Nginx+Apache有效提高服務器負載能力

之前流行過一段時間的Nginx+以fastCGI方式運行的PHP來搭建Web站點的方法。但是經過一段時間考量之後，大家經常發現會出現一些 502的錯誤。其實一般是Nginx+fastCGIPHP的形式不太穩定造成。於是嘗試了牛人推薦的一種是用Nginx做前端轉發PHP請求給 Apache的方法來進行服務器平臺建設。這種方法有效的避免了Apache在應付大併發時候的些許不足和Nginx配合fastCGIPHP不太穩定的弊端。同時又在一定程度上利用了Nginx速度上的優勢。說白了就是一些靜態文件有Nginx來處理，PHP請求轉發給後端Apache來處理。但是在效率上或者內存等資源佔用上不如Nginx+fastCGI方式。
在PHP頁面處理使用了suPHP,關於suPHP各位可以參照這裏。suPHP其實現在被應用在很多空間租用商的服務器上。主要功能爲了使用目錄所有者的權限來執行特定位置的PHP頁面，不是使用Apache默認Apache或者wwwdata或者nobody用戶。這樣的好處主要有兩點：1.空間租用者（使用者）不需要在設置複雜權限了，在自己空間中PHP擁有完全權限。2.空間租用者（使用者）存放網站文件的目錄更安全，不需要開啓 Apache，wwwdate或者nobody之類權限對於自己站點，避免了777這樣的高危權限。但是suPHP要求在編譯安裝PHP的時候必須編譯爲 PHP-CGI形式才能是用，也就是不能使用平時我們所使用的CLI啓動方式。

 

簡單原理如下： CLI傳統模式的圖解：PHP是作爲Apache一個模塊存在，就像Apache的一個功能一樣。

suPHP模式圖解：suPHP作爲Apache一個模塊，在需要的時候以特定用戶權限來啓動PHP-CGI，從而實現以目錄所有者權限執行PHP的功能。

最終原理圖大致如下：由Nginx接受全部目的端口爲80的Web請求，根據請求內容的不同進行過濾。靜態文件例如：MP3、GIF、JPG、JS 等文件由Nginx處理，其他PHP Web請求轉發到後端Apache服務器上。Apache服務器利用suPHP模塊按照目錄所有者權限運行PHP程序從而返回頁面給客戶端。稍加改動就可以實現跨越多臺計算機的羣集功能。

我們操作系統平臺爲CentOS5.5，姑且稱呼他爲：Nginx+Apache+MySQL+suPHP

一、升級系統安裝必須軟件

# yum update
# yum install gcc gcc-c++ bison patch unzip mlocate flex wget automake \
autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng \
libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib \
zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel \
ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel \
libidn libidn-devel openldap openldap-devel openldap-clients \
openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel \
kernel-devel autoconf213 vim-common vim-enhanced diff*

  編譯安裝PHP和MySQL所需庫文件

#解壓縮並且安裝libiconv，是一個基於GNU協議的開源庫，主要是解決多語言編碼處理轉換等應用問題。
# mkdir /root/na
# tar -zxf all.tar.gz -C /root/na
# cd /root/na/
# tar -zxf libiconv-1.13.1.tar.gz
# cd libiconv-1.13.1
# ./configure
# make
# make install
# cd ..

#安裝libevent，是一個輕量級的開源高性能網絡庫，使用者衆多。比如memcached、Vomit、Nylon、Netchat等等。
# tar -zxf libevent-1.4.14b-stable.tar.gz
# cd libevent-1.4.14b-stable
# ./configure
# make
# make install
# cd ..

#安裝libmcrypt，mhash，mcrypt等加密所需庫文件。
# tar -zxf libmcrypt-2.5.8.tar.gz
# cd libmcrypt-2.5.8
# ./configure
# make
# make install
# /sbin/ldconfig
# cd libltdl/
# ./configure --enable-ltdl-install
# make
# make install
# cd ../..
# tar zxvf mhash-0.9.9.9.tar.gz
# cd mhash-0.9.9.9/
# ./configure
# make
# make install
# cd ..
# ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
# ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
# ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
# ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
# ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
# ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
# ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
# ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
# ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
# ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
# tar -zxf mcrypt-2.6.8.tar.gz
# cd mcrypt-2.6.8/
# ./configure
# make
# make install
# cd ../

  編譯安裝MySQL

#可以提高MySQL在內存分配方面的性能和效率。
# tar -zxf google-perftools-1.6.tar.gz
# cd google-perftools-1.6/
# ./configure
# make
# make install
# echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf # /sbin/ldconfig
# cd ..

