月度归档:2013 年七月

bind+dlz+mysql实现智能DNS

一、安装mysql

yum install gcc gcc-c++ openssl-devel wget ncurses-devel make
groupadd mysql
useradd -g mysql mysql -s /sbin/nologin
cd /tmp
wget http://cdn.mysql.com/Downloads/MySQL-5.1/mysql-5.1.65.tar.gz
tar xzf mysql-5.1.65.tar.gz
cd mysql-5.1.65
./configure --prefix=/usr/local/mysql/ --without-pthread --with-unix-socket-path=/tmp/mysql.sock --with-extra-charsets=gbk,gb2312,utf8
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R root.mysql /usr/local/mysql
chown -R mysql /usr/local/mysql/var
cp support-files/mysql.server /etc/init.d/mysqld
chown root.root /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
chkconfig  mysqld on
ln -s /usr/local/mysql/bin/mysql /usr/bin
ln -s /usr/local/mysql/bin/mysqladmin /usr/bin
service mysqld start
mysqladmin -u root password root

二、安装bind

cd /tmp
wget http://ftp.isc.org/isc/bind9/cur/9.9/bind-9.9.1-P2.tar.gz
tar xzf bind-9.9.1-P2.tar.gz
cd bind-9.9.1-P2
./configure --prefix=/usr/local/named/ --enable-largefile --enable-threads=no --disable-openssl-version-check --with-dlz-mysql=/usr/local/mysql
make
make install

三、配置bind

cd /usr/local/named/etc
../sbin/rndc-confgen -r /dev/urandom >rndc.conf
tail -n10 rndc.conf | head -n9 | sed -e s/#\//g>named.conf
      
vi named.conf
include "/usr/local/named/etc/CHINANET.acl"; //联通ACL
include "/usr/local/named/etc/CNC.acl"; //电信ACL
include "/usr/local/named/etc/view.conf"; //DLZ相关的配置

四、下载acl文件

wget http://www.centos.bz/wp-content/uploads/2012/02/CHINANET.acl
wget http://www.centos.bz/wp-content/uploads/2012/02/CNC.acl


五、配置view.conf

view "CHINANET_view" {
  match-clients  { CHINANET; };
  allow-query-cache { none; };
  allow-recursion { none; };
  allow-transfer { none; };
  recursion no;
      
    dlz "Mysql zone" {
    database "mysql
    {host=127.0.0.1 dbname=dns_data ssl=false port=3306 user=root pass=password}
    {select zone from dns_records where zone = '$zone$' and  view = 'CHINANET' limit 1}
    {select ttl,type,mx_priority,case when lower(type)='txt' then concat('\"',data,'\"') when lower(type)    =  'soa'  then   concat_ws(' ',  data,  resp_person,  serial,  refresh,  retry,  expire,  minimum)   else   data   end   as   mydata   from   dns_records where zone = '$zone$'   and host = '$record$' and view=(select view from dns_records where zone = '$zone$' and host = '$record$' and (view='CHINANET' or view='any') order by priority asc limit 1)}";
};
};
view "CNC_view" {
  match-clients  { CNC; };
  allow-query-cache { none; };
  allow-recursion { none; };
  allow-transfer { none; };
  recursion no;
      
    dlz "Mysql zone" {
    database "mysql
    {host=127.0.0.1 dbname=dns_data ssl=false port=3306 user=root pass=password}
    {select zone from dns_records where zone = '$zone$' and  view = 'CNC' limit 1}
    {select ttl,type,mx_priority,case when lower(type)='txt' then concat('\"',data,'\"') when lower(type)    =  'soa'  then   concat_ws(' ',  data,  resp_person,  serial,  refresh,  retry,  expire,  minimum)   else   data   end   as   mydata   from   dns_records where zone = '$zone$'   and host = '$record$' and view=(select view from dns_records where zone = '$zone$' and host = '$record$' and (view='CNC' or view='any') order by priority asc limit 1)}";
};
};
view "any_view" {
  match-clients  { any; };
  allow-query-cache { none; };
  allow-recursion { none; };
  allow-transfer { none; };
  recursion no;
      
    dlz "Mysql zone" {
    database "mysql
    {host=127.0.0.1 dbname=dns_data ssl=false port=3306 user=root pass=password}
    {select zone from dns_records where zone = '$zone$' and  view = 'any' limit 1}
    {select ttl,type,mx_priority,case when lower(type)='txt' then concat('\"',data,'\"') when lower(type)    =  'soa'  then   concat_ws(' ',  data,  resp_person,  serial,  refresh,  retry,  expire,  minimum)   else   data   end   as   mydata   from   dns_records where zone = '$zone$'   and host = '$record$' and view = 'any'}";
};
};

六、建库

create database dns_data;
use dns_data;
CREATE TABLE `dns_records` (
   `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
   `zone` VARCHAR(255) NOT NULL,
   `host` VARCHAR(255) NOT NULL DEFAULT '@',
   `type` ENUM('MX','CNAME','NS','SOA','A','PTR') NOT NULL,
   `data` VARCHAR(255) DEFAULT NULL,
   `ttl` INT(11) NOT NULL DEFAULT '800',
   `view` CHAR(20) DEFAULT 'any',     
   `mx_priority` INT(11) DEFAULT NULL,
   `priority` INT(3) DEFAULT 255, 
   `refresh` INT(11) NOT NULL DEFAULT '3600',
   `retry` INT(11) NOT NULL DEFAULT '3600',
   `expire` INT(11) NOT NULL DEFAULT '86400',
   `minimum` INT(11) NOT NULL DEFAULT '3600',
   `serial` BIGINT(20) NOT NULL DEFAULT '2008082700',
   `resp_person` VARCHAR(64) NOT NULL DEFAULT 'root.domain.com.',
   `primary_ns` VARCHAR(64) NOT NULL DEFAULT 'ns1.domain.com.',
   `data_count` INT(11) NOT NULL DEFAULT '0',
   PRIMARY KEY          (`id`),
   KEY `type` (`type`),
   KEY `host` (`host`),
   KEY `zone` (`zone`)
) ENGINE=MYISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;

七、启动bind

/usr/local/named/sbin/named -uroot -g -d 9   //调试状态,如果没有报错说明环境配置正确。做成启动服务. Debug 的时候多用此模式启动bind.。

这时报了一个错误:

/usr/local/named/sbin/named: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object file: No such file or directory

解决办法:

ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/libmysqlclient.so.18
ldconfig

接着又报一个错误:

02-Jul-2013 14:29:21.728 mysql driver failed to create database connection after 4 attempts

02-Jul-2013 14:29:21.728 SDLZ driver failed to load.

02-Jul-2013 14:29:21.729 DLZ driver failed to load.

02-Jul-2013 14:29:21.738 load_configuration: failure

02-Jul-2013 14:29:21.739 loading configuration: failure

02-Jul-2013 14:29:21.739 exiting (due to fatal error)

原因是view.conf中的数据库配置参数不对,修改为自己对应的即可。

/usr/local/bind/sbin/rndc reload //重载 named.conf 相关配置文件.
/usr/local/bind/sbin/named -uroot -c /usr/local/bind/etc/named.conf & //指定配置文件

设置开机启动,vim /etc/init.d/named

#!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server
# http://www.linuxtone.org
   
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/bind/sbin/named ]; then
for i in `seq 1 8`
do
/usr/local/bind/sbin/named -c /usr/local/bind/etc/named1$i.conf -u root 
echo "BIND9-named1$i server started"
done
fi
;;
stop)
kill `cat /usr/local/bind/var/named.pid` && echo . && echo 'BIND9 server stopped'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
reload)
/usr/local/bind/sbin/rndc reload
;;
status)
/usr/local/bind/sbin/rndc status
;;
*)
echo "$0 start | stop | restart |reload |status"
;;
esac
chkconfig --add named
chkconfig named on

