您的位置:首页 > 其它

LEMP构建高性能WEB服务器

2014-11-01 21:08 309 查看
目录

前言:

一、系统安装

1. 系统分区

2.系统初始化脚本(根据具体需求关闭不需要的服务)

二、编译安装基本环境

1. 安装准备

2. 编译安装软件包

三、编译安装PHP及Nginx

1.PHP(Fastcgi)编译安装

2.安装Nginx

四、Nginx多虚拟主机配置及基本优化(以配置Discuz!论坛为例)

1.配置Nginx虚拟主机(防盗链及expires设置)

2.Nginx搭建下载站点限制并发数和速率.

3.如何实现Nginx身份验证

4.如何实现Nginx目录列表

5.修改Nginx的header伪装服务器

6.减小nginx编译后的文件大小

7.Nginx日志处理

五、基本安全设置策略

六、附录及相关介绍

前言:

本文基于step by step的结构向大家介绍Nginx构建高性能WEB的全过程.并且我们在

生产服务器上运行一个月非常稳定,所以整理出来供大家分享。希望能够帮助

更多的初学者轻松构建高性能的WEB服务器。对文中提到的相关操作有任何问题都可以

到LinuxTone论坛去交流提问,我们将第一时间为你解答,同时把网友的建议加入,及

时更新相关内容.

系统环境:

CentOS 5.1+nginx-0.6.31+php-5.2.6+memcache-2.2.3+xcache-1.2.2+mysql-5.0.51b

一、系统安装

1. 系统分区

/boot 100M左右

SWAP 物理内存的2倍(如果你的物理内存大于4G以上,分配4G即可)

/ 分区15~20G

/usr/local 20G (用于安装软件)

/data 剩余所有空间

*具体分区请根据相关业务划分,具体安装本文不作介绍.

2.系统初始化脚本(根据具体需求关闭不需要的服务)

#vi init.sh

#welcome

cat << EOF

+--------------------------------------------------------------+

| === Welcome to CentOS System init === |

+--------------http://www.linuxtone.org------------------------+

+--------------------------------------------------------------+

EOF


#disable ipv6

cat << EOF

+--------------------------------------------------------------+

| === Welcome to Disable IPV6 === |

+--------------------------------------------------------------+

EOF

echo "alias net-pf-10 off" >> /etc/modprobe.conf

echo “alias ipv6 off” >> /etc/modprobe.conf

/sbin/chkconfig –level 35 ip6tables off

echo “ipv6 is disabled!”
#disable selinux

sed -i ‘/SELINUX/s/enforcing/disabled/’ /etc/selinux/config

echo “selinux is disabled,you must reboot!”
#vim

sed -i “8 s/^/alias vi=’vim’/” /root/.bashrc

echo ’syntax on’ > /root/.vimrc
#LANG=en

sed -i -e ’s/^LANG=.*/LANG=”en”/’ /etc/sysconfig/i18n
#tunoff services

#————————————————————–+

cat << EOF

+--------------------------------------------------------------+

| === Welcome to Tunoff services === |

+--------------------------------------------------------------+

EOF

#--------------------------------------------------------------+

for i in `ls /etc/rc3.d/S*`

do

CURSRV=`echo $i|cut -c 15-`

echo $CURSRV

case $CURSRV in

crond | irqbalance | microcode_ctl | network | random | sendmail | sshd | syslog | local | mysqld )

echo "Base services, Skip!"

;;

*)

echo "change $CURSRV to off"

chkconfig --level 235 $CURSRV off

service $CURSRV stop

;;

esac

done


#sh init.sh (执行上面保存的脚本,仍后重启)

二、编译安装基本环境

1. 安装准备

1) 系统约定

软件源代码包存放位置 /usr/local/src

源码包编译安装位置(prefix) /usr/local/software_name

脚本以及维护程序存放位置 /usr/local/sbin

MySQL 数据库位置 /data/mysql/data(可按情况设置)

网站根目录 /data/www/wwwroot(可按情况设置)

虚拟主机日志根目录 /data/logs(可按情况设置)

Nginx运行账户 www:www

in_software_name.sh 存放编译参数脚本 习惯将所有编译脚本存放在in_software_name.sh便于升级和更新软件.

