经过实际测试发现
如www.cmd5.com之类网站会记录你加密的hash值,而后倒卖给收费会员
对于很多入侵的骇客来说,这个很有用,很多程序开发者调试时候,或者修改密码的时候都会数据库直接修改md5值,而且不加salt.
运维,开发者应该留意这个
Pictures&Life A Blog About Linux&Unix&PHP&C
不要在反查md5网站加密你的密码
四月 10th, 2012centos下webalizer使用
三月 19th, 2012首先安装
yum install webalizer gd gd-devel
生成分析结果
#日志名字自己查询下,可以分析nginx,apache,varnishncsa
webalizer -c /etc/webalizer.conf -o /www/html/webalizer /var/log/nginx/access.log
分析配置文件(部分)/etc/webalizer.conf
默认分析log的位置LogFile
/var/log/httpd/access_log
默认输出结果的目录
OutputDir /var/www/usage
视为页面的文件后缀
PageType htm*
PageType cgi
PageType php
PageType shtml
PHP5.4发布
三月 4th, 2012
PHP 5.4.0 Release Announcement
The PHP development team is proud to announce the immediate availability of PHP 5.4.0. This release is a major leap forward in the 5.x series, and includes a large number of new features and bug fixes. The key features of PHP 5.4.0 include:
- New language syntax including Traits, shortened array syntax and more
- Improved performance and reduced memory consumption
- Support for multibyte languages now available in all builds of PHP at the flip of a runtime switch
- Built-in webserver in CLI mode to simplify development workflows and testing
- Cleaner code base thanks to the removal of multiple deprecated language features
- Many more improvements and fixes
Changes that affect compatibility:
- Register globals, magic quotes and safe mode were removed
- The break/continue $var syntax was removed
- The ini option allow_call_time_pass_reference was removed
- The PHP default_charset is now “UTF-8″ within the distributed php.ini files, but still defaults to “”
Extensions moved to PECL:
- ext/sqlite (ext/sqlite3 and ext/pdo_sqlite are not affected)
PHP 5.4 will be the last series to support Windows XP and Windows 2003. We will not provide binary packages for these Windows versions after PHP 5.4. For users upgrading from PHP 5.3 there is a migration guide available here, detailing the changes between PHP 5.3 and PHP 5.4.0. For a full list of changes in PHP 5.4.0, see the ChangeLog.
Apache2.4重大更新版发布(附压力测试)
二月 22nd, 2012
Apache2.4今天发布,官方描述其为一次重大更新,吸取了Nginx的一些设计:
性能提升,内存利用,异步I/O的支持,动态反向代理设置,与时间驱动的Web服务器相当或更好的性能,更强大的处理资源分配能力,更友好的缓存支持,可定制的高速服务器和代理
下文在CentOS5.7 x64上安装成功Apache2.4
最近两年Nginx蚕食了apache不少份额,目前看来Apache已经坐不住了,本文将对apache2.4做一次简单测试,看看相较Nginx性能如何, (测试后面贴出,实测apache还是不行啊…)
安装步骤:
如果之前安装过httpd或者yum方式安装了apr apr-util需要卸载
yum remove apr apr-util httpd
apr,apr-util下载地址http://mirror.bjtu.edu.cn/apache//apr/apr-1.4.6.tar.gz
http://mirror.bjtu.edu.cn/apache//apr/apr-util-1.4.1.tar.gz
apache2.4 下载地址 http://mirror.bjtu.edu.cn/apache//httpd/httpd-2.4.1.tar.gz
tar -zxvf apr.tar.gz
tar -zxvf apr-util.tar.gz
tar -zxvf httpd-2.4.1.tar.gz
# 编译和安装 apr 1.4.6
cd apr
./configure –prefix=/usr/local/apr-httpd/
make
make install
# 编译和安装 apr-util 1.4.6
cd ../apr-util
./configure –prefix=/usr/local/apr-util-httpd/ –with-apr=/usr/local/apr-httpd/
make
make install
# 编译 httpd
cd ../httpd-2.4.1
./configure –with-apr=/usr/local/apr-httpd/ –with-apr-util=/usr/local/apr-util-httpd/
完成后httpd的目录为 /usr/local/apache/bin/httpd
配置目录 /usr/local/apache/conf/
为了使用简便,我们建立一个Apache的启动脚本,把Apache加入系统SysV服务。
[编辑]建立启动脚本
# vi /etc/rc.d/init.d/httpd
将下列代码粘贴到httpd文件中:
#!/bin/bash
# Startup script for the Apache2.0.X Web Server
# Fixed by Comsenz – Nanu (nanu@discuz.com)# chkconfig: – 85 15
# Source function library.
. /etc/rc.d/init.d/functionsif [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fiINITLOG_ARGS=”"
apachectl=/usr/local/apache2/bin/apachectl
httpd=${HTTPD-/usr/local/apache2/bin/httpd}
prog=httpd
RETVAL=0start() {
echo -n $”Starting $prog: ”
daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
return $RETVAL
}
stop() {
echo -n $”Stopping $prog: ”
killproc $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd /var/run/httpd.pid
}
reload() {
echo -n $”Reloading $prog: ”
killproc $httpd -HUP
RETVAL=$?
echo
}case “$1″ in
start)
start
;;
stop)
stop
;;
status)
status $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/run/httpd.pid ] ; then
stop
start
fi
;;
reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $”Usage: $prog{start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}”
exit 1
esacexit $RETVAL
注意文件中的
apachectl=/usr/local/apache2/bin/apachectl
httpd=${HTTPD-/usr/local/apache2/bin/httpd}
两行,如果您的Apache不是安装在/usr/local/apache2,请根据情况更改以上两行中Apache的路径!
