1. 系统准备:更新与基础优化
在部署前,确保系统及软件包为最新版本,减少安全漏洞并提升兼容性:
sudo apt update && sudo apt upgrade -y
优化系统内核参数(编辑/etc/sysctl.conf),提升网络性能:
net.ipv4.tcp_tw_reuse = 1 # 复用TIME-WAIT连接
net.core.somaxconn = 4096 # 增加最大连接队列长度
net.core.netdev_max_backlog = 4096 # 提高网络设备接收队列容量
应用配置:sudo sysctl -p。
2. Web服务器选择与安装
根据需求选择服务器:
Nginx安装步骤:
sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
Apache安装步骤:
sudo apt install apache2 -y
sudo systemctl start apache2
sudo systemctl enable apache2
验证服务状态:sudo systemctl status nginx(或apache2)。
3. 配置虚拟主机(多站点支持)
Nginx虚拟主机配置:
/etc/nginx/sites-available/example.com):server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
# 启用Gzip压缩
gzip on;
gzip_types text/plain text/css application/json application/javascript;
}
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t # 检查配置语法
sudo systemctl reload nginx
Apache虚拟主机配置:
/etc/apache2/sites-available/example.com.conf):<VirtualHost *:80>
ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html
<Directory /var/www/example.com/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2
创建网站根目录并添加测试页面:
sudo mkdir -p /var/www/example.com/html
echo "<h1>Welcome to Example.com!</h1>" | sudo tee /var/www/example.com/html/index.html
4. 性能优化:关键措施
启用缓存:
/etc/nginx/nginx.conf):location ~* \.(jpg|jpeg|png|gif|css|js)$ {
expires 30d;
add_header Cache-Control "public";
}
mod_cache模块(/etc/apache2/mods-enabled/cache.conf):<IfModule mod_cache.c>
CacheQuickHandler off
CacheLock on
CacheLockPath /tmp/mod_cache-lock
CacheLockMaxAge 5
CacheIgnoreHeaders Set-Cookie
<IfModule mod_disk_cache.c>
CacheRoot /var/cache/apache2
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1
</IfModule>
</IfModule>
压缩传输:
/etc/nginx/nginx.conf):gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
mod_deflate(/etc/apache2/mods-enabled/deflate.conf):AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
调整进程/连接数:
worker进程(/etc/nginx/nginx.conf):worker_processes auto; # 自动匹配CPU核心数
events {
worker_connections 1024; # 每个进程的最大连接数
}
mpm_prefork(/etc/apache2/mods-enabled/mpm_prefork.conf,适用于传统场景):<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 150
MaxConnectionsPerChild 1000
</IfModule>
PHP加速(若使用PHP):
sudo apt install php-opcache),编辑/etc/php/8.1/fpm/php.ini:opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
5. 安全增强:防范风险
配置防火墙:使用ufw限制端口访问:
sudo ufw allow 'Nginx Full' # 或 'Apache Full'(端口80+443)
sudo ufw enable
启用SSL/TLS:使用Let’s Encrypt免费证书(安装Certbot):
sudo apt install certbot python3-certbot-nginx -y # Nginx
# sudo apt install certbot python3-certbot-apache -y # Apache
sudo certbot --nginx -d example.com -d www.example.com # 自动配置HTTPS
证书自动续期(Let’s Encrypt有效期90天):
sudo certbot renew --dry-run # 测试续期
禁用不必要的模块:
autoindex(避免目录列表泄露):<Directory /var/www/example.com/html>
Options -Indexes
</Directory>
/etc/nginx/sites-enabled/000-default.conf)。6. 监控与维护:持续优化
htop(进程)、netdata(网络/磁盘)查看系统状态:sudo apt install htop netdata -y
sudo systemctl start netdata
/var/log/nginx/access.log、/var/log/apache2/access.log),识别高频请求或错误。rsync或BorgBackup定期备份网站文件和数据库(如MySQL)。
