#!/bin/bash ########################################## # Install app server env. # Prepare:Ubuntu 10.04 Linux server configed ssh,LVS Real Server and mysql slave. ########################################## [ `whoami` != "root" ] && echo "Not root." && exit 1; export EDITOR=vim; if ! grep "export EDITOR=vim" /etc/profile >/dev/null; then echo "export EDITOR=vim;" >> /etc/profile; fi; #app server domain DOMAIN='app.example.net'; #statics files server domain S_DOMAIN='statics.app.example.net'; #Linux内核参数优化 sysctl -w net.ipv4.tcp_syncookies=1 #表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭 sysctl -w net.ipv4.tcp_tw_reuse=1 #表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭 sysctl -w net.ipv4.tcp_tw_recycle=1 # 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭 sysctl -w net.ipv4.tcp_fin_timeout=30 #表示如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间 sysctl -w net.ipv4.tcp_max_tw_buckets=6000 #系统同时保持TIME_WAIT套接字的最大数量 sysctl -w net.core.somaxconn=262144 #表示系统同时保持TIME_WAIT套接字的最大数量,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。默认为180000,改为5000。对于Apache、Nginx等服务器,上几行的参数可以很好地减少TIME_WAIT套接字数量,但是对于Squid,效果却不大。此项参数可以控制TIME_WAIT套接字的最大数量,避免Squid服务器被大量的TIME_WAIT套接字拖死。 sysctl -w net.ipv4.tcp_keepalive_time = 1200 #表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省是2小时,改为20分钟。 sysctl -w net.ipv4.ip_local_port_range = 1024 65000 #表示用于向外连接的端口范围。缺省情况下很小:32768到61000,改为1024到65000。 sysctl -w net.ipv4.tcp_max_syn_backlog = 8192 #表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数。 sysctl > /etc/sysctl.conf; ( #Start #Install production server ( apt-get -y --force-yes install curl;#安装curl apt-get -y --force-yes install python-software-properties; add-apt-repository ppa:brianmercer/php;#Ubuntu 10.04 需要添加PHP FPM的PPA源 apt-get update; apt-get -y --force-yes install nginx; apt-get -y --force-yes install memcached; apt-get -y --force-yes install mercurial; apt-get -y --force-yes install php5-cgi php5-fpm php-apc php5-mysql php5-gd php5-mcrypt php5-memcache; ) > /dev/null; #fix "#" comment echo 'extension=mcrypt.so' > /etc/php5/fpm/conf.d/mcrypt.ini; #Deploy app cd /var/www; rm -rf app; hg clone https://repo.app@repo.dev.example.net/hg/app/; #Config nginx #我们服务器有16核,所以... echo ' user www-data; worker_processes 16; worker_cpu_affinity 1000000000000000 0100000000000000 0010000000000000 0001000000000000 0000100000000000 0000010000000000 0000001000000000 0000000100000000 0000000010000000 0000000001000000 0000000000100000 0000000000010000 0000000000001000 0000000000000100 0000000000000010 0000000000000001; worker_rlimit_nofile 65536; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { use epoll; worker_connections 131072; } http { client_header_buffer_size 4K; open_file_cache max=65536 inactive=20s; open_file_cache_min_uses 3; open_file_cache_valid 30s; access_log off; include /etc/nginx/mime.types; sendfile on; tcp_nopush on; tcp_nodelay on; gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_buffers 16 64k; gzip_min_length 1k; gzip_comp_level 6; gzip_vary on; gzip_types text/plain text/javascript text/css application/x-javascript text/xml application/xml application/xml+rss; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } ' > /etc/nginx/nginx.conf; #enable nginx-status echo " server { listen 80 default; server_name localhost; access_log off; location / { root /var/www/nginx-default; index index.html index.htm; } location = /favicon.ico { log_not_found off; } location /nginx-status { stub_status on; allow 127.0.0.1; deny all; } }" > /etc/nginx/sites-enabled/default; echo ' server { listen 80; server_name '$DOMAIN'; keepalive_timeout 0; access_log off; log_not_found off; error_log /var/log/nginx/app.error.log; root /var/www/app/; index index.php index.htm index.html; location / { try_files $uri $uri/ /index.php?$args; } location ~ ^/(protected|yii)/ { deny all; } location = /favicon.ico { expires max; return 204; } location ~ \.php$ { fastcgi_pass unix:/dev/shm/app-php-fpm.socket; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param X-Real-IP $remote_addr; include fastcgi_params; } } ' > /etc/nginx/sites-available/app; echo ' server { listen 80; server_name '$S_DOMAIN'; keepalive_timeout 60; access_log off; log_not_found off; index index.htm index.html; location / { root /var/www/app/; deny all; } location ~ ^/(statics|css|assets|demo|themes|tests)/ { root /var/www/app/; gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_buffers 16 64k; gzip_min_length 1k; gzip_comp_level 6; gzip_vary on; expires 7d; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location = /favicon.ico { return 204; } location ~ \.php$ { deny all; } } ' > /etc/nginx/sites-available/s.app; ln -sf ../sites-available/app /etc/nginx/sites-enabled/; ln -sf ../sites-available/s.app /etc/nginx/sites-enabled/; echo ' [global] pid = /var/run/php5-fpm.pid error_log = /var/log/php5-fpm-error.log process_control_timeout = 30 daemonize = yes [www] listen = /dev/shm/app-php-fpm.socket user = www-data group = www-data pm = static pm.max_children = 256 pm.max_requests = 65535 request_terminate_timeout = 30 rlimit_files = 65535 ' > /etc/php5/fpm/php5-fpm.conf; service php5-fpm restart; service nginx restart; if ! grep "$DOMAIN" /etc/hosts;then echo "127.0.0.1 $DOMAIN $S_DOMAIN" >> /etc/hosts; fi; ( crontab -l|sed "/$DOMAIN/d"; echo " 30 * * * * curl http://$DOMAIN/CronTask/some-op 5 * * * * curl http://$DOMAIN/CronTask/some-op "; )|crontab; #End );