Nginx 100,000 is not memory-optimized

about optimization of kernel parameters: Net.ipv4.tcp_max_tw_buckets = 6000
The number of timewait, by default, is 180000.
Net.ipv4.ip_local_port_range = 1024 65000
Allows the system to open a range of ports.
Net.ipv4.tcp_tw_recycle = 1
Enable Timewait Quick Recycle.
Net.ipv4.tcp_tw_reuse = 1
Turn on reuse. Allows time-wait sockets to be re-used for new TCP connections.
Net.ipv4.tcp_syncookies = 1
Turn on SYN cookies to enable cookies to be processed when a SYN wait queue overflow occurs.
Net.core.somaxconn = 262144
The backlog of listen functions in Web applications defaults to limiting the net.core.somaxconn of our kernel parameters to
128, and the Nginx-defined ngx_listen_backlog default is 511, so it is necessary to adjust this value.
Net.core.netdev_max_backlog = 262144
Each network interface receives packets at a rate that is faster than the kernel processes them, allowing packets to be sent to the queue
The maximum number of.
Net.ipv4.tcp_max_orphans = 262144
The maximum number of TCP sockets in the system are not associated with any one of the user file handles. If this number is exceeded
The orphan connection will be reset immediately and print out a warning message. This limitation is only to prevent a simple Dos attack,
You should not rely too much on it or artificially reduce this value, but should increase this value (if memory is increased).
Net.ipv4.tcp_max_syn_backlog = 262144
Record the maximum number of connection requests that have not received the client acknowledgment information. For systems with 128M of memory,
The default value is 1024, and the small memory system is 128.
Net.ipv4.tcp_timestamps = 0
Timestamps can prevent the winding of serial numbers. A 1Gbps link will definitely encounter a previously used serial number. Time
Stamping allows the kernel to accept this "exception" packet. You need to turn it off here.
Net.ipv4.tcp_synack_retries = 1
In order to open the connection to the end, the kernel sends a SYN and comes with an ACK that responds to the previous syn. Also
Is the second handshake in the so-called three-time handshake. This setting determines whether the kernel sends Syn+ack packets before the connection is discarded.
Number.
Net.ipv4.tcp_syn_retries = 1
The number of SYN packets sent before the kernel abandons the connection.
Net.ipv4.tcp_fin_timeout = 1
If the socket is closed by the local side, this parameter determines how long it remains in the fin-wait-2 state. -To-end
You can make errors and never close the connection, or even accidentally become a machine. The default value is 60 seconds. 2.2 The normal value of the kernel is 180 seconds,
2 You can press this setting, but keep in mind that even if your machine is a light load WEB server, there are also large
The risk of memory overflow in the amount of dead sockets, fin-wait-2 is less dangerous than fin-wait-1, because it is only
Can eat 1.5K of memory, but their lifetime is longer.
Net.ipv4.tcp_keepalive_time = 30
When KeepAlive is employed, the frequency at which TCP sends keepalive messages. The default is 2 hours.
     