#真的開始安裝MySQL
# tar -zxf mysql-5.1.52.tar.gz
# cd mysql-5.1.52
# autoreconf --force --install
# libtoolize --automake --force
# automake --force --add-missing
# ./configure --prefix=/usr/local/mysql --with-extra-charsets=all \
--enable-thread-safe-client --enable-assembler --with-charset=utf8 \
--enable-thread-safe-client --with-extra-charsets=all --with-big-tables \
--with-readline --with-ssl --with-embedded-server --enable-local-infile \
--without-debug --with-mysqld-ldflags=-ltcmalloc_minimal
# make
# make install
# cd ../
# groupadd -g 27 mysql
# useradd -u 27 -g 27 -d /var/lib/mysql -M mysql
# cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
# /usr/local/mysql/bin/mysql_install_db --user=mysql
# chown -R mysql /usr/local/mysql/var
# chgrp -R mysql /usr/local/mysql/.
# cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
# chmod 755 /etc/init.d/mysql
# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
# echo "/usr/local/lib" >>/etc/ld.so.conf
# ldconfig
# ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
# ln -s /usr/local/mysql/include/mysql /usr/include/mysql
# service mysql start
# /usr/local/mysql/bin/mysqladmin -u root password 123456 #指定MySQL的密碼

# vim ~/.bashrc
#在最後一行加入爲了更方便使用MySQL的命令工具，註銷後生效。
PATH=$PATH:/usr/local/mysql/bin

  編譯安裝Apache

# cd ~/na
# tar -zxf httpd-2.2.17.tar.gz
# cd httpd-2.2.17
# ./configure --prefix=/usr/local/apache --enable-headers \
--enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl \
--enable-suexec --disable-userdir --with-included-apr --with-mpm=prefork \
--with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ \
--with-suexec-gidmin=100 \
--with-suexec-logfile=/usr/local/apache/logs/suexec_log \
--with-suexec-uidmin=100 --with-suexec-userdir=public_html
# make
# make install
# cd ..
# mkdir /usr/local/apache/domlogs
# mkdir /usr/local/apache/conf/vhosts
# mkdir -p /var/www/html
# cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
# chmod 755 /etc/init.d/httpd
# cd ..

#編輯/etc/init.d/httpd,在首行#!/bin/sh下添加:
vim /etc/init.d/httpd
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf
ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -n 32768
ulimit -n 65535

  編譯安裝PHP這裏編譯成了CGI-PHP

# tar -zxf php-5.2.14.tar.gz
# cd php-5.2.14
#編譯php,這裏我們爲php打入補丁，有助於防止郵件發送被濫用(多用戶)以及在郵件中提供有價值的信息。補丁介紹信息請點擊:http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/
# patch -p1 < ../php5-mail-header.patch

#以PHP-CGI形式編譯PHP
# ./configure --prefix=/usr/local/php --with-config-file-path=/etc \
--enable-force-cgi-redirect --enable-fastcgi --enable-bcmath \
--enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf \
--enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo \
--enable-soap --enable-sockets --enable-zip --with-bz2 --with-curl \
--with-curlwrappers --with-freetype-dir --with-gd --with-gettext \
--with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr \
--with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr \
--with-mysql=/usr/local/mysql \
--with-mysql-sock=/usr/local/mysql/var/localhost.localdomain.pid \
--with-mysqli=/usr/local/mysql/bin/mysql_config --with-openssl=/usr \
--with-openssl-dir=/usr \
--with-pdo-mysql=/usr/local/mysql/bin/mysql_config \
--with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared \
--with-ttf --with-xmlrpc --with-zlib --with-zlib-dir=/usr
# make ZEND_EXTRA_LIBS='-liconv'
# make install
# cp php.ini-dist /etc/php.ini
# cd ..

#安裝PHP memcache擴展。
# tar -zxf memcache-2.2.6.tgz
# cd memcache-2.2.6
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config \
--with-zlib-dir --enable-memcache
# make
# make install
# cd ..

#安裝PHP的加速器eaccelerator。
# tar -jxf eaccelerator-0.9.6.1.tar.bz2
# cd eaccelerator-0.9.6.1
# /usr/local/php/bin/phpize
# ./configure --enable-eaccelerator=shared \
--with-php-config=/usr/local/php/bin/php-config
# make
# make install
# mkdir -p /tmp/eaccelerator
# chmod 777 /tmp/eaccelerator
# echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local
# echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.local
# cd ..

