1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
| # 更新套件 yum -y update yum upgrade
# 安裝 zsh, git yum -y install zsh git
# 安裝 oh-my-sh curl -L https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | sh zsh mkdir .dotfiles mv .zcompdump .zsh_history .zshrc .zsh-update .dotfiles ln -s .dotfiles/{.zcompdump,.zshrc,.zsh-update} . rm .zsh_history && ln -s .dotfiles/.zsh_history . mv .oh-my-zsh .dotfiles && ln -s .dotfiles/.oh-my-zsh . touch .viminfo && mv .viminfo .dotfiles && ln -s .dotfiles/.viminfo . rm -rf .bash_logout .bash_profile .bashrc .cshrc .tcshrc
# 新增新用戶 adduser USERNAME passwd USERNAME
# 切換到此用戶 su USERNAME - cd ~
# 安裝 oh-my-sh 到此用戶 curl -L https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | sh zsh chsh -s /bin/zsh rm -rf .bash_logout .bash_profile .bashrc
# 換到自機生成 ssh public key,複製裡面的資料 ssh-keygen -t rsa -f ~/.ssh/id_rsa.the_new_server cat ~/.ssh/id_rsa.the_new_server.pub
# 回到主機建立 .ssh 目錄,貼上剛才複雜的 KEY mkdir .ssh && cd .ssh touch authorized_keys vim authorized_keys
# 更改 key 文件權限 chmod 700 ~/.ssh chmod 400 ~/.ssh/authorized_keys
# 修改 sshd 配置 su root - vim /etc/ssh/sshd_config
Port 22 => Port Your_Port PermitRootLogin yes => PermitRootLogin no PasswordAuthentication yes => PasswordAuthentication no ChallengeResponseAuthentication yes => ChallengeResponseAuthentication no UsePAM yes
# 重啟 sshd # 開新的終端測試 === service sshd restart
# 移除內置的 Apache yum remove httpd yum remove httpd-tools
# 建立暫存目錄 cd ~ && mkdir server && cd server
# 安裝必要套件 rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm yum clean all yum makecache
yum install gcc yum install pcre-devel yum install cmake yum install libaio-devel yum install ncurses-devel yum install bison yum install gcc-c++ yum install libxml2-devel yum install openssl-devel yum install bzip2-devel yum install libcurl-devel yum install libpng-devel yum install mhash-devel yum install aspell-devel yum install readline-devel yum install libtidy-devel yum install libjpeg-devel yum install freetype-devel yum install libtool-ltdl-devel
# 安裝 Apache wget http://mirrors.devlib.org/apache//apr/apr-1.4.6.tar.gz tar zxvf apr-1.4.6.tar.gz cd apr-1.4.6 ./configure make && make install
cd .. wget http://apache.communilink.net//apr/apr-util-1.5.1.tar.gz tar zxvf apr-util-1.5.1.tar.gz cd apr-util-1.5.1 ./configure --with-apr=/usr/local/apr make && make install
cd .. groupadd www && useradd -g www -s /sbin/nologin www wget http://apache.01link.hk//httpd/httpd-2.2.24.tar.gz tar zxvf httpd-2.2.24.tar.gz cd httpd-2.2.24 ./configure --prefix=/usr/local/apache-2.2 --enable-load-all-modules --enable-suexec --with-suexec-docroot=/home make && make install
# 安裝 Percona cd .. mkdir -p /usr/local/percona-5.6/data groupadd percona && useradd percona -g percona -s /sbin/nologin chown -R percona.percona /usr/local/percona-5.6/data wget http://www.percona.com/redir/downloads/Percona-Server-5.6/LATEST/source/Percona-Server-5.6.6-alpha60.1.tar.gz tar zxvf Percona-Server-5.6.6-alpha60.1.tar.gz cd Percona-Server-5.6.6-alpha60.1 cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_CONFIG=mysql_release -DFEATURE_SET=community -DWITH_EMBEDDED_SERVER=OFF -DCMAKE_INSTALL_PREFIX=/usr/local/percona-5.6 -DMYSQL_DATADIR=/usr/local/percona-5.6/data -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DMYSQL_USER=percona make && make install
vim /etc/my.cnf # 如果需要再少.