Nginx/Lghttpd前置静态,Apache后置读取PHP之类的动态,用非管理型的VPS时想要做的事情。设想不错,但一直不怎么顺利,毕竟不是技术。。。
本来想叫UJJ帮忙想想办法的,这鸟人自己用不到,老是说没空。结果前段时间用 Cpanel+apache+nginx后上瘾了,这次买了Linode的VPS才去折腾。
这鸟人,太坏了!不过还算有良心,留下点记录参考参考。于是转来以备后用~
参考了cPanel的,算是移植。
前后端搭配方式:nginx在前,proxy给后端的apache,后端只处理动态请求。也可以再添加perl或其他语言。很乱.看懂就看吧。
yum upgrade
yum -y install gcc gcc-c++ gcc-objc++ gcc44-c++ gcc-g77 bison patch unzip mlocate wget automake autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers libpng-dev libtidy libtidy-devel libxslt libxslt-devel libXpm libXpm-devel lsof krb5-dev flex libtool-ltdl coreutils libX11-devel libtool-ltdl-devel sed pam-devel expat-devel expat libstdc++ libstdc++-devel libtool openssl openssl-devel bison bzip2-libs
yum -y install mysql mysql-server mysql-devel
mysqladmin -u root password root
 
wget http://www.apache.org/dist/httpd/httpd-2.2.15.tar.gz
tar -zxf httpd-2.2.15.tar.gz
cd httpd-2.2.15
./configure --enable-cache --enable-deflate --enable-expires --enable-headers --enable-info --enable-logio --enable-mem-cache --enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --enable-unique-id --prefix=/usr/local/apache --with-included-apr --with-mpm=prefork --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ --with-suexec-gidmin=100 --with-suexec-logfile=/usr/local/apache/logs/suexec_log --with-suexec-uidmin=100 --with-suexec-userdir=public_html
make
make install
cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
vim /etc/init.d/httpd
------------------------------------------------
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf
 
ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -n 32768
ulimit -n 65535
------------------------------------------------
 
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.bz2/download
wget http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download
wget http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download
wget http://www.php.net/get/php-5.2.13.tar.gz/from/this/mirror
wget http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/php5-mail-header.patch
wget http://pecl.php.net/get/memcache-2.2.5.tgz
wget http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2
wget ftp://ftp.p_w_picpathmagick.org/pub/ImageMagick/ImageMagick.tar.gz
wget http://pecl.php.net/get/imagick-2.3.0.tgz
wget http://download.suhosin.org/suhosin-0.9.29.tgz
wget http://downloads.zend.com/optimizer/3.3.9/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
wget http://www.monkey.org/~provos/libevent-1.4.12-stable.tar.gz
wget http://memcached.googlecode.com/files/memcached-1.4.4.tar.gz
 
tar -zxf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure
make
make install
cd ../
 
tar -jxf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../
 
tar -zxf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../
 
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
 
tar -zxf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../
 
tar -zxf php-5.2.13.tar.gz
patch -d php-5.2.13 -p1 < php5-mail-header.patch
cd php-5.2.13
./configure -disable-posix --enable-bcmath --enable-calendar --enable-exif --enable-fastcgi --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo=shared --enable-soap --enable-sockets --enable-wddx --enable-zip --prefix=/usr/local --with-apxs2=/usr/local/apache/bin/apxs --with-bz2 --with-config-file-path=/usr/local/lib --with-config-file-scan-dir=/usr/local/lib/php.ini.d --with-curl --with-curlwrappers --with-freetype-dir --with-gd --with-gettext --with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr --with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared --with-tidy=/usr --with-ttf --with-xmlrpc --with-xpm-dir=/usr --with-xsl=/usr --with-zlib -with-zlib-dir=/usr
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /usr/local/lib/php.ini
cd ../
 
tar -zxf memcache-2.2.5.tgz
cd memcache-2.2.5/
phpize
./configure --with-php-config=/usr/local/bin/php-config --with-zlib-dir --enable-memcache
make
make install
cd ../
 
tar -jxf eaccelerator-0.9.6.tar.bz2
cd eaccelerator-0.9.6/
phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/bin/php-config
make
make install
cd ../
 
tar -zxf ImageMagick.tar.gz
cd ImageMagick-[+tab]
./configure
make
make install
cd ../
 
