标题：Nginx+Apache搭建前后端web生产环境[转] 
出处：沧海一粟
时间：Fri, 16 Sep 2011 16:19:24 +0000
作者：jed
地址：http://www.dzhope.com/post/848/

内容：
前言:谈到Linux下的web生产环境,大家就会想到apache这个开源服务器软件.apache可以整合大多数应用,比如jsp,php,cgi,python等等,但是apache过于臃肿以及对静态文件响应过于缓慢让很多使用者感到头疼.而nginx作为新崛起的服务器软件,在很多方面超出apache,定位也很明确:高性能的 HTTP 和反向代理服务器.因而,本篇主要讲的是nginx作为前端,apache作为后端的应用环境搭建过程.

为什么不使用nginx+php(fastcgi)作为生产环境?我提出我的看法.

1.php(fastcgi)不够稳定,经常出现502错误,生成相对复杂的页面没有优势,反而会使php-cgi进程变为僵尸进程.
2.安全性,多用户多站点权限问题.php(fastcgi)在应对多用户多站点往往捉襟见肘,不易于实施.
3.整合其他开发语言,apache表现得游刃有余.资源利用恰到好处.
为什么采用nginx做前端,apache作为后端的方案?nginx在处理静态内容上较apache是几倍或几十倍的差异,因而放在前面过滤静态内容是最为恰当的.同时nginx也是一个负载均衡器,低资源消耗,高性能转发是它的特点.经过nginx在前面的过滤,后端的apache需要处理的内容相对就比较少了.只需负责处理动态内容就可以了.在性能与稳定性的权衡下,使用nginx+apache搭配会让它们在各自擅长的领域展现自身的价值.

本教程以CentOS 5.4 32bit为环境.其他Linux发行版本暂未测试.nginx,php,apache,mysql,pureftpd均为最新稳定版. 

获取操作系统源更新.

yum update

yum -y install gcc gcc-c++ bison patch unzip mlocate flex wget automake autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel openldap openldap-devel openldap-clients openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel

如果系统默认安装了apache,请先卸载.执行:

yum remove httpd

下载最新稳定版的程序源码包,以下都是到官方网站或sourceforge下载的源码包.

cd /usr/local/src

wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.45.tar.gz/from/http://mysql.he.net/

wget http://www.apache.org/dist/httpd/httpd-2.2.15.tar.gz

wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz

wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz

wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.bz2/download

wget http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download

wget http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download

wget http://www.php.net/get/php-5.2.13.tar.gz/from/this/mirror

wget http://php-fpm.org/downloads/php-5.2.13-fpm-0.5.13.diff.gz

wget http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/php5-mail-header.patch

wget http://pecl.php.net/get/memcache-2.2.5.tgz

wget http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2

wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz

wget http://pecl.php.net/get/imagick-2.3.0.tgz

wget http://download.suhosin.org/suhosin-0.9.29.tgz

wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz

wget http://downloads.zend.com/optimizer/3.3.9/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz

wget http://monkey.org/~provos/libevent-1.4.13-stable.tar.gz

wget http://memcached.googlecode.com/files/memcached-1.4.4.tar.gz

wget http://sourceforge.net/projects/pcre/files/pcre/8.01/pcre-8.01.tar.gz/download

wget http://nginx.org/download/nginx-0.7.65.tar.gz

wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.28.tar.gz

一.安装Mysql.安装最新稳定版5.1.45版本,并没有采用最新开发版.
cd /usr/local/src

tar -zxf mysql-5.1.45.tar.gz

cd mysql-5.1.45

./configure --prefix=/usr/local/mysql --enable-assembler --enable-thread-safe-client --with-extra-charsets=all --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=partition,innodb_plugin,myisam,myisammrg

make && make install

cd ../

groupadd mysql -g 27

useradd mysql -u 27 -g 27 -c "MySQL Server" -d /var/lib/mysql -M

cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf

/usr/local/mysql/bin/mysql_install_db --user=mysql

chown -R mysql /usr/local/mysql/var

chgrp -R mysql /usr/local/mysql/.

cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql

chmod u+x /etc/init.d/mysql

chkconfig --level 345 mysql on

echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf

echo "/usr/local/lib" >>/etc/ld.so.conf

ldconfig

ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql

ln -s /usr/local/mysql/include/mysql /usr/include/mysql

ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config

service mysql start

/usr/local/mysql/bin/mysqladmin -u root password root

service mysql restart

service mysql stop

二.编译安装apache(httpd).apache的执行用户为nobody.
cd /usr/local/src

tar -zxf httpd-2.2.15.tar.gz

cd httpd-2.2.15

./configure --prefix=/usr/local/apache --enable-headers --enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --disable-userdir --with-included-apr --with-mpm=prefork --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ --with-suexec-gidmin=100 --with-suexec-logfile=/usr/local/apache/logs/suexec_log --with-suexec-uidmin=100 --with-suexec-userdir=public_html

make

make install

mkdir /usr/local/apache/domlogs

cp /usr/local/apache/bin/apachectl /etc/init.d/httpd

1.编辑/etc/init.d/httpd,在首行#!/bin/sh下添加:

# Startup script for the Apache Web Server

#

# chkconfig: - 85 15

# description: Apache is a World Wide Web server. It is used to serve \

# HTML files and CGI.

# processname: httpd

# pidfile: /usr/local/apache/logs/httpd.pid

# config: /usr/local/apache/conf/httpd.conf

ulimit -n 1024

ulimit -n 4096

ulimit -n 8192

ulimit -n 16384

ulimit -n 32768

ulimit -n 65535

保存退出.

2.配置apache配置参数文件httpd.conf,位于/usr/local/apache/conf/目录

cd /usr/local/apache/conf/

mv httpd.conf httpd.conf.bak

mkdir vhosts

vi httpd.conf

输入以下内容:

PidFile logs/httpd.pid
LockFile logs/accept.lock
ServerRoot "/usr/local/apache"
Listen 0.0.0.0:81
User nobody
Group nobody
ServerAdmin admin@evlit.com
ServerName host.evlit.com

Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
TraceEnable Off
ServerTokens ProductOnly
FileETag None
ServerSignature Off
HostnameLookups Off

# LoadModule perl_module modules/mod_perl.so

DocumentRoot "/usr/local/apache/htdocs"

<Directory "/">
 Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes -MultiViews SymLinksIfOwnerMatch
 Order allow,deny
 Allow from all
 AllowOverride All
</Directory>

<Directory "/usr/local/apache/htdocs">
 Options Includes -Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

DefaultType text/plain
RewriteEngine on
AddType text/html .shtml
AddHandler cgi-script .cgi .pl .plx .ppl .perl
AddHandler server-parsed .shtml
<IfModule mime_module>

    TypesConfig conf/mime.types
    AddType application/perl .pl .plx .ppl .perl
    AddType application/x-img .img
    AddType application/x-httpd-php .php .php3 .php4 .php5 .php6
    AddType application/x-httpd-php-source .phps
    AddType application/cgi .cgi
    AddType text/x-sql .sql
    AddType text/x-log .log
    AddType text/x-config .cnf conf
    AddType text/x-registry .reg
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddType application/x-tar .tgz
    AddType application/rar .rar
    AddType application/x-compressed .rar
    AddType application/x-rar .rar
    AddType application/x-rar-compressed .rar
    AddType text/vnd.wap.wml .wml
    AddType image/vnd.wap.wbmp .wbmp
    AddType text/vnd.wap.wmlscript .wmls
    AddType application/vnd.wap.wmlc .wmlc
    AddType application/vnd.wap.wmlscriptc .wmlsc
</IfModule>

<IfModule dir_module>
 DirectoryIndex index.html index.htm index.shtml index.php index.perl index.pl index.cgi
</IfModule>

<Files ~ "^error_log$">
 Order allow,deny
 Deny from all

 Satisfy All
</Files>

<FilesMatch "^\.ht">
 Order allow,deny
 Deny from all
 Satisfy All
</FilesMatch>

ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 LogFormat "%h %l %u %t \"%r\" %>s %b" common

 <IfModule logio_module>

 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
 </IfModule>
 CustomLog "logs/access_log" common
</IfModule>

<IfModule alias_module>
 ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>

<Directory "/usr/local/apache/cgi-bin">
 AllowOverride None
 Options None
 Order allow,deny
 Allow from all
</Directory>

<IfModule mpm_prefork_module>
 StartServers          3
 MinSpareServers       3
 MaxSpareServers       5
 MaxClients          150
 MaxRequestsPerChild   1024
</IfModule>

