Centos5.2 configuring lamp and centos5.3 configuring lamp

Time:2021-12-9

The whole process of configuring lamp for centos5.2 at 22:00 on March 30, 2009 is divided into seven parts

1: System conventions
2: Basic system settings
3: Download Software
4: Install the necessary software
5: Compile and install software
6: Configuring Apache PHP
7: Test (through the installation of phpinfo, phpMyAdmin and SugarCRM)

1: System conventions
Using CentOS 5.2 CD,
Storage location of software source code package / usr / local / SRC
Source package compilation and installation location (prefix) / usr / local / software_ name
Mysql database location / data / MySQL / data
Apache website root directory / data / www / wwwroot (the virtual host is in this directory)
Apache virtual host log root directory / data / www / logs
Apache running account WWW:
Create two virtual hosts test.com linux.com

All configuration file modifications are backed up. The backup name is. Save

The following experiment is to create a RedHat As5 VM with VMware station 6 and install CentOS 5.2. When installing, select the installation language to be English, use text to install, and select the minimized installation.

Update from Yum to local CD, which is faster.

Basic settings of my machine

IP:192.168.1.200/255.255.255.0

Gateway: 192.16.1.1

DNS:192.168.1.1

hostname:ns1

2: Basic system settings

I have made a script of all the contents that need to be configured, which only needs to be run once.

cd /usr/local/src
vi /usr/local/src/init.sh

#####################

#Diabe IPV6
cp /etc/modprobe.conf /etc/modprobe.conf.save
echo “alias net-pf-10 off” >> /etc/modprobe.conf
echo “alias ipv6 off” >> /etc/modprobe.conf

#SSH
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.save
sed -i ‘/#PermitRootLogin/s/#PermitRootLogin/PermitRootLogin/’ /etc/ssh/sshd_config
sed -i -e ‘74 s/^/#/’ -i -e ‘76 s/^/#/’ /etc/ssh/sshd_config
sed -i “s/#UseDNS yes/UseDNS no/” /etc/ssh/sshd_config
sed -i -e ‘44 s/^/#/’ -i -e ‘48 s/^/#/’ /etc/ssh/sshd_config
/etc/init.d/sshd restart

#Stop the “beep”

cp /etc/inputrc /etc/inputrc.save
sed -i ‘/#set bell-style none/s/#set bell-style none/set bell-style none/’ /etc/inputrc

#Close SELinux

cp /etc/sysconfig/selinux /etc/sysconfig/selinux.save
sed -i ‘/SELINUX=enforcing/s/SELINUX=enforcing/SELINUX=disabled/’ /etc/sysconfig/selinux

#Load optical drive

mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
echo “mount /dev/cdrom /mnt/cdrom” >> /etc/rc.local

#Set Yum to use local disc

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.save
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo.save
echo “[DVDISO]” >> /etc/yum.repos.d/dvdiso.repo
echo “name=DVD ISO” >> /etc/yum.repos.d/dvdiso.repo
echo “baseurl=file:///mnt/cdrom/” >> /etc/yum.repos.d/dvdiso.repo
echo “enabled=1″ >> /etc/yum.repos.d/dvdiso.repo
echo “gpgcheck=0″ >> /etc/yum.repos.d/dvdiso.repo

#VIM settings

yum -y install vim-enhanced
mv /bin/vi /bin/vi.save
ln -s /usr/bin/vim /bin/vi
cp /etc/vimrc /etc/vimrc.save
sed -i “39 s/^/ set number \n filetype on\n set history=1000\n syntax on\n set tabstop=4\n set showmatch\n set vb t_vb=\n set mouse=a\n set ignorecase\n set autowrite\n /” /etc/vimrc

#Time setting
yum -y install ntp
ntpdate 210.72.145.44 && clock -w

#Install common software

yum -y install wget unzip

#Stop unnecessary services
chkconfig –list |grep 3:on |awk ‘{print $1}’ |egrep -v ’sshd|network|syslog’ |xargs -i{} chkconfig –level 3 {} off
chkconfig –list | grep 3:on | cut -f1

#Restart
init 6
####################

sh init.sh

3: Download Software

cd /usr/local/src
vi list

http://download.filehat.com/apache/httpd/httpd-2.2.8.tar.gz
http://opensource.nchc.org.tw/COSA/CNS4/cronolog-1.6.2.tar.gz
http://www.libgd.org/releases/gd-2.0.35.tar.bz2
http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz
http://mirror.optus.net/sourcefo … mcrypt-2.5.8.tar.gz
http://jaist.dl.sourceforge.net/ … mcrypt-2.6.7.tar.gz
http://www.openssl.org/source/openssl-0.9.8h.tar.gz
http://openbsd.md5.com.ar/pub/Op … penssh-5.0p1.tar.gz
http://mysql.byungsoo.net/Downlo … ysql-5.0.51b.tar.gz
http://cn2.php.net/get/php-5.2.6.tar.bz2/from/this/mirror
http://downloads.phpchina.com/ze … glibc23-i386.tar.gz
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
http://puzzle.dl.sourceforge.net … s-utf-8-only.tar.gz
http://dl.sugarforge.org/sugarcr … 0/SugarCE-5.1.0.zip
http://mirror.optus.net/sourceforge/m/mh/mhash/mhash-0.9.9.tar.gz

wget -i list

4: Install the necessary software

Install using Yum or up2date

yum -y install gcc make patch gcc-c++ gcc-g77 flex bison autoconf automake \
libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel libtiff-devel fontconfig-devel libXpm-devel gettext-devel pam-devel pcre-devel libtool libtool-ltdl

5: Compile and install software

In fact, you can copy the following content to a text, such as install.sh, which I have tested and run for nearly an hour. It is estimated that it is the reason why I am on the VM runway. The premise is that the software you download is the same as mine, that is, the software is downloaded through the above.

cd /usr/local/src
vi install.sh
###############################################

#Install OpenSSL
cd /usr/local/src
tar zxvf openssl-0.9.8h.tar.gz
cd openssl-0.9.8h
./config shared zlib
make
make test
make install
mv /usr/bin/openssl /usr/bin/openssl.save
mv /usr/include/openssl /usr/include/openssl.save
mv /usr/lib/libssl.so /usr/lib/libssl.so.save
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ln -sv /usr/local/ssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so
cd ..

#Configuration library file search path
echo “/usr/local/ssl/lib” >> /etc/ld.so.conf
ldconfig -v

#Test installation results
openssl version

#Install openssh

tar xvf openssh-5.0p1.tar.gz

cd openssh-5.0p1

./configure \
”–prefix=/usr” \
”–with-pam” \
”–with-zlib” \
”–sysconfdir=/etc/ssh” \
”–with-ssl-dir=/usr/local/ssl” \
”–with-md5-passwords”

make
make install

cd ..

service sshd restart

ssh -v

#Install GD

tar jxvf gd-2.0.35.tar.bz2
cd gd-2.0.35
aclocal
./configure –prefix=/usr/local/gd2
make && make install
cd ..

#Install libmcrypt

tar zxvf libmcrypt-2.5.8.tar.gz

cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure –enable-ltdl-install
make
make install
cd ../../

cp /usr/local/lib/libmcrypt.* /usr/lib

#Install libiconv

tar zxvf libiconv-1.12.tar.gz

cd libiconv-1.12/
./configure –prefix=/usr/local
make
make install
cd ../

ln -s /usr/local/lib/libiconv.so.2 /usr/lib/

#Install mhash

tar zxvf mhash-0.9.9.tar.gz
cd mhash-0.9.9/
./configure
make
make install
cd ../
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2

#Install mcrypt

tar zxvf mcrypt-2.6.7.tar.gz
cd mcrypt-2.6.7/
./configure
make
make install
cd ../

#Install cronolog

tar xvf cronolog-1.6.2.tar.gz

cd cronolog-1.6.2

./configure –prefix=/usr/local/cronolog

make && make install

cd ..

#Install IMAP

tar zxf imap.tar.Z
cd imap-2007b
make lr5 PASSWDTYPE=std SSLTYPE=unix.nopwd IP6=4
echo “set disable-plaintext nil” > /etc/c-client.cf
mkdir /usr/local/imap-2007b
mkdir /usr/local/imap-2007b/include/
mkdir /usr/local/imap-2007b/lib/
chmod -R 077 /usr/local/imap-2007b
rm -rf /usr/local/imap-2007b/include/*
rm -rf /usr/local/imap-2007b/lib/*
rm -rf /usr/sbin/imapd
cp imapd/imapd /usr/sbin/
cp c-client/*.h /usr/local/imap-2007b/include/
cp c-client/*.c /usr/local/imap-2007b/lib/
cp c-client/c-client.a /usr/local/imap-2007b/lib/libc-client.a

cd ..

#Install MySQL

tar zxvf mysql-5.0.51b.tar.gz

cd mysql-5.0.51b

./configure \
“–prefix=/usr/local/mysql” \
“–localstatedir=/data/mysql/data” \
“–with-comment=Source” \
“–with-server-suffix=-test.com” \
“–with-mysqld-user=mysql” \
“–without-debug” \
“–with-big-tables” \
“–with-charset=gbk” \
“–with-collation=gbk_chinese_ci” \
“–with-extra-charsets=all” \
“–with-pthread” \
“–enable-static” \
“–enable-thread-safe-client” \
“–with-client-ldflags=-all-static” \
“–with-mysqld-ldflags=-all-static” \
“–enable-assembler” \
“–without-isam” \
“–without-innodb” \
“–without-ndb-debug”
make && make install
useradd mysql -d /data/mysql -s /sbin/nologin
/usr/local/mysql/bin/mysql_install_db –user=mysql
cd /usr/local/mysql
chown -R root:mysql .
chown -R mysql /data/mysql/data
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig –add mysqld
/etc/rc.d/init.d/mysqld start

cd /usr/local/mysql/bin
for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done

cd /usr/local/src

mysqladmin -u root password chenshake

#Install Apache

tar zxvf httpd-2.2.8.tar.gz
cd httpd-2.2.8
./configure \
“–prefix=/usr/local/apache2″ \
“–with-included-apr” \
“–enable-so” \
“–enable-deflate=shared” \
“–enable-expires=shared” \
“–enable-rewrite=shared” \
“–enable-static-support” \
“–disable-userdir”
make
make install
cd ..

#Install PHP

tar jxvf php-5.2.6.tar.bz2
cd php-5.2.6
./configure \
“–prefix=/usr/local/php” \
“–with-apxs2=/usr/local/apache2/bin/apxs” \
“–with-config-file-path=/usr/local/php/etc” \
“–with-mysql=/usr/local/mysql” \
“–with-gd=/usr/local/gd2″ \
“–with-libxml-dir=/usr” \
“–with-jpeg-dir” \
“–with-png-dir” \
“–with-freetype-dir” \
“–with-zlib ” \
–with-iconv-dir=/usr/local \
“–with-openssl=/usr/local/ssl” \
“–with-curl ” \
“–with-curlwrappers ” \
“–with-mcrypt” \
“–with-imap=/usr/local/imap-2007b” \
“–with-kerberos” \
“–with-bz2″ \
“–enable-soap” \
“–enable-gd-native-ttf” \
“–enable-ftp” \
“–enable-mbstring” \
“–enable-exif” \
“–disable-ipv6″ \
“–disable-cgi” \
“–disable-cli”

make
make install
mkdir /usr/local/php/etc
cp php.ini-dist /usr/local/php/etc/php.ini
cd ..