可以再將原數值減少一半 [mysql] # CLIENT # port = 3306 socket = /usr/local/percona-5.6/mysql.sock [mysqld] # GENERAL # user = percona default_storage_engine = InnoDB socket = /usr/local/percona-5.6/mysql.sock pid_file = /usr/local/percona-5.6/mysql.pid # MyISAM # key_buffer_size = 16K myisam_recover = FORCE,BACKUP myisam_sort_buffer_size = 8M # SAFETY # max_allowed_packet = 1M max_connect_errors = 1000000 skip_name_resolve sql_mode = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY sysdate_is_now = 1 innodb = FORCE innodb_strict_mode = 1 sort_buffer_size = 64K read_buffer_size = 256K read_rnd_buffer_size = 256K net_buffer_length = 2K thread_stack = 128K # DATA STORAGE # datadir = /usr/local/percona-5.6/data/ # BINARY LOGGING # log_bin = /usr/local/percona-5.6/data/mysql-bin expire_logs_days = 14 sync_binlog = 1 # CACHES AND LIMITS # tmp_table_size = 16M max_heap_table_size = 16M query_cache_type = 0 query_cache_size = 0 max_connections = 500 thread_cache_size = 50 open_files_limit = 65535 table_definition_cache = 4 table_open_cache = 4 # INNODB # innodb_flush_method = O_DIRECT innodb_log_files_in_group = 2 innodb_log_file_size = 5M innodb_flush_log_at_trx_commit = 1 innodb_file_per_table = 1 innodb_buffer_pool_size = 16M # LOGGING # log_error = /usr/local/percona-5.6/data/mysql-error.log log_queries_not_using_indexes = 1 slow_query_log = 1 slow_query_log_file = /usr/local/percona-5.6/data/mysql-slow.log
chown -R percona:percona /etc/my.cnf chown -R percona:percona /usr/local/percona-5.6 cd /usr/local/percona-5.6/data && /usr/local/percona-5.6/scripts/mysql_install_db --user=percona --basedir=/usr/local/percona-5.6 --datadir=/usr/local/percona-5.6/data && cd - ls /usr/local/percona-5.6/data chown -R root /usr/local/percona-5.6 chown -R percona /usr/local/percona-5.6/data
ulimit -s unlimited /usr/local/percona-5.6/bin/mysqld_safe --defaults-file=/etc/my.cnf & /usr/local/percona-5.6/bin/mysqladmin -u root --socket=/usr/local/percona-5.6/mysql.sock password 'New_Password' killall mysqld
ps -ef|grep mysql
# 安裝 PHP CGI && libphp cd .. wget http://nchc.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz tar zxvf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8 ./configure make && make install
cd .. wget http://www.php.net/get/php-5.3.22.tar.gz/from/hk1.php.net/mirror -O php-5.3.22.tar.gz tar zxvf php-5.3.22.tar.gz cd php-5.3.22 ln -s /usr/local/percona-5.6/bin/mysql_config /usr/bin/mysql_config ./configure --prefix=/usr/local/php-5.3 --enable-cgi --with-openssl --with-pcre-regex --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --with-curlwrappers --enable-exif --enable-ftp --with-gd --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext --with-mhash --enable-mbstring --with-mcrypt --with-mysql=/usr/local/percona-5.6 --with-mysql-sock=/usr/local/percona-5.6/mysql.sock --with-mysqli=/usr/local/percona-5.6/bin/mysql_config --enable-pcntl --with-pdo-mysql --with-pspell --with-readline --enable-soap --enable-sockets --enable-sqlite-utf8 --with-tidy --enable-zip --enable-mysqlnd --disable-fileinfo make && make install
