标题:Nginx 0.8.46 + PHP 5.2.13(FastCGI)+mysql5.5.3打造高性能web服务器 出处:沧海一粟 时间:Thu, 09 Dec 2010 15:45:25 +0000 作者:jed 地址:http://www.dzhope.com/post/714/ 内容: 安装步骤:   (系统要求:Linux 2.6+ 内核,本文中的Linux操作系统为CentOS 5.3,另在RedHat AS4上也安装成功) 一、获取相关开源程序:   1、【适用CentOS操作系统】利用CentOS Linux系统自带的yum命令安装、升级所需的程序库(RedHat等其他Linux发行版可从安装光盘中找到这些程序库的RPM包,进行安装): sudo -s LANG=C yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers  2、【适用RedHat操作系统】RedHat等其他Linux发行版可从安装光盘中找到这些程序库的RPM包(事先可通过类似“rpm -qa | grep libjpeg”的命令查看所需的RPM包是否存在,通常是“xxx-devel”不存在,需要安装)。RedHat可以直接利用CentOS的RPM包安装,以下是RPM包下载网址:   ①、RedHat AS4 & CentOS 4   http://mirrors.163.com/centos/4/os/i386/CentOS/RPMS/   http://mirrors.163.com/centos/4/os/x86_64/CentOS/RPMS/   ②、RedHat AS5 & CentOS 5   http://mirrors.163.com/centos/5/os/i386/CentOS/   http://mirrors.163.com/centos/5/os/x86_64/CentOS/   ③、RPM包搜索网站   http://rpm.pbone.net/   http://www.rpmfind.net/   ④、RedHat AS4 系统环境,通常情况下缺少的支持包安装:   Ⅰ、i386 系统 wget http://blog.s135.com/soft/linux/nginx_php/rpm/i386/libjpeg-devel-6b-33.i386.rpm rpm -ivh libjpeg-devel-6b-33.i386.rpm wget http://blog.s135.com/soft/linux/nginx_php/rpm/i386/freetype-devel-2.1.9-1.i386.rpm rpm -ivh freetype-devel-2.1.9-1.i386.rpm wget http://blog.s135.com/soft/linux/nginx_php/rpm/i386/libpng-devel-1.2.7-1.i386.rpm rpm -ivh libpng-devel-1.2.7-1.i386.rpm Ⅱ、x86_64 系统 wget http://blog.s135.com/soft/linux/nginx_php/rpm/x86_64/libjpeg-devel-6b-33.x86_64.rpm rpm -ivh libjpeg-devel-6b-33.x86_64.rpm wget http://blog.s135.com/soft/linux/nginx_php/rpm/x86_64/freetype-devel-2.1.9-1.x86_64.rpm rpm -ivh freetype-devel-2.1.9-1.x86_64.rpm wget http://blog.s135.com/soft/linux/nginx_php/rpm/x86_64/libpng-devel-1.2.7-1.x86_64.rpm rpm -ivh libpng-devel-1.2.7-1.x86_64.rpm 3、【适用CentOS、RedHat及其它Linux操作系统】下载程序源码包:   本文中提到的所有开源软件为截止到2010年07月26日的最新稳定版。   ①、从软件的官方网站下载: wget http://sysoev.ru/nginx/nginx-0.8.46.tar.gz wget http://www.php.net/get/php-5.2.14.tar.gz/from/this/mirror wget http://php-fpm.org/downloads/php-5.2.14-fpm-0.5.14.diff.gz wget http://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.3-m3.tar.gz/from/http://mysql.he.net/ wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz wget "http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0" wget "http://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz?modtime=1194463373&big_mirror=0" wget http://pecl.php.net/get/memcache-2.2.5.tgz wget "http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1175740843&big_mirror=0" wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.10.tar.gz wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2 wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz wget http://blog.s135.com/soft/linux/nginx_php/imagick/ImageMagick.tar.gz wget http://pecl.php.net/get/imagick-2.3.0.tgz wget http://catlnmp.googlecode.com/files/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz wget http://catlnmp.googlecode.com/files/ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz ②、从blog.s135.com下载(比较稳定,只允许在本站,或者在Linux/Unix下通过Wget、Curl等命令下载以下软件): wget http://blog.s135.com/soft/linux/nginx_php/nginx/nginx-0.8.46.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/php/php-5.2.14.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/phpfpm/php-5.2.14-fpm-0.5.14.diff.gz wget http://blog.s135.com/soft/linux/nginx_php/mysql/mysql-5.5.3-m3.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/libiconv/libiconv-1.13.1.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/mcrypt/libmcrypt-2.5.8.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/mcrypt/mcrypt-2.6.8.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/memcache/memcache-2.2.5.tgz wget http://blog.s135.com/soft/linux/nginx_php/mhash/mhash-0.9.9.9.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/pcre/pcre-8.10.