授予httpd运行权限
# chmod 755 /etc/rc.d/init.d/httpd
[编辑]将httpd加入系统SysV服务并设置其开机自启动
# chkconfig –add httpd
# chkconfig –level 3 httpd on
这样,今后如需启动、停止、重启Apache就可以用以下方式了:
# service httpd start
# service httpd stop
测试环境:
本机:酷睿2 7500 笔记本 Fedora16 x64
目标机器:奔腾4 单核2.8G CentOS x64 5.7
Apache2.4.1 纯静态index.html (以下测试CPU最大占用 不超过50%)
[root@fedora webbench-1.5]# webbench -c 100 -t 10 http://10.0.0.2/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2/index.html
100 clients, running 10 sec.Speed=211098 pages/min, 1013328 bytes/sec.
Requests: 35183 susceed, 0 failed.大约是Nginx的一半
[root@fedora webbench-1.5]# webbench -c 500 -t 10 http://10.0.0.2/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2/index.html
500 clients, running 10 sec.Speed=191322 pages/min, 918604 bytes/sec.
Requests: 31887 susceed, 0 failed.[root@fedora webbench-1.5]# webbench -c 1000 -t 10 http://10.0.0.2/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2/index.html
1000 clients, running 10 sec.Speed=187194 pages/min, 899078 bytes/sec.
Requests: 31199 susceed, 0 failed.
[root@fedora webbench-1.5]# webbench -c 5000 -t 10 http://10.0.0.2/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2/index.html
5000 clients, running 10 sec.Speed=171432 pages/min, 822931 bytes/sec.
Requests: 28572 susceed, 0 failed.
[root@fedora webbench-1.5]# webbench -c 10000 -t 10 http://10.0.0.2/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2/index.html
10000 clients, running 10 sec.Speed=173844 pages/min, 836064 bytes/sec.
Requests: 28974 susceed, 0 failed.
[root@fedora webbench-1.5]# webbench -c 20000 -t 10 http://10.0.0.2/index.html(用时大大超过10秒)
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2/index.html
20000 clients, running 10 sec.Speed=110328 pages/min, 530985 bytes/sec.
Requests: 18388 susceed, 0 failed.后面的(30000并发)我的电脑已经承受不了啦
Nginx1.1.12
[yushi@fedora ~]$ webbench -c 100 -t 10 http://10.0.0.2:81/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2:81/index.html
100 clients, running 10 sec.Speed=408702 pages/min, 1689152 bytes/sec.
Requests: 68117 susceed, 0 failed.[yushi@fedora ~]$ webbench -c 200 -t 10 http://10.0.0.2:81/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://10.0.0.2:81/index.html
200 clients, running 10 sec.Speed=404562 pages/min, 1672140 bytes/sec.
Requests: 67427 susceed, 0 failed.更大连接数我机器的webbench 测试这个之后就挂了,再跑apache也不行
暂时先测试到这里,动态不测了(如果都用FPM,反向服务器只是传递一下,没太大比较价值),只测试静态页面处理,apache还是不如nginx处理快,稍后再研究下。
Freebsd9.0安装Nginx+PHP-FPM+MySQL+eAccelerator+Memcached
一月 25th, 2012本博客在freebsd9.0 x64下安装成功 软件版本 php5.3.10,mysql5.5,nginx1.0.11
(如果机器性能可以,整个编译过程预计耗时4个小时,当然如果网速慢,那就是半天甚至一天了,本博客是预先下载了所有编译的源代码到/usr/ports/distfiles,详细列表会贴在本文最后)
更新 ports
第一种方式: portsnap (自带)
首先修改/etc/portsnap.conf
SERVERNAME=portsnap.cn.freebsd.org
- 下载压缩的 Ports 套件快照到 /var/db/portsnap
# portsnap fetch
- 假如是首次运行 Portsnap, 则需要将快照释放到 /usr/ports:
# portsnap extract
如果您已经有装好的 /usr/ports 而只想更新, 则应执行下面的命令:
# portsnap update
第二种方式 首先安装 cvsup,更新ports (如果用上面的方式 此步跳过!)