八、写入测试数据

INSERT   INTO   `dns_records`   (`zone`,   `host`,   `type`,   `data`,   `ttl`,`mx_priority`,   `refresh`,   `retry`,   `expire`,      `minimum`, `serial`, `resp_person`, `primary_ns`, `data_count`) VALUES    ('centos.bz',     '@',   'SOA',   'ns1.centos.bz.',    10,   NULL,     3600,    3600,   86400,    10,   2008082700, 'root.centos.bz.', 'ns1.centos.bz.', 0);
INSERT INTO `dns_records` (`zone`, `host`, `type`, `data`) VALUES      ('centos.bz', '@', 'NS', 'ns1.centos.bz.'),      ('centos.bz', '@', 'NS', 'ns2.centos.bz.');
INSERT INTO `dns_records` (`zone`, `host`, `type`, `data`) VALUES      ('centos.bz', 'ns1', 'A', '211.100.72.137'),   ('centos.bz', 'ns2', 'A', '219.232.244.11');
INSERT INTO `dns_records` (`zone`, `host`, `type`, `data`, `ttl`, `view`,`priority`) VALUES   ('centos.bz', 'www', 'A', '210.51.36.116', 3600, 'CNC',200),      ('centos.bz', 'www', 'A', '221.238.249.178', 3600, 'CHINANET',200),      ('centos.bz', 'www', 'A', '211.103.156.230', 3600, 'any',255);
INSERT INTO dns_records (`zone`,`host`,`type`,`DATA`,`view`,`priority`)      VALUES ('centos.bz', 'man', 'CNAME', 'www','CNC',200),      ('centos.bz', 'man', 'CNAME', 'www','CHINANET',200),  ('centos.bz', 'man', 'CNAME', 'www','any',255);

CentOS 6.2编译安装Nginx1.2.0+MySQL5.5.25+PHP5.3.13[转]

转自:http://www.xuejiehome.com/blread-1639.html

操作系统:CentOS 6.2 32位


准备篇:


一、配置好IP、DNS 、网关,确保使用远程连接工具能够连接服务器

二、配置防火墙,开启80端口、3306端口

vi /etc/sysconfig/iptables   #编辑防火墙配置文件
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT(允许3306端口通过防火墙)

特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败

正确的应该是添加到默认的22端口这条规则的下面,添加好之后防火墙规则如下所示:

#########################################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
#########################################################

三、关闭SELINUX

vi /etc/selinux/config  #编辑
#SELINUX=enforcing       #注释掉
#SELINUXTYPE=targeted    #注释掉
SELINUX=disabled         #增加
:wq #保存退出

四 、系统约定

软件源代码包存放位置:/usr/local/src

源码包编译安装位置:/usr/local/软件名字

五、下载软件包

1、下载nginx(目前最新稳定版)

http://nginx.org/download/nginx-1.2.0.tar.gz

2、下载pcre  (支持nginx伪静态)

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.30.tar.gz

3、下载MySQL(目前稳定版)

http://mysql.mirror.kangaroot.net/Downloads/MySQL-5.5/mysql-5.5.25.tar.gz

4、下载php

http://cn.php.net/distributions/php-5.3.13.tar.gz

5、下载cmake(MySQL编译工具)

http://www.cmake.org/files/v2.8/cmake-2.8.8.tar.gz

6、下载libmcrypt(PHPlibmcrypt模块)

ftp://mcrypt.hellug.gr/pub/crypto/mcrypt/libmcrypt/libmcrypt-2.5.7.tar.gz

六、安装编译工具及库文件(使用CentOS yum命令安装)

yum install make apr* autoconf automake curl-devel gcc gcc-c++ zlib-devel openssl openssl-devel pcre-devel gd  kernel keyutils  patch  perl kernel-headers compat* mpfr cpp glibc libgomp libstdc++-devel ppl cloog-ppl keyutils-libs-devel libcom_err-devel libsepol-devel libselinux-devel krb5-devel zlib-devel libXpm* freetype libjpeg* libpng* php-common php-gd ncurses* libtool* libxml2 libxml2-devel patch freetype-devel