#Install Zend optimizer (do not choose to restart Apache at the end of the Zend optimizer installation process.)

tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
cd ZendOptimizer-3.3.3-linux-glibc23-i386
./install.sh

##########################################################################

sh install.sh

So far, I can’t complete the script automatically because of Zend settings. You can only set it manually. If anyone knows how to do it, please give instructions. Pay attention to the location of php.ini / usr / local / PHP / etc/

#Set the storage location of the session and modify the size of the last PHP file. The maximum file size is 25m

cp /usr/local/Zend/etc/php.ini /usr/local/Zend/etc/php.ini.save
sed -i -e ‘991 s/;//’ /usr/local/Zend/etc/php.ini
sed -i ’s/post_max_size = 8M/ post_max_size = 30M/g’ /usr/local/Zend/etc/php.ini
sed -i ’s/upload_max_filesize = 2M/ upload_max_filesize = 25M/g’ /usr/local/Zend/etc/php.ini
cd /usr/local/src

6: Configuring Apache PHP

Create the Apache startup script. The startup script brought in the Apache compilation package has a disadvantage. There is no prompt for start and stop, so it is more convenient to use the following one.

vi /etc/init.d/httpd

###################################

#!/bin/bash
#
# Startup script for the Apache Web Server
#
# chkconfig: – 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache2/logs/httpd.pid
# config: /usr/local/apache2/conf/httpd.conf

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=””

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache2/bin/apachectl
httpd=/usr/local/apache2/bin/httpd
pid=/usr/local/apache2/logs/httpd.pid
prog=httpd
RETVAL=0

# The semantics of these two functions differ from the way apachectl does
# things — attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $”Starting $prog: “
daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
return $RETVAL
}
stop() {
echo -n $”Stopping $prog: “
killproc $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd $pid
}
reload() {
echo -n $”Reloading $prog: “
killproc $httpd -HUP
RETVAL=$?
echo
}

# See how we were called.
case “$1″ in
start)
start
;;
stop)
stop
;;
status)
status $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f $pid ] ; then
stop
start
fi
;;
reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl [email protected]
RETVAL=$?
;;
*)
echo $”Usage: $prog {start|stop|restart|condrestart|reload|status”
echo $”|fullstatus|graceful|help|configtest}”
exit 1
esac

exit $RETVAL

###########################

Set runnable and boot

chmod +x /etc/rc.d/init.d/httpd
chkconfig –add httpd
chkconfig –level 3 httpd on

Configuring Apache

groupadd www -g 48
useradd -u 48 -g www www
mkdir -p /data/www/wwwroot/linux.com
mkdir -p /data/www/wwwroot/test.com
mkdir -p /data/logs
chmod +w /data/www/wwwroot
chown -R www:www /data/www/wwwroot
cp /usr/local/apache2/conf/httpd.conf /usr/local/apache2/conf/httpd.conf.save

Edit httpd.conf

sed -i -e ‘121 s/^/#/’ -i -e ‘122 s/^/#/’ /usr/local/apache2/conf/httpd.conf
sed -i -e “s/User daemon/User www/” -i -e “s/Group daemon/Group www/” /usr/local/apache2/conf/httpd.conf
sed -i ’s/DirectoryIndex index.html/ DirectoryIndex index.php index.html index.htm/g’ /usr/local/apache2/conf/httpd.conf
sed -i -e ‘101 s/^#//g’ -i -e ‘374 s/^#//g’ -i -e ‘389 s/^#//g’ -i -e ‘392 s/^#//g’ -i -e ‘401 s/^#//g’ /usr/local/apache2/conf/httpd.conf
sed -i “58 s/^/AddType application\/x-httpd-php .php/” /usr/local/apache2/conf/httpd.conf

Edit php.ini

cp /usr/local/php/etc/php.ini /usr/local/php/etc/php.ini.save
sed -i ‘205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g’ /usr/local/php/etc/php.ini
sed -i ‘/expose_php/s/On/Off/’ /usr/local/php/etc/php.ini
sed -i ‘/display_errors/s/On/Off/’ /usr/local/php/etc/php.ini

Configure virtual host

Backup related configuration files

mv /usr/local/apache2/conf/extra/httpd-vhosts.conf /usr/local/apache2/conf/extra/httpd-vhosts.conf.save
mv /usr/local/apache2/conf/extra/httpd-default.conf /usr/local/apache2/conf/extra/httpd-default.conf.save
mv /usr/local/apache2/conf/extra/httpd-mpm.conf /usr/local/apache2/conf/extra/httpd-mpm.conf.save

Create 3 Apache related files

vi /usr/local/apache2/conf/extra/httpd-vhosts.conf

NameVirtualHost *:80

ServerAdmin [email protected]
DocumentRoot “/data/www/wwwroot/test.com”
ServerName test.com
ServerAlias bbs.test.com
ErrorLog “logs/test.com-error_log”
CustomLog “|/usr/local/cronolog/sbin/cronolog /data/logs/access_www.test.com.%Y%m%d” combined

ServerAdmin [email protected]
DocumentRoot “/data/www/wwwroot/linux.com”
ServerName linux.com
ServerAlias bbs.linux.com
ErrorLog “logs/linux.com-error_log”
CustomLog “|/usr/local/cronolog/sbin/cronolog /data/logs/access_www.linux.com.%Y%m%d” combined

vi /usr/local/apache2/conf/extra/httpd-default.conf

Timeout 15
KeepAlive Off
MaxKeepAliveRequests 50
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off

vi /usr/local/apache2/conf/extra/httpd-mpm.conf

ServerLimit 2000
StartServers 10
MinSpareServers 10
MaxSpareServers 15
MaxClients 2000
MaxRequestsPerChild 10000

7: Testing

Modify local hosts file
192.168.1.200 www.test.com

Start Apache

service httpd start

Copy code

Test PHP

cd /data/www/wwwroot/test.com
vi info.php

phpinfo()

?>

This time http://192.168.1.200/info.php Or http://www.test.com/info.php You can see the information of PHP.

Installing phpadmin

cd /usr/local/src
tar zxvf phpMyAdmin-2.11.8.1-all-languages-utf-8-only.tar.gz
cp -rf phpMyAdmin-2.11.8.1-all-languages-utf-8-only /data/www/wwwroot/test.com/phpmyadmin
cd /data/www/wwwroot/test.com/phpmyadmin

cp config.sample.inc.php config.inc.php

sed -i -e “/^\$cfg\[‘blowfish_secret’\]/{ [email protected]”;@’88888888888888888′;@; }” config.inc.php

At this time, you can pass http://192.168.1.200/phpmyadmin Or http://www.test.com/phpmyadmin For database management, I have set the password for MySQL above.

user:root
password:chenshake

Installing SugarCRM

The mail module of SugarCRM needs IMAP and SSL, so I need to compile IMAP and curl modules when compiling

cd /usr/local/src
unzip SugarCE-5.1.0.zip
mv SugarCE-Full-5.1.0/ /data/www/wwwroot/test.com/sugarcrm
chmod -R 777 /data/www/wwwroot/test.com/sugarcrm/

Discuss issues with 300000 Linux enthusiasts!

[6 netizens have expressed their views] [Print] [Close]

Relevant comments
Author: isosdw release date: July 29, 2009
be the same in essentials while differing in minor points
Author: baizx release date: July 29, 2009
Please tell me the actual content, such as how to change and where to change ~ ~ ~ thank you
Author: baizx release date: August 5, 2009
Er, turn to 5.3. I found it recently

CentOS 5 full function WWW server building tutorial v3.0
1、 Basic system installation
1. Download CentOS 5
I downloaded the DVD version. You can also download the server CD installation version. In fact, they are almost the same. You can download it here. It’s very fast.
http://ftp.iasi.roedu.net/mirrors/ce…86-bin-DVD.iso
It is recommended to download with BT or Xunlei under windows, which will be much faster.
Burn to CD after downloading. I suggest you burn DVD. If you are a rookie, install the graphical interface. You can learn from the graphical interface. Of course, it is strongly not recommended to install desktop on the server.
Any version of CentOS 5 series is OK. After installation, you can update it to the latest version directly through Yum upgrade.

2. Installing CentOS 5
As a server, unnecessary components are not installed, so when selecting components, cancel the selection of all components except FTP server. Don’t choose a web server either. Because we will manually compile and install later.
The system specifies the storage location of RPM package and source package
Location of RPM package and source package / usr / local / SRC
Source package compilation and installation location (prefix) / usr / local / xxx
Script and maintenance program storage location / usr / local / SBIN
Mysql database location / var / lib / MySQL
Apache website root directory / usr / local / apache2 / HtDocs
Apache virtual host log root directory / data / logs / www
Yum RPM package information file / etc / yum.list

3. System environment deployment and adjustment
(1) Check whether the system is normal
#More / var / log / messages / / check for system kernel level error messages
#Dmesg / / check the hardware device for error messages
#Ifconfig / / check whether the network card settings are correct
#Ping www.163.com / / check whether the network is normal
(2) Turn off unneeded services
# export LANG=’en_ Us’ / / set language
#Setup / / select the service to start
Enter the system service option.
Use the space key to select the desired service.
Only the services that need to be started are listed below, and all unlisted services are closed:
crond
Irqbalance needs to be turned on only when the server CPU is s.m.p architecture or supports dual core and HT Technology, otherwise it needs to be turned off.
microcode_ctl
network
iptables
vsftpd
sshd
syslog
yum-updatesd
(3) Modify / etc / yum.repos.d/centos-base.repo to change the mirror site address to the mirror site address in China. Otherwise, it will be very slow for us to install software through yum. Amend as follows:
# CentOS-Base.repo
#
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever – Base
baseurl=http://mirrors.shlug.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
#released updates
[updates]
name=CentOS-$releasever – Updates
baseurl=http://mirrors.shlug.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever – Addons
baseurl=http://mirrors.shlug.org/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=0
#additional packages that may be useful
[extras]
name=CentOS-$releasever – Extras
baseurl=http://mirrors.shlug.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=0
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever – Plus
baseurl=http://mirrors.shlug.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
#contrib – packages by Centos Users
[contrib]
name=CentOS-$releasever – Contrib
baseurl=http://mirrors.shlug.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
protect=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
Save the file.
(4) Update the system, we use yum,
function:
# yum upgrade
It is recommended to update all listed programs, including the kernel, and continue to work on the stability of RHEL 5. X.
(5) Timing correction server time
# yum install –y ntp
# crontab -e
0 23 * * * /usr/sbin/ntpdate 210.72.145.44
Save after the above commands are set.
# /sbin/service crond reload
Reload scheduled task configuration
Your machine will automatically calibrate the time according to the NTP server time of China National Time Service Center at 23:00 every day.
(6) Configuration of FTP server
vi /etc/vsftpd/vsftpd.conf
Put anonymous_ enable=YES
Change to anonymous_ Enable = no anonymous login is not allowed.
Add two sentences
chroot_local_user=yes
listen_port=2121
Lock the user in the home directory and modify the FTP listening port to 2121
Put ftpd_ Remove the comments before banner = *. Change your welcome message later (this setting can avoid displaying the version information of the FTP server)
Then save and service vsftpd start is OK.
Users should be added at this time, because root cannot log in through FTP by default and is not safe.
groupadd upload
useradd upload -g upload -d /usr/local/apache2/htdocs/ -M
If an error occurs during FTP login
FTP server connection failed, error prompt:
500 OOPS: cannot change directory:/home/*******
500 OOPS: child died
resolvent:
# setsebool ftpd_disable_trans 1
# service vsftpd restart
This is very convenient for us to upload some files to the system.
If you are interested, you can read this article to have a more detailed understanding of vsftpd
http://blog.chinaunix.net/u/10047/showart_198837.html
4. Restart the system
# init 6
At this point, the system starts successfully and the old kernel can be deleted

