Nginx 0.7.x + PHP 5.2.10(FastCGI)搭建支持高并发量的Web服务器
Nginx ("engine x") 是一个高性能的 HTTP
和反向代理服务器,也是一个 IMAP/POP3/SMTP 代理服务器。 Nginx 是由 Igor Sysoev 为俄罗斯访问量第二的 Rambler.ru
站点开发的,它已经在该站点运行超过两年半了。Igor
将源代码以类BSD许可证的形式发布。
一、为什么选择Nginx
1、在高连接并发的情况下,Nginx是Apache服务器不错的替代品,能够支持高达
50,000 个并发连接数的响应, Nginx选择了 epoll and kqueue 作为开发模型。
2、 Nginx作为负载均衡服务器:
Nginx 既可以在内部直接支持 Rails 和 PHP 程序对外进行服务, 也可以支持作为 HTTP代理服务器对外进行服务. Nginx采用C进行编写,
不论是系统资源开销还是CPU使用效率都比 Perlbal 要好很多。
3、作为邮件代理服务器: Nginx
同时也是一个非常优秀的邮件代理服务器。
为什么 Nginx的性能要比Apache高得多?这得益于Nginx使用了最新的epoll(Linux
2.6内核)和kqueue(freebsd)网络I/O模型,而Apache则使用的是传统的select模型。目前Linux下能够承受高并发访问的
Squid、Memcached都采用的是epoll网络I/O模型。其基本原理请见我的另一篇文章:Linux服务器网络开发模型
二、Nginx的安装以及配置
系统要求:Linux 2.6+
内核,本文中的Linux操作系统为CentOS 5.2+
1、获取相关的开源程序:(适用CentOS操作系统)利用CentOS
Linux系统自带的yum命令安装、升级所需的程序库。
yum -y install gcc gcc-c++ autoconf libjpeg
libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel
zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses
ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn
libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap
openldap-clients openldap-servers
2、安装PHP 5.2.10(FastCGI模式)
编译安装PHP
5.2.10所需的支持库:
tar zxvf libiconv-1.13.tar.gz
cd
libiconv-1.13/
./configure --prefix=/usr/local
make
make install
cd
../
tar zxvf libmcrypt-2.5.8.tar.gz
cd
libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd
libltdl/
./configure --enable-ltdl-install
make
make install
cd
http://www.cnblogs.com/
tar zxvf mhash-0.9.9.9.tar.gz
cd
mhash-0.9.9.9/
./configure
make
make install
cd ../
ln -s
/usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s
/usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s
/usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s
/usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s
/usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s
/usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s
/usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s
/usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s
/usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
tar zxvf
mcrypt-2.6.8.tar.gz
cd
mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
cd
../
3、编译安装MySQL 5.1.38
/usr/sbin/groupadd mysql //
建立mysql组
/usr/sbin/useradd -g mysql mysql //
建立mysql用户并且加入到mysql组中
tar zxvf mysql-5.1.38.tar.gz
cd
mysql-5.1.38/
./configure --prefix=/usr/local/webserver/mysql/
--enable-thread-safe-client
make && make install
cp
/usr/local/src/mysql/support-files/my-medium.cnf /etc/my.cnf 在
support-files目录下有4个模版文件,我们选择其中一个座位Mysql的配置文件,覆盖/etc/my.cnf(系统默认的配置,其中设置了性能参数和Mysql的一些路径参数);
cd
/usr/local/mysql
//进入mysql目录
/usr/local/webserver/mysql/bin/mysql_install_db
--basedir=/usr/local/webserver/mysql --datadir=/usr/local/webserver/mysql/data
--user=mysql //初试化表并且规定用mysql用户来访问。初始化表以后就开始给mysql和root用户设定访问权限;
chown
-R root . //设定root能访问/usr/local/mysql;
chown -R mysql data
//设定mysql用户能访问/usr/local/mysql/data
,里面存的是mysql的数据库文件.这个目录是在/etc/my.cnf中有配置,mysql_install_db时产生;
chown -R
mysql data/. //设定mysql用户能访问/usr/local/mysql/data/mysql下的所有文件;
chgrp -R
mysql . //(此处
.前面有空格哦)设定mysql组能够访问/usr/local/mysql;
/usr/local/mysql/bin/mysqld_safe
--user=mysql & //运行mysql;
/usr/local/src/mysql/bin/mysqladmin -u
root password 'yourpassword'
//MYSQL默认安装密码为空,为mysql设置密码,利用的是/usr/local/src/mysql/bin/下的mysqladmin文件;
启动MySQL服务:
cp /usr/local/src/mysql/support-files/mysql.server /etc/init.d/mysql
vi
/etc/init.d/mysql
修改如下定义使其内容为:
basedir=/usr/local/webserver/mysql
