web服务器虚拟目录
When you get a dedicated virtual server to run your website, chances are good that it’s configured for everybody, and not customized to maximize performance for running a website.
当您获得一个专用的虚拟服务器来运行您的网站时,很可能为每个人配置了该服务器,而没有对其进行自定义以最大化运行网站的性能。
Contents[hide] |
内容[隐藏] |
总览(Overview)
There’s a number of problem areas where we want to maximize performance:
我们希望在许多问题领域中实现性能最大化:
Linux configuration
Linux配置
There are usually services running that don’t need to be, wasting memory that could be used for more connections.
通常,有一些不必要的服务正在运行,浪费了可用于更多连接的内存。
MySQL configuration
MySQL配置
Often the default settings are based on a small server, we can add a few key changes to increase performance a great deal.
通常,默认设置是基于小型服务器的,我们可以添加一些关键更改来提高性能。
Apache configuration
Apache配置
By default most hosting providers install apache with nearly every module installed. There’s no reason to load modules if you aren’t ever going to use them.
默认情况下,大多数托管服务提供商会在安装了几乎所有模块的情况下安装apache。 如果您永远不会使用模块,则没有理由加载它们。
PHP configuration
PHP配置
The default PHP configuration is similarly bloated, there are usually a ton of unnecessary extra modules installed.
默认PHP配置也同样肿,通常会安装大量不必要的额外模块。
PHP Opcode Cache
PHP操作码缓存
Instead of allowing PHP to recompile the scripts every single time, an opcode cache will cache the compiled scripts in memory for huge performance boosts.
操作码缓存不会使PHP每次都重新编译脚本,而是将编译后的脚本缓存在内存中,以极大地提高性能。
Backups
后备
Should probably setup some automated backups, since your hosting provider isn’t going to do it for you.
可能应该设置一些自动备份,因为您的托管服务提供商不会为您这样做。
Security
安全
Sure, Linux is secure enough by default, but there’s usually some glaring security issues that you can fix with a few quick settings.
当然,默认情况下Linux是足够安全的,但是通常存在一些明显的安全问题,您可以通过一些快速设置来解决。
Linux配置 (Linux Configuration)
There’s quite a number of tweaks you can do, which will vary slightly based on the server you are using. These tweaks are for a server running CentOS, but they should work for the majority of DV servers.
您可以做很多调整,具体取决于您使用的服务器。 这些调整适用于运行CentOS的服务器,但它们应适用于大多数DV服务器。
禁用DNS (Disable DNS)
If your hosting provider handles the DNS for your domain (likely), then you can disable the DNS service from running.
如果您的托管服务提供商(可能)为您的域处理DNS,则可以禁用DNS服务。
disable dns
/etc/init.d/named stop
chmod 644 /etc/init.d/named
The chmod command removes execute permission from the script, stopping it from running on startup.
chmod命令从脚本中删除执行权限,从而阻止其在启动时运行。
禁用SpamAssassain (Disable SpamAssassain)
If you aren’t using email accounts on your server itself, you shouldn’t bother running anti-spam tools. (Also you should check out Google Apps, much better email solution)
如果您未在服务器上使用电子邮件帐户,则不必费心运行反垃圾邮件工具。 (此外,您应该查看Google Apps,这是更好的电子邮件解决方案)
/etc/init.d/psa-spamassassin stop
chmod 644 /etc/init.d/psa-spamassassin
禁用xinetd (Disable xinetd)
The xinetd process houses a number of other processes, none of which are useful for a typical web server.
xinetd进程包含许多其他进程,这些进程对典型的Web服务器均无用。
/etc/init.d/xinetd stop
chmod 644 /etc/init.d/xinetd
限制Plesk内存使用 (Limit Plesk Memory Usage)
If you use the plesk panel, you can force it to use less memory by adding an options file.
如果使用plesk面板,则可以通过添加选项文件来强制其使用更少的内存。
vi /usr/local/psa/admin/conf/httpsd.custom.include
Add the following lines to the file:
将以下行添加到文件中:
MinSpareServers 1
MaxSpareServers 1
StartServers 1
MaxClients 5
Note that this option is known to work on MediaTemple DV servers, but has not been checked on any others. (See References)
请注意,此选项在MediaTemple DV服务器上有效,但在其他任何服务器上均未选中。 (请参阅参考资料)
禁用或关闭Plesk(可选) (Disable or Turn Off Plesk (optional))
If you only use Plesk once a year, there’s very little reason to leave it running at all. Note that this step is completely optional, and slightly more advanced.