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/All/cvsup-without-gui-16.1h_4.tbz
# pkg_add cvsup-without-gui-16.1h_4.tbz
完成后需要退出终端重新登陆。
复制cvsup更新配置文件
# cp /usr/share/examples/cvsup/ports-supfile /etc/supfile
下面是我使用的配置,屏蔽了desktop等一些服务器用不到的软件包,源已经改成中国镜像,速度比国外的主服务器要快很多
# $FreeBSD: release/9.0.0/share/examples/cvsup/ports-supfile 219858 2011-03-22 04:31:35Z glebius $
#
# This file contains all of the “CVSup collections” that make up the
# FreeBSD-current ports collection.
#
# CVSup (CVS Update Protocol) allows you to download the latest CVS
# tree (or any branch of development therefrom) to your system easily
# and efficiently (far more so than with sup, which CVSup is aimed
# at replacing). If you’re running CVSup interactively, and are
# currently using an X display server, you should run CVSup as follows
# to keep your CVS tree up-to-date:
#
# cvsup ports-supfile
#
# If not running X, or invoking cvsup from a non-interactive script, then
# run it as follows:
#
# cvsup -g -L 2 ports-supfile
#
# You may wish to change some of the settings in this file to better
# suit your system:
#
# host=CHANGE_THIS.FreeBSD.org
# This specifies the server host which will supply the
# file updates. You must change it to one of the CVSup
# mirror sites listed in the FreeBSD Handbook at
# http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS.
# You can override this setting on the command line
# with cvsup’s “-h host” option.
#
# base=/var/db
# This specifies the root where CVSup will store information
# about the collections you have transferred to your system.
# A setting of “/var/db” will generate this information in
# /var/db/sup. You can override the “base” setting on the
# command line with cvsup’s “-b base” option. This directory
# must exist in order to run CVSup.
#
# prefix=/usr
# This specifies where to place the requested files. A
# setting of “/usr” will place all of the files requested
# in “/usr/ports” (e.g., “/usr/ports/devel”, “/usr/ports/lang”).
# The prefix directory must exist in order to run CVSup.# Defaults that apply to all the collections
#
# IMPORTANT: Change the next line to use one of the CVSup mirror sites
# listed at http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS.
*default host=cvsup.cn.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix# If you seem to be limited by CPU rather than network or disk bandwidth, try
# commenting out the following line. (Normally, today’s CPUs are fast enough
# that you want to run compression.)
*default compress## Ports Collection.
#
# The easiest way to get the ports tree is to use the “ports-all”
# mega-collection. It includes all of the individual “ports-*”
# collections,
#ports-all# These are the individual collections that make up “ports-all”. If you
# use these, be sure to comment out “ports-all” above.
#
# Be sure to ALWAYS cvsup the ports-base collection if you use any of the
# other individual collections below. ports-base is a mandatory collection
# for the ports collection, and your ports may not build correctly if it
# is not kept up to date.
ports-base
#ports-accessibility
#ports-arabic
ports-archivers
#ports-astro
#ports-audio
ports-benchmarks
#ports-biology
#ports-cad
#ports-chinese
#ports-comms
ports-converters
ports-databases
#ports-deskutils
ports-devel
ports-dns
ports-editors
#ports-emulators
#ports-finance
#ports-french
ports-ftp
#ports-games
#ports-german
#ports-graphics
#ports-hebrew
#ports-hungarian
#ports-irc
#ports-japanese
#ports-java
#ports-korean
ports-lang
ports-mail
ports-math
ports-misc
#ports-multimedia
ports-net
#ports-net-im
#ports-net-mgmt
#ports-net-p2p
#ports-news
#ports-palm
#ports-polish
#ports-ports-mgmt
#ports-portuguese
#ports-print
#ports-russian
#ports-science
ports-security
ports-shells
ports-sysutils
ports-textproc
#ports-ukrainian
#ports-vietnamese
ports-www
#ports-x11
#ports-x11-clocks
#ports-x11-drivers
#ports-x11-fm
#ports-x11-fonts
#ports-x11-servers
#ports-x11-themes
#ports-x11-toolkits
#ports-x11-wm
然后 更新 Ports到最新
# cvsup -L 2 -g /etc/supfile
安装 screen(这个是很有必要,除非你在本地)
除非你确信在最长可达半天的编译时间里不会因为任何因素掉线,否则尽可能用屏幕保持软件,如果编译一大半突然断线,那就很麻烦了
# cd /usr/ports/sysutils/screen/
# make install clean
options 里直接点 OK 就可以了。编译安装完成后,打入 screen 进入 screen 环境,会有一个提示信息,直接点击回车就好,然后正常进行编译过程。如果断线,可以在重新连上 SSH 后通过下面的命令回到前面的工作中。
screen -r
安装 MySQL
Ports 里提供了很多版本的 MySQL,这里我选择了 5.5
# cd /usr/ports/databases/mysql55-server
# make WITH_CHARSET=gbk WITH_XCHARSET=all BUILD_OPTIMIZED=yes BUILD_STATIC=yes install clean
即可,慢慢等吧,要花一些时间的。
如果提示 Error when bootstrapping CMake: Cannot find appropriate Makefile processor on this system. Please specify one using environment variable MAKE.
