FreeBSD Upgrade and Optimization All Raiders This article follows the GNU protocol rules! Foreword 2 Upgrade Source Tree 3 Install CVSUP 3 Upgrade System Source Tree and Ports 3 Recomgrassing Core 3 Optimized Compilation Environment 3 Upgrade Operating System 3 Upgrade Profile 4 Recombinating Core 4 Restart Server 5 Optimization FreeBSD 5 Check Upgrade 5 Open Firewall 5 Optimized kernel parameters 5 installation firewall 6 installation database mysql 7 installation mysql40-server and mysql40-client 7 installation phpMyAdmin 8 installation FTP server 9 Install FTP software (using pure-ftpd /) 9 Install PureftPD_php_manager 10 Install Apache Server 11 Install Apache13-Modssl 11 Installing PHP Language 12 Installation PHP 12 Installing ZendOptimizer 12 Installing Apache Other Integration Software 13 Installing MOD_BANDWIDTH 13 Installing MOD_FASTCGI 14 Installing MOD_GZIP 14 Installing MOD_LIMITIPCONN 15 Install MOD_PERL 15 Install MOD_THROTTLE 16 Install MOD_WATCH 16 Installing MOD_WATCH 16 Installation Apache Third Party Software 17 Installation Limits Each Virtual Host Concurrent software 17 Installing software 18 to prevent DDoS attacks 18 other software required to install software; 18 Installing MRTG 19 Installing NET-SNMP 19 Installing MRTG 19 MRTG and Traffic Analysis 19 Installing BIND 9 20 Install BIND9 20 Installation Mail Server 21 Installation QMAIL Mail System 21 Installing Webmin 21 Installing Webmin 21 Installing Usermin 22 Conclusion 22 Foreword FreeBSD System is a very unix, very free, very bsd - UNIX operating system, because it has become Unix, too specialized, Teach a lot of novices without learning. I also started learning FreeBSD a few years ago, and Under the Guidelines for Wang Bo, under the guide, FreeBSD is officially used. During this period of use and management, you have also accumulated a lot of articles and actual experience. In order to let more friends like FreeBSD, I like UNIX, I specially made several upgrades and optimization instances, combined with the experience of the management server space, I hope to throw the jade here. The purpose of this article is to make novice can set up a professional, efficient, safe freebsd, and can be used immediately in the actual application, so the use of the use and command in the article is more atriological knowledge points. Description, if you don't understand what is the action, it is recommended that you check the relevant information. This article assumes that a FreeBSD system host has been set up or new. This article quoted a lot of FreeBSD official station data and online data, and more is the experience in actual work. Of course, the parameters inside are not necessarily suitable for you, so please use it as much as possible as much as possible The actual needs to adjust some parameters to make your Server's performance is fully played. This article is just a total clue. If I want to disassemble a detailed explanation, I want to spend more spaces, because I am busy in January 2004, I only wrote the actual operation, Please forgive me friends.
Upgrade Source Tree Install CVSUP Enter: / USR / PORTS / NET / CVSUP Make Clean Make Deinstall Make Install Make Clean Upgrade System Source Tree and Ports Update / USR / Share / Examples / CVSUP STAND-CVSUP and Ports-CVSUP files And execute cvsup -g -l2 standard-supfile and cvsup -g -l2 ports-cvsup two files, upgrade the ports tree; recompile the kernel optimization compilation environment update /etc/make.conf file, do proper compilation optimization, I The CPU is Intel: cputype = i686 cflags = -o3 -pipe coptflags = -o3 -pipe upgrade operating system enters / usr / src to execute Make World for a long time, it takes about 2 hours.
