Linux sysctl.conf Optimization Scheme

After the server has installed the LNMP (linux+nginx+mysql+php) environment, the Linux server parameters must be optimized, including network parameter optimization, file count optimization, memory optimization, and so on.

1, Network parameters Optimization:

This part of the main reference to the banquet master "Nginx 0.8.x + PHP 5.2.13 (FastCGI) build 10 times times more than Apache Web Server (6th edition) [Original]" five, optimize the contents of the Linux kernel parameters:

vi/etc/sysctl.conf #编辑sysctl. conf file
#在/etc/sysctl.conf Add the following:
# Network parameter optimization started
Net.ipv4.tcp_max_syn_backlog = 65536
Net.core.netdev_max_backlog = 32768
Net.core.somaxconn = 32768

Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.core.rmem_max = 16777216
Net.core.wmem_max = 16777216

Net.ipv4.tcp_timestamps = 0
Net.ipv4.tcp_synack_retries = 2
Net.ipv4.tcp_syn_retries = 2

Net.ipv4.tcp_tw_recycle = 1
#net. Ipv4.tcp_tw_len = 1
Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_mem = 94500000 915000000 927000000
Net.ipv4.tcp_max_orphans = 3276800

#net. ipv4.tcp_fin_timeout = 30
#net. Ipv4.tcp_keepalive_time = 120
Net.ipv4.ip_local_port_range = 1024 65535
#网络参数优化结束
#添加内容结束

After the modification is complete, run the following command to make the parameters effective:
/sbin/sysctl-p

2, the system maximum open file number optimization
By default, the system allows the maximum number of open files to be 1024, which is not enough for a Web server with a large amount of access. The maximum number of open files in the system can be modified and queried by Ulimit.
In general, you can use Ulimit-n to see the maximum number of open files currently allowed by the system, for example:
Ulimit-n
1024x768 #系统返回

If we want to modify the system to allow the maximum number of file open, can be done by ulimit-shn, for example, to temporarily modify the system maximum number of open files is 51,201, then use the following command:
Ulimit-shn 51201

Each time the system restarts, the value is automatically restored, and the above command can be written to/etc/rc.local. If you want to change it permanently, you can modify it as follows:
Vi/etc/security/limits.conf
# add
* Soft Nofile 51201
* Hard Nofile 51201

The maximum number of open files in the system affects the configuration file (the following must be set to the system settings, such as setting the maximum number of system open files: 51201):
A, nginx configuration file nginx.conf configuration items: Worker_rlimit_nofile, worker_connections, Open_file_cache, etc., such as set to:
Worker_rlimit_nofile 51201;
Events
{
Use Epoll;
Worker_connections 51201;
}
http
{
#其它参数略过
Open_file_cache max=51201 inactive=20s;
Open_file_cache_min_uses 1;
Open_file_cache_valid 30s;
#其它参数略过
}
B. Configuration entries for fastcgi configuration file php-fpm.conf
51201

3. System Shared Memory Optimization:

The system shared memory size primarily affects the settings of Eaccelerator:
Eaccelerator.shm_size= "32"

This entry is set to the amount of shared memory (in megabytes) that eaccelerator can use.
Under Linux, the maximum shared memory usage for a single process is limited by the number set in/proc/sys/kernel/shmmax (in bytes), for example, the Shmmax default value of redhat 4.7 is 33554432 bytes (33554432bytes/ 1024/1024=32MB).
Temporarily change this value (for example, modified to 128mb=128x1024x1024=134217728 bytes):

echo 134217728 >/proc/sys/kernel/shmmax
echo 134217728 >/proc/sys/kernel/shmall

As the above method changes, the value is automatically restored each time the system is restarted. If you want to change permanently, you can modify the/etc/sysctl.conf file, set:
#系统共享内存大小优化
Kernel.shmmax = 134217728

The complete/etc/sysctl.conf modification adds the following:
#在/etc/sysctl.conf Add the following:
# Network parameter optimization started
Net.ipv4.tcp_max_syn_backlog = 65536
Net.core.netdev_max_backlog = 32768
Net.core.somaxconn = 32768

Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.core.rmem_max = 16777216
Net.core.wmem_max = 16777216

Net.ipv4.tcp_timestamps = 0
Net.ipv4.tcp_synack_retries = 2
Net.ipv4.tcp_syn_retries = 2

Net.ipv4.tcp_tw_recycle = 1
#net. Ipv4.tcp_tw_len = 1
Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_mem = 94500000 915000000 927000000
Net.ipv4.tcp_max_orphans = 3276800

#net. ipv4.tcp_fin_timeout = 30
#net. Ipv4.tcp_keepalive_time = 120
Net.ipv4.ip_local_port_range = 1024 65535
#网络参数优化结束
#系统共享内存大小优化开始
Kernel.shmmax = 134217728
#系统共享内存大小优化结束
#添加内容结束

After the modification is complete, run the following command to make the parameters effective
/sbin/sysctl-p
Above, if there is insufficient, welcome to correct and append, thank you!

