"CentOS" Lamp related 3

Tagged with: IP address article wildcard Arc Bin OCA rest overflow error

Tuning, security
If the operation of a website, PHP building, there may be 500 of errors, white pages
How to do it, and today it's about this stuff.

http://blog.csdn.net/bsi_l4/article/details/49632729 about Ctrl+r.
http://blog.csdn.net/jiazhen/article/details/3488956 and/ETC/INPUTRC Documentation

///////////////////////////
Find out where our PHP configuration files are
Method 1:/usr/local/php/etc/php-i |head
Method 2:phpinfo (), the most reliable way to find the path () of the loaded Configuration file in the Web interface

Boot up, put it in rc.local.

Disable_functions = default is empty

How to use Curl

Display_errors = ON/Off (default OFF)

First, PHP configuration
1. Configure Disable_function
disable_functions=
Eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown, Escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog, Readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close

Inside the php.ini, some dangerous functions are banned.
Among them, shell_exec and exec are more dangerous and must be banned

PHP Even if there are errors, Apache detection

2. Configuring the error log Error_log
Display_error=on (this is equivalent to a debug switch, if a 200 blank page appears, you can see the specific error)

But this will be seen by people with ulterior motives.
What to do, to record the log and not to show others
Display_error=off
Error_log=/path/to/logfile,/usr/local/php/logs/error.log
Log_errors = On
error_reporting = e_all| E_strict (log level)

Error level reference http://www.aminglinux.com/bbs/thread-6973-1-1.html

/usr/local/php/logs/error.log
Note The permissions for this file

3. Configure Open_basedir (This is a security configuration)
Application scenario: The server has a number of sites, split it, so that different sites do not affect each other
Equivalent to Chroot

Php.ini:open_basedir=/dir1/:/dir2

eg:php.ini:open_basedir=/data/www2/:/tmp/
This is limited to one

But if we had a few websites, it would be dangerous to have all the directories open.

* because our (different) virtual host is configured in Apache, so this time we will go there configured, different Vitualhost configuration different base_dir
/usr/local/apache/conf/extra/v...conf: In VirtualHost, add this sentence.
Php_admin_value Open_basedir "/dir1/:/dir2"
Eg:php_admin_value Open_basedir "/data/www2/:/tmp/"
(Configured later in the php.ini there remember to comment out that sentence)
/ETC/LOCAL/PHP/BIN/PHP-M Listing Modules

4. Install the PHP extension Module (memcache, this is a cache)
Http://www.aminglinux.com/thread-45-1-1.html

If Apache does not restart, phpinfo is also not searched.

Second, MySQL configuration (some commonly used parameters)

Autoconf.noarch to install this thing.

This time we're going to/etc/my.cnf configuration files

[Mysqld]
Socket =/tmp/mysqld.socket
Develop a socket file for local communication between MySQL client and server (default is/var/lib.mysql/mysql.sock file under Linux)

Port = 3306
#指定MySQL侦听的端口

Skip-name-resolve (Inverse resolution)
#指定MySQL对外部连接进行DNS解析, use this option to eliminate the time for DNS resolution for MySQL, but be aware that if the option is turned on, all remote host connection authorizations will use IP address, otherwise MySQL will not be able to handle connection requests properly
↑ This resembles our sshd inside

Key_buffer = 384M
#key_buffer是用于索引块得缓冲区大小, increase it can get better processing index (for all read and multiple writes), index is shared by all counties
Key_buffer large small size of memory depends on

Table_open_cache = 512
#MySQL每打开一个表, will Duru some data into the Table_open_cache cache, when MySQL in this cache can not find the corresponding information, only go back to the disk read, the default value of 64, assuming that the system has 200 concurrent connections, you need to set this parameter to 200* N (number of file descriptors required per connection for n bits); When the Table_open_cache is set to a large size, if the system cannot handle so many file descriptors, the client fails and the connection is not

Max_allowed_packet = 4M
#接收的数据包大小; it is safe to increase the value of this variable because additional memory is allocated only when needed. For example, MYSQLD will allocate more memory only if you issue a farm query or if MYSQLD must return a hit result. This variable takes a small default value when a precaution is taken to capture the error message packet between the client and the server, and to ensure that memory overflow is not caused by accidental use of packets

Sort_buffer_stze = 2M
#没意思情况执行排序时适用的缓冲大小, if you want to increase the speed of the order by, you can first let MySQL use the index instead of the extra sort stage, and if not, try increasing the size of the sort_buffer_size variable

Read_buffer_size = 2M
#读查询操作能使用的缓冲区大小, as with Sort_buffer_size, the allocated memory for this parameter is also for each connection, the request for sequential scanning of the table is allocated a read buffer, and MySQL allocates a memory buffer for him, if the sequential scan request to the table is very trivial, And you think that frequent scans go too slowly, you can improve performance by increasing the value of the variable and the size of the memory buffer

Join_buffer_size = 2M
#联合查询操作所能适用的缓冲区大小, as with Sort_buffer_size, the allocated memory for each connection is

Query_cache_size = 2M
#指定MySQL查询结果缓冲区大小

Read_md_buffer_size = 2M
#随机读缓冲区大小, when reading rows in any book order (for example, in sort order), a random read buffer will be allocated, and when sorting queries, MySQL will first scan the buffer to avoid disk search, improve query speed, if you need to sort large amounts of data, you can adjust the value appropriately, However, MySQL will issue this buffer space for each user connection, so you should set the configuration as appropriate to avoid large memory effects.

Myisam_sort_buffer_size = 64M
#MyISAM表发生变化时重新排序所需的缓冲

Thread_concurrency = 8
#最大并发线程数, value is the number of server logical CPUs

Thread_cache = 8
#该值表示可以重新利用保存在缓存中线程的数量, the client's thread will be placed in the cache when the connection is disconnected, and if the thread is requested again, the request will be read from the cache, and if the cache is empty or a new request, then the thread will be recreated. Set the value rule is: 1G memory set to 8,2G memory set to 16,4g or above setting to 64

max_connections = 1000
#MySQL最大连接数, if the server has a large number of concurrent connection requests, it is recommended that this value be increased to increase the amount of concurrent connections, although this is based on the fact that the machine can support, because if the number of connections between MySQL will provide a connection buffer for each connection, it will cost more memory, So adjust this value appropriately, not blindly increase the value, you can see the current state of the number of connections through the conn% wildcard, to decide the size of the value

Max_connect_errors = 6000
#对于同一主机, if there is an interrupt error link that exceeds the number of values for this parameter, the host will be blocked from connecting, if it is required to unblock the host, execute: flush_host

Open_files_limit = 65535
#MySQL打开的文件描述符限制, default minimum 1024

Skip_locking
#避免MySQL的外部锁定 to reduce the chance of error increase stability

Wait_timeout = 8
#表示空闲的连接超时时间, the default is 28800s, this parameter is suitable for use with interactive_timeout, that is, for the wait_timeout to take effect, you must set the Interactive_timeout

Interactive_timeout = 8

Log_query_time = 1
#慢查询日志的超时时间

Log_slow_queries =/path/to/slow_queries
#慢查询日志路径 must be used together with the above parameters

Expand part look at the picture

"CentOS" lamp related 3