#!/bin/bash
##########################################
# Install app server env.
# Prepare:Ubuntu 10.04 Linux server configed ssh,LVS Real Server and mysql slave.
##########################################
[ `whoami` != "root" ] && echo "Not root." && exit 1;
export EDITOR=vim;
if ! grep "export EDITOR=vim" /etc/profile >/dev/null;
then
echo "export EDITOR=vim;" >> /etc/profile;
fi;
#app server domain
DOMAIN='app.example.net';
#statics files server domain
S_DOMAIN='statics.app.example.net';
#Linux内核参数优化
sysctl -w net.ipv4.tcp_syncookies=1 #表示开启SYN
Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭
sysctl -w net.ipv4.tcp_tw_reuse=1 #表示开启重用。允许将TIME-WAIT
sockets重新用于新的TCP连接,默认为0,表示关闭
sysctl -w net.ipv4.tcp_tw_recycle=1 # 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭
sysctl -w net.ipv4.tcp_fin_timeout=30 #表示如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间
sysctl -w net.ipv4.tcp_max_tw_buckets=6000 #系统同时保持TIME_WAIT套接字的最大数量
sysctl -w net.core.somaxconn=262144
#表示系统同时保持TIME_WAIT套接字的最大数量,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。默认为180000,改为5000。对于Apache、Nginx等服务器,上几行的参数可以很好地减少TIME_WAIT套接字数量,但是对于Squid,效果却不大。此项参数可以控制TIME_WAIT套接字的最大数量,避免Squid服务器被大量的TIME_WAIT套接字拖死。
sysctl -w net.ipv4.tcp_keepalive_time = 1200
#表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省是2小时,改为20分钟。
sysctl -w net.ipv4.ip_local_port_range = 1024 65000
#表示用于向外连接的端口范围。缺省情况下很小:32768到61000,改为1024到65000。
sysctl -w net.ipv4.tcp_max_syn_backlog = 8192
#表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数。
sysctl > /etc/sysctl.conf;
( #Start
#Install production server
(
apt-get -y --force-yes install curl;#安装curl
apt-get -y --force-yes install python-software-properties;
add-apt-repository ppa:brianmercer/php;#Ubuntu 10.04 需要添加PHP FPM的PPA源
apt-get update;
apt-get -y --force-yes install nginx;
apt-get -y --force-yes install memcached;
apt-get -y --force-yes install mercurial;
apt-get -y --force-yes install php5-cgi php5-fpm php-apc php5-mysql php5-gd php5-mcrypt php5-memcache;
) > /dev/null;
#fix "#" comment
echo 'extension=mcrypt.so' > /etc/php5/fpm/conf.d/mcrypt.ini;
#Deploy app
cd /var/www;
rm -rf app;
hg clone https://repo.app@repo.dev.example.net/hg/app/;
#Config nginx
#我们服务器有16核,所以...
echo '
user www-data;
worker_processes 16;
worker_cpu_affinity 1000000000000000 0100000000000000 0010000000000000 0001000000000000 0000100000000000 0000010000000000 0000001000000000 0000000100000000 0000000010000000 0000000001000000 0000000000100000 0000000000010000 0000000000001000 0000000000000100 0000000000000010 0000000000000001;
worker_rlimit_nofile 65536;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 131072;
}
http {
client_header_buffer_size 4K;
open_file_cache max=65536 inactive=20s;
open_file_cache_min_uses 3;
open_file_cache_valid 30s;
access_log off;
include /etc/nginx/mime.types;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_buffers 16 64k;
gzip_min_length 1k;
gzip_comp_level 6;
gzip_vary on;
gzip_types text/plain text/javascript text/css application/x-javascript text/xml application/xml application/xml+rss;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
' > /etc/nginx/nginx.conf;
#enable nginx-status
echo "
server {
listen 80 default;
server_name localhost;
access_log off;
location / {
root /var/www/nginx-default;
index index.html index.htm;
}
location = /favicon.ico {
log_not_found off;
}
location /nginx-status {
stub_status on;
allow 127.0.0.1;
deny all;
}
}" > /etc/nginx/sites-enabled/default;
echo '
server {
listen 80;
server_name '$DOMAIN';
keepalive_timeout 0;
access_log off;
log_not_found off;
error_log /var/log/nginx/app.error.log;
root /var/www/app/;
index index.php index.htm index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/(protected|yii)/ {
deny all;
}
location = /favicon.ico {
expires max;
return 204;
}
location ~ \.php$ {
fastcgi_pass unix:/dev/shm/app-php-fpm.socket;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param X-Real-IP $remote_addr;
include fastcgi_params;
}
}
' > /etc/nginx/sites-available/app;
echo '
server {
listen 80;
server_name '$S_DOMAIN';
keepalive_timeout 60;
access_log off;
log_not_found off;
index index.htm index.html;
location / {
root /var/www/app/;
deny all;
}
location ~ ^/(statics|css|assets|demo|themes|tests)/ {
root /var/www/app/;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_buffers 16 64k;
gzip_min_length 1k;
gzip_comp_level 6;
gzip_vary on;
expires 7d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /favicon.ico {
return 204;
}
location ~ \.php$ {
deny all;
}
}
' > /etc/nginx/sites-available/s.app;
ln -sf ../sites-available/app /etc/nginx/sites-enabled/;
ln -sf ../sites-available/s.app /etc/nginx/sites-enabled/;
echo '
[global]
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm-error.log
process_control_timeout = 30
daemonize = yes
[www]
listen = /dev/shm/app-php-fpm.socket
user = www-data
group = www-data
pm = static
pm.max_children = 256
pm.max_requests = 65535
request_terminate_timeout = 30
rlimit_files = 65535
' > /etc/php5/fpm/php5-fpm.conf;
service php5-fpm restart;
service nginx restart;
if ! grep "$DOMAIN" /etc/hosts;then
echo "127.0.0.1 $DOMAIN $S_DOMAIN" >> /etc/hosts;
fi;
(
crontab -l|sed "/$DOMAIN/d";
echo "
30 * * * * curl http://$DOMAIN/CronTask/some-op
5 * * * * curl http://$DOMAIN/CronTask/some-op
";
)|crontab;
#End
);
相关文章
