Press "Enter" to skip to content

FreeBSD12安装Nginx1.18+PHP7.4+MariaDB10.4的网站环境

热度 103 度

个人很喜欢FreeBSD系统,简单,占用资源少,在网站大并发处理方面性能比Linux要好很多,稳定运行三五年都不用重启,因为之前做广告投放系统,每天大并发300多万,Linux并发一上来压力就大系统就慢下来,搞不好就挂机了,然而FreeBSD安然无恙,所以还有什么理由不选择这么优秀的系统来做大并发服务呢?(当然这里还涉及到很多系统安全及优化操作,等空了再分享给大家,先记录一下基本环境的搭建)

常用的工具
pkg install vim wget screen
编译扩展时用到的
pkg install autoconf

这里需要的扩展就自己选择增加吧,不知道的可以用才下工具查出你想要的扩展吧

pkg search php74

开始NGINX+PHP7.4.9+MARIADB的安装:

pkg install php74 php74-zlib php74-exif php74-gd php74-mbstring php74-xml php74-pdo php74-pdo_mysql php74-pdo_pgsql php74-mysqli php74-curl php74-opcache php74-intl php74-sockets php74-zip php74-openssl php74-bz2 php74-pecl-redis php74-session php74-json php74-dom php74-fileinfo php74-simplexml php74-simplexml php74-pdo_sqlite php74-iconv php74-pecl-imagick-im7 php74-filter php74-phar php74-calendar php74-ctype php74-exif php74-bcmath php74-dba php74-tokenizer php74-extensions php73-zip nginx-full mariadb104-server-10.4.13_4 mariadb104-client-10.4.13_4

开机启动项/etc/rc.conf增加:

php_fpm_enable="yes"
nginx_enable="yes"
mysql_enable="yes"
mysql_pidfile="/var/db/mysql/mysql.pid"
mysql_optfile="/usr/local/etc/my.cnf"

PHP配置/usr/local/etc/php-fpm.d/www.conf

[www]
user = www
group = www

;listen = 127.0.0.1:9000
 (注释掉或删除,添加以下这一行/tmp/php-cgi.sock)
listen = /tmp/php-cgi.sock

开启以下三行
listen.owner = www
listen.group = www
listen.mode = 0660

为什么要用unix:/tmp/php-cgi.sock替代127.0.0.1:9000呢?最主要的就是unix socket比tcp快,所以对大并发的网站优化过后性能提升不少,这一点你GET到了吗?启动php-fpm自动生成/tmp/php-cgi.sock。

对php.ini文件的修改,增加重要的函数进行屏蔽

disable_functions = passthru,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
根据服务器内存大小调整
memory_limit = 128M
上传文件最大5M
upload_max_filesize = 5M

根据需要开启opcache缓存,能提升性能
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.max_wasted_percentage=5
opcache.validate_timestamps=1
opcache.revalidate_freq=10

validate_timestamps配置项用于验证是否要重新生成缓存脚本, 如果设置为 0(性能最佳),需要手动在每次 PHP 代码更改后手动清除 opcache。除了重启php-fpm的进程可以清理opcache缓存外, 通过PHP函数可以手动清除:

<?php opcache_reset();?>

网络上其他朋友说,当PHP以PHP-FPM的方式运行的时候,opcache的缓存是无法通过php命令进行清除的,只能通过http或cgi到php-fpm进程的方式来清除缓存(此说法本人未验证过)。我配置的生产环境一般都会通过重启php-fpm进程来清除缓存,所以一般一直缓存着高效。

validate_timestamps配置项如果值为 0,那么 revalidate_freq 将失去作用。
revalidate_freq 用于控制 opcache 多久生成一次缓存字节码,这里配置了默认 10s。所以一般我们在开发环境中将上面两个值配置为:

opcache.validate_timestamps=1;
opcache.revalidate_freq=1;

php.net上有人提供的方法存放到 /usr/local/bin/opcache-clear ,需要重置的时候执行一下: “opcache-clear”(仅供参考):

#!/bin/bash
WEBDIR=/var/www/html/
RANDOM_NAME=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)
echo "<?php opcache_reset(); ?>" > ${WEBDIR}${RANDOM_NAME}.php
curl http://localhost/${RANDOM_NAME}.php
rm ${WEBDIR}${RANDOM_NAME}.php