Upgrade profile Execute a MergeMaster upgrade profile, in this process, you need to press i so that the system is upgraded; recompile the kernel to / sys / i386 / confine, CP Generic onlinecq, then VI OnlineCQ Optimize the kernel, pay attention to add the following content # disable ctrl alt delete options SC_DISABLE_REBOOT #quota limit options QUOTA #ipfw support options IPFIREWALL options DUMMYNET options HZ = 3000 options IPDIVERT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT = 100 options IPSTEALTH options TCP_DROP_SYNFIN options IPFIREWALL_DEFAULT_TO_ACCEPT options ICMP_BANDLIM options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP #ipfilter support #options IPFILTER #options ipfilter_log #options ipfilter_default_block Release: / usr / sbin / config onlinecq cd ../ ... The situation uses SSH to enter the system, using uname -a can find whether the upgrade is successful; open the firewall update rc.conf inside the setting, plus: # enable_quotas = "yes" # check_quotas = "yes" firewall_script = "" firewall_script = " /etc/rc.firewall "firewall_type =" / etc / ipfw.rules "#create it! FireWall_quiet =" no "firewall_logging_enable =" yes "log_in_vain =" no "TCP_DR op_synfin = "NO" tcp_restrict_rst = "YES" icmp_drop_redirect = "YES" optimize the kernel parameter modification system kernel parameters to achieve fine-tuning: vi /etc/sysctl.conf kern.ipc.somaxconn = 8192 kern.ipc.maxsockbuf = 2097152 kern.maxfilesperproc = 32768 kern.maxfiles = 65536 kern.secureLevel = -1 net.inet.tcp.sendspace = 65536 net.inet.tcp.recvspace = 32768 net.inet.udp.maxdgram = 57344 net.inet.icmp.drop_redirect = 1 net .inet.icmp.log_redirect = 0 net.inet.ip.Redirect = 0 NET.INET6.IP6.Redirect = 0 Net.inet.icmp.icmplim =
100 net.inet.tcp.always_keepalive = 0 Net.inet.tcp.delayed_ack = 0 Net.INet.tcp.log_in_vain = 0 Net.Inet.udp.log_in_vain = 0 Net.inet.tcp.Blackhole = 2 Net.inet. UDP.BLACKHOLE = 1 Net.Local.Stream.sendspace = 65535 net.local.stream.recvspace = 32768 net.inet.ip.fastforwarding = 1 vfs.vmiodirenable = 1 Installing the firewall firewall has compiled into the kernel, and The above rc.conf has been opened, so you can set it out here! Allow all IPs to pass, so excluding yourself outside. IPFW add all from any to any other rules are done according to the actual situation. If you want the system to use the last rule every time you start, you can add these content to: vi /etc/ipfw.rules, syntax rules with IPFW.
Installation database MYSQL mounting mysql40-server and mysql40-client into the / usr / ports / databases / mysql40-server execute: make clean make deinstall make WITH_OPENSSL = yes WITH_LINUXTHREADS = yes BUILD_OPTIMIZED = yes install or using below refer to the translation parameters: BUILD_STATIC = YES compiled into a static execution version make clean Change the root password of MySQL: mysqladmin -uroot -p password 123456 generated /etc/my.cnf, use the following command: vi /etc/my.cnf [client] #password = Your_password port = 3306 socket = /tmp/mysql.sock [mysqld] skip-innodb skip-locking skip-networking set-variable = port = 3306 set-variable = socket = / tmp / mysql.sock set-variable = back_log = 50 set-variable = connect_timeout = 3 set-variable = key_buffer = 128M set-variable = max_connections = 1000 set-variable = max_allowed_packet = 1M set-variable = net_buffer_length = 8K set-variable = wait_timeout = 3 set-variable = read_buffer_size = 1M set-variable = sort_buffer_size = 1M set-variable = table_cache = 256 set-variable = myisam_sort_buffer_size = 32M set-variable = log_slow_queries = / var / log / log_slow_queries.log # log-bin server-id = 1 [mysqldump] quick set-variable = Max_allowed_packet = 16M [mysql] no-auto-rehash # Remove the next comment character if you are not familiar with SQL # safe-updates [isamchk] set-variable = key_buffer = 20M set-variable = sort_buffer = 20M set-variable = read_buffer = 2M set-variable = write_buffer = 2M [myisamchk] set-variable = key_buffer = 20M set-variable = sort_buffer = 20M set-variable = read_buffer = 2M set-variable = write_buffer = 2M [mysqlhotcopy] interactive-timeout installation phpmyadmin Note ,
This step needs to perform the entry / usr / ports / databases / phpMyAdmin execution after Apache and PHP: make Clean Make deinstall make install make Clean newly creates a SYSTEM database ready.
Install the FTP server to install the FTP software (using pure-ftpd /) Enter / usr / ports / ftp / pufe-ftpd execution: make clean make deinstall make with_mysql = 1 install or use the following compilation parameters: with_lang = simplified-Chinese Simplified Chinese language package make Clean configuration pure-ftpd, mainly need to do the following: cp /usr/local/etc/pure-ftpd.conf.sample /usr/local/etc/pure-ftpd.conf CP / USR / LOCAL /etc/pureftpd-mysql.conf.sample /usr/local/etc/pureftpd-mysql.conf again modified /usr/local/etc/pure-ftpd.conf as follows: Noanonymous Yes mysqlconfigfile / usr / local / ETC / PUREFTPD-MySQL.CONF again /usr/local/etc/pureftpd-mysql.conf as the following part for your setpoint: # Mandatory: user to bind the server as. mysqluser demo # Mandatatory: user password. You must have a password MYSQLPassword demo # Mandatory: database to open MYSQLDatabase demo use mysql -uroot -p123456 re-entry into the text mysql; a new list is created using the following command:.. use system; DROP tABLE IF EXISTS users; CREATE tABLE users (User varchar (16) Not null default ', Status Enum (' 0 ',' 1 ') Not Null Default' 0 ', Password Varchar (64) Not Null Default', Uid Varchar (11) Not Null Default ' -1 ', gid varchar (11) Not Null Default '-1', Dir varchar (128) Not null default ', ulbandwidth smallint (5) Not null default' 0 ', DLBANDWIDTH Smallint (5) Not null default' 0 ', Comment Tinytext NOT NULL, IPACCESS VARCHAR (15) NOT NULL default '*', QuotaSize smallint (5) NOT NULL default '0', QuotaFiles int (11) NOT NULL default 0, PRIMARY KEY (User), UNIQUE KEY User (User)) TYPE = MyISAM; mounting pureftpd_php_manager download pureftpd_php_manager .zip decompressed and put it in the specified directory, such as: / usr / local / www / data chmod -r 755 / usr / local / www / data / pureft_php_manager Add a normal user and a group for FTP:
PW GroupAdd ftpusers PW Useradd ftpuser -g ftpusers -s / sbin / nologin Remember their UID and GID number, standby! Enter and edit the pureftp.config.php file change, is as follows: $ pureftp_config_file = '/usr/local/etc/pureftpd-mysql.conf';^^ $ defaultuser = "ftpuser"; # default user logon ^ m $ defaultpass = ""; # Default user password ^ m $ defaultuid = "1002"; # default user id (Must Be a re al user acct) ^ m $ defaultgid = "1001"; # default group ID (Must Be Ar Eal Group Acct) ) ^ M $ defaultdir = "/ home"; # default user dir (use /./ at the end to chroot ^ m $ defaultul = "0"; # default upload throttl e (0 disables it) ^ m $ defaultdl = "0"; # default download throt tle (0 disables it) ^ m $ defaultip = "*"; # default ip restriction s (* = any ip) ^ m $ defaultqs = "200"; # default quota size (0 Disable Si) ^ m $ defaultcmt = ""; # default comment for USER ^ m ^ m // ua ^ m $ defaultqf = "0"; # default quota files (0 Disabl installation Apache server installation Apache13-modsl enters / usr / ports / www / apache13-modsl execution: make clean make deinstall make with_apache_suexec = yes apache_hard_server_limit = 1024 apache_perf_tuning = yes install compiles SUEXEC and optimization. Make Clean Cancel all Optio INDEXES in Ns, prohibiting browsing directories and files. Set Keepalive Off Install PHP Language Installing PHP Enter / USR / PORTS / WWW / MOD_PHP4 Execute: Make Clean Make Deinstall Make Install Compiles Commonly Used Options, you must remember to select Mysql and GD.
After the Make Clean is installed, in /usr/local/etc/apache/httpd.conf, add the following: addtype application / x-httpd-php .php .php3.php4 .phtml addtype coplication / x-httpd-php- Alternatively DirectoryIndex source .phps details as:
Example: Bandwidth ECP.FR 0 BANDWIDTH 138.195 0 BANDWIDTH 138.195 0 BANDWIDTH ALL 1024 * LARGEFILELIMIT Set a maximum flow rate (byte / second) when transmitting a file equal to the FileSize KB size, when Rate is 0, the speed is not limited. Example: LargeFileLimit 200 3072 LARGEFILELIMIT 1024 2048 The above example sets less than 200KB files will not be limited, and the file between 2009 to 1024K will be limited to 3072 b / s, more than 1024KB file will be limited. Speed 2048 b / s. * MinBandWidth Sets the basic bandwidth occupied by each connection transfer data, in BYTE. Default: 256 b / s. When the Rate is set to 0, use the default bandwidth limit.
