Nginx 1.7.7.1 + PHP 5.6.4(FastCGI)在CentOS Linux下的编译安装

本文参考张宴Nginx 0.8.x + PHP 5.2.13(FastCGI)搭建胜过Apache十倍的Web服务器(第6版)[原创]完成。所有操作命令都在CentOS 6.x 64位操作系统下实践成功。
说明:本文以PHP官方的OPCache替代了eaccelerator。

一、获取相关开源程序
1、利用CentOS Linux系统自带的yum命令安装、升级所需的程序库:

sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers patch

2、下载适用CentOS程序源码包:
这里用OpenResty(也称为ngx_openresty)代替了标准的Nginx。它是一个全功能的 Web 应用服务器。它打包了标准的Nginx核心,很多的常用的第三方模块,以及它们的大多数依赖项。
从PHP 5.3.3版本起,PHP已经集成php-fpm了,不再是第三方的包了。在编译PHP时./configure的时候带 –enable-fpm参数即可开启PHP-FPM

mkdir -p /data0/software
cd /data0/software
wget http://openresty.org/download/ngx_openresty-1.7.7.1.tar.gz
wget http://cn2.php.net/get/php-5.6.4.tar.gz/from/this/mirror
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
wget "http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0"
wget "http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0"
wget http://pecl.php.net/get/memcache-2.2.7.tgz
wget "http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0"
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.36.tar.gz
wget http://www.imagemagick.org/download/ImageMagick-6.9.0-0.tar.gz
wget http://pecl.php.net/get/imagick-3.1.2.tgz

二、安装PHP (FastCGI模式)
由于采用了mysqlnd,编译PHP时不再需要先编译MySQL。

1、编译安装PHP所需的支持库

tar zxvf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure --prefix=/usr/local
make
make install
cd ../

tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../

tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config

tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd ../

2、编译安装PHP

tar zxvf php-5.6.4.tar.gz 
cd php-5.6.4
cp -frp /usr/lib64/libldap* /usr/lib
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-fpm --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap --enable-opcache
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-production /usr/local/webserver/php/etc/php.ini
cd ../

3、编译安装PHP扩展模块

tar zxvf memcache-2.2.7.tgz
cd memcache-2.2.7
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../

tar zxvf ImageMagick-6.9.0-0.tar.gz
cd ImageMagick-6.9.0-0
./configure
make
make install
cd ../

ln -s /usr/local/include/ImageMagick-6 /usr/local/include/ImageMagick
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
tar zxvf imagick-3.1.2.tgz
cd imagick-3.1.2
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install
cd ../

4、修改php.ini文件
手工修改:

vi /usr/local/webserver/php/etc/php.ini

查找php.ini中的

; extension_dir = "./"

  修改为

extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20131226/"

  注意要去掉extension_dir 前面的分号(;)
并在此行后增加以下几行,然后保存:

extension = "memcache.so"
extension = "imagick.so"

  查找

;always_populate_raw_post_data

  修改为

always_populate_raw_post_data = On

  查找

;cgi.fix_pathinfo=1

  修改为

cgi.fix_pathinfo=0

查找

;date.timezone =

修改为

date.timezone = Asia/Hong_Kong 

说明,timezone可以到这里查找对应的timezone

5、配置OPCache加速PHP:

vi /usr/local/webserver/php/etc/php.ini

查找[opcache],在[opcache]下面加上以下配置信息:

zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20131226/opcache.so"

然后,修改[opcache]已有的配置信息,需要修改的配置信息如下:

; Determines if Zend OPCache is enabled
opcache.enable=1

; Determines if Zend OPCache is enabled for the CLI version of PHP
opcache.enable_cli=1

; The OPcache shared memory storage size.
opcache.memory_consumption=128


; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 100000 are allowed.
opcache.max_accelerated_files=5000

; How often (in seconds) to check file timestamps for changes to the shared
; memory storage allocation. ("1" means validate once per second, but only
; once per request. "0" means always validate)
opcache.revalidate_freq=60


; If enabled, a fast shutdown sequence is used for the accelerated code
opcache.fast_shutdown=1

6、创建www用户和组,以及供blog.abc.com和www.abc.com两个虚拟主机使用的目录:

/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /data0/htdocs/blog
chmod +w /data0/htdocs/blog
chown -R www:www /data0/htdocs/blog
mkdir -p /data0/htdocs/www
chmod +w /data0/htdocs/www
chown -R www:www /data0/htdocs/www

7、创建php-fpm配置文件

cd /usr/local/webserver/php/etc/
rm -f php-fpm.conf.default
vi /usr/local/webserver/php/etc/php-fpm.conf

PHP 5.6.4的php-fpm参考配置文件中的配置拷贝进去:

8、启动php-cgi进程,监听127.0.0.1的9000端口,进程数为128(如果服务器内存小于3GB,可以只开启64个进程),用户为www:

cd /data0/software/php-5.6.4
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod 777 /etc/init.d/php-fpm
ulimit -SHn 65535
/etc/init.d/php-fpm start

php-fpm重启命令

/etc/init.d/php-fpm restart

php-fpm关闭命令

/etc/init.d/php-fpm stop

三、安装Nginx
1、安装Nginx所需的pcre库:

cd /data0/software
tar zxvf pcre-8.36.tar.gz
cd pcre-8.36
./configure
make && make install
cd ../