PHP开发的针对opcache进行图形化的参考:

https://github.com/rlerdorf/opcache-status

https://github.com/PeeHaa/OpCacheGUI

nginx.conf中修改

# fastcgi_pass 127.0.0.1:9000;

改为:
fastcgi_pass unix:/tmp/php-cgi.sock;

# fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
改为:
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

默认WEB目录:/usr/local/www/nginx-dist 执行PHP可能需要添加相应的执行权限及目录用户归www
保存后重启php-fpm和nginx:

root@kiccleaf:/home # service php-fpm restart
root@kiccleaf:/home # service nginx restart

启动Mysql,正常情况下

root@kiccleaf:/usr/local/etc # service mysql-server start
Installing MariaDB/MySQL system tables in '/var/db/mysql' ...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system


Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is mysql@localhost, it has no password either, but
you need to be the system 'mysql' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mysqld_safe --datadir='/var/db/mysql'

You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/local/mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/

Starting mysql.

mysql如果进程中没有看到说明启动失败,可以看错误信息文件:/var/log/mysql/mysqld.err

2020-08-29 22:52:52 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2020-08-29 22:52:52 0 [Note] InnoDB: Uses event mutexes
2020-08-29 22:52:52 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-08-29 22:52:52 0 [Note] InnoDB: Number of pools: 1
2020-08-29 22:52:52 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-08-29 22:52:52 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2020-08-29 22:52:52 0 [Note] InnoDB: Completed initialization of buffer pool
2020-08-29 22:52:52 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-08-29 22:52:52 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-08-29 22:52:52 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-08-29 22:52:52 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2020-08-29 22:52:52 0 [Note] InnoDB: Waiting for purge to start
2020-08-29 22:52:52 0 [Note] InnoDB: 10.4.13 started; log sequence number 61026; transaction id 21
2020-08-29 22:52:52 0 [Note] InnoDB: Loading buffer pool(s) from /var/db/mysql/ib_buffer_pool
2020-08-29 22:52:52 0 [Note] InnoDB: Buffer pool(s) load completed at 200829 22:52:52
2020-08-29 22:52:52 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-08-29 22:52:52 0 [Note] Server socket created on IP: '127.0.0.1'.
2020-08-29 22:52:52 0 [ERROR] Can't start server : Bind on unix socket: Permission denied
2020-08-29 22:52:52 0 [ERROR] Do you already have another mysqld server running on socket: /var/run/mysql/mysql.sock ?
2020-08-29 22:52:52 0 [ERROR] Aborting

关键的错误信息已经提示:Can’t start server : Bind on unix socket: Permission denied 和Do you already have another mysqld server running on socket: /var/run/mysql/mysql.sock ?启动权限有关,需要找到启动:/var/run/mysql目录 权限:root wheel需要修改成mysql用户权限,然后重启mysql就成功了。

原目录权限
drwxr-xr-x  2 root  wheel      512 Aug 29 22:09 mysql/

变更目录所有者权限
root@kiccleaf:/var/run # chown -R mysql:mysql mysql/

运行mysql
root@kiccleaf:/var/run # service mysql-server start
Starting mysql.
查看一下mysql目录下是否生成了mysql.sock文件
root@kiccleaf:/var/run # ll mysql/
total 0
srwxrwxrwx  1 mysql  mysql  0 Aug 29 23:03 mysql.sock=
查看进程是否已经启动,找到mysqld_safe 
root@kiccleaf:/var/run # ps aux
mysql 1092   0.0  0.0  11988  2976  -  Ss   23:03     0:00.99 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/usr/local/etc/my.cnf --user=mysql

接下去初始mysql操作

root@kiccleaf:/var/run # /usr/local/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

#输入mysql的root密码。默认没有,直接回车
Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

#是否切换到unix套接字身份验证[Y/n]
Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

#是否设置root密码,选Y,输入2次需要设定的密码
Change the root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

#是否删除匿名用户?果断删除
Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

#是否不允许远程root登录,正式环境下应该选择Y,我是在测试环境需要连接。
Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

#是否删除test数据库
Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

#是否加载权限使之生效
Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

在默认的WEB目录下/usr/local/www/nginx-dist创建index.php内容:

<?php
phpinfo();
?>

打开浏览器,输入http://IP地址/index.php,可以看到成功的页面了。到此FreeBSD12系统下的基础配置已经完成。

发表评论

电子邮件地址不会被公开。 必填项已用*标注