一、搜集信息
1、服务器基本信息
操作系统:
[root@localhost ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.1 (Santiago)
[root@localhost ~]# uname -r
2.6.32-131.0.15.el6.x86_64
CPU
[root@localhost ~]# cat /proc/cpuinfo
物理cpu个数(看physical id)
[root@localhost ~]# cat /proc/cpuinfo | grep ‘physical id’ | sort |uniq| wc -l
2
有两个物理CPU
每个物理CPU的核数(cores)
[root@localhost ~]# cat /proc/cpuinfo | grep ‘cpu cores’ | sort |uniq| awk -F: ‘{print $2}’
4
每个物理CPU的核数为4个
逻辑CPU的个数(即系统所有的核数,又称逻辑CPU的个数)
[root@localhost ~]# cat /proc/cpuinfo | grep ‘processor’ | sort |wc -l
8
物理CPUX每个物理CPU的cores=逻辑CPU的个数,如果不等,说明服务器可能支持超线程技术
CPU型号
[root@www ~]# cat /proc/cpuinfo | grep ‘model name’| uniq
model name : Intel(R) Xeon(R) CPU E5504 @ 2.00GHz
Memory
总量(单位为M)
[root@localhost ~]# free -m |grep ‘Mem:’| awk ‘{print $2}’
7863
Swap
[root@localhost ~]# free -m |grep ‘Swap:’| awk ‘{print $2}’
10047
硬盘(Disk)
[root@jiankong ~]# fdisk -l
一块硬盘 sda 160G
分区情况
[root@localhost ~]# df -h
按照默认分区方式,使用LVM
网卡
[root@localhost ~]# lspci | grep ‘Ether’
07:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)
07:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)
两块intel 1000M网卡
IP地址
[root@localhost ~]# ifconfig | grep ‘inet addr:’| sed ‘s/inet addr://’| sed ‘s/Bcast://’| awk ‘{print $1}’
或者
[root@localhost ~]# ifconfig | grep ‘inet addr:’| awk -F[:" "]+ ‘{print $4}’
211.xx.xx.80
127.0.0.1
hostname
[root@localhost ~]# hostname
www.xxx.cn
DNS
[root@localhost ~]# cat /etc/resolv.conf | grep ‘nameserver’ | awk ‘{print $2}’
21x.xx.xx.1
2、系统优化(因为主要提供的是http(tcp)服务)所以优化的重点在tcp
1、一些说明
因为Linux的网络通信主要通过socket(IP地址+端口)套接字抽象层,用来接收应用程序的读写数据缓冲区以及其它基础结构。在经过传输层,IP层,物理网卡传到接收端的网卡,然后网卡会向内核发送一个中断,然后内核调用内核中断处理程序将网卡中的报文传到内核的内存中,并调度网络协议栈来处理之。输入报文在一个与设备相关的队列中排队,最后经过重重验证将报文置于正确的socket的度缓冲区中。
http://www.360doc.com/content/09/0117/09/48648_2350706.shtml
2、内核参数调优机制
systcl 参数位于 sysctl.net.core,sysctl.net.ipv4,与之相关联的/proc项为
/proc/sys/net/core,/proc/sys/net/ipv4
有些参数可能没有是因为在内核编译的时候进行编译。
3、核心内核参数
主要针对内核socket缓冲区(读,写)。
应用程序通过socket()系统调用创建一个通信短点。每个socket都会关联一个读缓冲区和写缓冲区。
socket接收缓冲区保存了从远程主机发过来的数据,应用程序通过执行read()来读取这些数据,若缓冲区已满,则会丢弃后续的数据。
socket发送缓冲区保存了应用程序在发送到远程主机之前写入socket的数据。如果写缓冲区没有足够的大小,则会阻塞write()系统调用。
4、调整一些参数
net.core.netdev_max_backlog=50000//在ip层之下可以保存的报文数,默认1000
net.core.somaxconn=8192//默认128,允许并发的最大连接数
net.ipv4.tcp_fin_timeout =30//表示如果scoket是本端要求关闭,则在FIN_WAIT_2的时间,默认是60
net.ipv4.tcp_keepalive_time = 1200//默认为7200
net.ipv4.tcp_syncookies=1//有效防止syn洪水攻击
net.ipv4.tcp_tw_reuse=1//允许将TIME_WAIT的socket直接用于其他连接
net.ipv4.tcp_tw_recycle=1//将位于TIME_WAIT快速回收
net.ipv4.tcp_max_syn_backlog=8192//表示syn队列的长度,默认为1024
