VPS配置

Publish: September 21, 2014 Category: 文档 No Comments

新VPS最好先更新下系统,打下补丁:yum update

一、安装WDCP面板

yum install -y wget
wget http://dl.wdlinux.cn/files/lanmp_v3.2.tar.gz
tar zxvf lanmp_v3.2.tar.gz
sh lanmp.sh

RPM包安装支持系统:CentOS 5.X/wdlinux_base 5.X/wdOS 1.0,CentOS 6.X ,32位,64位均支持

卸载(切记备份好数据)

sh lanmp_wdcp_ins.sh uninstall

删除nginx并安装tengine(切记备份好数据)
1、删除/www/wdlinux/nginx-1.8.1目录 rm -fr /www/wdlinux/nginx-1.8.1/*
2、执行http://www.512873.com/archives/316.html 第一、第二步。
3、

yum install openssl openssl-devel -y
cd /usr/local/src
wget http://tengine.taobao.org/download/tengine-2.2.2.tar.gz
tar zxvf tengine-2.2.2.tar.gz


wget -O header.zip --no-check-certificate https://github.com/openresty/headers-more-nginx-module/archive/v0.33.zip
unzip header.zip


#下载安装LuaJIT 2.1(2.0或者2.1都是支持的,官方推荐2.1)
cd /usr/local/src
wget http://luajit.org/download/LuaJIT-2.0.0.tar.gz
tar zxvf LuaJIT-2.0.0.tar.gz
cd LuaJIT-2.0.0
make
make install PREFIX=/usr/local/lj2
ln -s /usr/local/lj2/lib/libluajit-5.1.so.2 /lib64/

#下载ngx_devel_kit(NDK)模块
cd /usr/local/src
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
tar xzvf v0.3.0.tar.gz

#下载最新的lua-nginx-module 模块
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.13.tar.gz
tar xzvf v0.10.13.tar.gz
cd /usr/local/src

#cd tengine-2.2.2


#设置环境变量
export LUAJIT_LIB=/usr/local/lj2/lib/
export LUAJIT_INC=/usr/local/lj2/include/luajit-2.0/


cd tengine-2.2.2



#编译安装
./configure --prefix=/www/wdlinux/nginx-1.8.1 --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.42 \
--add-module=/usr/local/src/ngx_cache_purge-2.3/ \
--add-module=/usr/local/src/headers-more-nginx-module-0.33/ \
--add-module=/usr/local/src/ngx_devel_kit-0.3.0/ \
--add-module=/usr/local/src/lua-nginx-module-0.10.13/
make -j8
make install 


#查看是否编译成功
在nginx.conf中加入如下代码:
location /hello_lua { 
      default_type 'text/plain'; 
      content_by_lua 'ngx.say("hello, lua")'; 
}
重启nginx。访问http://ip/hello_lua会出现”hello, lua”表示安装成功


#安装ngx_lua_waf防火墙  https://github.com/loveshell/ngx_lua_waf/tree/master
cd /www/wdlinux/nginx-1.8.1/conf/
wget https://github.com/loveshell/ngx_lua_waf/archive/master.zip --no-check-certificate
unzip master.zip
mv ngx_lua_waf-master/* /www/wdlinux/nginx-1.8.1/conf/waf/
rm -rf ngx_lua_waf-master
chmod -R 775 /www/wdlinux/nginx-1.8.1/conf/waf

如果仅装purge模块(上面步骤省略):
cd /usr/local/src
wget http://tengine.taobao.org/download/tengine-2.0.0.tar.gz
tar zxvf tengine-2.0.0.tar.gz
cd tengine-2.0.0
cd tengine-2.0.0
./configure --add-module=/usr/local/src/ngx_cache_purge-2.1 --prefix=/www/wdlinux/nginx-1.0.15 --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.34
make
make install
=============================================

如果没有nginxd服务:
/etc/rc.d/init.d中新建ningxd文件

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /www/wdlinux/nginx/conf/nginx.conf
# pidfile:     /www/wdlinux/nginx/logs/nginx.pid
# Url http://www.wdlinux.cn
# Last Updated 2010.06.01

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/www/wdlinux/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/www/wdlinux/nginx/conf/nginx.conf"
NGINX_PID="/www/wdlinux/nginx/logs/nginx.pid"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    #service php-fpm start
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}
stop() {
    echo -n $"Stopping $prog: "
    $nginx -s stop
    echo_success
    retval=$?
    echo
    #service php-fpm stop
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    $nginx -s reload
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

然后给予执行权限: chmod +x /etc/init.d/nginxd
然后/www/wdlinux中新建快捷方式nginx指向/www/wdlinux/nginx-1.0.15
然后设置这服务开机启动 chkconfig --add nginxd

=============================================

二、配置nginx
nngix.conf

# nginx conf conf/nginx.conf
# Created by http://www.wdlinux.cn
# Last Updated 2010.06.01
user  www www;
worker_processes 2;
# worker_cpu_affinity 0001 0100 1000 0010 0001 0100 1000 0010;

error_log  logs/error.log  notice;
#error_log  /dev/null; #关闭日志文件


pid        logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
    use epoll;
    worker_connections  65535;
}




http {
    include       mime.types;
    default_type  application/octet-stream;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 300m;
    limit_zone one $binary_remote_addr 32k;




server_tokens off; #隐藏版本号

fastcgi_intercept_errors on; #开启自定义错误页

access_log /dev/null; #关闭日志文件

# 打开日志
#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                      '$status $body_bytes_sent "$http_referer" '
#                      '"$http_user_agent" "$http_x_forwarded_for"';
#access_log  logs/access.log  main;






# proxy_connect_timeout 60; #增加连接后端服务器超时时间
# proxy_read_timeout 60; #增加后端服务器响应请求超时时间
# proxy_send_timeout 60; #增加后端服务器发送数据超时时间
# proxy_buffer_size 32k; #增加代理请求缓存区大小
# proxy_buffers 4 64k; #增加
# proxy_busy_buffers_size 128k; #增加系统繁忙时可申请的proxy_buffers大小
# proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; 增加故障转移,如果后端的服务器返回502、504、执行超时等错误,自动将请求转发到upstream负载均衡池中的另一台服务器,实现故障转移。





proxy_temp_path /home/cache/proxy_temp_dir; #指定临时文件目录
proxy_cache_path /home/cache/proxy_cache_dir levels=1:2 keys_zone=cache_one:1024m inactive=3d max_size=35g;  #设置Web缓存区名称为cache_one,内存缓存为1024MB,自动清除1天内没有被访问的文件,硬盘缓存为100GB。
client_body_buffer_size 1024k; #增加??冲区代理缓冲客户端请求的最大字节?
proxy_temp_file_write_size 256k; #增加proxy缓存临时文件的大小
proxy_cache cache_one; #增加使用web缓存区cache_one







    sendfile        on;
    tcp_nopush     on;

    keepalive_timeout  600;
    tcp_nodelay on;

    gzip  on;
    gzip_min_length  0;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary off;

    log_format  wwwlogs  '$remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for';
    #include default.conf;
    include vhost/*.conf;
}

0000.default.conf

    server {
        listen       80;
        server_name  localhost;
        root /www/web/default;
        index index.php index.html index.htm;

        location ~ \.php$ {
                proxy_pass http://127.0.0.1:88;
                include naproxy.conf;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
                expires      30d;
        }

        location ~ .*\.(js|css)?$ {
                expires      12h;
        }
    }        


upstream 555555555 { 
      server  209.109.100.100:811; 
      server  209.109.100.100:812; 
      server  209.109.100.100:813; 
      server  209.109.100.100:814; 
      server  209.109.100.100:815; 
      server  209.109.100.100:816; 
      server  209.109.100.100:817; 
      server  209.109.100.100:818; 
      server  209.109.100.100:819; 
      server  209.109.100.100:820; 
      server  209.109.100.100:821; 
      server  209.109.100.100:822; 
      server  209.109.100.100:823; 
      server  209.109.100.100:824; 
      server  209.109.100.100:825; 
      server  209.109.100.100:826; 
      server  209.109.100.100:827; 
      server  209.109.100.100:828; 
      server  209.109.100.100:829; 
      server  209.109.100.100:830; 
      server  209.109.100.100:831; 
      server  209.109.100.100:832; 
      server  209.109.100.100:833; 
      server  209.109.100.100:834; 
      server  209.109.100.100:835; 
      server  209.109.100.100:836; 
      server  209.109.100.100:837; 
      server  209.109.100.100:838; 
      server  209.109.100.100:839; 
      server  209.109.100.100:840; 
      server  209.109.100.100:841; 
      server  209.109.100.100:842; 
      server  209.109.100.100:843; 
      server  209.109.100.100:844; 
      server  209.109.100.100:845; 
      server  209.109.100.100:846; 
      server  209.109.100.100:847; 
      server  209.109.100.100:848; 
      server  209.109.100.100:849; 
      server  209.109.100.100:850; 
      server  209.109.100.100:851; 
      server  209.109.100.100:852; 
      server  209.109.100.100:853; 
      server  209.109.100.100:854; 
      server  209.109.100.100:855; 
} 




       server
{
     listen          80;
     server_name     www.555555555.com;

proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size    64k;
proxy_buffers     8 64k;
proxy_busy_buffers_size 64k;
proxy_redirect     off;
proxy_hide_header  Vary;
proxy_set_header   Accept-Encoding '';
proxy_set_header   Host   $host;
proxy_set_header   Referer $http_referer;
proxy_set_header   Cookie $http_cookie;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;


#location ~ /purge(/.*) {
#allow all;
#proxy_cache_purge cache_one $host$1$is_args$args;
##proxy_cache_purge cache_one $host;
#error_page 405 =200 /purge$1;
#}


location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml|txt|exe|rar|zip)?$ #列出的扩展名文件不缓存。
{
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://555555555;
}




location ~ .*\.(htm)?$ #列出的扩展名文件缓存。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 1800s;
expires 1800s;
}

location  ~ .*\.(index.html)$ #不缓存内页首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}



location ~ .(/index.html)$ #不缓存内页首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}


location ~ .(/)$ #不缓存内页首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}


location ~ .*\.(html)?$ #列出的扩展名文件缓存。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 14400s;
expires 14400s;
}



location ~ (/)$ #不缓存首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}


location /
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 3d;
expires 1d; #据说是客户端缓存,未证实。
}


location = /modules/article/search999.htm {
return http://www.555555555.com; 
} 

location = /modules/article/search999.php {
rewrite ^/(.*) http://www.555555555.com/$1 permanent;
} 

}  



upstream 808808808 { 
      server  209.109.100.101:8081; 
      server  209.109.100.101:8082; 
      server  209.109.100.101:8083; 
      server  209.109.100.101:8084; 
      server  209.109.100.101:8085; 
      server  209.109.100.101:8086; 
      server  209.109.100.101:8087; 
      server  209.109.100.101:8088; 
      server  209.109.100.101:8089; 
} 


       server
{
     listen          80;
     server_name     www.808808808.com;

proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size    64k;
proxy_buffers     8 64k;
proxy_busy_buffers_size 64k;
proxy_redirect     off;
proxy_hide_header  Vary;
proxy_set_header   Accept-Encoding '';
proxy_set_header   Host   $host;
proxy_set_header   Referer $http_referer;
proxy_set_header   Cookie $http_cookie;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;


#location ~ /purge(/.*) {
#allow all;
#proxy_cache_purge cache_one $host$1$is_args$args;
##proxy_cache_purge cache_one $host;
#error_page 405 =200 /purge$1;
#}


location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml|txt|exe|rar|zip)?$ #列出的扩展名文件不缓存。
{
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://808808808;
}




location ~ .*\.(htm)?$ #列出的扩展名文件缓存。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 1800s;
expires 1800s;
}




location  ~ .*\.(index.html)$ #不缓存内页首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}



location ~ .(/index.html)$ #不缓存内页首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}


location ~ .(/)$ #不缓存内页首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}



location ~ .*\.(html)?$ #列出的扩展名文件缓存。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 14400s;
expires 14400s;
}



location ~ (/)$ #不缓存首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}

location /
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 3d;
expires 1d; #据说是客户端缓存,未证实。
}

location = /m/search999.htm {
return http://www.808808808.com; 
} 

location = /m/search999.php {
rewrite ^/(.*) http://www.808808808.com/$1 permanent;
} 
}



server
{
      listen       80;   
      server_name  m.555555555.com;   
     location /  {

    proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
  
 if ($http_user_agent ~* "((MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC\-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT)|(SonyEricsson)|(NEC)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC)|(SED)|(EMOL)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Java)|(Opera))")          
{   
proxy_pass  http://209.109.100.100:8085;
} 
}  
}  

三、配置etc/sysctl.conf

# net.ipv4.ip_forward = 0 vpn需要改为1,见下面
net.ipv4.ip_forward = 1 
net.ipv4.conf.default.rp_filter = 1  
net.ipv4.conf.default.accept_source_route = 0  
kernel.sysrq = 0  
kernel.core_uses_pid = 1  
net.ipv4.tcp_syncookies = 1  
# vpn需要注释net.ipv4.tcp_syncookies
kernel.msgmnb = 65536  
kernel.msgmax = 65536  
kernel.shmmax = 68719476736  
kernel.shmall = 4294967296  
net.ipv4.tcp_max_tw_buckets = 6000  
net.ipv4.tcp_sack = 1  
net.ipv4.tcp_window_scaling = 1  
net.ipv4.tcp_rmem = 4096 87380 4194304 
net.ipv4.tcp_wmem = 4096 16384 4194304   
net.core.wmem_default = 8388608  
net.core.rmem_default = 8388608  
net.core.rmem_max = 16777216  
net.core.wmem_max = 16777216  
net.core.netdev_max_backlog = 262144  
net.core.somaxconn = 262144  
net.ipv4.tcp_max_orphans = 3276800  
net.ipv4.tcp_max_syn_backlog = 262144  
net.ipv4.tcp_timestamps = 0  
net.ipv4.tcp_synack_retries = 1  
net.ipv4.tcp_syn_retries = 1  
net.ipv4.tcp_tw_recycle = 1  
net.ipv4.tcp_tw_reuse = 1  
net.ipv4.tcp_mem = 94500000 915000000 927000000   
net.ipv4.tcp_fin_timeout = 1  
net.ipv4.tcp_keepalive_time = 30  
net.ipv4.ip_local_port_range = 1024 65000 
#允许系统打开的端口范围  

三、修改系统最大并发连接数

1、输入 ulimit -n 查看当前最大并发连接,默认1024
2、修改为65535,命令为 ulimit -HSn 65535
为了防止重启后失效,在/etc/profile文件中增加该命令。

centos7 需要修改/etc/systemd/system.conf
DefaultLimitNOFILE=65535
DefaultLimitNPROC=65535

ulimit -n ulimit -a 查看

请为这篇文章评分:
( 这篇文章尚未评分 )

Tags: nginx, VPS, wdcp

Related Posts:

发表评论