#安裝ImageMagick圖像處理軟件。
# tar -zxf ImageMagick-6.6.5-8.tar.gz
# cd ImageMagick-6.6.5-8
# ./configure
# make
# make install
# cd ..

#安裝ImageMagick的PHP擴展。
# tar -zxf imagick-3.0.0.tgz
# cd imagick-3.0.0
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config
# make
# make install
# ldconfig
# cd ..

#安裝PHP擴展Suhosin用來增強php語言的安全性。
# tar -zxf suhosin-0.9.32.1.tar.gz
# cd suhosin-0.9.32.1
# /usr/local/php/bin/phpize
# ./configure --with-php-config=/usr/local/php/bin/php-config
# make
# make install
# cd ..

#用來支持被加密的PHP頁面。
# tar -zxf ioncube_encoder_evaluation.tar.gz
# cd ioncube_encoder_evaluation
# mkdir /usr/local/ioncube
# cp loaders/* /usr/local/ioncube/
# cd ..

#安裝ZendOptimizer用來支持Zend加密頁面
# tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
# mkdir /usr/local/Zend
# cp -a ZendOptimizer-3.3.9-linux-glibc23-i386/data/ /usr/local/Zend/

  安裝suPHP

#suPHP可以讓用戶已目錄所有者的權限訪問PHP Web站點目錄
# tar -zxf suphp-0.7.1.tar.gz
# cd suphp-0.7.1
# ./configure --with-apxs=/usr/local/apache/bin/apxs \
--with-apache-user=nobody \
--with-logfile=/usr/local/apache/logs/suphp.log \
--with-setid-mode=paranoid --sysconfdir=/usr/local/apache/conf/ \
--with-apr=/usr/local/apache/bin/apr-1-config \
--with-php=/usr/local/php/bin/php-cgi \
--enable-SUPHP_USE_USERGROUP=yes
# make
# make install

安裝memcached 

#memcached是可以有效提高PHP訪問效率的內存緩存機制
# cd ..
# tar -zxf memcached-1.4.5.tar.gz
# cd memcached-1.4.5
# ./configure --with-libevent=/usr/local
# make
# make install

安裝Nginx

#安裝Nginx需要的pcre，perl 兼容的正規表達式庫，這些在執行正規表達式模式匹配時用與Perl 5同樣的語法和語義是很有用的。
# tar -zxf pcre-8.10.tar.gz
# cd pcre-8.10
# ./configure
# make
# make install
# cd ..

#真的開始安裝nginx了
# tar -zxf nginx-0.8.53.tar.gz
# cd nginx-0.8.53
# ./configure --user=nobody --group=nobody --prefix=/usr/local/nginx \
--pid-path=/usr/local/nginx/logs/nginx.pid \
--error-log-path=/usr/local/nginx/logs/error.log \
--http-log-path=/usr/local/nginx/logs/access.log \
--http-client-body-temp-path=/tmp/nginx_client \
--http-proxy-temp-path=/tmp/nginx_proxy \
--http-fastcgi-temp-path=/tmp/nginx_fastcgi \
--with-http_stub_status_module
# make
# make install
# cd ..

#編寫啓動腳本
# vim /etc/init.d/nginx
#! /bin/sh
ulimit -n 65535
# Description: Startup script for nginx
# chkconfig: 2345 55 25
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/nginx.conf
PIDFILE=/usr/local/nginx/logs/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
set -e
[ -x "$DAEMON" ] || exit 0
do_start() {
$DAEMON -c $CONFIGFILE || echo -n "nginx already running"
}
do_stop() {
kill -QUIT `cat $PIDFILE` || echo -n "nginx not running"
}
do_reload() {
kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
do_start
echo "."
/etc/init.d/httpd start
;;
stop)
echo -n "Stopping $DESC: $NAME"
do_stop
echo "."
/etc/init.d/httpd stop
;;
reload)
echo -n "Reloading $DESC configuration..."
do_reload
echo "."
/etc/init.d/httpd restart
;;
restart)
echo -n "Restarting $DESC: $NAME"
do_stop
sleep 1
do_start
echo "."
/etc/init.d/httpd restart
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2
exit 3
;;
esac
exit 0

#授予開機腳本執行權限
# chmod u+x /etc/init.d/nginx

#安裝rpaf插件，使Apache日誌可以正確記錄訪問者IP地址。
# tar -zxf mod_rpaf-0.6.tar.gz
# cd mod_rpaf-0.6
# /usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
# cd ..