创建网站账号及相关存放目录

groupadd www -g 48

useradd -u 48 -g www www

mkdir -p /data/www/wwwroot

mkdir -p /data/logs

chmod +w /data/www/wwwroot

chown -R www:www /data/www/wwwroot


2) 系统环境部署及调整

检查系统是否正常

# tail -n100 /var/log/messages (检查有无系统级错误信息)

# dmesg (检查硬件设备是否有错误信息)

# ifconfig(检查网卡设置是否正确)

# ping www.linuxtone.org (检查网络是否正常)

3) 使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称)

添加国内镜像源加速软件安装下载速度请参照:http://bbs.linuxtone.org/thread-158-1-1.html

yum -y install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel \

ncurses-devel libtool* zlib-devel libxml2-devel libjpeg-devel libpng-devel libtiff-devel \

fontconfig-devel freetype-devel libXpm-devel gettext-devel curl curl-devel pam-devel kernel


发包装上。

4) 定时校正服务器时钟,定时与中国国家授时中心授时服务器同步

# crontab -e

加入一行:

15 3 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1

5) 下载编译相关的源码包.

#vi list 在list文件里填入以后下载地址列表.

http://www.libgd.org/releases/gd-2.0.35.tar.bz2
 http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz  http://jaist.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.bz2  http://jaist.dl.sourceforge.net/sourceforge/mcrypt/mcrypt-2.6.7.tar.gz  http://www.openssl.org/source/openssl-0.9.8h.tar.gz  http://openbsd.md5.com.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz[/code] 
 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz  http://sysoev.ru/ href="http://srsman.com/tag/nginx/" target=_blank>nginx/nginx-0.6.31.tar.gz http://mysql.byungsoo.net/Downloads/MySQL-5.0/mysql-5.0.51b.tar.gz 
http://cn2.php.net/get/php-5.2.6.tar.bz2/from/this/mirror
 http://php-fpm.anight.org/downloads/head/php-5.2.6-fpm-0.5.8.diff.gz  http://pecl.php.net/get/memcache-2.2.3.tgz  http://xcache.lighttpd.net/pub/Releases/1.2.2/xcache-1.2.2.tar.gz  http://downloads.phpchina.com/zend/optimizer/3.3.3/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz[/code] 
#vi down.sh 创建下载脚本.

#!/bin/bash

for i in `cat list`

do

wget -c $i

done


#sh down.sh 执行下载脚本即可下载相关软件包.

2. 编译安装软件包

源码编译安装所需包(Source)

1) 升级OpenSSL及OpenSSH

tar xvf openssl-0.9.8h.tar.gz

cd openssl-0.9.8h

#vi in_openssl.sh

./config --prefix=/usr/local/openssl

make

make test

make install

# sh in_openssl.sh



#tar xvf openssh-5.0p1.tar.gz

#cd openssh-5.0p1

# vi in_openssh.sh

./configure \

"--prefix=/usr" \

"--with-pam" \

"--with-zlib" \

"--sysconfdir=/etc/ssh" \

"--with-ssl-dir=/usr/local/openssl" \

"--with-md5-passwords"

make

make install

# sh in_openssh.sh


禁用 SSH V1 协议:找到#Protocol 2,1改为:Protocol 2

禁用服务器端GSSAPI找到以下两行,并将它们注释:

GSSAPIAuthentication yes

GSSAPICleanupCredentials yes

禁用 DNS 名称解析

找到:#UseDNS yeas改为:UseDNS no

禁用客户端 GSSAPI

# vi /etc/ssh/ssh_config 找到:GSSAPIAuthentication yes 将这行注释掉。

最后,确认修改正确后重新启动 SSH 服务

#init_ssh.sh

ssh_cf=”/etc/ssh/sshd_config”

sed -i -e ‘74 s/^/#/’ -i -e ‘76 s/^/#/’ $ssh_cf

sed -i “s/#UseDNS yes/UseDNS no/” $ssh_cf

#client

sed -i -e ‘44 s/^/#/’ -i -e ‘48 s/^/#/’ $ssh_cf

echo “ssh is init is ok…………..”

# service sshd restart

# ssh -v 确认 OpenSSH 以及 OpenSSL 版本正确。

以上SSH配置可利用以下脚本自动修改:

#vi init_ssh.sh

#init_ssh.sh

ssh_cf="/etc/ssh/sshd_config"

sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' $ssh_cf

sed -i "s/#UseDNS yes/UseDNS no/" $ssh_cf

#client

sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' $ssh_cf

echo "ssh is init is ok.............."