make clean ./configure --prefix=/usr/local/php-5.3 --with-apxs2=/usr/local/apache-2.2/bin/apxs --with-openssl --with-pcre-regex --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --with-curlwrappers --enable-exif --enable-ftp --with-gd --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext --with-mhash --enable-mbstring --with-mcrypt --with-mysql=/usr/local/percona-5.6 --with-mysql-sock=/usr/local/percona-5.6/mysql.sock --with-mysqli=/usr/local/percona-5.6/bin/mysql_config --enable-pcntl --with-pdo-mysql --with-pspell --with-readline --enable-soap --enable-sockets --enable-sqlite-utf8 --with-tidy --enable-zip --enable-mysqlnd --disable-fileinfo make && make install
cp php.ini-development /usr/local/php-5.3/lib/php.ini
# 安裝 Suhosin cd .. wget https://github.com/stefanesser/suhosin/tarball/master -O suhosin-latest.tar.gz tar zxvf suhosin-latest.tar.gz cd stefanesser-suhosin-* /usr/local/php-5.3/bin/phpize ./configure --with-php-config=/usr/local/php-5.3/bin/php-config make && make install
# 安裝 ZendOptimizerPlus cd .. wget https://github.com/zend-dev/ZendOptimizerPlus/tarball/master -O zend-dev-ZendOptimizerPlus-latest.tar.gz tar zxvf zend-dev-ZendOptimizerPlus-latest.tar.gz cd zend-dev-ZendOptimizerPlus-* /usr/local/php-5.3/bin/phpize ./configure --with-php-config=/usr/local/php-5.3/bin/php-config make && make install
# 更改 php.ini vim /usr/local/php-5.3/lib/php.ini
date.timezone = Asia/Hong_Kong display_errors = On upload_max_filesize = 8M extension_dir="/usr/local/php-5.3/lib/php/extensions/no-debug-non-zts-20090626/" extension="suhosin.so" zend_extension="/usr/local/php-5.3/lib/php/extensions/no-debug-non-zts-20090626/ZendOptimizerPlus.so" zend_optimizerplus.enable=1 zend_optimizerplus.memory_consumption=32 zend_optimizerplus.interned_strings_buffer=4 zend_optimizerplus.max_accelerated_files=2000 zend_optimizerplus.max_wasted_percentage=5 zend_optimizerplus.revalidate_freq=60 zend_optimizerplus.use_cwd=1 zend_optimizerplus.validate_timestamps=1 zend_optimizerplus.revalidate_freq=2 zend_optimizerplus.revalidate_path=0 zend_optimizerplus.save_comments=0 zend_optimizerplus.load_comments=1 zend_optimizerplus.fast_shutdown=1 zend_optimizerplus.enable_file_override=1 zend_optimizerplus.enable_cli=1 # 檢查是否已經安裝成功 /usr/local/php-5.3/bin/php -v
# 安裝 suphp # - 目前只支持 apache 2.2 cd .. wget http://www.suphp.org/download/suphp-0.7.1.tar.gz tar zxvf suphp-0.7.1.tar.gz cd suphp-0.7.1 ./configure --prefix=/usr/local/suphp-0.7 --with-apxs=/usr/local/apache-2.2/bin/apxs --with-apr=/usr/local/apr/bin/apr-1-config --with-setid-mode=paranoid --with-apache-user=www --with-logfile=/usr/local/suphp-0.7/log make && make install
mkdir /usr/local/suphp-0.7/{log,etc} cp doc/suphp.conf-example /usr/local/suphp-0.7/etc/suphp.conf
vim /usr/local/suphp-0.7/etc/suphp.conf
logfile=/usr/local/suphp-0.7/log/suphp.log webserver_user=www docroot=/var/www:${HOME}/*/public_html x-httpd-php="php:/usr/local/php-5.3/bin/php-cgi" errors_to_browser=true # 修改 Apache 設定 vim /usr/local/apache-2.2/conf/httpd.conf