  安裝Pure-FTP

# tar -zxf pure-ftpd-1.0.29.tar.gz
# cd pure-ftpd-1.0.29
# ./configure --prefix=/usr/local/pureftpd \
--with-language=simplified-chinese --with-everything
# make
# make install
# chmod u+x configuration-file/pure-config.pl
# cp configuration-file/pure-config.pl /usr/local/pureftpd/sbin/
# mkdir /usr/local/pureftpd/etc/
# cp configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/
# ln -s /usr/local/pureftpd/bin/pure-pw /usr/local/bin/

  修改目錄權限提高安全性

# chmod 711 /home
# chmod 711 /usr/local/pureftpd
# chmod 711 /usr/local/apache/conf/vhosts
# chmod 711 /usr/local/nginx/conf/vhosts
# chmod 711 /usr/local/apache/domlogs
# chmod 711 /usr/local/apache/logs

  二、編輯Apache、PHP、suPHP、Nginx、Pure-FTP配置文件 編輯Apache主配置文件

#配置apache配置參數文件httpd.conf,位於/usr/local/apache/conf/目錄。
# cd /usr/local/apache/conf/
# mv httpd.conf httpd.conf.bak
# vim httpd.conf
#寫入以下內容ip、主機名、郵箱按照自己實際修改即可。
PidFile logs/httpd.pid
LockFile logs/accept.lock
ServerRoot "/usr/local/apache"
Listen 0.0.0.0:81
User nobody
Group nobody
ServerAdmin [email protected]
ServerName hosts.whypc.info

Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
TraceEnable Off
ServerTokens ProductOnly
FileETag None
ServerSignature Off
HostnameLookups Off

# LoadModule perl_module modules/mod_perl.so
LoadModule suphp_module modules/mod_suphp.so
#suPHP_Engine on
#AddType application/x-httpd-php .php

LoadModule rpaf_module modules/mod_rpaf-2.0.so
#Mod_rpaf settings
RPAFenable On
RPAFproxy_ips 127.0.0.1 204.74.291.132
RPAFsethostname On
RPAFheader X-Forwarded-For

DocumentRoot "/usr/local/apache/htdocs"

<Directory "/"> 
 Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes -MultiViews SymLinksIfOwnerMatch
 Order allow,deny
 Allow from all
 AllowOverride All
</Directory>

<Directory "/usr/local/apache/htdocs">
 Options Includes -Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

DefaultType text/plain
RewriteEngine on
AddType text/html .shtml
#AddHandler cgi-script .cgi .pl .plx .ppl .perl
AddHandler server-parsed .shtml
<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/perl .pl .plx .ppl .perl
    AddType application/x-img .img
    AddType application/cgi .cgi
    AddType text/x-sql .sql
    AddType text/x-log .log
    AddType text/x-config .cnf conf
    AddType text/x-registry .reg
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddType application/x-tar .tgz
    AddType application/rar .rar
    AddType application/x-compressed .rar
    AddType application/x-rar .rar
    AddType application/x-rar-compressed .rar
    AddType text/vnd.wap.wml .wml
    AddType image/vnd.wap.wbmp .wbmp
    AddType text/vnd.wap.wmlscript .wmls
    AddType application/vnd.wap.wmlc .wmlc
    AddType application/vnd.wap.wmlscriptc .wmlsc
</IfModule>

<IfModule dir_module>
  DirectoryIndex index.html index.htm index.shtml index.php
</IfModule>

<Files ~ "^error_log$">
  Order allow,deny
  Deny from all
  Satisfy All
</Files>

<FilesMatch "^\.ht">
  Order allow,deny
  Deny from all
  Satisfy All
</FilesMatch>

ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  <IfModule logio_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
  </IfModule>
  CustomLog "logs/access_log" common
</IfModule>

<IfModule alias_module>
  ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>

<Directory "/usr/local/apache/cgi-bin">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
</Directory>

<IfModule mpm_prefork_module>
  StartServers          3
  MinSpareServers       3
  MaxSpareServers       5
  MaxClients          150
  MaxRequestsPerChild   1024
</IfModule>

<IfModule mod_headers.c>
  <FilesMatch "\.(html|htm|shtml)$">
    Header set Cache-Control "max-age=3600, must-revalidate"
  </FilesMatch>
</IfModule>

ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

Include conf/extra/httpd-languages.conf

<Location /server-status>
  SetHandler server-status
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
</Location>
ExtendedStatus On

<Location /server-info>
  SetHandler server-info
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
</Location>

