在2年前,我用英文写过一个教程BuildNginx+PHP-FPM+APC+Memcache+Drupal7onabare-boneUbuntu10.04orDebian5server.后来有很多公司和人联系我,告诉我他们在使用我的这个教程。2年后,很多软件升级,改变了很多安装和配置的方法,我感觉是
在2年前,我用英文写过一个教程Build
Nginx + PHP-FPM + APC + Memcache + Drupal 7 on a bare-bone Ubuntu
10.04 or Debian 5 server. 后来有很多公司和人联系我,告诉我他们在使用我的这个教程。
2年后,很多软件升级,改变了很多安装和配置的方法,我感觉是时候写一个新的教程了:
首先,拿到一个新的服务器 (Linode),
以root登录:
基本服务器配置
设置Hostname
echo "plato" > /etc/hostname
hostname -F /etc/hostname
编辑 /etc/hosts (IPv6)
增加:
12.34.56.78 plato.example.com plato
2600:3c01::a123:b456:c789:d012 plato.example.com plato
设置时区
dpkg-reconfigure tzdata
更新服务器软件
nano /etc/apt/sources.list
增加下面两行:
deb http://packages.dotdeb.org squeeze
all
deb-src http://packages.dotdeb.org squeeze
all
wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | apt-key add -
apt-get update
apt-get upgrade --show-upgraded
配置安全属性
增加一个系统管理员
adduser example_user
usermod -a -G sudo example_user
logout
ssh example_user@123.456.78.90
现在开始,你可以用新用户加sudo来执行管理员命令了。
反激活root的SSH登录
sudo nano /etc/ssh/sshd_config
更新这一行:PermitRootLogin no
sudo service ssh restart
设置防火墙:
sudo iptables -L
sudo nano /etc/iptables.firewall.rules
复制:
*filter
# Allow all loopback (lo0) traffic and drop all traffic to 127/8
that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT
# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outbound traffic - you can modify this to only allow
certain traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS connections from anywhere (the normal
ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allow SSH connections
#
# The -dport number should be the same port number you set in
sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -j ACCEPT
# Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables
denied: " --log-level 7
# Drop all other inbound - default deny unless explicitly
allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
sudo iptables-restore
让防火墙每次重启后自动加载:
sudo nano /etc/network/if-pre-up.d/firewall
#!/bin/sh
/sbin/iptables-restore
sudo chmod +x /etc/network/if-pre-up.d/firewall
安装Fail2Ban,自动检测攻击并阻止:
sudo aptitude install fail2ban
安装PHP-FPM
sudo aptitude install php5 php5-cli php5-dev php5-gd php-pear
php5-fpm php5-geoip libgeoip1 libgeoip-dev geoip-database
更新一些配置:
sudo nano /etc/php5/fpm/php.ini
memory_limit: 512M
cgi.fix_pathinfo=0
安装Nginx
sudo aptitude install nginx
配置虚拟主机
sudo mkdir -p /srv/www/insready.com/{public_html,logs}
sudo chown -R www-data:www-data /srv/www
sudo chmod -R 775 /srv/www
cd /etc/nginx/sites-available/
sudo wget
https://gist.github.com/raw/4248423/c7b2ea550ef9273f7f5d0823f81f054296fc...
你需要修改以上的域名配置 sudo nano insready.com
sudo nano /etc/php5/fpm/pool.d/www.conf
把listen = 127.0.0.1:9000 这行改成:
listen = /tmp/php-fpm.sock
sudo ln -s /etc/nginx/sites-available/insready.com
/etc/nginx/sites-enabled
配置Nginx Microcache
(并且把Microcache放在内存里,体验闪电的速度吧!)
sudo nano /etc/nginx/conf.d/microcache.conf
fastcgi_cache_path /dev/shm/microcache levels=1:2
keys_zOne=microcache:5M max_size=1G inactive=2h; #把Nignx
Microcache设置在内存里,这就更快了!
map $http_COOKIE $cache_uid {
default nil; # hommage to Lisp :)
~SESS[[:alnum:]]+=(?[[:alnum:]]+)
$session_id;
}
map $request_method $no_cache {
default 1;
HEAD 0;
GET 0;
}
现在使Nginx每次启动的时候自动运行
sudo update-rc.d nginx defaults
启动Nginx
sudo /etc/init.d/nginx start
安装MariaDB
长话短说,MariaDB是甲骨文公司购买了MySQL后,原来开发人员离职然后创建的新开源数据库。MariaDB和MySQL一样使用。
sudo nano /etc/apt/sources.list.d/MariaDB.list
# MariaDB 5.5 repository list - created 2012-12-08 07:39 UTC
# http://downloads.mariadb.org/mariadb/repositories/
deb http://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/repo/5.5/debian squeeze main
deb-src http://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/repo/5.5/debian squeeze main
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com
0xcbcb082a1bb943db
sudo aptitude update
sudo aptitude install libmariadbclient-dev libmariadbclient18
libmariadbd-dev libmysqlclient18 mariadb-client mariadb-client-5.5
mariadb-client-core-5.5 mariadb-common mariadb-server
mariadb-server-5.5 mariadb-server-core-5.5 mariadb-test
mariadb-test-5.5 mysql-common
安装最新版本的Drupal
cd /srv/www/insready.com
sudo wget http://ftp.drupal.org/files/projects/drupal-7.18.tar.gz
sudo tar -xvzf drupal-7.18.tar.gz
cd drupal-7.18
sudo cp -a . ../public_html/
sudo chown www-data:www-data public_html -R
安装Memcache, APC
sudo aptitude install memcached libmemcached-tools memstat make
sudo pecl install memcache
sudo pecl install apc
创建以下文件,配置Memcache
sudo nano /etc/php5/conf.d/memcache.ini
extension= memcache.so
memcache.hash_strategy="consistent"
创建以下文件,配置apc
sudo nano /etc/php5/conf.d/apc.ini
extension=apc.so
apc.shm_size = 256M
apc.apc.stat = 0
安装uploadprogress
sudo pecl install uploadprogress
创建以下文件,配置uploadprogress
sudo nano /etc/php5/conf.d/uploadprogress.ini
extension=uploadprogress.so
重启:
sudo service nginx restart
sudo service mysql restart
sudo service php5-fpm restart
sudo service memcached restart
完成!
京公网安备 11010802041100号