本文参考张宴的Nginx 0.8.x + PHP 5.2.13(FastCGI)搭建胜过Apache十倍的Web服务器(第6版)[原创]完成。所有操作命令都在CentOS 7.x 64位操作系统下实践成功。
说明:本文以PHP官方的OPCache替代了eaccelerator。
一、获取相关开源程序
1、利用CentOS Linux系统自带的yum命令安装、升级所需的程序库:
sudo -s LANG=C yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers patch git libtool automake telnet cmake bison bind-utils jwhois setuptool ntsysv iptables iptables-services epel-release psmisc
2、下载适用CentOS程序源码包:
这里用OpenResty(也称为ngx_openresty)代替了标准的Nginx。它是一个全功能的 Web 应用服务器。它打包了标准的Nginx核心,很多的常用的第三方模块,以及它们的大多数依赖项。
从PHP 5.3.3版本起,PHP已经集成php-fpm了,不再是第三方的包了。在编译PHP时./configure的时候带 –enable-fpm参数即可开启PHP-FPM
mkdir -p /data0/software cd /data0/software wget https://openresty.org/download/openresty-1.15.8.2.tar.gz wget http://cn2.php.net/distributions/php-7.3.14.tar.gz wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.16.tar.gz wget http://jaist.dl.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz wget https://libzip.org/download/libzip-1.6.0.tar.gz
二、安装PHP (FastCGI模式)
由于采用了mysqlnd,编译PHP时不再需要先编译MySQL。
1、编译安装PHP所需的支持库
tar zxvf libiconv-1.16.tar.gz cd /data0/software/libiconv-1.16 ./configure --prefix=/usr/local make make install cd ../ tar zxvf mhash-0.9.9.9.tar.gz cd mhash-0.9.9.9/ ./configure make make install cd ../ ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 yum remove -y libzip yum install -y cmake3 tar zxvf libzip-1.6.0.tar.gz cd libzip-1.6.0 mkdir build && cd build && cmake3 .. && make && make install cd ../../
2、编译安装PHP
echo /usr/local/lib >> /etc/ld.so.conf echo /usr/local/lib64 >> /etc/ld.so.conf ldconfig
tar zxvf php-7.3.14.tar.gz cd php-7.3.14 cp -frp /usr/lib64/libldap* /usr/lib ln -s /usr/lib64/liblber* /usr/lib/ ./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-fpm --enable-mbstring --with-gd --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap --enable-opcache --enable-exif --enable-sysvmsg make ZEND_EXTRA_LIBS='-liconv' make install cp php.ini-production /usr/local/webserver/php/etc/php.ini cd ../
3、编译安装PHP扩展模块
cd /data0/software/ git clone git://github.com/nicolasff/phpredis cd phpredis git submodule init git submodule update /usr/local/webserver/php/bin/phpize ./configure --with-php-config=/usr/local/webserver/php/bin/php-config make && make install cd ../ cd /data0/software/ git clone git://github.com/swoole/swoole-src cd swoole-src /usr/local/webserver/php/bin/phpize ./configure --with-php-config=/usr/local/webserver/php/bin/php-config --enable-openssl make make install
4、修改php.ini文件
手工修改:
vi /usr/local/webserver/php/etc/php.ini
查找php.ini中的
; extension_dir = "./"
修改为
extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20180731/"
注意要去掉extension_dir 前面的分号(;)
并在此行后增加以下几行,然后保存:
;extension = "memcache.so" ;extension = "imagick.so" extension = "redis.so" extension = "swoole.so"
查找
;cgi.fix_pathinfo=1
修改为
cgi.fix_pathinfo=0
查找
;date.timezone =
修改为
date.timezone = Asia/Hong_Kong
说明,timezone可以到这里查找对应的timezone
sed一键修改上述配置:
sed -i 's#;extension_dir = "./"#extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20180731/"\nextension = "redis.so"\nextension = "swoole.so"\n#' /usr/local/webserver/php/etc/php.ini sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=0#g" /usr/local/webserver/php/etc/php.ini sed -i "s#;date.timezone =#date.timezone = Asia/Hong_Kong#g" /usr/local/webserver/php/etc/php.ini
5、配置OPCache加速PHP:
vi /usr/local/webserver/php/etc/php.ini
查找[opcache],在[opcache]下面加上以下配置信息:
zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20180731/opcache.so"
然后,修改[opcache]已有的配置信息,需要修改的配置信息如下:
