VPS配置
Posted by he; tagged with nginx , VPS , wdcp
新VPS最好先更新下系统,打下补丁:yum update
一、安装WDCP面板
yum install -y wget wget http://dl.wdlinux.cn/files/lanmp_v3.2.tar.gz tar zxvf lanmp_v3.2.tar.gz sh lanmp.sh
RPM包安装支持系统:CentOS 5.X/wdlinux_base 5.X/wdOS 1.0,CentOS 6.X ,32位,64位均支持
卸载(切记备份好数据)
sh lanmp_wdcp_ins.sh uninstall
删除nginx并安装tengine(切记备份好数据)
1、删除/www/wdlinux/nginx-1.8.1目录 rm -fr /www/wdlinux/nginx-1.8.1/*
2、执行http://www.512873.com/archives/316.html 第一、第二步。
3、
yum install openssl openssl-devel -y
cd /usr/local/src
wget http://tengine.taobao.org/download/tengine-2.2.2.tar.gz
tar zxvf tengine-2.2.2.tar.gz
wget -O header.zip --no-check-certificate https://github.com/openresty/headers-more-nginx-module/archive/v0.33.zip
unzip header.zip
#下载安装LuaJIT 2.1(2.0或者2.1都是支持的,官方推荐2.1)
cd /usr/local/src
wget http://luajit.org/download/LuaJIT-2.0.0.tar.gz
tar zxvf LuaJIT-2.0.0.tar.gz
cd LuaJIT-2.0.0
make
make install PREFIX=/usr/local/lj2
ln -s /usr/local/lj2/lib/libluajit-5.1.so.2 /lib64/
#下载ngx_devel_kit(NDK)模块
cd /usr/local/src
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
tar xzvf v0.3.0.tar.gz
#下载最新的lua-nginx-module 模块
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.13.tar.gz
tar xzvf v0.10.13.tar.gz
cd /usr/local/src
#cd tengine-2.2.2
#设置环境变量
export LUAJIT_LIB=/usr/local/lj2/lib/
export LUAJIT_INC=/usr/local/lj2/include/luajit-2.0/
cd tengine-2.2.2
#编译安装
./configure --prefix=/www/wdlinux/nginx-1.8.1 --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.42 \
--add-module=/usr/local/src/ngx_cache_purge-2.3/ \
--add-module=/usr/local/src/headers-more-nginx-module-0.33/ \
--add-module=/usr/local/src/ngx_devel_kit-0.3.0/ \
--add-module=/usr/local/src/lua-nginx-module-0.10.13/
make -j8
make install
#查看是否编译成功
在nginx.conf中加入如下代码:
location /hello_lua {
default_type 'text/plain';
content_by_lua 'ngx.say("hello, lua")';
}
重启nginx。访问http://ip/hello_lua会出现”hello, lua”表示安装成功
#安装ngx_lua_waf防火墙 https://github.com/loveshell/ngx_lua_waf/tree/master
cd /www/wdlinux/nginx-1.8.1/conf/
wget https://github.com/loveshell/ngx_lua_waf/archive/master.zip --no-check-certificate
unzip master.zip
mv ngx_lua_waf-master/* /www/wdlinux/nginx-1.8.1/conf/waf/
rm -rf ngx_lua_waf-master
chmod -R 775 /www/wdlinux/nginx-1.8.1/conf/waf如果仅装purge模块(上面步骤省略):
cd /usr/local/src
wget http://tengine.taobao.org/download/tengine-2.0.0.tar.gz
tar zxvf tengine-2.0.0.tar.gz
cd tengine-2.0.0
cd tengine-2.0.0
./configure --add-module=/usr/local/src/ngx_cache_purge-2.1 --prefix=/www/wdlinux/nginx-1.0.15 --with-http_stub_status_module --with-pcre=/usr/local/src/pcre-8.34
make
make install
=============================================
如果没有nginxd服务:
/etc/rc.d/init.d中新建ningxd文件
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /www/wdlinux/nginx/conf/nginx.conf
# pidfile: /www/wdlinux/nginx/logs/nginx.pid
# Url http://www.wdlinux.cn
# Last Updated 2010.06.01
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/www/wdlinux/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/www/wdlinux/nginx/conf/nginx.conf"
NGINX_PID="/www/wdlinux/nginx/logs/nginx.pid"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
#service php-fpm start
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
$nginx -s stop
echo_success
retval=$?