datadir=/usr/local/webserver/mysql/data
chmod +x mysql
//赋予shell脚本可执行权限:
chkconfig --level 345 mysql on
service mysql
restart
Shutting down MySQL... [ OK ]
Starting MySQL [ OK ]
连接:
/usr/local/src/mysql/bin/mysql -u root -p
Enter password:
Welcome to
the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is
5 to server version: 4.1.14-standard
Type 'help;' or '\h' for help. Type
'\c' to clear the buffer.
mysql>
4、编译安装PHP(FastCGI模式)
tar
zxvf php-5.2.10.tar.gz
gzip -cd php-5.2.10-fpm-0.5.11.diff.gz | patch -d
php-5.2.10 -p1
cd php-5.2.10/
./configure
--prefix=/usr/local/webserver/php
--with-config-file-path=/usr/local/webserver/php/etc
--with-mysql=/usr/local/webserver/mysql
--with-mysqli=/usr/local/webserver/mysql/bin/mysql_config
--with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir
--with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath
--enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop
--enable-sysvsem --enable-inline-optimization
--with-curl
--with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm
--enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd
--enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl
--enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc --enable-zip
--enable-soap --without-pear
make ZEND_EXTRA_LIBS='-liconv'
make
install
cp php.ini-dist /usr/local/webserver/php/etc/php.ini
cd
../
5、编译安装 PHP5 扩展模块
tar zxvf memcache-2.2.5.tgz
cd
memcache-2.2.5/
/usr/local/webserver/php/bin/phpize
./configure
--with-php-config=/usr/local/webserver/php/bin/php-config
make
make
install
cd ../
tar jxvf eaccelerator-0.9.5.3.tar.bz2
cd
eaccelerator-0.9.5.3/
/usr/local/webserver/php/bin/phpize
./configure
--enable-eaccelerator=shared
--with-php-config=/usr/local/webserver/php/bin/php-config
make
make
install
cd ../
tar zxvf PDO_MYSQL-1.0.2.tgz
cd
PDO_MYSQL-1.0.2/
/usr/local/webserver/php/bin/phpize
./configure
--with-php-config=/usr/local/webserver/php/bin/php-config
--with-pdo-mysql=/usr/local/webserver/mysql
make
make install
cd
../
tar zxvf ImageMagick.tar.gz
cd
ImageMagick-6.5.1-2/
./configure
make
make install
cd ../
tar
zxvf imagick-2.2.2.tgz
cd
imagick-2.2.2/
/usr/local/webserver/php/bin/phpize
./configure
--with-php-config=/usr/local/webserver/php/bin/php-config
make
make
install
cd
../
6、修改php.ini文件
查找/usr/local/webserver/php/etc/php.ini中的extension_dir
= "./"
修改为extension_dir =
"/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/"
并在此行后增加以下几行,然后保存:
extension
= "memcache.so"
extension = "pdo_mysql.so"
extension =
"imagick.so"
再查找output_buffering = Off
修改为output_buffering =
On
也可执行以下shell命令,自动完成对php.ini文件的修改:
sed -i 's#extension_dir =
"./"#extension_dir =
"/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/"\nextension
= "memcache.so"\nextension
= "pdo_mysql.so"\nextension =
"imagick.so"\n#' /usr/local/webserver/php/etc/php.ini
sed -i
's#output_buffering = Off#output_buffering = On#'
/usr/local/webserver/php/etc/php.ini
7、配置eAccelerator加速PHP:
mkdir -p
/usr/local/webserver/eaccelerator_cache //创建存储缓存文件的目录
vi
/usr/local/webserver/php/etc/php.ini
按shift+g键跳到配置文件的最末尾,加上以下配置信息:
[eaccelerator]
zend_extension="/usr/local/webserver/php/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="64"
eaccelerator.cache_dir="/usr/local/webserver/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
8、创建www用户和组,以及供blog主机使用的目录:
/usr/sbin/groupadd
www
/usr/sbin/useradd -g www www
mkdir -p /var/www/blog
