Rootop 服务器运维与web架构

2014-05-07
发表者 Venus
暂无评论

利用http_load测试Web引擎性能(转)

http_load是基于linux平台的性能测试工具,它体积非常小。它以并行复用的方式运行,可以测试web服务器的吞吐量与负载。

httpd_load官方站:http://www.acme.com/software/http_load/

下载http_load:

wget -c http://www.acme.com/software/http_load/http_load-12mar2006.tar.gz
yum -y install gcc gcc-c++            #安装GCC编辑器
tar xzvf http_load-12mar2006.tar.gz   #解压http_load压缩包
cd http_load-12mar2006                #进入http_load目录
mkdir /usr/local/man                  #创建目录
make && make install                  #编译并安装

http_load的参数:

参数 全称 含义
-p -parallel 并发的用户进程数。
-f -fetches 总计的访问次数
-r -rate 含义是每秒的访问频率
-s -seconds 连续的访问时间
url 网站连接地址或url文件

其中,“url”是http_load指定的url地址文件,可以一条url占用一行,url文件路径自定,进行压力测试的时候指定绝对url文件路径即可。

测试

http_load -p 1021 -s 10 /tmp/url     #url为刚刚新建的文件

SSH执行以上命令,则向www.kwx.gd并发1021个线程,时间为连续10秒。

httpload-4.jpg

41 fetches, 1020 max parallel, 851898 bytes, in 10.0008 seconds
# 一共请求连接41次,最大并发线程1020个,持续10.0008秒内,总传输速率为 851898bytes
20778 mean bytes/connection
#每次请求连接平均数据量(851898÷41)
4.09969 fetches/sec, 85183.3 bytes/sec
#每秒的响应请求连接数为4.09969个,每秒传输的数据为85183.3btyes/毫秒
msecs/connect: 264.607 mean, 269.482 max, 262.187 min
#每次连接平均响应时间:264.607毫秒,最大时间:269.482毫秒,最小时间:262.187毫秒
msecs/first-response: 1949.27 mean, 5394.21 max, 380.501 min
#每次连接平均返回时间:1949.27毫秒,最大时间:5394.21毫秒,最小时间:380.501毫秒
HTTP response codes:
code 200 -- 41
#HTTP返回码:200 ,一共41次。

测试结果中,主要参考fetches/sec、msecs/connect数值,即服务器每秒能够响应的查询次数的数值来衡量性能,当然,单纯数值判断并不准确,还要参考CPU、内存的等消耗综合考虑。

2014-05-07
发表者 Venus
暂无评论

webbench压力测试(转)

webbench最多可以模拟3万个并发连接去测试网站的负载能力,个人感觉要比Apache自带的ab压力测试工具好,安装使用也特别方便。

1、适用系统:Linux

2、编译安装:
wget http://blog.s135.com/soft/linux/webbench/webbench-1.5.tar.gz
tar zxvf webbench-1.5.tar.gz
cd webbench-1.5
make && make install

3、使用:
webbench -c 500 -t 30 http://127.0.0.1/test.jpg
参数说明:-c表示并发数,-t表示时间(秒)

4、测试结果示例:
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Benchmarking: GET http://127.0.0.1/test.jpg
500 clients, running 30 sec.

Speed=3230 pages/min, 11614212 bytes/sec.
Requests: 1615 susceed, 0 failed.

2014-05-07
发表者 Venus
暂无评论

开启nginx的NginxStatus监控功能

通过stub_status模块可以查看nginx的工作状态,主要是当前连接数等。处理的会话数。  首先在编译nginx时,需要加上参数:

--with-http_stub_status_module

现有的nginx可以通过-V参数查看是否有stub_status模块:
[root@localhost ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
configure arguments: –prefix=/usr/local/nginx –with-http_stub_status_module

配置nginx.conf文件:
在server {}块中添加:

location /nginx-status {
allow 192.168.0.123; #允许访问的ip,可直接定义为allow all,删掉deny。
deny all;
stub_status on;
access_log off;
}

平滑重启nginx:
[root@localhost ~]# killall -s HUP nginx

然后访问 http://IPADDR/nginx-status 即可

Active connections: 当前Nginx正处理的活动连接数(对后端发起的活动连接数).
Server accepts handled requests: Nginx总共处理了16个连接,成功创建16次握手(证明中间没有失败的),总共处理了398个请求.
Reading: Nginx 读取到客户端的Header信息数.
Writing: Nginx 返回给客户端的Header信息数.
Waiting: 开启keep-alive的情况下,这个值等于 active – (reading + writing),意思就是Nginx已经处理完成,正在等候下一次请求指令的驻留连接.
所以,在访问效率高,请求很快被处理完毕的情况下,Waiting数比较多是正常的.如果reading +writing数较多,则说明并发访问量非常大,正在处理过程中.

 

2014-05-06
发表者 Venus
暂无评论

Install iRedMail on Red Hat Enterprise Linux, CentOS, Scientific Linux

从官网扒来的文档:http://www.iredmail.com/install_iredmail_on_rhel.html

System Requirements

WARNING: iRedMail is designed to be deployed on a FRESH server system, which means your server does NOT have mail related components installed, e.g. MySQL, OpenLDAP, Postfix, Dovecot, Amavisd, etc. Otherwise it may override your existing files/configurations althought it will backup files before modifing, and it may be not working as expected.

