前言
应公司需求,最近需要搭建一个内部员工交流的论坛,任务自然落到我的头上。所以这篇博文也就是记录一下部署过程,也希望各位博友多多指点。
Discuz! X 是一款以 PHP 为编程语言,以 MySQL 为数据库,并使用 Apache/IIS/Nginx(任意一种即可) 提供 web 服务的产品。要搭建 Discuz! X 站点,服务器必须安装由 PHP、MySQL、Apache/IIS/Nginx 构成的环境。其中,IIS 主要用于 Windows 服务器,Apache、Nginx 多用于 Linux 服务器(即 LAMP 和 LNMP)。
我这里采用的是LAMP架构,具体的部署环境如下:
CentOS 6.5 x64
Apache 2.4.10
MySQL 5.5.39
PHP 5.4
Discuz_X3.2_SC_UTF8
部署过程
CentOS系统的安装过程
这里就不讲解了,否则篇幅过于冗长。如果有需要的同学,请参考《使用VMware Workstation安装CentOS 5.8》。或者google之。
系统安装完成之后,做一些基本的优化操作
更新yum源为国内网易163的源
同步时间
打开文件数量限制
SELinux 和 iptables
内核参数调优
关闭不需要的服务
ssh服务配置
注意:如果是root用户通过ssh软件远程连接到Linux服务器可要小心了,因为此脚本会配置sshd禁止root用户远程登录。
#!/bin/bash export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin ###CentOS 6.5_x64 minimal ### check OS version platform=$(uname -i) if [[ "x$platform" != "xx86_64" ]];then echo "This script is only for 64 bit Operating System !" exit 1 fi ### check the root uid=$(id -u) if [[ "x$uid" ! "x0" ]];then echo "Must root can do it" exit 1 fi cat << EOF +---------------------------------------+ | your system is CentOS 6 x86_64 | | start optimizing....... | +--------------------------------------- EOF ### yum install wget , lrzsz yum -y install wget lrzsz ### make the 163.com as the default yum repo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.$(date +%F).bak wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base-163.repo ### update the system and set the ntp yum clean all yum makecache # 这里可选,后续空闲的时候执行也可以,否则要等待很长一段时间 yum -y update ### ntp pool.ntp.org(202.118.1.130) 或者 210.72.145.44 if rpm -qa | grep -q ‘ntpdate‘ &> /dev/null; then echo ‘10 4 * * * /usr/sbin/ntpdate 210.72.145.44 &> /dev/null ; hwclock -w‘ >> /var/spool/cron/root else yum -y install ntpdate echo ‘10 4 * * * /usr/sbin/ntpdate 210.72.145.44 &> /dev/null; hwclock -w‘ >> /var/spool/cron/root fi service crond restart ### set the file limit echo ‘ulimit -SHn 102400‘ >> /etc/rc.local cat >> /etc/security/limits.conf << EOF * soft nofile 65535 * hard nofile 65535 EOF ### set the control-alt-delete to restart sed -i ‘s#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#‘ /etc/init/control-alt-delete.conf ### disable selinux sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config ### tune kernel parameters cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 EOF /sbin/sysctl -p ### close the nouse server #for server in "$(chkconfig --list | grep 3:on | awk ‘{print $1}‘)";do # chkconfig --level 3 $server off #done #for server in crond kudzu network readahead_early rsyslog sshd iptables; do # chkconfig --level 3 $server on #done #ssh sed -i ‘/^#UseDNS/s/#UseDNS yes/UseDNS no/g‘ /etc/ssh/sshd_config #sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/g‘ /etc/ssh/sshd_config sed -i ‘s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g‘ /etc/ssh/sshd_config /etc/init.d/sshd restart ### iptables iptables -F iptables -X iptables -Z iptables -i lo -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -p udp --dport 123 -j ACCEPT iptables -P INPUT DROP /etc/init.d/iptables save cat << EOF +-------------------------------------------------+ | optimizer is done | | it‘s recommond to restart this server ! | +-------------------------------------------------+ EOF
LAMP环境搭建
在安装之前,我们先关闭掉iptables,最后再开启它。
因为后期要编译源码包,所以我们需要安装所需的开发工具包。
编译安装的原则:对于我来说,需要定制的就直接编译,其余的一切皆yum / apt-get搞定
下载的软件包列表如下:在开始安装之前,最好先用rpm -qa 检查一下是否已经安装了相应的包,因为我这里是最小化安装,所以就跳过这个步骤了。
[root@localhost lamp]# ls -l total 196880 -rw-r--r--. 1 root root 1020833 Sep 13 16:29 apr-1.5.1.tar.gz -rw-r--r--. 1 root root 874462 Mar 18 17:16 apr-util-1.5.3.tar.gz -rw-r--r--. 1 root root 6820719 Sep 13 16:27 httpd-2.4.10.tar.gz -rw-r--r--. 1 root root 172464 Mar 20 13:54 libmcrypt-2.5.7-1.2.el6.rf.i686.rpm -rw-r--r--. 1 root root 84680 Mar 20 13:54 libmcrypt-devel-2.5.7-1.2.el6.rf.i686.rpm -rw-r--r--. 1 root root 100230 Mar 26 13:49 mod_fastcgi-2.4.6.tar.gz -rw-r--r--. 1 root root 177020618 Jul 20 11:00 mysql-5.5.38-linux2.6-i686.tar.gz -rw-r--r--. 1 root root 15323862 Sep 13 16:27 php-5.4.32.tar.gz -rw-r--r--. 1 root root 166263 Sep 13 16:28 xcache-3.0.4.tar.gz
1、编译安装httpd
我这里仅列出简明扼要的命令,详细的安装步骤可以参考《编译安装LAMP之一》。