chmod +w
/var/www/blog
chown -R www:www
/var/www/blog
9、创建php-fpm配置文件(php-fpm是为PHP打的一个FastCGI管理补丁,可以平滑变更php.ini配置而无需重启php-cgi):
在/usr/local/webserver/php/etc/目录中创建php-fpm.conf文件:
rm
-f /usr/local/webserver/php/etc/php-fpm.conf
vi
/usr/local/webserver/php/etc/php-fpm.conf
输入以下内容(如果您安装 Nginx + PHP
用于程序调试,请将以下的<value >0</value>改为<value
>1</value>,以便显示PHP错误信息,否则,Nginx 会报状态为500的空白错误页)
<?xml
version="1.0" ?>
<configuration>
All relative paths in this
config are relative to php's install prefix
<section >
Pid file
<value
>/usr/local/webserver/php/logs/php-fpm.pid</value>
Error log
file
<value
>/usr/local/webserver/php/logs/php-fpm.log</value>
Log
level
<value >notice</value>
When this amount of
php processes exited with SIGSEGV or SIGBUS ...
<value
>10</value>
... in a less than this interval of time, a
graceful restart will be initiated.
Useful to work around accidental
curruptions in accelerator's shared memory.
<value
>1m</value>
Time limit on waiting child's reaction on
signals from master
<value >5s</value>
Set to 'no'
to debug fpm
<value >yes</value>
</section>
<workers>
<section >
Name of pool. Used in logs and stats.
<value
>default</value>
Address to accept fastcgi requests
on.
Valid syntax is 'ip.ad.re.ss:port' or just 'port' or
'/path/to/unix/socket'
<value
>127.0.0.1:9000</value>
<value >
Set
listen(2) backlog
<value >-1</value>
Set
permissions for unix socket, if one used.
In Linux read/write
permissions must be set in order to allow connections from web
server.
Many BSD-derrived systems allow connections regardless of
permissions.
<value ></value>
<value
></value>
<value >0666</value>
</value>
Additional php.ini defines, specific to this pool of
workers.
<value >
<value >/usr/sbin/sendmail -t
-i</value>
<value >1</value>
</value>
Unix user of processes
<value
>www</value>
Unix group of processes
<value
>www</value>
Process manager settings
<value
>
Sets style of controling worker process count.
Valid values are 'static' and 'apache-like'
<value
>static</value>
Sets the limit on the number of
simultaneous requests that will be served.
Equivalent to Apache
MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in
original php.fcgi
Used with any pm_style.
<value
>128</value>
Settings group for 'apache-like' pm
style
<value >
Sets the number of server
processes created on startup.
Used only when 'apache-like' pm_style
is selected
<value >20</value>
Sets
the desired minimum number of idle server processes.
Used only when
'apache-like' pm_style is selected
<value
>5</value>
Sets the desired maximum number of idle
server processes.
Used only when 'apache-like' pm_style is
selected
<value >35</value>
</value>
</value>
The timeout (in seconds)
for serving a single request after which the worker process will be
terminated
Should be used when 'max_execution_time' ini option does not
stop script execution for some reason
'0s' means 'off'
<value >0s</value>
The timeout (in seconds) for serving
of single request after which a php backtrace will be dumped to slow.log
file
'0s' means 'off'
<value
>0s</value>
The log file for slow requests
<value >logs/slow.log</value>
Set open file desc
rlimit
<value >65535</value>
Set max core size
rlimit
<value >0</value>
Chroot to this
directory at the start, absolute path
<value
></value>
Chdir to this directory at the start, absolute
path
<value ></value>
Redirect workers' stdout
and stderr into main error log.
If not set, they will be redirected to
/dev/null, according to FastCGI specs
<value
>yes</value>
How much requests each process should execute
before respawn.
Useful to work around memory leaks in 3rd party
libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
<value
>102400</value>
Comma separated list of ipv4 addresses of
FastCGI clients that allowed to connect.
Equivalent to
FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes
sense only with AF_INET listening socket.
<value
>127.0.0.1</value>
Pass environment variables like
LD_LIBRARY_PATH
All $VARIABLEs are taken from current
environment
<value >
<value
>$HOSTNAME</value>
<value
>/usr/local/bin:/usr/bin:/bin</value>
<value
>/tmp</value>
<value >/tmp</value>
<value >/tmp</value>
<value
>$OSTYPE</value>
<value
>$MACHTYPE</value>
<value >2</value>
</value>
</section>
</workers>
</configuration>
10、启动php-cgi进程,监听127.0.0.1的9000端口,进程数为200(如果服务器内存小于3GB,可以只开启64个进程),用户为www:
ulimit
-SHn 65535
/usr/local/webserver/php/sbin/php-fpm
start
另:ulimit命令是用于shell启动进程所占用的资源。其所有的设置都是针对shell进程的,每个进程是独立的。
ulimit -n
1024 表示每个启动的进程可以同时打开的文件描述符的最大值是1024。
-H 设置硬件资源限制。
-S
设置软件资源限制。
注:/usr/local/webserver/php/sbin/php-fpm还有其他参数,包括:start|stop|quit|restart|reload|logrotate,修改php.ini后不重启php-cgi,重新加载配置文件使用reload
。
三、安装Nginx
0.8.15
1、安装Nginx所需的pcre库:
tar zxvf pcre-7.9.tar.gz
cd
pcre-7.9/
./configure
make && make install
cd
../
2、安装Nginx
tar zxvf nginx-0.8.15.tar.gz
cd
nginx-0.8.15/
./configure --user=www --group=www
--prefix=/usr/local/webserver/nginx --with-http_stub_status_module
--with-http_ssl_module
make && make install
cd
../
3、创建Nginx日志目录
mkdir -p /data1/logs
chmod +w
/data1/logs
chown -R www:www /data1/logs
4、创建Nginx配置文件
(1)
在/usr/local/webserver/nginx/conf/目录中创建nginx.conf文件:
rm -f
/usr/local/webserver/nginx/conf/nginx.conf
vi
/usr/local/webserver/nginx/conf/nginx.conf
输入以下内容:
#使用小号
user
www www;
#开启进程数
worker_processes 8; #worker_processes
指明了nginx要开启的进程数,据实践表明,nginx的这个参数在一般情况下开4个或8个就可以了,再往上开的话优化不太大。
#制定进程到cpu(四cpu:0001
0010 0100 1000)
#worker_cpu_affinity 0001 0010 0100 1000 0001 0010 0100
1000;
error_log /data1/logs/nginx_error.log
crit;
#进程号保存文件
pid
/usr/local/webserver/nginx/nginx.pid;
#Specifies the value for maximum
file descriptors that can be opened by this process.
