滚圆滚圆

分类: web服务器

  • Hyperf环境部署

    yum install -y oniguruma gd libzip yum-utils
    nginx
    添加nginx源
    /etc/yum.repos.d/nginx.repo
    [nginx-stable]
    name=nginx stable repo
    baseurl=http://nginx.org/packages/centos/8/$basearch/
    gpgcheck=1
    enabled=1
    gpgkey=https://nginx.org/keys/nginx_signing.key
    module_hotfixes=true
    [nginx-mainline]
    name=nginx mainline repo
    baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
    gpgcheck=1
    enabled=0
    gpgkey=https://nginx.org/keys/nginx_signing.key
    module_hotfixes=true
    yum install -y nginx

    php基础环境
    yum install -y php php-common php-cli php-devel
    yum install -y php-mbstring php-process php-json php-xml php-pear php-bcmath php-opcache php-gd
    yum install -y php-pdo php-mysqlnd php-pgsql php-odbc
    yum install -y php-pecl-zip
    Firebird支持
    yum install -y libfbclient2 libfbclient2-devel libib-util libtommath perl-DBD-Firebird
    nginx配置
    fastcgi_pass unix:/run/php-fpm/www.sock;

    Hyperf 环境要求
    PHP >= 7.4
    以下任一网络引擎
    Swoole PHP 扩展 >= 4.5,并关闭了 Short Name
    Swow PHP 扩展 (Beta)
    JSON PHP 扩展
    Pcntl PHP 扩展
    OpenSSL PHP 扩展(如需要使用到 HTTPS)
    PDO PHP 扩展 (如需要使用到 MySQL 客户端)
    Redis PHP 扩展 (如需要使用到 Redis 客户端)
    Protobuf PHP 扩展 (如需要使用到 gRPC 服务端或客户端)

    安装php扩展
    官网http://php.net/releases/ 下载对应的安装包
    php -v
    检查php配置路径
    whereis php-config
    Pcntl PHP 扩展
    cd php-7.4.6/ext/

    pcntl
    cd pcntl/
    /usr/bin/phpize
    ./configure –with-php-config=/usr/bin/php-config

    注意/usr/bin/php-config

    检查php配置路径

    whereis php-config
    make && make install

    Redis PHP 扩展 (如需要使用到 Redis 客户端)
    wget https://pecl.php.net/get/redis-5.3.6.tgz
    cd redis-5.3.6/
    /usr/bin/phpize
    ./configure –with-php-config=/usr/bin/php-config
    make && make install

    Protobuf PHP 扩展
    yum install -y protobuf.x86_64 protobuf-compiler.x86_64 protobuf-devel.x86_64
    wget https://github.com/allegro/php-protobuf/archive/refs/heads/master.zip
    /usr/bin/phpize
    ./configure –with-php-config=/usr/bin/php-config
    make && make install

    Swoole PHP 扩展
    wget https://pecl.php.net/get/swoole-4.8.6.tgz
    /usr/bin/phpize
    ./configure –with-php-config=/usr/bin/php-config
    make && make install
    ; Enable swoole extension module
    extension=swoole.so
    swoole.use_shortname = off ;关闭 Short Name
    Installing shared extensions: /usr/lib64/php/modules/

    添加相应的配置
    /etc/php.d/
    cat 20-protobuf.ini
    ; Enable protobuf extension module
    extension=protobuf

    rename’.repo”.repo.bak’ /etc/yum.repos.d/*.repo

  • PECL简单安装phpredis

    通过PECL很简单的就能安装上phpredis了,不需要再去下载源码编译了

    安装命令:pecl install redis

    添加 /etc/php.d/redis.ini,重启nginx & php-fpm

    ; Enable redis extension module
    extension=redis.so

    phpredis的PECL仓库地址:http://pecl.php.net/package/redis

    phpredis的GITHUB地址:http://github.com/nicolasff/phpredis

    Redis官网:http://www.redis.io/

     

  • Nginx 配置文件

    nginx配置样例:

    location ~ \.php$ {
    root           html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
    }
    # A virtual host using mix of IP-, name-, and port-based configuration
    #

    server {
    listen       80;
    server_name  mypiao.mypiao.com;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    location ~.*\.(jpg|png|jpeg)$
    {
    root /software;
    expires 1d;
    }

    location  /mygladmin/ {
    root   /usr/share/nginx/html/xxxxxxxx;
    index index.php;
    if ( !-e $request_filename )
    {
    rewrite ^/mygladmin/(.*)$   /mygladmin/index.php/$1 last;
    break;
    }

