วันนี้เช่า Dedicate server ตัวใหม่ที่เมืองนอก
ผมเช่าที่ Zipservers.com สเป๊กเครื่องธรรมดาๆน่ะคับ เอามารันโปรแกรม SImplifiedSEC
ประมาณนี้ครับ
- CPU AMD64 Athlon 3.2 GHz
- Ram 2 GB
- Harddisk SATA 80 G
ราคา $114/month (ราคานี้ต้องมาลงโปรแกรมเอง เค้าลงให้แต่ OS ซึ่งผมใช้ Debian Stable)
เอาล่ะคับ ทีนี้มาค่อยๆดูไปทีละขั้นตอน (จริงๆตั้งใจจะเขียนไว้อ่านเอง ใครจะเอาไปลองเล่นดูก็ไม่ว่านะ จริงๆมันก็ Basic แหละ แต่ผมมันประเภทขี้ลืม คราวหลังถ้าลงใหม่ จะได้ทำได้เลย ไม่ต้องคลำๆมาก)
## แก้ชื่อ Hostname
shell> pico /etc/hostname
server2.myplugblog.com
## ตั้ง Static IP (อันนี้เป็น IP ในวงแลนนะ)
#EDIT
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.15
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.1.255
gateway 192.168.1.1
shell> ifup eth0
shell> pico /etc/hosts
#ADD
192.168.1.15 server2.myplugblog.com
shell> pico /etc/resolv.conf
#EDIT
search myplugblog.com
nameserver 72.36.228.50
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 72.36.191.2
nameserver 72.36.190.2
## openssl
shell> apt-get install openssl libssl0.9.7 libssl-dev ca-certificates
shell> apt-get install libpng3 libpng3-dev libjpeg-dev freetype
shell> apt-get install -y \
make \
tar \
original-awk \
bzip2 \
patch \
ucf \
gcc \
binutils \
cpp \
cpp-3.3 \
gcc-3.3 \
flex \
bison \
bc \
bin86 \
bison \
dc \
dictionaries-common \
doc-linux-text \
dpkg-dev \
file \
finger \
flex \
ftp \
g++ \
g++-3.3 \
gdb \
ibritish \
ispell \
less \
libc6-dev \
libevent1 \
libgpmg1 \
libident \
libidn11 \
libnss-db \
libreadline5 \
libstdc++5-3.3-dev \
linux-kernel-headers \
locales \
lsof \
m4 \
manpages-dev \
module-init-tools \
mpack \
mtools \
mtr-tiny \
ncurses-term \
pidentd \
python \
python-newt \
rcs \
sharutils \
strace \
tcsh \
texinfo \
w3m \
wamerican
## get source
cd /usr/src
wget http://www.boutell.com/gd/http/gd-2.0.33.tar.gz
wget http://curl.haxx.se/download/curl-7.16.1.tar.gz
wget http://xmlsoft.org/sources/libxml2-2.6.30.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/libpng/zlib-1.2.3.tar.gz
wget http://dev.mysql.com/get/Downloads/MySQL-4.1/mysql-4.1.22.tar.gz/from/http://mirror.trouble-free.net/mysql_mirror/
wget http://mirror.trouble-free.net/sources/ZendOptimizer-3.0.2-linux-glibc21-i386.tar.gz
wget http://www.mirrorgeek.com/apache.org/httpd/apache_1.3.39.tar.gz
wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
wget http://us2.php.net/get/php-4.4.8.tar.gz/from/this/mirror
wget http://download.savannah.gnu.org/releases/freetype/freetype-2.1.10.tar.gz
wget http://www.php-accelerator.co.uk/releases/linux_i686-glibc2.1.3/1.3.3r2_4.4.0/php_accelerator-1.3.3r2_php-4.4.0_linux_i686-glibc2.1.3.tgz
##UNTAR
shell> tar xfz ทุกๆไฟล์ .tar.ga
## INSTALL
shell> cd curl-7.16.0
shell> ./configure
shell> make
shell> make install
แล้วก็ทำอย่างนี้กับ อันอื่นๆด้วย
gd-2.0.33, libxml2-2.6.27, openssl-0.9.8d, freetype-2.1.10
## Fix modsecurity as module
shell> cd apache_1.3.37
shell> cp ../modsecurity-apache_1.9.4/apache1/mod_security.c src/modules/extra/
shell> ./configure \
--activate-module=src/modules/extra/mod_security \
--enable-module=security
## MYSQL
apt-get install gcc-3.4 gcc-3.4-base libncurses5-dev
groupadd mysql
useradd -g mysql mysql
cd mysql-4.1.21
./configure --prefix=/usr/local/mysql --localstatedir=/var/lib/mysql
shell> make
shell> make install
cp support-files/my-medium.cnf /etc/my.cnf
cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
cd /usr/local/mysql
shell> bin/mysql_install_db --user=mysql
หรือ bin/mysql_install_db
chown -R root .
