yum install -y gcc* autoconf* libjpeg* libpng* freetype* libxml2* zlib* zlib-devel glibc* glib2* ncurses* cur* e2fsprogs* krb5* libin* openssl* libtool* openldap-servers bison* cmake* apr* mcrypt* libmcrypt* libcurl* ImageMagick* pcre* ctags wget
安装mysql
groupadd mysql #添加mysql组 useradd -g mysql mysql -s /bin/false #创建用户mysql并加入到mysql组,不允许mysql用户直接登录系统 mkdir -p /data/mysql #创建MySQL数据库存放目录 chown -R mysql:mysql /data/mysql #设置MySQL数据库目录权限 mkdir -p /usr/local/mysql #创建MySQL安装目录 cd /usr/local/src tar zxvf mysql-5.5.21.tar.gz #解压 cd mysql-5.5.21 cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ -DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DWITH_EXTRA_CHARSETS=all \ -DWITH_MYISAM_STORAGE_ENGINE=1 \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_MEMORY_STORAGE_ENGINE=1 \ -DWITH_READLINE=1 \ -DENABLED_LOCAL_INFILE=1 \ -DMYSQL_DATADIR=/data/mysql \ -DMYSQL_USER=mysql注意一旦有一次失败下次再要安装时
make clean rm -f CMakeCache.txt 配置 make #编译 make install #安装 cd /usr/local/mysql cp ./support-files/my-huge.cnf /etc/my.cnf #拷贝配置文件(注意:如果/etc目录下面默认有一个my.cnf,直接覆盖即可) /etc/my.cnf来自以下文件:如果你的内存≤64M,则复制/usr/local/share/mysql/my-small.cnf为/etc/my.cnf
# This is for a system with little memory (<= 64M) where MySQL is only used # from time to time and it's important that the mysqld daemon # doesn't use much resources.如果内存是128M,则复制/usr/local/share/mysql/my-medium.cnf为/etc/my.cnf
# This is for a system with little memory (32M - 64M) where MySQL plays # an important part, or systems up to 128M where MySQL is used together with # other programs (such as a web server)如果内存是512M,则复制/usr/local/share/mysql/my-large.cnf为/etc/my.cnf
# This is for a large system with memory = 512M where the system runs mainly # MySQL.如果内存是1-2G,则复制/usr/local/share/mysql/my-huge.cnf为/etc/my.cnf
# This is for a large system with memory of 1G-2G where the system runs mainly # MySQL.chown mysql.mysql /etc/my.cnf
vi /etc/my.cnf #编辑配置文件,在 [mysqld] 部分增加 datadir = /data/mysql #添加MySQL数据库路径 chown -R mysql.mysql /data/mysql /usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql --defaults-file=/etc/my.cnf#生成mysql系统数据库(/usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql) cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld #把Mysql加入系统启动 chmod 755 /etc/init.d/mysqld #增加执行权限 chkconfig mysqld on #加入开机启动 vi /etc/rc.d/init.d/mysqld #编辑 basedir = /usr/local/mysql #MySQL程序安装路径 datadir = /data/mysql #MySQl数据库存放目录 service mysqld start #启动 vi /etc/profile #把mysql服务加入系统环境变量:在最后添加下面这一行 export PATH=$PATH:/usr/local/mysql/bin 下面这两行把myslq的库文件链接到系统默认的位置,这样你在编译类似PHP等软件时可以不用指定mysql的库文件地址。 ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql ln -s /usr/local/mysql/include/mysql /usr/include/mysql ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib/libmysqlclient.so.18 ln -s /usr/local/mysql/lib/libmysqlclient.so /usr/lib/libmysqlclient.so ln -s /usr/local/mysql/lib/libmysqlclient.so.18.0.0 /usr/lib/libmysqlclient.so.18.0.0 cd shutdown -r now #需要重启系统,等待系统重新启动之后继续在终端命令行下面操作 mysql_secure_installation #设置Mysql密码 根据提示按Y 回车输入2次密码 或者直接修改密码mysqladmin -u user