#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
cur_dir=$(pwd)
MYSQLDATADIR=/var/mysql/data
MYSQLLOGDIR=/var/log/mysql
function InstallSystem()
{
cat >> /etc/security/limits.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
echo "ulimit -SHn 65535" >> /etc/profile
echo "ulimit -SHn 65535" >> /etc/rc.local
yum install vim vim-enhanced wget lrzsz bc mutt ntpdate sysstat dstat wget man mail mlocate mtr lsof iotop iptraf net-tools -y
updatedb
echo "syntax on" >> /root/.vimrc
echo "set nohlsearch" >> /root/.vimrc
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
sed -i "s/\#Port 22/Port 12345/g" /etc/ssh/sshd_config
sed -i "s/\#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
systemctl restart sshd.service
echo "####iptables"
echo "关闭系统默认的firewall,开启iptables"
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install iptables-services -y
mv /etc/sysconfig/iptables /etc/sysconfig/iptables.def
cp iptables /etc/sysconfig/
systemctl restart iptables.service
systemctl enable iptables.service
echo "*/30 * * * * /usr/sbin/ntpdate 132.163.4.101 >/dev/null 2>&1 " >> /var/spool/cron/root
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate 0.asia.pool.ntp.org ;hwclock -w
cat >> /etc/sysctl.d/addsys.conf <<EOF
fs.file-max = 65535
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 1024 65535
net.nf_conntrack_max = 10000000
net.netfilter.nf_conntrack_max = 10000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
modprobe bridge
echo "modprobe bridge" >> /etc/rc.local
/sbin/sysctl -p
echo "####yum install"
echo "please waiting"
yum install -y gcc gcc-c++ patch make flex bison file libtool libtool-libs
autoconf libjpeg-devel libpng libpng-devel gd gd-devel freetype-devel
libxml2 libxml2-devel zlib zlib-devel glib2 glib2-devel bzip2
bzip2-devel libevent libevent-devel ncurses ncurses-devel curl
curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel
gettext-devel gmp-devel unzip libcap apr* automake openssl openssl-devel
perl compat* mpfr cpp glibc glibc-devel libgomp libstdc++-devel
keyutils keyutils-libs-devel libcom_err-devel libsepol-devel krb5-devel
libXpm* php-common php-gd pcre-devel openldap crontabs diffutils elinks
expat-devel icu kernel-devel libaio libxslt libxslt-devel
libcap-devel libtool-ltdl-devel libc-client-devel libicu libicu-devel
lynx zip mlocate readline readline-devel sendmail pam-devel openldap-devel perl-DBD-MySQL
echo "####ifstat"
tar -xzf ifstat-1.1.tar.gz
cd ifstat-1.1
./configure
make
make install
cd ..
echo "####iftop"
yum install ncurses ncurses-devel libpcap libpcap-devel -y
tar -xzf iftop-0.17.tar.gz
cd iftop-0.17
./configure
make
make install
cd ..
echo "####htop"
tar -xzf htop-1.0.tar.gz
cd htop-1.0
./configure
make
make install
cd ..
echo "export PATH=$PATH:/usr/local/bin" >> /etc/profile.d/stat.sh
. /etc/profile.d/stat.sh
}
function InstallMySQL()
{
echo "####cmake"
yum install -y gcc gcc-c++
tar -zxf cmake-2.8.7.tar.gz
cd cmake-2.8.7
./configure
make -j4 && make install
cd ..
echo "####install mysql"
/usr/sbin/groupadd mysql
/usr/sbin/useradd -g mysql mysql
mkdir -p $MYSQLDATADIR
mkdir -p $MYSQLLOGDIR
chown -R mysql.mysql $MYSQLDATADIR
chown -R mysql.mysql $MYSQLLOGDIR
tar zxf mysql-5.5.37.tar.gz
cd mysql-5.5.37
cmake -DCMAKE_BUILD_TYPE:STRING=Release
-DMYSQL_USER=mysql-DCMAKE_INSTALL_PREFIX=/usr/local/mysql
-DMYSQL_DATADIR=$MYSQLDATADIR -DSYSCONFDIR=/etc
-DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1
-DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1
-DWITH_PARTITION_STORAGE_ENGINE=1 -DWITH_READLINE=1
-DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock -DMYSQL_TCP_PORT=3306
-DENABLED_LOCAL_INFILE=1 -DWITH_PARTITION_STORAGE_ENGINE=1
-DEXTRA_CHARSETS=all -DWITH_SSL=yes -DDEFAULT_CHARSET=utf8
-DDEFAULT_COLLATION=utf8_general_ci
make -j4
make install
echo "####config mysql"
cp ./support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
cd ..
