导航

php

新事件

2011年底爆发出来的hash dos漏洞威力十足, php-5.2.x和php-5.3.x 存在hash dos漏洞

所以这里面需要把 php-5.3.6 换成最新版, 详细查看这里

安装编译PHP需要的支持库

libiconv

加强系统对支持字符编码转换的功能

wget https://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
tar zxvf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure --prefix=/usr/local
make
make install

libmcrypt

加密算法库,PHP扩展mcrypt功能对此库有依耐关系

wget https://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make
make install
/sbin/ldconfig

cd libltdl/
./configure --enable-ltdl-install
make
make install

mhash

hash 加密算法库

wget https://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make
make install

建立软连接

ln -s /usr/local/lib/libiconv.so.2 /usr/lib/libiconv.so.2

ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config

ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1

配置立即生效

ldconfig

mcrypt

wget https://downloads.sourceforge.net/mcrypt/mcrypt-2.6.8.tar.gz
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install

编译安装

FastCGI模式

开始编译

wget https://cn.php.net/get/php-5.3.6.tar.gz/from/this/mirror
tar xvf php-5.3.6.tar.gz
cd php-5.3.6

./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc \
--with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config \
--with-iconv-dir=/usr/local/lib --with-freetype-dir=/usr/local/lib --with-jpeg-dir=/usr/local/lib --with-png-dir=/usr/local/lib --with-zlib \
--with-libxml-dir=/usr --enable-xml --disable-rpath  --enable-safe-mode --enable-bcmath \
--enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers \
--enable-mbregex  --enable-fpm  --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf \
--with-openssl --with-mhash --enable-pcntl --enable-sockets --with-ldap --with-ldap-sasl --with-xmlrpc \
--enable-zip --enable-soap

make ZEND_EXTRA_LIBS='-liconv'
make install
cp -f php.ini-production /usr/local/webserver/php/etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod u+x /etc/init.d/php-fpm

配置php-fpm

注:运行php-fpm前,记得先建立www用户,不然运行后会报错。因为PHP-FPM配置文件中是用www来运行的。

创建www用户和组

/usr/sbin/groupadd www
/usr/sbin/useradd -g www www

编辑php-fpm.conf

cat > /usr/local/webserver/php/etc/php-fpm.conf <<'EOF'
[global]
pid = /usr/local/webserver/php/var/run/php-fpm.pid
error_log = /usr/local/webserver/php/var/log/php-fpm.log
log_level = notice
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 5s
daemonize = yes

[www]
listen = /tmp/php_fcgi.sock
listen.backlog = -1
listen.allowed_clients = 127.0.0.1
user = www
group = www
listen.mode=0666
pm = static
pm.max_children = 64
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 1024

request_terminate_timeout = 0s
request_slowlog_timeout = 0s
slowlog = logs/slow.log
rlimit_files = 65535
rlimit_core = 0
chroot =
chdir =
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

php_flag[display_errors] = off
EOF

启动前可先测试下php-fpm.conf的语法是否正确。

/usr/local/webserver/php/sbin/php-fpm -t

如出现下面的提示,表示没有问题。

[30 18:47:32] NOTICE: configuration file /usr/local/webserver/php/etc/php-fpm.conf test is successful

启动php-cgi进程后,监听的是127.0.0.1的9000端口,进程数为64(如果服务器内存小于3GB,可以只开启64个进程),用户为www。

#/usr/local/webserver/php/sbin/php-fpm

设置开机启动

chkconfig -add php-fpm
chkconfig php-fpm on

启动 php-fpm

service php-fpm start

安装php扩展memcache memcached

memcache

wget https://pecl.php.net/get/memcache-2.2.6.tgz
tar xvf memcache-2.2.6.tgz
cd memcache-2.2.6
phpize
./configure --with-php-config=/usr/local/webserver/php/bin/php-config
make
make install

修改php.ini文件

cat >> /usr/local/webserver/php/etc/php.ini << "EOF"

[memcache]
extension=memcache.so

memcached

libevent (memcached dependency)

wget https://www.monkey.org/~provos/libevent-1.4.8-stable.tar.gz
tar xfz libevent-1.4.8-stable.tar.gz
cd libevent-1.4.8-stable
./configure && make && sudo make install
ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib

libmemcached

wget https://launchpad.net/libmemcached/1.0/0.50a/+download/libmemcached-0.50.tar.gz
tar -xzvf libmemcached-0.50.tar.gz
cd libmemcached-0.50

