如果想在windows下搭建Nginx+MariaDB,可以参考月光宝盒另一篇博文《使用WnMp在windows下搭建Nginx+MariaDB+PHP》
首先, 以root登录:
基本服务器配置
设置Hostname
echo “plato” > /etc/hostname hostname -F /etc/hostname
编辑 /etc/hosts (IPv6)
增加:
12.34.56.78 plato.example.com plato
2600:3c01::a123:b456:c789:d012 plato.example.com plato
设置时区
dpkg-reconfigure tzdata
更新服务器软件
nano /etc/apt/sources.list
增加下面两行:
deb http://packages.dotdeb.org squeeze all deb-src http://packages.dotdeb.org squeeze all wget http://www.dotdeb.org/dotdeb.gpg cat dotdeb.gpg | apt-key add - apt-get update apt-get upgrade –show-upgraded
配置安全属性
增加一个系统管理员
adduser example_user usermod -a -G sudo example_user logout ssh example_user@123.456.78.90
现在开始,你可以用新用户加sudo来执行管理员命令了。
反激活root的SSH登录
sudo nano /etc/ssh/sshd_config
更新这一行:PermitRootLogin no
sudo service ssh restart
设置防火墙:
sudo iptables -L sudo nano /etc/iptables.firewall.rules
复制:
*filter # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn’t use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic – you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL). -A INPUT -p tcp –dport 80 -j ACCEPT -A INPUT -p tcp –dport 443 -j ACCEPT # Allow SSH connections # # The -dport number should be the same port number you set in sshd_config # -A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT # Allow ping -A INPUT -p icmp -j ACCEPT # Log iptables denied calls -A INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7 # Drop all other inbound – default deny unless explicitly allowed policy -A INPUT -j DROP -A FORWARD -j DROP COMMIT sudo iptables-restore
让防火墙每次重启后自动加载:
sudo nano /etc/network/if-pre-up.d/firewall #!/bin/sh /sbin/iptables-restore sudo chmod +x /etc/network/if-pre-up.d/firewall
安装Fail2Ban,自动检测攻击并阻止:
sudo aptitude install fail2ban
安装PHP-FPM
sudo aptitude install php5 php5-cli php5-dev php5-gd php-pear php5-fpm php5-geoip libgeoip1 libgeoip-dev geoip-database
更新一些配置:
sudo nano /etc/php5/fpm/php.ini memory_limit: 512M cgi.fix_pathinfo=0
安装Nginx sudo aptitude install nginx
配置虚拟主机 sudo mkdir -p /srv/www/insready.com/{public_html,logs} sudo chown -R www-data:www-data /srv/www sudo chmod -R 775 /srv/www cd /etc/nginx/sites-available/ sudo wget https://gist.github.com/raw/4248423/c7b2ea550ef9273f7f5d0823f81f054296fc…
你需要修改以上的域名配置 sudo nano insready.com sudo nano /etc/php5/fpm/pool.d/www.conf 把listen = 127.0.0.1:9000 这行改成: listen = /tmp/php-fpm.sock sudo ln -s /etc/nginx/sites-available/insready.com /etc/nginx/sites-enabled
配置Nginx Microcache (并且把Microcache放在内存里,体验闪电的速度吧!) sudo nano /etc/nginx/conf.d/microcache.conf fastcgi_cache_path /dev/shm/microcache levels=1:2 keys_zone=microcache:5M max_size=1G inactive=2h; #把Nignx Microcache设置在内存里,这就更快了! map $http_cookie $cache_uid { default nil; # hommage to Lisp :) ~SESS[[:alnum:]]+=( <session_id>[[:alnum:]]+) $session_id; } map $request_method $no_cache { default 1; HEAD 0; GET 0; }
现在使Nginx每次启动的时候自动运行 sudo update-rc.d nginx defaults
启动Nginx sudo /etc/init.d/nginx start
安装MariaDB 长话短说,MariaDB是甲骨文公司购买了MySQL后,原来开发人员离职然后创建的新开源数据库。MariaDB和MySQL一样使用。 sudo nano /etc/apt/sources.list.d/MariaDB.list # MariaDB 5.5 repository list – created 2012-12-08 07:39 UTC # http://downloads.mariadb.org/mariadb/repositories/ deb http://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/repo/5.5/debian squeeze main deb-src http://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/repo/5.5/debian squeeze main sudo apt-key adv –recv-keys –keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db sudo aptitude update sudo aptitude install libmariadbclient-dev libmariadbclient18 libmariadbd-dev libmysqlclient18 mariadb-client mariadb-client-5.5 mariadb-client-core-5.5 mariadb-common mariadb-server mariadb-server-5.5 mariadb-server-core-5.5 mariadb-test mariadb-test-5.5 mysql-common
安装最新版本的Drupal cd /srv/www/insready.com sudo wget http://ftp.drupal.org/files/projects/drupal-7.18.tar.gz sudo tar -xvzf drupal-7.18.tar.gz cd drupal-7.18 sudo cp -a . ../public_html/ sudo chown www-data:www-data public_html -R
安装Memcache, APC sudo aptitude install memcached libmemcached-tools memstat make sudo pecl install memcache sudo pecl install apc
创建以下文件,配置Memcache sudo nano /etc/php5/conf.d/memcache.ini extension= memcache.so memcache.hash_strategy=”consistent”
创建以下文件,配置apc sudo nano /etc/php5/conf.d/apc.ini extension=apc.so apc.shm_size = 256M apc.apc.stat = 0
安装uploadprogress sudo pecl install uploadprogress
创建以下文件,配置uploadprogress sudo nano /etc/php5/conf.d/uploadprogress.ini extension=uploadprogress.so
重启: sudo service nginx restart sudo service mysql restart sudo service php5-fpm restart sudo service memcached restart
完成! 原文链接:http://lunax.info/archives/2361.html