如果您每年仅使用一次Plesk,则几乎没有理由让它继续运行。 请注意,此步骤是完全可选的,并且稍微先进一些。
Run the following command to turn off plesk:
运行以下命令以关闭plesk:
/etc/init.d/psa stop
You can disable it from running at startup by running the following command:
您可以通过运行以下命令来禁用它在启动时运行:
chmod 644 /etc/init.d/psa
Note that if you disable it, then you can’t start it manually without changing the file permissions back (chmod u+x).
请注意,如果禁用它,则无法手动启动它,而无需将文件权限改回(chmod u + x)。
MySQL配置 (MySQL Configuration)
启用查询缓存(Enable Query Cache)
Open your /etc/my.cnf file and add the following lines in your [mysqld] section like this:
打开/etc/my.cnf文件,并在[mysqld]部分中添加以下几行:
[mysqld]
query-cache-type = 1
query-cache-size = 8M
You can add more memory to the query cache if you’d like, but don’t use too much.
您可以根据需要向查询缓存中添加更多内存,但不要使用过多内存。
禁用TCP / IP (Disable TCP/IP)
A surprising number of hosts enable access to MySQL on TCP/IP by default, which makes no sense for a website. You can figure out if mysql is listening on TCP/IP by running the following command:
数量惊人的主机默认情况下启用TCP / IP上MySQL访问,这对网站没有意义。 您可以通过运行以下命令来确定mysql是否正在侦听TCP / IP:
netstat -an | grep 3306
To disable, add the following line to your /etc/my.cnf file:
要禁用,请将以下行添加到您的/etc/my.cnf文件中:
skip-networking
Apache配置 (Apache Configuration)
Open your httpd.conf file, often found in /etc/httpd/conf/httpd.conf
打开通常在/etc/httpd/conf/httpd.conf中找到的httpd.conf文件
Find the line that looks like this:
找到看起来像这样的行:
Timeout 120
And change it to this:
并将其更改为:
Timeout 20
Now find the section that includes these lines, and adjust to something similar:
现在找到包含这些行的部分,并进行类似调整:
StartServers 2
MinSpareServers 2
MaxSpareServers 5
ServerLimit 100
MaxClients 100
MaxRequestsPerChild 4000
PHP配置 (PHP Configuration)
One of the things to keep in mind when tweaking a server on the PHP platform is that every single apache thread is going to load up PHP in a separate location in memory. This means if an unused module adds 256k of memory to PHP, across 40 apache threads you are wasting 10MB of memory.
在PHP平台上调整服务器时,要记住的一件事是,每个Apache线程都将在内存中的单独位置加载PHP。 这意味着,如果未使用的模块向PHP添加256k内存,那么在40个apache线程中,您将浪费10MB内存。
删除不需要PHP模块 (Remove Unneeded PHP Modules)
You’ll need to locate your php.ini file, which usually is found at /etc/php.ini (Note that on some distributions, there will be an /etc/php.d/ directory with a number of .ini files, one for each module.
您需要找到您的php.ini文件,该文件通常位于/etc/php.ini中(请注意,在某些发行版中,将存在一个/etc/php.d/目录,其中包含许多.ini文件,每个模块一个。
Comment out any loadmodule lines with these modules:
用这些模块注释掉所有loadmodule行:
- odbc odbc
- snmp mp
- pdo do
- odbc pdo odbc pdo
- mysqli mysqli
- ioncube-loader 离子装载机
- jsonjson
- imap imap
- ldap ldap
- ncurses 诅咒
Todo: Add more information here.
待办事项:在此处添加更多信息。
PHP操作码缓存 (PHP Opcode Cache)
There are a number of opcode caches that you can use, including APC, eAccelerator, and Xcache, the last one being my personal preference due to stability.
您可以使用许多操作码缓存,包括APC,eAccelerator和Xcache,由于稳定性,最后一个是我个人的喜好。
Download xcache and extract it into a directory, and then run the following commands from the xcache source directory:
下载xcache并将其解压缩到目录中,然后从xcache源目录运行以下命令:
phpize
./configure --enable-xcache
make
make install
Open your php.ini file and add a new section for xcache. You’ll need to adjust the paths if your php modules are loaded from somewhere else.
