FreeBSD 8.0+Nginx+PHP配置高性能Web

http://linux.itwaka.com

FreeBSD开发作为一个快速，高性能和极其稳定的操作系统，尤其是适合网络服务器和类似任务。许多大型搜索引擎网站，或组织的关键任务计算基础设施上部署和使用，并在他们的计算机系统上运行FreeBSD多年。下面我们就介绍下如何基于FreeBSD 8.0Ports配置nginx+php+mysql高性能web平台。

FreeBSD简介：

FreeBSD，是AT&T的后裔间接通过Berkeley SoftwareDistribution(BSD)伯克利软件发行版UNIX，其漫长而动荡的历史可以追溯到1993年。不同于Linux发行版，这被定义为集成Linux内核和数以千计的应用软件组成的解决方案，FreeBSD是一个紧密集成的操作系统基于BSDkernel和所谓的“userland(用户建造)”(因此，甚至没有额外的扩展程序)。发行版巨大失去了在普通电脑系统安装的机会 ?像许多Linux发行版本，一个易于安装的(大部分)开放源码的应用扩展提供了FreeBSD的核心，但这些通常是由第三方捐助者提供的和不严格的FreeBSD的一部分。

FreeBSD开发作为一个快速，高性能和极其稳定的操作系统，尤其是适合网络服务器和类似任务。许多大型搜索引擎网站，或组织的关键任务计算基础设施上部署和使用，并在他们的计算机系统上运行FreeBSD多年。相较于Linux操作系统，FreeBSD是分布在一个更宽松的许可证，这几乎可以无限制地重复使用和源代码修改为任何目的。即使是知名的苹果的Mac OSX也是从BSD派生。除了核心的操作系统，该项目还提供超过15,000种二进制和源代码形式

FreeBSD软件方便的应用于BSD核心安装。虽然可以肯定的是FreeBSD能够作为桌面操作系统使用，但它在这方面不具有Linux发行版流行。文本模式的安装程序提供的系统硬件检测或系统配置方面并没有，留下复杂的工作，这让在安装后的用户来设置。在现代的硬件支持方面，FreeBSD普遍滞后Linux操作系统，特别是在支持笔记本电脑和上网本等小工具，如无线网卡或流行数码相机。这些用户寻求现有的桌面FreeBSD的项目是考虑利用FreeBSD在台式机或工作站的速度和稳定，而不是FreeBSD的自身。

一.安装准备：

1.1、操作系统安装：参见http://bbs.linuxtone.org/thread-6422-1-1.html附件

默认FreeBSD不允许Root直接ssh登陆，在安装系统时候可以添加一个wheel组的用户。以确保FreeBSD系统安全!切记：FreeBSD只允许wheel组的用户可以ssh登陆。

例如：

pw useradd coralzd -g coralzd

1.2 系统环境

FreeBSD 8.0 I386

Nginx 0.7.65

PHP 5.2.13

Mysql 5.5.4 M3

二、系统初始化

2.1 更新ports

用portsnap 更新ports树，已获得最新的软件。

修改portsnap配置文件的server 为国内的镜像

ee /etc/porsnap.conf

将

SERVERNAME=portsnap.freebsd.org

修改为

SERVERNAME=portsnap.hshh.org
#初次运行portsnap fetch extract
以后运行portsnap fetch update

2.2 优化rc.conf配置文档

添加

syslogd_flags="-ss"
sendmail_enable="NONE"

2.3 内核增加IPFW防火墙

cd /usr/src/sys/i386/conf
cp GENERIC IPFW
ee IPFW

将ident GENERIC

修改为ident IPFW

在下面增加

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT

编译内核

# cd ../compile/IPFW
# make cleandepend && make depend
# make && make install

编译完成后在/etc/rc.conf 最后添加以下语句

firewall_enable="YES"
firewall_script="YES"
firewall_script="/etc/ipfw.conf"
firewall_quiet="NO"
firewall_logging_enable="YES"

