
从软件的官方网站或镜像站下载:
libiconv-1.13.tar.gz http://ftp.gnu.org/pub/gnu/libiconv/
libmcrypt-2.5.8.tar.gz https://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/
mhash-0.9.9.9.tar.gz https://sourceforge.net/projects/mhash/files/
mcrypt-2.6.4.tar.gz https://sourceforge.net/projects/mcrypt/files/MCrypt/
mariadb-10.1.18.tar.gz https://mariadb.org/download/
php-7.0.12.tar.gz http://php.net/downloads.php
libmemcached-1.0.18.tar.gz https://launchpad.net/libmemcached/+download
php-memcached https://github.com/php-memcached-dev/php-memcached.git
phpredis https://github.com/phpredis/phpredis.git
imagick-3.4.3RC1.tgz http://pecl.php.net/package/imagick
zlib-1.2.8.tar.gz http://www.zlib.net/
pcre-8.37.tar.gz https://sourceforge.net/projects/pcre/files/pcre/
tengine-2.1.0.tar.gz http://tengine.taobao.org
大部份程序下载地址都在国外,下载可能比较慢,也可以去百度云盘下载
http://pan.baidu.com/s/1slm0FZR
二、安装PHP 7.0.12(FastCGI模式)
1、编译安装PHP 7.0.12所需的支持库:
tar zxvf libiconv-1.13.tar.gz
cd libiconv-1.13/
./configure --prefix=/usr/local
make
make install
cd ../
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../
三、编译安装mariadb(mariadb介绍请访问http://baike.baidu.com/item/mariaDB)
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql -s /sbin/nologin mysql
tar zxvf mariadb-10.1.18.tar.gz
cd mariadb-10.1.18/
cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data/mysql/data -DWITH_INNOBASE_STORAGE_ENGINE=1 -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLE_DEBUG_SYNC=1 -DENABLED_LOCAL_INFILE=1 -DENABLED_PROFILING=1 -DWITH_EMBEDDED_SERVER=1 -DWITH_EXTRA_CHARSETS=all -DWITH_LIBWRAP=1 -DWITH_READLINE=1 -DWITH_SSL=yes
make && make install
ln -s /usr/local/mysql/include/* /usr/local/include/
ln -s /usr/local/mysql/lib/libmysqlclient.so.16 /usr/lib64/
chmod +w /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql
①、创建MySQL数据库存放目录
mkdir -p /data/mysql/data
mkdir -p /data/mysql/binlog/binlog
chmod +w /data/mysql
chown -R mysql:mysql /data/mysql
②、以mysql用户帐号的身份建立数据表:
/usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/data/mysql/data --user=mysql
③、创建my.cnf配置文件:
cp support-files/my-medium.cnf /data/mysql/my.cnf
在/data/mysql/my.cnf添加以下参数
basedir = /usr/local/mysql datadir = /data/mysql/data log-error = /data/mysql/mysql_error.log pid-file = /data/mysql/mysql.pid
④、创建管理MySQL数据库的shell脚本:
vi /data/mysql/mysql
输入以下内容(这里的用户名root和密码12345678接下来的步骤会创建):
#!/bin/sh
mysql_port=3306
mysql_username="root"
mysql_password="123456"
function_start_mysql()
{
printf "Starting MySQL...\n"
/bin/sh /usr/local/mysql/bin/mysqld_safe --defaults-file=/data/mysql/my.cnf 2>&1 > --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql/data &
}
function_stop_mysql()
{
printf "Stoping MySQL...\n"
/usr/local/mysql/bin/mysqladmin -u ${mysql_username} -p${mysql_password} -S /tmp/mysql.sock shutdown
}
function_restart_mysql()
{
printf "Restarting MySQL...\n"
function_stop_mysql
sleep 5
function_start_mysql
}
function_kill_mysql()
{
kill -9 $(ps -ef | grep 'bin/mysqld_safe' | grep ${mysql_port} | awk '{printf $2}')
kill -9 $(ps -ef | grep 'libexec/mysqld' | grep ${mysql_port} | awk '{printf $2}')
}
if [ "$1" = "start" ]; then
function_start_mysql
elif [ "$1" = "stop" ]; then
function_stop_mysql
elif [ "$1" = "restart" ]; then
function_restart_mysql
elif [ "$1" = "kill" ]; then
function_kill_mysql
else
printf "Usage: /data/mysql/mysql {start|stop|restart|kill}\n"
fi
⑤、赋予shell脚本可执行权限:
chown -R mysql:mysql /data/mysql
chmod +x /etc/rc.d/rc.local
chmod +x /data/mysql/mysql
⑥、启动MySQL:
/data/mysql/mysql start
设定开机启动mysql
vi /etc/rc.d/rc.local
输入
/data/mysql/mysql start
⑦、通过命令行登录管理MySQL服务器(提示输入密码时直接回车):
/usr/local/mysql/bin/mysql -u root -p -S /tmp/mysql.sock
⑧、输入以下SQL语句,创建一个具有root权限的用户(admin)和密码(12345678):
