配置eAccelerator0.9.5beta2 FOR CentOS4.3+php5.1.4+Zend 3.0.0
eAccelerator可以在一定程度上提高php的性能(经过实际测试,以bbs.kaoyan.com为例,在3000人在线的时候,首页打开时间大概提高了0.02秒(未安装之前是0.06左右,安装之后为0.04),也就是大概提升了三分之一的速度。
服务器操作系统为CentOS4.3,已经配置好apache2.2.2+php5.1.4+Zend3.0.0
另外还要确保服务器上已经安装有autoconf和automake,如果没有,可以用yum install一下。
下面就开始编译安装:
1、下载eAccelerator,地址是http://sourceforge.net/project/showfiles.php?group_id=122249,当前最新的版本是0.9.5beta2,文件名为eaccelerator-0.9.5-beta2.tar.bz2
2、解压:tar -xjf eaccelerator-0.9.5-beta2.tar.bz2
3、进入解压后的目录:cd eaccelerator-0.9.5-beta2
4、进行编译:
export PHP_PREFIX=”/usr/local/php”
$PHP_PREFIX/bin/phpize
./configure –enable-eaccelerator=shared –with-php-config=$PHP_PREFIX/bin/php-config
make
make install
5、编译后得到eaccelerator.so所在的目录,比如我得到的是/usr/local/php/lib/php/extensions/no-debug-zts-20050922/eaccelerator.so,记住这个路径,待会要用到。
6、修改php.ini(安装完zend之后,php.ini存放于/usr/local/Zend/etc)
将php.ini最后[zend]之后的内容修改为:
[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.0.0
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.0.0
zend_optimizer.version=3.0.0
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
extension=”/usr/local/php/lib/php/extensions/no-debug-zts-20050922/eaccelerator.so”
eaccelerator.shm_size=”16″
eaccelerator.cache_dir=”/tmp/eaccelerator”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=”"
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”0″
eaccelerator.shm_prune_period=”0″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″
7、在/tmp新建一个目录eaccelerator并修改属性为777,用来存放cache文件
8、重启apache,phpinfo显示:
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
with eAccelerator v0.9.5-beta2, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
with Zend Extension Manager v1.0.10, Copyright (c) 2003-2006, by Zend Technologies
with Zend Optimizer v3.0.0, Copyright (c) 1998-2006, by Zend Technologies
安装成功。
asp连接mysql
一般情况下,使用asp的时候很少会用到mysql数据库,但有的时候就必须连接mysql,比如kaoyan.com因为论坛使用的是mysql的数据库,而其他一些频道是基于asp建立,所以涉及用户身份验证的时候,就经常需要用到asp来连接mysql。
1、asp连接mysql的基本方式
一般都是用myodbc来连接。首先需要安装MyODBC,可以到http://www.mysql.com/下载。
安装好MyODBC之后,可以直接在asp代码里面通过以下语句来连接mysql数据库:
database=dbname;server=localhost;uid=dbuser;password=dbpwd”
‘database:数据库名
’server:服务器名/ip
‘uid:用户名
‘password:密码
set con = server.createobject(”adodb.connection”)
con.open strconnection
另外还可以先在ODBC数据源里新建一个系统DSN,选择 MySQL ODBC 3.51 Driver作为数据源,填入相关的用户名和密码并测试之。相关的ASP连接代码如下:
‘dsn:新建的DSN名称
‘uid:用户名
‘password:密码
set con = server.createobject(”adodb.connection”)
con.open strconnection
2、需要注意的问题(mysql4.1及以上版本)
mysql4.1及以上版本对字符集的限定跟之前的版本有很大不同,在进行数据库查询的时候如果不对字符集加以设定,一旦有查询的字段有中文,便很可能出现下面这样的错误:
[MySQL][ODBC 3.51 Driver][mysqld-4.1.18]Illegal mix of collations (gbk_chinese_ci,IMPLICIT) and (latin1_swedish_ci,COERCIBLE) for operation ‘=’
这个时候就需要对asp的查询语句进行一些修改,增加有关的字符集的设定:
实现搜索结果的关键词变色标注的程序
在搜索得到的文本中,从第一个关键词出现的前50个字开始显示,把关键词替换为红色,这比单纯的用replace得到的显示结果更人性化一些,因为用replace的话一旦关键词出现在文本的后面,就可能出现在结果页面显示的文本简要里不能出现关键词。虽然是很老的代码了,不过对于现在的搜索脚本的编写依然有参考作用。 (阅读全文…)
Active FTP vs. Passive FTP, a Definitive Explanation
Contents:
- Introduction
- The Basics
- Active FTP
- Active FTP Example
- Passive FTP
- Passive FTP Example
- Other Notes
- Summary
- References
- Appendix 1: Configuration of Common FTP Servers
Introduction
One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.
This may not be the definitive explanation, as the title claims, however, I’ve heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information…
The Basics
FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a ‘data’ port and a ‘command’ port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.
