centos5.8 64 php5.3.15 apache2.2.22
apache2.2.22源码编译安装目录 /home/software/apache/httpd-2.2.22/
apache2.2.22安装目录 /usr/local/apache/
mod_expires 用于发送header,设置静态文件的过期时间
cd  /home/software/apache/httpd-2.2.22/modules/metadata
/usr/local/apache/bin/apxs -i -a -c mod_expires.c
vi /usr/local/apache/conf/httpd.conf
<IfModule expires_module>
ExpiresActive On
ExpiresDefault A600
ExpiresByType image/gif A2592000
ExpiresByType image/jpeg A2592000
</IfModule>
A2592000表示gif的有效期为一个月
mod_deflate 用于开启gzip压缩
cd  /home/software/apache/httpd-2.2.22/modules/filters
/usr/local/apache/bin/apxs -i -a -c mod_deflate.c
vi /usr/local/apache/conf/httpd.conf
<IfModule deflate_module>
    SetOutputFilter DEFLATE
    DeflateCompressionLevel 9
    # Netscape 4.x 有一些问题…
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    # Netscape 4.06-4.08 有更多的问题
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    # MSIE 会伪装成 Netscape ,但是事实上它没有问题
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # 确保代理不会发送错误的内容
    Header append Vary User-Agent env=!dont-vary
    # Don’t compress images and other 不压缩图片
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI .(?:pdf|doc)$ no-gzip dont-vary
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
    AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>

[root@web1 filters]# service httpd restart
httpd: Syntax error on line 345 of /usr/local/apache/conf/httpd.conf: module deflate_module is built-in and can’t be loaded

如果出现以上错误,请注释掉该模块,编译安装的时候已经内置支持了。

    下载所需软件
wget -c http://mirror.bjtu.edu.cn/apache/httpd/httpd-2.2.22.tar.gz
    wget -c http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
                    安装apache
                tar zxvf httpd-2.2.22.tar.gz
                cd httpd-2.2.22/
                ./configure –prefix=/usr/local/apache –enable-headers –enable-mime-magic –enable-proxy –enable-so –enable-rewrite –enable-ssl –enable-deflate –enable-suexec –disable-userdir –with-included-apr –with-mpm=prefork –with-ssl=/usr –disable-userdir –disable-cgid –disable-cgi
                make && make install
                cd ..
                centos64出现错误

                    make[2]: *** [htpasswd] Error 1
                    make[1]: *** [all-recursive] Error 1
                    解决办法
                    mv /usr/lib/libm.a /usr/lib/libm.a.bak
                    mv /usr/lib/libm.so /usr/lib/libm.so.bak
                    mv /usr/lib/libexpat.so /usr/lib/libexpat.so.bak
                    ln -s /usr/lib64/libm.a /usr/lib/libm.a
                    ln -s /usr/lib64/libm.so /usr/lib/libm.so
                    ln -s /usr/lib64/libexpat.so /usr/lib/libexpat.so
                     
                    apache的配置文件采用了lnmp.org 上的配置方法,到lnmp.org下载lnmp0.9获取。
                    mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak
                    cp /root/lnmp0.9/conf/httpd.conf /usr/local/apache/conf/httpd.conf
                    cp /root/lnmp0.9/conf/httpd-default.conf /usr/local/apache/conf/extra/httpd-default.conf
                    cp /root/lnmp0.9/conf/httpd-vhosts.conf /usr/local/apache/conf/extra/httpd-vhosts.conf
                    cp /root/lnmp0.9/conf/httpd-mpm.conf /usr/local/apache/conf/extra/httpd-mpm.conf
                    cp /root/lnmp0.9/conf/rpaf.conf /usr/local/apache/conf/extra/rpaf.conf
                     
                    sed -i ‘s/#ServerName www.example.com:80/ServerName ‘web1.iamle.com’:88/g’ /usr/local/apache/conf/httpd.conf
                    sed -i ‘s/ServerAdmin you@example.com/ServerAdmin ‘i##iamle.com’/g’ /usr/local/apache/conf/httpd.conf
                    sed -i ‘s/www.lnmp.org/’web1.iamle.com’/g’ /usr/local/apache/conf/extra/httpd-vhosts.conf
                    sed -i ‘s/webmaster@example.com/’i##iamle.com’/g’ /usr/local/apache/conf/extra/httpd-vhosts.conf
                    mkdir -p /usr/local/apache/conf/vhost
                    cat >>/usr/local/apache/conf/httpd.conf<<EOF
                    Include conf/vhost/*.conf
                    EOF
                     
                    echo “Download new Apache init.d file……”
                    wget -c http://soft.vpser.net/lnmp/ext/init.d.httpd
                    cp init.d.httpd /etc/init.d/httpd
                    chmod +x /etc/init.d/httpd
                    chkconfig –level 345 php-fpm off
                    chkconfig –level 345 httpd on
                     
                        安装apache mod_ rpaf支持显示客户真实ip
                    tar -zxvf mod_rpaf-0.6.tar.gz
                    cd mod_rpaf-0.6/
                    /usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
                    cd ..
                    ln -s /usr/local/lib/libltdl.so.3 /usr/lib/libltdl.so.3
                        安装apache2.2.22支持php5.3.15
                    tar zxvf php-5.3.15.tar.gz
                    cd php-5.3.15
                    ./configure –prefix=/usr/local/php –with-config-file-path=/usr/local/php/etc –with-apxs2=/usr/local/apache/bin/apxs with-libevent-dir –with-mysql=mysqlnd –with-mysqli=mysqlnd –with-pdo-mysql=mysqlnd –with-iconv-dir –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-magic-quotes –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-mbstring –with-mcrypt –enable-ftp –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –without-pear –with-gettext –disable-fileinfo
                     
                    rm -f libtool
                    cp /usr/local/apache/build/libtool .
                     