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON *.* TO 'root'@'127.0.0.1' IDENTIFIED BY '123456';
⑨、(可选)停止MySQL:
/data/mysql/mysql stop
四、编译安装PHP(FastCGI模式)
1、建立 www 用户
/usr/sbin/groupadd www
/usr/sbin/useradd -g www -s /sbin/nologin www
2、解压安装
tar zxvf php-7.0.12.tar.gz
cd php-7.0.12
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-opcache=yes --with-freetype-dir=/usr/local/freetype --enable-fpm --with-mcrypt --enable-mbstring --with-curl --disable-debug --disable-rpath --enable-inline-optimization --with-bz2 --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --with-mhash --with-pcre-regex --with-pdo-mysql --enable-mysqlnd --with-mysqli --with-gd --with-jpeg-dir --with-iconv-dir --with-png-dir --with-libxml-dir --enable-xml --enable-zip --enable-calendar --enable-wddx --enable-bcmath --enable-shmop --enable-gd-native-ttf --with-openssl --with-xmlrpc --enable-soap --enable-maintainer-zts --enable-exif --enable-ftp
make ZEND_EXTRA_LIBS='-liconv'
make install
3、拷贝php.ini等配置文件
cp php.ini-production /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
cd ../
4、编译安装PHP5扩展模块
yum install git ImageMagick ImageMagick-devel
cd /data/soft
tar zxf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
./configure --prefix=/usr/local/libmemcached --with-memcached
make && make install
cd ../
如果没有去百度云盘下载压缩包,可用github命令下载
git clone https://github.com/php-memcached-dev/php-memcached.git
tar zxvf php-memcached.tar.gz
cd php-memcached
git checkout php7
/usr/local/php/bin/phpize
./configure --enable-memcached --with-php-config=/usr/local/php/bin/php-config --with-libmemcached-dir=/usr/local/libmemcached --disable-memcached-sasl
make
make install
cd ../
如果没有去百度云盘下载压缩包,可用github命令下载
git clone https://github.com/phpredis/phpredis.git
tar zxvf phpredis.tar.gz
cd phpredis
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../
tar zxvf imagick-3.4.3RC1.tgz
cd imagick-3.4.3RC1/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ../
5、修改php.ini文件
vi /usr/local/php/etc/php.ini
修改 php.ini ,去掉 date.timezone 的注释,并设置为 date.timezone = PRC
手工修改:查找/usr/local/php/etc/php.ini中的extension_dir = "./"
修改为
extension_dir = "/usr/local/php/lib/php/extensions/no-debug-zts-20151012/"
并在此行后增加以下几行,然后保存:
extension = "memcached.so" extension = "imagick.so" extension = "redis.so"
再查找zlib.output_compression = Off
修改为zlib.output_compression = On
按住shift+g跳到php.ini最后一行,加上opcache相关配置
zend_extension="/usr/local/php/lib/php/extensions/no-debug-zts-20151012/opcache.so" opcache.force_restart_timeout=3600 opcache.memory_consumption=1024 opcache.optimization_level=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4096 opcache.revalidate_freq=60 opcache.fast_shutdown=1 opcache.enable=1 opcache.enable_cli=1
添加php比较危险的函数
disable_functions = exec,system,passthru,ini_alter,dl,openlog,syslog,readlink,symlink,link,leak,proc_open,popepassthru,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,proc_get_status,popen,com,eval,gzuncompress,php_admin_value,php_admin_flag
6、创建php的启动角本
vi /usr/local/php/php-fpm
#!/bin/sh
function_start_php()
{
printf "Starting Php-fpm...\n"
/usr/local/php/sbin/php-fpm -g /usr/local/php/var/run/php-fpm.pid
}
function_stop_php()
{
printf "Stoping Php-fpm...\n"
kill -INT `cat /usr/local/php/var/run/php-fpm.pid`
}
function_restart_php()
{
printf "Restarting Php-fpm...\n"
kill -USR2 `cat /usr/local/php/var/run/php-fpm.pid`
}
if [ "$1" = "start" ]; then
function_start_php
elif [ "$1" = "stop" ]; then
function_stop_php
elif [ "$1" = "restart" ]; then
function_restart_php
else
printf "Usage: /usr/local/php/php-fpm {start|stop|restart}\n"
fi
给php-fpm执行以下命令
chmod +x /usr/local/php/php-fpm
启动PHP命令
/usr/local/php/php-fpm start
启动php-cgi进程,监听127.0.0.1的9000端口,p进程数为128(如果服务器内存小于3GB,可以只开启64个进程),用户为ww
五、安装Nginx(Tengine)