Mod_fastcgi installed into the / usr / ports / www / mod_ fastcgi execution: After make clean make deinstall make install compiled, must remember vi /usr/local/etc/apache/httpd.conf LoadModule fastcgi_module libexec / apache / mod_fastcgi.so AddModule mod_fastcgi .c AddHandler fastcgi-script fcgi fcgi fpl make clean install mod_gzip into the / usr / ports / www / mod_gzip execution: after make clean make deinstall make install compiled, must remember vi /usr/local/etc/apache/httpd.conf LoadModule gzip_module libexec / apache / mod_gzip.so AddModule mod_gzip.c make clean install mod_limitipconn into the / usr / ports / www / mod_limitipconn execution: after make clean make deinstall make install compiled, must remember vi / usr / local / etc / apache / httpd .conf LoadModule limitipconn_module libexec / apache / mod_limitipconn.so AddModule mod_limitipconn.c make clean install mod_perl into the / usr / ports / www / mod_perl execute: after make clean make deinstall make install compiled, must remember vi / usr / local / etc / Apache / httpd.conf loadingModule Perl_Module Libexec / Apache / MOD_PERL.SO AddModule MOD_PERL.C Make Clean Install MOD_THROTTLE Enter / USR / PORTS / WWW / MOD_THROTTLE Execution: make Clean Make Deinstal After l make install compiled, must remember vi /usr/local/etc/apache/httpd.conf LoadModule throttle_module libexec / apache / mod_throttle.so AddModule mod_throttle.c make clean install mod_watch into the / usr / ports / www / mod_watch execution: after make clean make deinstall make install compiled, you must remember vi /usr/local/etc/apache/httpd.conf LoadModule watch_module libexec / apache / mod_watch.so AddModule mod_watch.c make clean install third-party software installation restrictions APACHE each virtual host mod_vhost_limit concurrent software installation: apxs -c mod_vhost_limit.c -o /path/to/libexec/mod_vhost_limit.so added in httpd.conf: LoadModule vhost_limit_module libexec / mod_vhost_limit.so AddModule mod_vhost_limit.c configuration:
MaxClients 150 ExtendedStatus On NameVirtualHost *
Note: You need MOD_STATUS's ExtendedStatus ON support! ! If the restricted concurrency occurred in the client, 503 error will appear: Service Temporarily Unavailable The Server IS Temporarily Unable to Service Your Request Due To Maintenance Downtime Or Capacity Problems. ---------- -------------------------------------------------- ------------------ Apache / 1.3.27 Server AT Server1 Port 80 will have the following error tips in Error_Log: [Mon Jun 23 15:22: 24 2003] Client Access To Server1 Deferred, MaxVhostClients 100 Exceeded Install Software Dosevasive1.8.tar.gz Installation Method: TAR ZXVF MOD_DOSEVASIVASIVE.TAR.GZ CD Dosevasive / / USR / Local / Apache / BIN / apxs -i -c mod_dosevasive.c vi /usr/local/apache/conf/httpd.conf added LoadModule dosevasive_module libexec / mod_dosevasive.so AddModule mod_dosevasive.c Traffic stats for onlinecq.com user
#pagetop [$]: Contact QQ: 151482576
Pagefoot [^] : Www.onlinecq.com msn: cqfanli@hotmail.com QQ: 151482576 Guaranteed Workdir directory can be accessed by the browser, and the directory exists! If not, you can modify yourself! Execute it,
See if it is correct: / usr / local / sbin / mrtg /usr/local/etc/apache/mod_watch.cfg If there is an error, you can execute it several times! Then add this to the interior, 15 minutes automatically: vi / etc / crontab * / 15 * * * * root / usr / local / bin / mrtg / usr / local / e tc / apache / mod_watch.cfg installation BIND 9 Install Bind9 This is a set of domain name resolution systems that allow your Server to do DNS Server, very nice! Enter / usr / ports / dns / bind9 make Clean make Deinstall make install make clean and then remember to modify the configuration files such as Name.conf, the specific content is too complicated, it is recommended to see other books that specialize in this area. Installing the Mail Server Install the QMAIL Mail System Using Iceblood installation package, fool-style installation is! Pay attention to the first installation, look more about it, don't make a mistake! After the installation is complete, add qmailadmin, which allows you to open a number of domain names on a host! Install Webmin and Usermin Install Webmin first download Webmin latest version and decompression: TAR zxvf webmin-1.100.tar.gz Enter the directory to start installation: CD webmin-1.100 sh setup.sh installation Use its default settings, you want to set it yourself Administrator password, this must be kept secret! And please set to automatically start so you can manage it later. After the installation is complete, you can access the following: http: // ip: 1000 /
Note that the default 埠 is 10000 installation USERMIN first download usermin latest version of the latest version: TAR ZXVF usermin-1.030.tar.gz Enter the directory to start installation: CD usermin-1.030 sh setup.sh installation Use its default settings. After the installation is complete, you can access it as follows:
http: // ip: 2000 /
Note that the default 埠 is 20000. Usermin automatically integrates with Webmin, using Webmin administrator password, and can start it in Webmin. The end of the words, usually, the FREEBSD system that can be actually operated will be established, you can reocco, so that the latest settings and software take effect. If an error occurs during the installation process, you can check the error first, then install it. Or you can choose some parts you are interested in! Of course, because of the time rush, the knowledge involved is too wide, plus my ability is limited, in which the mistakes are inevitable, please ask the readers to raise together, and make progress together!
