1、檢查系統是否正常
more /var/log/messages(檢查有無系統級錯誤信息)
dmesg (檢查硬件設備是否有錯誤信息)
cat /proc/cpuinfo (檢查 CPU 頻率是否正常)
top (按 1 檢測 CPU 核數是否正常,內存大小是否正常)
ifconfig(檢查網卡設置是否正確)
ping www.qq.com(檢查網絡是否正常)
2、關閉不需要的服務
執行 ntsysv 命令:
ntsysv
在服務設置界面,設置各項服務的開關。以下僅列出需要啓動的服務,未列出的服務一律推薦關閉:
atd
crond
irqbalance
microcode_ctl
network
sendmail
sshd
syslog
關閉 SElinux ,關閉方法如下:
修改 /etc/selinux/config 文件中的 SELINUX= 爲 disabled。
3、更換快速下載源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.old
cd /etc/yum.repos.d/
wget http://c.sihost.net/CentOS-Base-sohu.repo
mv CentOS-Base-sohu.repo CentOS-Base.repo
yum clean
yum -y update
lsb_release -a
yum -y erase mysql
yum -y erase php
yum -y erase httpd
4、使用 yum 程序安裝所需開發包(以下爲標準的 RPM 包名稱)
yum -y install ntp make openssl openssl-devel pcre pcre-devel libpng libpng-devel libtiff-devel libjpeg-6b libjpeg-devel-6b freetype freetype-devel gd gd-devel fontconfig-devel zlib zlib-devel libevent-devel gcc gcc-c++ flex bison bzip2-devel libXpm libXpm-devel ncurses ncurses-devel libmcrypt libmcrypt-devel libxml2 libxml2-devel imake autoconf automake screen sysstat compat-libstdc++-33 curl curl-devel
5、定時校正服務器時鐘,定時與中國國家授時中心授時服務器同步
編輯計劃任務:
crontab –e
加入下面一行:
*/30 * * * * ntpdate 210.72.145.44 > /dev/null 2>&1
編輯完成後,保存即可。
6、下載程序包
Apache
推薦穩定版 2.2.21,下載地址爲 http://archive.apache.org/dist/httpd/
PHP
推薦穩定版 5.2.17,下載地址爲 http://cn.php.net/downloads.php
Mysql
推薦穩定版 5.5.18,下載地址爲 http://www.mysql.com/downloads/mysql/
文中的配置文件和腳本限於篇幅,請到以下地址下載(僅支持 Linux 下使用 wget 下載)
Apache控制腳本,下載地址爲 http://c.sihost.net/jb/httpd
Apache配置文件,下載地址爲 http://c.sihost.net/jb/httpd.conf
單獨下載各程序及文件的方式較爲繁瑣,我們將上面所需程序和文件整理成下載列表,如下:
http://c.sihost.net/lamp_tools.list
在 /usr/local/src 目錄下執行下面兩個命令,下載 lamp_tools.list 及該列表中的程序:
wget http://c.sihost.net/lamp_tools.list
wget -i lamp_tools.list
7、創建 web 運行用戶
groupadd www
useradd -g www www
mkdir -p /data/wwwroot
chmod +w /data/wwwroot
chown www:www /data/wwwroot -R
8、重新啓動
init 6
編譯安裝環境
1、安裝 MySQL
cd /usr/local/src
tar zxvf cmake-2.8.5.tar.gz
cd cmake-2.8.5/
./configure
gmake &&gmake install
groupadd mysql
useradd -g mysql mysql
mkdir -p /data/mysql
chown -R mysql:mysql /data/mysql
cd /usr/local/src
tar zxvf mysql-5.5.18.tar.gz
cd mysql-5.5.18
cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/Comsenz/mysql -DMYSQL_DATADIR=/data/mysql -DSYSCONFDIR=/usr/local/Comsenz/etc/ -DWITH_BLACKHOLE_STORAGE_ENGINE=1
make && make install
cd /usr/local/Comsenz/mysql
./scripts/mysql_install_db --user=mysql
cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
chkconfig --level 3 mysqld on
編輯 /etc/rc.d/init.d/mysqld,找到
basedir=
datadir=
改成
basedir=/usr/local/Comsenz/mysql
datadir=/data/mysql
然後在 Comsenz 目錄下創建 etc 目錄,並將 MySQL 配置文件拷貝到該目錄下:
mkdir -p /usr/local/Comsenz/etc
cp ./support-files/my-huge.cnf /usr/local/Comsenz/etc/my.cnf
編輯配置文件 /usr/local/Comsenz/etc/my.cnf,在 [mysqld] 段增加
datadir = /data/mysql
wait-timeout = 10
max_connections = 512
max_connect_errors = 10000000
local-infile=0
在 [mysqld] 段修改
max_allowed_packet = 16M
thread_cache_size = CPU個數*2
將 log-bin 註釋
mv /usr/local/Comsenz/mysql/data/* /data/mysql
service mysqld start
bin/mysqladmin -u root password 'admin999'
其中 admin999 是要設置的 root 密碼。
2、安裝 Apache
cd /usr/local/src/
tar zxvf httpd-2.2.21.tar.gz
cd httpd-2.2.21
./configure --prefix=/usr/local/Comsenz/apache --enable-module=rewrite --disable-access --disable-auth --disable-charset-lite --disable-include --disable-log-config --disable-env --disable-setenvif --disable-mime --disable-status --disable-autoindex --disable-asis --disable-cgid --disable-cgi --disable-negotiation --disable-dir --disable-actions --disable-userdir --disable-alias --enable-so --enable-mods-shared='access auth auth_anon auth_dbm auth_digest dav dav_fs actions alias asis autoindex cache cern_meta cgi charset_lite deflate dir disk_cache env expires file_cache headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias'
