[root@viyin etc]# tail /var/log/messages
Aug 6 11:29:26 viyin kernel: printk: 640 messages suppressed.
Aug 6 11:29:26 viyin kernel: TCP: time wait bucket table overflow
Aug 6 11:29:31 viyin kernel: printk: 299 messages suppressed.
Aug 6 11:29:31 viyin kernel: TCP: time wait bucket table overflow
Aug 6 11:29:37 viyin kernel: printk: 590 messages suppressed.
Aug 6 11:29:37 viyin kernel: TCP: time wait bucket table overflow
Aug 6 11:29:41 viyin kernel: printk: 711 messages suppressed.
Aug 6 11:29:41 viyin kernel: TCP: time wait bucket table overflow
Aug 6 11:29:46 viyin kernel: printk: 290 messages suppressed.
Aug 6 11:29:46 viyin kernel: TCP: time wait bucket table overflow
查看80连接状态
[root@viyin ~]# netstat -an | grep 80 | awk ‘{print $6}’ | sort | uniq -c | sort -rn
5539 ESTABLISHED
768 TIME_WAIT
321 FIN_WAIT1
165 FIN_WAIT2
56 LAST_ACK
32 CONNECTED
22 SYN_RECV
5 STREAM
3 LISTEN
1 33410680
修改 /etc/sysctl.conf
sysctl net.ipv4.tcp_max_tw_buckets=10000
location ~ ^/phpmyadmin/ {
allow 1.1.1.0/24;
allow 2.2.2.2.2/32;
deny all;
index index.php index.do index.html index.htm;
location ~ .*\.(php|php5)?$
{
fastcgi_pass unix:/tmp/php-cgi.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
}
connect() to unix:/tmp/php-cgi.sock failed (11: Resource temporarily unavailable) while connecting to upstream,
PHP-FPM 配置文件中的:
-1
改成:
1024
参考
http://forum.nginx.org/read.php?3,31467,31467
在nginx.conf的http{}添加
limit_zone one $binary_remote_addr 10m;
然后在虚拟机里写
location / {
limit_conn one 1; 线程
limit_rate 100k; 速度
}
表示限速100K 每个客户端只允许一个线程
最终速度=rate * conn
1、用低权限账号运行Nginx。例www
2、在php.ini中禁用危险的函数。如:system,passthru,shell_exec,exec,popen,proc_open,chroot,scandir,chgrp,chown等,但禁止太多的函数可能对某些php程序的正常运行产生影响。
3、在php.ini中设置open_basedir,如:open_basedir = “/usr/local/webserver/nginx/html/www.xpb.cn_7da347bc1a9fd621/:/usr/local/webserver/nginx/html/viyin.cn_7da347bc1a9fd621/”
4、禁止目录遍历,各个虚拟主机用户放在不易于猜到的目录,如:www.viyin.net_7da347bc1a9fd621、viyin.cn_7da347bc1a9fd621
5、自己找一个php木马,自我测试服务器安全!
freebsd下apache+nginx+php+mysql+eaccelerator+memcache安装配置
太长了。到后面没那么细心了。直接复制粘贴上来。就不加说明了。
1.安装apache
bsd1# pwd
/usr/ports/www/apache22
bsd1# make install clean
2.安装MYSQL
./configure –prefix=/usr/local/mysql –enable-assembler –with-charset=utf8 –enable-thread-safe-client –with-extra-charsets=all –with-big-tables –with-readline –with-ssl –with-embedded-server –enable-local-infile –with-plugins=innobase
make -j 5
make install
groupadd mysql
useradd -g mysql mysql
cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db –user=mysql
chown -R mysql /usr/local/mysql/var
chgrp -R mysql /usr/local/mysql/.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod 755 /etc/init.d/mysql
这是linux的安装命令。BSD照着改一下
2.安装PHP
先装组件jpeg,libpng,freetype,zlib,gd,curl,libxml2,libxslt,libmcrypt
pkg_add -r gd
pkg_add -r freetype
pkg_add -r curl
pkg_add -r libxml2
pkg_add -r libxslt
pkg_add -r libmcrypt
pkg_add -r mhash
./configure –prefix=/usr/local/php –with-config-file-path=/etc –with-apxs2=/usr/local/sbin/apxs –with-mysql=/usr/local/mysql –with-mysqli=/usr/local/mysql/bin/mysql_config –with-iconv-dir –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir –enable-xml –disable-rpath –enable-discard-path –enable-magic-quotes –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –enable-ftp –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –without-pear –with-gettext –with-mime-magic –enable-suhosin
make &&make install
cp php.ini-dist /etc/php.ini
阅读全文…
分类: √freebsd, √linux, √web, √个人碎语, √历史, √思科华为, √文章精选 标签: apache, eaccelerator, famp, freebsd, memcache, mysql, php, √nginx