安装下cmake即可:
pkg_add cmake -v -r
安装完成后,在 /usr/local/share/mysql/ 里有很多预先设置好的 MySQL 配置文件,可以根据自己的需要选择这些预先设置好的文件,或者根据自己的需要,写配置文件。
# cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf
# rehash
# echo mysql_enable=”YES” >> /etc/rc.conf
# /usr/local/etc/rc.d/mysql-server start
FreeBSD 下安装 MySQL 后,脚本会自动为其建立用户、用户组 mysql。可以根据自己需要,设置安全策略。
安装 PHP 版本 5.3 .10
# cd /usr/ports/lang/php5/
# make config
这里我根据自己需要,选择了(图片截取自5.3.9)
# make install clean
之后安装 PHP5 的扩展库
# cd /usr/ports/lang/php5-extensions
# make config
在对话框中,选择需要的(编译扩展是最耗时间的,至少2-3小时以上,根据需要能少选就少选!以后可以单个安装)
[X] BCMATH bc style precision math functions
[X] BZ2 bzip2 library support
[ ] CALENDAR calendar conversion support
[X] CTYPE ctype functions
[X] CURL CURL support
[ ] DBA dba support
[ ] DBASE dBase library support
[X] DOM DOM support
[ ] EXIF EXIF support
[ ] FILEINFO fileinfo support
[X] FILTER input filter support
[ ] FRIBIDI FriBidi support
[ X] FTP FTP support
[X] GD GD library support
[ ] GETTEXT gettext library support
[ ] GMP GNU MP support
[X] HASH HASH Message Digest Framework
[X] ICONV iconv support
[ ] IMAP IMAP support
[ ] INTERBASE Interbase 6 database support (Firebird)
[X] JSON JavaScript Object Serialization support
[ ] LDAP OpenLDAP support
[ ] MBSTRING multibyte string support
[X] MCRYPT Encryption support
[X] MHASH Crypto-hashing support
[ ] MING ming shockwave flash support
[ ] MSSQL MS-SQL database support
[X] MYSQL MySQL database support
[ ] MYSQLI MySQLi database support
[ ] NCURSES ncurses support (CLI only)
[ ] ODBC unixODBC support
[X] OPENSSL OpenSSL support
[ ] PCNTL pcntl support (CLI only)
[X] PCRE Perl Compatible Regular Expression support
[ ] PDF PDFlib support (implies GD)
[X] PDO PHP Data Objects Interface (PDO)
[X] PDO_SQLITE PDO sqlite driver
[X] PDO_MYSQL PDO mysql driver
[ ] PGSQL PostgreSQL database support
[X] POSIX POSIX-like functions
[ ] PSPELL pspell support
[ ] READLINE readline support (CLI only)
[ ] RECODE recode support
[X] SESSION session support
[ ] SHMOP shmop support
[X] SIMPLEXML simplexml support
[ ] SNMP SNMP support
[ X] SOAP SOAP support
[X ] SOCKETS sockets support
[X] SPL Standard PHP Library
[X] SQLITE sqlite support
[ ] SYBASE_CT Sybase database support
[ ] SYSVMSG System V message support
[ ] SYSVSEM System V semaphore support
[ ] SYSVSHM System V shared memory support
[ ] TIDY TIDY support
[X] TOKENIZER tokenizer support
[ ] WDDX WDDX support (implies XML)
[X] XML XML support
[X] XMLREADER XMLReader support
[ ] XMLRPC XMLRPC-EPI support
[X] XMLWRITER XMLWriter support
[ ] XSL XSL support (Implies DOM)
[ ] YAZ YAZ support (ANSI/NISO Z39.50)
[X ] ZIP ZIP support
[X] ZLIB ZLIB support
选择完成后,继续
# make install clean
经过漫长的等待(估计得一个多小时呢),终于完成了编译。启用 PHP-FPM
# echo php_fpm_enable=”YES” >> /etc/rc.conf
# /usr/local/etc/rc.d/php-fpm start
PHP-FPM 的配置文件,在 FreeBSD 下位于 /usr/local/etc/php-fpm.conf,可以自行更改
安装 nginx
nginx 的编译所用的时间相对于前两个东西而言,就快非常多了
# cd /usr/ports/www/nginx
# make install clean
编译选项
[ ] DEBUG Enable nginx debugging
[ ] DEBUGLOG Enable debug log (–with-debug)
[ ] FILE_AIO Enable file aio
[X] IPV6 Enable IPv6
[ ] GOOGLE_PERFTOOLS Enable google perftools module
[X] HTTP_MODULE Enable HTTP module
[ ] HTTP_ADDITION_MODULE Enable http_addition module
[X] HTTP_CACHE_MODULE Enable http_cache module
[ ] HTTP_DAV_MODULE Enable http_webdav module
[ ] HTTP_FLV_MODULE Enable http_flv module
[ ] HTTP_GEOIP_MODULE Enable http_geoip module
[X] HTTP_GZIP_STATIC_MODULE Enable http_gzip_static module
[ ] HTTP_IMAGE_FILTER_MODULE Enable http_image_filter module
[ ] HTTP_PERL_MODULE Enable http_perl module
[ ] HTTP_RANDOM_INDEX_MODULE Enable http_random_index module
[ ] HTTP_REALIP_MODULE Enable http_realip module
[X] HTTP_REWRITE_MODULE Enable http_rewrite module
[ ] HTTP_SECURE_LINK_MODULE Enable http_secure_link module
[X] HTTP_SSL_MODULE Enable http_ssl module
[X] HTTP_STATUS_MODULE Enable http_stub_status module
[ ] HTTP_SUB_MODULE Enable http_sub module
[ ] HTTP_XSLT_MODULE Enable http_xslt module
[ ] MAIL_MODULE Enable IMAP4/POP3/SMTP proxy modul
[ ] MAIL_IMAP_MODULE Enable IMAP4 proxy module
[ ] MAIL_POP3_MODULE Enable POP3 proxy module
[ ] MAIL_SMTP_MODULE Enable SMTP proxy module
[ ] MAIL_SSL_MODULE Enable mail_ssl module
[X] WWW Enable html sample files
[ ] CACHE_PURGE_MODULE 3rd party cache_purge module
[ ] ECHO_MODULE 3rd party echo module
[ ] HEADERS_MORE_MODULE 3rd party headers_more module
[ ] HTTP_ACCEPT_LANGUAGE 3rd party accept_language module
[ ] HTTP_ACCESSKEY_MODULE 3rd party http_accesskey module
[ ] HTTP_AUTH_PAM_MODULE 3rd party http_auth_pam module
[ ] HTTP_AUTH_REQ_MODULE 3rd party http_auth_request module
[ ] HTTP_EVAL_MODULE 3rd party eval module
[ ] HTTP_FANCYINDEX_MODULE 3rd party http_fancyindex module
[ ] HTTP_GUNZIP_FILTER 3rd party http_gunzip_filter modul
[ ] HTTP_MOGILEFS_MODULE 3rd party mogilefs module
[ ] HTTP_MP4_H264_MODULE 3rd party mp4/h264 module
[ ] HTTP_NOTICE_MODULE 3rd party notice module
[ ] HTTP_PUSH_MODULE 3rd party push module
[ ] HTTP_REDIS_MODULE 3rd party http_redis module
[ ] HTTP_RESPONSE_MODULE 3rd party http_response module
[ ] HTTP_UPLOAD_MODULE 3rd party upload module
[ ] HTTP_UPLOAD_PROGRESS 3rd party uploadprogress module
[ ] HTTP_UPSTREAM_FAIR 3rd party upstream fair module
[ ] HTTP_UPSTREAM_HASH 3rd party upstream hash module
[ ] HTTP_UPSTREAM_KEEPALIVE 3rd party upstream keepalive modul
[ ] HTTP_ZIP_MODULE 3rd party http_zip module
[ ] MEMC_MODULE 3rd party memc (memcached) module
[ ] PASSENGER_MODULE 3rd party passenger module
[ ] SLOWFS_CACHE_MODULE 3rd party slowfs_cache module
[ ] SUPERVISORD_MODULE 3rd party supervisord module
[ ] SYSLOG_SUPPORT 3rd party syslog support
[ ] UDPLOG_MODULE 3rd party udplog (syslog) module
编译完成后,启动 nginx
# echo nginx_enable=”YES” >> /etc/rc.conf
这里先不急着 start nginx,因为现在还没有对 PHP 的支持。
# vi /usr/local/etc/nginx/nginx.conf
将如下段落前的 “#” 删除,并且将 html 更改为 /usr/local/www/nginx
location ~ \.php$ {
root /usr/local/www/nginx;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
结束后,编辑 /usr/local/etc/nginx/fastcgi_params,加入
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
启动 nginx,看看是否已经对 PHP 了
# /usr/local/etc/rc.d/nginx start
# echo “<?php phpinfo() ?>” > /usr/local/www/nginx/info.php
访问 http://yourdomain/info.php,看到 phpinfo 的页面则证明无误。
安装 eAcceletrator
eAcceletrator 可以预编译你的 PHP,这样执行的时候,就会起到加速作用。(下图红色地址部分需要根据自己编译结束后给出的地址修改)
# cd /usr/ports/www/eaccelerator
# make install clean
# echo zend_extension=”/usr/local/lib/php/20060613/eaccelerator.so” >> /usr/local/etc/php.ini
# mkdir /tmp/eaccelerator
# chown www /tmp/eaccelerator
# chmod 0700 /tmp/eaccelerator
# /usr/local/etc/rc.d/php-fpm restart
再刷新刚才的 info.php,看看是不是加入了 eAcceletrator 的支持