#sh init_ssh.sh

[root@servers src]# /etc/init.d/sshd restart

Stopping sshd: [ OK ]

Starting sshd: [ OK ]

[root@servers src]# ssh -v

OpenSSH_5.0p1, OpenSSL 0.9.8h 28 May 2008

2) GD2

# cd /usr/local/src

# tar xvf gd-2.0.35.tar.gz

# cd gd-2.0.35

# vi in_gd2.sh

aclocal

./configure --prefix=/usr/local/gd2

make && make install

# sh in_gd2.sh


3) tar xvf libmcrypt-2.5.8.tar.bz2

cd libmcrypt-2.5.8

#vi in_libmcrypt.sh

./configure --prefix=/usr/local/libmcrypt && make && make install

#sh in.sh


4) #tar xvf libiconv-1.12.tar.gz

#cd libiconv-1.12

#vi in_iconv.sh

./configure --prefix=/usr && make && make install


#sh in_iconv.sh

5) 编译安装MySQL

# tar xvf mysql-5.0.51b.tar.gz

# cd mysql-5.0.51b

# vi in_mysql.sh

CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors \

-fno-exceptions -fno-rtti -fomit-frame-pointer -ffixed-ebp"

./configure \

"--prefix=/usr/local/mysql" \

"--localstatedir=/data/mysql/data" \

"--with-comment=Source" \

"--with-server-suffix=-LinuxTone.Org" \

"--with-mysqld-user=mysql" \

"--without-debug" \

"--with-big-tables" \

"--with-charset=gbk" \

"--with-collation=gbk_chinese_ci" \

"--with-extra-charsets=all" \

"--with-pthread" \

"--enable-static" \

"--enable-thread-safe-client" \

"--with-client-ldflags=-all-static" \

"--with-mysqld-ldflags=-all-static" \

"--enable-assembler" \

"--without-isam" \

"--without-innodb" \

"--without-ndb-debug"

make && make install

useradd mysql -d /data/mysql -s /sbin/nologin

/usr/local/mysql/bin/mysql_install_db --user=mysql

cd /usr/local/mysql

chown -R root:mysql .

chown -R mysql /data/mysql/data

cp share/mysql/my-huge.cnf /etc/my.cnf

cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld

chmod 755 /etc/rc.d/init.d/mysqld

chkconfig --add mysqld

/etc/rc.d/init.d/mysqld start



cd /usr/local/mysql/bin

for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done


#sh in_mysql.sh

三、编译安装PHP及Nginx

1.PHP(Fastcgi)编译安装

1)php-fpm 给PHP(Fastcgi)打补丁

#tar xvf php-5.2.6.tar.bz2

#gzip -cd php-5.2.6-fpm-0.5.8.diff.gz | patch -d php-5.2.6 -p1

2)PHP(Fastcgi)安装.

#cd php-5.2.6

#vi in_php5.sh

./configure \

"--prefix=/usr/local/php-fcgi" \

"--enable-fastcgi" \

"--enable-fpm" \

"--enable-discard-path" \

"--enable-force-cgi-redirect" \

"--with-config-file-path=/usr/local/php-fcgi/etc" \

"--enable-zend-multibyte" \

"--with-mysql=/usr/local/mysql" \

"--with-libxml-dir" \

"--with-iconv-dir=/usr/lib" \

"--with-xmlrpc" \

"--with-gd=/usr/local/gd2" \

"--with-jpeg-dir" \

"--with-png-dir" \

"--with-bz2" \

"--with-freetype-dir" \

"--with-zlib-dir " \

"--with-openssl=/usr/local/openssl" \

"--with-mcrypt=/usr/local/libmcrypt" \

"--enable-sysvsem" \

"--enable-inline-optimization" \

"--enable-soap" \

"--enable-gd-native-ttf" \

"--enable-ftp" \

"--enable-mbstring" \

"--enable-exif" \

"--disable-debug" \

"--disable-ipv6"

make && make install

cp php.ini-dist /usr/local/php-fcgi/etc/php.ini


#sh in_php5.sh

4)安装Xcache

tar xvf xcache-1.2.2.tar.gz

cd xcache-1.2.2

#vi in_xcache.sh

/usr/local/php-fcgi/bin/phpize

./configure --enable-xcache --enable-xcache-coverager --with-php-config=/usr/local/php-



fcgi/bin/php-config \

--enable-inline-optimization --disable-debug

make && make install


#sh in_xcache.sh

#vi /usr/local/php-fcgi/etc/php.ini #编辑php.ini在其内容最后加入如下内容:

[xcache-common]

zend_extension = /usr/local/php-fcgi/lib/php/extensions/no-debug-non-zts-20060613/xcache.so


[xcache.admin]

xcache.admin.user = “admin”

;如何生成md5密码: echo -n “password”| md5sum

xcache.admin.pass = “035d849226a8a10be1a5e0fec1f0f3ce” #密码为52netseek
[xcache]

; Change xcache.size to tune the size of the opcode cache

xcache.size = 24M

xcache.shm_scheme = “mmap”

xcache.count = 4

xcache.slots = 8K

xcache.ttl = 0

xcache.gc_interval = 0
; Change xcache.var_size to adjust the size of variable cache

xcache.var_size = 8M

xcache.var_count = 1

xcache.var_slots = 8K

xcache.var_ttl = 0

xcache.var_maxttl = 0

xcache.var_gc_interval = 300

xcache.test = Off

xcache.readonly_protection = On

xcache.mmap_path = “/dev/zero”

xcache.coredump_directory = “”

xcache.cacher = On

xcache.stat = On

xcache.optimizer = Off

[xcache.coverager]

xcache.coverager = On

xcache.coveragedump_directory = “”


4)安装Memcache

cd memcache-2.2.3

#vi in_memcache.sh

/usr/local/php-fcgi/bin/phpize

./configure --with-php-config=/usr/local/php-fcgi/bin/php-config

make && make install


#sh in_memcache.sh

5) PHP初始化脚本

# cat init_fcgi.sh

#!/bin/bash

#php-fastcgi.php

fcgi_cf="/usr/local/php-fcgi/etc/php.ini"

sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' $fcgi_cf

sed -i '210 s#disable_functions =#disable_functions =


phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_
alter,ini_alter,ini_restore,
dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server#g' $fcgi_cf

sed -i '/expose_php/s/On/Off/' $fcgi_cf

sed -i '/display_errors/s/On/Off/' $fcgi_cf

sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/php-fcgi/lib/php/extensions/no-debug-
non-zts-20060613/"\nextension

= "memcache.so"\n#' $fcgi_cf


6)ZendOptimizer-3.3.3-linux-glibc23-i386 (解压后进入目录./install,安提示选择相关的目录及

配置文件存放目录即可)

2.安装Nginx

1)Nginx编译安装

cd nginx-0.6.31

#vi in_nginx.sh

./configure --user=www --group=www --prefix=/usr/local/nginx/ --with-http_stub_status_module
--


with-

openssl=/usr/local/openssl

make && make install


sh in_nginx.sh

2)初始化Nginx相关配置

#mkdir /usr/local/nginx/conf/vhosts 创建存放虚拟主机配置文件目录

#cd /usr/local/nginx/conf

#mv nginx.conf nginx.conf_back
将原配置文件备份供以后参考.

#vi nginx.conf 重新创建nginx主配置文件

user www www;


worker_processes 8;
pid /var/run/nginx.pid;

# [ debug | info | notice | warn | error | crit ]

#error_log /var/log/nginx.error_log info;

#Specifies the value for maximum file descriptors that can be opened by this process.

worker_rlimit_nofile 51200;
events

{

use epoll;
#maxclient = worker_processes * worker_connections / cpu_number

worker_connections 51200;

}
http

{

include mime.types;

default_type application/octet-stream;

charset gb2312;

server_names_hash_bucket_size 128;
log_format main ‘$remote_addr - $remote_user [$time_local] $request ‘

‘”$status” $body_bytes_sent “$http_referer” ‘

‘”$http_user_agent” “$http_x_forwarded_for”‘;
#access_log /data/www/logs/access.log main;

access_log /dev/null;
sendfile on;

tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;
fastcgi_connect_timeout 60;

fastcgi_send_timeout 180;

fastcgi_read_timeout 180;

fastcgi_buffer_size 128k;

fastcgi_buffers 4 128k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

fastcgi_intercept_errors on;
gzip on;

gzip_min_length 1k;

gzip_buffers 4 8k;

gzip_http_version 1.1;

gzip_types text/plain application/x-javascript text/css text/html application/xml;
#

client_max_body_size 10m;

client_body_buffer_size 256k;