1、安装Nginx所需的库,解压这些文件,并不需要安装:
tar -xvf zlib-1.2.8.tar.gz
tar zxvf pcre-8.37.tar.gz
2、安装Tengine
tar zxvf tengine-2.1.0.tar.gz
cd tengine-2.1.0/
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/data/soft/pcre-8.37 --with-zlib=/data/soft/zlib-1.2.8
注意:--with-pcre=/data/soft/pcre-8.37指向的是源码包解压的路径,而不是安装的路径,否则会报错,同样,openssl zlib的路径都是源码包解压路径s。
make && make install
cd ../
3、创建Nginx日志目录
mkdir -p /data/logs
chmod +w /data/logs
chown -R www:www /data/logs
4、创建Nginx配置文件
①、在/usr/local/nginx/conf/目录中创建nginx.conf文件:
>/usr/local/nginx/conf/nginx.conf
vi /usr/local/nginx/conf/nginx.conf
输入以下内容:
user www www;
worker_processes 8;
error_log /data/logs/nginx_error.log crit;
pid /usr/local/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events
{
use epoll;
worker_connections 65535;
}
http
{
include mime.types;
default_type application/octet-stream;
#charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
include vhosts/*.conf;
}
创建php5.conf
touch /usr/local/nginx/conf/php5.conf
vi /usr/local/nginx/conf/php5.conf
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
}
创建image.conf
touch /usr/local/nginx/conf/image.conf
vi /usr/local/nginx/conf/image.conf
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
创建js.conf
touch /usr/local/nginx/conf/js.conf
vi /usr/local/nginx/conf/js.conf
location ~ .*\.(js|css)?$
{
expires 1d;
}
创建vhosts/a.conf
mkdir /usr/local/nginx/conf/vhosts
touch /usr/local/nginx/conf/vhosts/a.conf
vi /usr/local/nginx/conf/vhosts/a.conf
server
{
listen 80;
charset utf-8;
server_name 192.168.1.50;
index index.html index.htm index.php;
root /data/www/blog;
#limit_conn crawler 20;
include php5.conf;
include image.conf;
include js.conf;
log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for';
access_log /data/logs/access.log access;
}
在/usr/local/nginx/conf/目录中创建fcgi.conf文件:
vi /usr/local/nginx/conf/fcgi.conf
fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; #PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
5、启动Nginx
ulimit -SHn 65535
/usr/local/nginx/sbin/nginx
六、在不停止Nginx服务的情况下平滑变更Nginx配置
1、修改/usr/local/nginx/conf/nginx.conf配置文件后,请执行以下命令检查配置文件是否正确:
/usr/local/nginx/sbin/nginx -t
如果屏幕显示以下两行信息,说明配置文件正确:
the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
the configuration file /usr/local/nginx/conf/nginx.conf was tested successfully
2、平滑重启:
①、对于Nginx 0.8.以后的版本,现在平滑重启Nginx配置非常简单,执行以下命令即可:
/usr/local/nginx/sbin/nginx -s reload
3、创建Nginx启动脚本
vi /usr/local/nginx/nginx
#!/bin/sh
nginx_s="/usr/local/nginx/sbin/nginx"
function_start_nginx()
{
printf "Starting nginx...\n"
${nginx_s}
}
function_stop_nginx()
{
printf "Stoping nginx...\n"
${nginx_s} -s stop
}
function_restart_nginx()
{
printf "Restarting nginx...\n"
${nginx_s} -s reload
}
if [ "$1" = "start" ]; then
function_start_nginx
elif [ "$1" = "stop" ]; then
function_stop_nginx
elif [ "$1" = "restart" ]; then
function_restart_nginx
else
printf "Usage: /usr/local/nginx/nginx {start|stop|restart}\n"
fi
chmod +x /usr/local/nginx/nginx
七、配置开机自动启动Nginx + PHP
vi /etc/rc.local
在末尾增加以下内容:
ulimit -SHn 65535 /data/mysql/mysql start /usr/local/php/php-fpm start /usr/local/nginx/sbin/nginx
八、优化Linux内核参数
vi /etc/sysctl.conf
在末尾增加以下内容:
# Add net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 #net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 1024 65535
使配置立即生效:
/sbin/sysctl -p
九、编写每天定时切割Nginx日志的脚本
1、创建脚本/usr/local/nginx/sbin/cut_nginx_log.sh
vi /usr/local/nginx/sbin/cut_nginx_log.sh
输入以下内容:
#!/bin/bash
# This script run at 00:00
# The Nginx logs path
logs_path="/data/logs/"
mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/nginx/nginx.pid`
chmod +x /usr/local/nginx/sbin/cut_nginx_log.sh
2、设置crontab,每天凌晨00:00切割nginx访问日志
crontab -e
输入以下内容:
引用
00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh