Build a high-performance lamp Platform Based on centos
Outline:
I. System Installation
Ii. Compile and install the Basic Environment
3. Configure virtual hosts and optimize Basic Performance
Iv. Basic Security Settings
V. Appendix and related introductions
I. System Installation
1. Partition
/Boot around M
2 times the physical memory of swap (If your physical memory is larger than 4 GB, allocate 4 GB)
/15g
/Usr/local 20G (for software installation)
/All data space remaining
2. system initialization script (disable unnecessary services as needed)
# Vi init. Sh# Disable Ipv6
Cat <EOF
+ -------------------------------------------------------------- +
| === Welcome to disable IPv6 ==|
+ -------------------------------------------------------------- +
EOF
Echo "alias net-pf-10 off">/etc/MoD probe. conf
Echo "alias IPv6 off">/etc/modprobe. conf
/Sbin/chkconfig -- level 35 ip6tables off
Echo "IPv6 is disabled! "
# Disable SELinux
Sed-I '/SELinux/S/enforcing/disabled/'/etc/SELinux/config
Echo "SELinux is disabled, you must reboot! "
# Vim
Sed-I "8 S/^/alias Vi = 'vim '/"/root/. bashrc
Echo 'syntax on'>/root/. vimrc
# Zh_cn
Sed-I-e's/^ lang =. */lang = "zh_cn.gb18030"/'/etc/sysconfig/i18n
# Tunoff services
#--------------------------------------------------------------------------------
Cat <EOF
+ -------------------------------------------------------------- +
| === Welcome to tunoff services ===|
+ -------------------------------------------------------------- +
EOF
#---------------------------------------------------------------------------------
For I in 'ls/etc/rc3.d/S *'
Do
Cursrv = 'echo $ I | cut-C 15 -'
Echo $ cursrv
Case $ cursrv in
Crond | irqbalance | microcode_ctl | Network | Random | Sendmail | SSH d | syslog | Local | MySQL D)
Echo "base services, Skip! "
;;
*)
Echo "Change $ cursrv to off"
Chkconfig -- level 235 $ cursrv off
Service $ cursrv stop
;;
Esac
Done
------------------- Cut end -------------------------------------------
# Sh init. Sh (execute the script saved above and restart it later)
Ii. Compile and install the Basic Environment
1. Installation preparation
1) system conventions
Software source code package storage location/usr/local/src
Source code package compilation and installation location (prefix)/usr/local/software_name
Script and maintenance program storage location/usr/local/sbin
MySQL database location/data/MySQL/data (can be set as needed)
Apache website root directory/data/www/wwwroot (which can be set as needed)
Apache Virtual Host log root directory/data/www/logs (can be set as needed)
Apache running account www: WWW (useradd-D/data/www/; chown www. www/data/www/wwwroot)
2) system environment deployment and adjustment
Check whether the system is normal
# Tail-N100/var/log/messages (check for system-level error messages)
# Dmesg (check whether the hardware device has an error message)
# Ifconfig (check whether Nic settings are correct)
# Ping www.linuxtone.org (check whether the network is normal)
3) use the yum program to install the required development package (the following is the standard RPM package name)
# Rpm -- import http://mirror.centos. org/centos/RPM-GPG-KEY-CentOS-5
# Yum install NTP vim-enhanced GCC gcc-C ++ gcc-g77 flex bison Autoconf automake bzip2-devel/
Ncurses-devel zlib-devel libjpeg-devel libpng-devel LibTIFF-devel FreeType-devel libxpm-devel/
Gettext-devel Pam-devel Kernel
4) Timing correction server clock, timing synchronization with the Chinese National Time Service Center Time Service Server
# Crontab-e
Add a row:
15 3 ***/usr/sbin/ntpdate 210.72.145.44>/dev/null 2> & 1
2. Compile and install the software package
Source)
1) GD2
# Cd/usr/local/src
# Tar xvf gd-2.0.35.tar.gz
# Cd gd-2.0.35
#./Configure -- prefix =/usr/local/GD2
# Make
# Make install
2) libxml2
# Cd/usr/local/src
# Tar xvf libxml2-2.6.29.tar.bz2
# Cd libxml2-2.6.29
#./Configure -- prefix =/usr/local/libxml2
# Make
# Make install
3) libmcrypt
# Cd/usr/local/src
# Tar xvf libmcrypt-2.5.8.tar.bz2
# Cd libmcrypt-2.5.8
#./Configure -- prefix =/usr/local/libmcrypt
# Make
# Make install
4) Apache Log truncation Program
# Cd/usr/local/src
# Tar xvf cronolog-1.6.2.tar.gz
# Cd cronolog-1.6.2
#./Configure -- prefix =/usr/local/cronolog
# Make
# Make install
3. Upgrade OpenSSL and OpenSSH
# Cd/usr/local/src
# Tar xvf openssl-0.9.8g.tar.gz
# Cd openssl-0.9.8g
#./Config -- prefix =/usr/local/OpenSSL
# Make
# Make Test
# Make install
# CD ..
# Tar xvf openssh-5.0p1.tar.gz
# Cd openssh-5.0p1
#./Configure/
"-- Prefix =/usr "/
"-- With-Pam "/
"-- With-zlib "/
"-- Sysconfdir =/etc/ssh "/
"-- With-SSL-Dir =/usr/local/OpenSSL "/
-- With-md5-passwords"
# Make
# Make install
1) disable SSH V1 Protocol
Find # Replace protocol with: Protocol 2
2) Disable gssapi on the server
Locate the following two lines and comment them out:
Gssapiauthentication Yes
Gssapicleanupcredentials Yes
3) disable DNS name resolution
Find: # Change usedns yeas to usedns No
4) disable the client gssapi
# Vi/etc/ssh/ssh_config: gssapiauthentication yes. Comment out this line.
Finally, confirm the modification and restart the SSH service.
# Service sshd restart
# Ssh-V
Verify that the OpenSSH and OpenSSL versions are correct.
The above SSH configuration can be automatically modified using the following script:
------------------- Cut begin -------------------------------------------1. Download Software compilation and Installation
1) Download Software
# Cd/usr/local/src
Httpd-2.2.8.tar.gz
Mysql-5.0.51b.tar.gz
Php-5.2.6.tar.bz2
ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
2) install MySQL
View and analyze your CPU model:
Http://gentoo-wiki.com/Safe_Cflags to find your GCC compilation parameters.
Determine the system CPU type:
# Cat/proc/cpuinfo | grep "model name"
After running the command, you will see the specific CPU model in the system. Write down the CPU model.
# Tar xvf mysql-5.0.51b.tar.gz
# Cd mysql-5.0.51b
# Vi mysql. Sh
------------------- Cut end ---------------------------------------------
# Sh mysql. Sh to start compiling.
3) Compile and install Apache
# Cd/usr/local/src
# Tar xvf httpd-2.2.8.tar.gz
# Cd httpd-2.2.8
4) Compile and install PHP
# Cd/usr/local/src
# Tar xjvf php-5.2.6.tar.bz2
# Cd php-5.2.6
5) install xcache.
# Tar xvf xcache-1.2.2.tar.gz
# Vi/usr/local/PHP/etc/PHP. ini (Add the following content to the end of PHP. INI)
------------------- Cut begin -------------------------------------------[Xcache]
; Change xcache. Size to tune the size of the opcode Cache
Xcache. size = 24 m
Xcache. shm_scheme = "MMAP"
Xcache. Count = 4
Xcache. Slots = 8 K
Xcache. TTL = 0
Xcache. gc_interval = 0
; Change xcache. var_size to adjust the size of variable Cache
Xcache. var_size = 8 m
Xcache. var_count = 1
Xcache. var_slots = 8 K
Xcache. var_ttl = 0
Xcache. var_maxttl = 0
Xcache. var_gc_interval = 300
Xcache. test = off
Xcache. readonly_protection = on
Xcache. mmap_path = "/tmp/xcache"
Xcache. coredump_directory = ""
Xcache. cacher = on
Xcache. Stat = on
Xcache. optimizer = off
[Xcache. coverager]
Xcache. coverager = on
Xcache. coveragedump_directory = ""
------------------- Cut end ---------------------------------------------
6) install Zend Optimizer
# Cd/usr/local/src
# Tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
#./ZendOptimizer-3.3.3-linux-glibc23-i386/install. Sh
Do not restart Apache after installing Zend optimizer.