; Determines if Zend OPCache is enabled opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP opcache.enable_cli=1 ; The OPcache shared memory storage size. opcache.memory_consumption=128 ; The maximum number of keys (scripts) in the OPcache hash table. ; Only numbers between 200 and 100000 are allowed. opcache.max_accelerated_files=5000 ; How often (in seconds) to check file timestamps for changes to the shared ; memory storage allocation. ("1" means validate once per second, but only ; once per request. "0" means always validate) opcache.revalidate_freq=60
6、创建www用户和组,以及供blog.abc.com和www.abc.com两个虚拟主机使用的目录:
/usr/sbin/groupadd www /usr/sbin/useradd -g www www mkdir -p /data0/htdocs/blog chmod +w /data0/htdocs/blog chown -R www:www /data0/htdocs/blog mkdir -p /data0/htdocs/www chmod +w /data0/htdocs/www chown -R www:www /data0/htdocs/www
7、创建php-fpm配置文件
cd /usr/local/webserver/php/etc/ mv php-fpm.conf.default php-fpm.conf vi /usr/local/webserver/php/etc/php-fpm.conf
需要修改的几个地方
pid = run/php-fpm.pid error_log = log/php-fpm.log process_control_timeout = 5s rlimit_files = 65535 rlimit_core = 0
sed一键修改上述配置:
sed -i "s#;pid = run/php-fpm.pid#pid = run/php-fpm.pid#g" /usr/local/webserver/php/etc/php-fpm.conf sed -i "s#;error_log = log/php-fpm.log#error_log = log/php-fpm.log#g" /usr/local/webserver/php/etc/php-fpm.conf sed -i "s#;process_control_timeout = 0#process_control_timeout = 5s#g" /usr/local/webserver/php/etc/php-fpm.conf sed -i "s#;rlimit_files = 1024#rlimit_files = 65535#g" /usr/local/webserver/php/etc/php-fpm.conf sed -i "s#;rlimit_core = 0#rlimit_core = 0#g" /usr/local/webserver/php/etc/php-fpm.conf
mv php-fpm.d/www.conf.default php-fpm.d/www.conf vi /usr/local/webserver/php/etc/php-fpm.d/www.conf
需要修改的几个地方
listen.backlog = 128 pm = static pm.max_children = 128 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 1024 rlimit_core = 0 catch_workers_output = yes
sed一键修改上述配置:
sed -i "s#;listen.backlog = 511#listen.backlog = 128#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#pm = dynamic#pm = static#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#pm.max_children = 5#pm.max_children = 16#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#pm.start_servers = 2#pm.start_servers = 20#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#pm.min_spare_servers = 1#pm.min_spare_servers = 5#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#pm.max_spare_servers = 3#pm.max_spare_servers = 35#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#;pm.max_requests = 500#pm.max_requests = 1024#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#;rlimit_core = 0#rlimit_core = 0#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf sed -i "s#;catch_workers_output = yes#catch_workers_output = yes#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
8、启动php-cgi进程,监听127.0.0.1的9000端口,进程数为128(如果服务器内存小于3GB,可以只开启64个进程),用户为www:
拷贝php-fpm.service到/usr/lib/systemd/system/
cp /data0/software/php-7.3.14/sapi/fpm/php-fpm.service /usr/lib/systemd/system/ ulimit -SHn 65535 systemctl start php-fpm.service
php-fpm重启命令
systemctl restart php-fpm.service
php-fpm关闭命令
systemctl stop php-fpm.service
三、安装Nginx
1、安装Nginx所需的pcre库:
cd /data0/software tar zxvf pcre-8.43.tar.gz cd pcre-8.43 ./configure make && make install cd ../
2、安装Nginx
tar zxvf openresty-1.15.8.2.tar.gz cd openresty-1.15.8.2 ./configure --user=www --group=www --prefix=/usr/local/openresty --with-luajit --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_realip_module --with-http_v2_module gmake gmake install cd ../ rm -f /usr/local/webserver/nginx ln -s /usr/local/openresty/nginx/ /usr/local/webserver/nginx
3、创建Nginx日志目录
mkdir -p /data1/logs chmod +w /data1/logs chown -R www:www /data1/logs
4、创建Nginx配置文件
①、在/usr/local/webserver/nginx/conf/目录中创建nginx.conf文件:
rm -f /usr/local/webserver/nginx/conf/nginx.conf vi /usr/local/webserver/nginx/conf/nginx.conf
输入以下内容:
user www www; worker_processes 8; error_log /data1/logs/nginx_error.log crit; pid /usr/local/webserver/nginx/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; #charset gb2312; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; server_tokens off; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml application/javascript; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent $upstream_response_time $request_time "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host"'; log_format wwwlogs '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent $upstream_response_time $request_time "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host"'; server { listen 80; server_name blog.abc.com; index index.html index.htm index.php; root /data0/htdocs/blog; #limit_conn crawler 20; location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 1h; } access_log /data1/logs/access.log access; } server { listen 80 default; server_name _; index index.html index.htm index.php; root /data0/htdocs/www; location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } access_log /data1/logs/wwwlogs.log wwwlogs; } server { listen 80; server_name status.blog.abc.com; location / { stub_status on; access_log off; } } }
②、在/usr/local/webserver/nginx/conf/目录中创建fcgi.conf文件:
vi /usr/local/webserver/nginx/conf/fcgi.conf
输入以下内容:
fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
5、启动Nginx
vi /usr/lib/systemd/system/nginx.service
在末尾增加以下内容:
[Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network.target [Service] Type=forking PIDFile=/usr/local/webserver/nginx/nginx.pid ExecStart=/usr/local/webserver/nginx/sbin/nginx ExecReload=/usr/local/webserver/nginx/sbin/nginx -s reload [Install] WantedBy=multi-user.target
启动nginx
ln -s /usr/local/lib/libpcre.so.1 /usr/lib64/libpcre.so.1 ulimit -SHn 65535 systemctl start nginx.service
四、配置开机自动启动Nginx + PHP-FPM
开机启动nginx和PHP-FPM
systemctl enable nginx.service systemctl enable php-fpm.service
五、优化Linux内核参数
vi /etc/sysctl.conf
在末尾增加以下内容:
# Add net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 #net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 1024 65535 fs.file-max = 65536 net.ipv4.ip_forward=1
使配置立即生效:
/sbin/sysctl -p
六、增大open files的限制值
vi /etc/security/limits.conf
在“# End of file”上面添加如下:
* - nofile 65536
该语句表示:每一个用户的默认打开文件数是65536。
修改完毕之后,重启服务器。然后输入:
ulimit -a
输出结果如下:
core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited pending signals (-i) 1024 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 65536 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 16384 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
只要open files的限制值达到65536,则问题解决。
七、在不停止Nginx服务的情况下平滑变更Nginx配置
1、修改/usr/local/webserver/nginx/conf/nginx.conf配置文件后,请执行以下命令检查配置文件是否正确:
/usr/local/webserver/nginx/sbin/nginx -t
如果屏幕显示以下两行信息,说明配置文件正确:
the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok the configuration file /usr/local/webserver/nginx/conf/nginx.conf was tested successfully
2、平滑重启:
/usr/local/webserver/nginx/sbin/nginx -s reload
八、编写每天定时切割Nginx日志的脚本
1、创建脚本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh
vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh
输入以下内容:
#!/bin/bash # This script run at 00:00 # The Nginx logs path logs_path="/data1/logs/" files=`ls ${logs_path}` mkdir -p ${logs_path}$(date -d "-1 day" +"%Y")/$(date -d "-1 day" +"%m")/ for i in $files do if [ -f ${logs_path}${i} ] then is=`echo $i | sed 's/\.log$//g'` mv ${logs_path}${i} ${logs_path}$(date -d "-1 day" +"%Y")/$(date -d "-1 day" +"%m")/${is}-$(date -d "-1 day" +"%Y%m%d").log fi done kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`
2、设置crontab,每天凌晨00:00切割nginx访问日志
chmod 755 /usr/local/webserver/nginx/sbin/cut_nginx_log.sh crontab -e
输入以下内容:
00 00 * * * /bin/bash /usr/local/webserver/nginx/sbin/cut_nginx_log.sh
除非注明,本博客文章均为原创,转载请以链接形式标明本文地址
本文地址: http://blog.cnwyhx.com/centos7-linux-nginx-php7-install-v2