安装篇


一、安装cmake

cd /usr/local/src
tar zxvf cmake-2.8.8.tar.gz
cd cmake-2.8.8
./configure
make           #编译
make install   #安装

二、安装MySQL

在安装mysql之前最好用grep -qa|grep mysql命令查看一上系统有没有默认帮你装了一些mysql-libs之类的库。如果有,可以用yum -y remove mysql-libs把旧版本的卸载掉。

groupadd mysql  #添加mysql组
useradd -g mysql mysql -s /bin/false  #创建用户mysql并加入到mysql组,不允许mysql用户直接登录系统
mkdir -p /data/mysql  #创建MySQL数据库存放目录
chown -R mysql:mysql /data/mysql   #设置MySQL数据库目录权限
mkdir -p /usr/local/mysql #创建MySQL安装目录
cd /usr/local/src
tar zxvf mysql-5.5.25.tar.gz  #解压
cd mysql-5.5.25
cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql  -DMYSQL_DATADIR=/data/mysql  -DSYSCONFDIR=/etc   #配置
make #编译
make install  #安装
cd /usr/local/mysql
cp ./support-files/my-huge.cnf  /etc/my.cnf   #拷贝配置文件(注意:如果/etc目录下面默认有一个my.cnf,直接覆盖即可)
vi /etc/my.cnf   #编辑配置文件,在 [mysqld] 部分增加下面一行
datadir = /data/mysql  #添加MySQL数据库路径
:wq!  #保存退出
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql #生成mysql系统数据库
cp ./support-files/mysql.server  /etc/rc.d/init.d/mysqld  #把Mysql加入系统启动
chmod 755 /etc/init.d/mysqld   #增加执行权限
chkconfig mysqld on  #设置开机启动
vi /etc/rc.d/init.d/mysqld  #编辑
basedir = /usr/local/mysql   #MySQL程序安装路径
datadir = /data/mysql  #MySQl数据库存放目录
service mysqld start  #启动
vi /etc/profile   #把mysql服务加入系统环境变量:在最后添加下面这一行
export PATH=$PATH:/usr/local/mysql/bin
:wq! #保存退出
下面这两行把myslq的库文件链接到系统默认的位置,在编译类似PHP等软件时可以不用指定mysql的库文件地址。
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
shutdown -r now     #需要重启系统,等待系统重新启动之后继续在终端命令行下面操作
mysql_secure_installation    #设置Mysql密码
根据提示按Y 回车(默认密码为空)
然后输入2次密码
继续按Y 回车,直到设置完成
或者直接修改密码/usr/local/mysql/bin/mysqladmin -u root -p password "123456" #修改密码
service mysqld restart  #重启
到此,mysql安装完成!


三、安装pcre

cd /usr/local/src
mkdir /usr/local/pcre  #创建安装目录
tar  zxvf pcre-8.30.tar.gz
cd pcre-8.30
./configure  --prefix=/usr/local/pcre  #配置
make
make install

四、安装 nginx

cd /usr/local/src
groupadd  www  #添加www组
useradd -g  www www -s /bin/false  #创建nginx运行账户www并加入到www组,不允许www用户直接登录系统
tar  zxvf nginx-1.2.0.tar.gz
cd nginx-1.2.0
./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/ --with-pcre=/usr/local/src/pcre-8.30
#注意:--with-pcre=/usr/local/src/pcre-8.30指向的是源码包解压的路径,而不是安装的路径,否则会报错
make
make install
/usr/local/nginx/sbin/nginx   #启动nginx
vi /etc/rc.d/init.d/nginx    #设置nginx开启启动,编辑启动文件添加下面内容