安装memcached
cd /usr/ports/databases/memcached
make install cleancd /usr/ports/databases/pecl-memcache
make install clean
echo “memcached_enable=YES” >> /etc/rc.conf
开启 /usr/local/etc/rc.d/memcached start
下面附上安装过程中会下载的软件(只供大致参考,一般都需要自己下载,可以配置163的镜像源)
/usr/ports/distfiles/xcb-proto-1.6.tar.bz2
/usr/ports/distfiles/varnish-3.0.2.tar.gz
/usr/ports/distfiles/unzip60.tar.gz
/usr/ports/distfiles/tcl8.5.11-src.tar.gz
/usr/ports/distfiles/t1lib-5.1.2.tar.gz
/usr/ports/distfiles/suhosin-patch-5.3.9-0.9.10.patch.gz
/usr/ports/distfiles/sqlite-src-3071000.zip
/usr/ports/distfiles/screen-4.0.3.tar.gz
/usr/ports/distfiles/repcached-2.3.1-1.4.10.patch.gz
/usr/ports/distfiles/redis-2.4.4.tar.gz
/usr/ports/distfiles/php-5.3.9.tar.bz2
/usr/ports/distfiles/pcre-8.21.tar.bz2
/usr/ports/distfiles/pcre-8.20.tar.bz2
/usr/ports/distfiles/openldap-2.4.26.tgz
/usr/ports/distfiles/nss-3.13.1.with.ckbi.1.88.tar.gz
/usr/ports/distfiles/nload-0.7.3.tar.gz
/usr/ports/distfiles/Nginx_upstream_hash-0.3.1.tar.gz
/usr/ports/distfiles/nginx_upstream_fair-20090923.tar.gz
/usr/ports/distfiles/nginx-1.0.11.tar.gz
/usr/ports/distfiles/mysql-5.5.20.tar.gz
/usr/ports/distfiles/memcached-1.4.10.tar.gz
/usr/ports/distfiles/make-3.82.tar.bz2
/usr/ports/distfiles/m4-1.4.16.tar.bz2
/usr/ports/distfiles/libxcb-1.7.tar.bz2
/usr/ports/distfiles/libtool-2.4.tar.gz
/usr/ports/distfiles/libpthread-stubs-0.3.tar.bz2
/usr/ports/distfiles/libpng-1.4.8.tar.xz
/usr/ports/distfiles/libpng-1.4.8-apng.patch.gz
/usr/ports/distfiles/libmcrypt-2.5.8.tar.gz
/usr/ports/distfiles/libiconv-1.13.1.tar.gz
/usr/ports/distfiles/libgpg-error-1.10.tar.bz2
/usr/ports/distfiles/libgcrypt-1.5.0.tar.bz2
/usr/ports/distfiles/libexecinfo-1.1.tar.bz2
/usr/ports/distfiles/libevent-1.4.14b-stable.tar.gz
/usr/ports/distfiles/IO-Tty-1.10.tar.gz
/usr/ports/distfiles/help2man-1.40.5.tar.gz
/usr/ports/distfiles/haproxy-1.4.16.tar.gz
/usr/ports/distfiles/gettext-1.05.tar.gz
/usr/ports/distfiles/gettext-0.18.1.1.tar.gz
/usr/ports/distfiles/freetype-2.4.7.tar.bz2
/usr/ports/distfiles/eaccelerator-0.9.6.1.tar.bz2
/usr/ports/distfiles/cyrus-sasl-2.1.25.tar.gz
/usr/ports/distfiles/curl-7.21.3.tar.bz2
/usr/ports/distfiles/cmake-2.8.7.tar.gz
/usr/ports/distfiles/check-0.9.8.tar.gz
/usr/ports/distfiles/automake-1.11.1.tar.bz2
/usr/ports/distfiles/autoconf-2.68.tar.bz2
/usr/ports/distfiles/agentzh-headers-more-nginx-module-v0.16-0-gde77fd2.tar.gz
/usr/ports/distfiles/xorg
/usr/ports/distfiles/ruby
/usr/ports/distfiles/python
/usr/ports/distfiles/PECL
/usr/ports/distfiles/jpeg8b2
/usr/ports/distfiles/gnome2
博文原址:http://www.ppkj.net/?p=986
freebsd ports安装p5-IO-Tty
一月 24th, 2012Failed to create new PTY – try installing the IO::Tty Perl module
freebsd9下 webmin安装ssl模块会提示上述错误,安装p5-IO-Tty模块即可
cd /usr/ports/devel/p5-IO-Tty
make install clean
Nginx/LINUX中文url支持
一月 24th, 20121:确定你的系统是UTF编码
[root@Tserver ~]# env|grep LANG
LANG=en_US.UTF-8
2:NGINX配置文件里默认编码设置为utf-8
server
{
listen 80;
server_name .inginx.com ;
index index.html index.htm index.php;
root /usr/local/nginx/html/inginx.com;
charset utf-8;
}
3:如果使用putty
windows –> translation –>UTF-8
mkdir NGINX中文技术站
echo ‘NGINX中文技术站’ > NGINX中文技术站/中国.html
如果是用securecrt 上传文件,请选择 回话–>外观–UTF-8
如果是FTP软件也将默认编码设置为TUF-8
4,如果上传的文件名出现乱码显示
执行(转换当前目录下所有文件编码,如果GBK不行可以尝试GB2312,请先备份!)
