操作系统参数优化
修改sysctl.conf
# vim /etc/sysctl.conf
fs.nr_open=10240000
fs.file-max = 6815744
net.ipv4.ip_local_port_range = 9000 65500
fs.aio-max-nr = 1048576
net.core.rmem_default = 1048576
net.core.wmem_default = 524288
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 2500
net.ipv4.tcp_max_syn_backlog = 102400
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_max_tw_buckets = 10000
net.netfilter.nf_conntrack_max = 4000000
net.netfilter.nf_conntrack_tcp_timeout_established = 1200
net.ipv6.conf.all.disable_ipv6 =1
net.ipv6.conf.default.disable_ipv6 =1
使其立即生效
# sysctl -p
net.ipv4.tcp_max_tw_buckets
设置timewait的值
设置ulimit系统限制
# ulimit -n 65536
设置ulimit -n永久值
#vim /etc/security/limits.conf
#
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 30476
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65536
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
nginx 反向代理服务器上,ulimit -n 参数需要特别调整
pam_limits.so
使 limits.conf 文件配置生效,确保 pam_limits.so 文件被加入到启动文件中。
# vim /etc/pam.d/login
session required /lib64/security/pam_limits.so
;仅针对64位,如系统为64位只需配置64位路径,否则可能造成系统无法在本地登陆!
SSH
# vim /etc/ssh/sshd_config
UseDNS no
