LNMP优化参数

上传相关参数:
vi /usr/local/nginx/conf/nginx.conf
在http{} 字段里添加
设置所能接收的最大请求体的大小:
client_max_body_size 128M;
vi /etc/php5/fpm/php.ini
定 POST 数据所允许的最大大小:
post_max_size = 128M
设定了一个脚本所能够申请到的最大内存字节数:
memory_limit = 128M
所上传的文件的最大大小:
upload_max_filesize = 128M

记录PHP“错误日志”和|“慢查询”:
vi /usr/local/php/etc/php-fpm.conf
错误日志:
error_log = /data/logs/service/php-fpm.log
慢查询:
slowlog = /data/logs/service/$pool.log.slow
request_slowlog_timeout = 1
request_terminate_timeout = 5
开启后,如果有脚本执行超过指定的时间,就会在指定的日志文件中写入类似如下的信息:
[19-Dec-2013 16:54:49] [pool www] pid 18575
 script_filename = /home/web/htdocs/sandbox_canglong/test/tt.php
 [0x0000000003a00dc8] curl_exec() /home/web/htdocs/sandbox_canglong/test/tt.php:2
 [0x0000000003a00cd0] exfilter_curl_get() /home/web/htdocs/sandbox_canglong/test/tt.php:6

 

日志说明:
     script_filename 是入口文件
     curl_exec() : 说明是执行这个方法的时候超过执行时间的。
     exfilter_curl_get() :说明调用curl_exec()的方法是exfilter_curl_get() 。
     每行冒号后面的数字是行号。
开启后,在错误日志文件中也有相关记录。如下:
[19-Dec-2013 15:55:37] WARNING: [pool www] child 18575, script '/home/web/htdocs/sandbox_canglong/test/tt.php' (request: "GET /test/tt.php") executing too slow (1.006222 sec), logging
 [19-Dec-2013 15:55:37] NOTICE: child 18575 stopped for tracing
 [19-Dec-2013 15:55:37] NOTICE: about to trace 18575
 [19-Dec-2013 15:55:37] NOTICE: finished trace of 18575

IO 调度算法:
#cat /sys/block/sda/queue/scheduler
noop [deadline] cfq
SSD硬盘适合使用:NOOP

SAS硬盘适合使用:deadline


Nginx使用https功能:

cd /usr/local/nginx/conf/
step.1
首先要生成服务器端的证书私钥(key文件):
openssl genrsa -des3 -out server.key 1024
运行时会提示输入密码,此密码用于加密key文件,去除key文件口令的命令
设置输入口令dugutianxue回车
step.2
生成Certificate Signing Request(CSR),生成的csr文件交给CA签名后形成服务端自己的证书.屏幕上将有提示,依照其指示一步一步输入要求的个人信息即可.
生成自签名证书文件:
openssl req -new -key server.key -out server.csr
输入dugutianxue一路回车
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
输入dugutianxue一路回车
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
vim nginx.conf
在server标签内加入

       listen  443;
       server_name www.xwroot.com;
       ssl on;
       ssl_certificate /usr/local/nginx/conf/ssl/server.crt;
       ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;
       ssl_client_certificate /usr/local/nginx/conf/ssl/server.crt;
       设置客户端能够反复使用储存在缓存中的会话参数时间:
       ssl_session_timeout 60m;
       指定要开启的SSL协议:
       ssl_protocols  SSLv2 SSLv3 TLSv1;
       指出为建立安全连接,服务器所允许的密码格式列表,密码指定为OpenSSL支持的格式:
       ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
       依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码:
       ssl_prefer_server_ciphers   on;

/usr/local/nginx /sbin/nginx -s reload

HTTP自动跳转HTTPS:

server {
        listen    80;
        server_name    jk.xwroot.com;
        return    301 https://$server_name$request_uri;
}
server {
        listen      443 ssl;
        access_log /data/logs/erp.hljbqzx.com-access.log main;
        error_log /data/logs/erp.hljbqzx.com-error.log;

        server_name jk.xwroot.com;
        ssl on;
        ......
}

相关参数优化:

user nginx;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;

...
#配置Nginx worker 进程的最大打开文件数:
worker_rlimit_nofile 65536;
events {
  use epoll;
#调整Nginx单个进程允许的客户端最大连接数
  worker_connections 10240;
}
http {
...
#上传文件大小限制(动态应用):
  client_max_body_size 128m;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
#开启搞笑文件传输模式:
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;

  server_tokens off;
#Nginx 连接超时的参数设置:
  keepalive_timeout 60;
  client_header_timeout 15;
  client_body_timeout 15;
  send_timeout 20;

#Nginx Gzip压缩实现性能优化
  gzip on;
  gzip_disable "msie6";
  gzip_min_length 1k;
  gzip_buffers 4 32k;
  gzip_http_version 1.1;
  gzip_comp_level 4;
  gzip_proxied any;
  gzip_types text/css text/xml application/xml application/javascript text/plain;
  gzip_vary on;

#FastCGI相关参数优化:
  fastcgi_connect_timeout 240;
  fastcgi_send_timeout 240;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;
  #fastcgi_temp_path /data/ngx_fcgi_tmp;
  fastcgi_cache_path /data/ngx_fcgi_cache levels=2:2 keys_zone=ngx_fcgi_cache:512m inactive=1d max_size=8g;

 server {
  listen 80;
  server_name www.xxx.com xxx.com;

  access_log /data/logs/www.xxx.com-access.log main;
  error_log /data/logs/www.xxx.com-error.log;

  error_page 403 /403.html;

  root /data/www/www_xxx_com;
  index index.html index.htm index.php;

  #屏蔽特定目录PHP执行权限
  location ~* /(images|uploads)/.*\.(php|php5|py)$ {
  deny all;
  }
#配置Nginx expires缓存实现性能优化
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
  expires 30d;
  }

  location /status {
  stub_status on;
  access_log off;
  auth_basic "Web_Status";
  auth_basic_user_file /usr/local/nginx/conf/conf.d/htpasswd;
  #allow 172.16.203.0/24;
  #deny all;
  #allow all;
  }

  location ~ \.php$ {
  #root /data/www/www_xxx_com;
  fastcgi_pass 127.0.0.1:9000;
  #fastcgi_pass unix:/tmp/php-fpm.sock;
  fastcgi_buffer_size 128k;
  fastcgi_buffers 32 32k;
  fastcgi_index index.php;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  include fastcgi_params;

#FastCGI相关参数优化:
  fastcgi_cache ngx_fcgi_cache;
  fastcgi_cache_valid 200 302 1h;
  fastcgi_cache_valid 301 1d;
  fastcgi_cache_valid any 1m;
  fastcgi_cache_min_uses 1;
  fastcgi_cache_use_stale error timeout invalid_header http_500;
  fastcgi_cache_key http://$host$request_uri;
  }
  }
}

内核优化参数:
Web优化常用参数
数据库优化参数
vi /etc/security/limits.conf
* soft nproc unlimited
* hard nproc unlimited
* soft nofile 655350
* hard nofile 655350

vi /etc/sysctl.conf
#net.core.somaxconn = 262144
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
fs.file-max = 102400
net.core.netdev_max_backlog = 262144
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.route.gc_timeout = 20
net.ipv4.ip_local_port_range = 1025 65535
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_tw_buckets = 200000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
#vm.swappiness = 0
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 1
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

 

独孤天血

文章作者信息...

留下你的评论

*评论支持代码高亮<pre class="prettyprint linenums">代码</pre>

相关推荐