for f in `ls *.*` ; do mv $f `ls $f|iconv -f GBK -t UTF-8`; done
完毕
Redis几个认识误区(转)
一月 22nd, 2012前几天微博发生了一起大的系统故障,很多技术的朋友都比较关心,其中的原因不会超出James Hamilton在On Designing and Deploying Internet-Scale Service(1)概括的那几个范围,James第一条经验“Design for failure”是所有互联网架构成功的一个关键。互联网系统的工程理论其实非常简单,James paper中内容几乎称不上理论,而是多条实践经验分享,每个公司对这些经验的理解及执行力决定了架构成败。
题外话说完,最近又研究了Redis。去年曾做过一个MemcacheDB, Tokyo Tyrant, Redis performance test,到目前为止,这个benchmark结果依然有效。这1年我们经历了很多眼花缭乱的key value存储产品的诱惑,从Cassandra的淡出(Twitter暂停在主业务使用)到HBase的兴起(Facebook新的邮箱业务选用HBase(2)),当再回头再去看Redis,发现这个只有1万多行源代码的程序充满了神奇及大量未经挖掘的特性。Redis性能惊人,国内前十大网站的子产品估计用1台Redis就可以满足存储及Cache的需求。除了性能印象之外,业界其实普遍对Redis的认识存在一定误区。本文提出一些观点供大家探讨。
1. Redis是什么
这个问题的结果影响了我们怎么用Redis。如果你认为Redis是一个key value store, 那可能会用它来代替MySQL;如果认为它是一个可以持久化的cache, 可能只是它保存一些频繁访问的临时数据。Redis是REmote DIctionary Server的缩写,在Redis在官方网站的的副标题是A persistent key-value database with built-in net interface written in ANSI-C for Posix systems,这个定义偏向key value store。还有一些看法则认为Redis是一个memory database,因为它的高性能都是基于内存操作的基础。另外一些人则认为Redis是一个data structure server,因为Redis支持复杂的数据特性,比如List, Set等。对Redis的作用的不同解读决定了你对Redis的使用方式。
互联网数据目前基本使用两种方式来存储,关系数据库或者key value。但是这些互联网业务本身并不属于这两种数据类型,比如用户在社会化平台中的关系,它是一个list,如果要用关系数据库存储就需要转换成一种多行记录的形式,这种形式存在很多冗余数据,每一行需要存储一些重复信息。如果用key value存储则修改和删除比较麻烦,需要将全部数据读出再写入。Redis在内存中设计了各种数据类型,让业务能够高速原子的访问这些数据结构,并且不需要关心持久存储的问题,从架构上解决了前面两种存储需要走一些弯路的问题。
2. Redis不可能比Memcache快
很多开发者都认为Redis不可能比Memcached快,Memcached完全基于内存,而Redis具有持久化保存特性,即使是异步的,Redis也不可能比Memcached快。但是测试结果基本是Redis占绝对优势。一直在思考这个原因,目前想到的原因有这几方面。
- Libevent。和Memcached不同,Redis并没有选择libevent。Libevent为了迎合通用性造成代码庞大(目前Redis代码还不到libevent的1/3)及牺牲了在特定平台的不少性能。Redis用libevent中两个文件修改实现了自己的epoll event loop(4)。业界不少开发者也建议Redis使用另外一个libevent高性能替代libev,但是作者还是坚持Redis应该小巧并去依赖的思路。一个印象深刻的细节是编译Redis之前并不需要执行./configure。
- CAS问题。CAS是Memcached中比较方便的一种防止竞争修改资源的方法。CAS实现需要为每个cache key设置一个隐藏的cas token,cas相当value版本号,每次set会token需要递增,因此带来CPU和内存的双重开销,虽然这些开销很小,但是到单机10G+ cache以及QPS上万之后这些开销就会给双方相对带来一些细微性能差别(5)。
3. 单台Redis的存放数据必须比物理内存小
Redis的数据全部放在内存带来了高速的性能,但是也带来一些不合理之处。比如一个中型网站有100万注册用户,如果这些资料要用Redis来存储,内存的容量必须能够容纳这100万用户。但是业务实际情况是100万用户只有5万活跃用户,1周来访问过1次的也只有15万用户,因此全部100万用户的数据都放在内存有不合理之处,RAM需要为冷数据买单。
这跟操作系统非常相似,操作系统所有应用访问的数据都在内存,但是如果物理内存容纳不下新的数据,操作系统会智能将部分长期没有访问的数据交换到磁盘,为新的应用留出空间。现代操作系统给应用提供的并不是物理内存,而是虚拟内存(Virtual Memory)的概念。
基于相同的考虑,Redis 2.0也增加了VM特性。让Redis数据容量突破了物理内存的限制。并实现了数据冷热分离。
4. Redis的VM实现是重复造轮子
Redis的VM依照之前的epoll实现思路依旧是自己实现。但是在前面操作系统的介绍提到OS也可以自动帮程序实现冷热数据分离,Redis只需要OS申请一块大内存,OS会自动将热数据放入物理内存,冷数据交换到硬盘,另外一个知名的“理解了现代操作系统(3)”的Varnish就是这样实现,也取得了非常成功的效果。
作者antirez在解释为什么要自己实现VM中提到几个原因(6)。主要OS的VM换入换出是基于Page概念,比如OS VM1个Page是4K, 4K中只要还有一个元素即使只有1个字节被访问,这个页也不会被SWAP, 换入也同样道理,读到一个字节可能会换入4K无用的内存。而Redis自己实现则可以达到控制换入的粒度。另外访问操作系统SWAP内存区域时block进程,也是导致Redis要自己实现VM原因之一。
5. 用get/set方式使用Redis
作为一个key value存在,很多开发者自然的使用set/get方式来使用Redis,实际上这并不是最优化的使用方法。尤其在未启用VM情况下,Redis全部数据需要放入内存,节约内存尤其重要。
