Nginx 0.1 million concurrent Kernel Parameter Optimization, nginx10 thousand kernel parameters

Nginx 0.1 million concurrent Kernel Parameter Optimization, nginx10 thousand kernel parameters
Kernel Parameter Optimization:Net. ipv4.tcp _ max_tw_buckets = 6000
The number of timewait instances. The default value is 180000.
Net. ipv4.ip _ local_port_range = 1024 65000
Port range that can be opened by the system.
Net. ipv4.tcp _ tw_recycle = 1
Enable timewait quick recovery.
Net. ipv4.tcp _ tw_reuse = 1
Enable reuse. Allow TIME-WAIT sockets to be re-used for a New TCP connection.
Net. ipv4.tcp _ syncookies = 1
Enable SYN Cookies. When a SYN wait queue overflow occurs, enable cookies for processing.
Net. core. somaxconn = 262144
By default, the backlog of the listen function in the web application limits the net. core. somaxconn of kernel parameters
128, while NGX_LISTEN_BACKLOG defined by nginx is 511 by default, so it is necessary to adjust this value.
Net. core. netdev_max_backlog = 262144
Packets received by each network interface are allowed to be sent to the queue at a rate faster than the rate at which the kernel processes these packets.
.
Net. ipv4.tcp _ max_orphans = 262144
The maximum number of TCP sockets in the system is not associated with any user file handle. If this number is exceeded
The orphan connection is immediately reset and a warning message is printed. This restriction is only used to prevent simple DoS attacks,
You cannot rely too much on it or artificially reduce this value. You should also increase this value (if the memory is increased ).
Net. ipv4.tcp _ max_syn_backlog = 262144
The maximum number of connection requests that have not received confirmation from the client. For systems with MB of memory
The default value is 1024, and the system with small memory is 128.
Net. ipv4.tcp _ timestamps = 0
Timestamp can avoid serial number winding. A 1 Gbit/s link must have a previously used serial number. Time
The timestamp allows the kernel to accept such "abnormal" packets. Disable it here.
Net. ipv4.tcp _ synack_retries = 1
To enable the peer connection, the kernel needs to send a SYN with an ACK that responds to the previous SYN. Also
It is the second handshake in the three-way handshake. This setting determines that the kernel sends the SYN + ACK packet before dropping the connection.
Quantity.
Net. ipv4.tcp _ syn_retries = 1
Number of SYN packets sent before the kernel disconnects the connection.
Net. ipv4.tcp _ fin_timeout = 1
If the socket is disabled by the local end, this parameter determines the time it remains in the FIN-WAIT-2 state. Peer
An error may occur and the connection will never be closed, or even accidentally become a machine. The default value is 60 seconds. 2.2 The kernel value is usually 180 seconds,
2. You can follow this setting, but remember that even if your machine is a lightweight WEB server
The risk of memory overflow due to the amount of dead sockets. The risk of FIN-WAIT-2 is smaller than that of FIN-WAIT-1, because it can only
It can eat K of memory, but they have a longer lifetime.
Net. ipv4.tcp _ keepalive_time = 30
The frequency of keepalive messages sent by TCP when keepalive is in use. The default value is 2 hours.
   # The following may need to load the ip_conntrack module modprobe ip_conntrack. Some documents have said that this module fails when the firewall is enabled.

# Shortening the time of established

Net. netfilter. nf_conntrack_tcp_timeout_established = 180

# The maximum number of trace connection entries allowed by CONNTRACK_MAX is the "task" (connection trace entries) That netfilter can simultaneously process in the kernel memory)

Net. netfilter. nf_conntrack_max = 1048576

Net. nf_conntrack_max = 1048576

  Executed:/sbin/sysctl-pIn general, the nginx configuration file has the following effects on Optimization:
Worker_processes 8;
3. The number of nginx processes. We recommend that you specify the number of CPUs, which is generally a multiple of them.
Worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000
01000000 10000000;
Allocate a cpu for each process. In the previous example, allocate eight processes to eight CPUs. Of course, you can write multiple or
Processes are allocated to multiple CPUs.
Worker_rlimit_nofile 102400;
This command indicates the maximum number of file descriptors opened by an nginx process. The theoretical value is the maximum number of opened files.
The number of parts (ulimit-n) is the same as the number of nginx processes, but the nginx allocation request is not so uniform, so it is best to use the ulimit
-N values are consistent.
Use epoll;
Use the I/O model of epoll.
Worker_connections 102400;
The maximum number of connections allowed by each process. Theoretically, the maximum number of connections per nginx server is
Worker_processes * worker_connections.
Keepalive_timeout 60;
Keepalive timeout.
Client_header_buffer_size 4 k;
The buffer size of the client request header. This can be set based on the size of your system page. Generally, a request
The size of the header is no more than 1 k. However, because the system usually has more than 1 k pages, set this parameter to the page size. Minute
You can use the getconf PAGESIZE command to obtain the page size.
Open_file_cache max = 102400 inactive = 20 s;
This will specify the cache for the opened file, which is not enabled by default. max specifies the cache quantity. We recommend that you use
The number is the same. inactive indicates how long the file is deleted after it is not requested.
Open_file_cache_valid 30 s;
This refers to how long it takes to check the cache's valid information.
Open_file_cache_min_uses 1;
The minimum number of times the file is used in the inactive parameter time in the open_file_cache command. If this number is exceeded
The file descriptor is always opened in the cache. For example, if a file is not used once in the inactive time,
It will be removed.