本文参考张宴的Nginx 0.8.x + PHP 5.2.13（FastCGI）搭建胜过Apache十倍的Web服务器（第6版）[原创]完成。所有操作命令都在CentOS 7.x 64位操作系统下实践成功。
说明：本文以PHP官方的OPCache替代了eaccelerator。

一、获取相关开源程序
1、利用CentOS Linux系统自带的yum命令安装、升级所需的程序库：

sudo -s
LANG=C
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers patch git libtool automake telnet cmake bison bind-utils jwhois setuptool ntsysv iptables iptables-services epel-release psmisc

2、下载适用CentOS程序源码包：
这里用OpenResty（也称为ngx_openresty）代替了标准的Nginx。它是一个全功能的 Web 应用服务器。它打包了标准的Nginx核心，很多的常用的第三方模块，以及它们的大多数依赖项。
从PHP 5.3.3版本起，PHP已经集成php-fpm了，不再是第三方的包了。在编译PHP时./configure的时候带 –enable-fpm参数即可开启PHP-FPM

mkdir -p /data0/software
cd /data0/software
wget https://openresty.org/download/openresty-1.15.8.2.tar.gz
wget http://cn2.php.net/distributions/php-7.3.14.tar.gz
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.16.tar.gz
wget http://jaist.dl.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz
wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz
wget https://libzip.org/download/libzip-1.6.0.tar.gz

二、安装PHP （FastCGI模式）
由于采用了mysqlnd，编译PHP时不再需要先编译MySQL。

1、编译安装PHP所需的支持库

tar zxvf libiconv-1.16.tar.gz
cd /data0/software/libiconv-1.16
./configure --prefix=/usr/local
make
make install
cd ../

tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make
make install
cd ../

ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

yum remove -y libzip
yum install -y cmake3
tar zxvf libzip-1.6.0.tar.gz 
cd libzip-1.6.0
mkdir build && cd build && cmake3 .. && make && make install
cd ../../

2、编译安装PHP

echo /usr/local/lib >> /etc/ld.so.conf
echo /usr/local/lib64 >> /etc/ld.so.conf
ldconfig

tar zxvf php-7.3.14.tar.gz 
cd php-7.3.14
cp -frp /usr/lib64/libldap* /usr/lib
ln -s /usr/lib64/liblber* /usr/lib/
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-fpm --enable-mbstring --with-gd --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap --enable-opcache --enable-exif --enable-sysvmsg
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-production /usr/local/webserver/php/etc/php.ini
cd ../

3、编译安装PHP扩展模块

cd /data0/software/
git clone git://github.com/nicolasff/phpredis
cd phpredis
git submodule init
git submodule update
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make && make install
cd ../

cd /data0/software/
git clone git://github.com/swoole/swoole-src
cd swoole-src
/usr/local/webserver/php/bin/phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config --enable-openssl
make
make install

4、修改php.ini文件
手工修改：

vi /usr/local/webserver/php/etc/php.ini

查找php.ini中的

; extension_dir = "./"

　　修改为

extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20180731/"

　　注意要去掉extension_dir 前面的分号(;)
并在此行后增加以下几行，然后保存：

;extension = "memcache.so"
;extension = "imagick.so"
extension = "redis.so"
extension = "swoole.so"

　　查找

;cgi.fix_pathinfo=1

　　修改为

cgi.fix_pathinfo=0

查找

;date.timezone =

修改为

date.timezone = Asia/Hong_Kong 

说明，timezone可以到这里查找对应的timezone

sed一键修改上述配置：

sed -i 's#;extension_dir = "./"#extension_dir = "/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20180731/"\nextension = "redis.so"\nextension = "swoole.so"\n#' /usr/local/webserver/php/etc/php.ini
sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=0#g" /usr/local/webserver/php/etc/php.ini
sed -i "s#;date.timezone =#date.timezone = Asia/Hong_Kong#g" /usr/local/webserver/php/etc/php.ini

5、配置OPCache加速PHP：

vi /usr/local/webserver/php/etc/php.ini

查找[opcache]，在[opcache]下面加上以下配置信息：

zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20180731/opcache.so"

然后，修改[opcache]已有的配置信息，需要修改的配置信息如下：

; Determines if Zend OPCache is enabled
opcache.enable=1

; Determines if Zend OPCache is enabled for the CLI version of PHP
opcache.enable_cli=1

; The OPcache shared memory storage size.
opcache.memory_consumption=128


; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 100000 are allowed.
opcache.max_accelerated_files=5000