net.ipv4.tcp_max_tw_buckets=8000 //表示系统可以存在TIME_WAIT socket的数量,默认18000
net.ipv4.ip_local_port_range= 1024 65535 //可用的非特权端口的数量 默认为32768 61000
将上述值写到/etc/sysctl.conf 中
然后 sysctl -p
6、修改应用程序能打开的文件描述符的数量默认为1024
[root@www ~]# cat /usr/include/bits/typesizes.h |grep ‘__FD_SETSIZE’
#define __FD_SETSIZE 1024
3、关闭不必要的服务
这里留下crond(计划任务守护进程)
irqblance(优化中断分配,提升性能和降低能耗)
network
sshd
syslogd(日志服务守护进程)
iptables(待定)
可以通过netsysy –level 345 进行设置
4、关掉SELinux
[root@www ~]# getenforce
Enforcing
[root@www ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
5、YUM源
本地YUM源
[root@www ~]# cat /etc/yum.repos.d/rhel6.repo
[yumrhel6]
name=yumrhel6
baseurl=file:///usr/src/rhel6.1/
enabled=1
gpgcheck=0
6、安装相关工具软件
yum -y install gcc gcc-c++ cmake autoconf libpng libpng-devel libjpeg libjpeg-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel openssl openssl-devel
7、下载相关软件的源码包
[root@www ~]# cd /usr/local/src
[root@www src]# mkdir software
[root@www src]# cd software/
下载nginx的最新稳定版
[root@www software]# wget http://nginx.org/download/nginx-1.0.10.tar.gz
下载nginx URL重写所需要的正则表达式库pcre
[root@wwwsoftware]#wget http://cdnetworks-kr-1.dl.sourceforge.net/project/pcre/pcre/8.20/pcre-8.20.tar.gz
下载php-5.3.8最新稳定版
[root@wwwsoftware]#wget http://cn2.php.net/get/php-5.3.8.tar.gz/from/this/mirror
下载mysql-5.5.19
[root@wwwsoftware]#wget http://mysql.cdpa.nsysu.edu.tw/Downloads/MySQL-5.5/mysql-5.5.19.tar.gz
下载libmcrypt
[root@wwwsoftware]#wget ftp://mcrypt.hellug.gr/pub/crypto/mcrypt/libmcrypt/libmcrypt-2.5.7.tar.gz
下载 mcrypt
[root@wwwsoftware]#wget http://cdnetworks-kr-2.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz
下载libiconv
[root@www software]# wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
下载memcache
[root@www software]# wget http://pecl.php.net/get/memcache-3.0.6.tgz
下载mhash
[root@wwwsoftware]#wget http://downloads.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2
下载 eaccelerator
[root@wwwsoftware]#wget http://cdnetworks-kr-1.dl.sourceforge.net/project/eaccelerator/eaccelerator/eAccelerator%200.9.6.1/eaccelerator-0.9.6.1.zip
下载 pdo_mysql
[root@www software]# wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz
下载 ImageMagick
[root@wwwsoftware]#wget ftp://mirror.aarnet.edu.au/pub/imagemagick/ImageMagick-6.7.3-10.tar.gz
下载 imagick-
[root@www software]# wget http://pecl.php.net/get/imagick-3.0.1.tgz
8、安装
安装PHP其所需的库
libiconv 字符编码转换
[root@www software]# tar -zvxf libiconv-1.14.tar.gz
[root@www software]# cd libiconv-1.14
[root@www libiconv-1.14]# ./configure –prefix=/usr/local/
[root@www libiconv-1.14]# make && make install
libmcrypt 加密函数库
[root@www libiconv-1.14]# cd ..