打开您的php.ini文件,并为xcache添加一个新部分。 如果您的php模块是从其他地方加载的,则需要调整路径。
vi /etc/php.ini
Add the following section to the file:
将以下部分添加到文件中:
[xcache-common]
zend_extension = /usr/lib/php/modules/xcache.so
[xcache.admin]
xcache.admin.user = "myusername"
xcache.admin.pass = "putanmd5hashhere"
[xcache]
; Change xcache.size to tune the size of the opcode cache
xcache.size = 16M
xcache.shm_scheme = "mmap"
xcache.count = 1
xcache.slots = 8K
xcache.ttl = 0
xcache.gc_interval = 0
; Change xcache.var_size to adjust the size of variable cache
xcache.var_size = 1M
xcache.var_count = 1
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300
xcache.test = Off
xcache.readonly_protection = On
xcache.mmap_path = "/tmp/xcache"
xcache.coredump_directory = ""
xcache.cacher = On
xcache.stat = On
xcache.optimizer = Off
Todo: Need to expand this a bit and link to xcache in the references.
待办事项:需要对此进行扩展,并链接到引用中的xcache。
后备 (Backups)
There’s very little more important than having automated backups of your website. You may be able to get snapshot backups from your hosting provider, which are also very useful, but I prefer to have automated backups as well.
没有比对网站进行自动备份更重要的了。 您也许可以从托管服务提供商处获取快照备份,这也非常有用,但我也希望拥有自动备份。
创建自动备份脚本 (Create Automated Backup Script)
I usually start by creating a /backups directory, with a /backups/files directory beneath it. You can adjust these paths if you want.
我通常首先创建一个/ backups目录,并在其下面创建一个/ backups / files目录。 您可以根据需要调整这些路径。
mkdir -p /backups/files
Now create a backup.sh script inside the backups directory:
现在,在backups目录中创建一个backup.sh脚本:
vi /backups/backup.sh
Add the following to the file, adjusting the paths and mysqldump password as necessary:
将以下内容添加到文件中,并根据需要调整路径和mysqldump密码:
#!/bin/sh
THEDATE=`date +%d%m%y%H%M`
mysqldump -uadmin -pPASSWORD DATABASENAME > /backups/files/dbbackup$THEDATE.bak
tar -cf /backups/files/sitebackup$THEDATE.tar /var/www/vhosts/my-website-path/httpdocs
gzip /backups/files/sitebackup$THEDATE.tar
find /backups/files/site* -mtime +5 -exec rm {} \;
find /backups/files/db* -mtime +5 -exec rm {} \;
The script will first create a date variable so all the files will be named the same for a single backup, then dumps the database, tars up the web files and gzips them. The find commands are used to remove any files older than 5 days, since you don’t want your drive to run out of space.
该脚本将首先创建一个date变量,以便对单个备份将所有文件命名为相同的名称,然后转储数据库,将Web文件压缩为文件并对其进行gzip压缩。 find命令用于删除任何超过5天的文件,因为您不希望驱动器空间不足。
Make the script executable by running the following command:
通过运行以下命令使脚本可执行:
chmod u+x /backups/backup.sh
Next you’ll need to assign it to run automatically by cron. Make sure that you use an account that has access to the backups directory.
接下来,您需要将其分配为由cron自动运行。 确保您使用有权访问备份目录的帐户。
crontab -e
Add the following line to the crontab:
将以下行添加到crontab中:
1 1 * * * /backups/backup.sh
You can test the script ahead of time by running it while logged on to the user account. (I usually run the backups as root)
您可以通过在登录用户帐户时运行脚本来提前测试脚本。 (我通常以超级用户身份运行备份)
使用Rsync异地同步备份 (Sync Backups Off-Site With Rsync)
Now that you have automated backups of your server running, you can sync them somewhere else by using the rsync utility. You’ll want to read this article on how to setup ssh keys for automatic login:Add Public SSH Key to Remote Server in a Single Command
现在,您已经运行了服务器的自动备份,您可以使用rsync实用程序将其同步到其他位置。 您将需要阅读有关如何设置ssh密钥以自动登录的文章:在单个命令中将SSH公钥添加到远程服务器
You can test this out by running this command on a linux or Mac machine at another location (I have a linux server at home, which is where I run this)
您可以通过在另一个位置的linux或Mac机器上运行此命令来进行测试(我在家里有一个linux服务器,这是我运行该服务器的位置)
rsync -a user@website.com:/backups/files/* /offsitebackups/
This will take quite a while to run the first time, but at the end your local computer should have a copy of the files directory in the /offsitebackups/ directory. (Make sure to create that directory before running the script)
第一次运行将花费一些时间,但是最后,您的本地计算机应该在/ offsitebackups /目录中具有files目录的副本。 (确保在运行脚本之前创建该目录)
You can schedule this by adding it to a crontab line:
您可以通过将其添加到crontab行来安排它:
crontab -e
Add the following line, which will run rsync every hour at the 45 minute mark. You’ll notice that we use the full path to rsync here.