User www Group www ServerName Your_IP:80 DirectoryIndex index.html index.php index.cgi index.pl Include conf/extra/httpd-mpm.conf Include conf/extra/httpd-vhosts.conf Include conf/extra/httpd-default.conf <Directory /> Options FollowSymLinks AllowOverride All # 支持 htaccess Order allow,deny Allow from all </Directory> # 在 Listen 80 下加入 LoadModule suphp_module modules/mod_suphp.so LoadModule php5_module modules/libphp5.so suPHP_Engine on suPHP_ConfigPath /usr/local/php-5.3/lib suPHP_AddHandler x-httpd-php AddHandler x-httpd-php .php # 修改 default 設定 vim /usr/local/apache-2.2/conf/extra/httpd-default.conf
Timeout 60 KeepAlive Off ServerTokens Prod ServerSignature Off HostnameLookups Off # 修改 mpm 設定 # (./bin/httpd -l 檢查是否存在 prefork.c 或者 ./bin/httpd -V | grep MPM) vim /usr/local/apache-2.2/conf/extra/httpd-mpm.conf
<IfModule mpm_prefork_module> StartServers 2 MinSpareServers 2 MaxSpareServers 5 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # 修改 vhosts 設定 vim /usr/local/apache-2.2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80> DocumentRoot "/home/user/sub.domain.com/public_html" ServerName sub.domain.com ErrorLog "logs/sub.domain.com-error_log" CustomLog "logs/sub.domain.com-access_log" common <Directory "/home/user/domain.com/public_html"> suPHP_UserGroup user group # suPHP_Engine off # AddHandler php5-script .php Order allow,deny Allow from all </Directory> </VirtualHost> # 建立這個用戶的網頁根目錄 mkdir -p /home/user/sub.domain.com/public_html echo "<?php phpinfo() ?>" > /home/user/sub.domain.com/public_html/index.php chown -Rf user:group /home/user chmod 644 /home/user/sub.domain.com/public_html/index.php chmod 711 /home/user/sub.domain.com/public_html
# 安裝 Proftpd cd .. groupadd ftp && useradd ftp -g ftp -s /sbin/nologin wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.5rc1.tar.gz tar zxvf proftpd-1.3.5rc1.tar.gz cd proftpd-1.3.5rc1 ./configure --prefix=/usr/local/proftpd-1.3 --enable-openssl --with-modules=mod_sftp make && make install
vim /usr/local/proftpd-1.3/etc/proftpd.conf
ServerName "The FTP Provider" User ftp Group ftp DefaultRoot ~ RequireValidShell off DelayEngine off RootLogin off UseReverseDNS off ServerIdent off PassivePorts 60000 65535 AllowChrootSymlinks on
# 啟動 Apache,並加到 /etc/rc.local /usr/local/apache-2.2/bin/apachectl -k start
# 啟動 MySQL,並加到 /etc/rc.local /usr/local/percona-5.6/bin/mysqld_safe --defaults-file=/etc/my.cnf &
# 啟動 FTP,並加到 /etc/rc.local /usr/local/proftpd-1.3/sbin/proftpd -c /usr/local/proftpd-1.3/etc/proftpd.conf
# iptables 的設定 (SSH 有點太一樣)
*filter -F -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -j ACCEPT # HTTP HTTPS -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # SSH -A INPUT -p tcp --dport 3333 -j ACCEPT # FTP -A INPUT -p tcp --dport 21 -j ACCEPT -A INPUT -p tcp --dport 60000:65535 -j ACCEPT # Support ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # Reject all other inbound: # 如果要在伺服器中下載檔案,這兩個需要注解掉 # -A INPUT -j REJECT # -A FORWARD -j REJECT COMMIT
#============================= 錯誤: InnoDB: Error: pthread_create returned 11 解決: ulimit -s unlimited
解決: virtual memory exhausted: Cannot allocate memory 問題: --disable-fileinfo
錯誤: checking for PDO_DBLIB support via FreeTDS... no checking for Firebird support for PDO... no checking for MySQL support for PDO... yes checking for mysql_config... not found configure: error: Unable to find your mysql installation
解決: ln -s /usr/local/percona-5.6/bin/mysql_config /usr/bin/mysql_config
# 如果 Percona 安裝時發生錯誤,重新編譯時需要 rm CMakeCache.txt
|