t2.nanoでNginx+php-pfmをインストール

昨年AWSの新しいインスタンスとして「t2.nano」が出てきました。
t2.nanoの環境にWordpressを構築し、t2.microと比較してみたいと思います。
t2.nenoにインストールサーバソフトは以下にします。

  • Nginx
  • php-pfm
  • Mysql

t2.microと比べて、CPUのベースラインが10%⇒5%に半減し、メモリも1G⇒0.5Gと半減しているため、ApacheよりNginxのが軽いため、Nginxを使用します。
また、nginxとfastcgi cacheのキャッシュ機能でサーバの負荷を低減させる予定です。。

サーバの構築については以下の流れで行います。
メモリが500Mしかないため、それに合わせたチューニングも実施します。

  1. サーバの不要サービスをオフにする。
  2. サーバソフトのインストール
  3. php-pfmの設定
  4. mysqlの設定
  5. nginxの設定
スポンサーリンク

1.サーバの不要サービスをオフにする。

AWSで不要なサービスを停止させて、サーバの負荷をさげます。

[xxxxx@xxxxx xxxx]#  chkconfig --list
acpid          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
atd            	0:off	1:off	2:off	3:on	4:on	5:on	6:off
auditd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
blk-availability	0:off	1:on	2:on	3:on	4:on	5:on	6:off
cgconfig       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
cgred          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
cloud-config   	0:off	1:off	2:on	3:on	4:on	5:on	6:off
cloud-final    	0:off	1:off	2:on	3:on	4:on	5:on	6:off
cloud-init     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
cloud-init-local	0:off	1:off	2:on	3:on	4:on	5:on	6:off
crond          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ip6tables      	0:off	1:off	2:on	3:on	4:on	5:on	6:off
iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
irqbalance     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
lvm2-monitor   	0:off	1:on	2:on	3:on	4:on	5:on	6:off
mdmonitor      	0:off	1:off	2:on	3:on	4:on	5:on	6:off
messagebus     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
netconsole     	0:off	1:off	2:off	3:off	4:off	5:off	6:off
netfs          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
network        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
nfs            	0:off	1:off	2:off	3:off	4:off	5:off	6:off
nfslock        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
ntpd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ntpdate        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
psacct         	0:off	1:off	2:off	3:off	4:off	5:off	6:off
quota_nld      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
rdisc          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
rngd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rpcbind        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rpcgssd        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
rpcsvcgssd     	0:off	1:off	2:off	3:off	4:off	5:off	6:off
rsyslog        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
saslauthd      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
sendmail       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
sshd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
udev-post      	0:off	1:on	2:on	3:on	4:on	5:on	6:off
[xxxxx@xxxxx xxxx]# chkconfig acpid off
[xxxxx@xxxxx xxxx]# chkconfig atd off
[xxxxx@xxxxx xxxx]# chkconfig auditd off
[xxxxx@xxxxx xxxx]# chkconfig ip6tables off
[xxxxx@xxxxx xxxx]# chkconfig lvm2-monitor off
[xxxxx@xxxxx xxxx]# chkconfig mdmonitor off
[xxxxx@xxxxx xxxx]# chkconfig messagebus off
[xxxxx@xxxxx xxxx]# chkconfig netfs off
[xxxxx@xxxxx xxxx]# chkconfig nfslock off
[xxxxx@xxxxx xxxx]# chkconfig mdmonitor off
[xxxxx@xxxxx xxxx]# chkconfig rngd off
[xxxxx@xxxxx xxxx]# chkconfig rpcbind off
[xxxxx@xxxxx xxxx]# chkconfig rpcgssd off
[xxxxx@xxxxx xxxx]# chkconfig sendmail off
[xxxxx@xxxxx xxxx]# chkconfig udev-post off
[xxxxx@xxxxx xxxx]# chkconfig --list
acpid           0:off   1:off   2:on    3:off   4:on    5:on    6:off
atd             0:off   1:off   2:off   3:off   4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:off   4:on    5:on    6:off
blk-availability        0:off   1:on    2:on    3:off   4:on    5:on    6:off
cgconfig        0:off   1:off   2:off   3:off   4:off   5:off   6:off
cgred           0:off   1:off   2:off   3:off   4:off   5:off   6:off
cloud-config    0:off   1:off   2:on    3:on    4:on    5:on    6:off
cloud-final     0:off   1:off   2:on    3:on    4:on    5:on    6:off
cloud-init      0:off   1:off   2:on    3:on    4:on    5:on    6:off
cloud-init-local        0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
ip6tables       0:off   1:off   2:on    3:off   4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:off   4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:off   4:on    5:on    6:off
messagebus      0:off   1:off   2:on    3:off   4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:off   4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfs             0:off   1:off   2:off   3:off   4:off   5:off   6:off
nfslock         0:off   1:off   2:off   3:off   4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpdate         0:off   1:off   2:on    3:on    4:on    5:on    6:off
psacct          0:off   1:off   2:off   3:off   4:off   5:off   6:off
quota_nld       0:off   1:off   2:off   3:off   4:off   5:off   6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
rngd            0:off   1:off   2:on    3:off   4:on    5:on    6:off
rpcbind         0:off   1:off   2:on    3:off   4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:off   4:on    5:on    6:off
rpcsvcgssd      0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
sendmail        0:off   1:off   2:on    3:off   4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
udev-post       0:off   1:on    2:on    3:off   4:on    5:on    6:off

2.サーバソフトのインストール

サーバのインストールの前にサーバの時刻を変更します。

sudo ln -sf /usr/share/zoneinfo/Asia/Tokyo /etc/localtime

clockファイルも併せて編集をします。

sudo vi /etc/sysconfig/clock
 ZONE="Asia/Tokyo"
 UTC=true

先ほど紹介した3つのソフトウェアをインストールとパッケージの更新を行います。

sudo su -
yum -y update
yum -y install php-mysql php-common php php-cgi php-fpm php-gd php-mbstring
yum -y install nginx
yum -y install mysql mysql-server

3.php-fpmの設定

以下の設定を/etc/php-fpm.d/www.confに行います。
基本はメモリが500Mしかないため、ぎりぎりまで使う設定を行います。
また、PHP-FPMはLinuxソケットを使い負荷の低減も併せて行う。
細かいチューニングの項目については別途ご紹介します。

[www]
listen = /var/run/php-fpm.sock
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
user = nginx
group = nginx
pm = dynamic
pm.max_children = 3
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
pm.process_idle_timeout = 10s
pm.max_requests = 100
request_slowlog_timeout = 5s
request_terminate_timeout = 120s
slowlog = /var/log/php-fpm/www-slow.log

php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_admin_value[upload_max_filesize] = 16M
php_admin_value[post_max_size] = 16M

4.mysqldの設定

/etc/my.cnfに以下の設定を追加します。
500Mのメモリーをぎりぎりまで使う設定を行います。

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
character_set_server=utf8


query_cache_size=16M
query_cache_limit=1M
query_cache_min_res_unit=4k
query_cache_type=1

tmp_table_size=1M
max_heap_table_size=1M

table_open_cache=256
max_allowed_packet=1M
sort_buffer=64K
read_buffer_size=64K
read_rnd_buffer_size=64K
join_buffer_size=128K
key_buffer_size=8M
max_connections=10
thread_cache=128
wait_timeout=60

[mysql]
default-character-set=utf8

[mysqldump]
default-character-set=utf8

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

5.nginxの設定

fastcgi cacheを使いprocy cahceより高速かつ低負荷でページを表示させる設定を行います。
また、管理ページについてはHTTPS化を行いますので証明書なども一緒に設定します。