#

#proxy_temp_path /dev/shm/proxy_temp;

fastcgi_temp_path /dev/shm/fastcgi_temp;

client_body_temp_path /dev/shm/client_body_temp;

# The following includes are specified for virtual hosts

include vhosts/bbs.linxutone.org.conf;

include vhosts/down.redocn.com.conf;

include vhosts/count.linuxtone.org.conf;

}


fastcgi_pass 127.0.0.1:8085;

fastcgi_index index.php;


fastcgi_param GATEWAY_INTERFACE CGI/1.1;

fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;

fastcgi_param REQUEST_METHOD $request_method;

fastcgi_param CONTENT_TYPE $content_type;

fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

fastcgi_param REQUEST_URI $request_uri;

fastcgi_param DOCUMENT_URI $document_uri;

fastcgi_param DOCUMENT_ROOT $document_root;

fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;

fastcgi_param REMOTE_PORT $remote_port;

fastcgi_param SERVER_ADDR $server_addr;

fastcgi_param SERVER_PORT $server_port;

fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect

#fastcgi_param REDIRECT_STATUS 200;

#vi /enable_php5.conf Nginx支持PHP配置文件.



3)配置修改php-fpm脚本

配置php-fpm脚本:

cd /usr/local/php-fcgi/etc/

vi php-fpm.conf 修改如下内容:(进入vi编辑器,输入:set nu 显示行号.)

41 127.0.0.1:8085

62 Unix user of processes

63 www

65 Unix group of processes

66 www

79 128

80

81 Settings group for ‘apache-like’ pm style

82

83

84 Sets the number of server processes created on

startup.

85 Used only when ‘apache-like’ pm_style is selected

86 20

87

88 Sets the desired minimum number of idle server

processes.

89 Used only when ‘apache-like’ pm_style is selected

90 5

91

92 Sets the desired maximum number of idle server

processes.

93 Used only when ‘apache-like’ pm_style is selected

94 250

104 Set open file desc rlimit

105 51200

106

107 Set max core size rlimit

108 0

109

110 Chroot to this directory at the start

111

112

113 Chdir to this directory at the start

114

115

116 Redirect workers’ stdout and stderr into main error log.

117 If not set, they will be redirected to /dev/null, according to

FastCGI specs

118 yes

119

120 How much requests each process should execute before respawn.

121 Useful to work around memory leaks in 3rd party libraries.

122 For endless request processing please specify 0

123 Equivalent to PHP_FCGI_MAX_REQUESTS

124 51200

[code]

4) Nginx+PHP(fastcgi)启动脚本参考:http://bbs.linuxtone.org/thread-372-1-2.html

四、Nginx多虚拟主机配置及基本优化(以配置Discuz!论坛为例)

1.配置Nginx虚拟主机(防盗链及expires设置)

#vi /usr/local/nginx/conf/vhosts/bbs.linuxtone.org.conf

[code]

server

{

listen 80;

server_name bbs.linuxtone.org www.linuxtone.org;

index index.html index.php index.htm;

root /data/www/wwwroot/lt/bbs;

#access_log /var/log/nginx/access_bbs.redocn.com.log combined;

location / {

if (!-e $request_filename) {

rewrite ^/archiver/((fid|tid)-[\w\-]+\.html)$ /archiver/index.php?$1


last;

rewrite ^/forum-([0-9]+)-([0-9]+)\.html$ /forumdisplay.php?
fid=$1&page=$2 last;

rewrite ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /viewthread.php?
tid=$1&extra=page%3D$3&page=$2
last;

rewrite ^/space-(username|uid)-(.+)\.html$ /space.php?$1=$2 last;

rewrite ^/tag-(.+)\.html$ /tag.php?name=$1 last;

break;

}
}
#Preventing hot linking of images and other file types

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {

valid_referers none blocked server_names *.linuxtone.org http://localhost; 
if ($invalid_referer) {

rewrite ^/ http://bbs.linuxtone.org/images/default/logo.gif; 
return 403;