chgrp -R mysql .
shell> bin/mysqld_safe --user=mysql &
หรือ bin/mysqld_safe &
shell> bin/mysqladmin -uroot password mysqldroot
## Apache
cd /usr/src/apache_1.3.37
shell> pico src/include/httpd.h # แก้ HARD_SERVER_LIMIT เป็น 512
shell> ./configure \
--prefix=/usr/local/apache \
--enable-module=rewrite --enable-shared=rewrite \
--htdocsdir=/www --datadir=/www
make
make install
ln -s /usr/local/apache/bin/apachectl /etc/init.d/apache
pico /usr/local/apache/conf/httpd.conf
#EDIT
AddType application/x-httpd-php .php
## Curl
apt-get install php4-curl
## PHP
cd php-4.4.4
shell> ./configure --prefix=/usr/local \
--enable-module=so \
--with-calendar=shared --enable-magic-quotes \
--enable-wddx --enable-ftp --enable-sockets \
--enable-inline-optimization --enable-memory-limit \
--with-gd=/usr/local --with-freetype-dir=/usr/lib/ \
--with-zlib --enable-gd-native-tt --with-ttf --with-gettext \
--with-jpeg-dir=shared,/usr --with-png-dir=shared,/usr --with-zlib-dir=shared,/usr \
--with-mysql=/usr/local/mysql --with-apxs=/usr/local/apache/bin/apxs
cp php.ini-recommended /usr/local/lib/php.ini
pico /usr/local/lib/php.ini
[EDIT]
extension_dir=”"
[ADD LAST]
extension=/usr/lib/php4/20020429/curl.so
-or-
extension=/usr/lib/php4/20050606+lfs/curl.so
## BIND
apt-get install bind
## TUNING (ข้้าม)
pico /etc/my.cnf (Mysql With 2GB ram)
[ADD/EDIT BELOW]
[mysqld]
connect_timeout=15
interactive_timeout=100
join_buffer_size=1M
key_buffer=256M
max_allowed_packet=16M
max_connections=500
max_connect_errors=10
myisam_sort_buffer_size=64M
read_buffer_size=2M
read_rnd_buffer_size=2M
sort_buffer_size=2M
table_cache=1024
thread_cache_size=100
thread_concurrency=4
wait_timeout=300
query_cache_size=128M
query_cache_limit=1M
query_cache_type=1
========
shell> pico /etc/sysctl.conf
[ADD BELOW]
# Kernel sysctl configuration file for Red Hat Enterprise Linux
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
# Disables IP source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.log_martians = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
net.ipv4.tcp_sack = 1
# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4.tcp_reordering = 5
# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
net.core.netdev_max_backlog = 1024
# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
================
shell> pico /usr/local/apache/conf/httpd.conf
[EDIT]
Timeout 60
KeepAlive On
MaxKeepAliveRequests 1000
KeepAliveTimeout 10
MinSpareServers 30
MaxSpareServers 60
StartServers 15
MaxClients 512
MaxRequestsPerChild 75
## Zend
shell> cd ZendOptimizer-3.0.2-linux-glibc21-i386
shell> ./install