echo
#service php-fpm stop
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
$nginx -s reload
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
然后给予执行权限: chmod +x /etc/init.d/nginxd
然后/www/wdlinux中新建快捷方式nginx指向/www/wdlinux/nginx-1.0.15
然后设置这服务开机启动 chkconfig --add nginxd
=============================================
二、配置nginx
nngix.conf
# nginx conf conf/nginx.conf
# Created by http://www.wdlinux.cn
# Last Updated 2010.06.01
user www www;
worker_processes 2;
# worker_cpu_affinity 0001 0100 1000 0010 0001 0100 1000 0010;
error_log logs/error.log notice;
#error_log /dev/null; #关闭日志文件
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
limit_zone one $binary_remote_addr 32k;
server_tokens off; #隐藏版本号
fastcgi_intercept_errors on; #开启自定义错误页
access_log /dev/null; #关闭日志文件
# 打开日志
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
# proxy_connect_timeout 60; #增加连接后端服务器超时时间
# proxy_read_timeout 60; #增加后端服务器响应请求超时时间
# proxy_send_timeout 60; #增加后端服务器发送数据超时时间
# proxy_buffer_size 32k; #增加代理请求缓存区大小
# proxy_buffers 4 64k; #增加
# proxy_busy_buffers_size 128k; #增加系统繁忙时可申请的proxy_buffers大小
# proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; 增加故障转移,如果后端的服务器返回502、504、执行超时等错误,自动将请求转发到upstream负载均衡池中的另一台服务器,实现故障转移。
proxy_temp_path /home/cache/proxy_temp_dir; #指定临时文件目录
proxy_cache_path /home/cache/proxy_cache_dir levels=1:2 keys_zone=cache_one:1024m inactive=3d max_size=35g; #设置Web缓存区名称为cache_one,内存缓存为1024MB,自动清除1天内没有被访问的文件,硬盘缓存为100GB。
client_body_buffer_size 1024k; #增加??冲区代理缓冲客户端请求的最大字节?
proxy_temp_file_write_size 256k; #增加proxy缓存临时文件的大小
proxy_cache cache_one; #增加使用web缓存区cache_one
sendfile on;
tcp_nopush on;
keepalive_timeout 600;
tcp_nodelay on;
gzip on;
gzip_min_length 0;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary off;
log_format wwwlogs '$remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for';
#include default.conf;
include vhost/*.conf;
}0000.default.conf
server {
listen 80;
server_name localhost;
root /www/web/default;
index index.php index.html index.htm;
location ~ \.php$ {
proxy_pass http://127.0.0.1:88;
include naproxy.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
location ~ .*\.(js|css)?$ {
expires 12h;
}
}
upstream 555555555 {
server 209.109.100.100:811;
server 209.109.100.100:812;
server 209.109.100.100:813;
server 209.109.100.100:814;
server 209.109.100.100:815;
server 209.109.100.100:816;
server 209.109.100.100:817;
server 209.109.100.100:818;
server 209.109.100.100:819;
server 209.109.100.100:820;
server 209.109.100.100:821;
server 209.109.100.100:822;
server 209.109.100.100:823;
server 209.109.100.100:824;
server 209.109.100.100:825;
server 209.109.100.100:826;
server 209.109.100.100:827;
server 209.109.100.100:828;
server 209.109.100.100:829;
server 209.109.100.100:830;
server 209.109.100.100:831;
server 209.109.100.100:832;
server 209.109.100.100:833;
server 209.109.100.100:834;
server 209.109.100.100:835;
server 209.109.100.100:836;
server 209.109.100.100:837;
server 209.109.100.100:838;
server 209.109.100.100:839;
server 209.109.100.100:840;
server 209.109.100.100:841;
server 209.109.100.100:842;
server 209.109.100.100:843;
server 209.109.100.100:844;
server 209.109.100.100:845;
server 209.109.100.100:846;
server 209.109.100.100:847;
server 209.109.100.100:848;
server 209.109.100.100:849;
server 209.109.100.100:850;
server 209.109.100.100:851;
server 209.109.100.100:852;
server 209.109.100.100:853;
server 209.109.100.100:854;
server 209.109.100.100:855;
}
server
{
listen 80;
server_name www.555555555.com;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#location ~ /purge(/.*) {
#allow all;
#proxy_cache_purge cache_one $host$1$is_args$args;
##proxy_cache_purge cache_one $host;