[root@www software]# tar -zvxf libmcrypt-2.5.7.tar.gz
[root@www software]# cd libmcrypt-2.5.7
[root@www libmcrypt-2.5.7]# ./configure
[root@www libmcrypt-2.5.7]# make && make install
[root@www libmcrypt-2.5.7]# cd libltdl/
[root@www libltdl]# /sbin/ldconfig
ldconfig命令的用途,主要是在默认搜寻目录(/lib和/usr/lib)以及动态库配置文件/etc/ld.so.conf内所列的目录下,搜索出可共享的动态链接库(格式如前介绍,lib*.so*),进而创建出动态装入程序(ld.so)所需的连接和缓存文件.缓存文件默认为/etc/ld.so.cache,此文件保存已排好序的动态链接库名字列表.
[root@www libltdl]# ./configure –enable-ltdl-install
[root@www libltdl]# make && make install
将/usr/local/include 放入/etc/ld.so.conf
[root@www libltdl]# vim /etc/ld.so.conf
[root@www libltdl]# cat /etc/ld.so.conf
include ld.so.conf.d/*.conf
/usr/local/lib
mhash
[root@www libltdl]# cd ..
[root@www libmcrypt-2.5.7]# cd ..
[root@www software]# tar jvxf mhash-0.9.9.9.tar.bz2
[root@www mhash-0.9.9.9]# cd mhash-0.9.9.9
[root@www mhash-0.9.9.9]# ./configure
[root@www mhash-0.9.9.9]# make && make install
mcrypt 加解密
[root@www libltdl]# cd ..
[root@www software]# tar -zvxf mcrypt-2.6.8.tar.gz
[root@www software]# cd mcrypt-2.6.8
[root@www mcrypt-2.6.8]# ldconfig
[root@www mcrypt-2.6.8]# ./configure
[root@www mcrypt-2.6.8]# make && make install
安装Mysql-5.5.19
http://dev.mysql.com/doc/refman/5.5/en/installing-source-distribution.html
[root@www software]# groupadd mysql
[root@www software]# useradd -g mysql mysql
[root@www software]# tar zvxf mysql-5.5.19.tar.gz
[root@www software]# cd mysql-5.5.19
[root@www mysql-5.5.19]# cmake .(注意是个点)
[root@www mysql-5.5.19]# make && make install
安装目录在/usr/local/mysql
[root@www mysql-5.5.19]# chown mysql.mysql /usr/local/mysql
[root@www mysql-5.5.19]# cd /usr/local/mysql/
[root@www mysql]# scripts/mysql_install_db –user=mysql –group=mysql
[root@www mysql]# cp support-files/my-medium.cnf /etc/my.cnf
[root@www mysql]# chown mysql -R data/
[root@www mysql]# bin/mysqld_safe –user=mysql &
[root@www mysql]# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
因为本机不提供mysql服务,可以将其关掉
安装php5.3
[root@www software]# tar zvxf php-5.3.8.tar.gz
[root@www software]# cd php-5.3.8
[root@www php-5.3.8]# ./configure –prefix=/usr/local/ –enable-fpm –with-config-file-path=/etc –with-libxml-dir –with-openssl –with-zlib –enable-bcmath –with-bz2 –with-curl –with-curlwrappers –enable-ftp –with-gd –with-jpeg-dir –with-png-dir –with-zlib-dir –with-freetype-dir –enable-gd-native-ttf –with-mhash –enable-mbstring –with-mcrypt –with-mysql=/usr/local/mysql/ –with-mysqli=/usr/local/mysql/bin/mysql_config –enable-soap –enable-sockets –enable-zip –enable-shmop –with-iconv-dir=/usr/local
[root@www php-5.3.8]# make ZEND_EXTRA_LIBS=’-liconv’
[root@www php-5.3.8]# make install
安装php扩展模块
memcache
[root@www php-5.3.8]# cd ..