#################################################################
#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
#              It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/usr/local/nginx/logs/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
.  /etc/rc.d/init.d/functions
# Source networking configuration.
.  /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
   echo "nginx already running...."
   exit 1
fi
   echo -n $"Starting $prog: "
   daemon $nginxd -c ${nginx_config}
   RETVAL=$?
   echo
   [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
   return $RETVAL
}
# Stop nginx daemons functions.
stop() {
        echo -n $"Stopping $prog: "
        killproc $nginxd
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /usr/local/nginx/logs/nginx.pid
}
reload() {
    echo -n $"Reloading $prog: "
    #kill -HUP `cat ${nginx_pid}`
    killproc $nginxd -HUP
    RETVAL=$?
    echo
}
# See how we were called.
case "$1" in
start)
        start
        ;;
stop)
        stop
        ;;
reload)
        reload
        ;;
restart)
        stop
        start
        ;;
            
status)
        status $prog
        RETVAL=$?
        ;;
*)
        echo $"Usage: $prog {start|stop|restart|reload|status|help}"
        exit 1
esac
exit $RETVAL
#################################################################

chmod 700 /etc/init.d/nginx
chkconfig nginx on
service nginx start


五、安装libmcrypt

cd /usr/local/src
tar zxvf  libmcrypt-2.5.7.tar.gz   #解压
cd  libmcrypt-2.5.7 #进入目录
./configure    #配置
make             #编译
make install   #安装

六、安装php


cd /usr/local/src
tar -zvxf php-5.3.13.tar.gz
cd  php-5.3.13
mkdir -p /usr/local/php  #建立php安装目录
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-mysql-sock=/tmp/mysql.sock --with-gd --with-iconv  --with-zlib  --enable-xml  --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex  --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl --with-jpeg-dir --with-freetype-dir #配置
make   #编译
make install    #安装
cp  php.ini-production   /usr/local/php/etc/php.ini  #复制php配置文件到安装目录
rm -rf /etc/php.ini   #删除系统自带配置文件
ln -s /usr/local/php/etc/php.ini  /etc/php.ini    #添加软链接
cp  /usr/local/php/etc/php-fpm.conf.default   /usr/local/php/etc/php-fpm.conf      #拷贝模板文件为php-fpm配置文件
vi  /usr/local/php/etc/php-fpm.conf  #编辑
user = www    #设置php-fpm运行账号为www
group = www   #设置php-fpm运行组为www
pid = run/php-fpm.pid    #取消前面的分号
cp /usr/local/src/php-5.3.13/sapi/fpm/init.d.php-fpm   /etc/rc.d/init.d/php-fpm  #设置 php-fpm开机启动,拷贝php-fpm到启动目录
chmod +x /etc/rc.d/init.d/php-fpm  #添加执行权限
chkconfig php-fpm on    #设置开机启动
vi /usr/local/php5/etc/php.ini    #编辑配置文件
找到:disable_functions =
修改为:disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
#列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
找到:;date.timezone =
修改为:date.timezone = PRC   #设置时区
找到:expose_php = On
修改为:expose_php = OFF  #禁止显示php版本的信息

在编译PHP的过程中可能会报UNDEFINED REFERENCE TO `LIBICONV_OPEN 无法编译PHP LIBICONV错误.

七、配置nginx支持php

vi /usr/local/nginx/conf/nginx.conf      #编辑配置文件
user   www  www;          #首行user去掉注释,修改Nginx运行组为www www;必须与/usr/local/php5/etc/php-fpm.conf中的user,group配置相同,否则php运行出错
index  index.php  index.html index.htm;    #添加index.php
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
    root           html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

注意:取消FastCGI server部分location的注释,并要注意fastcgi_param行的参数,改为$document_root$fastcgi_script_name,或者使用绝对路径/app/web之类

/etc/init.d/nginx restart  #重启nginx


测试篇

访问http://ip地址    出现欢迎使用nginx,说明配置成功。默认web目录 /usr/local/nginx/html/可以自己写程序测试PHP是否可用。