FreeBSD開發(fā)作為一個快速，高性能和極其穩(wěn)定的操作系統(tǒng)，尤其是適合網(wǎng)絡(luò)服務(wù)器和類似任務(wù)。許多大型搜索引擎網(wǎng)站，或組織的關(guān)鍵任務(wù)計算基礎(chǔ)設(shè)施上部署和使用，并在他們的計算機系統(tǒng)上運行FreeBSD多年。下面我們就介紹下如何基于FreeBSD 8.0 Ports配置nginx+php+mysql高性能web平臺。

FreeBSD簡介：

FreeBSD，是AT&T的后裔間接通過Berkeley Software Distribution(BSD)伯克利軟件發(fā)行版UNIX，其漫長而動蕩的歷史可以追溯到1993年。不同于Linux發(fā)行版，這被定義為集成 Linux內(nèi)核和數(shù)以千計的應(yīng)用軟件組成的解決方案，F(xiàn)reeBSD是一個緊密集成的操作系統(tǒng)基于BSD kernel和所謂的“userland(用戶建造)”(因此，甚至沒有額外的擴展程序)。發(fā)行版巨大失去了在普通電腦系統(tǒng)安裝的機會 ? 像許多Linux發(fā)行版本，一個易于安裝的(大部分)開放源碼的應(yīng)用擴展提供了FreeBSD的核心，但這些通常是由第三方捐助者提供的和不嚴(yán)格的 FreeBSD的一部分。

FreeBSD開發(fā)作為一個快速，高性能和極其穩(wěn)定的操作系統(tǒng)，尤其是適合網(wǎng)絡(luò)服務(wù)器和類似任務(wù)。許多大型搜索引擎網(wǎng)站，或組織的關(guān)鍵任務(wù)計算基礎(chǔ)設(shè)施上部署和使用，并在他們的計算機系統(tǒng)上運行FreeBSD多年。相較于Linux操作系統(tǒng)，F(xiàn)reeBSD是分布在一個更寬松的許可證，這幾乎可以無限制地重復(fù)使用和源代碼修改為任何目的。即使是知名的蘋果的Mac OS X也是從BSD派生。除了核心的操作系統(tǒng)，該項目還提供超過15,000種二進制和源代碼形式

FreeBSD軟件方便的應(yīng)用于BSD核心安裝。雖然可以肯定的是FreeBSD能夠作為桌面操作系統(tǒng)使用，但它在這方面不具有Linux發(fā)行版流行。文本模式的安裝程序提供的系統(tǒng)硬件檢測或系統(tǒng)配置方面并沒有，留下復(fù)雜的工作，這讓在安裝后的用戶來設(shè)置。在現(xiàn)代的硬件支持方面，F(xiàn)reeBSD普遍滯后Linux操作系統(tǒng)，特別是在支持筆記本電腦和上網(wǎng)本等小工具，如無線網(wǎng)卡或流行數(shù)碼相機。這些用戶尋求現(xiàn)有的桌面FreeBSD的項目是考慮利用FreeBSD在臺式機或工作站的速度和穩(wěn)定，而不是FreeBSD的自身。

一.安裝準(zhǔn)備：

1.1、操作系統(tǒng)安裝：參見http://bbs.linuxtone.org/thread-6422-1-1.html附件

默認(rèn)FreeBSD不允許Root直接ssh登陸，在安裝系統(tǒng)時候可以添加一個wheel組的用戶。以確保FreeBSD系統(tǒng)安全!切記：FreeBSD只允許wheel組的用戶可以ssh登陸。

例如：

pw useradd coralzd -g coralzd

1.2 系統(tǒng)環(huán)境

FreeBSD 8.0 I386

Nginx 0.7.65

PHP 5.2.13

Mysql 5.5.4 M3

二、系統(tǒng)初始化

2.1 更新ports

用portsnap 更新ports樹，已獲得最新的軟件。

修改portsnap配置文件的server 為國內(nèi)的鏡像

ee /etc/porsnap.conf

將

SERVERNAME=portsnap.freebsd.org

修改為

SERVERNAME=portsnap.hshh.org
#初次運行portsnap fetch extract
以后運行portsnap fetch update

2.2 優(yōu)化rc.conf配置文檔

添加

syslogd_flags="-ss"
sendmail_enable="NONE"

2.3 內(nèi)核增加IPFW防火墻

cd /usr/src/sys/i386/conf
cp GENERIC IPFW
ee IPFW

將ident GENERIC

修改為ident IPFW

在下面增加

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT

編譯內(nèi)核

# cd ../compile/IPFW
# make cleandepend && make depend
# make && make install

編譯完成后在/etc/rc.conf 最后添加以下語句

firewall_enable="YES"
firewall_script="YES"
firewall_script="/etc/ipfw.conf"
firewall_quiet="NO"
firewall_logging_enable="YES"

:編輯/etc/syslog.conf文件

在文件最后加入如下內(nèi)容:

!ipfw *.* /var/log/ipfw.log

這行的作用是將IPFW的日志寫到/var/log/ipfw.log文件里

ee /etc/ipfw.conf
#!/bin/sh
IPFW='/sbin/ipfw -q'
$IPFW -f flush
$IPFW add 2000 allow ip from any to any via lo*
$IPFW add 2010 deny log ip from 127.0.0.0/8 to any in
$IPFW add 2020 deny log ip from any to 127.0.0.0/8 in
$IPFW add 2030 deny log ip from 224.0.0.0/3 to any in
$IPFW add 2040 deny log tcp from any to 224.0.0.0/3 in
$IPFW add 2050 allow log tcp from any to any out
$IPFW add 2060 allow log tcp from any to any established
$IPFW add 2070 allow log tcp from any to any 22 in
$IPFW add 2080 allow log tcp from any to any 80 in
$IPFW add 12190 deny log tcp from any to any

2.4 安裝axel提高ports的安裝速度

cd /usr/ports/ftp/axel
make install
#修改 /et/make.conf
ee /etc/make.conf
#加入以下內(nèi)容
FETCH_CMD=axel
FETCH_BEFORE_ARGS= -n 10 -a
FETCH_AFTER_ARGS=
DISABLE_SIZE=yes
MASTER_SITE_OVERRIDE?=\
http://ports.hshh.org/${DIST_SUBDIR}/\
http://ports.cn.freebsd.org/${DIST_SUBDIR}/\
ftp://ftp.freeBSDchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP

2.5 優(yōu)化內(nèi)核

ee /etc/sysctl.conf
security.bsd.see_other_uids=0
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536
#net.inet.udp.sendspace=65536
net.inet.udp.maxdgram=65536
net.local.stream.sendspace=65536
net.inet.tcp.rfc1323=1
#net.inet.tcp.rfc1644=1
net.inet.tcp.rfc3042=1
net.inet.tcp.rfc3390=1
kern.ipc.maxsockbuf=2097152
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.tcp.delayed_ack=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.ip.redirect=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.inet.icmp.icmplim=100
net.inet.icmp.icmplim_output=0
#net.inet.tcp.drop_synfin=1
net.inet.tcp.always_keepalive=1
net.inet.ip.intr_queue_maxlen=1000 (這兒太大了。建議不用或小點值)
net.inet.tcp.msl=7500 (太大了。建議2500-2000左右)
net.inet.tcp.blackhole=2
net.inet.tcp.inflight.enable=1
net.inet.ip.fastforwarding=0
kern.ipc.somaxconn=32768
kern.securelevel=0
#net.inet.tcp.log_in=1
#net.inet.udp.log_in=1
net.inet.udp.checksum=1
net.inet.tcp.syncookies=1
kern.ipc.shm_use_phys=1
kern.ipc.shmmax=67108864
kern.ipc.shmall=32768
kern.coredump=0
net.local.stream.recvspace=65536
net.local.dgram.maxdgram=16384
net.local.dgram.recvspace=65536
#net.inet.tcp.mssdflt=1460
#net.inet.tcp.minmss=1640
net.inet.raw.maxdgram=65535
net.inet.raw.recvspace=65535
net.inet.ip.fw.dyn_max=65535
net.inet.ipf.fr_tcpidletimeout=864000
ee /boot/loader.conf
kern.dfldsiz="2147483648" # Set the initial data size limit
kern.maxdsiz="2147483648" # Set the max data size
kern.ipc.nmbclusters="0" # Set the number of mbuf clusters
kern.ipc.nsfbufs="66560" # Set the number of sendfile(2) bufs

#p#

三、配置mysql php nginx

3.1 安裝mysql 5.5.4 m3

cd /usr/ports/databases/mysql55-server
ee Makefile

在第30行下面加上下面的參數(shù)

--enable-thread-safe-client \
--disable-dtrace \
--enable-assembler \
--enable-assembler \
--with-big-tables \
--with-ssl \
--with-embedded-server \
--with-local-infile \
--with-plugins=partition,innobase,myisammrg

然后

#make install clean

3.2 初始化數(shù)據(jù)庫

/usr/local/bin/mysql_install_db --user=mysql
cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf

3.3 /etc/rc.conf 增加mysql_enable="YES"

echo 'mysql_enable="YES"' >> /etc/rc.conf

3.4 安裝php

cd /usr/ports/lang/php52
#make config ##配置編譯參數(shù)
[X] CLI Build CLI version
[X] CGI Build CGI version
[ ] APACHE Build Apache module
[ ] DEBUG Enable debug
[X]] SUHOSIN Enable Suhosin protection system
[X] MULTIBYTE Enable zend multibyte support
[ ] IPV6 Enable ipv6 support
[X] REDIRECT Enable force-cgi-redirect support (CGI only)
[X] DISCARD Enable discard-path support (CGI only)
[X] FASTCGI Enable fastcgi support (CGI only)
[X] PATHINFO Enable path-info-check support (CGI only)
make install clean
# cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini

3.5 配置php.ini

ee php.ini

找到如下語句

;open_basedir =
disable_functions =
expose_php = On
expose_php = Off
display_errors = On
output_buffering = Off

修改為

open_basedir = /data/www/wwwroot:/tmp
disable_functions =
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsock
open,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
display_errors = Off
output_buffering = On

3.6 安裝php52-extensions

# cd /usr/ports/lang/php52-extensions/
#make config
Options for php52-extensions 1.3
-------------------------------------------------
[X] CURL CURL support
[X] FTP FTP support
[X] GD
[X] GETTEXT
[X] MBSTRING multibyte string support
[X] MCRYPT Encryption support
[X] MYSQL
[X] PCRE Perl Compatible Regular Expression support
[ ] POSIX //去掉
[ ] SQLITE //去掉.
[X] ZIP ZIP support
[X] ZLIB
# make install clean

3.7 安裝php擴展模塊安裝eaccelerator

cd /usr/ports/www/eaccelerator
make install clean
ee /usr/local/etc/php.ini

在后面加上

zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-
20060613/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/data/cache/ea"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

安裝memcache

cd /usr/ports/databases/pecl-memcache
make install clean

安裝pdo_mysql

cd /usr/ports/databases/php52-pdo_mysql
make install clean

安裝ImageMagick

# cd /usr/ports/graphics/ImageMagick/
# make install clean

看是否安裝成功 convert --version

PHP還需安裝兩個.so

安裝 php imagick extend (imagick.so)

# cd /usr/ports/graphics/pecl-imagick
# make install clean

安裝 php magickwand extend (magickwand.so)

# cd /usr/ports/graphics/php-magickwand
# make install clean

關(guān)于magicwand的說明：http://www.imagemagick.org/script/api.php#php

然后看下擴展

<?php
phpinfo();
?>

安裝lighttpd 獲得spawn-fcgi

cd /usr/ports/www/lighttpd
make install clean

安裝nginx

cd /usr/ports/www/nginx
make install clean

修改php.ini cgi.fix_pathinfo=1,讓SCRIPT_FILENAME有效

安裝Zendoptimizer

cd /usr/ports/devel/ZendOptimizer/

make (不要安裝，只需下載下來即可)

cd work/ZendOptimizer-3.3.0a-freebsd6.0-i386

./install-tty 一路按回車,到最后選擇no，不使用apache。

zend 將自動在php.ini最后添加參數(shù)的。

讓nginx和spawn-fcgi開機啟動

echo 'spawn_fcgi_enable="YES" '>> /etc/rc.conf
echo 'nginx_enable="YES"' >> /etc/rc.conf

ee fastcgi_params
#fix_php_path
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
ee nginx.conf
user www www;
worker_processes 10;
pid /var/log/nginx.pid;
# [ debug | info | notice | warn | error | crit ]
error_log /dev/null;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use kqueue; #FreeSBD下要啟用kqueue，Linux下是epoll
#maxclient = worker_processes * worker_connections / cpu_number
worker_connections 51200;
}
http
{
include /usr/local/nginx/conf/mime.types;
default_type application/octet-stream;
charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent
"$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';
#access_log /data/www/logs/access.log main;
access_log /dev/null;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
client_max_body_size 50m;
client_body_buffer_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#
proxy_temp_path /dev/proxy_temp;
fastcgi_temp_path /dev/fastcgi_temp;
client_body_temp_path /dev/client_body_temp;
server
{
listen 80;
server_name www.linuxtone.org;
root /data/www/wwroot;
index index.html index.htm index.php;
location ~ \.php$ {
#root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /data/www/wwwroot$fastcgi_script_name;
include fastcgi_params;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
}
}

3.9 安裝phpmyadmin

cd /usr/ports/databases/phpmyadmin/

make (只需獲得軟件包就可以了)

cd work && mv phpMyAdmin* /data/www/wwroot/phpmyadmin

編輯 config.default.php

cd phpmyadmin/lib*
ee config.default.php

將

$cfg['blowfish_secret'] = '';

修改為

$cfg['blowfish_secret'] = 'cookie';

然后就可以通過phpmyadmin 來管理mysql了!

文檔修改歷史

V1.0 初稿完成

V1.1 整理文檔排版，增加fastcgi_params，修復(fù)php_pathinfo漏洞。

V1.2 修改nginx.conf 不正確的地方;整理/etc/make.conf 筆誤。

V1.3 增加phpmyadmin 管理，修改spawn_fcgi 啟動參數(shù)。

V1.4 修改nginx.conf配置文檔和編譯內(nèi)核筆誤!

原文鏈接：http://coralzd.blog.51cto.com/90341/433630
【編輯推薦】

1. 在CentOS上架設(shè)Nginx+Apache+Subversion
2. FreeBSD 7.0上的nagios安裝完全攻略
3. FreeBSD 8下如何最有效率的安裝軟件