2、安装Nginx

tar zxvf ngx_openresty-1.7.7.1.tar.gz
cd ngx_openresty-1.7.7.1
./configure --user=www --group=www --prefix=/usr/local/openresty --with-luajit --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_realip_module
gmake
gmake install
cd ../
rm -f /usr/local/webserver/nginx
ln -s /usr/local/openresty/nginx/ /usr/local/webserver/nginx

3、创建Nginx日志目录

mkdir -p /data1/logs
chmod +w /data1/logs
chown -R www:www /data1/logs

4、创建Nginx配置文件
①、在/usr/local/webserver/nginx/conf/目录中创建nginx.conf文件:

rm -f /usr/local/webserver/nginx/conf/nginx.conf
vi /usr/local/webserver/nginx/conf/nginx.conf

输入以下内容:

user  www www;

worker_processes 8;

error_log  /data1/logs/nginx_error.log  crit;

pid        /usr/local/webserver/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
  use epoll;
  worker_connections 65535;
}

http
{
  include       mime.types;
  default_type  application/octet-stream;

  #charset  gb2312;
      
  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;
      
  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;

  tcp_nodelay on;
  server_tokens off;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;

  #limit_zone  crawler  $binary_remote_addr  10m;
  log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent $upstream_response_time $request_time "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host"';

  log_format  wwwlogs  '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent $upstream_response_time $request_time "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host"';
              

  server
  {
    listen       80;
    server_name  blog.abc.com;
    index index.html index.htm index.php;
    root  /data0/htdocs/blog;

    #limit_conn   crawler  20;    
                            
    location ~ .*\.(php|php5)?$
    {      
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      include fcgi.conf;
    }
    
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires      1h;
    }    

    access_log  /data1/logs/access.log  access;
  }

  server
  {
    listen       80;
    server_name  www.abc.com;
    index index.html index.htm index.php;
    root  /data0/htdocs/www;

    location ~ .*\.(php|php5)?$
    {      
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      include fcgi.conf;
    }

    access_log  /data1/logs/wwwlogs.log  wwwlogs;
  }

  server
  {
    listen  80;
    server_name  status.blog.abc.com;

    location / {
    stub_status on;
    access_log   off;
    }
  }
}

②、在/usr/local/webserver/nginx/conf/目录中创建fcgi.conf文件:

vi /usr/local/webserver/nginx/conf/fcgi.conf

输入以下内容:

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

5、启动Nginx

ln -s /usr/local/lib/libpcre.so.1 /usr/lib64/libpcre.so.1
ulimit -SHn 65535
/usr/local/webserver/nginx/sbin/nginx

四、配置开机自动启动Nginx + PHP-FPM
开机启动Nginx

vi /etc/rc.local

在末尾增加以下内容:

ulimit -SHn 65535
/usr/local/webserver/nginx/sbin/nginx

开机启动PHP-FPM

chkconfig --add php-fpm
chkconfig php-fpm on

五、优化Linux内核参数

vi /etc/sysctl.conf

在末尾增加以下内容:

# Add
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog =  32768
net.core.somaxconn = 32768

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024  65535
fs.file-max = 65536

使配置立即生效:

/sbin/sysctl -p

六、增大open files的限制值

vi /etc/security/limits.conf

在“# End of file”上面添加如下:

*  -  nofile  65536

该语句表示:每一个用户的默认打开文件数是65536。
修改完毕之后,重启服务器。然后输入:

ulimit -a

输出结果如下:

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) 1024
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 65536
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 16384
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

只要open files的限制值达到65536,则问题解决。

七、在不停止Nginx服务的情况下平滑变更Nginx配置
1、修改/usr/local/webserver/nginx/conf/nginx.conf配置文件后,请执行以下命令检查配置文件是否正确:

/usr/local/webserver/nginx/sbin/nginx -t

如果屏幕显示以下两行信息,说明配置文件正确:

the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok
the configuration file /usr/local/webserver/nginx/conf/nginx.conf was tested successfully

2、平滑重启:

/usr/local/webserver/nginx/sbin/nginx -s reload

八、编写每天定时切割Nginx日志的脚本
1、创建脚本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh

vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh

输入以下内容:

#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path="/usr/local/webserver/nginx/logs/"

mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`

2、设置crontab,每天凌晨00:00切割nginx访问日志

chmod 755 /usr/local/webserver/nginx/sbin/cut_nginx_log.sh
crontab -e

输入以下内容:

00 00 * * * /bin/bash  /usr/local/webserver/nginx/sbin/cut_nginx_log.sh

除非注明,本博客文章均为原创,转载请以链接形式标明本文地址
本文地址: http://blog.cnwyhx.com/centos-linux-nginx-php-install-v5

Leave a Reply