添加以下行,它将每隔45分钟运行一次rsync。 您会注意到,我们在此处使用完整路径进行rsync。
45 * * * * /usr/bin/rsync -a user@website.com:/backups/files/* /offsitebackups/
You could schedule it to run at a different time, or only once per day. That’s really up to you.
您可以安排它在其他时间运行,或者每天运行一次。 这真的取决于你。
Note that there are a lot of utilities that will allow you to sync via ssh or ftp. You don’t have to use rsync.
请注意,有许多实用程序可让您通过ssh或ftp进行同步。 您不必使用rsync。
安全 (Security)
The first thing you want to do is make sure that you have a regular user account to use through ssh, and make sure that you can use su to switch to root. It’s a very bad idea to allow direct login for root over ssh.
您要做的第一件事是确保您具有通过ssh使用的常规用户帐户,并确保可以使用su切换到root用户。 允许通过ssh直接登录root是一个非常糟糕的主意。
通过SSH禁用根登录 (Disable Root Login Over SSH)
Edit the /etc/ssh/sshd_config file, and look for the following line:
编辑/ etc / ssh / sshd_config文件,然后查找以下行:
#PermitRootLogin yes
Change that line to look like this:
将该行更改为如下所示:
PermitRootLogin no
Make certain that you have a regular user account and can su to root before you make this change, otherwise you might lock yourself out.
进行更改之前,请确保您具有常规用户帐户并且可以拥有root用户身份,否则您可能会被锁定。
禁用SSH版本1 (Disable SSH Version 1)
There’s really no reason to use anything other than SSH version 2, as it’s more secure than previous versions. Edit the /etc/ssh/sshd_config file, and look for the following section:
除了SSH版本2之外,实际上没有任何理由使用它,因为它比以前的版本更安全。 编辑/ etc / ssh / sshd_config文件,然后查找以下部分:
#Protocol 2,1
Protocol 2
Make sure that you are only using Protocol 2 as shown.
确保仅使用所示的协议2。
重启SSH服务器 (Restart SSH Server)
Now you’ll need to restart the SSH server to make this take effect.
现在,您需要重新启动SSH服务器才能使它生效。
/etc/init.d/sshd restart
检查开放端口 (Check for Open Ports)
You can use the following command to see which ports the server is listening on:
您可以使用以下命令查看服务器正在侦听的端口:
netstat -an | grep LISTEN
You really shouldn’t have anything listening other than ports 22, 80, and possibly 8443 for plesk.
除了22端口,80端口以及plesk端口可能是8443端口外,您实际上不应该监听任何其他内容。
设置防火墙 (Setup a Firewall)
Main Article: Using Iptables on Linux
You can optionally setup an iptables firewall to block more connections. For instance, I usually block access to any other ports other than from my work network. If you have a dynamic IP address you’ll want to avoid that option.
您可以选择设置iptables防火墙来阻止更多连接。 例如,我通常禁止访问除我的工作网络以外的任何其他端口。 如果您有动态IP地址,则应避免使用该选项。
If you have already followed all of the steps in this guide so far, it’s probably not necessary to also add a firewall to the mix, but it’s good to understand your options.
如果到目前为止,您已经按照本指南中的所有步骤进行操作,则可能没有必要在组合中添加防火墙,但是最好能理解您的选择。
也可以看看 (See Also)
参考文献 (References)
翻译自: https://www.howtogeek.com/168166/tweaking-a-dedicated-virtual-web-server/
web服务器虚拟目录
扫一扫
337
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