2. Net.ipv4.ip_forward = 0
4. Net.ipv4.conf.default.rp_filter =1
6. Net.ipv4.conf.default.accept_source_route = 0
8. KERNEL.SYSRQ = 0
10. Kernel.core_uses_pid = 1
12. Net.ipv4.tcp_syncookies = 1
14. KERNEL.MSGMNB = 65536
16. Kernel.msgmax = 65536
18. Kernel.shmmax = 68719476736
20. Kernel.shmall = 4294967296
22. net.ipv4.tcp_max_tw_buckets = 6000 #timewait的数量
24. Net.ipv4.tcp_sack = 1 #有选择的应答
26. net.ipv4.tcp_window_scaling = 1 #设置tcp/IP session sliding window is variable, 1 variable, 0 immutable. Turn on to increase the size of the sliding window by several orders of magnitude to improve the data transfer capability
28. Net.ipv4.tcp_rmem = 4096 87380 4194304 #tcp接收缓冲区
30. Net.ipv4.tcp_wmem = 4096 16384 4194304 #tcp发送缓冲区
32. Net.core.wmem_default = 8388608 #发送套接字缓冲区大小的缺省值 (byte units)
34. Net.core.rmem_default = 8388608 #接收套接字缓冲区大小的缺省值
36. Net.core.rmem_max = 16777216 #接收套接字缓冲区大小的最大值
38. Net.core.wmem_max = 16777216 #发送套接字缓冲区大小的最大值
40. Net.core.netdev_max_backlog = 262144 #允许送到队列的数据包最大数目
42. Net.core.somaxconn = 262144 #web应用中listen函数的backlog (backlog)
44. Net.ipv4.tcp_max_orphans = 3276800 #最多有多少个TCP套接字不被关联到任何一个用户的句柄上
46. Net.ipv4.tcp_max_syn_backlog = 262144 #记录那些尚未收到客户端确认信息的连接请求最大值, indicating the length of the SYN queue, which can accommodate more network connections waiting to be connected
48. Net.ipv4.tcp_timestamps = 0 #时间戳关闭
50. Net.ipv4.tcp_synack_retries = 1 #这个设置决定了内核放弃连接之前发送SYN The number of +ack packets
52. Net.ipv4.tcp_syn_retries = 1 #内核放弃连接之前发送SYN包的数量
54. Net.ipv4.tcp_tw_recycle = 1 #timewait快速回收
56. Net.ipv4.tcp_tw_reuse = 1 #timewait for new connections
58. Net.ipv4.tcp_mem = 1835008 2752512 3670016 #out of socket memory
60. Net.ipv4.tcp_fin_timeout = time of the #保持在FIN-wait-2 state, error on the end will never close even when the default value of the machine is 60s
62. net.ipv4.tcp_keepalive_time = #keepalived frequency of messages sent
64. Net.ipv4.ip_local_port_range = 1024x768 65000 #端口范围

 #以下可能需要加载ip_conntrack模块 modprobe Ip_conntrack, there is a document that this module fails when the firewall is turned on

#缩短established的超時時間

net.netfilter.nf_conntrack_tcp_timeout_established = 180

The maximum number of trace connection entries allowed #CONNTRACK_MAX is a "task" (Connection trace entry) that can be processed simultaneously in kernel memory NetFilter

Net.netfilter.nf_conntrack_max = 1048576

Net.nf_conntrack_max = 1048576

  implementation effective:/sbin/sysctl-p In general, the Nginx configuration file is useful for optimization comparisons in the following items:
Worker_processes 8;
3 Nginx Process number, it is recommended to follow the number of CPUs specified, usually a multiple of it.
Worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000
01000000 10000000;
Allocate CPU for each process, the above example allocates 8 processes to 8 CPUs, of course, can write multiple, or a
Process to allocate more than one CPU.
worker_rlimit_nofile 102400;
This instruction refers to the maximum number of file descriptors opened by an nginx process, and the theoretical value should be the most open
The number of pieces (ulimit-n) is divided by the number of nginx processes, but the Nginx allocation request is not uniform, so it is best to ulimit
The value of-n remains the same.
Use epoll;
Using the Epoll I/O model, this goes without saying.
Worker_connections 102400;
The maximum number of connections allowed per process, theoretically per Nginx server
Worker_processes*worker_connections.
Keepalive_timeout 60;
KeepAlive time-out period.
Client_header_buffer_size 4k;
The client requests the buffer size of the head, which can be set according to the paging size of your system, typically a request
The size of the head will not exceed 1k, but since the general system paging is greater than 1k, this is set to paging size. Score of
The page size can be obtained with the command getconf pagesize.
Open_file_cache max=102400 inactive=20s;
This will specify the cache for open files, which is not enabled by default, max Specifies the number of caches, suggestions and open files
Inactive is the amount of time after which a file has not been requested to delete the cache.
Open_file_cache_valid 30s;
This refers to how long it takes to check the cache for valid information.
Open_file_cache_min_uses 1;
The minimum number of times the file is used in the inactive parameter time in the Open_file_cache directive, if this number is exceeded, the text
The item descriptor is always opened in the cache, as in the example above, if a file is not used once in inactive time,
It will be removed.

Nginx 100,000 is not memory-optimized