2、 Install mysql, Apache, PHP, Zend optimizer and other basic environments
5. Install the required development package using Yum (the following is the standard RPM package name)
# yum install gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel openssl-devel libxml2-devel gettext-devel pcre-devel
#Here, we will install some small software necessary for compiling Gd, such as libpng, LibTiff, freetype, libjpeg, gettext devel, etc. in the way of RPM, so as to avoid waste of time and many errors in manual compilation. The compilation of these small software is very troublesome. The compilation of these small software is wrong. Of course, Gd can’t be installed, and the compilation of PHP5 certainly doesn’t work. Therefore, we focus on the big and let go of the small, and adopt a fast and simple way to install these calf ghosts and snake gods. And it can not have any impact on the performance of the server.
In addition, the libxml2 system has been installed by default, so we don’t need to compile manually. Just install its development package.
6. Package required for source compilation and installation (source)
(1) GD2
# cd /usr/local/src
# wget http://www.libgd.org/releases/gd-2.0.35.tar.gz
# tar xzvf gd-2.0.35.tar.gz
# cd gd-2.0.35
# yum install libtool libtool-ltdl
# aclocal
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/gd2 –mandir=/usr/share/man
//Note that choose = “i686 PC Linux GNU” cflags = “- O3 – msse2 – MMMX – wall – W – mfpmath = SSE – MCPU = Pentium4 – March = Pentium4 – Pipe – fomit frame pointer” cxxflags = “- O3 – msse2 – MMMX – wall – W – mfpmath = SSE – funroll loops – MCPU = Pentium4 – March = Pentium4 – Pipe – felide constructors – fno exceptions – fno RTTI – fomit frame pointer” This environment parameter is only for Intel P4 chip. If your CPU is AMD, be careful not to use it. Please check the corresponding compilation optimization parameters. Otherwise, the program will not compile and will not run even if the compilation is successful. Hehe.
For the optimization of other CPUs, see a post on my blog:
http://www.cnprint.org/bbs/blogs/1/blog43.html
//. / configure configuration.
#Make / / make is used to compile. It reads instructions from makefile and then compiles.
#Make install / / make install is used for installation. It also reads instructions from makefile and installs them to the specified location.
(2) Apache log interceptor
# cd /usr/local/src
# wget http://cronolog.org/patches/cronolog-1.7.0-beta.tar.gz
# tar cronolog-1.7.0-beta.tar.gz
# cd cronolog-1.7.0-beta
#CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/cronolog && make && make install

7. Compile MySQL 5.0.50
MySQL 5.0.50 is an enterprise version. It seems that even versions are enterprise versions. Personally, I think the code quality is better than the community version. You can download it for free. You don’t need to pay to MySQL.
#cd /usr/local/src
# wget http://mirror.provenscaling.com/mysq…-5.0.50.tar.gz
# tar xzvf mysql-5.0.50.tar.gz
# cd mysql-5.0.50
Modify the maximum number of MySQL client connections. The default is only 100, which is far from our requirements.
# vi sql/mysqld.cc
The search found the following line:
{“max_connections”, OPT_MAX_CONNECTIONS,
“The number of simultaneous clients allowed.”, (gptr*) &max_connections,
(gptr*) &max_connections, 0, GET_ULONG, REQUIRED_ARG, 100, 1, 16384, 0, 1,
0},
Change 100 to 1500. Of course, it’s OK to be small. It’s not recommended to change it too large according to your needs.
{“max_connections”, OPT_MAX_CONNECTIONS,
“The number of simultaneous clients allowed.”, (gptr*) &max_connections,
(gptr*) &max_connections, 0, GET_ULONG, REQUIRED_ARG, 1500, 1, 16384, 0, 1,
0},
preservation.
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/mysql –localstatedir=/var/lib/mysql –with-comment=Source –with-server-suffix=-enterprise-gpl –with-mysqld-user=mysql –without-debug –with-big-tables –with-charset=utf8 –with-collation=utf8_general_ci –with-extra-charsets=gbk,latin1 –with-pthread –enable-static –with-client-ldflags=-all-static –with-mysqld-ldflags=-all-static –enable-assembler –without-innodb –without-ndb-debug –without-isam –enable-local-infile –with-readline –with-raid
If the configuration is successful, you will be prompted:
MySQL has a Web site at http://www.mysql.com/ which carries details on the
latest release, upcoming features, and other information to make your
work or play with MySQL more productive. There you can also find
information about mailing lists for MySQL discussion.
Remember to check the platform specific part of the reference manual for
hints about installing MySQL on your platform. Also have a look at the
files in the Docs directory.
Thank you for choosing MySQL!
# make
The compilation time may be long. After all, the optimization is powerful.
# make install
Follow up actions after compilation and installation:
#Useradd MySQL / / add a MySQL user
# cd /usr/local/mysql
# bin/mysql_install_db –user=mysql
#Chown – R root: MySQL. / / set permissions. Note that there is a “.”
#Chown – R MySQL / var / lib / MySQL / / set MySQL directory permissions
#Chgrp – R mysql. / / note that there is a “.”
# cp share/mysql/my-medium.cnf /etc/my.cnf
#CP share / MySQL / mysql.server / etc / RC. D / init. D / mysqld. / / start MySQL automatically.
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig –add mysqld
#Add lib path
echo “/usr/local/mysql/lib” >> /etc/ld.so.conf && ldconfig
vi /etc/my.cnf
Modify MySQL configuration and add some optimization parameters as follows:
[mysqld]
ft_min_word_len=2
Run the following command to start the MySQL server:
#/ etc / RC. D / init. D / mysqld start / / start MySQL
# bin/mysqladmin -u root password “password_for_root”
#Service mysqld stop / / close mysql

8. Compile and install Apache
# cd /usr/local/src
# wget http://www.ip97.com/apache.org/httpd/httpd-2.2.6.tar.gz
# tar zxvf httpd-2.2.6.tar.gz
# cd httpd-2.2.6
First install APR and APR util in sequence
# cd srclib/apr
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/apr –enable-threads –enable-other-child –enable-static
# make && make install
# cd ../apr-util
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr/ –with-mysql=/usr/local/mysql
# make && make install
cd /usr/local/src/httpd-2.2.6
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/apache2 –enable-mods-shared=all –with-mysql=/usr/local/mysql –enable-cache –enable-file-cache –enable-mem-cache –enable-disk-cache –enable-static-support –enable-static-htpasswd –enable-static-htdigest –enable-static-rotatelogs –enable-static-logresolve –enable-static-htdbm –enable-static-ab –enable-static-checkgid –disable-cgid –disable-cgi –with-apr=/usr/local/apr/ –with-apr-util=/usr/local/apr-util/ –enable-ssl –with-ssl=/usr/include/openssl –with-pcre
# make
# make install
Notes:
. / configure / / configure the source tree
–Prefix = / usr / local / apache2 / / prefix is the top-level installation directory of system independent files, that is, the installation directory of Apache.
–Enable module = so / / open the so module, which is the core Apache module supported by DSO
–Enable mods shared = all / / compile all the templates. For unnecessary templates, we can remove them in httpd.conf.
–Enable cache / / supports caching
–Enable file cache / / file cache is supported
–Enable MEM cache / / memory cache is supported
–Enable disk cache / / disk cache is supported
–Enable static support / / supports static connection (dynamic connection by default)
–Enable static htpasswd / / compile htpasswd using static connections – manage user files for basic authentication
–Enable static htdigest / / compile htdigest using static connections – manage user files for digest authentication
–Enable static rotatelogs / / compile rotatelogs using static connections – a pipeline logger that scrolls Apache logs
–Enable static logresolve / / compile logresolve using a static connection – resolve the IP address in the Apache log to the host name
–Enable static htdbm / / compile htdbm using static connection – operate DBM password database
–Enable static AB / / compile AB using static connection – Apache HTTP server performance test tool
–Enable static checkgid / / compile checkgid using static connection
–Disable CGID / / it is forbidden to execute CGI scripts with an external CGI daemon
–Disable CGI / / disable compiling CGI version of PHP
–Enable SSL / / compile the SSL module.
We no longer use the worker mode to compile Apache. There seems to be some disharmony and instability between the worker mode and PHP. Therefore, the default perfork mode is used.
Set Apache to start automatically:
Add a line to the / etc / rc.d/rc.local file
/usr/local/apache2/bin/apachectl start
In this way, Apache will start with the system every time the system is restarted
Or install Apache as a system service
# cp /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd
Then VI / etc / rc.d/init.d/httpd is added (#! / bin / sh below)
# chkconfig: 2345 50 90
# description: Activates/Deactivates Apache Web Server
Finally, run chkconfig to add Apache to the startup service group of the system:
# chkconfig –add httpd
# chkconfig httpd on

9. Compiling PHP 5.2.5
Suhosin is an enhanced security patch for PHP. It can be compiled into a static kernel or into a PHP dynamic extension. I personally strongly recommend that you install it as a static kernel. Suhosin has entered the official packages of Gentoo Linux, FreeBSD, openSUSE Linux, Mandriva Linux and Debian Linux. The following steps start with static installation. Of course, you can also compile PHP into a dynamic extension of PHP after installing PHP.
# cd /usr/local/src
# wget http://cn.php.net/get/php-5.2.5.tar.gz/from/this/mirror
wget http://www.hardened-php.net/suhosin/…9.6.2.patch.gz
# tar zxvf php-5.2.5.tar.gz
# gunzip suhosin-patch-5.2.5-0.9.6.2.patch.gz
# cd php-5.2.5
# patch -p 1 -i ../suhosin-patch-5.2.5-0.9.6.2.patch
# ./buildconf –force
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/php –with-apxs2=/usr/local/apache2/bin/apxs –with-pear=/usr/share/php –with-zlib-dir –with-bz2 –with-libxml-dir=/usr –with-gd=/usr/local/gd2 –enable-gd-native-ttf –enable-gd-jis-conv –with-freetype-dir –with-jpeg-dir –with-png-dir –with-ttf=shared,/usr –enable-mbstring –with-mysql=/usr/local/mysql –with-mysqli=/usr/local/mysql/bin/mysql_config –with-config-file-path=/etc –with-iconv –disable-ipv6 –enable-static –enable-zend-multibyte –enable-inline-optimization –enable-zend-multibyte –enable-sockets –enable-soap –with-openssl –with-gettext –enable-suhosin
If the configuration is successful, you will be prompted:
+——————————————————————–+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+——————————————————————–+
Thank you for using PHP.
# make
# make test
# make install
# cp php.ini-recommended /etc/php.ini
# echo “/usr/local/php/lib” >> /etc/ld.so.conf && ldconfig
By the way, install suhosin as a dynamic extension of PHP. After all, there is no Chinese installation tutorial on the Internet.
Although I personally don’t recommend this way.
wget http://www.hardened-php.net/suhosin/…sin-0.9.20.tgz
tar zxvf suhosin-0.9.20.tgz
cd suhosin-0.9.20
./configure –with-php-config=/usr/local/php/bin/php-config
make
make install
It will prompt the directory where the compiled module exists and remember it.
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-zts-20060613/
Then add the following statement to php.ini.
extension=”/usr/local/php/lib/php/extensions/no-debug-zts-20060613/suhosin.so”

