BKJIA exclusive Article] how to optimize your Linux production server? Based on practical experience, this article summarizes nine key points for optimizing Linux production servers. If you have not used some methods, try again.
I. Time Synchronization
The time requirements of servers in the production environment are accurate. My email server's dovecot service often stops services automatically due to time issues. It is recommended that you edit
Vim/etc/crontab
So far, the server automatically performs the following operations every day:
14 04 *** root/usr/sbin/ntpdate ntp. api. bz>/dev/null 2> & 1
Refer to: How to Use the Crontab command for Linux beginners
Ii. enable SYN cookie protection in the kernel:
Echo "1">/proc/sys/net/ipv4/tcp_syncookies
Run the following command to make the Kernel configuration take effect immediately:
/Sbin/sysctl-p
Read more: Principles and Techniques of SYN Attacks
Iii. Solutions to slow down Squid servers
If your production server is a squid cache server, you can enter the following command when the system slows down or the webpage slows down:
Netstat-n | awk '/^ tcp/{++ S [$ NF]} END {for (a in S) print a, S [a]}'
This command sorts and summarizes the network connection status of the current system, and analyzes the causes of system slowdown.
BKJIA recommended for editing: Seven useful command line tools for Linux Network Configuration
For high-concurrency Squid servers in Linux, the number of TCP TIME_WAIT sockets often reaches two or 30 thousand, and the server is easily dragged to death. By modifying Linux kernel parameters, you can reduce the number of TIME_WAIT sockets on the Squid server.
Vim/etc/sysctl. conf
Add the following lines:
- net.ipv4.tcp_fin_timeout = 30
- net.ipv4.tcp_keepalive_time = 1200
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 1
- net.ipv4.ip_local_port_range = 1024 65000
- net.ipv4.tcp_max_syn_backlog = 8192
- net.ipv4.tcp_max_tw_buckets = 5000
-
Note:
Net. ipv4.tcp _ tw_reuse = 1 indicates enabling reuse. Allow TIME-WAIT sockets to be re-used for a New TCP connection. The default value is 0, indicating that the TCP connection is disabled;
Net. ipv4.tcp _ tw_recycle = 1 indicates to enable quick recovery of TIME-WAIT sockets in TCP connections. The default value is 0, indicating to disable it.
Net. ipv4.tcp _ fin_timeout = 30 indicates that if the socket is disabled by the local end, this parameter determines the time it remains in the FIN-WAIT-2 state.
Net. ipv4.tcp _ keepalive_time = 1200 indicates the frequency of keepalive messages sent by TCP when keepalive is in use. The default value is 2 hours, which is changed to 20 minutes.
Net. ipv4.ip _ local_port_range = 1024 65000 indicates the port range used for external connection. By default, it is small and changed to 1024 to 65000.
Net. ipv4.tcp _ max_syn_backlog = 8192 indicates the length of the SYN queue. The default value is 1024. The length of the queue is 8192, which can accommodate more network connections waiting for connection.
Net. ipv4.tcp _ max_tw_buckets = 5000 indicates that the system maintains the maximum number of TIME_WAIT sockets at the same time. If this number is exceeded, the TIME_WAIT socket is immediately cleared and warning information is printed. The default value is 180000, Which is changed to 5000. For servers such as Apache and Nginx, the number of TIME_WAIT sockets can be greatly reduced by parameters in the previous lines, but the effect on Squid is not great. This parameter can control the maximum number of TIME_WAIT sockets to prevent the Squid server from being dragged to death by a large number of TIME_WAIT sockets.
Run the following command to make the Kernel configuration take effect immediately:
/Sbin/sysctl-p
Iv. Nginx Server Status
If the server is an Nginx Load balancer or a web server for Nginx + PHP5, you must enable the following two items:
- Net. ipv4.tcp _ tw_reuse = 1 # Allow TIME-WAIT sockets to be re-used for a New TCP Connection
- Net. ipv4.tcp _ tw_recycle = 1 # enable fast recovery of TIME-WAIT sockets in TCP connections
-
Run the following command to make the Kernel configuration take effect immediately:
/Sbin/sysctl-p