tar -zxf imagick-2.3.0.tgz
cd imagick-2.3.0/
phpize
./configure --with-php-config=/usr/local/bin/php-config
make
make install
cd ../
 
tar -zxf suhosin-0.9.29.tgz
cd suhosin-0.9.29
phpize
./configure
make
make install
cd ../
 
tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
mkdir -p /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
 
mkdir -p /tmp/eaccelerator
chmod 777 /tmp/eaccelerator
echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local
echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.local
---------------------- php.ini -----------------------
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613"
extension = "memcache.so"
extension = "pdo.so"
extension = "pdo_mysql.so"
extension = "pdo_sqlite.so"
extension = "sqlite.so"
extension = "imagick.so"
extension = "suhosin.so"
extension = "eaccelerator.so"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.check_mtime="1"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.debug="0"
eaccelerator.enable="1"
eaccelerator.filter=""
eaccelerator.optimizer="1"
eaccelerator.shm_max="0"
eaccelerator.shm_only="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_size="1"
eaccelerator.shm_ttl="3600"
 
zend_extension = "/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so"
 
---------------------- Install Pure-ftpd ---------------------------
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.28.tar.gz
tar -zxf pure-ftpd-1.0.28.tar.gz
cd pure-ftpd-1.0.28
./configure --prefix=/usr/local/pureftpd --with-language=simplified-chinese --with-everything
make
make install
chmod 755 configuration-file/pure-config.pl
cp configuration-file/pure-config.pl /usr/local/pureftpd/sbin/
cp configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/
useradd localhost -s /sbin/nologin
pure-pw useradd localhost -d /home/localhost
pure-pw mkdb
echo "/usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize" >> /etc/rc.local
/usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize
 
chmod 711 /home
chmod -R 711 /home/
 
---------------------- Install Nginx --------------------
 
wget http://sourceforge.net/projects/pcre/files/pcre/8.01/pcre-8.01.tar.gz/download
wget http://nginx.org/download/nginx-0.7.65.tar.gz
tar -zxf pcre-8.01.tar.gz
cd pcre-8.01
./configure --prefix=/usr
make && make install
cd ../
 
cd nginx-0.7.65
./configure --user=nobody --group=nobody --prefix=/usr/local/nginx --pid-path=/usr/local/nginx/logs/nginx.pid --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --with-http_ssl_module --http-client-body-temp-path=/tmp/nginx_client --http-proxy-temp-path=/tmp/nginx_proxy --http-fastcgi-temp-path=/tmp/nginx_fastcgi --with-http_stub_status_module
make
make install
cd ../
 
vim /etc/init.d/nginx
--------------------------- nginx init ---------------------------------
#! /bin/sh
ulimit -n 65535
# Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and
# run 'sudo update-rc.d nginx defaults', or use the appropriate command on your
# distro.
#
#chkconfig: 2345 55 25
#
# Author: Ryan Norbauer <ryan.norbauer@gmail.com>
# Modified: Geoffrey Grosenbach http://topfunky.com
 
set -e
 
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/usr/local/nginx/logs/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
 
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
 
d_start() {
$DAEMON -c $CONFIGFILE || echo -n " already running"
}
 
d_stop() {
kill -15 `cat $PIDFILE` || echo -n " not running"
}
 
d_reload() {
kill -HUP `cat $PIDFILE` || echo -n " can't reload"
}
 
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
d_start
echo "."
/etc/init.d/httpd start
;;
stop)
echo -n "Stopping $DESC: $NAME"
d_stop
echo "."
/etc/init.d/httpd stop
;;
reload)
echo -n "Reloading $DESC configuration..."
d_reload
echo "reloaded."
/etc/init.d/httpd restart
;;
restart)
echo -n "Restarting $DESC: $NAME"
d_stop
# One second might not be time enough for a daemon to stop,
# if this happens, d_start will fail (and dpkg will break if
# the package is being upgraded). Change the timeout if needed
# be, or change d_stop to have start-stop-daemon use --retry.
# Notice that using --retry slows down the shutdown process somewhat.
sleep 1
d_start
echo "."
/etc/init.d/httpd restart
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload}" >&2
exit 3
;;
esac
 
exit 0
--------------------------- nginx init end -----------------------------
 
mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.1
vim /usr/local/nginx/conf/nginx.conf
 