}

}

# Add expires header for static content

location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ {

if (-f $request_filename) {

root /data/www/wwwroot/lt/bbs;

expires 1d;

break;

}
}

#support php

location ~ .*\.php?$

{

include enable_php5.conf;

}

}


vi /usr/local/nginx/conf/vhosts/down.redocn.com.conf

limit_zone one $binary_remote_addr 10m;

server

{

listen 80;

server_name down.redocn.com;

index index.html index.htm index.php;

root /data/www/wwwroot/down;

error_page 404 /index.php;

# redirect server error pages to the static page /50x.html

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

#Zone limit

location / {

limit_conn one 1;

limit_rate 20k;

}


# serve static files

location ~ ^/(images|javascript|js|css|flash|media|static)/ {

root /data/www/wwwroot/down;

expires 30d;

}

}

2.Nginx搭建下载站点限制并发数和速率.



3.如何实现Nginx身份验证

实现输入http://count.linuxtone.org/tongji 要求输入用户名和密码验证才可查看内内。配置方

法如下:

创建统计配置文件:

mkdir /usr/local/nginx/conf/htpasswd #创建存放密码的目录

/usr/local/apache2/bin/htpasswd -c /usr/local/nginx/conf/htpasswd/tongji admin


server

{

listen 80;

server_name count.linuxtone.org 211.100.72.138;

index index.html index.php;

root /data/www/wwwroot/count;

access_log /data/logs/access_count.linuxtone.org.log combined;

#error page

error_page 404 http://www.linuxtone.org/error.html; 
error_page 500 502 503 504 http://www.linuxtone.org; 
#support php

location ~ .*\.php?$

{

include enable_php5.conf;

}
#expires static files

location ~* \.(js|css|jpg|jpeg|gif|png)$ {

if (-f $request_filename) {

access_log off;

expires 1d;

break;

}

}

location ~ ^/(tongji)/ {

root /data/www/wwwroot/count;

auth_basic "LT-COUNT-TongJi";

auth_basic_user_file /usr/local/nginx/conf/htpasswd/tongji;

}

}


4.如何实现Nginx目录列表

在相关虚拟主机配置文件加入如下设置即可,更多请参考官方wiki

location / {

autoindex on;

}


5.修改Nginx的header伪装服务器

cd nginx-0.6.31/src/core

#define NGINX_VERSION "1.2"

#define NGINX_VER "LTWS/" NGINX_VERSION


仍后重新编译nginx即可,查看一下效果:

[root@count ~]# curl -I http://bbs.linuxtone.org 
HTTP/1.1 200 OK

Server: LTWS/1.2

Date: Mon, 23 Jun 2008 06:11:17 GMT

Content-Type: text/html; charset=gb2312

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: lt__sid=cJN2FT; expires=Mon, 30-Jun-2008 06:11:17 GMT; path=/

Set-Cookie: lt__onlineusernum=228; expires=Mon, 23-Jun-2008 06:16:17 GMT; path=/


6.减小nginx编译后的文件大小 (Reduce file size of nginx)

默认的nginx编译选项里居然是用debug模式(-g)的(debug模式会插入很多跟踪和ASSERT之类),编译以后一个

nginx有好几兆。

去掉nginx的debug模式编译,编译以后只有480K(nginx-0.6.31
, gcc4)。

[root@ssatt local]# du -sh nginx

480K nginx

在auto/cc/gcc,最后几行有:

# debug

CFLAGS="$CFLAGS -g"


注释掉或删掉这几行,重新编译即可

7.Nginx日志处理

[root@count ~]# crontab -l

59 23 * * * /usr/local/sbin/logcron.sh /dev/null 2>&1


[root@count ~]# cat /usr/local/sbin/logcron.sh

#!/bin/bash

log_dir="/data/logs"

time=`date +%Y%m%d`

/bin/mv ${log_dir}/access_linuxtone.org.log ${log_dir}/access_count.linuxtone.org.$time.log

kill -USR1 `cat /var/run/nginx.pid`

                                            

                                        

                        
                        内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息 
                    

                    

                    

                        

                         标签: 
                                                

                        

                    


                

            


            

                
相关文章推荐

                

                
            

        

        

            

            
            

                

                    
新的分享

                    

                        
                    

                

            


            

                

                    
章节导航