#An error in the sources prevents us to compile libmemcached on a 32 bit architecture, that’s why in the clients/memcapable.cc file at lines 658, 728 and 787, the value “0xdeadbeefdeadcafe” should be replaced by “0xdeadbeefdeadcafeULL”. After that the compilation works as a charm (NB: When writing this article, there where more recent versions of libmemcached but they couldn’t compile because CentOS 5 version of autoconf is too old.
#vim clients/memcapable.cc
#658   uint64_t value= 0xdeadbeefdeadcafeULL;
#728   uint64_t value= 0xdeadbeefdeadcafeULL;
#787   uint64_t value= 0xdeadbeefdeadcafeULL;

./configure –prefix=/usr/local/libmemcached
make
make install
memcached
wget https://pecl.php.net/get/memcached-2.0.1.tgz
tar xvf memcached-2.0.1.tgz
cd memcached-2.0.1
phpize
./configure --with-libmemcached-dir=/usr/local/libmemcached
make && make install
修改php.ini文件
cat >> /usr/local/webserver/php/etc/php.ini << "EOF"

[memcached]
extension=memcached.so
EOF

启动Memcached

# Run memcached as a daemon (d = daemon, m = memory, u = user, l = IP to listen to, p = port)
memcached -d -m 256 -u root -l 10.0.0.2 -p 11211 -c 256 -P /tmp/memcached.pid
关闭Memcached
kill `cat /tmp/memcached.pid`

启动脚本

#!/bin/sh
#
# Startup script for the server of memcached
#
# processname: memcached
# pidfile: /etc/memcached/memcached.pid
# logfile: /etc/memcached/memcached_log.txt
# memcached_home: /etc/memcached
# chkconfig: 35 21 79
# description: Start and stop memcached Service

# Source function library
. /etc/rc.d/init.d/functions

RETVAL=0

prog="memcached"
basedir=/usr/local/memcached
cmd=${basedir}/bin/memcached
pidfile="$basedir/${prog}.pid"
#logfile="$basedir/memcached_log.txt"

# 设置memcached启动参数
ipaddr="10.0.0.2"               # 绑定侦听的IP地址
port="11211"                    # 服务端口
username="root"                 # 运行程序的用户身份
max_memory=64                   # default: 64M | 最大使用内存
max_simul_conn=1024             # default: 1024 | 最大同时连接数
#maxcon=51200
#growth_factor=1.3              # default: 1.25 | 块大小增长因子
#thread_num=6                   # default: 4
#verbose="-vv"                  # 查看详细启动信息
#bind_protocol=binary           # ascii, binary, or auto (default)

start() {
    echo -n $"Starting service: $prog"
    $cmd -d -m $max_memory -u $username -l $ipaddr -p $port -c $max_simul_conn -P $pidfile
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}

stop() {
    echo -n $"Stopping service: $prog  "
    run_user=`whoami`
        pidlist=`ps -ef | grep $run_user | grep memcached | grep -v grep | awk '{print($2)}'`
        for pid in $pidlist
        do
#           echo "pid=$pid"
            kill -9 $pid
            if [ $? -ne 0 ]; then
                return 1
            fi
        done
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}

# See how we were called.
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    reload)
        reload
        ;;
    restart)
        stop
        start
        ;;
    condrestart)
        if [ -f /var/lock/subsys/$prog ]; then
            stop
            start
        fi
        ;;
    status)
        status memcached
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 1
esac

exit $RETVAL

选项 说明
-d 启动一个守护进程
-m 分配给Memcache使用的内存数量,单位是MB
-u 运行Memcache的用户
-l 监听的服务器IP地址
-p Memcache监听的端口口
-c 最大运行的并发连接数,默认是1024
-P 设置保存Memcache的pid文件路径

可以启动多个守护进程,不过端口不能重复。

参考资料

Memcache相关文档

內容目录

上一个主题

lnmp服务器

下一个主题

nginx

快速搜索

输入相关的模块,术语,类或者函数名称进行搜索

导航

© jinjiajin.net

使用 Doczen 0.1