--------------------------- nginx conf -----------------------------
user nobody;
# no need for more workers in the proxy mode
worker_processes 2;
error_log /usr/local/nginx/logs/error.log info;
worker_rlimit_nofile 65535;
events {
worker_connections 65536; # increase for busier servers
use epoll; # you should use epoll here for Linux kernels 2.6.x
}
http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 256;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
gzip on;
gzip_http_version 1.0;
gzip_min_length 1100;
gzip_comp_level 3;
gzip_buffers 4 32k;
# gzip_types text/plain application/x-javascript text/xml text/css;
gzip_types text/plain text/xml text/css application/x-javascript application/xml application/xml+rss text/javascript application/atom+xml;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
request_pool_size 32k;
output_buffers 4 64k;
postpone_output 1460;
# only works on dev version open_log_file_cache max=8000 inactive=20s min_uses=2 valid=1m;
open_file_cache max=1000 inactive=300s;
open_file_cache_valid 600s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
log_format bytes_log "$msec $bytes_sent .";
include "/usr/local/nginx/conf/vhosts/*";
server {
listen 80;
server_name _;
access_log off;
location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
deny all;
}
location / {
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_pass http://74.207.253.131:81/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
--------------------------- nginx conf end -----------------------------
 
mkdir /usr/local/nginx/conf/vhosts/
vim localhost
 
--------------------------- nginx vhosts -----------------------------
server {
error_log /usr/local/nginx/logs/localhost-error_log warn;
listen 80;
server_name localhost;
#include error_pages.conf;
access_log off;
location ~* \.(gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|txt|js|css|exe|zip|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
access_log /usr/local/apache/domlogs/localhost-bytes_log bytes_log;
access_log /usr/local/apache/domlogs/localhost combined;
root /home/localhost/public_html;
expires 7d;
try_files $uri @backend;
}
location @backend {
internal;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_redirect http://localhost:81 http://localhost;
 
proxy_pass http://74.207.253.131:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
deny all;
}
location / {
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_redirect http://localhost:81 http://localhost;
 
proxy_pass http://74.207.253.131:81/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
--------------------------- nginx vhosts end -----------------------------
 
change apache config :80 > :81
 
--------------------------- rpaf -----------------------------
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar -zxf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
vim httpd.conf
Include "conf/rpaf.conf"
 
--------------------------- rpaf settings -----------------------------
LoadModule rpaf_module modules/mod_rpaf-2.0.so
#Mod_rpaf settings
RPAFenable On
RPAFproxy_ips 127.0.0.1 74.207.253.131
RPAFsethostname On
RPAFheader X-Forwarded-For
 
------------------------ iftop --------------------------
yum -y install libpcap-devel
wget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gz
tar -zxf iftop-0.17.tar.gz
cd iftop-0.17
./configure
make && make install
cd ~
 
------------------------------ DDOS ---------------------------------
yum -y install vixie-cron crontabs
chkconfig crond on
service crond start
 
cd /usr/local/src
wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-9.7-1/
sh ./install.sh
vim /etc/apf/conf.apf
cd /usr/local/src
wget http://www.inetbase.com/scripts/ddos/install.sh
sh ./install.sh
vim /usr/local/ddos/ddos.conf
 
--------------------------- mod_perl ------------------------------
wget http://perl.apache.org/dist/mod_perl-2.0-current.tar.gz
tar -zxf mod_perl-2.0-current.tar.gz
cd mod_perl-2.0.4
perl Makefile.PL MP_APXS=/usr/local/apache/bin/apxs
make
make install
vim httpd.conf
LoadModule perl_module modules/mod_perl.so
 
--------------------------- phpmyadmin -----------------------------
mkdir -p /var/www/html
chmod -R 711 /var/www
cd /var/www/html
wget http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.3.0%2FphpMyAdmin-3.3.0-all-languages.tar.bz2/download
tar -jxf phpMyAdmin-3.3.0-all-languages.tar.bz2
mv phpMyAdmin-3.3.0-all-languages phpmyadmin
 
add to httpd.conf
------------------------------
#Managed Tools
<VirtualHost 74.207.253.131:81 *>
ServerName evlit.com
ServerAlias pma.*
DocumentRoot /var/www/html/phpmyadmin
ServerAdmin admin@evlit.com
UseCanonicalName Off
</VirtualHost>