远程图片&视频服务器的部署 discuz/wordpress等通用

服务器先安装CentOS 7 64位操作系统
然后开始部署环境

关闭防火墙

systemctl stop firewalld
systemctl mask firewalld
systemctl stop iptables

关闭Selinux

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
setenforce 0

优化系统文件打开数量

ulimit -n
cat /etc/security/limits.conf
echo "* soft nofile 65535
* hard nofile 65535
">>/etc/security/limits.conf

echo "ulimit -SHn 65535">>/etc/rc.local
echo "ulimit -SHn 65535">>/etc/profile
ulimit -SHn 65535

sed -i -e 's/4096/unlimited/g' /etc/security/limits.d/20-nproc.conf
cat /etc/security/limits.d/20-nproc.conf

设置时区并且修复NTP的一个漏洞

hwclock --systohc
yum -y install ntp
chkconfig ntpd on
service ntpd stop
rm -rf /etc/localtime
cp -Rp /usr/share/zoneinfo/UTC /etc/localtime
#ntpdate pool.ntp.org
#ntpdate 0.us.pool.ntp.org
service ntpd stop
ntpdate time.apple.com
service ntpd start
cat >/etc/ntp.conf < 
设置DNS解析服务器
echo "nameserver 8.8.8.8
nameserver 8.8.4.4">/etc/resolv.conf
cat /etc/resolv.conf
安装软件包和更新系统软件包到最新版本
yum -y update
cd /opt
yum -y install epel-release
yum -y install rsync wget xz vsftpd iftop unzip gd gd-devel gcc gcc-c++ \
autoconf automake make zlib zlib-devel openssl openssl-devel pcre pcre-devel

配置VSFTP

如果你不需要FTP上传 而是使用RSYNC同步的话 可以不安装vsftpd
echo "anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
ls_recurse_enable=YES
listen=YES
pam_service_name=vsftpd
tcp_wrappers=YES
ftpd_banner=Welcome to FTP service
allow_writeable_chroot=YES
">/etc/vsftpd/vsftpd.conf

touch /etc/vsftpd/chroot_list
service vsftpd start
chkconfig vsftpd on

# 添加用户
useradd ftpuser -s /sbin/nologin
echo ftpuser:ftppassword | chpasswd
usermod -s /sbin/nologin ftpuser
chmod a-w /home/ftpuser
systemctl restart vsftpd


这里的 ftpuser 就是FTP用户  这里的ftppassword 就是ftp密码
开始安装NGINX
cd /opt
wget -c http://nginx.org/download/nginx-1.10.1.tar.gz
tar xfz nginx-1.10.1.tar.gz
cd nginx*
./configure --prefix=/usr/local/nginx \
--with-pcre \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_gzip_static_module \
--with-http_secure_link_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-ipv6
make && make install

ln -s /usr/local/nginx/sbin/nginx /sbin/nginx
nginx -t

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
echo "/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf">>/etc/rc.local
chmod +x /etc/rc.local
cat /etc/rc.local

配置文件

nginx.conf
user  nobody;
worker_processes  auto;
worker_cpu_affinity auto;
error_log /dev/null;
worker_rlimit_nofile 51200;

events {
	use epoll;
	worker_connections 51200;
}

http {
	include mime.types;
	default_type  application/octet-stream;
	server_name_in_redirect off;
	types_hash_max_size 2048;
	types_hash_bucket_size 128;
	server_names_hash_max_size 2048;
	server_names_hash_bucket_size 128;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout  5;

	gzip on;
	gzip_vary on;
	gzip_disable "MSIE [1-6]\.";
	gzip_proxied any;
	gzip_http_version 1.1;
	gzip_min_length  1000;
	gzip_comp_level  6;
	gzip_buffers  16 8k;
	gzip_types    text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/javascript application/xml+rss application/atom+xml;
	
	ignore_invalid_headers on;
	client_header_timeout  3m;
	client_body_timeout 3m;
	send_timeout     3m;
	reset_timedout_connection on;
	connection_pool_size  256;
	client_header_buffer_size 256k;
	large_client_header_buffers 4 256k;
	client_max_body_size 100M;
	client_body_buffer_size 128k;
	request_pool_size  32k;
	output_buffers   4 32k;
	postpone_output  1460;
	proxy_headers_hash_bucket_size 2048;
	proxy_headers_hash_max_size 512;
	proxy_temp_path /cache/nginx/temp;
	proxy_cache_path /cache/nginx/cache1 levels=1:2 keys_zone=cache_one:100M inactive=1d max_size=10G;
	#proxy_cache_path /cache/nginx/cache2 levels=1:2 keys_zone=cache_dyn:250M inactive=7d max_size=50G;
	#proxy_cache_path /cache/nginx/cache3 levels=1:2 keys_zone=cache_vid:500M inactive=1m max_size=100G;

	log_format logstash '$http_host '
			    '$remote_addr [$time_local] '
			    '"$request" $status $bytes_sent '
			    '"$http_referer" "$http_user_agent" '
			    '$request_time '
			    '$upstream_response_time '
			    '$upstream_cache_status';
	log_format access '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" cache:$upstream_cache_status';

	error_page 404 /404.html;
	limit_conn_zone $binary_remote_addr zone=addr:10m;

	server {
	        listen 80 default_server;
		listen [::]:80 default_server;
	        server_name  _;
		index index.html index.htm index.php;
		root  /home/ftpuser;
		error_page 404 /404.html;
		location  /404.html {
		  internal;
		}
		location /nginx_status {
			stub_status on;
		}

		location ~ .flv$ {
			flv;
		}
		location ~ .mp4$ {
			mp4;
			mp4_buffer_size 4M;
			mp4_max_buffer_size 10M;

			#限速 这个意思是限3个连接数,单连接数最高速度128k
			limit_conn addr            3;
			limit_rate_after          5m;
			limit_rate              128k;
		}

# 其他配置

	}

}

大功告成了
FTP主机的IP 就是 服务器IP 端口默认21

用户名就是先安装vsftp的那个信息 ftpuser 改为你的 如果改了 记得那个nginx的目录指定 也需要改
目录就是 /

如果多网站使用的话 改为 /site1/

域名也可以绑定A到 /site1  B站域名绑定到 /site2
这里以Wordpress为例子

Discuz/PHPwind那些都自带支持了 WordPress需要安装插件 搜索 Remote Attachment
添加FTP信息即可
nginx -t 测试有无问题

无问题 nginx 启动

nginx -s stop 停止

nginx -s reload 重新载入配置文件 适用于修改了nginx.conf的vhost区域 如果修改了nginx的http区域 必须stop在启动一次才生效

nginx -s reopen 重新打开日志文件


您可能敢兴趣的博文:

科普DNS解析记录 中的301/302 转向
小公司多局域网 组建共享的网络服务器
大规模CDN中 解决通知实时性的问题
WebSitePanel 中文语言包 汉化 已经翻译完成
为什么不推荐 阿里云 阿里云国际版 Alibaba Cloud?

发表回复