假如一个key-value单元需要最小占用512字节,即使只存一个字节也占了512字节。这时候就有一个设计模式,可以把key复用,几个key-value放入一个key中,value再作为一个set存入,这样同样512字节就会存放10-100倍的容量。
这就是为了节约内存,建议使用hashset而不是set/get的方式来使用Redis,详细方法见参考文献(7)。
6. 使用aof代替snapshot
Redis有两种存储方式,默认是snapshot方式,实现方法是定时将内存的快照(snapshot)持久化到硬盘,这种方法缺点是持久化之后如果出现crash则会丢失一段数据。因此在完美主义者的推动下作者增加了aof方式。aof即append only mode,在写入内存数据的同时将操作命令保存到日志文件,在一个并发更改上万的系统中,命令日志是一个非常庞大的数据,管理维护成本非常高,恢复重建时间会非常长,这样导致失去aof高可用性本意。另外更重要的是Redis是一个内存数据结构模型,所有的优势都是建立在对内存复杂数据结构高效的原子操作上,这样就看出aof是一个非常不协调的部分。
其实aof目的主要是数据可靠性及高可用性,在Redis中有另外一种方法来达到目的:Replication。由于Redis的高性能,复制基本没有延迟。这样达到了防止单点故障及实现了高可用。
小结
要想成功使用一种产品,我们需要深入了解它的特性。Redis性能突出,如果能够熟练的驾驭,对国内很多大型应用具有很大帮助。希望更多同行加入到Redis使用及代码研究行列。
参考文献
- On Designing and Deploying Internet-Scale Service(PDF)
- Facebook’s New Real-Time Messaging System: HBase To Store 135+ Billion Messages A Month
- What’s wrong with 1975 programming
- Linux epoll is now supported(Google Groups)
- CAS and why I don’t want to add it to Redis(Google Groups)
- Plans for Virtual Memory(Google Groups)
- Full of keys(Salvatore antirez Sanfilippo)
原文地址:http://timyang.net/data/redis-misunderstanding/
Freebsd9.0发布
一月 21st, 2012http://www.freebsd.org/ FreeBSD – 稳定可靠的类Unix系统 最新版9.0发布
Linux下hdparm硬盘测速
一月 19th, 2012在Linux下可以使用hdparm对硬盘进行测试或者查看硬盘的相关信息。这样你就知道了硬盘读写速度。
hdparm
参数:
-a 表示是否关闭磁盘预读取功能。对于大文件读取,这个显然能提高性能。
-A设置硬盘驱动器缓存读取特性。可能就是硬盘缓存开关
-g 显示硬盘的磁轨,磁头,磁区等参数。
-i 显示硬盘的硬件规格信息,这些信息是在开机时由硬盘本身所提供。
-I 直接读取硬盘所提供的硬件规格信息。
-p 设定硬盘的PIO模式。
-Tt 评估硬盘的读取效率和硬盘快取的读取效率。
-u; 在硬盘存取时,允许其他中断要求同时执行。
-v 显示硬盘的相关设定。
例子:
1)直接硬盘读测试
[root@apktv ~]# hdparm -tT –direct /dev/sda1
/dev/sda1:
Timing O_DIRECT cached reads: 704 MB in 2.00 seconds = 351.50 MB/sec
HDIO_DRIVE_CMD(null) (wait for flush complete) failed: Inappropriate ioctl for device
Timing O_DIRECT disk reads: 546 MB in 3.01 seconds = 181.43 MB/sec
HDIO_DRIVE_CMD(null) (wait for flush complete) failed: Inappropriate ioctl for device
使用DMA方式传输数据可以占用更少的CPU资源,因此与其它操作系统一样,Linux支持硬盘以DMA方式转输数据,但在安装Red Hat7.0时关于DMA的默认选项是Disable的,当然你可以在安装时就enable它。
hdparm -t /dev/hda 查看IDE的磁盘,Sata或scsi的为:hdparm -t /dev/sda
一硬盘using_dma 为off,读取速度慢;而另一硬盘using_dma 为on,读取速度快。
查看与开启DMA支持执行命令如下:
[root@RJ-RMS root]# hdparm -cdt /dev/hda
/dev/hda:
IO_support = 0 (default 16-bit)
using_dma = 0 (off)
Timing buffered disk reads: 64 MB in 20.84 seconds = 3.07 MB/sec[root@RJ-RMS root]# hdparm -d1 /dev/hda
/dev/hda:
setting using_dma to 1 (on)
using_dma = 1 (on)
[root@RJ-RMS root]# hdparm -cdt /dev/hda
/dev/hda:
IO_support = 0 (default 16-bit)
using_dma = 1 (on)
Timing buffered disk reads: 64 MB in 1.09 seconds = 58.72 MB/sec
hdparm的改变是个临时的状态,下次再次启动Linux系统的时候hdparm将会消失。所以要想永久的保存修改后的信息,就必须把修改后的参数和数据写入/etc/rc.d/rc.local或/etc/rc.local文档,甚至比启动过程要早运行的程式中。
坏道修复
检查: smartctl -l selftest /dev/sda
卸载: umount /dev/sda*
修复: badblocks /dev/sda