:编辑/etc/syslog.conf文件

在文件最后加入如下内容:

!ipfw *.* /var/log/ipfw.log

这行的作用是将IPFW的日志写到/var/log/ipfw.log文件里

ee /etc/ipfw.conf
#!/bin/sh
IPFW='/sbin/ipfw -q'
$IPFW -f flush
$IPFW add 2000 allow ip from any to any via lo*
$IPFW add 2010 deny log ip from 127.0.0.0/8 to any in
$IPFW add 2020 deny log ip from any to 127.0.0.0/8 in
$IPFW add 2030 deny log ip from 224.0.0.0/3 to any in
$IPFW add 2040 deny log tcp from any to 224.0.0.0/3 in
$IPFW add 2050 allow log tcp from any to any out
$IPFW add 2060 allow log tcp from any to any established
$IPFW add 2070 allow log tcp from any to any 22 in
$IPFW add 2080 allow log tcp from any to any 80 in
$IPFW add 12190 deny log tcp from any to any

2.4 安装axel提高ports的安装速度

cd /usr/ports/ftp/axel
make install
#修改 /et/make.conf
ee /etc/make.conf
#加入以下内容
FETCH_CMD=axel
FETCH_BEFORE_ARGS= -n 10 -a
FETCH_AFTER_ARGS=
DISABLE_SIZE=yes
MASTER_SITE_OVERRIDE?=\
http://ports.hshh.org/${DIST_SUBDIR}/\
http://ports.cn.freebsd.org/${DIST_SUBDIR}/\
ftp://ftp.freeBSDchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP

2.5 优化内核

ee /etc/sysctl.conf
security.bsd.see_other_uids=0
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536
#net.inet.udp.sendspace=65536
net.inet.udp.maxdgram=65536
net.local.stream.sendspace=65536
net.inet.tcp.rfc1323=1
#net.inet.tcp.rfc1644=1
net.inet.tcp.rfc3042=1
net.inet.tcp.rfc3390=1
kern.ipc.maxsockbuf=2097152
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.tcp.delayed_ack=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.ip.redirect=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.inet.icmp.icmplim=100
net.inet.icmp.icmplim_output=0
#net.inet.tcp.drop_synfin=1
net.inet.tcp.always_keepalive=1
net.inet.ip.intr_queue_maxlen=1000 (这儿太大了。建议不用或小点值)
net.inet.tcp.msl=7500 (太大了。建议2500-2000左右)
net.inet.tcp.blackhole=2
net.inet.tcp.inflight.enable=1
net.inet.ip.fastforwarding=0
kern.ipc.somaxconn=32768
kern.securelevel=0
#net.inet.tcp.log_in=1
#net.inet.udp.log_in=1
net.inet.udp.checksum=1
net.inet.tcp.syncookies=1
kern.ipc.shm_use_phys=1
kern.ipc.shmmax=67108864
kern.ipc.shmall=32768
kern.coredump=0
net.local.stream.recvspace=65536
net.local.dgram.maxdgram=16384
net.local.dgram.recvspace=65536
#net.inet.tcp.mssdflt=1460
#net.inet.tcp.minmss=1640
net.inet.raw.maxdgram=65535
net.inet.raw.recvspace=65535
net.inet.ip.fw.dyn_max=65535
net.inet.ipf.fr_tcpidletimeout=864000
ee /boot/loader.conf
kern.dfldsiz="2147483648" # Set the initial data size limit
kern.maxdsiz="2147483648" # Set the max data size
kern.ipc.nmbclusters="0" # Set the number of mbuf clusters

三、配置mysql php nginx

3.1 安装mysql 5.5.4 m3

cd /usr/ports/databases/mysql55-serveree Makefile

在第30行下面加上下面的参数

--enable-thread-safe-client \--disable-dtrace \--enable-assembler \--enable-assembler \--with-big-tables \--with-ssl \--with-embedded-server \--with-local-infile \--with-plugins=partition,innobase,myisammrg