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/eaccelerator/eaccelerator-0.9.6.1.tar.bz2 wget http://blog.s135.com/soft/linux/nginx_php/pdo/PDO_MYSQL-1.0.2.tgz wget http://blog.s135.com/soft/linux/nginx_php/imagick/ImageMagick.tar.gz wget http://blog.s135.com/soft/linux/nginx_php/imagick/imagick-2.3.0.tgz wget http://catlnmp.googlecode.com/files/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz wget http://catlnmp.googlecode.com/files/ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz 二、安装PHP 5.2.14(FastCGI模式)   1、编译安装PHP 5.2.14所需的支持库: tar zxvf libiconv-1.13.1.tar.gz cd libiconv-1.13.1/ ./configure --prefix=/usr/local make make install cd ../ tar zxvf libmcrypt-2.5.8.tar.gz cd libmcrypt-2.5.8/ ./configure make make install /sbin/ldconfig cd libltdl/ ./configure --enable-ltdl-install make make install cd ../../ tar zxvf mhash-0.9.9.9.tar.gz cd mhash-0.9.9.9/ ./configure make make install cd ../ ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config tar zxvf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8/ /sbin/ldconfig ./configure make make install cd ../ 2、编译安装MySQL 5.5.3-m3 /usr/sbin/groupadd mysql /usr/sbin/useradd -g mysql mysql tar zxvf mysql-5.5.3-m3.tar.gz cd mysql-5.5.3-m3/ ./configure --prefix=/usr/local/mysql/ --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=partition,innobase,myisammrg make && make install cd ../ cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf /usr/local/mysql/bin/mysql_install_db --user=mysql chown -R mysql /usr/local/mysql/var chgrp -R mysql /usr/local/mysql/. 添加Mysql启动服务,并且设置root密码 cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql chmod 755 /etc/init.d/mysql chkconfig --level 345 mysql on echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf echo "/usr/local/lib" >> /etc/ld.so.conf ldconfig ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql ln -s /usr/local/mysql/include/mysql /usr/include/mysql service mysql start /usr/local/mysql/bin/mysqladmin -u root password root //root改为你需要的密码 service mysql restart 3、编译安装PHP(FastCGI模式) tar zxvf php-5.2.14.tar.gz gzip -cd php-5.2.14-fpm-0.5.14.diff.gz | patch -d php-5.2.14 -p1 cd php-5.2.14/ 解决跨站问题 vi main/fopen_wrappers.c 并找到php_check_open_basedir_ex方法,在char *end;和pathbuf = estrdup(PG(open_basedir));之间插入以下的代码: char path_copy[MAXPATHLEN]; int path_len; path_len = strlen(path); if (path_len >= MAXPATHLEN) { errno = EPERM; return -1; } if (path_len > 0 && path[path_len-1] == PHP_DIR_SEPARATOR) { memcpy(path_copy, path, path_len+1); while (path_len > 1 && path_copy[path_len-1] == PHP_DIR_SEPARATOR) path_len--; path_copy[path_len] = '\0'; path = (const char *)&path_copy; } char *env_doc_root; if (PG(doc_root)) { env_doc_root = estrdup(PG(doc_root)); } else { env_doc_root = sapi_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT")-1 TSRMLS_CC); } if (env_doc_root) { int res_root = php_check_specific_open_basedir(env_doc_root, path TSRMLS_CC); efree(env_doc_root); if (res_root == 0) { return 0; } if (res_root == -2) { errno = EPERM; return -1; } } 并在php.ini中启用open_basedir如下: open_basedir = "/var/tmp/:/tmp/" 修复php-5.2.x和php-5.3.x hash dos漏洞 到这里https://github.com/laruence/laruence.github.com/tree/master/php-5.2- max-input-vars下载对应的补丁版本,进入php目录,执行patch -p1 < php-5.2.