1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
| # 更新套件
yum -y update
yum upgrade
# 安裝 zsh, git
yum -y install zsh git
# 安裝 oh-my-sh
curl -L https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | sh
zsh
mkdir .dotfiles
mv .zcompdump .zsh_history .zshrc .zsh-update .dotfiles
ln -s .dotfiles/{.zcompdump,.zshrc,.zsh-update} .
rm .zsh_history && ln -s .dotfiles/.zsh_history .
mv .oh-my-zsh .dotfiles && ln -s .dotfiles/.oh-my-zsh .
touch .viminfo && mv .viminfo .dotfiles && ln -s .dotfiles/.viminfo .
rm -rf .bash_logout .bash_profile .bashrc .cshrc .tcshrc
# 新增新用戶
adduser USERNAME
passwd USERNAME
# 切換到此用戶
su USERNAME -
cd ~
# 安裝 oh-my-sh 到此用戶
curl -L https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | sh
zsh
chsh -s /bin/zsh
rm -rf .bash_logout .bash_profile .bashrc
# 換到自機生成 ssh public key,複製裡面的資料
ssh-keygen -t rsa -f ~/.ssh/id_rsa.the_new_server
cat ~/.ssh/id_rsa.the_new_server.pub
# 回到主機建立 .ssh 目錄,貼上剛才複雜的 KEY
mkdir .ssh && cd .ssh
touch authorized_keys
vim authorized_keys
# 更改 key 文件權限
chmod 700 ~/.ssh
chmod 400 ~/.ssh/authorized_keys
# 修改 sshd 配置
su root -
vim /etc/ssh/sshd_config
Port 22 => Port Your_Port
PermitRootLogin yes => PermitRootLogin no
PasswordAuthentication yes => PasswordAuthentication no
ChallengeResponseAuthentication yes => ChallengeResponseAuthentication no
UsePAM yes
# 重啟 sshd
# 開新的終端測試 ===
service sshd restart
# 移除內置的 Apache
yum remove httpd
yum remove httpd-tools
# 建立暫存目錄
cd ~ && mkdir server && cd server
# 安裝必要套件
rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
yum clean all
yum makecache
yum install gcc
yum install pcre-devel
yum install cmake
yum install libaio-devel
yum install ncurses-devel
yum install bison
yum install gcc-c++
yum install libxml2-devel
yum install openssl-devel
yum install bzip2-devel
yum install libcurl-devel
yum install libpng-devel
yum install mhash-devel
yum install aspell-devel
yum install readline-devel
yum install libtidy-devel
yum install libjpeg-devel
yum install freetype-devel
yum install libtool-ltdl-devel
# 安裝 Apache
wget http://mirrors.devlib.org/apache//apr/apr-1.4.6.tar.gz
tar zxvf apr-1.4.6.tar.gz
cd apr-1.4.6
./configure
make && make install
cd ..
wget http://apache.communilink.net//apr/apr-util-1.5.1.tar.gz
tar zxvf apr-util-1.5.1.tar.gz
cd apr-util-1.5.1
./configure --with-apr=/usr/local/apr
make && make install
cd ..
groupadd www && useradd -g www -s /sbin/nologin www
wget http://apache.01link.hk//httpd/httpd-2.2.24.tar.gz
tar zxvf httpd-2.2.24.tar.gz
cd httpd-2.2.24
./configure --prefix=/usr/local/apache-2.2 --enable-load-all-modules --enable-suexec --with-suexec-docroot=/home
make && make install
# 安裝 Percona
cd ..
mkdir -p /usr/local/percona-5.6/data
groupadd percona && useradd percona -g percona -s /sbin/nologin
chown -R percona.percona /usr/local/percona-5.6/data
wget http://www.percona.com/redir/downloads/Percona-Server-5.6/LATEST/source/Percona-Server-5.6.6-alpha60.1.tar.gz
tar zxvf Percona-Server-5.6.6-alpha60.1.tar.gz
cd Percona-Server-5.6.6-alpha60.1
cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_CONFIG=mysql_release -DFEATURE_SET=community -DWITH_EMBEDDED_SERVER=OFF -DCMAKE_INSTALL_PREFIX=/usr/local/percona-5.6 -DMYSQL_DATADIR=/usr/local/percona-5.6/data -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DMYSQL_USER=percona
make && make install
vim /etc/my.cnf
# 如果需要再少.可以再將原數值減少一半
[mysql]
# CLIENT #
port = 3306
socket = /usr/local/percona-5.6/mysql.sock
[mysqld]
# GENERAL #
user = percona
default_storage_engine = InnoDB
socket = /usr/local/percona-5.6/mysql.sock
pid_file = /usr/local/percona-5.6/mysql.pid
# MyISAM #
key_buffer_size = 16K
myisam_recover = FORCE,BACKUP
myisam_sort_buffer_size = 8M
# SAFETY #
max_allowed_packet = 1M
max_connect_errors = 1000000
skip_name_resolve
sql_mode = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
sysdate_is_now = 1
innodb = FORCE
innodb_strict_mode = 1
sort_buffer_size = 64K
read_buffer_size = 256K
read_rnd_buffer_size = 256K
net_buffer_length = 2K
thread_stack = 128K
# DATA STORAGE #
datadir = /usr/local/percona-5.6/data/
# BINARY LOGGING #
log_bin = /usr/local/percona-5.6/data/mysql-bin
expire_logs_days = 14
sync_binlog = 1
# CACHES AND LIMITS #
tmp_table_size = 16M
max_heap_table_size = 16M
query_cache_type = 0
query_cache_size = 0
max_connections = 500
thread_cache_size = 50
open_files_limit = 65535
table_definition_cache = 4
table_open_cache = 4
# INNODB #
innodb_flush_method = O_DIRECT
innodb_log_files_in_group = 2
innodb_log_file_size = 5M
innodb_flush_log_at_trx_commit = 1
innodb_file_per_table = 1
innodb_buffer_pool_size = 16M
# LOGGING #
log_error = /usr/local/percona-5.6/data/mysql-error.log
log_queries_not_using_indexes = 1
slow_query_log = 1
slow_query_log_file = /usr/local/percona-5.6/data/mysql-slow.log
chown -R percona:percona /etc/my.cnf
chown -R percona:percona /usr/local/percona-5.6
cd /usr/local/percona-5.6/data && /usr/local/percona-5.6/scripts/mysql_install_db --user=percona --basedir=/usr/local/percona-5.6 --datadir=/usr/local/percona-5.6/data && cd -
ls /usr/local/percona-5.6/data
chown -R root /usr/local/percona-5.6
chown -R percona /usr/local/percona-5.6/data
ulimit -s unlimited
/usr/local/percona-5.6/bin/mysqld_safe --defaults-file=/etc/my.cnf &
/usr/local/percona-5.6/bin/mysqladmin -u root --socket=/usr/local/percona-5.6/mysql.sock password 'New_Password'
killall mysqld
ps -ef|grep mysql
# 安裝 PHP CGI && libphp
cd ..
wget http://nchc.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make && make install
cd ..
wget http://www.php.net/get/php-5.3.22.tar.gz/from/hk1.php.net/mirror -O php-5.3.22.tar.gz
tar zxvf php-5.3.22.tar.gz
cd php-5.3.22
ln -s /usr/local/percona-5.6/bin/mysql_config /usr/bin/mysql_config
./configure --prefix=/usr/local/php-5.3 --enable-cgi --with-openssl --with-pcre-regex --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --with-curlwrappers --enable-exif --enable-ftp --with-gd --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext --with-mhash --enable-mbstring --with-mcrypt --with-mysql=/usr/local/percona-5.6 --with-mysql-sock=/usr/local/percona-5.6/mysql.sock --with-mysqli=/usr/local/percona-5.6/bin/mysql_config --enable-pcntl --with-pdo-mysql --with-pspell --with-readline --enable-soap --enable-sockets --enable-sqlite-utf8 --with-tidy --enable-zip --enable-mysqlnd --disable-fileinfo
make && make install
make clean
./configure --prefix=/usr/local/php-5.3 --with-apxs2=/usr/local/apache-2.2/bin/apxs --with-openssl --with-pcre-regex --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --with-curlwrappers --enable-exif --enable-ftp --with-gd --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext --with-mhash --enable-mbstring --with-mcrypt --with-mysql=/usr/local/percona-5.6 --with-mysql-sock=/usr/local/percona-5.6/mysql.sock --with-mysqli=/usr/local/percona-5.6/bin/mysql_config --enable-pcntl --with-pdo-mysql --with-pspell --with-readline --enable-soap --enable-sockets --enable-sqlite-utf8 --with-tidy --enable-zip --enable-mysqlnd --disable-fileinfo
make && make install
cp php.ini-development /usr/local/php-5.3/lib/php.ini
# 安裝 Suhosin
cd ..
wget https://github.com/stefanesser/suhosin/tarball/master -O suhosin-latest.tar.gz
tar zxvf suhosin-latest.tar.gz
cd stefanesser-suhosin-*
/usr/local/php-5.3/bin/phpize
./configure --with-php-config=/usr/local/php-5.3/bin/php-config
make && make install
# 安裝 ZendOptimizerPlus
cd ..
wget https://github.com/zend-dev/ZendOptimizerPlus/tarball/master -O zend-dev-ZendOptimizerPlus-latest.tar.gz
tar zxvf zend-dev-ZendOptimizerPlus-latest.tar.gz
cd zend-dev-ZendOptimizerPlus-*
/usr/local/php-5.3/bin/phpize
./configure --with-php-config=/usr/local/php-5.3/bin/php-config
make && make install
# 更改 php.ini
vim /usr/local/php-5.3/lib/php.ini
date.timezone = Asia/Hong_Kong
display_errors = On
upload_max_filesize = 8M
extension_dir="/usr/local/php-5.3/lib/php/extensions/no-debug-non-zts-20090626/"
extension="suhosin.so"
zend_extension="/usr/local/php-5.3/lib/php/extensions/no-debug-non-zts-20090626/ZendOptimizerPlus.so"
zend_optimizerplus.enable=1
zend_optimizerplus.memory_consumption=32
zend_optimizerplus.interned_strings_buffer=4
zend_optimizerplus.max_accelerated_files=2000
zend_optimizerplus.max_wasted_percentage=5
zend_optimizerplus.revalidate_freq=60
zend_optimizerplus.use_cwd=1
zend_optimizerplus.validate_timestamps=1
zend_optimizerplus.revalidate_freq=2
zend_optimizerplus.revalidate_path=0
zend_optimizerplus.save_comments=0
zend_optimizerplus.load_comments=1
zend_optimizerplus.fast_shutdown=1
zend_optimizerplus.enable_file_override=1
zend_optimizerplus.enable_cli=1
# 檢查是否已經安裝成功
/usr/local/php-5.3/bin/php -v
# 安裝 suphp
# - 目前只支持 apache 2.2
cd ..