password 'redhat' mysql -u root -p GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' IDENTIFIED BY '888888'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'127.0.0.1' IDENTIFIED BY '888888'; flush privileges; service mysqld restart #重启 wget -c tar -zxvf libiconv-1.14.tar.gz cd libiconv-1.14 ./configure --prefix=/usr/local/ make && make install wget-c tar -zxvf libmcrypt-2.5.8.tar.gz cd libmcrypt-2.5.8 ./configure make && make install /sbin/ldconfig cd libltdl/ ./configure --enable-ltdl-install make make install cd ln -sf /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la ln -sf /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so ln -sf /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 ln -sf /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 ln -sf /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config ln -sf /usr/local/lib/libiconv.so.2 /usr/lib/libiconv.so.2 ln -sf /usr/local/lib/libiconv.so /usr/lib/libiconv.so ln -sf /usr/local/lib/libiconv.so.2.5.1 /usr/lib/libiconv.so.2.5.1 ln -sf /usr/local/lib/libiconv.la /usr/lib/libiconv.la ldconfig wget -c tar -zxvf mhash-0.9.9.9.tar.gz cd mhash-0.9.9.9 ./configure make make install ln -sf /usr/local/lib/libmhash.a /usr/lib/libmhash.a ln -sf /usr/local/lib/libmhash.la /usr/lib/libmhash.la ln -sf /usr/local/lib/libmhash.so /usr/lib/libmhash.so ln -sf /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 ln -sf /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 ldconfig wget -c tar -zxvf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8 ls /sbin/ldconfig ./configure make make install ldconfigwget -c
tar -zxvf php-5.3.14.tar.gz cd php-5.3.14 ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc \ --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config \ --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib \ --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-safe-mode --enable-bcmath \ --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers \ --enable-mbregex --enable-fpm --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf \ --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc \ --enable-zip --enable-soap make ZEND_EXTRA_LIBS='-liconv' make install cp php.ini-production /usr/local/php/etc/php.ini #复制php配置文件到安装目录 ln -s /usr/local/php/etc/php.ini /etc/php.ini cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf vi /usr/local/php/etc/php-fpm.conf #编辑 user = www #设置php-fpm运行账号为www group = www #设置php-fpm运行组为www pid = run/php-fpm.pid #取消前面的分号 设置 php-fpm开机启动 cp /root/php-5.3.14/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm #拷贝php-fpm到启动目录 chmod +x /etc/rc.d/init.d/php-fpm #添加执行权限 chkconfig php-fpm on #设置开机启动wget -c
tar -zxvf memcache-3.0.6.tgz cd /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../wget -c
ls tar -jxvf eaccelerator-0.9.6.1.tar.bz2 cd eaccelerator-0.9.6.1 ls /usr/local/php/bin/phpize ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config make make installwget -c
/usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make && make install wget -c /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make && make install sed -i 's#; extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#' /usr/local/php/etc/php.ini sed -i "s#;always_populate_raw_post_data = On#always_populate_raw_post_data = On#g" /usr/local/php/etc/php.ini sed -i "s#;cgi.fix_pathinfo=1#cgi.fix_pathinfo=0#g" /usr/local/php/etc/php.inimkdir -p /usr/local/eaccelerator_cache
vi /usr/local/php/etc/php.ini 最后添加 [eaccelerator] zend_extension="/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so" eaccelerator.shm_size="64" eaccelerator.cache_dir="/usr/local/eaccelerator_cache" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="3600" eaccelerator.shm_prune_period="3600" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9"mkdir -p /usr/local/php/logs
清空/usr/local/php/etc/php-fpm.conf内容 用下面代替 [global] pid = /usr/local/php/logs/php-fpm.pid error_log = /usr/local/php/logs/php-fpm.log log_level = notice emergency_restart_threshold = 10 emergency_restart_interval = 1m process_control_timeout = 5s daemonize = yes [www] listen = 127.0.0.1:9000 listen.backlog = -1 listen.allowed_clients = 127.0.0.1 user = www group = www listen.mode=0666 pm = static pm.max_children = 64 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 1024 request_terminate_timeout = 0s request_slowlog_timeout = 0s slowlog = logs/slow.log rlimit_files = 65535 rlimit_core = 0 chroot = chdir = catch_workers_output = yes env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp php_flag[display_errors] = off/usr/local/php/sbin/php-fpm -t NOTICE: configuration file /usr/local/webserver/php/etc/php-fpm.conf test is successful /usr/local/webserver/php/sbin/php-fpm
mkdir -p /data/htdocs/a chmod +w /data/htdocs/a chown -R www:www /data/htdocs/a
mkdir -p /data/nginx-logs
chmod +w /data/nginx-logs chown -R www:www /data/nginx-logsyum install -y pcre
tar xvf nginx-1.0.0.tar.gz cd nginx-1.0.0/ ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module make && make install 配置创建fcgi.conf文件 vi /usr/local/nginx/conf/fcgi.conf 输入以下内容 fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
vim /usr/local/nginx/conf/nginx.conf user www; worker_processes 1;
error_log /data/nginx-logs/nginx_err.log;
#error_log logs/error.log notice; #error_log logs/error.log info;#pid /use/local/nginx/nginx.pid;
events { use epoll; worker_connections 1024; }
http { include mime.types; default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main;
sendfile on;
server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; tcp_nopush on; server_tokens off; #增加,不显示nginx版本信息 #keepalive_timeout 0; keepalive_timeout 65; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k;gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on;server
{ listen 80; server_name 172.25.6.84; index index.html index.htm index.php; root /data/htdocs/a;#limit_conn crawler 20;
location ~ .*\.(php|php5)?$
{ #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; }location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{ expires 30d; }location ~ .*\.(js|css)?$