#每个进程最大打开文件数
worker_rlimit_nofile 65535; #worker_rlimit_nofile
配置要和系统的单进程打开文件数一致,linux
2.6内核下开启文件打开数为65535,worker_rlimit_nofile就相应应该填写65535
events
{
#使用epoll(linux2.6的高性能方式)
use epoll;
#每个进程最大连接数(最大连接=连接数x进程数)
worker_connections 65535;
}
http
{
#文件扩展名与文件类型映射表
include mime.types;
#默认文件类型
default_type
application/octet-stream;
#charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
#长链接超时时间
keepalive_timeout
60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size
128k;
gzip on; #打开gzip压缩
gzip_min_length 1k; #最小压缩文件大小
gzip_buffers 4 16k; #压缩缓冲区
gzip_http_version 1.0; #压缩版本
gzip_comp_level 2; #压缩比率
gzip_types text/plain
application/x-javascript text/css application/xml; #压缩类型
gzip_vary on;
#vary header支持
#limit_zone crawler $binary_remote_addr 10m;
server
{
listen 80;
server_name blog.s135.com;
index index.html index.htm index.php;
root
/data0/htdocs/blog;
#limit_conn crawler 20;
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass
127.0.0.1:9000;
fastcgi_index index.php;
include
fcgi.conf;
}
location ~
.*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
#日志文件格式
log_format access '$remote_addr - $remote_user
[$time_local] "$request" '
'$status $body_bytes_sent
"$http_referer" '
'"$http_user_agent"
$http_x_forwarded_for';
#日志文件
access_log /data1/logs/access.log
access;
}
}
(2)
在/usr/local/webserver/nginx/conf/目录中创建fcgi.conf文件:
vi
/usr/local/webserver/nginx/conf/fcgi.conf
输入以下内容:
fastcgi_param
GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE
nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param
REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE
$content_type;
fastcgi_param CONTENT_LENGTH
$content_length;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME
$fastcgi_script_name;
fastcgi_param REQUEST_URI
$request_uri;
fastcgi_param DOCUMENT_URI
$document_uri;
fastcgi_param DOCUMENT_ROOT
$document_root;
fastcgi_param SERVER_PROTOCOL
$server_protocol;
fastcgi_param REMOTE_ADDR
$remote_addr;
fastcgi_param REMOTE_PORT
$remote_port;
fastcgi_param SERVER_ADDR
$server_addr;
fastcgi_param SERVER_PORT
$server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP
only, required if PHP was built with
--enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS
200;
5、启动Nginx
ulimit -SHn
65535
/usr/local/webserver/nginx/sbin/nginx
四、配置开机自动启动Nginx +
PHP
vi /etc/rc.local
在末尾增加以下内容:
ulimit -SHn
65535
/usr/local/webserver/php/sbin/php-fpm
start
/usr/local/webserver/nginx/sbin/nginx
六、在不停止Nginx服务的情况下平滑变更Nginx配置
1、修改/usr/local/webserver/nginx/conf/nginx.conf配置文件后,请执行以下命令检查配置文件是否正确:
/usr/local/webserver/nginx/sbin/nginx
-t
如果屏幕显示以下两行信息,说明配置文件正确:
the configuration file
/usr/local/webserver/nginx/conf/nginx.conf syntax is ok
the configuration
file /usr/local/webserver/nginx/conf/nginx.conf was tested
successfully
2、这时,输入以下命令查看Nginx主进程号:
ps -ef | grep "nginx: master
process" | grep -v "grep" | awk -F ' ' '{print
$2}'
屏幕显示的即为Nginx主进程号,例如:
4913
这时,执行以下命令即可使修改过的Nginx配置文件生效:
kill
-HUP 4913
或者无需这么麻烦,找到Nginx的Pid文件:
kill -HUP `cat
/usr/local/webserver/nginx/nginx.pid`
七、编写每天定时切割Nginx日志的脚本
1、创建脚本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh
vi
/usr/local/webserver/nginx/sbin/cut_nginx_log.sh
输入以下内容:
#!/bin/bash
#
This script run at 00:00
# The Nginx logs
path
logs_path="/usr/local/webserver/nginx/logs/"
mkdir -p
${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv
${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d
"yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1
`cat
/usr/local/webserver/nginx/nginx.pid`
2、设置crontab,每天凌晨00:00切割nginx访问日志
crontab
-e
输入以下内容:
00 00 * * * /bin/bash
/usr/local/webserver/nginx/sbin/cut_nginx_log.sh
能有这篇文章主要还是得益于张宴大哥的博客,在此代表
学习以及从事web开发的人员再次的 感谢张宴大哥的贡献精神。