10. Integrating Apache and PHP
# vi /usr/local/apache2/conf/httpd.conf
In the last line, add:
AddType application/x-httpd-php .php
Find: (set Web default file)
DirectoryIndex index.html
Amend to read:
DirectoryIndex index.php index.html index.htm
Find this paragraph:
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride none
Change to allowoverride all
Allow Apache rewrite
Save httpd.conf and exit.
#/ usr / local / apache2 / bin / apachectl restart / / restart Apache
An error appears:
/usr/local/apache2/bin/apachectl start
httpd: Syntax error on line 107 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/libphp5.so into server: /usr/local/apache2/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
No hurry, let’s take our time.
This permission denied problem is generally caused by SELinux under CentOS 5. As a production server, I suggest you don’t turn off SELinux hastily. Just like the anti-theft net at home, it hinders your cat’s free access to the window. You can’t simply dismantle the anti-theft net for the convenience of the cat. I see many people on the Internet suggest that SELinux be simply closed to solve this problem. This is a practice of cutting feet to fit shoes, which is not worth advocating.
We can do this:
#Audit2alow – A / / check what the problem is

allow unconfined_t usr_t:file execmod;
allow useradd_t var_log_t:file { read write };
then
# cd /etc/selinux/targeted/modules/
# audit2allow -M local -d
The following prompt is generated on the screen:
Generating type enforcment file: local.te
Compiling policy
checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod
******************** IMPORTANT ***********************
In order to load this newly created policy package into the kernel,
you are required to execute
semodule -i local.pp
We run
# semodule -i local.pp
This allows SELinux to load the new rules.
For more details, please see my post on Blog:
http://www.cnprint.org/bbs/blogs/1/blog48.html
Restart Apache
Haha, will Apache not report any more errors?
In this way, I keep the function of SELinux and Apache can run normally.
Php5.1. X needs to set the time zone at the beginning. The default time zone is 8 hours different from the Chinese time zone. In this case, it needs to be set in php.ini. Find the date.timezone, remove the previous semicolon and modify it to the following values. The available values in mainland China are: Asia / Chongqing, Asia / Shanghai and Asia / Urumqi (Chongqing, Shanghai and Urumqi in turn)
Otherwise, the time of some PHP programs is always 8 hours different from the Chinese standard time. My VBB forum is like this on windows. Here is the corresponding time zone in Asia.
http://www.php.net/manual/en/timezones.asia.php
11. Installing Zend optimizer
# cd /usr/local/src
# wget http://downloads.zend.com/optimizer/…21-i386.tar.gz
# tar xzvf ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
# ./ZendOptimizer-3.3.0-linux-glibc21-i386/install.sh
Just follow its prompts step by step.
In a word. If your server environment doesn’t need Zend optimizer, don’t install it if you’re upset. Avoid conflicts with eaccelerator.
12. Check and confirm l.a.m.p environmental information
vi /usr/local/apache2/htdocs/phpinfo.php
Add a new line and save it.

# chmod 755 /usr/local/apache2/htdocs/phpinfo.php
Open with browser http://192.168.9.150/phpinfo.php
Check whether the information in phpinfo is correct.
Test the connection between PHP and MySQL
# vi /usr/local/apache2/htdocs/testdb.php
Add the following lines and save.
$link=mysql_connect(‘localhost’,’root’,’yourpassword’);
if(!$link) echo “fail”;
else echo “success”;
mysql_close();
?>
# chmod 755 /usr/local/apache2/htdocs/testdb.php
# service mysqld start
Open with browser http://192.168.9.150/testdb.php
If you output success, it’s OK
At this step, a basic lamp is established. If you are a beginner, please refer to the following steps as needed. You don’t have to follow all of them. Remember that the more functions, the more error prone it is. This is true in any field.

3、 Lamp environment acceleration, including squid, Memcache, eaccelerator
13. Install eaccelerator
Eaccelerator is an acceleration software for PHP. After use, the execution efficiency of PHP will be greatly improved. At present, eaccelerator 0.9.5.2 is basically compatible with Zend optimizer-3.3.0. However, I personally think Zend optimizer-3.3.0 has no acceleration function, but makes PHP run slower. It just plays the role of running Zend encrypted files. No more gossip. If you are interested, you can go to Google.
# cd /usr/local/src
# wget http://bart.eaccelerator.net/source/….9.5.2.tar.bz2
# tar -jxvf eaccelerator-0.9.5.2.tar.bz2
# cd eaccelerator-0.9.5.2
export PHP_PREFIX=”/usr/local/php”
$PHP_ Prefix / bin / phpize / / specify the directory of PHP
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –enable-eaccelerator=shared –with-php-config=$PHP_ Prefix / bin / PHP config — with eaccelerator shared memory / / settings
# make & make install
After compiling and installing, we will see the directory of eaccelerator.so prompted on the screen. Php5.2. X series is in / usr / local / PHP / lib / PHP / extensions / no-debug-zts-20060613 / eaccelerator.so. Remember this path and use it later.
Modify php.ini (after installing Zend, php.ini is stored in / usr / local / Zend / etc.)
At the end of the file, before Zend, note that this part must be placed before Zend, otherwise unexpected server problems may occur. Add the following information:
[eaccelerator]
extension=”/usr/local/php/lib/php/extensions/no-debug-zts-20060613/eaccelerator.so”
eaccelerator.shm_size=”32″
eaccelerator.cache_dir=”/tmp/eaccelerator”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=””
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”0″
eaccelerator.shm_prune_period=”0″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″
then
#MKDIR / TMP / eaccelerator / / create directory
#Chmod 0777 / TMP / eaccelerator / / modify directory properties
Explanation:
zend_ Extension is the file path and file name automatically indicated to us by the installation program
If you use thread safe compilation to install PHP, you must use “zend_extension_ts” instead of “zend_extension” added by default. I have to modify here, or it won’t work.
zend_extension_ts=”/home/php/lib/php/extensions/no-debug-zts-20060613/eaccelerator.so”
In fact, after eaccelerator is installed, two directories will be generated under / home / PHP / lib / PHP / extensions /, one is no debug ZTS XXXXXXX, the other is no – debug non ZTS XXXXXXX, and eaccelerator.so file will be found in both directories.
eaccelerator.shm_size=”32″
The amount of shared memory that eaccelerator can use (in megabytes). “0” refers to the default value of the operating system. The default value is “0”. It can be adjusted according to the actual situation of the server. 16, 32, 64128 are all OK.
eaccelerator.cache_dir=”/home/php/tmp”
This directory is used for disk cache. Eaccelerator stores precompiled code, process data, content and user-defined content here. The same data can also be stored in shared memory (which can improve access speed). The default setting is “/ TMP / eaccelerator”
eaccelerator.enable=”1″
Turn eaccelerator on or off. ” 1 “is on and 0” is off. The default value is “1”.
eaccelerator.optimizer=”1″
Turning on or off the internal optimizer can speed up code execution. ” 1 “is on and 0” is off. The default value is “1”.
eaccelerator.check_mtime=”1″
Open or close PHP file modification check. “1” means open and “0” means close. If you recompile PHP files after modification, you should set it to “1”. The default value is “1”
eaccelerator.debug=”0″
Turn debug logging on or off. ” 1 “is on and 0” is off. The default value is “0”.
eaccelerator.filter=””
Determine which PHP files must be cached. You can specify the file types to cache and not to cache (such as “*. PHP *. Phtml”, etc.)
If parameters start with “!”, files matching these parameters are ignored. The default value is’ ‘, that is, all PHP files
Will be cached.
eaccelerator.shm_max=”0″
When using “eaccelerator”_ The “put()” function prevents it from storing files that are too large in shared memory. This parameter specifies the allowed
The maximum value stored in bytes (10240, 10K, 1M). ” 0 ″ is unlimited. The default value is “0”.
eaccelerator.shm_ttl=”0″
When eaccelerator fails to get the shared memory size of the new script, it will delete all the scripts from the shared memory
Script cache inaccessible for the last “shm_ttl” seconds. The default value is “0”, that is, it will not be deleted from the shared spring
Any cache files.
eaccelerator.shm_prune_period=”0″
When eaccelerator fails to get the shared memory size of a new script, it will try to delete the shared memory older than
Cache script for “shm_prune_period” seconds. The default value is “0”, that is, it will not be deleted from the shared spring
Any cache files.
eaccelerator.shm_only=”0″
Allows or disables caching compiled scripts on disk. This option is not valid for session data and content caching. default
The value is “0”, i.e. using disk and shared memory for caching.
eaccelerator.compress=”1″
Allows or disables compression of the content cache. The default value is “1”, that is, compression is allowed.
eaccelerator.compress_level=”9″
Specifies the compression level of the content cache. The default value is “9”, which is the highest level.
Finally, restart Apache CTL
Restart Apache and phpinfo displays:
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2006 Zend Technologies
with eAccelerator v0.9.5.2, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
with Zend Extension Manager v1.0.11, Copyright (c) 2003-2006, by Zend Technologies
with Zend Optimizer v3.3.0, Copyright (c) 1998-2006, by Zend Technologies
There will also be specific information about eaccelerator.

14. Install squid to provide web reverse proxy cache
Squid is a more professional proxy server with better performance and efficiency than Apache mod_ Proxy is much higher.
Squid Internet object cache (a subsequent version of the harvest project) is a research program strongly supported by the U.S. government. Its purpose is to solve the problem of insufficient network bandwidth. It is a set of software with the most users and the most complete functions on UNIX system. Although Apache and Netscape are equipped with relevant proxy modules, they are not popular because of their simple functions. The detailed description of squid can be found on squid website (http: / / www.squid-cache. ORG).
Reverse proxy is an agent service completely different from the first two agents. Using it can reduce the load of the original web server. The reverse proxy server undertakes the request for the static page of the original web server to prevent the overload of the original server. It is located between the local web server and the Internet, handles all requests to the web server, and organizes the direct communication between the web server and the Internet. If the page requested by the Internet user is buffered on the proxy server, the proxy server directly sends the buffered content to the user. If there is no buffer, first send a request to the web server, retrieve the data, cache locally, and then send it to the user. This method reduces the load of the web server by reducing the number of requests to the web server.
Download squid
# wget http://www.squid-cache.org/Versions/…ABLE16.tar.bz2
# tar jxvf squid-2.6.STABLE16.tar.bz2
# cd squid-2.6.STABLE16
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/squid –enable-async-io=500 –with-maxfd=65536 –disable-delay-pools –disable-mem-gen-trace –disable-useragent-log –enable-kill-parent-hack –disable-arp-acl –enable-epoll –disable-ident-lookups –enable-snmp –enable-large-cache-files –with-large-files –with-pthreads –enable-underscore –enable-storeio=”aufs,coss,diskd,ufs” –enable-err-language=”Simplify_Chinese” –enable-default-err-languages=”Simplify_Chinese”
# make && make install
If it is a 2.6 kernel, it can support epoll IO mode. For the old version of kernel, it can only select poll or other modes; In addition, remember to bring the option to support large files, otherwise an error will be reported when the access log and other files reach 2G.
Set the squid configuration as follows:
# mv /usr/local/squid/etc/squid.conf /usr/local/squid/etc/squid.conf.bak
# vi /usr/local/squid/etc/squid.conf
#Server IP 192.168.9.150
#Listen to port 80 of the server, reverse proxy, and virtual host supporting domain name and IP
http_port 192.168.9.150:80 vhost vport
#Prevent Tianya from stealing the chain and pass it on to Baidu
acl tianya referer_regex -i tianya
http_access deny tianya
deny_info