{ expires 1h; }access_log /data/nginx-logs/access_a.log; }
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' access_log /data/nginx-logs/access.log access; }/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successfululimit -SHn 65535
/usr/local/nginx/sbin/nginxvi /etc/rc.local ulimit -SHn 65535 /usr/local/php/sbin/php-fpm /usr/local/nginx/sbin/nginx
cd /data/htdocs/a/ echo "<?php phpinfo(); ?>">phpinfo.php 浏览http://ip/phpinfo.php,可以正常看到php的相关信息,扩展支持情况。
优化Linux内核参数 在/etc/sysctl.conf末尾增加以下内容(可根据服务器实际情况进行调整)
vi /etc/sysctl.conf
# Add net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.ip_local_port_range = 1024 65535 #net.ipv4.ip_conntrack_max = 10000 各内核参数含义 net.ipv4.tcp_max_syn_backlog 记录的那些尚未收到客户端确认信息的连接请求的最大值。对于超过128M内存的系统而言,缺省值是1024,低于128M小内存的系统则是128。 SYN Flood攻击利用TCP协议散布握手的缺陷,伪造虚假源IP地址发送大量TCP-SYN半打开连接到目标系统,最终导致目标系统Socket队列资源耗尽而无法接受新的连接。为了应付这种攻击,现代Unix系统中普遍采用多连接队列处理的方式来缓冲(而不是解决)这种攻击,是用一个基本队列处理正常的完全连接应用(Connect()和Accept() ),是用另一个队列单独存放半打开连接。 这种双队列处理方式和其他一些系统内核措施(例如Syn-Cookies/Caches)联合应用时,能够比较有效的缓解小规模的SYN Flood攻击(事实证明<1000p/s)加大SYN队列长度可以容纳更多等待连接的网络连接数,一般遭受SYN Flood攻击的网站,都存在大量SYN_RECV状态,所以调大tcp_max_syn_backlog值能增加抵抗syn攻击的能力。 net.core.netdev_max_backlog 每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目。 net.core.somaxconn 调整系统同时发起并发TCP连接数,可能需要提高连接储备值,以应对大量突发入局连接请求的情况。 如果同时接收到大量连接请求,使用较大的值会提高受支持的暂挂连接的数量,从而可减少连接失败的数量。大的侦听队列对防止DDoS攻击也会有所帮助。挂起请求的最大数量默认是128。 net.core.wmem_default 该参数指定了发送套接字缓冲区大小的缺省值(以字节为单位) net.core.rmem_default 该参数指定了接收套接字缓冲区大小的缺省值(以字节为单位) net.core.rmem_max 该参数指定了接收套接字缓冲区大小的最大值(以字节为单位) net.core.wmem_max 该参数指定了发送套接字缓冲区大小的最大值(以字节为单位) net.ipv4.tcp_timestamps Timestamps可以防范那些伪造的sequence号码。一条1G的宽带线路或许会重遇到带out-of-line数值的旧sequence号码(假如它是由于上次产生的)。时间戳能够让内核接受这种“异常”的数据包。这里需要将其关掉,以提高性能。 net.ipv4.tcp_synack_retries 对于远端的连接请求SYN,内核会发送SYN+ACK数据报,以确认收到上一个SYN连接请求包。这是所谓的三次握手(threeway handshake)机制的第二个步骤。这里决定内核在放弃连接之前所送出的SYN+ACK数目。不应该大于255,默认值是5,对应于180秒左右时间。(可以根据tcp_syn_retries来决定这个值) net.ipv4.tcp_syn_retries 对于一个新建连接,内核要发送多少个SYN连接请求才决定放弃。不应该大于255,默认值是5,对应于180秒左右时间。(对于大负载而物理通信良好的网络而言,这个值偏高,可修改为2.这个值仅仅是针对对外的连接,对进来的连接,是由tcp_retries1 决定的) net.ipv4.tcp_tw_recycle 表示开启TCP连接中TIME-WAIT Sockets的快速回收,默认为0,表示关闭。 net.ipv4.tcp_tw_reuse 表示开启重用,允许将TIME-WAIT Sockets重新用于新的TCP连接,默认为0,表示关闭。这个对快速重启动某些服务,而启动后提示端口已经被使用的情形非常有帮助。 net.ipv4.tcp_mem tcp_mem有3个INTEGER变量:low, pressure, high low:当TCP使用了低于该值的内存页面数时,TCP没有内存压力,TCP不会考虑释放内存。(理想情况下,这个值应与指定给tcp_wmem的第2个值相匹配。这第2个值表明,最大页面大小乘以最大并发请求数除以页大小 (131072*300/4096) pressure:当TCP使用了超过该值的内存页面数量时,TCP试图稳定其内存使用,进入pressure模式,当内存消耗低于low值时则退出pressure状态。(理想情况下这个值应该是TCP可以使用的总缓冲区大小的最大值(204800*300/4096) high:允许所有TCP Sockets用于排队缓冲数据报的页面量。如果超过这个值,TCP连接将被拒绝,这就是为什么不要令其过于保守(512000*300/4096)的原因了。在这种情况下,提供的价值很大,它能处理很多连接,是所预期的2.5倍;或者使现有连接能够传输2.5倍的数据。 一般情况下这些值是在系统启动时根据系统内存数量计算得到的。 net.ipv4.tcp_max_orphans 系统所能处理不属于任何进程的TCP sockets最大数量。假如超过这个数量﹐那么不属于任何进程的连接会被立即reset,并同时显示警告信息。之所以要设定这个限制﹐纯粹为了抵御那些简单的DoS攻击﹐千万不要依赖这个或是人为的降低这个限制 net.ipv4.ip_local_port_range 将系统对本地端口范围限制设置为1024~65000之间 net.ipv4.ip_conntrack_max = 10000 设置系统对最大跟踪的TCP连接数的限制(CentOS 5.6无此参数) 使配置立即生效: /sbin/sysctl -pwget tar zxvf webbench-1.5.tar.gz cd webbench-1.5 make && make install 在编译webbench的时候可能会出现下面类似的错误: ctags *.c /bin/sh: ctags: command not found make: [tags] Error 127 (ignored) 解决方法:由于是缺少ctags组件,安装后即可。 yum -y –disablerepo=\* –enablerepo=c5-media install ctags webbench -c 100 -t 30 参数说明:-c表示并发数,-t表示时间(秒)
在不停止Nginx服务的情况下平滑变更Nginx配置