[root@www software]# tar zvxf memcache-3.0.6.tgz
[root@www software]# cd memcache-3.0.6
[root@www memcache-3.0.6]# /usr/local/bin/phpize
Configuring for:
PHP Api Version: 20090626
Zend Module Api No: 20090626
Zend Extension Api No: 220090626
[root@www memcache-3.0.6]# ./configure –with-php-config=/usr/local/bin/php-config
[root@www memcache-3.0.6]# make && make install
eaccelerator
[root@www memcache-3.0.6]# cd ..
[root@www software]# unzip eaccelerator-0.9.6.1.zip
[root@www software]# cd eaccelerator-0.9.6.1
[root@www eaccelerator-0.9.6.1]# /usr/local/bin/phpize
Configuring for:
PHP Api Version: 20090626
Zend Module Api No: 20090626
Zend Extension Api No: 220090626
[root@www eaccelerator-0.9.6.1]# ./configure –enable-eaccelerator –with-php-config=/usr/local/bin/php-config
[root@www eaccelerator-0.9.6.1]#make && make install
pdo_mysql
[root@www eaccelerator-0.9.6.1]# cd ..
[root@www software]# tar zvxf PDO_MYSQL-1.0.2.tgz
[root@www software]# cd PDO_MYSQL-1.0.2
[root@www PDO_MYSQL-1.0.2]# /usr/local/bin/phpize
Configuring for:
PHP Api Version: 20090626
Zend Module Api No: 20090626
Zend Extension Api No: 220090626
[root@wwwPDO_MYSQL-1.0.2]#./configure --with-php-config=/usr/local/bin/php-config --with-pdo-mysql=/usr/local/mysql/
[root@www PDO_MYSQL-1.0.2]# make && make install
ImageMagick
[root@www PDO_MYSQL-1.0.2]# cd ..
[root@www software]# tar zvxf ImageMagick-6.7.3-10.tar.gz
[root@wwwsoftware]#cd ImageMagick-6.7.3-10
[root@wwwsoftware]# LDFLAGS=”-L/usr/lib” CPPFLAGS=”-I/usr/include” ./configure --enable-shared
[root@www ImageMagick-6.7.3-10]# make && make install
imagick
[root@www ImageMagick-6.7.3-10]# cd ..
[root@www imagick-3.1.0b1]# tar zvxf imagick-3.1.0RC1.tgz
[root@www software]# cd imagick-3.1.0RC1
[root@www imagick-3.1.0b1]# /usr/local/bin/phpize
Configuring for:
PHP Api Version: 20090626
Zend Module Api No: 20090626
Zend Extension Api No: 220090626
[root@www imagick-3.1.0b1]# ./configure --with-php-config=/usr/local/php/bin/php-config
[root@www imagick-3.1.0b1]# make && make install
编辑php.ini
[root@www php-5.3.8]# cp php.ini-production /etc/php.ini
编辑php.ini,加入
extension_dir = ” /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/”
extension=”memcache.so”
extension=”pdo_mysql.so”
[root@www php-5.3.8]# mkdir /www
[root@www php-5.3.8]# mkdir /www/eaccelerator_cache
在php.ini最后加入如下
[eaccerlerator]
zend_extention=”/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/”
eaccerlerator.shm_size=”64″
eaccerlerator.cache_dir=”/www/eaccerlerator_cache”
eaccerlerator.enable=”1″
eaccerlerator.optmizer=”1″
eaccerlerator.check_mtime=”1″
eaccerlerator.debug=”0″
eaccerlerator.fliter=””
eaccerlerator.shm_max=”0″
eaccerlerator.shm_ttl=”3600″
eaccerlerator.shm_only=”0″
eaccerlerator.compress=”1″
eaccerlerator.compress_level=”9″
编辑php-fpm.conf
[root@www software]# groupadd www
[root@www software]# useradd -g www www