<IfModule ssl_module>
  Listen 0.0.0.0:443
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl .crl
  SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
  SSLPassPhraseDialog  builtin
  SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
  SSLSessionCacheTimeout  300
  SSLMutex  file:/usr/local/apache/logs/ssl_mutex
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
</IfModule>

#Vhosts
NameVirtualHost 204.74.291.132:81
NameVirtualHost *

<VirtualHost 204.74.291.132:81 *>
  ServerName hosts.whypc.info
  DocumentRoot /var/www/html
  ServerAdmin [email protected]
</VirtualHost>

Include conf/vhosts/*

  編輯PHP配置文件

# vim /etc/php.ini
#查找/etc/php.ini中的extension_dir = "./".將其修改爲extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20060613/"
#查找;include_path = ".:/php/includes",刪除前面的分號,並修改爲include_path = ".:/usr/lib/php:/usr/local/php/lib/php"
#跳到最後一行,然後添加以下內容:
extension = "memcache.so"
;extension = "pdo.so"
;extension = "pdo_mysql.so"
extension = "pdo_sqlite.so"
extension = "sqlite.so"
extension = "eaccelerator.so"
extension = "suhosin.so"
eaccelerator.shm_size = 32
eaccelerator.cache_dir = "/tmp/eaccelerator"
eaccelerator.enable = 1
eaccelerator.optimizer = 0
eaccelerator.debug = 0
eaccelerator.name_space = ""
eaccelerator.check_mtime = 1
eaccelerator.filter = ""
eaccelerator.shm_max = 0
eaccelerator.shm_ttl = 7200
eaccelerator.shm_prune_period = 7200
eaccelerator.shm_only = 1
eaccelerator.compress = 0
eaccelerator.compress_level = 9
eaccelerator.keys = shm
eaccelerator.sessions = shm
eaccelerator.content = shm
zend_extension = "/usr/local/ioncube/ioncube_loader_lin_5.2.so"
zend_extension = "/usr/local/Zend/data/5_2_x_comp/ZendOptimizer.so"

  編輯suPHP配置文件

# cd /usr/local/apache/conf/
# vim suphp.conf
#寫入如下內容
[global]
;Path to logfile
logfile=/usr/local/apache/logs/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=nobody
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
;allow_file_group_writeable=false
allow_file_group_writeable=true
allow_file_others_writeable=false
;allow_directory_group_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path="/bin:/usr/bin"
;Umask to set, specify in octal notation
umask=0022
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-php="php:/usr/local/php/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

  編輯Nginx主配置文件

# cd /usr/local/nginx/conf/
# mv nginx.conf nginx.conf.bak
# vim nginx.conf
#寫入如下內容根據實際IP地址進行修改即可。
worker_processes  1;
worker_rlimit_nofile  65535;
events {
 worker_connections  65535;
 use epoll;
}
error_log  /usr/local/nginx/logs/error.log info;
http {
 include    mime.types;
 default_type  application/octet-stream;
 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout  10;
 gzip on;
 gzip_http_version 1.0;
 gzip_min_length  1100;
 gzip_comp_level  3;
 gzip_buffers  4 32k;
 gzip_types    text/plain text/xml text/css application/x-javascript application/xml application/xml+rss text/javascript application/atom+xml;
 ignore_invalid_headers on;
 client_header_timeout  3m;
 client_body_timeout 3m;
 send_timeout     3m;
 connection_pool_size  256;
 server_names_hash_max_size 2048;
 server_names_hash_bucket_size 256;
 client_header_buffer_size 256k;
 large_client_header_buffers 4 256k;
 request_pool_size  32k;
 output_buffers   4 64k;
 postpone_output  1460;
 open_file_cache max=1000 inactive=300s;
 open_file_cache_valid    600s;
 open_file_cache_min_uses 2;
 open_file_cache_errors   off;
 include "/usr/local/nginx/conf/vhosts/*.conf";
 server {
  listen 80;
  server_name _;
  access_log off;
  location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
   deny  all;
  }
 location / {
  client_max_body_size    100m;
  client_body_buffer_size 128k;
  proxy_send_timeout   300;
  proxy_read_timeout   300;
  proxy_buffer_size    4k;
  proxy_buffers     16 32k;
  proxy_busy_buffers_size 64k;
  proxy_temp_file_write_size 64k;
  proxy_connect_timeout 30s;
  proxy_pass http://204.74.291.132:81/;
  proxy_set_header   Host   $host;
  proxy_set_header   X-Real-IP  $remote_addr;
  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
  }
 }
}