[xxxxx@xxxxx xxxx]# emacs /etc/nginx/nginx.conf

user              nginx;
worker_processes  1;
worker_rlimit_nofile 4096;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    multi_accept off;
    worker_connections  1024;
    use epoll;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    log_format  backend '$http_x_forwarded_for - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent"';

    access_log  /var/log/nginx/access.log  main;
    server_tokens     off;
    server_name_in_redirect off;
    port_in_redirect  off;
    client_max_body_size    24k;
    client_header_buffer_size 128k;
    large_client_header_buffers 4 8k;
    sendfile        on;
    etag off;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    keepalive_timeout   10;

    gzip_static       on;
    gzip              on;
    gzip_http_version 1.0;
    gzip_vary         on;
    gzip_comp_level   1;
    gzip_types        text/plain text/xml text/css text/javascript
                      application/xhtml+xml application/xml
                      application/rss+xml application/atom_xml
                      application/javascript application/x-javascript
                      application/x-httpd-php;
    gzip_disable      "MSIE [1-6]\.";

    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=one:4m inactive=7d max_size=50m;
    fastcgi_cache_key "$scheme$request_method$host$request_uri";
    fastcgi_cache_use_stale error timeout invalid_header http_500;


    include /etc/nginx/conf.d/*.conf;

構築当初は16行目の「set $do_not_cache 0;」を「set $do_not_cache 1;」に置き換えることで全ページのキャッシュを無効にさせて行います。

[xxxxx@xxxxx xxxx]# emacs /etc/nginx/conf.d/default.conf
server {
    listen       80 default;
    listen       443 ssl;
    ssl_certificate      /etc/ssl/certs/server.crt;
    ssl_certificate_key  /etc/ssl/certs/private.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AES256:RSA+AES128:ECDH+AES128:+SHA:+SHA256:!ADH;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    charset utf-8;

    root    /var/www/html;
    index   index.html index.htm index.php;

    set $do_not_cache 0;
    set $mobile '';


    if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
        set $do_not_cache 1;
    }
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
        set $do_not_cache 1;
    }
    if ($http_accept_encoding !~ "gzip") {
        set $do_not_cache 1;
        }

    if ($http_user_agent ~* '(DoCoMo|J-PHONE|Vodafone|MOT-|UP\.Browser|DDIPOCKET|ASTEL|PDXGW|Palmscape|Xiino|sharp pda browser|Windows CE|L-mode|WILLCOM|SoftBank|Semulator|Vemulator|J-EMULATOR|emobile|mixi-mobile-converter|PSP)') {
        set $mobile "@ktai";
    }
    if ($http_user_agent ~* '(DoCoMo|J-PHONE|Vodafone|MOT-|UP\.Browser|DDIPOCKET|ASTEL|PDXGW|Palmscape|Xiino|sharp pda browser|Windows CE|L-mode|WILLCOM|SoftBank|Semulator|Vemulator|J-EMULATOR|emobile|mixi-mobile-converter|PSP)') {
        set $mobile "@ktai";
    }

    if ($http_user_agent ~* '(iPhone|iPod|incognito|webmate|Android.*Mobile|dream|CUPCAKE|froyo|BlackBerry|webOS|s8000|bada|IEMobile|Googlebot\-Mobile|AdsBot\-Google)') {
        set $mobile "@smartphone";
    }

   if ($http_user_agent ~* '(iPhone|iPod)') {
        set $mobile "@iPhone";
    }

   if ($http_user_agent ~* 'Android.*Mobile') {
        set $mobile "@Android";
    }
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_cache_bypass $do_not_cache;
        fastcgi_no_cache $do_not_cache;
        fastcgi_cache_key "$scheme$request_method$host$request_uri$mobile";
        fastcgi_cache one;
        fastcgi_cache_valid  200 1d;
        fastcgi_cache_valid  any 10d;
        }

    location ~ .*\.(html?|jpe?g|gif|png|css|js|ico|woff) {
        access_log off;
        expires 10d;
    }
    location = /favicon.ico {
        log_not_found off;
    }
}

サーバのチューニングについては以上です。