[root@www software]# chown www.www -R /www
[root@www etc]# pwd
/usr/local/php/etc
[root@www etc]# cp php-fpm.conf.default php-fpm.conf
[root@www etc]# /usr/local/php/sbin/php-fpm
[root@www etc]# lsof -i:9000
安装nginx
安装pcre
[root@www software]# tar zvxf pcre-8.20.tar.gz
[root@www software]# cd pcre-8.20
[root@www pcre-8.20]# ./configure
[root@www pcre-8.20]# make && make install
安装nginx
[root@www pcre-8.20]# cd ../
[root@www software]# tar zvxf nginx-1.0.10.tar.gz
[root@www software]# cd nginx-1.0.10
[root@www nginx-1.0.10]# ./configure –prefix=/usr/local/nginx –user=www –group=www –with-http_ssl_module –with-http_stub_status_module –with-http_flv_module
[root@www nginx-1.0.10]# make && make install
编辑nginx.conf
[root@www nginx-1.0.10]# cd /usr/local/nginx/conf/
[root@www conf]# grep -v ‘#’ nginx.conf | grep -v ‘^$’
user www;
worker_processes 12;
error_log /www/logs/error.log;
pid /www/logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 50000;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;
access_log /www/logs/access.log main;
sendfile on;
keepalive_timeout 65;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css aplication/xml;
tcp_nopush on;
tcp_nodelay on;
server {
listen 80;
server_name www.xxx.cn xxx.cn;
location / {
root /www/html;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(jpg|png|gif|jpeg|swf|bmp)$
{
expires 20d;
}
location ~ .*\.(js|css)$
{
expires 2h;
}
}
server {
listen 80;
server_name bbs.xxx.cn;
location / {
root /www/bbs;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(jpg|png|gif|jpeg|swf|bmp)$ {
expires 20d;
}
location ~ .*\.(js|css)$ {
expires 2h;
}
}
}
检验配置文件是否正确
[root@www nginx]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
启动nginx
[root@www nginx]# /usr/local/nginx/sbin/nginx
开机启动
[root@www nginx]# echo ‘ulimit -Hn 65538′>>/etc/rc.local
[root@www nginx]# echo ‘/usr/local/nginx/sbin/nginx’>>/etc/rc.local
[root@www nginx]# grep -v ‘#’ /etc/rc.local
touch /var/lock/subsys/local
ulimit -Hn 65538
/usr/local/nginx/sbin/nginx
压力测试
[root@jiankong src]# wget http://blog.s135.com/soft/linux/webbench/webbench-1.5.tar.gz
[root@jiankong src]# tar zvxf webbench-1.5.tar.gz
[root@jiankong src]# cd webbench-1.5
由于安装需要ctags软件
[root@jiankong webbench-1.5]# yum -y install ctags
另外手工创建
[root@jiankong webbench-1.5]# mkdir /usr/local/man
[root@jiankong webbench-1.5]# make
ctags *.c
[root@jiankong webbench-1.5]# make install
install -s webbench /usr/local/bin
install -m 644 webbench.1 /usr/local/man/man1
install -d /usr/local/share/doc/webbench
install -m 644 debian/copyright /usr/local/share/doc/webbench
install -m 644 debian/changelog /usr/local/share/doc/webbench
Nginx 相关脚本
启动,关闭脚本
#!/bin/bash
#This a script for start,stop,restart nginx
# Created by chenqing
#Last modified 2011-12-11
if [ $# !eq 1 ] ;then
echo ‘需要一个合适的参数’
Useage
exit 1
fi
function Useage {
echo “basename($0) {start|stop| restart}”
}