<IfModule mod_headers.c>
<FilesMatch "\.(html|htm|shtml)$">

Header set Cache-Control "max-age=3600, must-revalidate"
</FilesMatch>
</IfModule>

ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

Include conf/extra/httpd-languages.conf

<Location /server-status>
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from 127.0.0.1
</Location>
ExtendedStatus On

<Location /server-info>
 SetHandler server-info
 Order deny,allow
 Deny from all
 Allow from 127.0.0.1

</Location>

<IfModule ssl_module>
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

#Vhosts
NameVirtualHost 127.0.0.1:81
NameVirtualHost *

<VirtualHost 127.0.0.1:81 *>
 ServerName host.evlit.com
 DocumentRoot /var/www/html
 ServerAdmin admin@evlit.com
</VirtualHost>

Include conf/vhosts/*上述出现的127.0.0.1请改为你本机公网IP.

三.编译安装php(mod_php)
1.编译安装相关支持库

cd /usr/local/src

tar -zxf libiconv-1.13.1.tar.gz

cd libiconv-1.13.1/

./configure

make

make install

cd /usr/local/src

tar -jxf libmcrypt-2.5.8.tar.bz2

cd libmcrypt-2.5.8/

./configure

make

make install

/sbin/ldconfig

cd libltdl/

./configure --enable-ltdl-install

make

make install

cd /usr/local/src

tar -jxf mhash-0.9.9.9.tar.bz2

cd mhash-0.9.9.9/

./configure

make

make install

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la

ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so

ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4

ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8

ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a

ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la

ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so

ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2

ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

cd /usr/local/src

tar -zxf mcrypt-2.6.8.tar.gz

cd mcrypt-2.6.8/

/sbin/ldconfig

./configure

make

make install

2.编译php,这里我们为php打入补丁.有助于防止邮件发送被滥用(多用户)以及在邮件中提供有价值的信息.补丁介绍信息请点击:http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/

cd /usr/local/src

tar -zxf php-5.2.13.tar.gz

patch -d php-5.2.13 -p1 < php5-mail-header.patch

cd php-5.2.13

./configure --prefix=/usr/local --with-config-file-path=/etc --with-apxs2=/usr/local/apache/bin/apxs --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo=shared --enable-soap --enable-sockets --enable-zip --with-bz2 --with-curl --with-curlwrappers --with-freetype-dir --with-gd --with-gettext --with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr --with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared --with-ttf --with-xmlrpc --with-zlib -with-zlib-dir=/usr

make ZEND_EXTRA_LIBS='-liconv'

make install

cp php.ini-dist /etc/php.ini

3.安装php扩展模块

cd /usr/local/src

tar -zxf memcache-2.2.5.tgz

cd memcache-2.2.5/

phpize

./configure --with-php-config=/usr/local/bin/php-config --with-zlib-dir --enable-memcache

make

make install

cd /usr/local/src

tar -jxf eaccelerator-0.9.6.tar.bz2

cd eaccelerator-0.9.6/

phpize

./configure --enable-eaccelerator=shared --with-php-config=/usr/local/bin/php-config

make

make install

mkdir -p /tmp/eaccelerator

chmod 777 /tmp/eaccelerator

echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local

echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.local

cd /usr/local/src

tar -zxf ImageMagick.tar.gz

cd ImageMagick-*

./configure

make

make install

cd /usr/local/src

tar -zxf imagick-2.3.0.tgz

cd imagick-2.3.0/

phpize

./configure --with-php-config=/usr/local/bin/php-config

make

make install

cd /usr/local/src

tar -zxf suhosin-0.9.29.tgz

cd suhosin-0.9.29

phpize

./configure

make

make install

cd /usr/local/src

tar -zxf ioncube_loaders_lin_x86.tar.gz

cd ioncube

mkdir /usr/local/ioncube

mv ioncube_loader_lin_5.2.so /usr/local/ioncube/

cd /usr/local/src

tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz

mkdir -p /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x

cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so

3.1.修改php.ini.