                    make ZEND_EXTRA_LIBS=’-liconv’
                    make install
                     
                    mkdir -p /usr/local/php/etc/
                    rm -f /usr/local/php/etc/php.ini
                    cp php.ini-production /usr/local/php/etc/php.ini
                     
                    # php extensions
                    echo “Modify php.ini……”
                    sed -i ‘s#extension_dir = “./”#extension_dir = “/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/”\nextension = “memcache.so”\#’ /usr/local/php/etc/php.ini
                    sed -i ‘s/post_max_size = 8M/post_max_size = 50M/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/upload_max_filesize = 2M/upload_max_filesize = 50M/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/;date.timezone =/date.timezone = PRC/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/short_open_tag = Off/short_open_tag = On/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/; cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/max_execution_time = 30/max_execution_time = 300/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/register_long_arrays = On/;register_long_arrays = On/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/magic_quotes_gpc = On/;magic_quotes_gpc = On/g’ /usr/local/php/etc/php.ini
                    sed -i ‘s/disable_functions =.*/disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,fsockopen/g’ /usr/local/php/etc/php.ini
                        

                         安装php zend支持~直接用lnmp0.9的shell
                    echo “Install ZendGuardLoader for PHP 5.3”
                    if [ `getconf WORD_BIT` = ’32’ ] && [ `getconf LONG_BIT` = ’64’ ] ; then
                            wget -c http://downloads.zend.com/guard/5.5.0/ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz
                            tar zxvf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz
                        mkdir -p /usr/local/zend/
                        cp ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/local/zend/
                    else
                            wget -c http://downloads.zend.com/guard/5.5.0/ZendGuardLoader-php-5.3-linux-glibc23-i386.tar.gz
                        tar zxvf ZendGuardLoader-php-5.3-linux-glibc23-i386.tar.gz
                        mkdir -p /usr/local/zend/
                        cp ZendGuardLoader-php-5.3-linux-glibc23-i386/php-5.3.x/ZendGuardLoader.so /usr/local/zend/
                    fi
                     
                    echo “Write ZendGuardLoader to php.ini……”
                    cat >>/usr/local/php/etc/php.ini<<EOF
                    ;eaccelerator
                     
                    ;ionCube
                     
                    [Zend Optimizer]
                    zend_extension=/usr/local/zend/ZendGuardLoader.so
                    EOF
                     
                           安装php memcache支持~直接用lnmp0.9的shell
                    echo “Checking php extensions files……”
                    if [ -s memcache-2.2.5.tgz ]; then
                      echo “memcache-2.2.5.tgz [found]”
                      else
                      echo “Error: memcache-2.2.5.tgz not found!!!download now……”
                      wget -c http://soft.vpser.net/web/memcache/memcache-2.2.5.tgz
                    fi
                     
                    echo “Install php extensions……”
                    tar zxvf memcache-2.2.5.tgz
                    cd memcache-2.2.5/
                    /usr/local/php/bin/phpize
                    ./configure –with-php-config=/usr/local/php/bin/php-config
                    make && make install
                    cd ../
                     
                     
                     

                          先说下本vps 搭建的网站采用的是nginx + php + mysql 组合。

                  今天无聊上传了一个php webshell到我的vps server上。 结果是惨不忍睹。整个linux服务器的文件全可见,安全问题被我忽视了。看看截图。

                  image       看看截图吧被webshell了连我的备份文件都要被xxx。上面也丢了几个虚拟主机,一旦有一网站有程序漏洞被webshell了整个服务器都沦陷了。到百度 google 去搜索了下nginx的权限控制问题,虽然看到了解决方案,不过太不爽了。nginx真的非常好用,不过现在的问题是要解决权限问题。期待nginx以后的版本能解决这个问题,虚拟主机上的安全配置问题。

                         找个时间准备把nginx换成apahce,鉴于个人站根本没上面流量Apache也绝对没问题。

                  没事搜索了下apahce nginx lighttpd 这三个web server的综合评测文章。这篇还不错转载了。

                  www.qq.com 腾讯   www.douban.com 豆瓣 www.xiami.com 虾米 等网站都是用的nginx了。

                  我这个小博客构架于vps上,web server采用nginx。

                  —————————————————————————————————————-

                  一.软件介绍(apache  lighttpd  nginx)
                  1. lighttpd
                  Lighttpd是一个具有非常低的内存开销,cpu占用率低,效能好,以及丰富的模块等特点。lighttpd是众多OpenSource轻量级的web server中较为优秀的一个。支持FastCGI, CGI, Auth, 输出压缩(output compress), URL重写, Alias等重要功能。
                  Lighttpd使用fastcgi方式运行php,它会使用很少的PHP进程响应很大的并发量。
                  Fastcgi的优点在于:
                  · 从稳定性上看, fastcgi是以独立的进程池运行来cgi,单独一个进程死掉,系统可以很轻易的丢弃,然后重新分配新的进程来运行逻辑.
                  · 从安全性上看, fastcgi和宿主的server完全独立, fastcgi怎么down也不会把server搞垮,
                  · 从性能上看, fastcgi把动态逻辑的处理从server中分离出来, 大负荷的IO处理还是留给宿主server, 这样宿主server可以一心一意作IO,对于一个普通的动态网页来说, 逻辑处理可能只有一小部分, 大量的图片等静态IO处理完全不需要逻辑程序的参与(注1)
                  · 从扩展性上讲, fastcgi是一个中立的技术标准, 完全可以支持任何语言写的处理程序(php,java,python…)

                  继续阅读