To install iRedMail, you need:

  • FRESH, working RHEL, CentOS, Scientific Linux system. Supported releases are listed on page Features of iRedMail.
  • At least 1GB of memory is required for production use.
  • #上面说了一通说需要一个全新安装的系统,不要安装mysql、openldap、postfix、dovecot、amavisd等等,总之就是很新鲜很新鲜的系统。啧啧,可以吃了。

Preparations

Set a fully qualified domain name (FQDN) hostname on your server

Enter command ‘hostname -f’ to view the current hostname:

$ hostname -f mx.example.com #设置主机名

On RHEL/CentOS/Scientific Linux, hostname is set in two files:

  • /etc/sysconfig/network: hostname setting
# Part of file: /etc/sysconfig/network #在redhat/centos之类的还需要改此文件。 
HOSTNAME=mx.example.com
  • /etc/hosts: hostname <=> IP address mapping. Warning: List the FQDN hostname as first item.
# Part of file: /etc/hosts  #通过hosts文件设置ip跟主机名的映射,主机名放在最前面!
127.0.0.1 mx.example.com demo localhost localhost.localdomain

Verify the FQDN hostname. If it wasn’t changed, please reboot server to make it work.

$ hostname -f mx.example.com #确认设置的是否正确!

Enable yum repositories for installing new packages

  • For CentOS or Scientific Linux, please enable CentOS/Scientific official yum repositories, and DISABLE all third-party yum repositories to avoid package conflict.
  • For Red Hat Enterprise Linux, please enable Red Hat Network to install packages, or create a local yum repository with DVD/CD ISO images.
  • 上面这几句可以忽视,如果是redhat,需要自动用iso镜像做一个yum源,并启用。推荐还是用centos比较靠谱。

Download the latest release of iRedMail

  • Visit Download page to get the latest release of iRedMail.
  • Upload iRedMail to your mail server via ftp or scp or whatever method you can use, login to the server to install iRedMail. We assume you uploaded it to directory/root/iRedMail-x.y.z.tar.bz2 (replace x.y.z by the actual version number).
  • Uncompress iRedMail tarball:
  • 下载iredmail,目前最新版:
  • http://www.iredmail.com/iRedMail-0.8.6.tar.bz2
  • 下载完解压。
# tar xjf iRedMail-x.y.z.tar.bz2

Start iRedMail installer

It’s now ready to start iRedMail installer, it will ask you some simple questions, that’s all steps to setup a full-featured mail server.

For Chinese users: Our domain name “iredmail.org” is blocked in China mainland since Jun 04, 2011, please replace all ‘iredmail.org’ by its IP address “106.187.51.47” (without quotes) in /root/iRedMail-x.y.z/pkgs/get_all.sh BEFORE executing “iRedMail.sh”.
上面说到,中国的用户你们听好了,我们的域iredmail.org在2011年被GFW毙了,需要修改iRedMail-x.y.z/pkgs/get_all.sh脚本中的域名改为ip,地址是106.187.51.47(www.iredmail.com)。好吧,在安装的时候发现这个ip访问速度很慢,我给改成了(www.iredmail.org的ip地址):173.254.22.21
修改脚本:
[root@mail ~]# vim iRedMail-0.8.6/pkgs/get_all.sh
export IREDMAIL_MIRROR=”${IREDMAIL_MIRROR:=http://173.254.22.21}”
# cd /root/iRedMail-x.y.z/ 
# bash iRedMail.sh #直接运行脚本开始安装

Screenshots of installation:

1) Welcome and thanks for your use

2) Specify location to store all mailboxes. Default is /var/vmail/.  #设置邮件存放路径

3) Choose backend used to store mail accounts. Please choose the one which you’re familiar with. You can manage mail accounts with iRedAdmin, our web-based iRedMail admin panel. #比较喜欢用mysql存储账户信息

4) If you choose to store mail accounts in OpenLDAP, iRedMail installer will ask you two questions about OpenLDAP.

4.1) LDAP suffix.

4.2) Password of LDAP root dn.

5) Set password of MySQL root user. MySQL is used to store data of other applications, e.g. Roundcube webmail, Policyd, Amavisd-new. If you choose to store mail accounts in MySQL, you will see this dialog too. #设置mysql的root密码

6) Add your first mail domain name #输入你的域名

7) Set password of admin account of your first mail domain. Note:

  • This account is used only for system administration, not a mail user. That means you CANNOT login to webmail with this account.
  • You can login to iRedAdmin (web-based iRedMail admin panel) with this account for mail accont management, login name is full email address.
  • Admin username is hard-coded, you can create new admins with iRedAdmin after installation completed.  #设置postmaster的密码。最大权限。

8) Set password of first mail user of your first mail domain. Note:

  • This account is a normal mail user, that means you can login to webmail with this account, login name is full email address.
  • Username is hard-coded, you can create new mail users with iRedAdmin after installation completed.