Active FTP
In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server’s command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client’s specified data port from its local data port, which is port 20.
From the server-side firewall’s standpoint, to support active mode FTP the following communication channels need to be opened:
- FTP server’s port 21 from anywhere (Client initiates connection)
- FTP server’s port 21 to ports > 1023 (Server responds to client’s control port)
- FTP server’s port 20 to ports > 1023 (Server initiates data connection to client’s data port)
- FTP server’s port 20 from ports > 1023 (Client sends ACKs to server’s data port)
When drawn out, the connection appears as follows:
PORT 1027. The server then sends an ACK back to the client’s command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.
The main problem with active mode FTP actually falls on the client side. The FTP client doesn’t make the actual connection to the data port of the server–it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client–something that is usually blocked.
Active FTP Example
Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the last two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
—> USER slacker
331 Password required for slacker.
Password: TmpPass
—> PASS XXXX
230 User slacker logged in.
—> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
—> PORT 192,168,150,80,14,178
200 PORT command successful.
—> LIST
150 Opening ASCII mode data connection for file list.
drwx—— 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
—> QUIT
221 Goodbye.
Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall’s standpoint, to support passive mode FTP the following communication channels need to be opened:
- FTP server’s port 21 from anywhere (Client initiates connection)
- FTP server’s port 21 to ports > 1023 (Server responds to client’s control port)
- FTP server’s ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
- FTP server’s ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client’s data port)
When drawn, a passive mode FTP connection looks like this:
PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client’s data port.
While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.
The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.
With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.
Passive FTP Example
Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
—> USER slacker
331 Password required for slacker.
Password: TmpPass
—> PASS XXXX
230 User slacker logged in.
—> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
—> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
—> LIST
150 Opening ASCII mode data connection for file list
drwx—— 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit —> QUIT
221 Goodbye.
Other Notes
A reader, Maarten Sjouw, pointed out that active FTP will not function when used in conjunction with a client-side NAT (Network Address Translation) device which is not smart enough to alter the IP address info in FTP packets.
Summary
The following chart should help admins remember how each FTP mode works:
command : client >1023 -> server 21
data : client >1023 < - server 20
Passive FTP :
command : client >1023 -> server 21
data : client >1023 -> server >1023
A quick summary of the pros and cons of active vs. passive FTP is also in order:
Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.
Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn’t eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.
References
