WenJunjie Blog

sysadmin

Digitalocean Ssd Vps

| Comments

DigitalOcean

  • Simple Cloud Hosting
  • SSD cloud server

DigitalOcean

Price Comparison 价格对比

provider DigitalOcean Amazon Linode rockspace
Price $20/month $60/month $79.95/month $87.60/month
RAM 2GB 1.7GB 2GB 2GB
Bandwidth 2¢ per GB if over 3,000GB 12¢ per GB if over 1GB/mo. 10¢ per GB if over 800GB 18¢ per GB Bandwith Out
Spin Up Time 55 Seconds Up to 10 Minutes 2-3 Minutes per GB 2-3 Minutes per GB
Disk Space 40GB SSD 160GB 80GB 80GB

结论:性价比相当高

registrations acount 注册流程

  • Sign UP
  • Add a Payment Method

    Credit Cards or PayPal (Pay $5 USD for test)

  • Create Droplets(Virtual Server)

    Select Droplet Type & Size 512MB / 1 CPU 20GB SSD Disk Select Droplet Region New York 1 Select Droplet Image CentOS 6.3 x64

  • Droplet History

Event Initiated Execution Time
Create 1 minute ago 42.0 Seconds
  • Check Mail(IP root password)

CentOS Init

vi /etc/ssh/sshd_config Port 52038 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication no UseDNS no AllowUsers user /etc/init.d/sshd reload ssh -p 52038 user@xxx.xxx.xxx.xxx

ssh keys ssh-keygen -t rsa ssh-copy-id user@xxx.xxx.xxx.xxx cat .ssh/id_rsa.pub | ssh user@xxx.xxx.xxx.xxx “cat >> ~/.ssh/authorized_keys”

ssh user@xxx.xxx.xxx.xxx mkdir .ssh chmod 700 .ssh touch .ssh/authorized_keys chmod 600 .ssh/authorized_keys

vi /etc/ssh/sshd_config PermitRootLogin without-password PermitRootLogin no reload ssh

LEMP Install

  • CentOS 6
Install

#rpm -Uvh http://repo.webtatic.com/yum/el6/latest.rpm #yum –enablerepo=webtatic php54w

#rpm -ivh nginx-release-centos-6-0.el6.ngx.noarch.rpm

  • Command Reff 命令参考 yum –enablerepo=remi,remi-test list mysql mysql-server nginx php yum –enablerepo=remi list mysql mysql-server nginx php yum list mysql mysql-server nginx php
VPS
  • Install MySQL5.5 or MySQL5.1 yum –enablerepo=remi install mysql mysql-server # mysql5.5 yum install mysql mysql-server # mysql5.1

/etc/init.d/mysqld restart /usr/bin/mysql_secure_installation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

mysql -uroot -p GRANT ALL PRIVILEGES ON . TO ‘admin’@‘%’ IDENTIFIED BY ‘db135792321’ with grant option;

  • Install nginx yum –enablerepo=remi install nginx /etc/init.d/nginx start ifconfig eth0 | grep inet | awk ‘{ print $2 }’

  • Install PHP5.4

yum –enablerepo=remi install php php-devel php-fpm php-mysql php-pecl-memcache php-pecl-gearman php-pecl-apc php-pecl-xhprof

yum –enablerepo=remi install php-fpm php-mysql

yum –enablerepo=remi install httpd php php-common yum –enablerepo=remi install php-pear php-pdo php-mysql yum –enablerepo=remi install php-pgsql php-pecl-memcache yum –enablerepo=remi install php-gd php-mbstring php-mcrypt php-xml