; How often (in seconds) to check file timestamps for changes to the shared
; memory storage allocation. ("1" means validate once per second, but only
; once per request. "0" means always validate)
opcache.revalidate_freq=60

6、创建www用户和组，以及供blog.abc.com和www.abc.com两个虚拟主机使用的目录：

/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
mkdir -p /data0/htdocs/blog
chmod +w /data0/htdocs/blog
chown -R www:www /data0/htdocs/blog
mkdir -p /data0/htdocs/www
chmod +w /data0/htdocs/www
chown -R www:www /data0/htdocs/www

7、创建php-fpm配置文件

cd /usr/local/webserver/php/etc/
mv php-fpm.conf.default php-fpm.conf
vi /usr/local/webserver/php/etc/php-fpm.conf

需要修改的几个地方

pid = run/php-fpm.pid
error_log = log/php-fpm.log
process_control_timeout = 5s
rlimit_files = 65535
rlimit_core = 0

sed一键修改上述配置：

sed -i "s#;pid = run/php-fpm.pid#pid = run/php-fpm.pid#g" /usr/local/webserver/php/etc/php-fpm.conf
sed -i "s#;error_log = log/php-fpm.log#error_log = log/php-fpm.log#g" /usr/local/webserver/php/etc/php-fpm.conf
sed -i "s#;process_control_timeout = 0#process_control_timeout = 5s#g" /usr/local/webserver/php/etc/php-fpm.conf
sed -i "s#;rlimit_files = 1024#rlimit_files = 65535#g" /usr/local/webserver/php/etc/php-fpm.conf
sed -i "s#;rlimit_core = 0#rlimit_core = 0#g" /usr/local/webserver/php/etc/php-fpm.conf

mv php-fpm.d/www.conf.default php-fpm.d/www.conf
vi /usr/local/webserver/php/etc/php-fpm.d/www.conf

需要修改的几个地方

listen.backlog = 128
pm = static
pm.max_children = 128
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 1024
rlimit_core = 0
catch_workers_output = yes

sed一键修改上述配置：

sed -i "s#;listen.backlog = 511#listen.backlog = 128#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#pm = dynamic#pm = static#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#pm.max_children = 5#pm.max_children = 16#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#pm.start_servers = 2#pm.start_servers = 20#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#pm.min_spare_servers = 1#pm.min_spare_servers = 5#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#pm.max_spare_servers = 3#pm.max_spare_servers = 35#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#;pm.max_requests = 500#pm.max_requests = 1024#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#;rlimit_core = 0#rlimit_core = 0#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf
sed -i "s#;catch_workers_output = yes#catch_workers_output = yes#g" /usr/local/webserver/php/etc/php-fpm.d/www.conf

8、启动php-cgi进程，监听127.0.0.1的9000端口，进程数为128（如果服务器内存小于3GB，可以只开启64个进程），用户为www：

拷贝php-fpm.service到/usr/lib/systemd/system/

cp /data0/software/php-7.3.14/sapi/fpm/php-fpm.service /usr/lib/systemd/system/
ulimit -SHn 65535
systemctl start php-fpm.service

php-fpm重启命令

systemctl restart php-fpm.service

php-fpm关闭命令

systemctl stop php-fpm.service

三、安装Nginx
1、安装Nginx所需的pcre库：

cd /data0/software
tar zxvf pcre-8.43.tar.gz
cd pcre-8.43
./configure
make && make install
cd ../

2、安装Nginx

tar zxvf openresty-1.15.8.2.tar.gz
cd openresty-1.15.8.2
./configure --user=www --group=www --prefix=/usr/local/openresty --with-luajit --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_realip_module --with-http_v2_module
gmake
gmake install
cd ../
rm -f /usr/local/webserver/nginx
ln -s /usr/local/openresty/nginx/ /usr/local/webserver/nginx

3、创建Nginx日志目录

mkdir -p /data1/logs
chmod +w /data1/logs
chown -R www:www /data1/logs

4、创建Nginx配置文件
①、在/usr/local/webserver/nginx/conf/目录中创建nginx.conf文件：

rm -f /usr/local/webserver/nginx/conf/nginx.conf
vi /usr/local/webserver/nginx/conf/nginx.conf

输入以下内容:

user  www www;

worker_processes 8;

error_log  /data1/logs/nginx_error.log  crit;

pid        /usr/local/webserver/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
  use epoll;
  worker_connections 65535;
}

http
{
  include       mime.types;
  default_type  application/octet-stream;