mv /etc/my.cnf /etc/my.cnf.bak
sed -i -e "/
= ${MYSQLDATADIR}\ninnodb_log_group_home_dir = ${MYSQLLOGDIR}\nlog-error \
= ${MYSQLLOGDIR}/mysql-error.log\npid-file = ${MYSQLLOGDIR}/mysql.pid\nlog-bin \
= ${MYSQLLOGDIR}/mysql-bin\nslow_query_log_file = ${MYSQLLOGDIR}/mysql_slow.log\n" my.cnf
cp my.cnf /etc/
/usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=$MYSQLDATADIR \
--basedir=/usr/local/mysql --log-output=file
echo `ps aux|grep mysql`
sleep 3
yum install mysql -y
systemctl start mysqld.service
cat > /tmp/mysql_sec_script.sql<<EOF
use mysql;
update user set password=password('123456') where user='root';
delete from user where not (user='root') ;
delete from user where user='root' and password='';
drop database test;
DROP USER ''@'%';
flush privileges;
EOF
/usr/local/mysql/bin/mysqladmin -u root password 123456
mysql -uroot -p123456 -e "source /tmp/mysql_sec_script.sql"
rm -f /tmp/mysql_sec_script.sql
/usr/local/mysql/bin/mysql_secure_installation <<EOF
123456
n
y
y
y
y
EOF
systemctl restart mysqld.service
}
function InstallPhp()
{
wget http://dl.fedoraproject.org/pub/epel/7/SRPMS/e/epel-release-7-5.src.rpm
rpm -ivh epel-release-7-5.src.rpm
echo "####libiconv"
echo "修改过的包,7.1的系统需要打补丁"
tar zxf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure --prefix=/usr/local/libs
make
make install
cd ../
echo "####libmcrypt"
tar zxf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure --prefix=/usr/local/libs
make -j4
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install --prefix=/usr/local/libs
make
make install
cd ../../
echo "####mhash"
tar xzf mhash-0.9.9.tar.gz
cd mhash-0.9.9
./configure --prefix=/usr/local/libs
make -j4
make install
cd ../
echo "####zlib"
tar -zxf zlib-1.2.5.tar.gz
cd zlib-1.2.5
./configure --prefix=/usr/local/libs
make -j4
make install
cd ../
echo "####libpng"
tar -zxf libpng-1.6.2.tar.gz
cd libpng-1.6.2
./configure --prefix=/usr/local/libs
make -j4
make install
cd ../
echo "####freetype"
tar -zxf freetype-2.4.12.tar.gz
cd freetype-2.4.12
./configure --prefix=/usr/local/libs
make -j4
make install
cd ../
echo "####jpegsrc"
tar -zxf jpegsrc.v9.tar.gz
cd jpeg-9
./configure --prefix=/usr/local/libs --enable-shared --enable-static
make -j4
make install
cd ../
echo "####gettext"
tar -zxf gettext-0.19.4.tar.gz
cd gettext-0.19.4
./configure --prefix=/usr/local/libs
make -j4
make install
cd ../
echo "####imap"
tar -zxf imap-2007f.tar.gz
cd imap-2007f
make lr5 PASSWDTYPE=std SSLTYPE=unix.nopwd EXTRACFLAGS=-fPIC IP=4
rm -rf /usr/local/imap-2007f/
mkdir /usr/local/imap-2007f/
mkdir /usr/local/imap-2007f/include/
mkdir /usr/local/imap-2007f/lib/
cp c-client/*.h /usr/local/imap-2007f/include/
cp c-client/*.c /usr/local/imap-2007f/lib/
cp c-client/c-client.a /usr/local/imap-2007f/lib/libc-client.a
cd ../
echo "####mcrypt"
cat > /etc/ld.so.conf.d/local.conf <<EOF
/usr/local/libs/lib
/usr/local/lib
EOF
ldconfig -v
tar zxf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
export LDFLAGS="-L/usr/local/libs/lib -L/usr/lib"export CFLAGS="-I/usr/local/libs/include -I/usr/include"
export LD_LIBRARY_PATH=/usr/local/libs/: LD_LIBRARY_PATH
./configure --prefix=/usr/local/libs --with-libmcrypt-prefix=/usr/local/libs
make -j4
make install
cd ../
echo "####install php"
cp -frp /usr/lib64/libldap* /usr/lib/
ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/
tar -xzf php-5.3.28.tar.gz
cd php-5.3.28
./configure --prefix=/usr/local/php --with-fpm-user=www --with-fpm-group=www
--with-config-file-path=/usr/local/php/etc --with-openssl --with-curl
--with-mysql=/usr/local/mysql --with-pdo-mysql=/usr/local/mysql
--with-mysqli=mysqlnd --enable-mbstring=all --with-gd
--with-freetype-dir=/usr/local/libs --with-jpeg-dir=/usr/local/libs
--with-png-dir=/usr/local/libs --with-zlib-dir=/usr/local/libs
--enable-mbstring --enable-sockets --with-iconv-dir=/usr/local/libs
--enable-libxml --enable-soap --with-mcrypt=/usr/local/libs --enable-xml
--enable-bcmath --enable-shmop --enable-sysvsem
--enable-inline-optimization --enable-mbregex --enable-fpm
--enable-gd-native-ttf --with-mhash --enable-pcntl --with-ldap=shared
--with-ldap-sasl --with-xmlrpc --enable-zip --enable-phar --without-pear
--enable-ftp --disable-rpath --with-gettext --enable-magic-quotes
--with-pthread --with-imap=/usr/local/imap-2007f --with-imap-ssl
make ZEND_EXTRA_LIBS='-liconv' -j4
make install
echo "####config php"
ln -s /usr/local/php/bin/php /usr/bin/php
ln -s /usr/local/php/bin/phpize /usr/bin/phpize
ln -s /usr/local/php/sbin/php-fpm /usr/bin/php-fpm
cp php.ini-development /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
cd ../
sed -i 's/;date\.timezone \=/date\.timezone \= Asia\/Shanghai/g' /usr/local/php/etc/php.ini
sed -i 's/expose_php = On/expose_php = Off/g' /usr/local/php/etc/php.ini
sed -i 's/display\_errors \= On/display\_errors \= Off/g' /usr/local/php/etc/php.ini
sed -i 's/\;cgi\.fix\_pathinfo\=1/cgi\.fix\_pathinfo\=0/g' /usr/local/php/etc/php.ini
sed -i 's/display\_startup\_errors \= On/display\_startup\_errors \= Off/g' /usr/local/php/etc/php.ini
sed
-i 's/disable_functions =.*/disable_functions =passthru,exec,system,chroot,scandir,\
chgrp,chown,shell_exec,proc_get_status,ini_alter,\
ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,escapeshellcmd,\
dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,\
disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd,posix_getegid,\
posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,\
posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,\
posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,\
posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,\
posix_strerror,posix_times,posix_ttyname,posix_uname/g'
/usr/local/php/etc/php.ini
sed -i 's/short_open_tag = Off/short_open_tag = On/g' /usr/local/php/etc/php.ini
echo "####memcache"
tar -xzf memcache-2.2.7.tgz
cd memcache-2.2.7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ..
echo "####ImageMagick"
tar zxf ImageMagick-6.8.8-9.tar.gz
cd ImageMagick-6.8.8-9/
./configure --prefix=/usr/local/imagemagick
make -j4 && make install
cd ..
echo "####imagick"
tar -xzf imagick-3.1.2.tgz
cd imagick-3.1.2
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --with-imagick=/usr/local/imagemagick
make -j4
make install
cd ..
echo "####phpredis"
unzip phpredis-master.zip
cd phpredis-master
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make
make install
cd ..
echo "####mongo"
tar -xzf mongo-1.5.4.tgz
cd mongo-1.5.4
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --prefix=/usr/local/mongo
make
make install
cd ..