查找/etc/php.ini中的extension_dir = "./".将其修改为extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613/"

查找;include_path = ".:/php/includes",删除前面的分号,并修改为include_path = ".:/usr/lib/php:/usr/local/lib/php"

跳到最后一行,然后添加以下内容:

extension = "memcache.so"

extension = "pdo.so"

extension = "pdo_mysql.so"

extension = "pdo_sqlite.so"

extension = "sqlite.so"

extension = "eaccelerator.so"

eaccelerator.shm_size = 32

eaccelerator.cache_dir = "/tmp/eaccelerator"

eaccelerator.enable = 1

eaccelerator.optimizer = 0

eaccelerator.debug = 0

eaccelerator.name_space = ""

eaccelerator.check_mtime = 1

eaccelerator.filter = ""

eaccelerator.shm_max = 0

eaccelerator.shm_ttl = 7200

eaccelerator.shm_prune_period = 7200

eaccelerator.shm_only = 1

eaccelerator.compress = 0

eaccelerator.compress_level = 9

eaccelerator.keys = shm

eaccelerator.sessions = shm

eaccelerator.content = shm

zend_extension = "/usr/local/ioncube/ioncube_loader_lin_5.2.so"

zend_extension = "/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so"

4,安装Memcached(可选)

cd /usr/local/src

tar -xzf libevent-1.4.13-stable.tar.gz

cd libevent-1.4.13-stable

./configure

make

make install

ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib

cd /usr/local/src

tar -xzf memcached-1.4.4.tar.gz

cd memcached-1.4.4

./configure --with-libevent=/usr

make

make install

基本使用方法:

启动:/usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost

关闭:killall -9 memcached

四.安装nginx
1.安装pcre库

cd /usr/local/src

tar -zxf pcre-8.01.tar.gz

cd pcre-8.01

./configure

make

make install

2.安装nginx

cd /usr/local/src

tar -zxf nginx-0.7.65.tar.gz

cd nginx-0.7.65

./configure --user=nobody --group=nobody --prefix=/usr/local/nginx --pid-path=/usr/local/nginx/logs/nginx.pid --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --http-client-body-temp-path=/tmp/nginx_client --http-proxy-temp-path=/tmp/nginx_proxy --http-fastcgi-temp-path=/tmp/nginx_fastcgi --with-http_stub_status_module

make

make install

2.1.添加init控制脚本

#! /bin/sh
ulimit -n 65535
# Description: Startup script for nginx
# chkconfig: 2345 55 25

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/usr/local/nginx/logs/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

set -e
[ -x "$DAEMON" ] || exit 0

do_start() {
 $DAEMON -c $CONFIGFILE || echo -n "nginx already running"
}

do_stop() {
 kill -QUIT `cat $PIDFILE` || echo -n "nginx not running"
}

do_reload() {
 kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"
}

case "$1" in
 start)
 echo -n "Starting $DESC: $NAME"
 do_start
 echo "."
 /etc/init.d/httpd start
 ;;
 stop)
 echo -n "Stopping $DESC: $NAME"
 do_stop
 echo "."
 /etc/init.d/httpd stop
 ;;
 reload)
 echo -n "Reloading $DESC configuration..."
 do_reload
 echo "."
 /etc/init.d/httpd restart
 ;;
 restart)
 echo -n "Restarting $DESC: $NAME"
 do_stop
 sleep 1
 do_start
 echo "."
 /etc/init.d/httpd restart
 ;;
 *)
 echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2
 exit 3
 ;;
esac

exit 0保存退出,给该文件赋予执行权限并设置开机启动

chmod u+x /etc/init.d/nginx

chkconfig --level 345 nginx on

2.2.修改nginx配置文件,位于:/usr/local/nginx/conf/目录

cd /usr/local/nginx/conf/

mv nginx.conf nginx.conf.bak

mkdir vhosts

vi nginx.conf

输入以下内容:

worker_processes  1;
worker_rlimit_nofile  65535;
events {
 worker_connections  65535;
 use epoll;
}
error_log  /usr/local/nginx/logs/error.log info;
http {
 include    mime.types;
 default_type  application/octet-stream;
 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout  10;
 gzip on;
 gzip_http_version 1.0;
 gzip_min_length  1100;
 gzip_comp_level  3;
 gzip_buffers  4 32k;
 gzip_types    text/plain text/xml text/css application/x-javascript application/xml application/xml+rss text/javascript application/atom+xml;
 ignore_invalid_headers on;
 client_header_timeout  3m;
 client_body_timeout 3m;
 send_timeout     3m;
 connection_pool_size  256;
 server_names_hash_max_size 2048;
 server_names_hash_bucket_size 256;
 client_header_buffer_size 256k;
 large_client_header_buffers 4 256k;
 request_pool_size  32k;
 output_buffers   4 64k;
 postpone_output  1460;
 open_file_cache max=1000 inactive=300s;
 open_file_cache_valid    600s;
 open_file_cache_min_uses 2;
 open_file_cache_errors   off;
 include "/usr/local/nginx/conf/vhosts/*.conf";
 server {
 listen 80;
 server_name _;
 access_log off;
 location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
 deny  all;
 }
 location / {
 client_max_body_size    100m;
 client_body_buffer_size 128k;
 proxy_send_timeout   300;
 proxy_read_timeout   300;
 proxy_buffer_size    4k;
 proxy_buffers     16 32k;
 proxy_busy_buffers_size 64k;
 proxy_temp_file_write_size 64k;
 proxy_connect_timeout 30s;
 proxy_pass http://127.0.0.1:81/;
 proxy_set_header   Host   $host;
 proxy_set_header   X-Real-IP  $remote_addr;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 }
 }
}保存退出.

五.为apache安装rpaf模块,该模块用于apache做后端时获取访客真实的IP.
1.使用apxs安装模块.这里要使用此前apache编译安装后的apxs

cd /usr/local/src/

tar -zxf mod_rpaf-0.6.tar.gz

cd mod_rpaf-0.6

/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

2.编辑/usr/local/apache/conf/httpd.conf,添加模块参数,查找LoadModule php5_module modules/libphp5.so,在下方添加:

LoadModule rpaf_module modules/mod_rpaf-2.0.so

#Mod_rpaf settings

RPAFenable On

RPAFproxy_ips 127.0.0.1 [your_ips]

RPAFsethostname On

RPAFheader X-Forwarded-For

上面出现的[your_ips]请修改为你本机所监听web服务的ip.多个IP用空格空开.

六.安装ftp服务器:pure-ftpd
1.编译安装

cd /usr/local/src/

tar -zxf pure-ftpd-1.0.28.tar.gz

cd pure-ftpd-1.0.28

./configure --prefix=/usr/local/pureftpd --with-language=simplified-chinese --with-everything

make

make install

chmod u+x configuration-file/pure-config.pl

cp configuration-file/pure-config.pl /usr/local/pureftpd/sbin/

mkdir /usr/local/pureftpd/etc/

cp configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/

ln -s /usr/local/pureftpd/bin/pure-pw /usr/local/bin/

2.配置pure-ftpd,这里采用PureDB的验证方式.

vi /usr/local/pureftpd/etc/pure-ftpd.conf

查找 PureDB /etc/pureftpd.pdb 取消前面的#号并设置成PureDB/usr/local/pureftpd/etc/pureftpd.pdb

查找 PassivePortRange 取消前面的#号

其他参数根据需要进行修改

3.添加自启动.这里不创建init脚本.直接放在/etc/rc.local启动即可

echo "/usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize" > /etc/rc.local

至此.所有安装工作结束.

如何使用这套系统
一,做好必要的安全工作
设置用户家目录/home/user,相关配置参数文件,以及访问日志等目录的权限.

chmod 711 /home

chmod 711 /usr/local/pureftpd

chmod 711 /usr/local/apache/conf/vhosts

chmod 711 /usr/local/nginx/conf/vhosts

chmod 711 /usr/local/apache/domlogs

chmod 711 /usr/local/apache/logs

二,如何创建用户
创建用户分两个步骤.第一步创建系统用户.该命令直接创建用户家目录.第二步创建ftp用户.创建该用户依赖系统用户的创建.步骤如下(以创建用户名为admin为例):

useradd admin -m -s /sbin/nologin

pure-pw useradd admin -u admin -g admin -d /home/admin -m[第一次执行不可用]

pure-pw mkdb[仅限第一次执行]

注意.通过上述方法安装的ftp服务器在第一次创建用户的时候不可以在pure-pw useradd ...后直接添加参数-m更新ftp用户数据库.需要分两步执行.以后可以直接在创建用户时在后面添加参数-m,执行之后会提示让你输入密码.需要重复输入两次.