*-max-input-vars.patch打上补丁 wget https://raw.github.com/laruence/laruence.github.com/master/php-5.2-max-input-vars/php-5.2.14-max-input-vars.patch patch -p1 < php-5.2.14-max-input-vars.patch 编译php ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip --enable-soap --enable-ftp make ZEND_EXTRA_LIBS='-liconv' make install cp php.ini-dist /usr/local/php/etc/php.ini cd ../ 4、编译安装PHP5扩展模块 tar zxvf memcache-2.2.5.tgz cd memcache-2.2.5/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../ tar jxvf eaccelerator-0.9.6.1.tar.bz2 cd eaccelerator-0.9.6.1/ /usr/local/php/bin/phpize ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config make make install cd ../ tar zxvf PDO_MYSQL-1.0.2.tgz cd PDO_MYSQL-1.0.2/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql make make install cd ../ tar zxvf ImageMagick.tar.gz cd ImageMagick-6.5.1-2/ ./configure make make install cd ../ tar zxvf imagick-2.3.0.tgz cd imagick-2.3.0/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../ 5、修改php.ini文件   手工修改:查找/usr/local/php/etc/php.ini中的extension_dir = "./"   修改为extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"   并在此行后增加以下几行,然后保存: extension = "memcache.so" extension = "pdo_mysql.so" extension = "imagick.so"   再查找output_buffering = Off   修改为output_buffering = On   再查找; cgi.fix_pathinfo=0   修改为cgi.fix_pathinfo=0,防止Nginx文件类型错误解析漏洞。  6、配置eAccelerator加速PHP: mkdir -p /usr/local/eaccelerator_cache vi /usr/local/php/etc/php.ini 按shift+g键跳到配置文件的最末尾,加上以下配置信息: [eaccelerator] zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so" eaccelerator.shm_size="64" eaccelerator.cache_dir="/usr/local/eaccelerator_cache" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="3600" eaccelerator.shm_prune_period="3600" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9" 安装Zend Optimizer,32位系统版本 tar zxvf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz mkdir -p /usr/local/zend/ cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/zend/ 如果是64位系统,则 tar zxvf ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz mkdir -p /usr/local/zend/ cp ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /usr/local/zend/ 在php.ini最后增加 [Zend] zend_optimizer.optimization_level=15 zend_extension=/usr/local/zend/ZendOptimizer.so 7、创建www用户和组 /usr/sbin/groupadd www /usr/sbin/useradd -g www www 8、创建php-fpm配置文件(php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi):   在/usr/local/php/etc/目录中创建php-fpm.conf文件: rm -f /usr/local/php/etc/php-fpm.conf vi /usr/local/php/etc/php-fpm.conf 输入以下内容(如果您安装 Nginx + PHP 用于程序调试,请将以下的0改为1,以便显示PHP错误信息,否则,Nginx 会报状态为500的空白错误页): All relative paths in this config are relative to php's install prefix
Pid file /usr/local/php/logs/php-fpm.pid Error log file /usr/local/php/logs/php-fpm.log Log level notice When this amount of php processes exited with SIGSEGV or SIGBUS ... 10 ... in a less than this interval of time, a graceful restart will be initiated. Useful to work around accidental curruptions in accelerator's shared memory. 1m Time limit on waiting child's reaction on signals from master 5s Set to 'no' to debug fpm yes
Name of pool. Used in logs and stats. default Address to accept fastcgi requests on. Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket' 127.0.0.1:9000 Set listen(2) backlog -1 Set permissions for unix socket, if one used. In Linux read/write permissions must be set in order to allow connections from web server. Many BSD-derrived systems allow connections regardless of permissions. 0666 Additional php.ini defines, specific to this pool of workers. /usr/sbin/sendmail -t -i 0 Unix user of processes www Unix group of processes www Process manager settings Sets style of controling worker process count. Valid values are 'static' and 'apache-like' static Sets the limit on the number of simultaneous requests that will be served. Equivalent to Apache MaxClients directive. Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi Used with any pm_style. 