tianya
#Prevent Baidu robot from crawling to the server, which will cause Baidu to not include your website content. Please pay attention
acl AntiBaidu req_header User-Agent Baiduspider
http_access deny AntiBaidu
#Squid information settings
visible_hostname www.cnprint.org
cache_mgr [email protected]
#User group and user name used by squid
cache_effective_user nobody
cache_effective_group nobody
tcp_recv_bufsize 65535 bytes
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
#Single use, not use this function
icp_port 0
#Set the memory that squid can use to 40MB in total. This value varies from person to person. The cache size for each processing is 40MB. When the cache space usage reaches 95%, the new content will replace the old one and will not be directly added to the directory until the space drops to 90%
cache_mem 40 MB
cache_swap_low 90
cache_swap_high 95
#The maximum cache file size. If it exceeds this value, it will not be cached. This value varies from person to person_ object_ size_ in_ Memory # loads the file size of the memory cache. This value has a great impact on squid’s performance, because the default value is 8K. Files over 8K are not loaded into memory, while in practical applications, many web pages and pictures exceed 8KB. Personally, I think that if the cache is not loaded into memory and stored on disk, the performance is no different from that of Apache directly reading disk files, It’s even better to access Apache directly. Now, files less than 4 megabytes are loaded into the memory cache
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
#The type, directory and size of the disk cache, and the settings of the primary and secondary directories. Here, the disk cache size is 100MB, all of which are 16 * 256 level subdirectories
cache_dir ufs /usr/local/squid/var/cache 100 16 256
#This setting does not record store.log
cache_store_log none
#Set default refresh rule
refresh_pattern -i ^ftp: 1440 20% 10080
refresh_pattern -i ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Don’t trust Etag because there is gzip
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#Set timeout policy
forward_timeout 20 seconds
connect_timeout 15 seconds
read_timeout 3 minutes
request_timeout 1 minutes
persistent_request_timeout 15 seconds
client_lifetime 15 minutes
shutdown_lifetime 5 seconds
negative_ttl 10 seconds
#Open simulate_ httpd_ Log option, which will make squid follow the log format of Apache
emulate_httpd_log on
#Setting of log format combined
Logformat combined% > a% UI% UN [% TL] “% RM% Ru http /% RV”% HS% # here is the location for setting PID and log files, which varies from person to person. Meanwhile, the log format is combined. Awstats can call analysis directly
pid_filename /usr/local/squid/var/squid.pid
cache_log /usr/local/squid/var/logs/cache.log
access_log /usr/local/squid/var/logs/access.log combined
#Set the directory or file type you do not want to cache
acl all src 0.0.0.0/0.0.0.0
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY
#2.6 reverse proxy acceleration configuration
#The service proxy to port 80 of the local machine is only used as the original content server
cache_peer 127.0.0.1 parent 80 0 no-query originserver login=PASS
#Error document
error_directory /usr/local/squid/share/errors/Simplify_Chinese
preservation.
mkdir /usr/local/squid/var/cache
chown -R nobody:nobody /usr/local/squid/var/cache
chown -R nobody:nobody /usr/local/squid/var/logs/
chmod 777 /usr/local/squid/var/cache
Modify httpd.conf
Initialize and start squid
# /usr/local/squid/sbin/squid -z
# /usr/local/squid/sbin/squid -NCd1
The first command is to initialize the squid cache hash subdirectory, which only needs to be executed once.
It is also a good idea to edit the / etc / hosts file
Add the following
192.168.9.150 cnprint.org www cnprint.org
This eliminates the need to query DNS and is faster.
Now everyone must be anxious to open the browser to visit your website to see the effect. In fact, there is no change. The effect is not obvious until there is traffic access and squid loads all the files into memory. You can use the top command to observe the memory usage of squid, or use the
cat /usr/local/squid/var/logs/access.log |grep TCP_MEM_HIT
If you see a lot of TCP_ MEM_ Hit, which indicates that the file is read from the memory cache, and squid has worked! If you open the file in your browser, it should be as fast as lightning.. Hehe, it’s done! There are other types of hit, such as TCP_ Hit and so on. These are read from disk. I think acceleration is of little significance, but it just relieves the pressure on Apache.
3. Start squid:. / bin / runcache&
Here, I use the startup script attached to squid to start squid. One advantage is that if the squid process dies, the script will automatically start squid. This is very important for running online servers.
Start and run squid automatically
Modify the startup autorun file and add / usr / local / squid / bin / runcache & into the startup autorun program.
Because the first startup is as root, the owners of / usr / local / squid / var / squid.out and / usr / local / squid / var / squid.pid are root, which will cause the following errors when starting squid as nobody. Therefore, the owner of squid.out and squid.pid must be changed to nobody before the second startup by rc.local, That is
chown nobody:nobody /usr/local/squid/var/squid.out
chown nobody:nobody /usr/local/squid/var/logs/squid.pid
Add in / etc / rc.d/rc.local
/usr/local/squid/bin/RunCache &

15. Memcache + libevent installation
Memcached is a high-performance distributed memory object caching system. By maintaining a unified huge hash table in memory, it can be used to store data in various formats, including images, videos, files and database retrieval results. Originally developed to speed up the access speed of livejournal, it was later adopted by many large websites. At first, the author wrote it to improve dynamic web applications and reduce the pressure of database retrieval. Its cache is distributed, that is, multiple users on different hosts can access the cache system at the same time. This method not only solves the disadvantage that shared memory can only be a single machine, but also solves the pressure of database retrieval. The biggest advantage is to improve the speed of accessing and obtaining data! Based on memcached, the author’s understanding and solution of distributed cache. Memcached can be used in other areas, such as distributed database, distributed computing and so on.
Memcache is a project of danga.com. It was first used for livejournal. At present, many people around the world use this cache project to build their own heavily loaded websites to share the pressure of the database. (for more information about Memcache, please Google)
Memcache official website: http://www.danga.com/memcached
The server side mainly installs Memcache server side. The latest version is memcached-1.2.3.
In addition, Memcache uses the library libevent for socket processing, so libevent needs to be installed. The latest version of libevent is libevent-1.3e. (if libevent is already installed on your system, you don’t need to install it.)
Official website: http://www.monkey.org/ ~provos/libevent/
(1) . install memcached server
Compile and install:
# cd /usr/local/src
# wget http://monkey.org/~provos/libevent-1.3e.tar.gz
# tar zxvf libevent-1.3e.tar.gz
# cd libevent-1.3e
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local && make && make install
# echo “/usr/local/lib” >> /etc/ld.so.conf && ldconfig
# cd ../
# wget http://www.danga.com/memcached/dist/…d-1.2.3.tar.gz
# tar zxvf memcached-1.2.3.tar.gz
# cd memcached-1.2.3
# CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –prefix=/usr/local/memcached –with-libevent=/usr/local
# make && make install
Note: if libevent is not installed in the / usr directory, you need to copy / link libevent-1.3e.so.1 to / usr / lib, otherwise memcached may not load normally.
(2) . install PHP’s Memcache support module
Install the PHP Memcache module, which is the PHP client of Memcache. PHP Memcache needs the support of PECL library.
# cd /usr/local/src
# wget http://pecl.php.net/get/memcache-2.2.0.tgz
# tar zxvf memcache-2.2.0.tgz
#cd memcache-2.2.0
#export PHP_PREFIX=/usr/local/php
#$PHP_PREFIX/bin/phpize
#CHOST=”i686-pc-linux-gnu” CFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer” CXXFLAGS=”-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer” ./configure –enable-memcache –with-zlib-dir –with-php-config=$PHP_PREFIX/bin/php-config
#make && make install
Modify php.ini
Add a line at the end:
extension=”/usr/local/php/lib/php/extensions/no-debug-zts-20060613/memcache.so”
Run the following command to start memcached:
#/usr/local/memcached/bin/memcached \
-l 192.168.9.139 -d -p 11211 -u nobody -m 128
It means to start memcached in the way of daemon, listen on port 11211 of 192.168.9.19, run the user as nobody, and allocate 128MB of memory for it.
At this time, check the process to see if memcached is started successfully.
top -U nobody
Can see
5867 nobody 15 0 2352 684 276 S 0.0 0.1 0:00.00 memcached
Description memcached is installed successfully and running.
Set to power on automatic operation
Add in / etc / rc.d/rc.local
/usr/local/memcached/bin/memcached -l 192.168.9.150 -d -p 11211 -u nobody -m 128

4、 Configuration of additional functions, including SSL, mysqlhotcopy and phpMyAdmin

15. Install DBI and DBD for MySQL

//It is used to provide the interface specification for Perl to access MySQL database. Please confirm that you have installed Perl, which is generally installed in the default system.
Because we want to use the mysqlhotcopy function, we need the support of these two applets.
# wget http://mirrors.xueron.com/CPAN/autho…I-1.601.tar.gz
First, install the DBI package:
# tar zxvf DBI-1.061.tar.gz
# cd DBI-1.061
# perl Makefile.PL
# make
# make test
# make install

wget http://search.cpan.org/CPAN/authors/…l-4.005.tar.gz
# tar zxvf DBD-mysql-4.005.tar.gz
# cp /usr/local/mysql/lib/mysql/libmysqlclient.so.15 /usr/lib/
# perl Makefile.PL –libs=”-L/usr/local/mysql/lib/mysql -lmysqlclient -L/usr/lib -lz ” –cflags=-I/usr/local/mysql/include/mysql –mysql_config=/usr/local/mysql/bin/mysql_config –testhost=127.0.0.1–testsocket=/tmp/mysql.sock –testdb=test –testuser=root –testpassword=”youpassword”
# make
# make test
# make instll
The test runs mysqlhotcopy and an error message similar to the following appears
#/usr/local/mysql/bin/mysqlhotcopy mysql /tmp/test -u root -p ‘password’
Invalid db.table name ‘mysql.mysql`.`activity’ at /usr/local/bin/mysqlhotcopy line 855.
Ans:
Found [MySQL bugs: #27303: mysqlhotcopy dies with error invalid db.table name ‘foo. Bar’. ` Baz ‘] Description: after modifying the mysqlhotcopy file, you can successfully execute mysqlhotcopy
#VI / usr / local / MySQL / bin / mysqlhotcopy / / add a new line under line 835
835 my @dbh_tables = eval { $dbh->tables() };
836 map { s/^.*?\.//o } @dbh_ tables; // Join this line
This error has been fixed after MySQL 5.0.50.