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar zxvf suphp-0.7.1.tar.gz
cd suphp-0.7.1
./configure --prefix=/usr/local/suphp-0.7 --with-apxs=/usr/local/apache-2.2/bin/apxs --with-apr=/usr/local/apr/bin/apr-1-config --with-setid-mode=paranoid --with-apache-user=www --with-logfile=/usr/local/suphp-0.7/log
make && make install
mkdir /usr/local/suphp-0.7/{log,etc}
cp doc/suphp.conf-example /usr/local/suphp-0.7/etc/suphp.conf
vim /usr/local/suphp-0.7/etc/suphp.conf
logfile=/usr/local/suphp-0.7/log/suphp.log
webserver_user=www
docroot=/var/www:${HOME}/*/public_html
x-httpd-php="php:/usr/local/php-5.3/bin/php-cgi"
errors_to_browser=true
# 修改 Apache 設定
vim /usr/local/apache-2.2/conf/httpd.conf
User www
Group www
ServerName Your_IP:80
DirectoryIndex index.html index.php index.cgi index.pl
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-default.conf
<Directory />
Options FollowSymLinks
AllowOverride All # 支持 htaccess
Order allow,deny
Allow from all
</Directory>
# 在 Listen 80 下加入
LoadModule suphp_module modules/mod_suphp.so
LoadModule php5_module modules/libphp5.so
suPHP_Engine on
suPHP_ConfigPath /usr/local/php-5.3/lib
suPHP_AddHandler x-httpd-php
AddHandler x-httpd-php .php
# 修改 default 設定
vim /usr/local/apache-2.2/conf/extra/httpd-default.conf
Timeout 60
KeepAlive Off
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
# 修改 mpm 設定
# (./bin/httpd -l 檢查是否存在 prefork.c 或者 ./bin/httpd -V | grep MPM)
vim /usr/local/apache-2.2/conf/extra/httpd-mpm.conf
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 2
MaxSpareServers 5
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
# 修改 vhosts 設定
vim /usr/local/apache-2.2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/home/user/sub.domain.com/public_html"
ServerName sub.domain.com
ErrorLog "logs/sub.domain.com-error_log"
CustomLog "logs/sub.domain.com-access_log" common
<Directory "/home/user/domain.com/public_html">
suPHP_UserGroup user group
# suPHP_Engine off
# AddHandler php5-script .php
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
# 建立這個用戶的網頁根目錄
mkdir -p /home/user/sub.domain.com/public_html
echo "<?php phpinfo() ?>" > /home/user/sub.domain.com/public_html/index.php
chown -Rf user:group /home/user
chmod 644 /home/user/sub.domain.com/public_html/index.php
chmod 711 /home/user/sub.domain.com/public_html
# 安裝 Proftpd
cd ..
groupadd ftp && useradd ftp -g ftp -s /sbin/nologin
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.5rc1.tar.gz
tar zxvf proftpd-1.3.5rc1.tar.gz
cd proftpd-1.3.5rc1
./configure --prefix=/usr/local/proftpd-1.3 --enable-openssl --with-modules=mod_sftp
make && make install
vim /usr/local/proftpd-1.3/etc/proftpd.conf
ServerName "The FTP Provider"
User ftp
Group ftp
DefaultRoot ~
RequireValidShell off
DelayEngine off
RootLogin off
UseReverseDNS off
ServerIdent off
PassivePorts 60000 65535
AllowChrootSymlinks on
# 啟動 Apache,並加到 /etc/rc.local
/usr/local/apache-2.2/bin/apachectl -k start
# 啟動 MySQL,並加到 /etc/rc.local
/usr/local/percona-5.6/bin/mysqld_safe --defaults-file=/etc/my.cnf &
# 啟動 FTP,並加到 /etc/rc.local
/usr/local/proftpd-1.3/sbin/proftpd -c /usr/local/proftpd-1.3/etc/proftpd.conf
# iptables 的設定 (SSH 有點太一樣)
*filter
-F
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -j ACCEPT
# HTTP HTTPS
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# SSH
-A INPUT -p tcp --dport 3333 -j ACCEPT
# FTP
-A INPUT -p tcp --dport 21 -j ACCEPT
-A INPUT -p tcp --dport 60000:65535 -j ACCEPT
# Support ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# Reject all other inbound:
# 如果要在伺服器中下載檔案,這兩個需要注解掉
# -A INPUT -j REJECT
# -A FORWARD -j REJECT
COMMIT
#=============================
錯誤: InnoDB: Error: pthread_create returned 11
解決: ulimit -s unlimited
解決: virtual memory exhausted: Cannot allocate memory
問題: --disable-fileinfo
錯誤:
checking for PDO_DBLIB support via FreeTDS... no
checking for Firebird support for PDO... no
checking for MySQL support for PDO... yes
checking for mysql_config... not found
configure: error: Unable to find your mysql installation
解決:
ln -s /usr/local/percona-5.6/bin/mysql_config /usr/bin/mysql_config
# 如果 Percona 安裝時發生錯誤,重新編譯時需要
rm CMakeCache.txt
|