三.如何绑定域名
由于采用前后端操作.因此需要修改两个服务器软件的虚拟主机参数.实例如下(以admin.com为例,用户目录承接上文的/home/admin):

1.创建nginx虚拟主机参数

cd /usr/local/nginx/conf/vhosts

touch admin.com.conf

vi admin.com.conf

输入以下内容:

server {
 error_log /usr/local/nginx/logs/admin.com-error_log warn;
 listen 127.0.0.1:80;
 server_name admin.com www.admin.com;
 access_log off;
 location ~* \.(gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg \
|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|rar \
|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
 access_log /usr/local/apache/domlogs/admin.com combined;
 root /home/admin/public_html;
 expires 7d;
 try_files $uri @backend;
 }
 error_page 400 401 402 403 404 405 406 407 408 409 500 501 502 503 504 @backend;
 location @backend {
 internal;
 client_max_body_size    100m;
 client_body_buffer_size 128k;
 proxy_send_timeout   300;
 proxy_read_timeout   300;
 proxy_buffer_size    4k;
 proxy_buffers     16 32k;
 proxy_busy_buffers_size 64k;
 proxy_temp_file_write_size 64k;
 proxy_connect_timeout 30s;
 proxy_redirect http://admin.com:81 http://admin.com;
 proxy_redirect http://www.admin.com:81 http://www.admin.com;
 proxy_pass http://127.0.0.1:81;
 proxy_set_header   Host   $host;
 proxy_set_header   X-Real-IP  $remote_addr;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 }
 location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
 deny  all;
 }
 location / {
 client_max_body_size    100m;
 client_body_buffer_size 128k;
 proxy_send_timeout   300;
 proxy_read_timeout   300;
 proxy_buffer_size    4k;
 proxy_buffers     16 32k;
 proxy_busy_buffers_size 64k;
 proxy_temp_file_write_size 64k;
 proxy_connect_timeout 30s;
 proxy_redirect http://admin.com:81 http://admin.com;
 proxy_redirect http://www.admin.com:81 http://www.admin.com;
 proxy_pass http://127.0.0.1:81/;
 proxy_set_header   Host   $host;
 proxy_set_header   X-Real-IP  $remote_addr;
 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
 }
}保存退出,注意将上述出现的127.0.0.1替换本机监听web服务的IP

2.创建apache虚拟主机配置文件

cd /usr/local/apache/conf/vhosts

touch admin.com.conf

vi admin.com.conf

输入以下内容:

<VirtualHost 127.0.0.1:81>

 ServerName admin.com
 ServerAlias www.admin.com
 DocumentRoot /home/admin/public_html
 ServerAdmin admin@evlit.com
 UseCanonicalName Off
 CustomLog /usr/local/apache/domlogs/admin.com combined
 php_admin_value open_basedir "/home/admin:/usr/lib/php:/usr/local/lib/php:/tmp"
 <IfModule !mod_disable_suexec.c>
 SuexecUserGroup admin admin
 </IfModule>
 ScriptAlias /cgi-bin/ /home/admin/public_html/cgi-bin/
</VirtualHost>保存退出,注意将上述出现的127.0.0.1替换本机监听web服务的IP.

四.如何管理MySQL数据库
1.下载最新版PhpMyAdmin源码包

mkdir -p /var/www/html

chmod -R 711 /var/www

cd /var/www/html

wget http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.3.0%2FphpMyAdmin-3.3.0-all-languages.tar.bz2/download

tar -jxf phpMyAdmin-3.3.0-all-languages.tar.bz2

mv phpMyAdmin-3.3.0-all-languages phpmyadmin

2.增加apache配置,编辑httpd.conf,转到最后一行

cd /usr/local/apache/conf

vi httpd.conf /* shift+g转到最后一行 */

#Managed Tools

<VirtualHost 127.0.0.1:81 *>

ServerName localhost

ServerAlias pma.*

DocumentRoot /var/www/html/phpmyadmin

ServerAdmin admin@localhost

UseCanonicalName Off

</VirtualHost>

同样,修改上述出现的127.0.0.1为你提供web服务的IP.重启apache后.我们打开绑定到服务器IP的pma.yourdomain.com即可访问到phpmyadmin.第一次使用.需要进行配置.具体配置请善用Google.

其他没有照顾到的地方自行添加即可.如perl,sendmail等.

为方便管理员添加用户及绑定域名.我编写了一个脚本.

wget http://icodex.org/vhosts

chmod u+x vhosts

./vhosts




Generated by Bo-blog 2.1.1 Release