然后

#make install clean

3.2 初始化数据库

/usr/local/bin/mysql_install_db --user=mysqlcp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf

3.3 /etc/rc.conf 增加mysql_enable="YES"

echo 'mysql_enable="YES"' >> /etc/rc.conf

3.4 安装php

cd /usr/ports/lang/php52#make config ##配置编译参数[X] CLI Build CLI version[X] CGI Build CGI version[ ] APACHE Build Apache module[ ] DEBUG Enable debug[X]] SUHOSIN Enable Suhosin protection system[X] MULTIBYTE Enable zend multibyte support[ ] IPV6 Enable ipv6 support[X] REDIRECT Enable force-cgi-redirect support (CGI only)[X] DISCARD Enable discard-path support (CGI only)[X] FASTCGI Enable fastcgi support (CGI only)[X] PATHINFO Enable path-info-check support (CGI only)make install clean# cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini

3.5 配置php.ini

ee php.ini

找到如下语句

;open_basedir =disable_functions =expose_php = Onexpose_php = Offdisplay_errors = Onoutput_buffering = Off

修改为

open_basedir = /data/www/wwwroot:/tmp
disable_functions =
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsock
open,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
display_errors = Off
output_buffering = On

3.6 安装php52-extensions

# cd /usr/ports/lang/php52-extensions/#make configOptions for php52-extensions 1.3-------------------------------------------------[X] CURL CURL support[X] FTP FTP support[X] GD[X] GETTEXT[X] MBSTRING multibyte string support[X] MCRYPT Encryption support[X] MYSQL[X] PCRE Perl Compatible Regular Expression support[ ] POSIX //去掉[ ] SQLITE //去掉.[X] ZIP ZIP support[X] ZLIB# make install clean

3.7 安装php扩展模块安装eaccelerator

cd /usr/ports/www/eacceleratormake install cleanee /usr/local/etc/php.ini

在后面加上

zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so"eaccelerator.shm_size="32"eaccelerator.cache_dir="/data/cache/ea"eaccelerator.enable="1"eaccelerator.optimizer="1"eaccelerator.check_mtime="1"eaccelerator.debug="0"eaccelerator.filter=""eaccelerator.shm_max="0"eaccelerator.shm_ttl="0"eaccelerator.shm_prune_period="0"eaccelerator.shm_only="0"eaccelerator.compress="1"eaccelerator.compress_level="9"

安装memcache

cd /usr/ports/databases/pecl-memcachemake install clean

安装pdo_mysql

cd /usr/ports/databases/php52-pdo_mysqlmake install clean

安装ImageMagick

# cd /usr/ports/graphics/ImageMagick/# make install clean

看是否安装成功 convert --version

PHP还需安装两个.so

安装 php imagick extend (imagick.so)

# cd /usr/ports/graphics/pecl-imagick# make install clean

安装 php magickwand extend (magickwand.so)

# cd /usr/ports/graphics/php-magickwand# make install clean

关于magicwand的说明：http://www.imagemagick.org/script/api.php#php

然后看下扩展

安装lighttpd 获得spawn-fcgi

cd /usr/ports/www/lighttpdmake install clean

安装nginx

cd /usr/ports/www/nginxmake install clean

修改php.ini cgi.fix_pathinfo=1,让SCRIPT_FILENAME有效

安装Zendoptimizer

cd /usr/ports/devel/ZendOptimizer/

make (不要安装，只需下载下来即可)

cd work/ZendOptimizer-3.3.0a-freebsd6.0-i386

./install-tty 一路按回车,到最后选择no，不使用apache。

zend 将自动在php.ini最后添加参数的。

让nginx和spawn-fcgi开机启动

echo 'spawn_fcgi_enable="YES" '>> /etc/rc.confecho 'nginx_enable="YES"' >> /etc/rc.conf