16. Configure HTTPS
vi /usr/local/apache2/conf/httpd.conf
#Listen to port 443 and support HTTPS connection
Uncomment include conf / extra / httpd-ssl.conf in httpd.conf
Set up SSL and create your own ca
# cd /etc/pki/tls/misc
# ./CA -newca
The following prompt appears on the screen: CA certificate filename (or enter to create)
This requires you to enter the certificate file name of the CA to be created. You can enter directly or enter the certificate file name.
Making CA certificate …
Generating a 1024 bit RSA private key
………++++++
…………………………..++++++
writing new private key to ‘./demoCA/private/./cakey.pem’
Enter PEM pass phrase:
Verifying password – Enter PEM pass phrase:-
At this time, it is required to enter and verify the CA’s private key password, country code (China is CN), province, city or region, organization or enterprise name, department name, CA name or server host name, and administrator e-mail address.
So far, the directory of democa has been generated in the current directory, and the CA certificate is in this directory. The file name is cacert.pem
Generate a certificate request for the server
# ./CA -newreq
The following prompt appears on the screen:
Generating a 1024 bit RSA private key
……………………………………………..++++++
…..++++++
writing new private key to ‘newreq.pem’
Enter PEM pass phrase:
Verifying password – Enter PEM pass phrase:
At this time, it is required to enter and verify the server’s private key password, country code (China is CN), province, city or region, organization or enterprise name, department name, CA name or server host name, and administrator e-mail address.
Please enter the following ‘extra’ attributes
to be sent with your certificaterequest
A challenge password []:
An optional company name []:
.Request (and private key) is in newreq.pem
This is a request to enter information about the server.
At this time, a file named newreq.pem is generated in the current directory, which contains the request to generate the server digital certificate.
Signing certificate
# ./CA -sign
The following prompt appears on the screen:
Using configuration from /usr/share/ssl/openssl.cnf
Enter PEM pass phrase:
At this time, you also need to enter the CA’s private key password, country code (China is CN), province, city or region, organization or enterprise name, department name, CA name or server host name, and administrator e-mail address.
Certificate is to be certified until Nov 19 13:46:19 2002 GMT (365 days)
Sign the certificate? [y/n]:y
At this time, the information in the certificate request file is displayed, and you are asked whether you want to sign the certificate. Answer y and sign.
1 out of 1 certificate requests certified, commit? [y/n]y
Answer y, the information of the signed certificate will be displayed, and the server’s certificate file newcert.pem will be generated in the current directory.
# mkdir /usr/local/apache2/conf/ssl.crt/
# mkdir /usr/local/apache2/conf/ssl.key/
# cp newcert.pem /usr/local/apache2/conf/ssl.crt/server.pem
# cp newreq.pem /usr/local/apache2/conf/ssl.key/server.pem
Change the configuration of the server’s certificate file
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
Find and modify
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.pem
#SSLCertificateFile /usr/local/apache2/conf/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you’ve both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.pem
#SSLCertificateKeyFile /usr/local/apache2/conf/server-dsa.key
Sample file
Generate an index.html in the root directory of SSL, which is as follows:
<html>
This is an SSL example!
</html>
test
Suppose the DNS name of the web server is www.cnprint.org
Enter in the URL field of the browser http://www.cnprint.org/ , the browser will display the test page saved during Apache installation
Enter in the URL field of the browser https://www.cnprint.org/ Note: HTTPS instead of HTTP!
The browser will prompt that the site has adopted SSL for encrypted data transmission. Because our CA certificate is not the default trusted root certificate of the browser, the browser will say that it is unable to confirm the trust of the server’s certificate. For the time being, continue to next. Finally, the browser will display: This is an SSL example!
You can put the CA certificate on a non SSL site, let the browser download and install the CA certificate, and set it as a trusted root certificate to solve the above problem. 8 remove the password input during httpd startup.
For security reasons, the web server’s private key is password encrypted. Each time you restart httpd or Linux, you will be required to enter the password of the web server’s private key.
If you want to cancel the password input during httpd startup, you can:
# cd /usr/local/apache2/conf/ssl.key/
# cp server.pem server.pem.org
# openssl rsa -in server.pem.org -out server.pem
# chmod 400 server.pem
In addition, I saw a method on the Internet, but I didn’t try it. You can try if you are interested.
Create an SSL password auto answer file, otherwise every time Apache starts, you will be asked to enter the SSL password
Create / usr / local / apache2 / conf / ssl.key/sendsslpwd as follows
#!/bin/bash
SSLpasswd=”YOUR PASSPHRASE”
echo $SSLpasswd
chmod 755 /usr/local/apache2/conf/ssl.key/sendsslpwd
At this time, the private key of the web server has no password encryption. Make sure that no user except root has the right to read the server.pem file.

17. Install phpMyAdmin to manage the MySQL database
# cd /usr/local/apache2/htdocs/
# wget http://nchc.dl.sourceforge.net/sourc…-8-only.tar.gz
# tar zxvf phpMyAdmin-2.11.1-all-languages-utf-8-only.tar.gz
# mv phpMyAdmin-2.11.1-all-languages-utf-8-only phpmyadmin
# cd phpmyadmin/libraries
Modify profile
# vi config.default.php
Find these lines to modify:
$cfg[‘Servers’][$i][‘auth_type’] = ‘http’; // Authentication method (valid choices: config, http, HTTP, signon or cookie)
$cfg[‘Servers’][$i][‘user’] = ‘root’; // MySQL user
$cfg[‘Servers’][$i][‘password’] = ‘PASSWORD’; // MySQL password (only needed

5、 Server security configuration

18. Compile and install Mod_ security
mod_ Security is an open source web application security program (or web application firewall) that integrates the functions of intrusion detection and defense engine.
It runs as a module of Apache Web server. Its goal is to enhance the security of web applications and prevent web applications from known or unknown attacks.
# cd /usr/local/src
# wget http://www.modsecurity.org/download/…e_2.1.3.tar.gz
# tar -zxvf modsecurity-apache_2.1.3.tar.gz
# cd modsecurity-apache_2.1.3/apache2
# cat /usr/local/apache2/conf/httpd.conf | grep “ServerRoot” | grep -v “#”
ServerRoot “/usr/local/apache2”
#
#vi Makefile
top_dir = /usr/local/apache2
#
# make
# make install
vi /usr/local/apache2/conf/httpd.conf
Load the following modules
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
Add a row:
Include conf/modsecurity/*.conf
preservation.
cd /usr/local/src/modsecurity-apache_2.1.3/rules
# mkdir /usr/local/apache2/conf/modsecurity
# cp *.conf /usr/local/apache2/conf/modsecurity/
You may want to edit and customize ModSecurity_ crs_ 10_ config.conf.
Additionally you may want to edit modsecurity_crs_30_http_policy.conf which enforces an application specific HTTP protocol usage.
Restart Apache

19. Iptables rule
vi /usr/local/sbin/fw.sh
Paste the following script command into the fw.sh file.

#!/bin/bash
# Stop iptables service first
service iptables stop
# Load FTP Kernel modules
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
# Inital chains default policy
/sbin/iptables -F -t filter
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Accept Established Connections
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
# ICMP Control
/sbin/iptables -A INPUT -p icmp -m limit –limit 1/s –limit-burst 10 -j ACCEPT
# WWW Service
/sbin/iptables -A INPUT -p tcp –dport 80 -j ACCEPT
# FTP Service
/sbin/iptables -A INPUT -p tcp –dport 2121 -j ACCEPT
# SSH Service
/sbin/iptables -A INPUT -p tcp –dport 59825 -j ACCEPT
# Anti DDOS
/sbin/iptables -I INPUT -p tcp –syn -m ttl –ttl-eq 117 -j DROP
/sbin/iptables -I INPUT -p tcp –syn -m length –length :40 -j DROP

# chmod 755 /usr/local/sbin/fw.sh
# echo ‘/usr/local/sbin/fw.sh’ >> /etc/rc.d/rc.local
# /usr/local/sbin/fw.sh

20. Apache T and PHP optimization settings
For sites with a large number of visits, these default configurations of Apache can not meet the requirements. We still need to adjust some parameters of Apache to enable Apache to perform better in the environment with a large number of visits. The following describes the parameters in the Apache configuration file httpd.conf that have a great impact on performance.
(1) Timeout this parameter specifies the maximum waiting time (in seconds) for Apache before receiving the request or sending the requested content. If it exceeds this time, Apache will give up processing the request and release the connection. The default value of this parameter is 120. It is recommended to set it to 60. For websites with large traffic, it can be set to 30.
(2) Keepalive this parameter controls whether Apache allows multiple requests in a connection. It is opened by default. However, for most forum type sites, it is usually set to off to turn off this support.
(3) MPM – prefork. C by default, Apache uses the prefork (process) working mode. It can be said that the parameter setting in this part is the core and key to the impact on Apache performance.
View the running mode of your Apache:
# /usr/local/apache2/bin/httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
The user can then find the following configuration section in the configuration document:

StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 15
MaxRequestsPerChild 0

This is the configuration section that controls the work of the Apache process. In order to better understand the parameters in the above configuration, let’s first understand how Apache controls the work of the process. We know that in the UNIX system, the daemon of many services will create a process to prepare for answering possible connection requests when starting. The service enters the port listening state. When a request from the client is sent to the port monitored by the service, the service process will process the request. During the processing, The process is in an exclusive state, that is, if other requests arrive at this time, these requests can only be “queued” until the current request processing is completed and the service process is released. This will lead to more and more requests waiting in the queue. The actual performance is that the processing capacity of the service is very low. Apache uses the prefork pattern to solve this problem. Let’s take a look at how Apache actually works efficiently.
When Apache starts, Apache will start startspareservers idle processes and prepare to receive and process requests. When multiple requests arrive, starspareservers will be less and less. When the number of idle processes decreases to minspareservers, Apache will start startsservers processes for standby in order to continue to have sufficient processes to process requests, This greatly reduces the possibility of waiting in the request queue and improves the service efficiency, which is why it is called pre fork; Let’s continue to track the work of Apache. Let’s assume that Apache has started 200 processes to process requests. Theoretically, there are 205 processes in Apache at this time. After a period of time, assuming that 100 requests have been responded to and processed by Apache, these 100 processes will be released as idle processes, and Apache has 105 idle processes at this time. For services, starting too many idle processes is meaningless, but will reduce the overall performance of the server. Will Apache really have 105 idle processes? Of course not! In fact, Apache checks itself at any time. When it finds more than maxspareservers idle processes, it will automatically stop and close some processes to ensure that there are not too many idle processes. At this point, users should have a certain understanding of how Apache works. For more detailed instructions, please refer to the Apache manual documentation.
We still have two parameters not introduced: maxclients and maxrequestperchild; Maxclients specifies the maximum number of clients that Apache allows to connect to at the same time. If there are more than maxclients, the client will get an “server busy” error page. We see that maxclients is set to 15 by default, which is obviously not enough for some medium-sized and large sites! Maybe you need to allow 512 client connections at the same time to meet the application requirements. Well, let’s change maxclients to 512, save httpd.conf, exit and restart Apache. Unfortunately, you see some error prompts during the restart process, and Apache restart fails. The error prompt tells you that the maximum maxclients can only be set to 256. I’m sure you must be disappointed. But don’t be depressed. Apache, as a world-class web server, will not be so thin! By default, maxclients can only be set to an integer no more than 256. However, if you need to customize it, you need to use the serverlimit parameter. In short, serverlimit is like a bucket and maxclients is like water. You can change a larger bucket (set serverlimit to a larger value) To hold more water (maxclients), but note that the setting value of maxclients cannot be greater than the setting value of serverlimit!
Let’s take a look at the maxrequestperchild parameter, which specifies how many threads can work simultaneously in a connection process. Perhaps this explanation is too professional. Just think about “multi-point simultaneous download” in “Internet ant” and “Internet Express FlashGet”. This parameter actually limits the maximum number of “points” that can be used. The default setting is 0, that is: unlimited. However, it should be noted that if the value is set too small, it will cause access problems. If there is no special need or the pressure of access is not very large, the default value can be maintained. If the access is very large, it is recommended to set it to 2048.
Well, after explaining so much, let’s take a look at the recommended configuration in the modified perfork. C configuration section:

StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 1024
MaxClients 768
MaxRequestsPerChild 0