[root@localhost ~]# service iptables stop # 安装开发工具 gcc make cmake , and so on [root@localhost ~]# yum -y groupinstall "Development Tools" # 安装openssl [root@localhost ~]# yum -y install openssl openssl-devel pcre pcre-devel # 安装 apr 1.5.1 [root@localhost lamp]# tar xf apr-1.5.1.tar.gz -C /usr/local/src [root@localhost lamp]# cd /usr/local/src [root@localhost src]# cd apr-1.5.1/ [root@localhost apr-1.5.1]# ./configure --prefix=/usr/local/apr-httpd [root@localhost apr-1.5.1]# make && make install # 安装 apr-util 1.5.3 [root@localhost lamp]# tar xf apr-util-1.5.3.tar.gz -C /usr/local/src [root@localhost lamp]# cd /usr/local/src [root@localhost src]# cd apr-util-1.5.3/ [root@localhost apr-util-1.5.3]# ./configure --prefix=/usr/local/apr-util-httpd --with-apr=/usr/local/apr-httpd [root@localhost apr-util-1.5.3]# make && make install # 编译安装httpd [root@localhost lamp]# tar xf httpd-2.4.10.tar.gz -C /usr/local/src [root@localhost lamp]# cd /usr/local/src [root@localhost src]# cd httpd-2.4.10/ [root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-modules=most --enable-mods-shared=most --enable-rewrite --with-zlib --with-pcre --enable-mpms-shared=all --with-apr=/usr/local/apr-httpd --with-apr-util=/usr/local/apr-util-httpd [root@localhost httpd-2.4.10]# make && make install # 创建apache用户 [root@localhost ~]# groupadd -r apache [root@localhost ~]# useradd -r -g apache -s /sbin/nologin apache # 编辑httpd.conf配置文件 [root@localhost ~]# vi /etc/httpd/httpd.conf User apache Group apache # pidfile for httpd Pidfile "/var/run/httpd.pid" # 提供httpd服务启动脚本 [root@localhost ~]# vi /etc/init.d/httpd #!/bin/bash # # httpd Startup script for the Apache HTTP Server # # chkconfig: - 85 15 # description: Apache is a World Wide Web server. It is used to serve \ # HTML files and CGI. # processname: httpd # config: /etc/httpd/conf/httpd.conf # config: /etc/sysconfig/httpd # pidfile: /var/run/httpd.pid # Source function library. . /etc/rc.d/init.d/functions if [ -f /etc/sysconfig/httpd ]; then . /etc/sysconfig/httpd fi # Start httpd in the C locale by default. HTTPD_LANG=${HTTPD_LANG-"C"} # This will prevent initlog from swallowing up a pass-phrase prompt if # mod_ssl needs a pass-phrase from the user. INITLOG_ARGS="" # Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server # with the thread-based "worker" MPM; BE WARNED that some modules may not # work correctly with a thread-based MPM; notably PHP will refuse to start. # Path to the apachectl script, server binary, and short-form for messages. apachectl=/usr/local/apache/bin/apachectl httpd=${HTTPD-/usr/local/apache/bin/httpd} prog=httpd pidfile=${PIDFILE-/var/run/httpd.pid} lockfile=${LOCKFILE-/var/lock/subsys/httpd} RETVAL=0 start() { echo -n $"Starting $prog: " LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc -p ${pidfile} -d 10 $httpd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} } reload() { echo -n $"Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then RETVAL=$? echo $"not reloading due to configuration syntax error" failure $"not reloading $httpd due to configuration syntax error" else killproc -p ${pidfile} $httpd -HUP RETVAL=$? fi echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status -p ${pidfile} $httpd RETVAL=$? ;; restart) stop start ;; condrestart) if [ -f ${pidfile} ] ; then stop start fi ;; reload) reload ;; graceful|help|configtest|fullstatus) $apachectl $@ RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}" exit 1 esac exit $RETVAL ### [root@localhost ~]# chmod +x /etc/init.d/httpd [root@localhost ~]# chkconfig --add httpd [root@localhost ~]# chkconfig httpd on [root@localhost ~]# service httpd start Starting httpd: AH00558: httpd: Could not reliably determine the server‘s fully qualified domain name, using localhost.localdomain. Set the ‘ServerName‘ directive globally to suppress this message [ OK ] [root@localhost ~]# netstat -tulpn | grep 80 tcp 0 0 :::80 :::* LISTEN 32608/httpd # 把httpd的bin目录添加到PATH [root@localhost ~]# vi /etc/profile.d/httpd.sh export PATH=$PATH:/usr/local/apache/bin [root@localhost ~]# . /etc/profile.d/httpd.sh [root@localhost ~]# httpd -t [root@localhost ~]# httpd -l [root@localhost ~]# httpd -M # OK, httpd到此安装完毕
本文出自 “Share your knowledge” 博客,请务必保留此出处http://skypegnu1.blog.51cto.com/8991766/1551970
原文地址:http://skypegnu1.blog.51cto.com/8991766/1551970