    }

    location  /newadmin/ {
    root   /usr/share/nginx/html/xxxxxxxx;
    index index.php;
    if ( !-e $request_filename )
    {
    rewrite ^/newadmin/(.*)$   /newadmin/index.php/$1 last;
    break;
    }

    }

    location / {
    root   /usr/share/nginx/html/xxxxxxxx;
    if ( !-e $request_filename )
    {
    rewrite ^(.*)$ index.php/$1 last;
    break;
    }
    index  index.php index.html index.htm;
    }

    location ~ \.php{
    root   /usr/share/nginx/html/xxxxxxxx;
    fastcgi_index index.php;
    fastcgi_pass 127.0.0.1:9000;
    include      fastcgi_params;
    set $path_info “”;
    set $real_script_name $fastcgi_script_name;
    if ($fastcgi_script_name ~ “^(.+?\.php)(/.+)$”) {
    set $real_script_name $1;
    set $path_info $2;
    }
    fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/xxxxxxxx/$real_script_name;
    fastcgi_param SCRIPT_NAME $real_script_name;
    fastcgi_param PATH_INFO $path_info;
    }

  • IIS7无法显示页面,因为发生内部服务器错误。错误代码0x800700c1

    模块 IsapiModule 通知 ExecuteRequestHandler 处理程序 AboMapperCustom-532187 错误代码 0x800700c1
    经查找,找到解决方法,原来是应用程序池的问题:
    1、进入IIS中的应用程序池
    2、选中网站使用的应用程序池名称,然后点击“高级设置”,
    3、启用32位应用程序池即可!

    X64 下需要把midas.dll和dbexpint.dll 放到Windows\system 目录下

  • Apache并发处理模块

     

    查看连接数和当前的连接数,分别是
    netstat -ant | grep $ip:80 | wc -l
    netstat -ant | grep $ip:80 | grep EST | wc -l

    ThreadsPerChild 每个子进程的服务线程数目 默认值25
    StartServers apache启动的时候就开启的子进程数 默认值3
    MinSpareThreads 最小空闲线程数 默认值75
    MaxSpareThreads 最大空闲线程数,apache在运行的时候会让总的空闲线程数保持在MinSpareThreads和MaxSpareThreads之间,这两个参数用默认值就可以了,一般情况下没必要去调整它们 默认值250
    MaxClients 最大客户端并发处理数(最大线程数),MaxClients除以ThreadsPerChild得到的值的就是最大可能达到的子进程数,如果服务器的并发请求数超过了MaxClients,那么apache会报这样的错误:server reached MaxClients setting, consider raising the MaxClients setting 默认值16*25 = 400
    ServerLimit 最大进程数限制,这个参数值必须大于或等于MaxClients除以ThreadsPerChild得到的值。这个参数是硬限制,直接重启apache(apache restart)不会生效,必须先停止apache(apache stop)再启动apache(apache start)才生效 worker模式下默认值是16,prefork模式则是256
    ThreadLimit 每个进程的最大线程数限制,也就是说这个参数决定了ThreadsPerChild的最大值。如果这个参数设得比ThreadsPerChild大很多的话,那么会浪费掉很多共享内存。设置过大还可能会导致apache无法启动或者系统不稳定。这个参数也是硬限制。如果要设置的话,ServerLimit和ThreadLimit必须放在其它设置的前面 默认值64
    MaxRequestsPerChild 单个子进程在其生命周期内处理的总请求数限制,当某个子进程处理过的总请求数到达这个限制后这个进程就会被回收,如果设为0,那么这个进程永远不会过期(这样如果有内存泄露的话就会一直泄露下去……)

    <IfModule prefork.c>
    StartServers 10
    MinSpareServers 10
    MaxSpareServers 15
    ServerLimit 2000
    MaxClients 1500
    MaxRequestsPerChild 10000
    </IfModule>

    ServerLimit 要放在 MaxClients 前面!!!

    另外,調整之後如果以 apachectl graceful 重開 Apache,ServerLimit 的設定並不會生效,log 檔裡會出現以下的錯誤訊息:

    [Wed Aug 11 22:31:41 2009] [warn] WARNING: Attempt to change ServerLimit ignored during restart
    如果以 apachectl restart 重開也沒用,一樣會出現前面提過的錯誤訊息:
    WARNING: MaxClients of 300 exceeds ServerLimit value of 256 servers,
    lowering MaxClients to 256.  To increase, please see the ServerLimit
    directive.
    在前面提過的官網說明中有一段隱晦的說明:

    Any attempts to change this directive during a restart will be ignored, but MaxClients can be modified during a restart.
    因此要使 ServerLimit 生效,必須先停止 Apache: apachectl stop,再開啟 Apache: apachectl start

    Apache中MaxRequestsPerChild参数及配置

    MaxRequestsPerChild这个指令设定一个独立的子进程将能处理的请求数量。
    在处理 “MaxRequestsPerChild”请求之后,子进程将会被父进程终止,这时候子进程占用的内存就会释放,如果再有访问请求,父进程会重新产生子进程进行处理。
    如果 MaxRequestsPerChild缺省设为0(无限)或较大的数字(例如10000以上)可以使每个子进程处理更多的请求,不会因为不断终止、启动子进程降低访问效率,
    但MaxRequestsPerChild设置为0时,如果占用了200~300M内存,即使负载下来时占用的内存也不会减少。内存较大的服务器可以设置为0或较大的数字。内存较小的服务器不妨设置成30、50、100,以防内存溢出

     

  • httpd dead but pid file exists

    httpd dead but pid file existsApache起不来,报No space left on device: Couldn’t create accept lock
    service httpd restart
    提示正常
    service httpd status
    提示:httpd dead but pid file exists
    检查80端口是否被占用
    netstat -tulpn | grep :80
    没有记录
    继续
    rm /var/lock/subsys/httpd
    rm /var/run/httpd/httpd.pid
    service httpd restart
    还是提示:httpd dead but pid file exists
    检查 /var/log/httpd/error_log
    发现 [emerg] (28)No space left on device: Couldn’t create accept lock (/etc/httpd/logs/accept.lock.13255) (5)
    以为是空间不足,造成无法创建锁文件,但是df -h察看,发觉不是这个问题。
    google 一下
    ipcs -s
    —— Semaphore Arrays ——–
    key        semid      owner      perms      nsems
    0x000000a7 0          root      600        1
    0x00000000 32769      apache    600        1
    0x00000000 65538      apache    600        1
    0x00000000 884739     apache    600        1
    0x00000000 917508     apache    600        1

    一大堆的ipc使用,需要干掉。
    清除命令
    for semid in `ipcs -s | grep apache | cut -f2 -d” “`;
    do ipcrm -s $semid; done
    service httpd restart
    service httpd status
    提示正常

    查看the number of semaphores that are available on the system

    admin@intlqa142012x:[/home/admin]ipcs -l

    —— Shared Memory Limits ——–
    max number of segments = 4096
    max seg size (kbytes) = 32768
    max total shared memory (kbytes) = 8388608
    min seg size (bytes) = 1

    —— Semaphore Limits ——–
    max number of arrays = 128
    max semaphores per array = 250
    max semaphores system wide = 32000
    max ops per semop call = 32
    semaphore max value = 32767

    —— Messages: Limits ——–
    max queues system wide = 16
    max size of message (bytes) = 8192
    default max size of queue (bytes) = 16384

    如果有权限的话,可以修改这些限制:
    To change these parameters, modify the file /etc/sysctl.conf and add the following lines:

    kernel.msgmni = 1024
    kernel.sem = 250 256000 32 1024

    Then load these settings with the command:sysctl -p
    -p Load in sysctl settings from the file specified or /etc/sysctl.conf if none given.

    admin@intlqa142012x:[/home/admin]sysctl -p
    error: permission denied on key ‘net.ipv4.ip_forward’
    error: permission denied on key ‘net.ipv4.conf.default.rp_filter’
    error: permission denied on key ‘net.ipv4.conf.default.accept_source_route’
    error: permission denied on key ‘kernel.sysrq’
    error: permission denied on key ‘kernel.core_uses_pid’

    Your Apache process should now be able to create the needed semaphores and run properly.

    说明:kernel.msgmni
    该文件指定消息队列标识的最大数目,即系统范围内最大多少个消息队列。缺省设置:16。

    admin@intlqa142012x:[/home/admin]cat /proc/sys/kernel/msgmni
    16

    在root下可用sysctl kernel.msgmni检查该参数:

    admin@intlqa142012x:[/home/admin]sysctl kernel.msgmni
    kernel.msgmni = 16

    也可以在命令行下,使用sysctl -w kernel.msgmni=XXX重新设定。

    admin@intlqa142012x:[/home/admin]sysctl -w kernel.msgmni=32
    error: permission denied on key ‘kernel.msgmni’

     

     

    ipcs 命令

    ipcs – 分析消息队列、共享内存和信号量
    ipcs – report status of interprocess communication facilities

    ipcs displays certain information about active interprocess communication facilities. With no options, ipcs displays information in short format for the message queues, shared memory segments, and semaphores that are currently active in the system.

    引用

    它的语法:

    ipcs [-mqs] [-abcopt] [-C core] [-N namelist]
    -m 输出有关共享内存(shared memory)的信息
    -q 输出有关信息队列(message queue)的信息
    -s 输出信号量(semaphore)的信息
    # ipcs -m
    IPC status from as of 2007年04月10日 星期二 18时32分18秒 CST
    T ID KEY MODE OWNER GROUP
    Shared Memory:
    m 0 0x50000d43 –rw-r–r– root root
    m 501 0x1e90c97c –rw-r—– oracle dba

    ipcrm – 删除ipc(清除共享内存信息)

    引用
    它的语法:
    ipcrm -m|-q|-s shm_id
    -m 输出有关共享内存(shared memory)的信息
    -q 输出有关信息队列(message queue)的信息
    -s 输出信号量(semaphore)的信息
    shm_id 共享内存id
    #ipcrm -m 501


    ipcs用于显示消息队列、共享内存、信号灯信息的
    q 显示消息队列
    s 显示信号灯
    m 显示共享内存
    a 详细信息

    其打印出当前你的系统中处于活动状态的共享内存的信息。

    对每一个资源,这个命令会显示:

    TYPE        包括信息队列(q),共享内存段(m),或者信号灯(s)。

    ID         资源条目的唯一的表示号

    KEY        应用程序存取资源使用的参数。

    MODE        存取模式和许可权限的标记

    OWNER and GROUP   登录名和用户属主的组号,OnLine使用的所有的共享内存资源的属主的属主          为root和informix组。

    OnLine共享内存使用的基本键值为0x52564801。SERVERNUM的值乘上0X10000并且加上这个值就为共享内存的键值。这就 是,如果你的SERVERNUM的值为2,你的共享内存段的键值为0x52564801+(2*0x10000)=0x52584801。如果 SERVERNUM的值为6,产生的键值就为0x525c4801。
    清除命令:
    ipcs -s | grep nobody | perl -e ‘while (<STDIN>) { @a=split(/”s+/); print `ipcrm sem $a[1]`}’
    然后启动Apache即可更深入的了解:

     

    Fixing Apache “No space left on device: Couldn’t create accept lock” errors

    Error Message: When starting Apache, I get this error message in the main Apache error_log:

    [emerg] (28)No space left on device: Couldn’t create accept lock
    [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [notice] Digest: generating secret for digest authentication …
    [notice] Digest: done
    [warn] pid file /etc/httpd/run/httpd.pid overwritten — Unclean shutdown of previous Apache run?
    [emerg] (28)No space left on device: Couldn’t create accept lock

    First off, check to make sure that you really aren’t out of disk space, or have hit a quota limit. Another way that Apache can create the “accept lock” is with a semaphore. A semaphore is an inter-process communication tool that is used by Apache to communicate with it’s child processes. This error message may mean that Apache couldn’t create a new semaphore.

    Check to see how many semaphores are currently in use. If Apache is running correctly, you should see something like this:

    # ipcs -s
    —— Semaphore Arrays ——–
    key semid owner perms nsems
    0x00000000 68681743 apache 600 1
    0x00000000 68714515 apache 600 1
    0x00000000 68747291 apache 600 1

    If Apache is stopped, and you still see these semaphores, then you can safely kill them by running this command for each semaphore id (in the second column)

    $ ipcrm -s <semid>

    To destroy all semaphores, you can run this from the command line (with “apache” being the apache-user):

    for semid in `ipcs -s | grep nobody | cut -f2 -d” “`;

    do ipcrm -s $semid; done

    If you are out of semaphores

    If you can’t create any more semaphores:

    Sometimes your system may need to increase the number of semaphores that are available on the system. This requires a change to a kernel parameter. If you are running on a virtual server and cannot modify kernel parameters, you may need to ask your hosting provider to change this parameter on their host server To view the current parameters:

    # ipcs -l
    —— Shared Memory Limits ——–
    max number of segments = 4096
    max seg size (kbytes) = 32768
    max total shared memory (kbytes) = 8388608
    min seg size (bytes) = 1

    —— Semaphore Limits ——–
    max number of arrays = 1024
    max semaphores per array = 250
    max semaphores system wide = 256000
    max ops per semop call = 32
    semaphore max value = 32767

    —— Messages: Limits ——–
    max queues system wide = 1024
    max size of message (bytes) = 8192
    default max size of queue (bytes) = 16384

    To change these parameters, modify the file /etc/sysctl.conf and add the following lines:

    kernel.msgmni = 1024
    kernel.sem = 250 256000 32 1024

    Then load these settings with the command:

    sysctl -p

    Your Apache process should now be able to create the needed semaphores and run properly

    这里介绍下kernel.msgmni

    /proc/sys/kernel/msgmni

    该文件指定消息队列标识的最大数目,即系统范围内最大多少个消息队列。
    缺省设置:16

    在 root 下用 sysctl kernel.msgmni 检查该参数, 也可以在命令行下

    sysctl -w kernel.msgmni=XXX 重新设定。

    man ipcs:

    ipcs(1)                                                              ipcs(1)

    NAME
    ipcs – report status of interprocess communication facilities

    SYNOPSIS
    ipcs [-mqs] [-abcopt] [-C core] [-N namelist]

    DESCRIPTION
    ipcs displays certain information about active interprocess
    communication facilities.   With no options, ipcs displays information
    in short format for the message queues, shared memory segments, and
    semaphores that are currently active in the system.

         Options
    The following options restrict the display to the corresponding
    facilities.

                (none)          This is equivalent to -mqs.

                -m              Display information about active shared memory
    segments.
    -q              Display information about active message queues.

                -s              Display information about active semaphores.

           The following options add columns of data to the display.   See “Column
    Description” below.

                (none)          Display default columns: for all facilities: T,
    ID, KEY, MODE, OWNER, GROUP.

                -a              Display all columns, as appropriate.   This is
    equivalent to -bcopt.

                -b              Display largest-allowable-size information: for
    message queues: QBYTES; for shared memory
    segments: SEGSZ; for semaphores: NSEMS.

                -c              Display creator’s login name and group name: for
    all facilities: CREATOR, CGROUP.

                -o              Display information on outstanding usage: for
    message queues: CBYTES, QNUM; for shared memory
    segments: NATTCH.

                -p              Display process number information: for message
    queues: LSPID, LRPID; for shared memory segments:
    CPID, LPID.

                -t              Display time information: for all facilities:
    CTIME; for message queues: STIME, RTIME; for

    Hewlett-Packard Company             – 1 –    HP-UX Release 11i: November 2000

    ipcs(1)                                                              ipcs(1)

                               shared memory segments: ATIME, DTIME; for
    semaphores: OTIME.

           The following options redefine the sources of information.

                -C core         Use core in place of /dev/kmem.   core can be a
    core file or a directory created by savecrash or
    savecore.

                -N namelist     Use file namelist or the namelist within core in
    place of /stand/vmunix.   It opens a crash dump for
    reading. Please refer to cr_open(3) for more
    details.

         Column Descriptions
    The column headings and the meaning of the columns in an ipcs listing
    are given below.   The columns are printed from left to right in the
    order shown below.

                T          Facility type:

                               m     Shared memory segment
    q     Message queue
    s     Semaphore

                ID         The identifier for the facility entry.

                KEY        The key used as an argument to msgget(), semget(), or
    shmget() to create the facility entry.   (Note: The key
    of a shared memory segment is changed to IPC_PRIVATE
    when the segment has been removed until all processes
    attached to the segment detach it.)
    MODE       The facility access modes and flags: The mode consists
    of 11 characters that are interpreted as follows:

                          The first two characters can be:

                               R     A process is waiting on a msgrcv().
    S     A process is waiting on a msgsnd().
    D     The associated shared memory segment has been
    removed.   It will disappear when the last
    process attached to the segment detaches it.
    C     The associated shared memory segment is to be
    cleared when the first attach is executed.
    –     The corresponding special flag is not set.

                          The next 9 characters are interpreted as three sets of
    three characters each.   The first set refers to the
    owner’s permissions, the next to permissions of others
    in the group of the facility entry, and the last to all

    Hewlett-Packard Company             – 2 –    HP-UX Release 11i: November 2000
    ipcs(1)                                                              ipcs(1)

                          others.

                          Within each set, the first character indicates
    permission to read, the second character indicates
    permission to write or alter the facility entry, and
    the last character is currently unused.

                               r     Read permission is granted.
    w     Write permission is granted.
    a     Alter permission is granted.
    –     The indicated permission is not granted.

                OWNER      The login name of the owner of the facility entry.

                GROUP      The group name of the group of the owner of the
    facility entry.

                CREATOR    The login name of the creator of the facility entry.

                CGROUP     The group name of the group of the creator of the
    facility entry.

                CBYTES     The number of bytes in messages currently outstanding
    on the associated message queue.

                QNUM       The number of messages currently outstanding on the
    associated message queue.