3.8 整合nginx和php

ee fastcgi_params#fix_php_pathif ($request_filename ~* (.*)\.php) {set $php_url $1;}if (!-e $php_url.php) {return 403;}fastcgi_param QUERY_STRING $query_string;fastcgi_param REQUEST_METHOD $request_method;fastcgi_param CONTENT_TYPE $content_type;fastcgi_param CONTENT_LENGTH $content_length;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param SCRIPT_NAME $fastcgi_script_name;fastcgi_param REQUEST_URI $request_uri;fastcgi_param DOCUMENT_URI $document_uri;fastcgi_param DOCUMENT_ROOT $document_root;fastcgi_param SERVER_PROTOCOL $server_protocol;fastcgi_param GATEWAY_INTERFACE CGI/1.1;fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;fastcgi_param REMOTE_ADDR $remote_addr;fastcgi_param REMOTE_PORT $remote_port;fastcgi_param SERVER_ADDR $server_addr;fastcgi_param SERVER_PORT $server_port;fastcgi_param SERVER_NAME $server_name;# PHP only, required if PHP was built with --enable-force-cgi-redirectfastcgi_param REDIRECT_STATUS 200;ee nginx.confuser www www;worker_processes 10;pid /var/log/nginx.pid;# [ debug | info | notice | warn | error | crit ]error_log /dev/null;#Specifies the value for maximum file descriptors that can be opened by this process.worker_rlimit_nofile 51200;events{use kqueue; #FreeSBD下要启用kqueue，Linux下是epoll#maxclient = worker_processes * worker_connections / cpu_numberworker_connections 51200;}http{include /usr/local/nginx/conf/mime.types;default_type application/octet-stream;charset gb2312;server_names_hash_bucket_size 128;client_header_buffer_size 32k;large_client_header_buffers 4 32k;log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent"$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';#access_log /data/www/logs/access.log main;access_log /dev/null;sendfile on;tcp_nopush on;keepalive_timeout 60;tcp_nodelay on;fastcgi_connect_timeout 300;fastcgi_send_timeout 300;fastcgi_read_timeout 300;fastcgi_buffer_size 128k;fastcgi_buffers 4 128k;fastcgi_busy_buffers_size 128k;fastcgi_temp_file_write_size 128k;fastcgi_intercept_errors on;client_max_body_size 50m;client_body_buffer_size 256k;gzip on;gzip_min_length 1k;gzip_buffers 4 16k;gzip_http_version 1.0;gzip_comp_level 2;gzip_types text/plain application/x-javascript text/css application/xml;gzip_vary on;#proxy_temp_path /dev/proxy_temp;fastcgi_temp_path /dev/fastcgi_temp;client_body_temp_path /dev/client_body_temp;server{listen 80;server_name www.linuxtone.org;root /data/www/wwroot;index index.html index.htm index.php;location ~ \.php$ {#root html;fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;#fastcgi_param SCRIPT_FILENAME /data/www/wwwroot$fastcgi_script_name;include fastcgi_params;}log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log logs/access.log main;}}

3.9 安装phpmyadmin

cd /usr/ports/databases/phpmyadmin/

make (只需获得软件包就可以了)

cd work && mv phpMyAdmin* /data/www/wwroot/phpmyadmin

编辑 config.default.php

cd phpmyadmin/lib*ee config.default.php

将

$cfg['blowfish_secret'] = '';

修改为

$cfg['blowfish_secret'] = 'cookie';

然后就可以通过phpmyadmin 来管理mysql了!

文档修改历史

V1.0 初稿完成

V1.1 整理文档排版，增加fastcgi_params，修复php_pathinfo漏洞。

V1.2 修改nginx.conf 不正确的地方;整理/etc/make.conf 笔误。

V1.3 增加phpmyadmin 管理，修改spawn_fcgi 启动参数。

V1.4 修改nginx.conf配置文档和编译内核笔误!

kern.ipc.nsfbufs="66560" # Set the number of sendfile(2) bufs

http://linux.itwaka.com/Index.html