  編輯Pure-FTP配置文件

#配置pure-ftpd,這裏採用PureDB的驗證方式.
vim /usr/local/pureftpd/etc/pure-ftpd.conf
#查找 PureDB /etc/pureftpd.pdb 取消前面的#號並設置成
PureDB /usr/local/pureftpd/etc/pureftpd.pdb
#查找 PassivePortRange 取消前面的#號

  三、設置各服務開機自運行並啓動服務

# chkconfig --level 35 mysql on
# chkconfig --level 35 httpd on
# chkconfig --level 35 nginx on
#以下內容爲一行，請注意
# echo "/usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize" >> /etc/rc.local
#以下內容爲一行，請注意
# echo '/usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost' >>/etc/rc.d/rc.local
# service mysql start
# service httpd start
# service nginx start
# /usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost

  四、如何使用和創建虛擬主機 更改用戶模板文件

# mkdir /etc/skel/public_html

  添加FTP帳戶用於維護Web服務器

# useradd -s /sbin/nologin whypc_info
# chmod a+x ~whypc_info
# pure-pw useradd whypc_info -u whypc_info -g \
whypc_info -d /home/whypc_info/  #該命令之後會提示你設置FTP用戶密碼
# pure-pw mkdb   #該命令每次添加用戶之後都需要執行，不需要重啓服務。

#啓動Pure-FTP因爲剛纔還沒有產生用戶數據庫，所以在這裏啓動。
# /usr/local/pureftpd/sbin/pure-config.pl\
/usr/local/pureftpd/etc/pure-ftpd.conf --daemonize

  更改Apache配置文件增加虛擬主機

# cd /usr/local/apache/conf/vhosts
# vim whypc.info.conf
#添加如下內容，IP地址和域名根據實際情況。
<VirtualHost 204.74.291.132:81>
  ServerName whypc.info
  ServerAlias www.whypc.info
  DocumentRoot /home/whypc_info/public_html
  UseCanonicalName Off
  CustomLog /usr/local/apache/domlogs/whypc.info combined
  Options -ExecCGI -Includes
  RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
  suPHP_Engine on
  suPHP_UserGroup whypc_info whypc_info
  AddHandler x-httpd-php .php .php3 .php4 .php5
  suPHP_AddHandler x-httpd-php
  <IfModule !mod_disable_suexec.c>
    SuexecUserGroup whypc_info whypc_info
  </IfModule>
  ScriptAlias /cgi-bin/ /home/whypc_info/public_html/cgi-bin/
</VirtualHost>

  更改Nginx配置文件增加虛擬主機

# cd /usr/local/nginx/conf/vhosts/
# vim whypc.info.conf
#添加如下內容，IP地址和域名根據實際情況。
server {
access_log off;
error_log /usr/local/nginx/logs/whypc.info-error_log warn;
listen 80;
server_name whypc.info www.whypc.info;
access_log off;
location ~* ^.+.(gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg\
|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|rar\
|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
access_log /usr/local/apache/domlogs/whypc.info combined;
root /home/whypc_info/public_html/;
expires 24h;
try_files $uri @backend;
}
error_page 400 401 402 403 404 405 406 407 408 409 500 501 502 503 504 @backend;
location @backend {
internal;
client_max_body_size    100m;
client_body_buffer_size 128k;
proxy_send_timeout   300;
proxy_read_timeout   300;
proxy_buffer_size    4k;
proxy_buffers     16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_redirect http://whypc.info:81 http://whypc.info;
proxy_redirect http://www.whypc.info:81 http://www.whypc.info;
proxy_pass http://204.74.291.132:81;
proxy_set_header   Host   $host;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* \.(ftpquota|htaccess|asp|aspx|jsp|asa|mdb)$ {
deny  all;
}
location / {
client_max_body_size    100m;
client_body_buffer_size 128k;
proxy_send_timeout   300;
proxy_read_timeout   300;
proxy_buffer_size    4k;
proxy_buffers     16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_redirect http://whypc.info:81 http://whypc.info;
proxy_redirect http://www.whypc.info:81 http://www.whypc.info;
proxy_pass http://204.74.291.132:81/;
proxy_set_header   Host   $host;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

  五、創建測試文件

# vim ~whypc_info/public_html/test.php
#寫入如下內容
<?php
         system("id");
?>
# chown whypc_info:whypc_info ~whypc_info/public_html/test.php
通過瀏覽器查看是否爲目錄所有者權限（非nobody）。
http://www.whypc.info/test.php