  #charset  gb2312;
      
  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;
      
  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;

  tcp_nodelay on;
  server_tokens off;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml application/javascript;
  gzip_vary on;

  #limit_zone  crawler  $binary_remote_addr  10m;
  log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent $upstream_response_time $request_time "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host"';

  log_format  wwwlogs  '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent $upstream_response_time $request_time "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host"';
              

  server
  {
    listen       80;
    server_name  blog.abc.com;
    index index.html index.htm index.php;
    root  /data0/htdocs/blog;

    #limit_conn   crawler  20;    
                            
    location ~ .*\.(php|php5)?$
    {      
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      include fcgi.conf;
    }
    
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires      1h;
    }    

    access_log  /data1/logs/access.log  access;
  }

  server
  {
    listen       80 default;
    server_name  _;
    index index.html index.htm index.php;
    root  /data0/htdocs/www;

    location ~ .*\.(php|php5)?$
    {      
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index index.php;
      include fcgi.conf;
    }

    access_log  /data1/logs/wwwlogs.log  wwwlogs;
  }

  server
  {
    listen  80;
    server_name  status.blog.abc.com;

    location / {
    stub_status on;
    access_log   off;
    }
  }
}

②、在/usr/local/webserver/nginx/conf/目录中创建fcgi.conf文件：

vi /usr/local/webserver/nginx/conf/fcgi.conf

输入以下内容：

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

5、启动Nginx

vi /usr/lib/systemd/system/nginx.service

在末尾增加以下内容：

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target
  
[Service]
Type=forking
PIDFile=/usr/local/webserver/nginx/nginx.pid
ExecStart=/usr/local/webserver/nginx/sbin/nginx
ExecReload=/usr/local/webserver/nginx/sbin/nginx -s reload
[Install]
WantedBy=multi-user.target

启动nginx

ln -s /usr/local/lib/libpcre.so.1 /usr/lib64/libpcre.so.1
ulimit -SHn 65535
systemctl start nginx.service

四、配置开机自动启动Nginx + PHP-FPM
开机启动nginx和PHP-FPM

systemctl enable nginx.service
systemctl enable php-fpm.service

五、优化Linux内核参数

vi /etc/sysctl.conf

在末尾增加以下内容：

# Add
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog =  32768
net.core.somaxconn = 32768

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800

#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024  65535
fs.file-max = 65536
net.ipv4.ip_forward=1

使配置立即生效：

/sbin/sysctl -p

六、增大open files的限制值

vi /etc/security/limits.conf

在“# End of file”上面添加如下：

*  -  nofile  65536

该语句表示：每一个用户的默认打开文件数是65536。
修改完毕之后，重启服务器。然后输入：

ulimit -a

输出结果如下：

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) 1024
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 65536
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 16384
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

只要open files的限制值达到65536，则问题解决。

七、在不停止Nginx服务的情况下平滑变更Nginx配置
1、修改/usr/local/webserver/nginx/conf/nginx.conf配置文件后，请执行以下命令检查配置文件是否正确：

/usr/local/webserver/nginx/sbin/nginx -t

如果屏幕显示以下两行信息，说明配置文件正确：

the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok
the configuration file /usr/local/webserver/nginx/conf/nginx.conf was tested successfully

2、平滑重启：

/usr/local/webserver/nginx/sbin/nginx -s reload

八、编写每天定时切割Nginx日志的脚本
1、创建脚本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh

vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh

输入以下内容：

#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path="/data1/logs/"
files=`ls ${logs_path}`

mkdir -p ${logs_path}$(date -d "-1 day" +"%Y")/$(date -d "-1 day" +"%m")/

for i in $files
do
    if [ -f ${logs_path}${i} ]
    then
        is=`echo $i | sed 's/\.log$//g'`
        mv ${logs_path}${i} ${logs_path}$(date -d "-1 day" +"%Y")/$(date -d "-1 day" +"%m")/${is}-$(date -d "-1 day" +"%Y%m%d").log
    fi
done

kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid`

2、设置crontab，每天凌晨00:00切割nginx访问日志

chmod 755 /usr/local/webserver/nginx/sbin/cut_nginx_log.sh
crontab -e

输入以下内容：

00 00 * * * /bin/bash  /usr/local/webserver/nginx/sbin/cut_nginx_log.sh

除非注明，本博客文章均为原创，转载请以链接形式标明本文地址
本文地址： http://blog.cnwyhx.com/centos7-linux-nginx-php7-install-v2