After completing the above adjustments to Apache, Apache has achieved great performance improvement. Remember that you need to restart Apache to take effect after modifying any parameters. Apache optimization is far more than that. Interested users can read Apache manual documents or find some literature to learn.
2. PHP optimization for PHP optimization is mainly to reasonably adjust and set the relevant main parameters in php.ini. Let’s take a look at how to set some parameters in php.ini that have a great impact on performance.
# vi /etc/php.ini
(1) PHP function disable found:
disable_functions =
This option can set which PHP functions are prohibited. Some functions in PHP are still quite risky. You can directly execute some system level script commands. If you allow these functions to be executed, the loss will be very serious when there are vulnerabilities in the PHP program! Here are the recommended settings for disabling functions:
disable_functions = phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status
Note: if your server contains some PHP programs for system state detection, do not disable the shell_ exec,proc_ open,proc_ get_ Status and other functions.
(2) PHP script execution time found:
max_execution_time = 30
This option sets the maximum execution time of the PHP program. If a PHP script is requested and the PHP script is in max_ execution_ If the execution cannot be completed within time, PHP will no longer continue to execute and directly return a timeout error to the client. There is no special need. This option can keep the default setting for 30 seconds. If your PHP script really needs a long execution time, you can increase the time setting appropriately.
(3) PHP script processing memory usage found:
memory_limit = 8M
This option specifies the maximum memory that PHP script processing can occupy. The default is 8MB. If your server memory is more than 1GB, this option can be set to 12MB to obtain faster PHP script processing efficiency.
(4) PHP global function declaration found:
register_globals = Off
Many articles on PHP settings on the Internet recommend setting this option to on. In fact, this is a very dangerous setting method, which may cause serious security problems. If there is no special need, it is strongly recommended to keep the default settings!
(5) PHP upload file size limit found:
upload_max_filesize = 2M
This option sets the maximum upload file size allowed by PHP, which is 2MB by default. This setting can be appropriately increased according to the actual application requirements.
(6) Session storage media found:
session.save_path
If your PHP program uses session conversation, you can set the session storage location to / dev / SHM, / dev / SHM is a TMPFS file system unique to the Linux system. It is a file system with memory as the main storage mode, which is better than ramdisk, because diskwap can be used as a supplement, and it is a function module of the system and does not need to be configured separately. Think about how fast it will be from disk IO operation to memory operation? Just note that all the data stored in / dev / SHM will be lost after the server is restarted. However, this is insignificant for the session
(7) Find short_ open_ tag = Off
Change to short_ open_ Tag = on, some domestic PHP programs are not standard, and closing may cause errors.

21. MySQL optimization and security settings
Optimization settings for MySQL
Open the / etc / my.cnf file and modify the following settings. If not, you can add them manually. When adjusting settings, please do what you can, which is related to the configuration of your server, especially the memory size. The following settings are suitable for servers with 1G memory, but they are not absolute.
#Specifies the size of the index buffer, which determines the speed of index processing, especially index reading. By checking the status value key_ read_ Requests and keys_ Reads, you can know the key_ buffer_ Whether the size setting is reasonable. Scale key_ reads / key_ read_ Requests should be as low as possible, at least 1:100 and 1:1000 is better (the above status values can be obtained by using show status like ‘key_reads’). key_ buffer_ Size works only on the MyISAM table. Even if you do not use the MyISAM table, but the internal temporary disk table is the MyISAM table, you should also use this value. You can use the check status value created_ tmp_ disk_ Tables for details.
key_buffer = 384M
#The number of connections required for MySQL. This works when the main MySQL thread gets a lot of connection requests in a short time, and then the main thread takes some time (albeit short) to check the connection and start a new thread. back_ The log value indicates how many requests can be stored in the stack in a short time before MySQL temporarily stops answering new requests. Only if you expect many connections in a short time, you need to increase it. In other words, this value is the size of the listening queue for incoming TCP / IP connections. Your operating system has its own limit on the size of this queue. Attempt to set back_ Log above the limit of your operating system will be invalid. The default value is 50
back_log = 200
#The maximum size of a package. The message buffer is initialized to net_ buffer_ Length bytes, but can be increased to Max when needed_ allowed_ Packet bytes. By default, this value is too small to capture large (possibly erroneous) packets. If you are using a large blob column, you must increase the value. It should be as big as the largest blob you want to use.
max_allowed_packet = 4M
#Number of customers allowed at the same time. Increasing this value increases the number of file descriptors required by mysqld. This number should be increased, otherwise you will often see too many connections errors. The default value is 100
max_connections = 1024
#Specifies the size of the table cache. Whenever MySQL accesses a table, if there is still space in the table buffer, the table is opened and placed in it, so that the table content can be accessed faster. By checking the status value of the peak time, open_ Tables and opened_ Tables, you can decide whether to add tables_ The value of the cache. If you find out_ Tables equals table_ Cache, and opened_ Tables are growing, so you need to add tables_ The cache value (the above status value can be obtained by using show status like ‘open_tables’). Note that you can’t put table blindly_ Cache is set to a large value. If set too high, it may cause insufficient file descriptors, resulting in unstable performance or connection failure.
table_cache = 512
#The buffer required for each thread to sort
sort_buffer_size = 4M
#When a query constantly scans a table, MySQL allocates a memory buffer for it. read_ buffer_ The size variable controls the size of this buffer. If you think continuous scanning is too slow, you can improve its performance by increasing the value of this variable and the memory buffer size.
read_buffer_size = 4M
#Speed up the data reading after sorting operation and improve the speed of reading classified rows. If you are performing a group by or order by operation on a table that is much larger than the available memory, you should increase read_ rnd_ buffer_ Size to speed up the reading of the rows after the sort operation. Still don’t understand the usefulness of this option
read_rnd_buffer_size = 8M
#Used for repair table. I don’t understand the usefulness of this option. The setting directions found on Baidu are also diverse, including 128M, 64M, 32m, etc. choose one among them.
myisam_sort_buffer_size = 64M
#The number of threads saved in the that can be reused. If so, the new thread is obtained from the cache. When the connection is disconnected, if there is space, the customer’s line is placed in the cache. If there are many new threads, you can use this variable value to improve performance. By comparing connections and threads_ You can see the function of the created state variable.
thread_cache_size = 128
#Query result cache. The first time a select statement is executed, the server remembers the text content of the query and the results it returns. The next time the server encounters this statement, it will not execute it again. Instead, it gets the results directly from the query cache and returns the results to the client.
query_cache_size = 32M
#Maximum concurrent threads, number of CPUs * 2
thread_concurrency = 2
#Set the timeout to avoid long connections
wait_timeout = 120
#Turn off unnecessary table types. If you need them, don’t add them
skip-innodb
skip-bdb
This article is worth reading about the optimization setting and checking of MySQL http://tech.itdb.cn/n/200607/27/n20060727_ 30398.shtml
Security settings for MySQL
Open the / etc / my.cnf file and modify the following settings. If not, you can add them manually.
#Unlocks the external lock of the file system
skip-locking
#Do not reverse resolve the domain name. Pay attention to the resulting permission / authorization problems
skip-name-resolve
#”Load data local infile” command is prohibited in MySQL. This command will use Mysql to read local files into the database, and then users can illegally obtain sensitive information. It is useful in some attack methods circulating on the network. It is also a means used by many newly discovered SQL injection attacks!
local-infile = 0
#Close the remote connection, port 3306. This is the default listening port of MySQL. Since MySQL only serves local scripts here, no remote connection is required. Although the built-in security mechanism of MySQL is very strict, listening to a TCP port is still a dangerous behavior, because if there is a problem with the MySQL program itself, unauthorized access can bypass the built-in security mechanism of MySQL. (you must determine whether you really don’t need to connect to MySQL remotely)
skip-networking
After modifying my.cnf, you also need to adjust the MySQL user name, account number, and default database
First log in to MySQL and enter / usr / local / MySQL / bin / MySQL – U root – P in the terminal window
Then you will be prompted to enter the password. After entering the correct password, the MySQL > prompt will appear.
Enter the following command:
mysql>use mysql;
mysql>update user set user=”centos” where user=”root”; (change the root user name of Mysql to CentOS to prevent the root password from being brutally cracked)
mysql>select Host,User,Password,Select_priv,Grant_priv from user;
mysql>delete from user where user=”; (delete user)
mysql>delete from user where password=”; (delete user)
mysql>delete from user where host=”; (delete user)
mysql>drop database test; (delete the default test database)
mysql>flush privileges; (refresh the MySQL cache to make the above settings take effect immediately)
mysql>quit;
In order for the above optimization and security settings to take effect, please restart MySQL service or Linux.
About the security settings of MySQL, this article is worth reading
http://www.unixren.com/linux/bencandy.php?fid=21&id=459

22. Operating system security adjustment
1. CentOS or red had Enterprise Linux 4 users should first open SELinux by modifying SELinux = “” in / etc / SELinux / config file to enforce. It can ensure that your system will not crash abnormally. Some people think it should be turned off. I strongly don’t recommend it. Of course, it doesn’t matter if CentOS is only used for fun, not for the actual server.
2. Enabling iptables firewall has many benefits for increasing system security. Set firewall rules.
3. Execute setup to close those unnecessary services. Remember to open one service less and there will be one less danger.
4. Disable the control ALT delete keyboard close command
Comment out the following line in the “/ etc / inittab” file (use #):
ca::ctrlaltdel:/sbin/shutdown -t3 -r now 
Replace with:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now 
To make this change work, enter the following command:
# /sbin/init q
5. Set permissions for script files under “/ etc / RC. D / init. D”
Set permissions for script files that execute or close programs that execute at startup.
# chmod -R 700 /etc/rc.d/init.d/* 
This means that only root is allowed to read, write and execute script files in this directory.
6. Modify the “/ etc / host. Conf” file
“/ etc / host. Conf” explains how to resolve addresses. Edit the “/ etc / host. Conf” file (VI / etc / host. CONF) and add the following line:
# Lookup names via DNS first then fall back to /etc/hosts. 
order bind,hosts 
# We have machines with multiple IP addresses. 
multi on 
# Check for IP address spoofing. 
nospoof on 
The first setting first resolves the IP address through DNS, and then through the hosts file. The second setting checks whether the host in the “/ etc / hosts” file has multiple IP addresses (such as multiple Ethernet cards). The third setting description should pay attention to the unauthorized electronic deception of the machine.
7. Immunize the “/ etc / services” file
Immunize the “/ etc / services” file to prevent unauthorized deletion or addition of services:
# chattr +i /etc/services
8. Prevent your system from responding to any external / internal Ping requests.
Since no one can ping your machine and receive a response, you can greatly enhance the security of your site. You can add the following command to / etc / rc.d/rc.local to make it run automatically after each startup.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
9. Setting resource limits on all users on your system can prevent DOS type attacks
Such as the maximum number of processes, memory, etc. For example, the restrictions on all users are as follows:
vi /etc/security/limits.conf
In the following code example, all users are limited to 10 MB per session and four logins are allowed at the same time. The third line disables everyone’s kernel dump. The fourth line removes all restrictions on user bin. FTP allows 10 concurrent sessions (especially useful for anonymous FTP accounts); The number of processes that are members of the managers group is limited to 40. Developers has a 64 MB memlock limit, and members of wwwusers cannot create files larger than 50 MB.
Listing 3. Setting quotas and restrictions
* hard rss 10000
* hard maxlogins 4
* hard core 0
bin –
ftp hard maxlogins 10
@managers hard nproc 40
@developers hard memlock 64000
@wwwusers hard fsize 50000
To activate these restrictions, you need to add the following line at the bottom of / etc / pam.d/login: session required / lib / security / PAM_ limits.so。
10. Comment out unwanted users and user groups.
vipw
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilerpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
htt:x:100:101:IIIMF Htt:/usr/lib/im:/sbin/nologin
wangjing:x:500:500::/home/wangjing:/bin/bash
mysql:x:101:102:MySQL server:/var/lib/mysql:/bin/bash
apache:x:48:48:Apache:/var/www:/sbin/nologin
ge-separated SSH:/var/empty/sshd:/sbin/nologin
Add # comments to all unnecessary users. Note that I don’t recommend deleting it directly. When you need a user for some reason, it will be very troublesome to re delete it yourself.
vi /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
dbus:x:81:
floppy:x:19:
vcsa:x:69:
rpm:x:37:
haldaemon:x:68:
utmp:x:22:
netdump:x:34:
nscd:x:28:
slocate:x:21:
sshd:x:74:
rpc:x:32:
rpcuser:x:29:
nfsnobody:x:65534:
mailnull:x:47:
smmsp:x:51:
pcap:x:77:
xfs:x:43:
ntp:x:38:
gdm:x:42:
pegasus:x:65:
htt:x:101:
wangjing:x:500:
mysql:x:102:
apache:x:48:
Add # comments to all unnecessary user groups. Note that I do not recommend deleting directly. When you need a user group for some reason, it will be troublesome to re delete it yourself.
11. Use the chatr command to add an unchangeable attribute to the following file.
# chattr +i /etc/passwd
# chattr +i /etc/shadow
# chattr +i /etc/group
# chattr +i /etc/gshadow
Note that after this operation, you can’t add users or change passwords to the system as root. If we want to add users or change passwords. You should first remove the non writable setting with the command chatr – I / etc / passwd before operation.
12. Modify the port of sshd.
Modify / etc / SSH / sshd_ Config, change the port to 59825 (the specific port is optional. Of course, it can’t conflict with the ports of other programs). And note out the # number before, and then
pkill sshd
service sshd start
That’s all
Note that it is best to modify this port locally, otherwise it is easy to lock yourself out. After modifying the local port, you should also pay attention to modifying the SSH port of the firewall.
13. Kernel parameter adjustment
vi /etc/sysctl.conf
net.ipv4.conf.default.accept_source_route=0
net.ipv4.icmp_echo_ignore_broadcasts=1
#net.ipv4.icmp_echo_ignore_all=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.ip_conntrack_max=65535
net.ipv4.tcp_syn_retries=1
net.ipv4.tcp_fin_timeout=5
net.ipv4.tcp_synack_retries=1
net.ipv4.tcp_syncookies=1
net.ipv4.route.gc_timeout=100
net.ipv4.tcp_keepalive_time=500
net.ipv4.tcp_max_syn_backlog=10000
#Sysctl – P / / view
14. Check the system log frequently. The system log is mainly located in the / var / log / directory. Take precautions.
Through the above settings, your system is generally safer. Of course, safety and insecurity are the struggle between the Tao and the devil.
After these steps, we have basically successfully established a relatively secure lamp server environment. It doesn’t feel very difficult, does it?