                QBYTES     The maximum number of bytes allowed in messages
    outstanding on the associated message queue.

                LSPID      The process ID of the last process to send a message to
    the associated message queue.

                LRPID      The process ID of the last process to receive a message
    from the associated message queue.

                STIME      The time the last msgsnd() message was sent to the
    associated message queue.

                RTIME      The time the last msgrcv() message was received from
    the associated message queue.

                CTIME      The time when the associated facility entry was created
    or changed.

                NATTCH     The number of processes attached to the associated
    shared memory segment.

                SEGSZ      The size of the associated shared memory segment.

    Hewlett-Packard Company             – 3 –    HP-UX Release 11i: November 2000

    ipcs(1)                                                              ipcs(1)

                CPID       The process ID of the creating process of the shared
    memory segment.

                LPID       The process ID of the last process to attach or detach
    the shared memory segment.

                ATIME      The time the last shmat() attach was completed to the
    associated shared memory segment.

                DTIME      The time the last shmdt() detach was completed on the
    associated shared memory segment.

                NSEMS      The number of semaphores in the set associated with the
    semaphore entry.

                OTIME      The time the last semop() semaphore operation was
    completed on the set associated with the semaphore
    entry.

    WARNINGS
    ipcs produces only an approximate indication of actual system status
    because system processes are continually changing while ipcs is
    acquiring the requested information.

           Do not rely on the exact field widths and spacing of the output, as
    these will vary depending on the system, the release of HP-UX, and the
    data to be displayed.

    FILES
    /dev/kmem            Kernel virtual memory
    /etc/group           Group names
    /etc/passwd          User names
    /stand/vmunix        System namelist
    SEE ALSO
    msgop(2), semop(2), shmop(2).

    STANDARDS CONFORMANCE
    ipcs: SVID2, SVID3

    Hewlett-Packard Company             – 4 –    HP-UX Release 11i: November 2000

  • Apache2.4虚拟主机设置

    //配置虚拟机主机

    cd/etc/httpd/
    mkdir vhost-conf.d
    添加 配置进 httpd.conf
    echo “Include vhost-conf.d/*.conf” >> conf/httpd.conf

    vi/etc/httpd/vhost-conf.d/vhost-name.conf

    //添加如下内容


    ServerName www.xxx.com
    DocumentRoot /var/www/html/www/


    Requireall granted


    ServerName aaa.xxx.com
    DocumentRoot /var/www/html/aaa/


    Require ip 192.168.188.0/24 //可以设置访问限制

    ##############################################3
    另外一个例子

    #端口自定
    ServerAdmin xxx@mail.com
    DocumentRoot “绝对路径”
    ServerName localadm
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log common


    ServerAdmin 邮箱
    DocumentRoot “绝对路径”
    ServerName localadm
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log common

  • CentOS 7.0安装配置LAMP服务器(Apache+PHP+MariaDB)

    准备篇:
    CentOS 7.0系统安装配置图解教程
    http://www.osyunwei.com/archives/7829.html
    一、配置防火墙,开启80端口、3306端口
    CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙。
    1、关闭firewall:
    systemctl stop firewalld.service #停止firewall
    systemctl disable firewalld.service #禁止firewall开机启动
    2、安装iptables防火墙
    yum install iptables-services #安装
    vi /etc/sysconfig/iptables #编辑防火墙配置文件
    # Firewall configuration written by system-config-firewall
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited
    COMMIT
    :wq! #保存退出
    systemctl restart iptables.service #最后重启防火墙使配置生效
    systemctl enable iptables.service #设置防火墙开机启动
    二、关闭SELINUX
    vi /etc/selinux/config
    #SELINUX=enforcing #注释掉
    #SELINUXTYPE=targeted #注释掉
    SELINUX=disabled #增加
    :wq! #保存退出
    setenforce 0 #使配置立即生效
    安装篇:
    一、安装Apache

    系统运维  www.osyunwei.com  温馨提醒:qihang01原创内容©版权所有,转载请注明出处及原文链
    yum install httpd #根据提示,输入Y安装即可成功安装
    systemctl start httpd.service #启动apache
    systemctl stop httpd.service #停止apache
    systemctl restart httpd.service #重启apache
    systemctl enable httpd.service #设置apache开机启动
    在客户端浏览器中打开服务器IP地址,会出现下面的界面,说明apache安装成功