An excellent reference on how various internet protocols work and the issues involved in firewalling them can be found in the O’Reilly and Associates book, Building Internet Firewalls, 2nd Ed, by Brent Chapman and Elizabeth Zwicky.
Finally, the definitive reference on FTP would be RFC 959, which sets forth the official specifications of the FTP protocol. RFCs can be downloaded from numerous locations, including http://www.faqs.org/rfcs/rfc959.html.
vsftp的安装和配置
在因特网上或是企业内部,有许多站点需要高质量的FTP应用和安全的服务控制,如何能配置高质量应用的安全站点是企业应用和一些提供下载服务的网站的重要需求。基于这个出发点,我们将使用VSFTP–very safe ftp–架设高质量应用的安全FTP站点。
(阅读全文…)
从dottext到wordpress的迁移(通过rss)
最近一直在计划逃离dottext阵营,正好在网上搜到一篇有关dottext迁移到wordpress的文章,可以好好借鉴一下,过几天就开始着手考研博客的迁移工作。
翻译过来,大概的思路和步骤是这样的:
由于dottext在输出rss的时候强制设定了一个帖子数的上限,虽然dottext的后台可以设定这一数字,但是实际上并不起作用,因此我们必须从dottext的源代码入手,将这一限制扩大到尽可能大的一个数字(大于你的dottext的文章总数),同时将默认的AggBugs取消。具体修改的地方如下:
在Entries.cs
在 RssWriter.cs
通过这样修改以后就能使dottext生成的rss文件可以让wordpress完全识别并完整导入。
此外,我们还有一种选择,就是转移到Community Server,将dottext移植到Community Server
webserver:已经放弃zeus;blog:计划放弃dottext
今天论坛的一台采用zeus的web服务器再次出现了bad gateway的错误,discuz官方的解释是这是一个硬问题,也就是说和软件配置无关(我始终无法认可这样的解释,很显然给我回复的这个dz的工作人员对待我的问题有点敷衍了事),google搜索了半天也没找到合理的解决方法,只好放弃这个号称效率比apache提高了N多的web服务器,同时也了却了心头的一丝担心,因为之前也只是抱着试试看的态度,用的是zeus的30天试用的license,在试用期过去一半的时候放弃试验,倒也省却了不少的成本,据说zeus的license购买费用相当的惊人。晚上把lyp.cn这台服务器也换成了apache,至此那天拿来做试验的3台web服务器全部放弃了zeus,当然,这不能代表zeus不好,而只能说明我对zeus还是理解不够,估计是某些地方的配置不当造成的bad gateway错误。
重新编译apache的时候在采用worker还是perfork的mpm上有一些左右为难,一开始是采用worker(据说会比perfork更能体现apache2的优势),但是worker的方式似乎没法安装eaccelerator,于是重新编译,换为默认的perfork,一切都顺利完成。根据前几天bbs.kaoyan.com的两台web服务器(一台apache2.2,一台zeus4.3)的实际运行情况的对比,在目前的负载压力下,采用zeus的那台打开首页的时间大概比采用apache2.2的那台快了0.01秒,这个差别我想一般人都是感觉不出来的,不过因为目前论坛的流量最高峰已经过去,所以无法得知在更高的负载下apache2.2是否能承受的起。
用了wp将近2周的时间,最喜欢的是wp的插件安装模式,非常的爽,不过据说这种模式比较浪费资源,而且不知道为什么每次登录后台都非常的慢。另外就是wp默认是没有相册功能的,相关的插件倒是有一堆,但是试验了不少均不甚理想,这点是我认为wp比dottext差的地方之一。当然,wp是完全合乎rss规范的,而dottext似乎只是一个半成品(scott已经放弃开发,国内的一些汉化版本也没有多大长进),昨天我试图把以前在cntxl上面的博客用rss的方式导入到lyp.cn,一直不能完整进行,而那天把老婆在MSN SPACE的全部文章导入到wp则相当顺利,这似乎说明dottext在rss的处理上有所欠缺。
很早以前就一直想放弃dottext,重新构建考研博客,目标基本上锁定为lifetype,不过数据的转移可能是个很头疼的事情,网上好像也没有过这样的案例(还没听说谁成功的把dottext的全部数据完整移植到别的blog平台),烦恼ing。现在考研博客的注册人数和文章都已经不少,所以不可能另起炉灶放弃这部分用户,我又没有那么多精力来进行dottext的后续开发,郁闷ing。
淘吧的关键词广告系统已经基本上开发完成,这是比较激动人心的一个项目,真正投入使用后可能淘吧就可以进行收费模式上的转型了。不过为了配合这套系统,淘吧的很多页面都需要重构,原先写的css实在太垃圾了,当时对div+css似懂非懂的情况下写出来的东西现在再看真是惨不忍睹啊,汗ing。
从LiveJournal后台发展看大规模网站性能优化方法
一、LiveJournal发展历程
LiveJournal是99年始于校园中的项目,几个人出于爱好做了这样一个应用,以实现以下功能:
- 博客,论坛
- 社会性网络,找到朋友
- 聚合,把朋友的文章聚合在一起
LiveJournal采用了大量的开源软件,甚至它本身也是一个开源软件。在上线后,LiveJournal实现了非常快速的增长:
- 2004年4月份:280万注册用户。
- 2005年4月份:680万注册用户。
- 2005年8月份:790万注册用户。
- 达到了每秒钟上千次的页面请求及处理。
- 使用了大量MySQL服务器。
- 使用了大量通用组件。 (阅读全文…)
使用memcached进行内存缓存
通常的网页缓存方式有动态缓存和静态缓存等几种,在ASP.NET中已经可以实现对页面局部进行缓存,而使用memcached的缓存比ASP.NET的局部缓存更加灵活,可以缓存任意的对象,不管是否在页面上输出。而memcached最大的优点是可以分布式的部署,这对于大规模应用来说也是必不可少的要求。
LiveJournal.com使用了memcached在前端进行缓存,取得了良好的效果,而像wikipedia,sourceforge等也采用了或即将采用memcached作为缓存工具。memcached可以大规模网站应用发挥巨大的作用。 (阅读全文…)
ASP开发中存储过程应用全接触
考研淘吧在这次的升级中大量应用到存储过程,为了避免以后的遗忘,转载一篇有关存储过程的文章,留待随时查阅。
ASP与存储过程(Stored Procedures)的文章不少,但是我怀疑作者们是否真正实践过。我在初学时查阅过大量相关资料,发现其中提供的很多方法实际操作起来并不是那么回事。对于简单的应用,这些资料也许是有帮助的,但仅限于此,因为它们根本就是千篇一律,互相抄袭,稍微复杂点的应用,就全都语焉不详了。
现在,我基本上通过调用存储过程访问SQL Server,以下的文字都是实践的总结,希望对大家能有帮助。
存储过程就是作为可执行对象存放在数据库中的一个或多个SQL命令。
定义总是很抽象。存储过程其实就是能完成一定操作的一组SQL语句,只不过这组语句是放在数据库中的(这里我们只谈SQL Server)。如果我们通过创建存储过程以及在ASP中调用存储过程,就可以避免将SQL语句同ASP代码混杂在一起。这样做的好处至少有三个:
第一、大大提高效率。存储过程本身的执行速度非常快,而且,调用存储过程可以大大减少同数据库的交互次数。
第二、提高安全性。假如将SQL语句混合在ASP代码中,一旦代码失密,同时也就意味着库结构失密。
第三、有利于SQL语句的重用。
(阅读全文…)