9) Choose optional components #设置安装的组件

After answered these questions, iRedMail installer will ask your confirm to start installation. It will install and configure required packages automatically. Type ‘y’ or ‘Y’ (without quotes) and press ‘Enter’ to confirm.

Configuration completed. ************************************************************************* **************************** WARNING *********************************** ************************************************************************* * * * Please do remember to *REMOVE* configuration file after installation * * completed successfully. * * * * * /root/iRedMail-x.y.z/config * * ************************************************************************* <<< iRedMail >>> Continue? [Y|n] # <- Type 'Y' or 'y' here, and press 'Enter' to continue

Important things you should know after installation

  • Read file /root/iRedMail-x.y.z/iRedMail.tips first, it contains:
    • URLs, usernames and passwords of web-based applications
    • Location of mail serve related software configuration files
    • Some other important and/or sensitive information
  • Setup DNS record for SPF     #设置dns的spf记录
  • Setup DNS record for DKIM #设置dkim电子邮件验证标准

Access webmail and other web applications

After installation successfully completed, you can access web-based programs if you choose to install them. Replace ‘your_server’ below by your actual server name or IP address.

Component URL Accessible via HTTP Accessible via HTTPS
Webmail http://your_server/mail/ (or /webmail, /roundcube)
iRedAdmin (admin panel) httpS://your_server/iredadmin/
phpMyAdmin httpS://your_server/phpmyadmin/
phpLDAPadmin httpS://your_server/phpldapadmin/
Awstats httpS://your_server/awstats/awstats.pl?config=web (or ?config=smtp)

2014-05-06
发表者 Venus
暂无评论

Linux/Centos内核参数详解

#使用sysrq组合键是了解系统目前运行情况,为安全起见设为0关闭
kernel.sysrq = 0
#控制core文件的文件名是否添加pid作为扩展
kernel.core_uses_pid = 1
#每个消息队列的大小(单位:字节)限制
kernel.msgmnb = 65536
#整个系统最大消息队列数量限制
kernel.msgmax = 65536
#单个共享内存段的大小(单位:字节)限制,
kernel.shmmax = 2147483648
#所有内存大小(单位:页,1页 = 4Kb),本机内存4GB
kernel.shmall = 1048576
#为TCP socket预留用于发送缓冲的内存默认值(单位:字节)
net.core.wmem_default = 2097152
#为TCP socket预留用于发送缓冲的内存最大值(单位:字节)
net.core.wmem_max = 8388608
#为TCP socket预留用于接收缓冲的内存默认值(单位:字节)
net.core.rmem_default = 2097152
#为TCP socket预留用于接收缓冲的内存最大值(单位:字节)
net.core.rmem_max = 8388608
#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 4096
#listen(函数)的默认参数,挂起请求的最大数量限制
net.core.somaxconn = 51200
#启用源路由核查功能
net.ipv4.conf.default.rp_filter = 1
#禁用所有IP源路由
net.ipv4.conf.default.accept_source_route = 0
#禁用包过滤功能
net.ipv4.ip_forward = 0
#对外连接端口范围
net.ipv4.ip_local_port_range = 2048 65000
#设定保持在FIN-WAIT-2状态的时间
net.ipv4.tcp_fin_timeout = 15
#表示当keepalive起用的时候,TCP发送keepalive消息的频度(单位:秒)
net.ipv4.tcp_keepalive_time = 30
#系统中最多有多少个TCP套接字不被关联到任何一个用户文件句柄上。这个限制仅仅是为了防止简单的DoS攻击,不能过分依靠它或者人为地减小这个值,更应该增加这个值(如果增加了内存之后)
net.ipv4.tcp_max_orphans = 3276800
#记 录的那些尚未收到客户端确认信息的连接请求的最大值。
net.ipv4.tcp_max_syn_backlog = 32768
#表示系统同时保持TIME_WAIT套接字的最大数量
net.ipv4.tcp_max_tw_buckets = 6000
#1st低于此值,TCP没有内存压力,2nd进入内存压力阶段,3rdTCP拒绝分配socket(单位:内存页)
net.ipv4.tcp_mem = 262144 786432 1048576
#最大socket读buffer(单位:字节)
net.ipv4.tcp_rmem_max = 1048576
#最大socket写buffer(单位:字节)
net.ipv4.tcp_wmem_max = 1048576
#TCP读buffer
net.ipv4.tcp_rmem = 4096 131072 1048576
#TCP写buffer
net.ipv4.tcp_wmem = 4096 131072 1048576
#开启有选择的应答
net.ipv4.tcp_sack = 1
#定义SYN重试次数
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 3
#开启SYN COOKIES功能
net.ipv4.tcp_syncookies = 1
#关闭时间戳功能
net.ipv4.tcp_timestamps = 0
#开启TCP连接复用功能,允许将time_wait sockets重新用于新的TCP连接(主要针对time_wait连接)
net.ipv4.tcp_tw_reuse = 1
#开启TCP连接中time_wait sockets的快速回收
net.ipv4.tcp_tw_recycle = 1
#支持更大的TCP窗口. 如果TCP窗口最大超过65535(64K), 必须设置该数值为1
net.ipv4.tcp_window_scaling = 1