2. Integrate Apache with PHP and initial configuration of the system.
1) Integrate Apache and PHP
# Vi/usr/local/apache2/CONF/httpd. conf
Find:
Addtype application/X-gzip. GZ. tgz
Add
Addtype application/X-httpd-PHP. php
Find:
<Ifmodule dir_module>
Directoryindex index.html
</Ifmodule>
Change this row
<Ifmodule dir_module>
Directoryindex index.html index.htm index. php
</Ifmodule>
Find:
# Include CONF/extra/httpd-mpm.conf
# Include CONF/extra/httpd-info.conf
# Include CONF/extra/httpd-vhosts.conf (virtual host configuration file storage directory .)
# Include CONF/extra/httpd-default.conf
Remove the previous "#" and cancel the comment.
Note: Please configure the settings in the above four extension configuration files according to relevant principles!
Save the modification and exit.
#/Usr/local/apache2/bin/apachectl restart
2) check and confirm the l.a. m.p environment information to improve PHP security
Place the info. php script in the root directory of the website to check whether the information in phpinfo is correct.
<? PHP
Phpinfo ();
?>
After confirming that PHP works properly, set in PHP. ini to improve PHP security and disable dangerous functions.
# Vi/etc/PHP. INI: disable_functions =: phpinfo, passthru, exec, system, chroot, scandir, chgrp, chown, shell_exec, proc_open, proc_get_status, ini_alter, ini_alter, DL, pfsockopen, openlog, syslog, readlink, symlink, popepassthru, stream_socket_server
3) The Script automatically completes the Initialization Configuration (the above configuration can be automated using the script)
# Cat init_apache_php.sh
3. Configure virtual hosts and optimize Basic Performance
1) configure the VM:
# Vi/usr/local/apache2/CONF/extra/httpd-vhosts.conf
<Virtualhost *: 80>
Serveradmin cnseek@gmail.com
DocumentRoot "/data/www/wwwroot/linuxtone.org"
Servername www.linuxtone.org
Serveralias bbs.linxutone.org
Errorlog "log/dummy-host.example.com-error_log"
Customlog "|/usr/sbin/cronolog/data/logs/access_www.linuxtone.org. % Y % m % d" combined
</Virtualhost>
2). Basic Performance Tuning reference :( more tuning-related articles Please note: http://bbs.linuxtone.org/index.html performance tuning-related posts)
# Vi/usr/local/apache2/CONF/extra/httpd-default.conf
# Vi/usr/local/apache2/CONF/extra/httpd-mpm.conf
<Ifmodule mpm_prefork_module>3). Apache log processing problems Summary (http://bbs.linuxtone.org/thread-102-1-1.html)
Analyze website logs with AWStats: http://bbs.linuxtone.org/thread-56-1-1.html
To ignore unnecessary log configurations, refer to specific analysis based on specific issues:
Logformat "% {X-forwarded-for} I % L % u % t/" % R/"%> S % B/" % {Referer} I/"/" % {User-Agent} I/"" combined
# Add the following content:
Quot; dontlog
Setenvif request_uri/. healthcheck/. html $ dontlog
Setenvif remote_addr ": 1" dontlog
Setenvif request_uri "/. getping. php [discuz_code_9] quot; dontlog
Setenvif request_uri "^/error/. html [discuz_code_9] quot; dontlog
Setenvif request_uri "/. gif [discuz_code_9] quot; dontlog
Setenvif request_uri "/. jpg [discuz_code_9] quot; dontlog
Setenvif request_uri "/. CSS [discuz_code_9] quot; dontlog
[/Code] 4). Apache anti-Leech (APACHE anti-leech problem summary: http://bbs.linuxtone.org/thread-101-1-1.html)
Iv. Basic Security Settings
1) iptables blocks related ports (we recommend that you read the IP Tables for two hours)
2) SSH Security (modify ssh port limit source IP login, or refer to the http://bbs.linuxtone.org/thread-106-1-1.html)
3) Linux anti-ARP attack strategy (http://bbs.linuxtone.org/thread-41-1-1.html)
4) Note (the old saying goes: security work starts from details !)
V. Appendix and related introductions
1) References (thanks ):
Discuz! Links to the company's Nanu article:
Http://bbs.linuxpk.com/thread-13325-1-2.html
Http://www.discuz.net/thread-722804-1-1.html
Configure all-powerful web (05 years reference): http://bbs.linuxpk.com/thread-437-1-2.html
Linuxtone. org (APACHE related issues): http://bbs.linuxtone.org/thread-88-1-1.html
Thank you, eddiechen!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