128 Settings group for 'apache-like' pm style Sets the number of server processes created on startup. Used only when 'apache-like' pm_style is selected 20 Sets the desired minimum number of idle server processes. Used only when 'apache-like' pm_style is selected 5 Sets the desired maximum number of idle server processes. Used only when 'apache-like' pm_style is selected 35 The timeout (in seconds) for serving a single request after which the worker process will be terminated Should be used when 'max_execution_time' ini option does not stop script execution for some reason '0s' means 'off' 0s The timeout (in seconds) for serving of single request after which a php backtrace will be dumped to slow.log file '0s' means 'off' 0s The log file for slow requests logs/slow.log Set open file desc rlimit 65535 Set max core size rlimit 0 Chroot to this directory at the start, absolute path Chdir to this directory at the start, absolute path Redirect workers' stdout and stderr into main error log. If not set, they will be redirected to /dev/null, according to FastCGI specs yes How much requests each process should execute before respawn. Useful to work around memory leaks in 3rd party libraries. For endless request processing please specify 0 Equivalent to PHP_FCGI_MAX_REQUESTS 1024 Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect. Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+) Makes sense only with AF_INET listening socket. 127.0.0.1 Pass environment variables like LD_LIBRARY_PATH All $VARIABLEs are taken from current environment $HOSTNAME /usr/local/bin:/usr/bin:/bin /tmp /tmp /tmp $OSTYPE $MACHTYPE 2
9、启动php-cgi进程,监听127.0.0.1的9000端口,进程数为128(如果服务器内存小于3GB,可以只开启64个进程),用户为www: ulimit -SHn 65535 /usr/local/php/sbin/php-fpm start 注:/usr/local/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload。 三、安装Nginx 0.8.46   1、安装Nginx所需的pcre库: tar zxvf pcre-8.10.tar.gz cd pcre-8.10/ ./configure make && make install cd ../ 2、安装Nginx tar zxvf nginx-0.8.46.tar.gz cd nginx-0.8.46/ ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module make && make install cd ../ 3、创建Nginx配置文件   ①、在/usr/local/nginx/conf/目录中创建nginx.conf文件: rm -f /usr/local/nginx/conf/nginx.conf vi /usr/local/nginx/conf/nginx.conf user www www; worker_processes 8; error_log /usr/local/nginx/logs/nginx_error.log crit; pid /usr/local/nginx/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; #charset gb2312; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; server { listen 80; server_name blog.s135.com; index index.html index.htm index.php; root /data0/htdocs/blog; #limit_conn crawler 20; location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 1h; } log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; access_log /data1/logs/access.log access; } server { listen 80; server_name www.domain.com; index index.html index.htm index.php; root /home/www; location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } log_format wwwlogs '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; access_log /data/logs/wwwlogs.log wwwlogs; } server { listen 80; server_name status.domain.com; location / { stub_status on; access_log off; } } } ②、在/usr/local/nginx/conf/目录中创建fcgi.conf文件: vi /usr/local/nginx/conf/fcgi.conf fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; 5、启动Nginx ulimit -SHn 65535 /usr/local/nginx/sbin/nginx 四、配置开机自动启动Nginx + PHP vi /etc/rc.local 增加 ulimit -SHn 65535 /usr/local/php/sbin/php-fpm start /usr/local/nginx/sbin/nginx 五、优化Linux内核参数 vi /etc/sysctl.conf # Add net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 #net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 1024 65535 使配置立即生效: /sbin/sysctl -p 七、编写每天定时切割Nginx日志的脚本   1、创建脚本/usr/local/nginx/sbin/cut_nginx_log.sh vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh #!/bin/bash # This script run at 00:00 # The Nginx logs path logs_path="/usr/local/webserver/nginx/logs/" mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/ mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log kill -USR1 `cat /usr/local/nginx/nginx.pid` 2、设置crontab,每天凌晨00:00切割nginx访问日志 crontab -e 00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh Generated by Bo-blog 2.1.1 Release