Ubuntu Linux 10.04 安装及配置Nginx+PHP FPM
#!/bin/bash########################################### Install app server env.# Prepare:Ubuntu 10.04 Linux server configed ssh,LVS Real Server and mysql slave.##########################################[ `whoami` != "root" ] && echo "Not root." && exit 1;export EDITOR=vim;if ! grep "export EDITOR=vim" /etc/profile >/dev/null;then echo "export EDITOR=vim;" >> /etc/profile;fi;#app server domainDOMAIN='app.example.net';#statics files server domainS_DOMAIN='statics.app.example.net';#Linux内核参数优化sysctl -w net.ipv4.tcp_syncookies=1 #表示开启SYNCookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭sysctl -w net.ipv4.tcp_tw_reuse=1 #表示开启重用。允许将TIME-WAITsockets重新用于新的TCP连接,默认为0,表示关闭sysctl -w net.ipv4.tcp_tw_recycle=1 # 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭sysctl -w net.ipv4.tcp_fin_timeout=30 #表示如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间sysctl -w net.ipv4.tcp_max_tw_buckets=6000 #系统同时保持TIME_WAIT套接字的最大数量sysctl -w net.core.somaxconn=262144#表示系统同时保持TIME_WAIT套接字的最大数量,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。默认为180000,改为5000。对于Apache、Nginx等服务器,上几行的参数可以很好地减少TIME_WAIT套接字数量,但是对于Squid,效果却不大。此项参数可以控制TIME_WAIT套接字的最大数量,避免Squid服务器被大量的TIME_WAIT套接字拖死。sysctl -w net.ipv4.tcp_keepalive_time = 1200#表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省是2小时,改为20分钟。sysctl -w net.ipv4.ip_local_port_range = 1024 65000#表示用于向外连接的端口范围。缺省情况下很小:32768到61000,改为1024到65000。sysctl -w net.ipv4.tcp_max_syn_backlog = 8192#表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数。sysctl > /etc/sysctl.conf;( #Start#Install production server(apt-get -y --force-yes install curl;#安装curlapt-get -y --force-yes install python-software-properties;add-apt-repository ppa:brianmercer/php;#Ubuntu 10.04 需要添加PHP FPM的PPA源apt-get update;apt-get -y --force-yes install nginx;apt-get -y --force-yes install memcached;apt-get -y --force-yes install mercurial;apt-get -y --force-yes install php5-cgi php5-fpm php-apc php5-mysql php5-gd php5-mcrypt php5-memcache;) > /dev/null;#fix "#" commentecho 'extension=mcrypt.so' > /etc/php5/fpm/conf.d/mcrypt.ini;#Deploy appcd /var/www;rm -rf app;hg clone https://repo.app@repo.dev.example.net/hg/app/;#Config nginx#我们服务器有16核,所以...echo 'user www-data;worker_processes 16;worker_cpu_affinity 1000000000000000 0100000000000000 0010000000000000 0001000000000000 0000100000000000 0000010000000000 0000001000000000 0000000100000000 0000000010000000 0000000001000000 0000000000100000 0000000000010000 0000000000001000 0000000000000100 0000000000000010 0000000000000001;worker_rlimit_nofile 65536;error_log /var/log/nginx/error.log;pid /var/run/nginx.pid;events { use epoll; worker_connections 131072;}http { client_header_buffer_size 4K; open_file_cache max=65536 inactive=20s; open_file_cache_min_uses 3; open_file_cache_valid 30s; access_log off; include /etc/nginx/mime.types; sendfile on; tcp_nopush on; tcp_nodelay on; gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_buffers 16 64k; gzip_min_length 1k; gzip_comp_level 6; gzip_vary on; gzip_types text/plain text/javascript text/css application/x-javascript text/xml application/xml application/xml+rss; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;}' > /etc/nginx/nginx.conf;#enable nginx-statusecho "server {listen 80 default;server_name localhost;access_log off;location / {root /var/www/nginx-default;index index.html index.htm;} location = /favicon.ico { log_not_found off; }location /nginx-status { stub_status on; allow 127.0.0.1; deny all; }}" > /etc/nginx/sites-enabled/default;echo 'server { listen 80; server_name '$DOMAIN'; keepalive_timeout 0; access_log off; log_not_found off; error_log /var/log/nginx/app.error.log; root /var/www/app/; index index.php index.htm index.html; location / { try_files $uri $uri/ /index.php?$args; } location ~ ^/(protected|yii)/ { deny all; } location = /favicon.ico { expires max; return 204; } location ~ \.php$ { fastcgi_pass unix:/dev/shm/app-php-fpm.socket; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param X-Real-IP $remote_addr; include fastcgi_params; }}' > /etc/nginx/sites-available/app;echo 'server { listen 80; server_name '$S_DOMAIN'; keepalive_timeout 60; access_log off; log_not_found off; index index.htm index.html; location / { root /var/www/app/; deny all; } location ~ ^/(statics|css|assets|demo|themes|tests)/ { root /var/www/app/; gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_buffers 16 64k; gzip_min_length 1k; gzip_comp_level 6; gzip_vary on; expires 7d; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location = /favicon.ico { return 204; } location ~ \.php$ { deny all; } }' > /etc/nginx/sites-available/s.app;ln -sf ../sites-available/app /etc/nginx/sites-enabled/;ln -sf ../sites-available/s.app /etc/nginx/sites-enabled/;echo '[global]pid = /var/run/php5-fpm.piderror_log = /var/log/php5-fpm-error.logprocess_control_timeout = 30daemonize = yes[www]listen = /dev/shm/app-php-fpm.socketuser = www-datagroup = www-datapm = staticpm.max_children = 256pm.max_requests = 65535request_terminate_timeout = 30rlimit_files = 65535' > /etc/php5/fpm/php5-fpm.conf;service php5-fpm restart;service nginx restart;if ! grep "$DOMAIN" /etc/hosts;then echo "127.0.0.1 $DOMAIN $S_DOMAIN" >> /etc/hosts;fi;( crontab -l|sed "/$DOMAIN/d"; echo " 30 * * * * curl http://$DOMAIN/CronTask/some-op 5 * * * * curl http://$DOMAIN/CronTask/some-op ";)|crontab;#End);