    系统运维  www.osyunwei.com  温馨提醒:qihang01原创内容©版权所有,转载请注明出处及原文链
    二、安装MariaDB
    CentOS 7.0中,已经使用MariaDB替代了MySQL数据库
    1、安装MariaDB

    yum install mariadb mariadb-server #询问是否要安装,输入Y即可自动安装,直到安装完成
    systemctl start mariadb.service #启动MariaDB
    systemctl stop mariadb.service #停止MariaDB
    systemctl restart mariadb.service #重启MariaDB
    systemctl enable mariadb.service #设置开机启动
    cp /usr/share/mysql/my-huge.cnf /etc/my.cnf #拷贝配置文件(注意:如果/etc目录下面默认有一个my.cnf,直接覆盖即可)
    2、为root账户设置密码

    mysql_secure_installation
    回车,根据提示输入Y
    输入2次密码,回车
    根据提示一路输入Y
    最后出现:Thanks for using MySQL!
    MySql密码设置完成,重新启动 MySQL:
    systemctl restart mariadb.service #重启MariaDB
    三、安装PHP
    1、安装PHP

    yum install php #根据提示输入Y直到安装完成
    2、安装PHP组件,使PHP支持 MariaDB
    yum install php-mysql php-gd libjpeg* php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-bcmath php-mhash
    #这里选择以上安装包进行安装,根据提示输入Y回车
    systemctl restart mariadb.service #重启MariaDB
    systemctl restart httpd.service #重启apache
    配置篇
    一、Apache配置
    vi /etc/httpd/conf/httpd.conf #编辑文件
    ServerSignature On  #添加,在错误页中显示Apache的版本,Off为不显示
    Options Indexes FollowSymLinks  #修改为:Options Includes ExecCGI FollowSymLinks(允许服务器执行CGI及SSI,禁止列出目录)
    #AddHandler cgi-script .cgi #修改为:AddHandler cgi-script .cgi .pl (允许扩展名为.pl的CGI脚本运行)
    AllowOverride None  #修改为:AllowOverride All (允许.htaccess)
    AddDefaultCharset UTF-8 #修改为:AddDefaultCharset GB2312 (添加GB2312为默认编码)
    #Options Indexes FollowSymLinks   #修改为 Options FollowSymLinks(不在浏览器上显示树状目录结构)
    DirectoryIndex index.html   #修改为:DirectoryIndex index.html index.htm Default.html Default.htm index.php(设置默认首页文件,增加index.php)
    MaxKeepAliveRequests 500  #添加MaxKeepAliveRequests 500 (增加同时连接数)
    :wq! #保存退出
    systemctl restart httpd.service #重启apache
    rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html #删除默认测试页
    二、php配置
    vi /etc/php.ini #编辑
    date.timezone = PRC #把前面的分号去掉,改为date.timezone = PRC
    disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
    #列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
    expose_php = Off #禁止显示php版本的信息
    short_open_tag = ON #支持php短标签
    open_basedir = .:/tmp/  #设置表示允许访问当前目录(即PHP脚本文件所在之目录)和/tmp/目录,可以防止php木马跨站,如果改了之后安装程序有问题(例如:织梦内容管理系统),可以注销此行,或者直接写上程序的目录/data/www.osyunwei.com/:/tmp/
    :wq! #保存退出
    systemctl restart mariadb.service #重启MariaDB
    systemctl restart httpd.service #重启apache
    测试篇
    cd /var/www/html
    vi index.php #输入下面内容

    :wq! #保存退出
    在客户端浏览器输入服务器IP地址,可以看到如下图所示相关的配置信息!

    注意:apache默认的程序目录是/var/www/html
    权限设置:chown apache.apache -R /var/www/html
    至此,CentOS 7.0安装配置LAMP服务器(Apache+PHP+MariaDB)教程完成!

  • CentOS下修改httpd.conf开启gzip压缩传输

    1. 首页查看一下mod_deflate、mod_headers两个模块是否开启,
    cat /etc/httpd/conf/httpd.conf | grep mod_deflate
    #输出LoadModule deflate_module modules/mod_deflate.so
    cat /etc/httpd/conf/httpd.conf | grep mod_headers
    #输出LoadModule headers_module modules/mod_headers.so

    如果列出文字前都带#号,修改httpd.conf去除
    LoadModule deflate_module modules/mod_deflate.so
    LoadModule headers_module modules/mod_headers.so

    2. 在httpd.conf末尾加入下面文字,并保存
    <IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:pdf|mov|avi|mp3|mp4|rm)$ no-gzip dont-vary
    AddOutputFilterByType DEFLATE text/*
    AddOutputFilterByType DEFLATE application/ms* application/vnd* application/postscript application/javascript application/x-javascript
    </IfModule>

    注解:

    SetOutputFilter DEFLATE

    设置压缩等级,可设置为1到9.数字越大压缩比例越高,相应cpu也越累

    SetOutputFilter DEFLATE
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:pdf|doc|avi|mov|mp3|rm)$ no-gzip dont-vary

    以上三行分别设置对图片、压缩文件、视频文件等格式的文件不使用gzip压缩

    AddOutputFilterByType DEFLATE text/*

    对文字启用压缩

    AddOutputFilterByType DEFLATE application/ms* application/vnd* application/postscript application/javascript application/x-javascript

    对js启用压缩
    例子:
    #######################################
    <IfModule deflate_module>
    SetOutputFilter DEFLATE
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:pdf|doc|avi|mov|mp3|rm)$ no-gzip dont-vary
    AddOutputFilterByType DEFLATE text/*
    AddOutputFilterByType DEFLATE application/ms* application/vnd* application/postscript application/javascript application/x-javascript
    </IfModule>
    #######################################
    3. 重启httpd

    service httpd restart

  • Httpd 错误 No space left on device

    tail /var/log/httpd/error_log
    [Thu Jan 23 00:17:44 2014] [notice] Digest: done
    [Thu Jan 23 00:17:44 2014] [emerg] (28)No space left on device: Couldn’t create accept lock (/etc/httpd/logs/accept.lock.23808) (5)

    解决办法:
    1、输入:ipcs -s 看有没有超过5个,如果有请执行下面2的命令:
    2、ipcs -s | perl -ane ‘/^0x00000000/ && `ipcrm -s $F[1]`’
    3、重启Apache服务。(到此问题解决!)
    ipcs -s | grep apache | perl -e ‘while (<STDIN>) { @a=split(/\s+/); print `ipcrm sem $a[1]`}’
    网上有人说用上面这条命令或者重启服务器之后也可以解决,没有尝试,因为我用命令2之后已经解决了!

    df -ih
    Filesystem            Inodes   IUsed   IFree IUse% Mounted on
    /dev/sda3                35M    456K     35M    2% /
    tmpfs                    16M       5     16M    1% /dev/shm
    /dev/sda1               126K      41    125K    1% /boot

    原因:
    看到这个错误,第一个反应是磁盘空间满了;但 df 一看,每个分区的空间都还富余的很。从 munin 的监控图表上看 Filesystem usage 也很平稳,但下面的 Inode usage 就有问题了,其中一个分区的 usage 已经到了100%。赶紧跑到服务器上 df -i 检查,果然是 Inode 耗尽。原来这个分区是用来扔各种日志和临时文件的,其中有某个程序产生的临时文件又小又多,又没有进行定时回滚,造成在磁盘空间耗尽之前文件系统的 Inode 就被用光了。
    Linux/Unix like OS 的文件系统中每个目录树中的节点并不是像 Windows 那样直接包含文件的具体信息,而只包含了文件名和 Inode number 。通过 Inode number 所找到对应于文件名的 Inode 节点中才真正记录了文件的大小/物理地址/所有者/访问权限/时间戳/被硬链接的次数等实际的 metadata 。因此你可以在 Linux 系统中通过硬链接( hard link ) 的方式给某个文件创建无数个位于不同目录下的文件名,而实际的文件数据只需要一份拷贝。
    但也正因为这种文件系统的结构,当你在 Linux 中进行 IO 操作的时候,需要的资源除了磁盘空间以外,还要有剩余的 Inode 才行。缺省情况下, Linux 在系统安装过程中按照1个 Inode 对应 2k 磁盘空间来计算每个分区的最大 Inode 数。一旦文件系统创建之后,每个分区可用 Inode 数就无法进行动态调整。
    正常来说,一般不太会出现某个分区的 Inode 耗尽而磁盘空间尚余的情况,除非像我碰到的这样垃圾小文件疯长而又没进行有效的清理。但如果确实需要的话,可以在创建文件系统(比如用 mke2fs )的时候根据实际需要来调整这个参数(比如分区如果用于存放超大视频文件的话 Inode 的数量可以少一些;如果打算存放的文件是大量小于 2k 的迷你文件的话就要考虑多创建一些 Inode)。

    附:Inode Definition by The Linux Information Project
    其它人碰到的 No space left on device 原因:
    超出系统中同时运行的最大 message queue 个数限制 : 在 root 下用 sysctl kernel.msgmni 检查该参数, sysctl -w kernel.msgmni=XXX 重新设定即可。
    cvs 异常断开的连接在 /tmp 目录下留下大量的临时文件导致 /tmp 目录满

    http://www.zeali.net/entry/480
    http://zhisheng00.iteye.com/blog/652107