echo "####ZendGuardLoader"
tar -xzf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz
cp
ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so
/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
cat >>/usr/local/php/etc/php.ini<<EOF
extension_dir = /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
extension = "redis.so"
extension = "memcache.so"
extension = "imagick.so"
extension = "mongo.so"
[Zend Guard]
zend_extension = /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/ZendGuardLoader.so
zend_loader.enable = 1
zend_loader.disable_licensing = 0
zend_loader.obfuscation_level_support = 3
zend_loader.license_path=
EOF
echo "####xcache"
tar zxvf xcache-3.1.0.tar.gz
cd xcache-3.1.0/
/usr/local/php/bin/phpize
./configure --enable-xcache --enable-xcache-coverager --enable-xcache-optimizer --with-php-config=/usr/local/php/bin/php-config
make -j4
make install
cd ../
cat >>/usr/local/php/etc/php.ini<<EOF
;xcache
[xcache-common]
extension = xcache.so
[xcache.admin]
xcache.admin.enable_auth = On
xcache.admin.user = "admin"
;run: echo -n "yourpassword" |md5sum |awk '{print $1}' to get md5 password
xcache.admin.pass = "yourpassword"
[xcache]
xcache.shm_scheme = "mmap"
xcache.size = 20M
; set to cpu count (cat /proc/cpuinfo |grep -c processor)
xcache.count = 8
xcache.slots = 8K
xcache.ttl = 0
xcache.gc_interval = 0
xcache.var_size = 4M
xcache.var_count = 1
xcache.var_slots = 8K
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300
xcache.readonly_protection = Off
; for *nix, xcache.mmap_path is a file path, not directory. (auto create/overwrite)
; Use something like "/tmp/xcache" instead of "/dev/*" if you want to turn on ReadonlyProtection
; different process group of php won't share the same /tmp/xcache
xcache.mmap_path = "/dev/zero"
xcache.coredump_directory = ""
xcache.experimental = Off
xcache.cacher = On
xcache.stat = On
xcache.optimizer = Off
[xcache.coverager]
; enabling this feature will impact performance
; enable only if xcache.coverager == On && xcache.coveragedump_directory == "non-empty-value"
; enable coverage data collecting and xcache_coverager_start/stop/get/clean() functions
xcache.coverager = Off
xcache.coveragedump_directory = ""
;xcache end
EOF
mkdir /var/www
cp -a xcache-3.1.0/htdocs/ /var/www/xcache/
}
function InstallNginx()
{
echo "####pcre"
tar -zxf pcre-8.35.tar.gz
cd pcre-8.35
./configure --prefix=/usr/local/pcre
make&&make install
cd ../
echo "####install nginx"
groupadd www
useradd -g www www -s /sbin/nologin
tar -xzf nginx-1.6.3.tar.gz
cd nginx-1.6.3
./configure
--user=www --group=www --prefix=/usr/local/nginx
--with-http_stub_status_module --with-http_ssl_module
--with-http_gzip_static_module --with-pcre=$cur_dir/pcre-8.35
--with-http_realip_module --with-http_image_filter_module
make -j4
make install
cd ..
echo "####config nginx"
cp init.d.nginx /etc/init.d/nginx
chmod +x /etc/init.d/nginx
mkdir -p /var/log/nginx/
chown -R www:www /var/log/nginx
mkdir /usr/local/nginx/conf/server/
mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
cp nginx.conf /usr/local/nginx/conf/
cp test.65.conf /usr/local/nginx/conf/server/
mkdir -p /var/www/www.test.com
cat>/var/www/www.test.com/index.php<< EOF
<?php
phpinfo();
?>
EOF
mv /usr/local/php/etc/php-fpm.conf /usr/local/php/etc/php-fpm.conf.bak
mkdir /var/log/php
cp php-fpm.conf /usr/local/php/etc/
echo "export PATH=$PATH:/usr/local/nginx/sbin" >> /etc/profile.d/nginx.sh
. /etc/profile.d/nginx.sh
}
function Installredis()
{
echo "####redis"
tar zxf redis-2.8.9.tar.gz
cd redis-2.8.9
make -j4
make install
cp redis.conf /etc/redis.conf.def
cd ..
mkdir /var/redis/
cp redis.conf /etc/
echo "/usr/local/bin/redis-server /etc/redis.conf" >> /etc/rc.local
/usr/local/bin/redis-server /etc/redis.conf &
cp redis.sh /etc/init.d/redis
chmod +x /etc/init.d/redis
systemctl restart redis.service
}
function CheckService()
{
echo "####service"
systemctl start nginx.service
systemctl start php-fpm.service
systemctl restart mysqld.service
cat >/etc/resolv.conf <<EOF
search localdomain
nameserver 114.114.114.114
nameserver 202.96.128.86
nameserver 202.96.128.166
nameserver 202.96.134.33
nameserver 8.8.8.8
EOF
}
InstallSystem 2>&1 |tee /root/lnmp-install.log
InstallMySQL 2>&1 |tee -a /root/lnmp-install.log
InstallPhp 2>&1 |tee -a /root/lnmp-install.log
InstallNginx 2>&1 |tee -a /root/lnmp-install.log
Installredis 2>&1 |tee -a /root/lnmp-install.log
CheckService 2>&1 |tee -a /root/lnmp-install.log
date
df -h
netstat -tnlp