平滑重启 1、对于Nginx 0.8.x以上的版本,平滑重启Nginx配置非常简单,执行以下命令即可: ?View Code BASH 1 /usr/local/webserver/nginx/sbin/nginx -s reload 2、对于Nginx 0.8.x之前的版本,按照以下步骤进行即可。 ?View Code BASH 1 kill -HUP `cat /usr/local/webserver/nginx/nginx.pid` 八、Nginx支持的信号 1、TERM,INT 快速关闭 2、QUIT 从容关闭 3、HUP 平滑重启,重新加载配置文件 4、USR1 重新打开日志文件,在切割日志时用处比较大 5、USR2 平滑升级可执行程序 6、WINCH 从容关闭工作进程日志说明
注意录下 server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/html$fastcgi_script_name; include fastcgi_params; } access_log /var/log/nginx/access2.log; 此处定义的日志格式,不需要在后面加日志格式 } 注意,下面的日志是放在server之外的,即出现警告是放的位置不对 log_format welog '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log weblog; } 九、编写每天定时切割Nginx日志的脚本 方法一 1、创建脚本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh #!/bin/bash # This script run at 00:00 # The Nginx logs path logs_path="/data/nginx-logs/" mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/ mv ${logs_path}access_blog.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_blog_$(date -d "yesterday" +"%Y%m%d").log mv ${logs_path}access_www.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_www_$(date -d "yesterday" +"%Y%m%d").log kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid` crontab -e 00 00 * * * /bin/bash /usr/local/webserver/nginx/sbin/cut_nginx_log.sh方法二
1、创建脚本/usr/local/webserver/nginx/sbin/cut_nginx_log.sh vi /usr/local/webserver/nginx/sbin/cut_nginx_log.sh #!/bin/bash nginx_app=/usr/local/webserver/nginx/sbin/nginx #设置nginx的目录 logs_dir=/data1/logs/ #log目录 bak_dir=/data1/logs/bak/ #log备份目录 #先把现有的log文件挪到备份目录临时存放 cd $logs_dir echo “moving logs” /bin/mv *.log $bak_dir sleep 3 #重建nginx log echo “rebuild logs” echo “$nginx_app -s reopen” $nginx_app -s reopen #按天打包log文件 echo “begining of tar” cd $bak_dir /bin/tar czf `date +%Y%m%d`.tgz *.log #删除备份目录的临时文件 echo “rm logs” rm -f *.log echo “done”crontab -e
00 00 * * * /bin/bash /usr/local/webserver/nginx/sbin/cut_nginx_log.sh>/dev/null 2>&1方法三:
1、这种方法是通过logrotate实现的,先创建logrotate所需的脚本。 /data1/logs/*.log { daily missingok rotate 7 compress delaycompress notifempty create 640 root adm sharedscripts postrotate [ ! -f /usr/local/webserver/nginx/nginx.pid ] || kill -USR1 `cat /usr/local/webserver/nginx/nginx.pid` endscript } logrotate -vf /etc/logrotate.conf安装Zend Guard cd /usr/local/src mkdir /usr/local/zend #建立Zend安装目录 tar xvfz ZendGuardLoader-php-5.3-linux-glibc23-i386.tar.gz #解压安装文件 cp ZendGuardLoader-php-5.3-linux-glibc23-i386/php-5.3.x/ZendGuardLoader.so /usr/local/zend/ #拷贝文件到安装目录 配置php支持Zend Guard vi /usr/local/php/etc/php.ini #编辑文件 在最后位置添加以下内容 [Zend Guard] zend_extension=/usr/local/zend/ZendGuardLoader.so zend_loader.enable=1 zend_loader.disable_licensing=0 zend_loader.obfuscation_level_support=3 zend_loader.license_path= /etc/init.d/nginx restart #重启web服务器 十、参考文档