make && make install
cd /usr/local/src/
mv /usr/local/Comsenz/apache/conf/httpd.conf /usr/local/Comsenz/apache/conf/httpd.conf.old
cp -f /usr/local/src/httpd.conf /usr/local/Comsenz/apache/conf/httpd.conf
cp -f /usr/local/src/httpd /etc/init.d/httpd
chmod 755 /etc/init.d/httpd
chkconfig --add httpd
chkconfig httpd on
3、編譯安裝 PHP 所需的支持庫
tar zxvf libiconv-1.14.tar.gz
cd libiconv-1.14/
./configure --prefix=/usr/local
make && make install
cd /usr/local/src/
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make && make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make && make install
cd /usr/local/src/
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9/
./configure
make && make install
cd /usr/local/src/
64bit 系統執行下面的:
ln -s /usr/local/lib/libmcrypt.la /usr/lib64/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib64/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib64/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib64/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib64/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib64/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib64/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib64/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib64/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
ln -s /usr/local/lib/libiconv.so.2 /usr/lib64/libiconv.so.2
32bit 系統執行下面的:
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
ln -s /usr/local/lib/libiconv.so.2 /usr/lib/libiconv.so.2
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
/sbin/ldconfig
./configure
make && make install
4、編譯安裝PHP
cd /usr/local/src
tar zxvf php-5.2.17.tar.gz
cd php-5.2.17
./configure --prefix=/usr/local/Comsenz/php5 --with-config-file-path=/usr/local/Comsenz/etc --enable-mbstring --enable-ftp --with-gd --with-jpeg-dir=/usr --with-png-dir=/usr --enable-magic-quotes --with-mysql=/usr/local/Comsenz/mysql --with-pear --enable-sockets --with-ttf --with-freetype-dir=/usr --enable-gd-native-ttf --with-zlib --enable-sysvsem --enable-exif --enable-sysvshm --with-libxml-dir=/usr --with-apxs2=/usr/local/Comsenz/apache/bin/apxs --with-iconv=/usr/local/libiconv --with-iconv-dir=/usr/local --with-xmlrpc --enable-xml --enable-shmop --enable-zip --with-mhash --with-mcrypt --enable-discard-path --enable-bcmath --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --with-openssl
make &&make install
./libtool --finish /usr/local/src/php-5.2.17/libs
cp php.ini-dist /usr/local/Comsenz/etc/php.ini
echo 'ulimit -SHn 65535' >> /etc/rc.local
5、安裝 PHP 擴展模塊(需要此功能的 Discuz! X 用戶選裝)
安裝 APC
cd /usr/local/src
tar zxvf APC-3.1.9.tgz
cd APC-3.1.9
/usr/local/Comsenz/php5/bin/phpize
./configure --enable-apc --enable-mmap --enable-apc-spinlocks --disable-apc-pthreadmutex --with-php-config=/usr/local/Comsenz/php5/bin/php-config
make &&make install
編輯配置文件 /usr/local/Comsenz/etc/php.ini,查找
extension_dir =
在下面一行添加
extension_dir = "/usr/local/Comsenz/php5/lib/php/extensions/no-debug-non-zts-20060613/"
extension="apc.so"
apc.enabled = 1
apc.shm_size = 64M
apc.stat = 1
編輯完成後,保存。
6、查看確認 LAMP 環境信息、提升 PHP 安全性
保存以下內容爲 info.php 到 /data/www/,檢查 phpinfo 中的各項信息是否正確。
<?
phpinfo();
?>
確認 PHP 能夠正常工作後,編輯 /usr/local/Comsenz/etc/php.ini 進行設置提升 PHP 安全性。查找
disable_functions =
修改成
disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen
然後重啓 web 服務:
service httpd restart