Kernel tuning for high-load Linux servers
vi/etc/sysctl.conf, modify the kernel parameters:
Kernel.shmall = 268435456
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_fin_timeout = 30
Net.ipv4.tcp_keepalive_time = 1200
Net.ipv4.ip_local_port_range = 1024 65000
Net.ipv4.tcp_max_tw_buckets = 5000
Net.ipv4.tcp_max_tw_buckets = 5000
Net.ipv4.tcp_fin_timeout = 30
Net.ipv4.tcp_keepalive_time = 300
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.ip_local_port_range = 5000 65000
Net.ipv4.tcp_mem = 786432 1048576 1572864
Net.core.wmem_max = 873200
Net.core.rmem_max = 873200
Net.ipv4.tcp_wmem = 8192 436600 873200
Net.ipv4.tcp_rmem = 32768 436600 873200
Net.core.somaxconn = 256
Net.core.netdev_max_backlog = 1000
Net.ipv4.tcp_max_syn_backlog = 2048
Net.ipv4.tcp_retries2 = 5
Net.ipv4.tcp_keepalive_time = 500
NET.IPV4.TCP_KEEPALIVE_INTVL = 30
Net.ipv4.tcp_keepalive_probes = 3
Net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
Net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_announce = 0

Several explanations:
Net.ipv4.tcp_syncookies = 1
#表示开启SYN Cookies. When there is a SYN wait queue overflow, cookies are enabled to protect against a small number of SYN attacks, the default is 0, which means close;
Net.ipv4.tcp_tw_reuse = 1
#表示开启重用. Allows time-wait sockets to be re-used for new TCP connections, which defaults to 0, which means shutdown;
Net.ipv4.tcp_tw_recycle = 1
#表示开启TCP连接中TIME-wait sockets, the default is 0, which means close.
Net.ipv4.tcp_fin_timeout = 30
#表示如果套接字由本端要求关闭, this parameter determines how long it remains in the fin-wait-2 state.
Net.ipv4.tcp_keepalive_time = 1200
#表示当keepalive起用的时候, the frequency at which TCP sends keepalive messages. The default is 2 hours, which is changed to 20 minutes.
Net.ipv4.ip_local_port_range = 1024 65000
#表示用于向外连接的端口范围. Small by default: 32768 to 61000, 1024 to 65000.
Net.ipv4.tcp_max_tw_buckets = 5000
#表示系统同时保持TIME_WAIT套接字的最大数量, if this number is exceeded,
#TIME_WAIT套接字将立刻被清除并打印警告信息. The default is 180000, which changes to 5000.
#对于Apache, Nginx and other servers, the parameters of the last few lines can be a good way to reduce the number of time_wait sockets,
#但是对于Squid, but not very effective. This parameter controls the maximum number of time_wait sockets, preventing squid servers from being dragged to death by a large number of time_wait sockets

Complete kernel-optimized configuration:

Net.ipv4.tcp_max_tw_buckets = 6000
Net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
Net.ipv4.tcp_rmem = 4096 87380 4194304
Net.ipv4.tcp_wmem = 4096 16384 4194304
Net.core.wmem_default = 8388608
Net.core.rmem_default = 8388608
Net.core.rmem_max = 16777216
Net.core.wmem_max = 16777216
Net.core.netdev_max_backlog = 262144
Net.core.somaxconn = 262144
Net.ipv4.tcp_max_orphans = 3276800
Net.ipv4.tcp_max_syn_backlog = 262144
Net.ipv4.tcp_timestamps = 0
Net.ipv4.tcp_synack_retries = 1
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_mem = 94500000 915000000 927000000
Net.ipv4.tcp_fin_timeout = 1
Net.ipv4.tcp_keepalive_time = 30
Net.ipv4.ip_local_port_range = 1024 65000

~]# sysctl-p
Net.ipv4.ip_forward = 0
Net.ipv4.conf.default.rp_filter = 1
Net.ipv4.conf.default.accept_source_route = 0
KERNEL.SYSRQ = 0
Kernel.core_uses_pid = 1
Net.ipv4.tcp_syncookies = 1
KERNEL.MSGMNB = 65536
Kernel.msgmax = 65536
Kernel.shmmax = 4294967295
Kernel.shmall = 268435456
Kernel.sem = 250 32000 100 128
Fs.file-max = 65535
Net.ipv4.ip_local_port_range = 1024 65535
Net.core.wmem_max = 262144
Net.core.wmem_default = 262144
Net.core.rmem_default = 262144
Net.core.rmem_max = 262144

Modify/etc/sysctl.conf,/sbin/sysctl-p immediate effect
Permanently modify kernel parameters: echo "10″>/proc/sys/net/ipv4/tcp_fin_timeout

The meaning of various parameters: http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html
Also reference: Http://trac.lighttpd.net/trac/wiki/Docs%3APerformance#platform-specific-notes

Net.ipv4.tcp_fin_timeout = 10
Net.ipv4.tcp_keepalive_time = 300
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
#tcp Port Range
Net.ipv4.ip_local_port_range = 4096 65000
#tcp send buffer. Min, default, and Max
Net.ipv4.tcp_wmem = 4096 65536 16777216
#tcp Reservie buffer.
#net. Ipv4.tcp_rmem = 4096 65536 16777216

Linux sysctl.conf Optimization Scheme