配置LNMP阿里云服务器

安装配置阿里云服务器

[1] 卸载不需要的服务软件
	1. yum remove Deployment_Guide-en-US finger cups-libs cups bluez-libs desktop-file-utils ppp rp-pppoe wireless-tools irda-utils nfs-utils nfs-utils-lib rdate fetchmail eject ksh mkbootdisk mtools syslinux tcsh startup-notification talk apmd rmt dump setserial portmap yp-tools ypbind
	2. yum remove telnet rsh ftp rcp
	3. iptables -F ，iptables -X 清除防火墙记录
 
[2] 下载软件
	1. mysql-5.6.22-linux-glibc2.5-x86_64.tar.gz
	2. nginx-1.6.2.tar.gz
	3. php-5.5.21.tar.gz
	4. wget http://softlayer-sng.dl.sourceforge.net/project/pcre/pcre/8.36/pcre-8.36.tar.gz
 
[3] 安装依赖包
	1. yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers make 
	2. yum -y install gd gd2 gd-devel gd2-devel #安装GD库
	
[4] 修改动态链接载入的目录查找文件
    vi /etc/ld.so.conf  
    #在文件最后添加一行内容/usr/local/lib，然后运行以下命令/sbin/ldconfig     
 
[5] 安装nginx
	1> 安装
	/usr/sbin/groupadd www    
	/usr/sbin/useradd -g www www     
	tar zxvf nginx-0.8.52.tar.gz   
	cd nginx-0.8.52/    
	./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module   
	make && make install   
	cd ../  
	2> 注册服务
	cp nginx.server /etc/init.d/nginx
	chkconfig --add mysql
	chkconfig mysql on
	
[6] 安装mysql
	1.yum install libaio #优化文件读写
	wget http://downloads.mysql.com/archives/mysql-5.6/mysql-5.6.10-linux-glibc2.5-x86_64.tar.gz
	tar zxvf mysql-5.6.10-linux-glibc2.5-x86_64.tar.gz
	mv mysql-5.6.10-linux-glibc2.5-x86_64 /home/local/mysql
	/usr/sbin/groupadd mysql
	/usr/sbin/useradd -g mysql mysql
	mkdir -p /home/mysql/data	
	/usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/home/mysql/data --user=mysql
	
	2. 改变目录所有者
	chown -R mysql.mysql /usr/local/mysql
	
	3.注册为服务
	cd /usr/local/mysql/support-files
	#注册服务
	cp mysql.server /etc/init.d/mysql
	#使用默认配置文件
	cp my-default.cnf /etc/my.cnf
	#让chkconfig管理mysql服务
	chkconfig --add mysql
	#开机启动
	chkconfig mysql on
	
	4.管理mysql
	/usr/local/mysql/bin/mysqladmin -u root password "123456" #修改root密码
	/usr/local/mysql/bin/mysql -uroot -p #登陆管理平台
	
[7] 安装php 

   1> 安装libiconv
	tar zxvf libiconv-1.13.1.tar.gz   
	cd libiconv-1.13.1/    
	./configure --prefix=/usr/local   
	make    
	make install
	
   2> 安装libmcrypt
	tar zxvf libmcrypt-2.5.8.tar.gz   
	cd libmcrypt-2.5.8/   
	./configure   
	make && make install   
	/sbin/ldconfig   
	cd libltdl/    
	./configure --enable-ltdl-install   
	make && make install   
	cd ../../ 
	
   3> 安装
	tar zxvf mhash-0.9.9.9.tar.gz   
	cd mhash-0.9.9.9/   
	./configure   
	make && make install   
	cd ../    
	ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
	
	4> 安装mcrypt
	 tar zxvf mcrypt-2.6.8.tar.gz   
	 cd mcrypt-2.6.8/   
	 /sbin/ldconfig   
	 ./configure   
	 make && make install   
	 
	5> 编译php
	1#设置环境变量
	export LIBS="-lm -ltermcap -lresolv -lcrypt -liconv"
	export DYLD_LIBRARY_PATH="/usr/local/lib:/lib/:/usr/lib/:/lib64/:/usr/lib64/:/usr/local/lib64"
	export LD_LIBRARY_PATH="/usr/local/lib:/lib/:/usr/lib/:/lib64/:/usr/lib64/:/usr/local/lib64"
	
	2# 设置编译参数
	./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-curl --with-curlwrappers --with-freetype-dir --with-jpeg-dir --with-png-dir --with-gd --enable-gd-native-ttf --with-iconv-dir=/usr/local/libiconv --with-libxml-dir=/usr/local --with-mhash --with-mcrypt  --with-mysql=mysqlnd --with-mysqli=mysqlnd  --enable-pdo --with-pdo-mysql --with-openssl --with-xmlrpc --with-zlib --disable-debug --disable-rpath --enable-bcmath --enable-fpm   --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip --without-pear --enable-opcache --enable-ftp --with-libdir=lib64 --enable-maintainer-zts
	
	3# 开启opcahce
	[opcache]
        zend_extension=opcache.so
	
 [8] 优化内核
	vi /etc/sysctl.conf  
	#在文件末尾增加以下内容：  
	# append   
	
	vm.swappiness = 0
	net.ipv4.neigh.default.gc_stale_time=120
	net.ipv4.conf.all.rp_filter=0
	net.ipv4.conf.default.rp_filter=0
	net.ipv4.conf.default.arp_announce = 2
	net.ipv4.conf.all.arp_announce=2
	net.ipv4.tcp_max_tw_buckets = 5000
	net.ipv4.tcp_syncookies = 1
	net.ipv4.tcp_max_syn_backlog = 1024
	net.ipv4.tcp_synack_retries = 2
	net.ipv4.conf.lo.arp_announce=2
	
	net.ipv4.ip_forward = 0
	net.ipv4.conf.default.accept_source_route = 0
	kernel.sysrq = 0
	kernel.core_uses_pid = 1
	kernel.msgmnb = 65536
	kernel.msgmax = 65536
	kernel.shmmax = 68719476736
	kernel.shmall = 4294967296
	net.ipv4.tcp_sack = 1
	net.ipv4.tcp_window_scaling = 1
	net.ipv4.tcp_rmem = 4096        87380   4194304
	net.ipv4.tcp_wmem = 4096        16384   4194304
	net.core.wmem_default = 8388608
	net.core.rmem_default = 8388608
	net.core.rmem_max = 16777216
	net.core.wmem_max = 16777216
	net.core.netdev_max_backlog = 262144
	net.core.somaxconn = 262144
	net.ipv4.tcp_max_orphans = 3276800
	net.ipv4.tcp_timestamps = 0
	net.ipv4.tcp_syn_retries = 1
	net.ipv4.tcp_tw_recycle = 1
	net.ipv4.tcp_tw_reuse = 1
	net.ipv4.tcp_mem = 94500000 915000000 927000000
	net.ipv4.tcp_fin_timeout = 1
	net.ipv4.tcp_keepalive_time = 30
	net.ipv4.ip_local_port_range = 1024 65000
	 
	使配置立即生效：
	/sbin/sysctl -p 

 [9] 配置iptables
	/sbin/iptables -P INPUT ACCEPT
	/sbin/iptables -F
	/sbin/iptables -X
	/sbin/iptables -Z

	/sbin/iptables -A INPUT -i lo -j ACCEPT 
	/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	/sbin/iptables -A INPUT -p tcp -s 10.241.121.15 -j ACCEPT
	/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
	/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
	/sbin/iptables -P INPUT DROP 
	
	可以使用 iptables -L -n 查看规则是否生效
	保存：
	/etc/init.d/iptables save or service iptables save
	
 [10] mysql自动备份
 
 [11] nginx日志切割
 
 [12] php安全配置
 禁用shell函数，关闭错误提示，开启opcache，