APC (php-pecl-apc) – APC caches and optimizes PHP intermediate code CLI (php-cli) – Command-line interface for PHP PEAR (php-pear) – PHP Extension and Application Repository framework PDO (php-pdo) – A database access abstraction module for PHP applications MySQL (php-mysql) – A module for PHP applications that use MySQL databases PostgreSQL (php-pgsql) – A PostgreSQL database module for PHP MongoDB (php-pecl-mongo) – PHP MongoDB database driver SQLite (php-sqlite) – Extension for the SQLite V2 Embeddable SQL Database Engine Memcache (php-pecl-memcache) – Extension to work with the Memcached caching daemon Memcached (php-pecl-memcached) – Extension to work with the Memcached caching daemon GD (php-gd) – A module for PHP applications for using the gd graphics library XML (php-xml) – A module for PHP applications which use XML MBString (php-mbstring) – A module for PHP applications which need multi-byte string handling MCrypt (php-mcrypt) – Standard PHP module provides mcrypt library support

/etc/init.d/php-fpm restart

Configure
  • Configure mysql vim /etc/my.cnf [mysqld] skip-character-set-client-handshake

character_set_client=utf8 character-set-server=utf8 collation-server=utf8_general_ci

#init-connect=‘SET NAMES utf8’

show variables like ‘char%’; show variables like ‘collation%’;

show variables like “%character%”; show variables like “%collation%”;

  • Configure php vi /etc/php.ini cgi.fix_pathinfo=0 session.save_path = “/tmp”

  • Configure nginx cd /usr/share/nginx mkdir htdocs chown nginx.nginx htdocs vi /etc/nginx/nginx.conf http { server_names_hash_bucket_size 64; }

vi /etc/nginx/conf.d/default.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#
 # The default server
#
server {
    listen       80;
    server_name example.com;

   
    location / {
        root   /usr/share/nginx/html;
        index index.php  index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        root           /usr/share/nginx/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

vi /etc/php-fpm.d/www.conf

1
2
3
4
5
6
7
8
9
[...]
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
[...]

service php-fpm restart

  • Test Results vi /usr/share/nginx/html/info.php <?php phpinfo(); ?>

  • Set Up Autostart chkconfig –levels 235 mysqld on chkconfig –levels 235 nginx on chkconfig –levels 235 php-fpm on

Benchmark性能对比

wget http://akamaras.com/bench.sh sh bench.sh

CentOS 5

rpm -Uvh http://fedora.mirror.nexicom.net/epel//5/x86_64/epel-release-5-4.noarch.rpm rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm rpm -Uvh http://repo.webtatic.com/yum/centos/5/latest.rpm

yum –enablerepo=remi install mysql mysql-server yum –enablerepo=webtatic install php php-fpm php-mysql yum –enablerepo=webtatic install nginx

useradd demo passwd demo sudo vi /etc/ssh/sshd_config Port 25000 Protocol 2 PermitRootLogin no UseDNS no

/usr/sbin/visudo demo ALL=(ALL) ALL

/etc/init.d/sshd reload

Others

timezone scp -rp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ln -sf /usr/share/zoneinfo/UTC /etc/localtime ## for Universal Coordinated Time ln -sf /usr/share/zoneinfo/EST /etc/localtime ## for Eastern Standard Time ln -sf /usr/share/zoneinfo/US/Central /etc/localtime ## for American Central time (including DST) ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime ## for American Eastern (including DST) ln -sf /usr/share/zoneinfo/Asia/Taipei /etc/localtime /etc/init.d/crond restart

Security

Update the server HISTTIMEFORMAT useadd user ssh-keygen chattr +i /etc/passwd; chattr +i /etc/shadow chattr +a /var/log/messages md5 file iptables fail2ban

ssh

PasswordAuthentication no ssh-keygen

DDos deflate

Denyhosts Fail2Ban

nginx module cc

iptables netstat

Nginx yum repo

cat /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1

[nginx] name=nginx repo baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/ gpgcheck=0 enabled=1

wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm rpm -ivh nginx-release-centos-6-0.el6.ngx.noarch.rpm

wget http://nginx.org/packages/rhel/6/noarch/RPMS/nginx-release-rhel-6-0.el6.ngx.noarch.rpm rpm -ivh nginx-release-rhel-6-0.el6.ngx.noarch.rpm

chkconfig mysqld on chkconfig nginx on chkconfig php-fpm on

Comments