6、 Daily common management functions
# cd /usr/local/src
# wget ftp://ftp.ncftp.com/ncftp/ncftp-3.2.1-src.tar.gz
# tar zxvf ncftp-3.2.1-src.tar.gz
# cd ncftp-3.2.1-src
# ./configure –prefix=/usr/local/ncftp
# make && make install

23. MySQL database is automatically backed up and uploaded to the server
Backup of server data
1. Data backup
In order to prevent data loss caused by accidents, key data or the whole system or selected system parts shall be backed up locally and remotely to ensure that all or part of the system can operate continuously in case of disasters.
2. Specific scheme
1) Daily database backup
At 4:00 every day, copy the cnprintbbs database to / root / back for compression, and then upload it to the 192.168.1.9 server. The compressed version of / root / back is reserved.
Run script / root / scripts / back.sh
example:
#!/bin/bash
rm /root/back/Cnprintbbs/* -rf
/usr/local/mysql/bin/mysqlhotcopy Cnprintbbs /root/back/Cnprintbbs -u root -p uefer77693
sleep 5
cd /root/back
tar zcf `hostname`-Cnprintbbs`date +%Y%m%d`.tar.gz Cnprintbbs
sleep 5
echo “tar ok!”
/usr/local/ncftp/bin/ncftpput -u gamebak -p [email protected] 192.168.1.9 / /root/back/`hostname`-Cnprintbbs`date +%Y%m%d`.tar.gz
sleep 10
echo “upload Cnprintbbs ok!”
Save and set the scheduled task.
# crontab -e
Add a line:
00 4 * * * /root/scripts/back.sh
The database will be automatically backed up and uploaded at 4 a.m. every day.
2) . database instant backup
Every 1 hour, copy the cnprintbbs database to the / root / back / hour directory for backup, and then transfer the compressed file to a specific server.
example:
#!/bin/bash
hottime=`date +%Y%m%d%H%M`
mkdir /root/back/hour/Cnprintbbs”$hottime”
/usr/local/mysql/bin/mysqlhotcopy Cnprintbbs /root/back/hour/Cnprintbbs”$hottime” -u root -p uefer77693
sleep 5
cd /root/back/hour
tar zcf `hostname`-Cnprintbbs”$hottime”.tar.gz Cnprintbbs”$hottime”
sleep 5
echo “tar ok!”
/usr/local/ncftp/bin/ncftpput -u backupdb -p backupdb 192.168.102.119 / /root/back/hour/`hostname`-Cnprintbbs”$hottime”.tar.gz
sleep 20
echo “upload Cnprintbbs ok!”
rm `hostname`-Cnprintbbs”$hottime”.tar.gz -f
3) . log backup
At 02:00 every day, compress / log / the log of the previous day, and then upload it to the 192.168.9.1 server.
Run scripts / root / scripts / upload_ daily
example:
#!/bin/bash
cd /log/
mkdir log`date –date ‘1 days ago’ +%Y%m%d`
mv *.log.`date –date ‘1 days ago’ +%y%m%d`-* log`date –date ‘1 days ago’ +%Y%m%d`
sleep 10
tar zcvf `hostname`-log`date –date ‘1 days ago’ +%Y%m%d`.tar.gz log`date –date ‘1 days ago’ +%Y%m%d`
/usr/local/ncftp/bin/ncftpput -u log -p [email protected] 218.80.198.234 / /log/`hostname`-log`date –date ‘1 days ago’ +%Y%m%d`.tar.gz
rm `hostname`-log`date –date ‘1 days ago’ +%Y%m%d`.tar.gz
Note: the scheduled task can be set through / etc / crontab – E
4) . instant log backup
Directly run / home / root / tools / upload to upload the latest log to the 192.168.1.9 server for the convenience of the R & D department.
Run the script / home / root / tools / upload, (if all server logs need to be uploaded, you can run / home / root / tools / allupload on the gateway server)
24. Squid cache deletion and restart
1. Squid will slow down if it is used for a long time. My suggestion is to kill the squid process every 2 hours and the runaccel script will restart it automatically.
2. Write a script, put it into crontab, and empty the cache directory around 4 a.m. every day.
#!/bin/sh
# squid clean swap and restart scrīpt by marco lu
SQUID_DIR=/usr/local/squid/
PID_FILE=${SQUID_DIR}var/logs/squid.pid
CACHE_DIR=${SQUID_DIR}var/cache
PPID=`ps aux | grep -i squid | grep -v grep|awk ‘{print $2}’`
kill -9 ${PPID} > /dev/null
kill -9 `cat ${PID_FILE}` > /dev/null
rm -rf $CACHE_DIR/*
${SQUID_DIR}sbin/squid -z > /dev/null
if [ $? -eq 0 ]
then
${SQUID_DIR}bin/RunAccel & > /dev/null
fi
7、 Install vBulletin 3.6.8 and vBSEO 3.1.0
Both vbbulletin and vBSEO 3.0.1 are commercial software. The download link at this address is for trial only. Please delete it within 24 hours after downloading. Please contact the corresponding official if you buy the genuine version.
25. Install vBulletin 3.6.8
VBulletin is a powerful forum community solution. With it, you can easily create a forum system for your website. VBulletin is based on PHP and MySQL (an efficient open source database engine). These solid background technologies make the products we develop have extraordinary speed and reliable stability.
wget http://www.cnprint.org/bbs/blogs/1/a…1234567890.zip
For installation tutorials, see: http://www.vbulletin-china.cn/docs/h…rsion=30608602
Special note: please open config.php for Memcache settings.
26. Install vBSEO 3.1.0
VBSEO is a search optimization program for vBulletin (the most popular website forum), which can easily provide powerful search functions for your vBulletin website.
Download the vBSEO installer:
wget http://www.cnprint.org/bbs/blogs/1/a…eygen-gysn.zip
1. Open the vBSEO compressed package, decompress it, and FTP uploads all files and directories under the upload folder in binary mode to the corresponding directory of VBB.
2. Under Linux system, first modify the attribute of “VB root / includes / config_vbseo. PHP” file to be writable (Chmod 666)
3. Confirm that the VBB console starts the plug-in function, add / manage products in the plug-in and product column – product management, and import the crawlability in the ‘product’ directory_ Vbseo.xml (if the Chinese UTF-8 version is imported incorrectly in some cases, this file can be saved as UTF-8 coding with editing software), and the product is added.
4. Upload the. Htaccess file in the ‘htaccess’ directory to the forum root directory. Htaccess is not visible under some operating systems. At this time, you can only upload the htaccess.txt file to the VBB root directory, delete the. Htaccess file just uploaded, and rename the txt file just uploaded to. Htaccess.
5. Enter http: / / your web address / your VBB directory / vbseocp.php in the browser to configure your vBSEO, and enter your vBSEO management panel password twice. You can also edit upload \ includes \ config in advance_ Vbseo.php file, add the management password you want in define (‘vbseo_admin_password ‘,’abc’) (just add it in the middle of the following quotation marks, such as ABC).
6. If you need to enter the authorization code in the vBSEO management interface, please use the attached keygen to calculate the number of your domain and copy the 32-bit authorization code. After configuration, click ‘config’ in the second step_ VBSEO. PHP ‘file attribute changed back to read-only (Chmod 644)
7. Start using your vBSEO. After the first installation, you can directly enter the vBSEO management interface through the VBB background.
8. If necessary, move the htacess rule to httpd.conf. It can greatly reduce the load of Apache.
NameVirtualHost *:80

ServerName www.cnprint.org
DocumentRoot “/usr/local/apache2/htdocs”
#ErrorLog logs/error_log
# CustomLog logs/access_log combined

Options Indexes FollowSymLinks
AllowOverride none
Order allow,deny
Allow from all

Options Indexes FollowSymLinks
AllowOverride all
RewriteEngine On
#RewriteBase /bbs
RewriteCond %{HTTP_HOST} !^www\.cnprint\.org
RewriteRule (.*) http://www.cnprint.org/bbs/$1 [L,R=301]
#RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]
RewriteCond %{QUERY_STRING} !vbseourl=
RewriteCond %{REQUEST_URI} !(admincp/|modcp/|chat|cron)
RewriteRule ^(.*\.php)$ vbseo.php?vbseourl=$1 [L,QSA]
RewriteCond %{REQUEST_FILENAME} !\.(jpg|gif)$
RewriteRule ^(archive/.*)$ vbseo.php?vbseourl=$1 [L,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !^(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php?vbseourl=$1 [L,QSA]
Order allow,deny
Allow from all

Author: Holly ghost release date: August 5, 2009
I can’t mcrypt live or die
It’s been almost a month·····
Author: baizx release date: August 5, 2009
PhpMyAdmin could not load mcrypt share

Use phpMyAdmin to manage mysql. If the following prompt appears:
Cannot load mcrypt extension

Install the following RPM package using Yum or up2date to solve the above problem
php-mcrypt
php-mhash
libmcrypt
libmcrypt-devel
libmhash

Recommended Today

Application field of blockchain – Internet of things and logistics (II)

id:BSN_2021Official account: BSN Institute Distributed storage, encryption algorithm and consensus mechanism. Blockchain technology with these typical technical characteristics has been favored by many industries since its birth and contains great potential. Among these industries, the Internet of things and logistics are more mature areas for the application of blockchain technology. Blockchain can be naturally combined […]