#error_page 405 =200 /purge$1;
#}
location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml|txt|exe|rar|zip)?$ #列出的扩展名文件不缓存。
{
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://555555555;
}
location ~ .*\.(htm)?$ #列出的扩展名文件缓存。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 1800s;
expires 1800s;
}
location ~ .*\.(index.html)$ #不缓存内页首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location ~ .(/index.html)$ #不缓存内页首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location ~ .(/)$ #不缓存内页首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location ~ .*\.(html)?$ #列出的扩展名文件缓存。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 14400s;
expires 14400s;
}
location ~ (/)$ #不缓存首页。
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location /
{
proxy_pass http://555555555;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 3d;
expires 1d; #据说是客户端缓存,未证实。
}
location = /modules/article/search999.htm {
return http://www.555555555.com;
}
location = /modules/article/search999.php {
rewrite ^/(.*) http://www.555555555.com/$1 permanent;
}
}
upstream 808808808 {
server 209.109.100.101:8081;
server 209.109.100.101:8082;
server 209.109.100.101:8083;
server 209.109.100.101:8084;
server 209.109.100.101:8085;
server 209.109.100.101:8086;
server 209.109.100.101:8087;
server 209.109.100.101:8088;
server 209.109.100.101:8089;
}
server
{
listen 80;
server_name www.808808808.com;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#location ~ /purge(/.*) {
#allow all;
#proxy_cache_purge cache_one $host$1$is_args$args;
##proxy_cache_purge cache_one $host;
#error_page 405 =200 /purge$1;
#}
location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml|txt|exe|rar|zip)?$ #列出的扩展名文件不缓存。
{
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://808808808;
}
location ~ .*\.(htm)?$ #列出的扩展名文件缓存。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 1800s;
expires 1800s;
}
location ~ .*\.(index.html)$ #不缓存内页首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location ~ .(/index.html)$ #不缓存内页首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location ~ .(/)$ #不缓存内页首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location ~ .*\.(html)?$ #列出的扩展名文件缓存。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 14400s;
expires 14400s;
}
location ~ (/)$ #不缓存首页。
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 180s;
expires 180s;
}
location /
{
proxy_pass http://808808808;
proxy_cache_key $host$uri$is_args$args; #增加设置web缓存的key值,nginx根据key值md5哈希存储缓存
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_valid 200 304 3d;
expires 1d; #据说是客户端缓存,未证实。
}
location = /m/search999.htm {
return http://www.808808808.com;
}
location = /m/search999.php {
rewrite ^/(.*) http://www.808808808.com/$1 permanent;
}
}
server
{
listen 80;
server_name m.555555555.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
if ($http_user_agent ~* "((MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC\-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT)|(SonyEricsson)|(NEC)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC)|(SED)|(EMOL)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Java)|(Opera))")
{
proxy_pass http://209.109.100.100:8085;
}
}
}
三、配置etc/sysctl.conf
# net.ipv4.ip_forward = 0 vpn需要改为1,见下面 net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 # vpn需要注释net.ipv4.tcp_syncookies kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 30 net.ipv4.ip_local_port_range = 1024 65000 #允许系统打开的端口范围
三、修改系统最大并发连接数
1、输入 ulimit -n 查看当前最大并发连接,默认1024
2、修改为65535,命令为 ulimit -HSn 65535
为了防止重启后失效,在/etc/profile文件中增加该命令。
centos7 需要修改/etc/systemd/system.conf
DefaultLimitNOFILE=65535
DefaultLimitNPROC=65535
ulimit -n ulimit -a 查看